Connect with us

Technology

VMware reveals two-factor authentication flaw • The Register

Voice Of EU

Published

on

In Brief VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product.

CVE-2021-22057 is the rascal behind this issue and is rated 6.6/10. VMware Verify is part of the wider VMware Workspace ONE Access product, now available in version 21.08.0.1 to fix this bug and a 5.5-rated Server Side Request Forgery that can allow a malicious actor with network access to make HTTP requests to arbitrary origins and read the full response

News of the two new flaws in WorkspaceONE came a day after VMware warned of a critical-rated flaw in the suite.

Google: NSO’s zero-click cado nasty was ‘terrifying’

A deep-dive by Google’ crack Project Zero team has revealed how the spyware installed by the beleaguered NSO Group actually works, and rated it genuinely scary.

Researchers Ian Beer & Samuel Groß examined the FORCEDENTRY exploit using sample’s obtained by Canadian non-profit Citizen Lab. “It’s pretty incredible, and at the same time, pretty terrifying,” they said this week.

The zero-click exploit used an integer overflow vulnerability in Apple’s CoreGraphics PDF parser, in conjunction with open source JBIG2 image compression code. This enabled an attacker to run scripts on a target device without user interaction.

In a recent lawsuit, Apple claimed the NSO Group set up over 100 dummy iPhone accounts and used these to spam out its spyware using FORCEDENTRY. Cupertino claims this was used to surveil politicians, activists, journalists and academics, some of whom were American citizens.

NSO Group denies the charges.

Joker malware hits 500,000 Android users

If you’re running the Android app Color Message (and according to Google’s figures over half a million people are) it’s time to remove it and reformat your handset.

According to mobile security shop Pradeo, the app was contaminated with the Joker malware that has proved popular among scammers over the last year or so. Upon installation the code exfiltrates the victim’s contact database to an outside server and installs software that automatically signs users to premium services.

Other apps infected with Joker recently include Safety AppLock, Convenient Scanner 2, Push Message-Texting&SMS, Emoji Wallpaper, Separate Doc Scanner and Fingertip GameBox. Together they account for around another 200,000 people who trusted the Google Play security scanning systems and lost out.

All the infected applications have now been removed by Google, but may pop up on other app stores or .apk download sites. And Joker will no doubt be back soon.

America wants you to hack the DHS

More signs of sense from the US Department of Homeland Security (DHS) after it announced a bug bounty program dubbed “Hack the DHS”.

Not all of it, before you get too excited – the program permits attacks on “select external DHS systems” and only then by carefully vetted pentesters. Initially they’ll get access to such virtual systems on a bug hunt, then in 2022 the DHS plans an in-person competition with as-yet unspecified bounties on offer.

“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said Secretary Alejandro Mayorkas. “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors.”

We’ve come a long way from the bad old days where government was so paranoid the very thought of a competition like this would have caused conniption fits. But the benefits clearly outweigh the risks.

Venerable Phorpiex malware steals $500,000+ in digicash

Hopes that the Phorpiex malware strain might have gone offline for good have provided unfounded, and instead its operators are back to their wicked thieving ways.

The malware has pulled in an estimated $500,000 in cryptocurrency this year alone, according to research from security biz CheckPoint. This after its makers reportedly shut down their command and control servers and put the source code up for sale in August, only to release a new, decentralized, build based around a bot dubbed “Twizt”, using peer-to-peer for shifting data and purloined digital dosh.

“In a one-year period between November 2020 to November 2021, Phorpiex bots hijacked 969 transactions and stole 3.64 Bitcoin, 55.87 Ether, and $55,000 in ERC20 tokens,” CheckPoint said. “In 2021, the price of Bitcoin and Ethereum increased significantly. The value of the stolen assets in current prices is almost half a million US dollars.”

Who could possibly have guessed there is no honor among thieves? ®

Source link

Technology

4 reasons hybrid working looks set to stay for young professionals

Voice Of EU

Published

on

From priorities to practicalities, Dr Amanda Jones of King’s College London explains why hybrid working may be here to stay and outlines the pitfalls that younger employees will need to avoid.

Click here to visit The Conversation.

A version of this article was originally published by The Conversation (CC BY-ND 4.0)

We’re in the middle of a remote working revolution. In the UK, though remote working was slowly growing before the pandemic, in 2020 the number of people working from home doubled.

