Month: August 2024
Keep Tabs on Your Family (and Pets) With 25% Off Ring’s Pan-Tilt Indoor Camera
For a limited time, you can score Ring’s 2024 security camera with two-way talk and 360-degree coverage for just $60.
For a limited time, you can score Ring’s 2024 security camera with two-way talk and 360-degree coverage for just $60.
GitHub Enterprise Server has a critical security flaw, so patch now
A newly discovered security flaw allows hackers to elevate their privileges and thus take over vulnerable endpoints.
GitHub Enterprise Server, the self-hosted version of the GitHub platform, was found carrying a vulnerability that allowed malicious actors to elevate their privileges to admin.
The vulnerability, tracked as CVE-2024-6800, and has a severity rating of 9.5/10 (critical), is described as an XML signature wrapping issue. It happens when the victim uses the Security Assertion Markup Language (SAML) authentication standard, with certain ID providers.
“On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges,” GitHub said in a security advisory.
Big bounty
Patches are available for multiple versions, it was added. The earliest secure versions of GitHub Enterprise Server are 3.13.3, 3.12.8, 3.11.14, and 3.10.16.
Citing data from the FOFA search engine, BleepingComputer claims that there are more than 36,500 internet-connected instances, making the attack surface relatively large. Of those servers, the majority (29,200) is sitting in the United States. However, it is impossible to determine how many are running vulnerable software versions. History teaches us that IT teams are rarely that diligent, and that it will take weeks, if not months, for the majority of instances to upgrade to the latest version.
Still, if your organization is running GHES, don’t hesitate with the update, since the flaw allows threat actors to take over vulnerable endpoints.
The new versions of the platform also fix two additional vulnerabilities: CVE-2024-7711, and CVE-2024-6337. The former allows attackers to modify issues on public repositories, while the latter allows publicly disclosing issue content from a private repository.
GitHub added that certain services might display error messages during configuration, but the instance should still start properly.
Via BleepingComputer
More from TechRadar Pro
GitHub malware spreads by hackers spoofing Microsoft filesHere’s a list of the best firewall software around todayThese are the best endpoint security tools right now
Researchers have pinpointed where and how lithium ions are stored and released in battery material during charge and discharge cycles. This could increase storage capacity by up to 25% by tapping into ‘dormant capacity’
submitted by /u/giuliomagnifico [link] [comments]
submitted by /u/giuliomagnifico
[link] [comments]
Apple is Still Standing in the Way of Epic’s App Store
Epic Games launched its alternative app store in the European Union last week, capitalizing on new regulations opening up iOS. The store aims to offer developers lower commissions and greater payment flexibility compared to Apple’s App Store. However, Apple’s new terms for alternative marketplaces present significant challenges for developers. Apple imposes a 50 euro cent per user per year installation fee, a 10% commission on external sales, and a 5% fee on purchases within a year of installation.
These fees apply on top of Epic’s 12% commission, potentially making the alternative store less attractive for many developers, The Verge writes. While Epic can likely absorb these costs for its hit game Fortnite, smaller developers face a steeper hurdle. Some industry insiders express skepticism about the viability of the new ecosystem for most app creators. Epic plans to offer a curated selection of third-party games on its mobile store by December, but widespread adoption remains uncertain.
Read more of this story at Slashdot.
Epic Games launched its alternative app store in the European Union last week, capitalizing on new regulations opening up iOS. The store aims to offer developers lower commissions and greater payment flexibility compared to Apple’s App Store. However, Apple’s new terms for alternative marketplaces present significant challenges for developers. Apple imposes a 50 euro cent per user per year installation fee, a 10% commission on external sales, and a 5% fee on purchases within a year of installation.
These fees apply on top of Epic’s 12% commission, potentially making the alternative store less attractive for many developers, The Verge writes. While Epic can likely absorb these costs for its hit game Fortnite, smaller developers face a steeper hurdle. Some industry insiders express skepticism about the viability of the new ecosystem for most app creators. Epic plans to offer a curated selection of third-party games on its mobile store by December, but widespread adoption remains uncertain.
Read more of this story at Slashdot.
