Technology

Jan 07, 2025Ravie LakshmananFirmware Security / Malware Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. “The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode]

India’s government is considering fresh subsidies for electronic component-makers and cutting tariffs on imports to help boost local manufacturing, especially of smartphones made by companies like Apple Inc. The Ministry of Electronics and IT proposed giving manufacturers of components like batteries and camera parts at least 230 billion rupees ($2.7 billion) in support, according to

Jan 07, 2025Ravie LakshmananVulnerability / Network Security Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution. The list of vulnerabilities is as follows – CVE-2024-9138 (CVSS 4.0 score: 8.6) – A hard-coded credentials vulnerability that could allow an

Oppo Reno 13 and the Reno 13 Pro handsets have been unveiled globally after being launched in China in November 2024. The global launch of the series is accompanied by two new devices, Oppo Reno 13F 5G and Reno 13F 4G. The Oppo Reno 13F variants are equipped with 50-megapixel triple rear camera units and 5,800mAh batteries with

Jan 06, 2025Ravie LakshmananRegulatory Compliance / Data Privacy The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. “Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent,” India’s Press Information Bureau (PIB) said in a statement released Sunday.

The government on Friday released the long-awaited draft of Digital Personal Data Protection Rules which specify that parent’s verifiable consent will have to be obtained by social media or online platforms before children can create any account. Further, parents’ identity and age will also have to be validated and verified through voluntarily provided identity proof

Jan 03, 2025Ravie LakshmananTechnology / Data Privacy Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users’ privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current or former owners or purchasers of

Vivo will launch a mixed reality (MR) headset next year, the company reportedly announced during an event on Tuesday. The wearable is speculated to compete with other MR headsets in the wearable market such as the Apple Vision Pro and Samsung’s upcoming Project Moohan, which was announced earlier this month. Although specifics remain unknown, Vivo

Jan 03, 2025Ravie LakshmananDevOps / Software Development Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. “We expect that most users will not be directly affected, however, it is critical that you validate if you are affected

Apple is offering rare discounts of up to CNY 500 ($68.50 or roughly Rs. 5,874)) on its latest iPhone models in China, as the US tech giant moves to defend its market share against rising competition from domestic rivals like Huawei. The four-day promotion, running from January 4-7, applies to several iPhone models when purchased

Jan 04, 2025Ravie LakshmananMalware / VPN Security Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google’s Managed Defense team, shares functional overlaps with a known remote administration tool referred to

Redmi Note 14 was launched in India in December 2024 alongside the Redmi Note 14 Pro and Note 14 Pro+ handsets. The phones were also unveiled in China in September 2024. The company has now announced that the handsets will be introduced in global markets outside China and India. Alongside confirming the global launch date of the smartphones,

Jan 04, 2025Ravie LakshmananVulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It

OpenAI unveiled the reasoning-focused o3 series of artificial intelligence (AI) models last month. During a live stream, the company shared the benchmark scores of the model based on internal testing. While all of the shared scores were impressive and highlighted the improved capabilities of the successor to o1, one benchmark score stood out. On the

Jan 04, 2025Ravie LakshmananCyber Espionage / IoT Botnet The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as

OnePlus Watch 3 is expected to launch soon as a successor to the OnePlus Watch 2, which was introduced at MWC 2024 in February. Recent reports have suggested several key features of the purported smartwatch, however, a new report suggests that it may now be joined by a Pro variant. As per the report, the OnePlus

Jan 03, 2025Ravie LakshmananMachine Learning / Vulnerability Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model’s (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit

Apple agreed to pay $95 million (roughly Rs. 814 crore) in cash to settle a proposed class action lawsuit claiming that its voice-activated Siri assistant violated users’ privacy. A preliminary settlement was filed on Tuesday night in the Oakland, California federal court, and requires approval by US District Judge Jeffrey White. Mobile device owners complained

Jan 03, 2025Ravie LakshmananWindows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday

Redmi A5 has reportedly showed up on the IMEI database and the listing explicitly mentions the name and model number of the unannounced device. The new Redmi A series phone could debut as a budget offering. It is likely to succeed the Redmi A4 5G that was launched in November last year with a Snapdragon