While this rapid rise can be explained by Covid lockdowns, a recent survey my colleagues and I conducted with 2,000 London workers found that six in 10 employees still regularly work from home despite restrictions no longer being in place. And most don’t want that to change.

Findings from other parts of the world similarly point to a substantial increase in the number of work days being undertaken from home.

For young professionals, the shift has been particularly significant. Before the pandemic, employees in their 20s were by far the least likely to work from home.

In 2022, 64pc of 16 to 24-year-olds we surveyed reported working at home for at least part of the week. This figure is in line with 25 to 49-year-olds (65pc) and in fact higher than for people over 50 (48pc).

Other research also shows that young professionals now engage in hybrid working – dividing their time between their home and their workplace – and may prefer this model to being in the office full time.

US and European data shows that around four in 10 jobs can be conducted from home. But this figure may be higher if we consider that some jobs could be at least partly done from home. In particular, jobs in finance and insurance, information and communication and education are among the most conducive to being performed remotely.

Technologies which support remote working, such as Zoom and Slack, have been available for a number of years. While the pandemic has served as a catalyst for the rise in remote working among younger employees, I would argue that other factors have also contributed to this shift – some of which were already evident before the pandemic.

Importantly, each of these factors suggest this change to the way young professionals work is here to stay.

1. Priorities

Evidence suggests that even before the pandemic, young people were becoming more focused on their own goals, wanted greater flexibility and control, and sought a better work-life balance compared with previous generations. The reasons for this may be related to the changing nature of organisations and careers, which I’ll discuss later.

Our own and other research indicates that remote working, especially working from home (as opposed to, say, at client sites), can boost feelings of flexibility and control and enhance work-life balance. So working remotely could help younger people achieve these goals in a way that traditional working arrangements can’t.

In fact, research indicates that many young people would now rather switch jobs than compromise on the flexibility they gain from hybrid working. So for employers, supporting hybrid working may be necessary to attract and retain the best employees.

2. Practicalities

Across all age groups, participants in our research picked avoiding the commute as the biggest benefit of working remotely. While this has long been a recognised advantage of remote working, it’s important to note that we surveyed London workers – and the commute may be less of an issue for people in other places.

Aside from the time and hassle involved in commuting, travelling to work every day can be expensive. The cost of working in the office goes up if you also factor in lunches, coffees and after-work social activities.

This may be difficult for younger people – who are contending with the rising costs of living, often on lower salaries – to manage. Working remotely can help reduce spending, making it an attractive option – and even a potential lifeline – for younger employees.

3. Career trajectories

Studies show that a move towards less hierarchical, more efficient and flexible organisations results in a “new deal” of employment. Employers no longer guarantee job security and progression for employees, but gain their commitment by providing opportunities – including training programmes – that enhance their employability.

The onus then moves to employees to manage their own career progression, which remote working may help them with. For example, we know working from home can reduce distractions and improve productivity.

Taken with the commuting time saved, young professionals may have more time to dedicate to development opportunities, such as studying for additional qualifications. This could increase their attractiveness in the job market.

Indeed, young professionals seem to be the most likely to switch jobs. If they don’t expect to remain with an organisation long term, they may be less motivated to build strong relationships with colleagues and managers, and unwilling to put their own goals aside for those of the organisation.

4. Managers’ behaviour

Research shows many more managers now work remotely compared with before the pandemic. This change has two important effects.

First, managers who work remotely are likely to find it harder to stop juniors from doing the same. Managers’ ability to monitor and develop their junior staff in person, a common reason for prohibiting remote work in the past, is also reduced if managers are away from the office themselves.

Second, as more managers work remotely, younger employees may feel more confident that doing so won’t prevent them achieving success. Managers serve as role models to junior employees and evidence shows that younger professionals seek success by copying role models’ behaviour.

Avoiding the pitfalls of hybrid working

Despite the positives, younger employees, with comparatively limited experience and networks, may face disproportionately negative outcomes from remote working in terms of recognition, development and networking opportunities.

So if you’re a young professional working remotely, how can you avoid the pitfalls of hybrid working?

Setting your own goals can keep motivation and performance high. Meanwhile, proactively communicating your challenges and achievements to senior and peer-level colleagues can ensure that you receive guidance and recognition.

