Tens of thousands of SonicWall VPN firewall platforms are vulnerable to different flaws, putting their users at risk of remote exploitation, data breaches, privilege escalation, and more.
Cybersecurity researchers at BishopFox scanned the internet with Shodan and BinaryEdge, and running proprietary scripts to analyze the returning data, discovered there were 430,363 endpoints exposed to the internet.
While this doesn’t necessarily mean they’re vulnerable, endpoints such as these ones should not be connected to the wider internet to begin with, since it means crooks could try to access them and look for holes.
End of life"The management interface on a firewall should never be publicly exposed, as this presents an unnecessary risk," BishopFox said in its report. "The SSL VPN interface, although designed to provide access to external clients over the internet, should ideally be protected by source IP address restrictions."
Drilling deeper, BishopFox found that almost 120,000 endpoints were running versions affected by serious vulnerabilities, including 25,485 endpoints with critical severity flaws, and 94,018 endpoints with high severity bugs. Furthermore, they said that 20,710 endpoints were running versions of the software that are no longer supported by the vendor.
This presents a rather large attack surface that threat actors can exploit. SonicWall SSL VPN devices are often targeted in different campaigns, including the recent strikes by both Fog and Akira ransomware groups. These threat actors were abusing flaws to gain initial access to corporate networks, where they later deployed ransomware encryptors and wreaked havoc across enterprise infrastructure.
To tackle the threat, businesses should make sure they are always running the latest versions of their software, and that their endpoints are still supported by their respective vendors.
Via BleepingComputer
You might also likeDay 10 of the 12 Days of OpenAI went a little retro to make ChatGPT far more accessible than before. OpenAI has introduced new ways to interact with ChatGPT using a much older form of communication technology: a phone number. Specifically, you can text with ChatGPT through WhatsApp and by calling a toll-free phone number. AI by landline has arrived. Naturally, the number to call or message is 1-800-CHATGPT.
You can start a conversation with ChatGPT on WhatsApp by texting 1-800-242-8478 on the app. You can message ChatGPT like any other WhatsApp chatbot but get responses matching those from the free tier of ChatGPT on the mobile app or website. Not every ChatGPT feature is available on WhatsApp either. You can’t ask the AI to search for things online or analyze images, at least for now.
If you’d rather have your AI answers by audio, you can pick up your phone to dial 1-800-CHATGPT (that’s 1-800-242-8478), and a very friendly, very human-like female voice will answer all the same queries you might type out to send to ChatGPT. The experience is pretty much like ChatGPT’s Advanced Voice Mode, where you ask questions, and the AI responds in real-time. It can help you translate a sentence, give recommendations, or chat about whatever’s on your mind.
Even if you still you have a phone like this, you can call ChatGPT. (Image credit: Future) Search AIThere are obvious accessibility benefits to OpenAI in making ChatGPT far more globally available, even with all of the limits and caveats. It’s the same reason Google set up a phone number for Google Assistant that people could call to interact with the voice assistant. But, it also points to how OpenAI and its rivals want to see AI integrated into more communication channels. That’s why both OpenAI and Apple were keen to add ChatGPT capabilities to Siri, augmenting the iOS assistant with the AI model.
There are also limits to ChatGPT on WhatsApp and by phone. You can only message ChatGPT on WhatsApp a limited amount a day, though OpenAI is vague about what that limit actually is. You’ll get a warning when you approach the limit, so you’re not surprised by the cutoff. Similarly, ChatGPT phone conversations aren't unlimited. Instead of a message cap, you get 15 minutes a month for verbal interactions with the AI. And the phone number only works in the U.S. for now. An automated phone number was certainly a surprise for OpenAI’s latest ‘present,’ akin to finding an old wooden train under the wrapping paper. I'd expect that OpenAI will probably take a more future-facing approach to the final two gifts before the event ends.
You might also likeAmazon’s had a pretty packed few months – including new Kindles, a Fire TV Stick refresh, and an entry into Mini LED TVs – and is now debuting a new accessibility feature, expanding another, and highlighting an accessible addition for some product packaging.
A variety of Fire TV devices already support the ability to beam audio directly to hearing aids thanks to support for the Audio Streaming for Hearing Aids (ASHA) protocol. Amazon’s latest move, though, is dubbed “Dual Audio” and is exclusive to the Fire TV Omni Mini LED TV series for now – with this, you can send audio using ASHA to a hearing aid and audio through the TV’s speakers.
This is the first time a Fire TV device can send audio out in two streams. This way, if you’re wearing a hearing aid, you can watch TV with family members and have it be a communal experience without any delays. It’s exciting to see this launch for the Fire TV Omni Mini LED TV series, but I do hope Amazon can expand this to other Fire TV devices as well – be it a Fire TV 4-Series model or a streaming stick.
