ITy Bytes 7 August – Bose 300, new Intel/Windows vulnerability, Sammy’s new QLED Frame, Logitech Apple magic contender costs 75% less!

ITy Bytes 7 August

ITy Bytes 7 August are bit sized chunks of news you may need to know

  • No one here but us chickens – ChickenGuard;
  • Bose 300 for 360° with OK Google or Alexa;
  • Top Malware to look out for – from Check Point;
  • Bitdefender finds critical Intel/Windows vulnerability – patch NOW;
  • NordVPN says school Wi-Fi is very vulnerable;
  • Samsung ups the Frame to QLED quality;
  • Logitech slim and quite MK740 keyboard and mouse combo

ITy Bytes 7 August

No one here but us chickens – ChickenGuard

Apparently chicken owners must open the henhouse door in the morning and close it in the evening. Mad inventor Ben Braithwaite invented ChickenGuard, the world’s first self-locking door kit to sate the growing numbers of chicken-owning families.

The system uses timers and light sensors to open and close henhouse doors in the morning and evening, protecting the birds from predators and ensuring unbroken sleep for owners who prefer not to retire and rise as early as their hens do.

As its not 1 April I am sure Ben is sincere. His website certainly looks finger lickin’ good and asserts that (to date) 425,250 chickens have been saved, 256,788 randy chickens laid eggs, and 90,456 hungry foxes thwarted.

Bose 300 for 360° with OK Google or Alexa

The Bose 300 is the latest member of the growing Bose Smart Speaker family. It is a mains-powered, 360° mono speaker with Wi-Fi and Bluetooth and 3.5mm AUX inputs.

Music sources include any streaming music services over Wi-Fi controlled either by the Google Assistant or Amazon Alexa, or using the Bose Music app. It also has Spotify and Apple AirPlay 2 compatibility and six pre-set source buttons.

Bose 300

Sound comes from one down firing full-range driver and Bose claims its DSP (digital signal processor) down mixes stereo to “maximise audio output from its small size and to produce surprisingly deep bass, leveraging an advanced acoustic port design with Bose’s innovative QuietPort technology.”

At release it does not support Google News playback or sleep sounds but that may come. It is not a Chromecast speaker as such. It supports multi-room speaker setup with Bose 500, Bose Sound bars 500 and 700.

As is typical of Bose there are no specifications and we will be reviewing it soon. Price: $399.95 from Bose and delivery around 15 August.

Top Malware to look out for – from Check Point

While JavaScript miner, JSEcoin continues to dominate for the third consecutive month, new malware such as NanoCore and AgentTesla have infiltrated Australian devices for the first time. Percentages refer to Australian cyber incident cases impacted by this specific malware.

Check Point
  1. ↔ JSEcoin, 4.53% A JavaScript miner embedded in websites. It runs in your browser in exchange for an ad-free experience, in-game currency and other incentives.
  2. ↑ Magecart, 3.80% A malicious JavaScript code injected into e-commerce websites to steal credit card payment details. A compromised website containing the malicious code can leak the customer’s payment details to the attacker.
  3. ↓ XMRig, 3.65% An open-source CPU mining software for Monero cryptocurrency. First seen in May 2017.
  4. ↑ Formbook 3.51% An InfoStealer that targets the Windows OS. First seen in 2016, it has strong evasion techniques and relatively low hacker purchase price. It harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes and can download and execute files according to its C&C orders.
  5. ↑ Dorkbot, 3.36% IRC-based worm designed to allow remote code execution and downloads additional malware to the infected system. The primary goal is to steal sensitive information and launch Denial-of-Service attacks

5-10

  1. ↑ Nanocore, 2.78% is a Remote Access Trojan (RAT) since 2013. It targets Windows and features base plugins and functionalities such as screen capture, cryptocurrency mining, remote control etc.
  2. ↑ Trickbot, 2.49 A Dyre variant first seen in October 2016. It targets banking users mostly in Australia and the UK, and recently India, Singapore and Malaysia.
  3. ↓ Emotet, 2.34% An advanced, self-propagating and modular banking trojan. It uses multiple methods and evasion techniques for maintaining persistence and avoiding detection.
  4. ↑ AgentTesla, 2.19% An advanced RAT functioning as a keylogger and a password stealer since 2014. It can monitor and collect keyboard input, system clipboard, take screenshots, and exfiltrateg credentials (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). It is openly sold to Hackers for $15-$69 for user licenses.
  5. ↓  Crytpoloot 1.90% Cryptominer malware, using the victim’s CPU or GPU power and existing resources for  crypto mining activities. It is a competitor of Coinhive.

