Google Chrome is one of the most popular browsers today with more than 2 billion users. Photo: EarnGurus Recently, a security researcher from the Project Zero team discovered a critical security vulnerability (CVE-2021-30551) in Google Chrome, affecting many users. Not much is known about this vulnerability, instead, it is only briefly described: “Confusion in V8”. This is a JavaScript engine, used quite commonly on Google Chrome and browsers using Chromium source code (including Microsoft Edge). In a blog post, Google confirmed that the CVE-2021-30551 vulnerability exists in the wild. To limit future attacks, Google Chrome users should update their browser immediately by going to Settings – Help – About Google Chrome (about Google Chrome). When the update to version 91.0.4472.101 is complete, simply press Relaunch to restart the browser. Update Google Chrome browser to the latest version. Photo: Tieu MINH This is the sixth zero day vulnerability found on Google Chrome since the beginning of the year. The latest version of the browser also contains a total of 10 security patches, seven of which are listed as High threat and one is described as Critical. Sharing with BleepingComputer, Kaspersky warned that a new group of hackers calling themselves PuzzleMaker successfully hacked both Chrome and Windows this month, prompting Microsoft to issue an urgent upgrade notice for Windows users. In addition, Kaspersky also recommends that users update their browser and operating system to the latest version to limit future attacks.

Not stopping there, things are even more dangerous when two other vulnerabilities can be exploited by hackers to manipulate arbitrary files with higher permissions. What makes these even scarier is that they can be exploited without any user interaction. Samsung is aware of these security flaws and it may take the company about 2 months to fix. For now, the best defense is to make sure your Samsung phone is up to date with the latest firmware. Toshin said he has found more than a dozen vulnerabilities in Samsung devices since the start of the year, with many of these vulnerabilities already fixed. One of the bugs lies in apps and components like the Secure Folder app and the Knox security software that come pre-installed on Samsung devices. Tohsin told TechCrunch that these may have given attackers access to sensitive user data. Among +Samsung devices, the Galaxy S10+ is verified as affected. Another vulnerability resulted in the deletion of all previously downloaded apps once device admin rights were granted to a newly installed app. Additionally, a vulnerability in the Settings app could grant read/write access to files with system user-level privileges. A security flaw that was resolved in February could have given hackers access to users’ SMS/MMS messages and call details. Toshin also warned Samsung about issues that may have helped bad guys get the SD card content. While Samsung says the vulnerability affects “certain” Galaxy devices, the company appears to be downplaying the scope of the incident. “No issues have been reported globally and users should rest assured that their sensitive information is not at risk. We have addressed the potential vulnerability by developing and releasing security patches through a software update in April and May 2021 as soon as we identify the issue.” Korean company stated. (According to VOV, PhoneArena)

This update not only brings new features, but also fixes a series of security bugs on iPhone to prevent hackers from taking over the device. Many iPhone users have complained about battery drain and overheating issues after updating to iOS 14.6. (Photo: GearCoupon) However, only a short time after using it, many iPhone users have complained about battery drain and overheating problems after updating to iOS 14.6. “After stopping charging, the battery life on my iPhone 12 Pro Max quickly dropped from 100% to 35% in a period of 4 hours. In addition, the iPhone 12 Pro Max also got hotter, so much so that I felt I see it when I have my phone in my pocket,” said one user on the iPhone in Canada forum. (Photo: NewsBeezer) Another person also said that the iPhone must be plugged in continuously after updating to the recently released iOS 14.6 version. Besides excessive battery drain, users also reported overheating issues even when the iPhone was in standby mode for several hours. Many people are also worried that poor battery performance can reduce the health of their iPhone battery. (Photo: OS X Daily) According to ZDNET, battery life drops after each update is a common occurrence, because the iPhone has to perform some important management tasks, so the first days after installation will appear this situation. . However, if this situation persists, it is possible that the iPhone or the software has encountered a problem. On the Apple support forum, some users have fixed the battery drain issue on their iPhone by deleting the Podcasts app. Some users have fixed the battery drain issue on their iPhone by deleting the Podcasts app. (Photo: Primakov / Shutterstock) Accordingly, after accessing Setting > The battery and looked at the Battery Usage statistics by app, these people found Podcasts to be the culprit that drains a lot of battery on iPhone. After deleting this app, the battery life has improved markedly. If the battery life on your iPhone is experiencing the same problem after updating to iOS 14.6, try the above method to see if the battery life on your iPhone has improved or not.