(Image credit: Amazon)A software update will be required to enable this, and it will start rolling out to the Fire TV Omni Mini LED TV series in the ‘coming weeks.’ Once it’s installed, you’ll be able to turn on ‘Dual Audio’ in Settings under Accessibility. You’ll pair a compatible hearing aid with the TV to start the process, and then with it, you can have audio through the aid as well as the TV speakers. After that first setup, you can also use quick settings to turn the feature on and off.
More broadly, beyond just the Fire TV Omni Mini LED TV series, Amazon is expanding the types of hearing aids that can be paired with its Fire TV family of devices. Now supported via the audio streaming protocol for hearing aids are Widex Moment Behind-The-Ear (BTE) and Receiver-In-Canal (RIC) aids. BTE and RIC hearing aids will be supported on all ASHA-enabled Fire TV devices like the Omni TV lineup, Fire TV Cube, and the 2- and 4-Series Fire TV models.
(Image credit: Amazon)Beyond support for more types of hearing aids and Dual Audio on the Fire TV Omni Mini LED TV series, Amazon has also added a tactical-marked, raised QR code inside the packaging of select devices. The QR code, which features raised dots, is designed to help customers who have low vision or are blind easily access quick setup guides and other support documents. You’ll scan the QR code and be taken to these; the raised QR code is found on the “top left corner on the back panel of the device Quick Start Guide” inside the packaging.
It’s not found on every device that Amazon makes, but it is found on some of the new Kindles – Colorsoft, Paperwhite, and Scribe – the Fire TV Soundbar and Soundbar Plus, Fire TV Omni Mini-LED Series, Echo Spot, Echo Show 15, and Echo Show 21.
You might also likeSome people might not know that until pretty recently, Microsoft made computer accessories - and it looks like Microsoft is dipping its toe in again. The company actually has a considerable history of creating PC accessories, from ergonomic keyboards to high-precision mice. After discontinuing its own brand of PC accessories last year, Microsoft has partnered with Incase to bring back some of those back.
Incase put out a post announcing the partnership starting in 2024, promising to combine both companies’ expertise to bring you 23 computer accessories to start with and possibly more to come. You can get products that some might recognize, such as the Modern Mobile Mouse or Sculpt Ergonomic Keyboard, but now with the Incase logo and branding.
(Image credit: Incase) What Incase and Microsoft have to offerIn practical terms, these accessories will work just as well as the originals and they come at great prices that won’t make you jump out of your seat. For example, the $24.99 Mobile Mouse 1850 is a lightweight, reliable wireless mouse that’s perfect for everyday tasks, while the $39.99 Modern Mobile Mouse offers a sleeker design with better performance for on-the-go professionals. This new lineup also includes keyboards that are wireless, ergonomic, and compact, along with headsets and a webcam.
While Microsoft has pretty much entirely left the PC accessory market, its Surface range includes Surface-specific gear, like the Surface Desktop Keyboard with its AI-powered Copilot+ key, which shows off Microsoft’s commitment to its premium Surface lineup. So, whether you’re looking for dependable classics under the new “Incase Designed by Microsoft” label or cutting-edge tech under the Surface brand, Microsoft has something for everyone.
Those who are familiar with Microsoft’s computer accessories will probably welcome this announcement. While some have complaints about products like Microsoft 365, Edge, and, of course, Windows, it is still a highly trusted company, and with Incase’s collaboration efforts, I think these will be pretty decent quality for the price.
YOU MIGHT ALSO LIKE...A person in Louisiana has been hospitalized after becoming infected with a case of bird flu that's been linked to wild birds and poultry.
(Image credit: AP)
As the world watches Syria grapple with the aftermath of Bashar al-Assad's brutal regime and the formation of a new government, one neighbor has emerged as having great influence over the new Syria.
(Image credit: Yasin Akgul)
The Fed lowered interest rates by a quarter percentage point — but policymakers are projecting fewer rate cuts next year as inflation remains elevated.
(Image credit: Andrew Caballero-Reynolds)
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued its first binding operational directive for 2025, which includes a set of rules and requirements to make sure the Microsoft 365 cloud environments meet its cybersecurity standards.
BOD 25-01 is mandatory for all Federal Civilian Executive Branch (FCEB) systems and assets, but CISA advises enterprises in the private sector to follow along, as well.
It revolves around deploying a custom automation configuration assessment tool (ScubaGear for Microsoft 365 audits), integrating with CISA’s continuous monitoring infrastructure, and then fixing any deviations from the list of required secure configuration baselines (SCB).
Mandatory policies"Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services," CISA said.
"This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA's Secure Cloud Business Applications (SCuBA) secure configuration baselines."
Here is what CISA demands FCEB organizations do:
- Identify all cloud tenants within the scope of this Directive by February 21, 2025.