Bitdefender finds critical Intel/Windows vulnerability – patch and keep up to date

Bitdefender has found a new security vulnerability that affects all modern Intel CPUs which leverage speculative-execution, potentially letting hackers access passwords, tokens, private conversations, encryption and other sensitive data of both home and enterprise users.

ITy Bytes 7 August

The vulnerability, discovered less than three months after the last worldwide security alert regarding Intel processors, opens the way to a side-channel attack that gives the attacker a method to access all information in the operating system kernel memory.

The attack bypasses all known mitigations implemented after the discovery of Spectre and Meltdown in early 2018. Bitdefender Hypervisor Introspection mitigates this new attack on unpatched Windows systems.

“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” said Gavin Hill, Vice President, Datacenter and Network Security Products at Bitdefender. “Research into these attacks is on the cutting edge as it gets to the very roots of how modern CPUs operate and requires a thorough understanding of CPU internals, OS internals, and speculative-execution side-channel attacks in-general.”

Bitdefender has worked with Intel for more than a year before the public disclosure of this attack. It is possible that an attacker with knowledge of the vulnerability could have exploited it to steal confidential information. Microsoft, and the other ecosystem partners have – or continue to assess – issuing patches, as appropriate.

NordVPN says school Wi-Fi is very vulnerable

There are approximately 9,500 Australian schools and most have vulnerable Wi-Fi networks. Here are a few examples:

  • Hackers got the addresses and phone numbers of Melbourne’s Blackburn High School students through an unsecure Wi-Fi network. This data was used in attempted scams.
  • A hacker used a phishing link to make students log into a site on the dark web.
  • A cybercriminal hacked into a school’s Wi-Fi and started a conversation with a Year 6 student on his iPad.
  • In 2015, a 7-year-old girl from the United Kingdom showed how easy it is to break into a public Wi-Fi network. It took her less than 11 minutes to infiltrate the hotspot by setting up a rogue access point. Hackers frequently use this technique to activate a ‘man in the middle’ attack and begin eavesdropping on the traffic.

Daniel Markuson, digital privacy expert at NordVPN, said

School and Public Wi-Fi networks are usually so unsecure that even a seven-year-old kid with an interest in tech can hack them. Loads of online tutorials provide tips on how to do that.”

He suggests that parents raise the question of Wi-Fi security at school. More importantly make sure the child automatically uses a virtual private network (VPN) like NordVPN, an encrypted tunnel between the Wi-Fi network and a child’s device. Most importantly, talk to kids and help them understand online security threats and the importance of digital privacy.

ITy Bytes 7 August

Samsung ups the Frame to QLED quality – ITy Bytes 7 August

QLED is best in bright environments where you want colours to pop. The new 2019 Frame (43/55/65-inches for $1499/2499/3499) is a QLED TV with a selection of over 1,200 works via the Samsung Art Store for just $5.99 a month. Or use your own photos!

ITy Bytes 7 August

Jeremy Senior, Head of Consumer Electronics, Samsung Electronics Australia said

“The Frame has changed the way Australians think about television design and functionality. It seamlessly blends into the décor to provide a stylish addition and now Samsung’s premium TV and art viewing experience.”

The Frame’s Brightness and Colour Sensor can adjust the screen settings based on the ambient light in the room. A motion sensor detects movement automatically turning the screen on or off.

The 2019 Frame includes:

  • One Clear Cable: frees living spaces from unsightly cords by combining the optical cable and power into one thin five-metre cord for better TV or wall placement
  • Smart TV enhancements: SmartThings, Bixby, Google Assistant, Amazon Alexa, or Apple AirPlay, offering flexibility.

Logitech slim and quite MK470 keyboard and mouse combo – Apple Magic contender at 25% of the price – ITy Bytes 7 August

We have all seen those impossibly thin Apple keyboards – now Logitech has a Wireless (USB dongle) quality contender than offers a better and quieter typing experience using its scissor switches for a laptop like (not a MacBook like) experience. Battery life is 18/36 months for mouse/keyboard. Price is $79.95 which is excellent value compared to an Apple Magic keyboard at $179 and a Magic 2 mouse at $139. Website here.

ITy Bytes 7 August

Damian Lepore, Managing Director of Logitech ANZ said

“With all of the quality you expect from Logitech, the MK470 Slim Combo is a space-saving and quiet duo that will help you work at your best.”

ITy Bytes 7 August is a regular GadgetGuy feature that offers curated news bytes.