Month: October 2024

Almost two dozen platforms have critical flaws allowing hackers to tamper with sensitive citizen data.

Nineteen platforms used by courts and governments in the United States carried critical vulnerabilities that allowed threat actors to tamper with the stored information.

This means highly sensitive information, such as voter data, medical information, and similar, was available for anyone with even rudimentary coding skills, who could have added, changed, or completely removed, the information stored in these platforms.

The warning comes from software developer and cybersecurity researcher Jason Parker, who recently analyzed the platforms used by hundreds of courts, government agencies, police departments, and other critical public organizations, and in an in-depth analysis posted on his blog, noted the platforms failed “at the most fundamental level of cybersecurity.”

No evidence of abuse

The 19 platforms that carried critical vulnerabilities are Inmate Management, Court Case Management Plus, CMS360, CaseLook, eFiling, GovQA, EZ-Filing (v3 and v4), Officer Profile Portal, C-Track, GovQA, Voter Cancellation, and a handful of in-house built platforms. The majority of the flaws revolve around weak permission controls, it was said. Other notable mentions include poor user input validation processes, and flawed authentication processes.

“If a voter’s registration can be canceled with little effort and confidential legal filings can be accessed by unauthorized users, what does it mean for the integrity of these systems?” Parker questioned.

The silver lining here is that there is no evidence of these flaws being exploited in the wild. Still, vendors need to step up and fix the bugs immediately, something customers should demand, as well, Parker stressed. Vendors should also actively engage in pentesting, software audits, employee training, and more. Multi-factor authentication (MFA) should be omnipresent in these platforms, he believes.

“This series of disclosures is a wake-up call to all organizations that manage sensitive public data,” Parker wrote. “If they fail to act quickly, the consequences could be devastating—not just for the institutions themselves but for the individuals whose privacy they are sworn to protect.”

Via Ars Technica

More from TechRadar Pro

Largest US trial court forced to shut down following ransomware attackHere’s a list of the best firewalls around todayThese are the best endpoint security tools right now

Read More 

PS5 Pro 30th Anniversary Edition preorders in Japan have been restricted in an attempt to battle scalpers.

PS5 Pro 30th Anniversary Edition pre-orders in Japan have been restricted in an attempt to combat scalpers.

Last week, a limited edition collection of PS5 consoles and accessories to celebrate PlayStation’s 30th anniversary went on sale and were quick to sell out, including the 12,300 units of themed PS5 Pro’s.

Soon after, it was discovered that scalpers who were able to get their hands on the $999 / £959.99 bundles had uploaded eBay listings asking for 10 times the market price.

Now, in a bid to thin out scammers ahead of time, Japan Sony has implemented a new restriction to stop scalpers from ruining the fun.

As reported by Automaton, the Japanese PlayStation homepage now details that those in Japan looking to purchase a PS5 Pro 30th Anniversary Edition bundle will need to meet some conditions.

First, they must have a PSN account registered in Japan, and second, have at least 30 hours of activity on PS4 or PS5 between February 2014 and September 19, 2024.

In the UK and US, it seems stock for the PS5 Pro 30th Anniversary Edition has completely sold out on the PlayStation Direct website.

The PS5 Pro is slated to launch globally on November 7, 2024, for $699.99 / £699.99 / AU$1,200. Pre-orders are expected to start on October 10, 2024 at a wide range of retailers.

When the PS5 Pro was officially announced last month, the console’s high cost caused a stir, but according to Sony, the console’s many new features, including its PSSR tech, justify the price tag.

If you’re looking to get your hands on the mid-generation console, you can check out our PS5 Pro pre-order guide.

You might also like…

PS5 Pro vs PS5: comparing specs, design, dimensions, features, and morePS5 Pro specs: how powerful the new PlayStation 5 console is, and how it compares to the PS5Death Stranding 2 has a release date, but Hideo Kojima isn’t ready to share it yet due to “unforeseen circumstances”

Read More 

80% of missing features are already back, and the rest are on the way soon.