Appropriate measures should be taken to limit the risk from ransomware. Illustration. With this form of attack, hackers often use tricks to fake websites, extract data of agencies and organizations and demand ransom. Cybercriminals carry out cyberattacks according to a concise strategy that is applicable to many industries. An analysis of recent experts shows that, in 2020 alone, the amount of damage related to ransomware attacks has reached billions of dollars. More dangerously, this behavior also targets the government’s information technology systems, causing serious impact. To protect critical data from attacks, government IT systems need to ensure external layers of security, while having the added responsibility of maintaining the infrastructure if an intrusion occurs. offense. According to studies, despite the development and expansion of the scope, the attacker’s methods still have similarities. Most hackers will illegally exploit the lowest-level vulnerabilities first, through some common and easy-to-implement method. Therefore, experts recommend to prevent ransomware from this initial step through some of the following methods. 1. Secure remote access Remote access is a familiar method often used by attackers, especially through unpatched vulnerabilities of information systems. Accordingly, hackers are constantly scanning the internet, looking for ways to exploit these vulnerabilities to perform attacks. To combat vulnerability scanning, organizations should prioritize patching vulnerabilities first. Along with that, to protect the system, experts recommend that organizations identify remote access systems to their systems by looking up IP addresses. If an attack is suspected, users should block public access to remote desktop protocol services (iRemoteDesktop – RDP), a secure shell that encrypts transmission data (Secure Socket Shell – SSH) ) and file transfer protocol (File Transfer Protocol – FTP). Agencies and organizations need to ensure that systems for remote access such as firewalls, VPN gateways, and email gateways are regularly patched, perform scanning for security holes, and deploy multi-factor authentication. Multi-factor Authentication (MFA) for accounts that are authorized for remote access. Hackers take advantage of security holes to attack the network. Illustration. 2. Email security Many ransomware incidents can start with an email sent to a user. This attack method is gradually becoming popular for hackers to perform blackmail. Experts say it’s safer to prevent unsolicited emails in the first place. The email security system acts as a “fence” to protect the strange messages from the internet and private mailboxes in the intranet system. To avoid email threats, users need to make sure email messages are scanned through a filtering system, and check attachments and links for advanced threats. In addition, account holders should audit or block password-protected documents as hackers often use this method to bypass email data scanning. 3. Keep data backups safe The third most common method for ransomware is to identify the target, encrypt the data, and then completely delete the backups. In addition to the data on the network and the data being used directly, the hacker will search all backups and encrypt them, disabling the data to increase the possibility of ransom from the victim. The victim then has a high probability of paying to buy back these encrypted data. Therefore, individuals, agencies and organizations should have backup plans to ensure the safety of all data. 4. Implement a 3-2-1 . Backup Strategy Without the right protections, backups, and archiving, concurrent copies on the same network are vulnerable to hackers. To avoid network-wide attacks, experts have come up with a safe backup measure for users’ data systems. For all important files, users should store 3 copies, including 1 primary backup for daily use and 2 backup copies. In it, the files will be saved on 2 different media environments to reduce the possibility of mass attacks. These copies must be in place so that data can be accessed and restored easily and quickly in the event of a failure. At the same time, users should save 1 copy outside the work network or home network, in case of force majeure situations due to natural disasters, unexpected disasters.

This means that users should update their iPhone immediately, even if their device is running smoothly. (Photo courtesy: Guardsquare) Accordingly, iOS 14.6 contains patches for 43 security holes, with some of which are considered to need serious attention. Apple’s support document says the update addresses a number of security vulnerabilities that could allow attackers to remotely execute code on a device. In a sharing with Forbes, security expert Sean Wright said the security flaws – which have been resolved in the latest iOS update – are “pretty bad to get.” (Artwork: NewsBeezer) While there is no indication that any of the security vulnerabilities Apple lists have been actively exploited, iPhone/iPad users should update their devices as soon as possible. Apple notes that some of the vulnerabilities were discovered by security researchers working for Trend Micro, a multinational cybersecurity company. (Artwork: Getty Images/iStockphoto) Some of the security and performance issues that have been fixed by the listed update include: – A memory corruption issue in the ASN decoder affecting the handling of manually generated certificates can lead to arbitrary code execution. – Audio problems related to the processing of audio files loaded with malware that can lead to arbitrary code execution. – ImageIO interferes with the processing of an image loaded with malware that can lead to arbitrary code execution. (Artwork: PhoneArena) The kernel allows a malicious application to execute arbitrary code with system kernel privileges. – The I/O pattern affects handling of a manually generated USD file that can lead to unexpected application termination or arbitrary code execution. – WebKit affects the processing of web content with malware installed that can lead to scripting on multiple sites. (Artwork: Rahul Chakraborty / Unsplash) Currently, iOS 14-compatible iPhone/iPad users can download the iOS 14.6 and iPadOS 14.6 updates for free via the OTA protocol. To update to iOS 14.6, users need to access the app Setting => General settings => Software updates .