Google reaches a $250 million deal to skirt proposed journalism bill
Illustration: The Verge
Google’s new deal with California lawmakers will pay newsrooms across the state up to $250 million over the next five years, while also helping the tech giant avoid an even bigger bill. The first-in-the-nation agreement, funded by taxpayers, Google, and potentially other private sources, allows the search giant to evade a proposed state bill that would force it to pay for linking Californians to news articles.
The money will be split between two initiatives administered by the News Transformation Fund at UC Berkeley’s Graduate School of Journalism. According to Politico, $180 million is set for distribution to Californian news outlets (excluding broadcasters), while the remaining $70 million is earmarked for artificial intelligence resources to help “strengthen the workforce.” The initiatives are expected to go live sometime in 2025.
“The deal not only provides funding to support hundreds of new journalists but helps rebuild a robust and dynamic California press corps for years to come, reinforcing the vital role of journalism in our democracy,” California Governor Gavin Newsom said in a statement. The California News Publishers Association also praised the agreement, calling it “a first step toward what we hope will become a comprehensive program to sustain local news in the long term.”
The agreement follows a two-year battle between tech giants and the news industry regarding how local journalism should be supported amid a shift toward online readership and a decline in advertising. The California Journalism Preservation Act (CJPA) was a proposed solution, with one study estimating that Meta and Google would annually owe US publishers up to $13.9 billion if the bill passed. Google responded by running tests to remove links to California news websites, saying the CJPA “may result in significant changes” to its product experience.
The five-year agreement now set to supersede it has attracted criticism from lawmakers and journalists. California state Senate leader Mike McGuire raised funding concerns in a statement to Politico, saying the deal “doesn’t fully address the inequities facing the industry.”
“The publishers who claim to represent our industry are celebrating an opaque deal involving taxpayer funds, a vague AI accelerator project that could very well destroy journalism jobs, and minimal financial commitments from Google to return the wealth this monopoly has stolen from our newsrooms,” the Media Guild of the West said in its own statement. “Not a single organization representing journalists and news workers agreed to this undemocratic and secretive deal with one of the businesses destroying our industry.”
Illustration: The Verge
Google’s new deal with California lawmakers will pay newsrooms across the state up to $250 million over the next five years, while also helping the tech giant avoid an even bigger bill. The first-in-the-nation agreement, funded by taxpayers, Google, and potentially other private sources, allows the search giant to evade a proposed state bill that would force it to pay for linking Californians to news articles.
The money will be split between two initiatives administered by the News Transformation Fund at UC Berkeley’s Graduate School of Journalism. According to Politico, $180 million is set for distribution to Californian news outlets (excluding broadcasters), while the remaining $70 million is earmarked for artificial intelligence resources to help “strengthen the workforce.” The initiatives are expected to go live sometime in 2025.
“The deal not only provides funding to support hundreds of new journalists but helps rebuild a robust and dynamic California press corps for years to come, reinforcing the vital role of journalism in our democracy,” California Governor Gavin Newsom said in a statement. The California News Publishers Association also praised the agreement, calling it “a first step toward what we hope will become a comprehensive program to sustain local news in the long term.”
The agreement follows a two-year battle between tech giants and the news industry regarding how local journalism should be supported amid a shift toward online readership and a decline in advertising. The California Journalism Preservation Act (CJPA) was a proposed solution, with one study estimating that Meta and Google would annually owe US publishers up to $13.9 billion if the bill passed. Google responded by running tests to remove links to California news websites, saying the CJPA “may result in significant changes” to its product experience.
The five-year agreement now set to supersede it has attracted criticism from lawmakers and journalists. California state Senate leader Mike McGuire raised funding concerns in a statement to Politico, saying the deal “doesn’t fully address the inequities facing the industry.”
“The publishers who claim to represent our industry are celebrating an opaque deal involving taxpayer funds, a vague AI accelerator project that could very well destroy journalism jobs, and minimal financial commitments from Google to return the wealth this monopoly has stolen from our newsrooms,” the Media Guild of the West said in its own statement. “Not a single organization representing journalists and news workers agreed to this undemocratic and secretive deal with one of the businesses destroying our industry.”
Instagram copies…Myspace?