Sonos has announced that the company isn’t far from bringing its troubled new app up to the level it arguably should have launched at (or, at least, closer to), while also promising some changes in the company’s approach to ensure that it won’t have the same woes again in the future.

The two headlines for existing Sonos users here are that the company is extending the warranties of existing products still under warranty by a year, and that Sonos now says: “More than 80% of the app’s missing features have been reintroduced and the company expects to have almost 100% restored in the coming weeks. The reliability and speed of the app has improved with each release.”

That’s good news for everyone who’s been struggling with the lack of particular features, though the reliability will be an equal concern for anyone who’s invested a lot into a wide range of the best Sonos speakers, and there’s a less clear measure for that (after all, anyone who promises you that a network-based app is going to work 100% of the time is someone you can never trust).

Sonos also says it’s making four commitments with the goal of “addressing the root causes of the problems with the app release”, some which are fuzzier than others. These are [presented unedited – all Sonos’s words]:

“Unwavering focus on the customer experience. To ensure that we deliver the highest level of customer experience, we will always establish ambitious quality benchmarks at the outset of product development and will not launch products before meeting these criteria. We will also enhance the tools necessary to measure the quality of the experience actually being delivered to customers to ensure that we maintain the standards our customers expect.

“Increase the stringency of our pre-launch testing phases. Our beta testing program will include more types of customers and more diverse setups for a longer testing period. This will allow us to find, diagnose and solve customer concerns more quickly before going to market.

“Demonstrate humility when introducing changes. In contrast to the all-at-once automated app release we issued in May, any major change to the Sonos app will be released gradually, allowing customers to adjust and provide feedback before it becomes the default. For new features smaller in scope, we will introduce an opt-in experimental features option in the app for customers who would like to participate in testing them.

“Appoint a Quality Ombudsperson. This new role will ensure our employees have a clear path to escalate any concerns in terms of quality and customer experience. This person will be consulted by executive leadership throughout the development process and before any product launches. In this role, the ombudsperson will guarantee transparency and publish a report to management and employees twice per year, and will present regularly to the Sonos board of directors.”

If you’ve read the story of what apparently went wrong with the new app’s launch, some of these are arguably just trying to change the company culture back to what it essentially was before things got shaken up. But if Sonos follows through, that could certainly lead to more successful launches than the app and the middling reception of the Sonos Ace headphones from the public at large (even if one of our writers hasn’t taken them off since launch).

Sonos also has three measures that it hopes will regain its customers’ trust, including the extended warranties mentioned above. Again, presented in the company’s words, here they are:

“Extend our home speaker warranties. To reflect our strong belief in the quality of our products, we will extend the manufacturer’s warranty by one year for all home theater and plug-in speaker products currently under warranty.

“Relentlessly improve the app experience with regular software upgrades. We will roll out updated mobile software versions every 2-4 weeks to optimize and enhance the software experience, even once this issue is resolved.

“Establish a Customer Advisory Board. To ensure we never lose sight of the voice of the customer, this board will provide feedback and insights from a customer perspective to help shape and improve our software and products before they are launched.”

Who knows whether all of these measures will really have teeth, and if they do, how quickly they’ll make a difference to the quality of Sonos’s products – perhaps its too late for the seemingly imminent launch of the Sonos Arc Ultra, or maybe in fact they’re all just in time for it.

The big question is whether it convinces Sonos’s existing customers to stick with the company the next time they’re looking to upgrade their audio, or whether they’ll turn to another options among the best wireless speakers.

You might also like…

KEF’s leveled-up speaker range now includes MAT – and yes, we are going to tell you what that isI love the look of Technics’ new wireless stereo speakers – but especially the weird microfiber coveringKanto Audio’s Ren isn’t skimpy when it comes to wireless stereo speaker features

Read More