According to Apple’s release notes, the update provides an important security patch, which fixes two major vulnerabilities in the WebKit suite of applications that could allow hackers to penetrate users’ iPhones. iPhone battery life and overall device performance have taken a big hit since installing iOS 14.5. (Photo: TechnoSports) Apple recommends that users immediately update to iOS 14.5.1 as soon as possible. However, Apple seems to have rushed to roll out this update to fix those problems early, which leads to some new problems. Some users have reported that iPhone battery life and overall device performance have degraded significantly since installing iOS 14.5. (Photo: Internet) In a video posted on YouTube on May 5, YouTuber Nick Ackerman showed this problem. In a speed test between iPhone XR, iPhone 11 and iPhone 12, YouTuber Nick Ackerman found that iOS 14.5.1 reduced the performance of iPhone 12 and 11 by 60% through the test posted on YouTube. In the benchmark test using the 3DMark application, the iPhone 12 and iPhone 11 both performed worse than the iPhone XR – an iPhone model that was released in 2018. (Photo: Nick Ackerman / YouTube) (Photo: Nick Ackerman / YouTube) In the Geekbench battery life test performed by iAppleBytes, the iPhone 11 running iOS 14.5.1 gave about 5.5 hours of battery life, down from 6 hours for the iPhone 11 running iOS 14.5 in same test. This puts users between two difficult choices, because if they choose to stay in iOS 14.5, users will be at risk of being hacked into their iPhone through a security hole. Meanwhile, if updating to iOS 14.5.1, users will be forced to accept many errors that arise after updating. (Photo: AR7 / Twitter) Luckily iOS 14.6 will bring a fix for this performance issue. The upcoming update is currently in beta, and as of now, the iOS 14.6 beta shows that the update won’t affect the device’s battery life. The official iOS 14.6 version will be rolling out to the community soon as Apple has now made beta versions of iOS 14.7 and iPadOS 14.7 available to developers. Therefore, users should be aware of this important update in the coming days.

As reported by some old iPhone users (who are using iOS 14 – 14.5 versions), Touch ID has been responding quite slowly lately. Specifically, when you put your hand on the physical Home button, the device still unlocks the screen but everything will be a bit jerky, this problem usually happens for about 10 seconds, then everything will return to normal. However, starting with iOS 14.5.1 (as well as iOS 14.6. beta), Apple has fixed the Touch ID bug, and unlocking iPhone with fingerprint will no longer be jerky. The strange thing here is that Apple let this issue happen from iOS 14 to iOS 14.5, then quietly fixed it without giving any notice. To update iOS 14.5.1, go to Settings – General – Software update – Download & Install (download and install). Note, the size of the update will vary depending on the device you are using. To minimize possible risks, users should back up all data through iTunes or iCloud before performing the update. Besides, the iOS 14.5.1 update also helps to fix two serious security vulnerabilities in WebKit, affecting Safari, Mail browsers, and all web content on iOS, iPadOS, even the App Store. . Apple does not provide information on who is using the vulnerability or being targeted for an exploit. The company said the security vulnerability CVE-2021-30665 was discovered by security researchers of Qihoo 360 based in China, while the other vulnerability was found by an unknown source.