- Deploy all SCuBA assessment tools for in-scope cloud tenants no later than Friday, April 25, 2025
- Implement all mandatory SCuBA policies effective as of the Directive’s issuance no later than Friday, June 20, 2025
- Implement all future updates to mandatory SCuBA policies
- Implement all mandatory SCuBA Secure Configuration Baselines
The list of all mandatory policies can be found on the Required Configurations website. At press time, it included secure configuration baselines for Microsoft 365, Azure Active DIrectory / Entra ID, Microsoft Defender, Exchange Online, Power Platform, SharePoint Online & OneDrive, and Microsoft Teams.
Google and other cloud platforms are set to follow in the coming months.
CISA also has a list of mandatory actions, you can read more about those here.
Via BleepingComputer
You might also likeA new law gives TikTok a Jan. 19 deadline to sell to a non-Chinese company or face a nationwide ban. Law professor Alan Rozenshtein explains what this means and how President-elect Trump might intervene.
In April, Congress passed a law forcing TikTok to sell to a non-Chinese company or face a nationwide ban. Law professor Alan Rozenshtein, delves into the legal and cultural stakes of that law.
LG has announced that its 77-inch Signature OLED T transparent OLED TV is now available to buy. The world’s first transparent OLED TV with wireless audio and video transfer, the Signature OLED T made a big splash when it was demonstrated at CES 2024, where it was shown without any confirmed release date or price.
We now have that information: The 77-inch Signature OLED T is available at select LG retailers, Best Buy, and LG.com for $59,999 in the United States. Availability in other markets will be announced at a future date.
The LG Signature OLED T’s screen can transform from transparent to opaque at the push of a button, allowing for a range of display options, including installation in front of windows. When in transparent mode, objects on-screen appear to float in 3D space. In opaque mode, a roll-up back panel transforms it into a regular display for streaming movies and TV, and the Signature T is also optimized for gaming, with 4K at 120Hz support, AMD FreeSync Premium compatibility, and Nvidia G-Sync certification.
According to LG’s press release, the Signature OLED T provides three separate display options:
Transparent displays captured our imagination at CES 2024, with LG and Samsung making them a primary focus of their “Innovation room” exhibits. Of the two, LG’s Signature OLED T looked the most ready for prime time. Although no availability date was given, it was said to arrive in 2024.
LG has clearly made good on its promise, with the Signature OLED T arriving just in the nick of time in mid-December 2024. At $59,999, the transparent OLED is quite a bit more expensive than the best OLED TVs, even 83-inch 8K models such as the LG Z3.
Still, for those craving a design-forward TV that pushes the limits of tech and captures the imagination, the Signature OLED T might just be the ticket.
@techradar ♬ One Night - Frank Bramble & Slip.stream You might also like...Huawei engineers have reportedly released new Linux patches to enable driver support for High Bandwidth Memory (HBM) management on the company’s ARM-based Kunpeng high-performance SoC.
The Kunpeng 920, which debuted in January 2019 as the company’s first server CPU, is a 7nm processor featuring up to 64 cores based on the Armv8.2 architecture. It supports eight DDR4 memory channels and has a thermal design power (TDP) of up to 180W. While these specifications were competitive when first introduced, things have moved on significantly since.
Introducing a new Kunpeng SoC with integrated HBM would align with industry trends as companies seek to boost memory bandwidth and performance in response to increasingly demanding workloads. It could also signal Huawei’s efforts to maintain competitiveness in the HPC and server markets dominated by Intel Xeon and AMD EPYC.
No official announcement... yetPhoronix’s Michael Larabel notes that Huawei has not yet formally announced a new Kunpeng SoC (with or without HBM), and references to it are sparse. Kernel patches, however, have previously indicated work on integrating HBM into the platform.
The latest patches specifically address power control for HBM devices on the Kunpeng SoC, introducing the ability to power on or off HBM caches depending on workload requirements.
The patch series includes detailed descriptions of this functionality. Huawei explains that HBM offers higher bandwidth but consumes more power. The proposed drivers will allow users to manage HBM power consumption, optimizing energy use for workloads that do not require high memory bandwidth.
The patches also introduce a driver for HBM cache, enabling user-space control over this feature. By using HBM as a cache, operating systems can leverage its bandwidth benefits without needing direct awareness of the cache’s presence. When workloads are less demanding, the cache can be powered down to save energy.
While we don't have any concrete details on future Kunpeng SoCs, integrating HBM could potentially allow them compete more effectively against other ARM-based server processors, as well as Intel’s latest Xeon and AMD EPYC offerings.
You might also likeOver 800 million people have genital herpes — and in many cases the virus can flare up over a person's lifetime, causing painful symptoms. So why doesn't the world pay more attention?
(Image credit: BSIP/Universal Images Group via Getty Images)