It’s a good idea to plan some of your time in the office to coordinate with team members or managers. At the same time, it’s useful to try to schedule office visits on different days of the week. This can help maintain key relationships but also help build networks through bumping into colleagues you don’t necessarily work as closely with.

Finally, upping attendance at external conferences and events could increase your value to the organisation through encouraging innovation and fresh ideas, while keeping you aware of external employment opportunities.

The Conversation

By Dr Amanda Jones

Dr Amanda Jones is a lecturer in organisational behaviour and human resource management at King’s College London.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Kids’ tech: the best children’s gadgets for summer holidays | Gadgets

Voice Of EU

Published

on

With the long school summer holiday well under way, you may need a bit of help keeping the kids entertained. From walkie-talkies and cameras to tablets, robot toys and fitness trackers, here are some of the best kid-aimed tech to keep the little (and not-so-little) ones occupied.

Robot toys

Sphero Mini – about £50

Sphero Mini robotic ball.
Sphero Mini robotic ball. Photograph: Bryan Rowe/Sphero

Lots of tech toys are fads but my longtime favourite has stood the test of time as a modern update to remote control fun. Sphero is a ball you control using a smartphone or tablet, and has hidden depths, with games and educational elements also available.

The mini Sphero ball is a lot of fun to drive around and small enough that overexuberant indoor excursions won’t result in broken furniture and scuffed-up paintwork. The Sphero Play app has games, while the Sphero Edu app is great at fostering creative learning.

Kids or big kids can learn to program, follow examples, get the robot to do all sorts of things, or go deeper and write some code for it in JavaScript. Higher-end versions such as the £190 BOLT take the educational elements to the next level, too.

Tablets

Amazon Fire 7 Kids – about £110

Amazon Fire 7 Kids edition tablet.
Amazon Fire 7 Kids edition tablet. Photograph: Amazon

If you would rather not lend your precious breakable phone or iPad to your little ones, Amazon’s practically indestructible Kids edition tablets could be just the ticket.

The cheapest and smallest Fire 7 has just been updated and is available in a range of bright-coloured cases with a pop-out stand. If your offspring do manage to break it, Amazon will replace it for free under its two-year “worry-free” guarantee.

It does all the standard tablet things such as movies, apps, games, a web browser if you want it, and parental controls to lock it, set time limits and age filters. There’s even an option restricting access to curated child-safe sites and videos but it doesn’t have access to the Google Play store, only Amazon’s app store.

The Kids edition comes with a one-year subscription to Amazon Kids+ (£3 to £7 a month afterwards), which is a curated collection of child-friendly text and audio books, movies, TV shows and educational apps.

The larger £140 Fire HD 8 and £200 Fire HD 10 are available in Kids versions, too, if you want something bigger, or Amazon’s new Kids Pro tablets start at £100 with additional features aimed at school-age children.

Alternatives include LeapFrog’s various educational tablets, which are fine for younger children, or hand-me-down or refurbished iPads (from £150) in robust cases, which can be locked down with some parental controls.

Cameras

VTech Kidizoom Duo 5.0 – about £39

VTech Kidizoom Duo 5.0 kids’ camera in pink.
VTech Kidizoom Duo 5.0 kids’ camera in pink. Photograph: VTech

Before the advent of smartphones, standalone cameras were the way we visually documented our lives, and they still can be a bit of creative fun and inspiration for kids.

The VTech Kidizoom Duo 5.0 is a “my first digital camera” of sorts made of rugged plastic and simple in operation, which VTech reckons is suitable for three- to nine-year-olds. It captures 5MP photos of reasonable quality and can shoot from the back for selfies, too, all viewable on a 2.4in screen.

The optical viewfinder helps them line up the shot, which they can transform with fun filters and effects. It even shoots video, too. The kid-centric nature of it might turn off older children but every award-winning photographer has to start somewhere before the smartphone takes over.

It needs an SD card for storage and takes four AA batteries at a time, and chews through them fast, so buy some rechargeables to help save money and the planet.

For older children, rugged and waterproof action cams could be the way to go, shooting video and photos. Budget no-brand cams cost from about £80 but secondhand or refurbished models from the big boys such as GoPro and DJI go for about £100 and on eBay and elsewhere.