The security hole exists for more than 3 years, but Intel has not been able to fix it. Photo: CIO Indeed, 3 years have passed, and there is still no end to the vulnerability. Meanwhile, experts from the University of Virginia and the University of California, San Diego, have discovered a new attack method that bypasses all current Specter protections built into the chip. This attack method has the potential to put almost any system – desktops, laptops, cloud servers and smartphones – once again at risk. Revealing Specter ushered in a wave of more powerful attacks, allowing malicious code to directly read passwords, encryption keys, and other valuable information from the computer’s kernel memory. Although chip manufacturers such as Intel, ARM and AMD already know this and combine defenses to reduce the threat from vulnerabilities, the methods have not yielded the desired effect. A Specter attack is capable of tricking the processor into executing instructions along a wrong path, the researchers say. Even though the processor recovers and completes its task correctly, hackers can still access confidential data while the processor goes in the wrong direction. The new attack method exploits what is called a micro-operator buffer (called micro-ops), an on-chip component that breaks machine instructions into simpler instructions and speeds up computation, like a secondary channel to reveal confidential information. Micro-op cache is built into Intel processors, manufactured since 2011. According to researchers at the University of Virginia, Intel’s defense proposal against Specter (called LFENCE) is to place sensitive code in a waiting area until security checks are done and only then the code Only sensitive is allowed to execute. However, research has shown how attackers can steal information through micro-op caching and use it as a secret channel. Although exploiting the Specter vulnerability is very difficult, the researchers say that with computers with a lot of sensitive data, hackers do not mind the difficulty. To protect the system from the new attack, the researchers propose to clear the micro-ops cache. This is a technical solution that comes at the expense of performance benefits. According to the researchers, micro-op caching has some dangerous effects. First, it ignores all caching reduction techniques such as side channels. Second, attacks in this zone go undetected like an existing attack or malware. Third, because the micro-op cache is at the front of the path, prior to execution, Intel’s Specter protections or recommendations to limit cache updates are still compromised. public.

Securing the wifi router is the first step homeowners need to take to protect their smart home. During use, it is recommended to update the router’s firmware and always use a complex password for the wifi router. If the router manufacturer does not provide new firmware, users should consider replacing it. Just like not checking your bank account from public wifi, homeowners should avoid accessing smarthome from an open wifi network, but if you need to remotely access your home, use a private network. Using a separate wifi for smart home systems is necessary because sharing a wifi system has many potential safety risks. Smarthome prioritizes the system to be able to self-alert to abnormal intrusion to ensure safety, so users should use devices with automatic alarm setting feature. When there is an unusual intrusion, a notification will be sent to the homeowner’s phone immediately. In smarthome, not only home lock, smart home control applications need abnormal login warning feature, this helps homeowners recognize the risk of network attack to implement instant protection options. then. In a smart home, if there is a smart speaker with a screen or camera, users should consider turning off or covering the camera when there is no need to use it. This is similar to the fact that many people have a habit of covering the webcam on their laptop to avoid unfortunate images being recorded. Smart devices of unknown origin are at risk of being installed with spyware, which is easy to lose control and have data stolen. To be safe, it is recommended to use equipment from reputable companies, need to check the company history, product support period. From this information, a decision can be made whether to buy the product or not. And more specifically, it is very important to check the owner of the servers that will contain his home’s information because most smarthome devices used in the home communicate with servers in the cloud. In the process of studying the operation of the smart home control system, security experts have discovered serious security holes. Security flaws in the cloud infrastructure and remote code execution, causing a third party to acquire the “super user” right to access and control the smart home system. Immediately, the above findings were shared with smart home providers to immediately address these dangerous security holes. With a smart home, each device inserted into the smarthome can also be a point for network attackers to take advantage of, intrude on the home system …, so smart home security is very necessary for those who want Design your own smart home.

Hackers can obtain sensitive user’s information through the vulnerability in AirDrop. Photo: TU Darmstadt. “An attacker could obtain a user’s phone number and email through AirDrop,” the team said. “They just need to use a device with Wi-Fi capable, reach the target at close range to start the mining process by opening the sharing feature on iOS or macOS device.” According to the 9to5mac There are two steps in the mechanism of AirDrop action leading to this critical vulnerability. First, in order to provide users with the option “Contacts Only” in the AirDrop sharing feature, Apple devices silently collect information on devices within the connection range. To see if the “other party” is in the contacts list, AirDrop uses a mutual authentication mechanism, comparing the user’s phone number and email address with the entries in the address book. The device authentication step in the directory can be exploited to get information. Photo: Monica Chin. In the next step, data is exchanged for both parties. Despite encryption, Apple uses a relatively weak hashing mechanism. Security experts can decompile the hash using a simple technique like a brute-force attack. The team addressed the AirDrop vulnerability with a more secure approach, they named PrivateDrop. However, Apple did not move after being warned of the risk of personal information leaks and privacy breaches. In the immediate future, experts from the Technical University of Darmstadt advise users to protect themselves by disabling AirDrop discovery in the system settings and not opening the share menu. The detailed results of the study will be presented at the USENIX security Symposium taking place in August. Why does iPhone not have USB-C port? In the past 5 years, USB-C has become the suitable connector for a wide variety of devices such as Android phones, laptops and tablets. However, Apple still doesn’t make iPhones with USB-C ports.