If there’s one thing that’s guaranteed in the world of social media, it’s that platforms are going to copy each other’s features. However, the newest iteration of this is still surprising, to say the least. Instagram has announced a new music feature that allows you to attach a song to your profile a la Myspace.
Instagram has copied MySpace, a platform that peaked long before Instagram ever existed, and arguably was thrown into decline by the rise of Instagram’s parent company.
So, how does this new feature work? You can choose a song by going to edit profile and clicking “Add music to your profile.” You can then choose a song or search in the For You section. From there, pick the 30 seconds of the song you want to feature and it will remain on your profile until you pick a new one or decide Myspace features are better left in the past. Don’t worry if you’re scrolling in public as songs won’t start playing now the second you go on someone’s profile — click the play button to hear it.
Instagram
Instagram teamed up with singer Sabrina Carpenter to promote the feature, with fans able to hear a clip of her new song “Taste.” exclusively on her profile (though the album comes out tomorrow). Earlier this year, Instagram’s parent company, Meta, teamed up with another pop star, Taylor Swift. She created a Threads account alongside the release of her new album, The Tortured Poet Society, in April. The first group of people to share her post received a customized badge on their profile.This article originally appeared on Engadget at https://www.engadget.com/social-media/instagram-copiesmyspace-140049134.html?src=rss
If there’s one thing that’s guaranteed in the world of social media, it’s that platforms are going to copy each other’s features. However, the newest iteration of this is still surprising, to say the least. Instagram has announced a new music feature that allows you to attach a song to your profile a la Myspace.
Instagram has copied MySpace, a platform that peaked long before Instagram ever existed, and arguably was thrown into decline by the rise of Instagram’s parent company.
So, how does this new feature work? You can choose a song by going to edit profile and clicking “Add music to your profile.” You can then choose a song or search in the For You section. From there, pick the 30 seconds of the song you want to feature and it will remain on your profile until you pick a new one or decide Myspace features are better left in the past. Don’t worry if you’re scrolling in public as songs won’t start playing now the second you go on someone’s profile — click the play button to hear it.
Instagram teamed up with singer Sabrina Carpenter to promote the feature, with fans able to hear a clip of her new song “Taste.” exclusively on her profile (though the album comes out tomorrow). Earlier this year, Instagram’s parent company, Meta, teamed up with another pop star, Taylor Swift. She created a Threads account alongside the release of her new album, The Tortured Poet Society, in April. The first group of people to share her post received a customized badge on their profile.
This article originally appeared on Engadget at https://www.engadget.com/social-media/instagram-copiesmyspace-140049134.html?src=rss
Walmart sells stake in JD.com to focus on its own China operations
Walmart has ended its eight-year partnership with Chinese e-commerce giant JD.com. Walmart announced on Wednesday the sale of its $3.7 billion stake in JD.com, marking one of the largest foreign investments in a Chinese retailer. Despite the sale, Walmart will
The post Walmart sells stake in JD.com to focus on its own China operations first appeared on Tech Startups.
Walmart has ended its eight-year partnership with Chinese e-commerce giant JD.com. Walmart announced on Wednesday the sale of its $3.7 billion stake in JD.com, marking one of the largest foreign investments in a Chinese retailer. Despite the sale, Walmart will […]
The post Walmart sells stake in JD.com to focus on its own China operations first appeared on Tech Startups.
‘Pachinko’: How to Watch the Season 2 From Anywhere
The epic second world war drama returns to Apple TV Plus.
The epic second world war drama returns to Apple TV Plus.
Listen to a Clip of Sabrina Carpenter’s New Album Early, Thanks to Instagram
Sabrina Carpenter is giving us an early taste of her new album Short n’ Sweet using this new, retro Instagram feature.
Sabrina Carpenter is giving us an early taste of her new album Short n’ Sweet using this new, retro Instagram feature.
Save up to $700 on Tempur-Pedic’s Early Labor Day Sale
Looking for an adjustable base set? Early Labor Day mattress sales from Tempur-Pedic will save you hundreds on your next bed and base.
Looking for an adjustable base set? Early Labor Day mattress sales from Tempur-Pedic will save you hundreds on your next bed and base.