Fitness trackers

Garmin Vivofit Jr 3 – from about £55

Garmin Vivofit Jr 3 Star Wars edition.
Garmin Vivofit Jr 3 Star Wars edition. Photograph: Garmin

Your child may not need any encouragement to tear about the place but if you are after a gadget to “gamify” and reward their activity – as well as giving them a smartwatch-esque gadget to play with – the Garmin Vivofit Jr 3 could be a winner for ages four and up.

Its watch-like form comes in various themes and designs, including with various Star Wars, Marvel and Disney characters, with custom watchfaces to choose from. The user-replaceable coin-cell battery lasts a year, so you don’t have to worry about charging it. Water-resistance to 50 metres means swimming should be no problem either.

It tracks steps, activity and sleep with motivational messaging. It has mini games to play once your child has hit their goals, and can all be managed from a parent’s phone or tablet, so you can keep an eye on their data. Parents can even set goals, competitions with their own activity levels, chore reminders and tasks that can earn virtual coins for them to trade for rewards with you.

It is button-operated rather than touchscreen, and the backlight doesn’t stay on long to preserve the battery.

If you are a user of Google’s Fitbit trackers yourself, then the firm’s Ace 3 (£50) means you can compete on activity, but it needs charging every seven or so days. Other cheaper adult-focused fitness trackers such as the Xiaomi Mi Smart Band 6 (about £29) may be better for older children.

Walkie-talkies

Motorola T42 Talkabout – about £35 for three

Motorola Talkabout T42 two-way radios.
Motorola Talkabout T42 two-way radios. Photograph: Motorola Solutions

Walkie-talkies are a great replacement for phones, allowing kids and big kids to keep in touch without fear of fees or smashed screens.

There are plenty of child-centric options available with various character themes but basic units usually work better. Motorola’s T42 Talkabout comes in various colours and multipacks.

They are simple to set up, with a pairing button and multiple channel selection to find a clear one. Once going, just push to talk, even over long distances. Their quoted 4km range might be a bit ambitious but they should be good for at least 500 metres in urban environments, or much further in the open air.

They take three AAA batteries each, which last about 18 hours of talking or roughly three to four days in active use, so you might need a small army of rechargeable batteries.

They have a belt clip and loop for hooking to a carabiner (metal loop) or similar, and are fairly rugged, too, so should survive being launched across a room or two.

Nestling’s camouflage walkie-talkies (about £26) are also a popular choice but there are lots of choices under £30 available on the high street.

Source link

Continue Reading

Technology

India’s latest rocket flies but payloads don’t prosper • The Register

Voice Of EU

Published

on

India’s small satellite launch vehicle (SSLV) made a spectacular debut launch on Sunday, but the mission fell short of overall success when two satellites were inserted into the incorrect orbit, rendering them space junk.

The SSLV was developed to carry payloads of up to 500 kg to low earth orbits on an “on-demand basis”. India hopes the craft will let its space agency target commercial launches.

Although it is capable of achieving 500 km orbits, SSLV’s Saunday payload was an 135 kg earth observation satellite called EOS-2 and student-designed 8 kg 8U cubesat AzaadiSAT. Both were intended for a 356 km orbit at an inclination of about 37 degrees.

That rocket missed that target.

Indian Space Research Organisation (ISRO) identified the root cause of the failure Sunday night: a failure of logic to identify a sensor failure during the rocket stage.

ISRO further tweeted a committee would analyse the situation and provide recommendations as the org prepared for SSLV-D2.

ISRO Chairman S Somanath further explained the scenario in a video statement, before vowing to become completely successful in the second development flight of SSLV. “The vehicle took off majestically,” said Somanath who categorized the three rocket stages and launch as a success.

“However, we subsequently noticed an anomaly in the placement of the satellites in the orbit. The satellites were placed in an elliptical orbit in place of a circular orbit,” caveated the chairman.

Somanath said the satellites could not withstand the atmospheric drag in the elliptical orbit and had already fallen and become “no longer usable.” The sensor isolation principle is to be corrected before SSLV’s second launch to occur “very soon.”

Although ISRO has put on a brave face, its hard to imagine the emotions of the school children who designed AzaadiSat. According to the space org, the satellite was built by female students in rural regions across the country, with guidance and integrated by the student team of of student space-enthusiast org Space Kidz India.

EOS-2 was designed by ISRO and was slated to offer advanced optical remote sensing in infra-red band with high spatial resolution. ®



Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!