Recently, on social networks, there has been a situation of buying and selling clips from camera accounts stolen by bad objects. Depending on the quality of the content, the associations that sell the 18+ clip will collect a fee from 100,000 to 250,000 VND per joining. Not only providing depraved content, some groups also share hacked camera access accounts for a package fee of about 3-4 million VND. The fact that cameras are installed everywhere, the number of cameras is constantly increasing, making data from the camera a source of information targeted by many objects. (Artwork: Internet) According to experts of the National Cyber ​​Security Monitoring Center (NCSC), the Information Security Department, the Ministry of Information and Communications, the sale of account information on social networks is not a new behavior, but it has exported. appeared long ago. However, in the past, normally subjects only sold bank accounts, social networks or accounts containing information such as email, phone number, identity card number … Nowadays, when cameras are installed everywhere, the number is constantly increasing, being a source of information targeted by many audiences, the camera account also becomes “hot goods” on the account trading pages. “This form of purchase is becoming more popular because the number of cameras is increasing. Victims who lost their camera account can be monitored by others through their own camera, ”said the NCSC representative. Many users accidentally revealed the camera system login information According to experts, there are many reasons for the widespread purchase and sale of clips and camera accounts on the network, in part due to regulations and sanctions against acts of buying, selling and distributing personal data. not enough deterrent. Commenting on the reason that the personal camera system is vulnerable to hacker attacks, both subjectively and objectively, NCSC’s representative said: “Subjective is because users accidentally reveal account login information. camera. And objectively, because users use poor quality camera equipment, do not ensure enough information security, leading to the device can be hacked by hackers, thereby getting the login account “. Having the same opinion with the representative of NCSC, a security expert for IoT devices at Viettel Cyber ​​Security, Ha Toan, emphasized: A fundamental reason that makes personal and household cameras easy. Hacker attacks are due to the user’s limited knowledge of using IoT devices or cameras. For example, do not change the default password of the device when it is put into use. According to Toan, another reason is that the camera device of the manufacturer does not have a protection mechanism such as verifying the integrity of the firmware running on the camera device, allowing hackers to buy camera equipment and insert backdoors. (back door – PV) and then sold to the market. “During the work, we also discovered many backdoors allowing remote access in cameras originating in China”, Viettel Cyber ​​Security expert added. Along with that, there are cameras that have vulnerabilities in firmware due to programming errors such as buffer overflow, hardcode login information, logic errors … allowing hackers to exploit to take control of the device. Camera account information can also be revealed because the installation staff deliberately fails to notify the password change during installation or notice the change but does not notice the change of the entire service as mentioned above also includes services RTSP, onVIF. Raise awareness of personal information protection, choose a reputable camera To overcome the widespread situation of buying and selling clips, camera accounts in particular as well as personal information and data, experts say that the Decree on personal data protection should be issued soon and come to life. This draft Decree has regulated heavy fines for violations of personal data protection regulations. “The more penalties for handling violations related to the purchase and sale of personal data will help increase deterrence and reduce the rate of violation”, expert of Vietnam Cyber ​​Security Joint Stock Company (VSEC) Vuong Trong Nhan stated his point of view. But experts also emphasized the limitation in the sense of protecting personal data of users as well as the organization providing services related to user data. Making recommendations to users, VSEC experts advise them to first increase their sense of self-protection by not using the camera manufacturer’s default password, setting a strong password and setting a Private network system is only for indoor security equipment, instead of sharing the same Wi-Fi network. According to representatives of NCSC, individuals and businesses when using cameras need to have strict regulations and decentralization when allowing users to access their camera systems, need to change passwords regularly to avoid in case the login information is known by many people, the risk of leaking is also higher. Emphasizing on the safety factor of the device, experts say that choosing to buy cameras manufactured from major brands, products that have been assessed for information security as well as choose a reputable installation unit. is an effective solution to help users avoid the risk of information insecurity. On the other hand, is it time for camera manufacturers to pay more attention to whether their equipment meets information security requirements?