When Spectre, a class of critical vulnerabilities impacting modern processors, was publicly revealed in January 2018, the researchers behind the discovery said, "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration behind naming the speculative execution attacks.

Indeed, it's been more than three years, and there is no end to Spectre in sight.

A team of academics from the University of Virginia and University of California, San Diego, have discovered a new line of attack that bypasses all current Spectre protections built into the chips, potentially putting almost every system — desktops, laptops, cloud servers, and smartphones — once again at risk just as they were three years ago.

The disclosure of Spectre and Meltdown opened a floodgates of sorts, what with endless variants of the attacks coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorporate defenses to alleviate the vulnerabilities that permit malicious code to read passwords, encryption keys, and other valuable information directly from a computer's kernel memory.

A timing side-channel attack at its core, Spectre breaks the isolation between different applications and takes advantage of an optimization method called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.

"A Spectre attack tricks the processor into executing instructions along the wrong path," the researchers said. "Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way."

The new attack method exploits what's called a micro-operations (aka micro-ops or μops) cache, an on-chip component that decomposes machine instructions into simpler commands and speeds up computing, as a side-channel to divulge secret information. Micro-op caches have been built into Intel-based machines manufactured since 2011.

"Intel's suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute," Ashish Venkat, an assistant professor at the University of Virginia and a co-author of the study, said. "But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel."

On AMD Zen microarchitectures, the micro-ops disclosure primitive can be exploited to achieve a covert data transmission channel with a bandwidth of 250 Kbps with an error rate of 5.59% or 168.58 Kbps with error correction, the researchers detailed.


Intel, in its guidelines for countering timing attacks against cryptographic implementations, recommends adhering to constant-time programming principles, a practice that's easier said than done, necessitating that software changes alone cannot adequately mitigate threats arising out of speculative execution.

"Constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software," Venkat said in a statement shared with The Hacker News. "The percentage of code that is written using Constant Time principles is in fact quite small. Relying on this would be dangerous. That is why we still need to secure the hardware"

The silver lining here is that exploiting Spectre vulnerabilities is difficult. To safeguard from the new attack, the researchers propose flushing the micro-ops cache, a technique that offsets the performance benefits gained by using the cache in the first place, leverage performance counters to detect anomalies in the micro-op cache, and partition it based on the level of privilege assigned to the code and prevent unauthorized code from gaining higher privileges.

"The micro-op cache as a side channel has several dangerous implications," the researchers said. "First, it bypasses all techniques that mitigate caches as side channels. Second, these attacks are not detected by any existing attack or malware profile. Third, because the micro-op cache sits at the front of the pipeline, well before execution, certain defenses that mitigate Spectre and other transient execution attacks by restricting speculative cache updates still remain vulnerable to micro-op cache attacks."

iOS 14’s headline features in that it is making headlines by pissing off advertisers--is “App Tracking Transparency,” a setting that lets users opt out of all tracking, including the data an app collects when you’re not using it (much to the chagrin of advertising platforms like Google and Facebook).
the recent iOS 14.5 update makes the feature even better, adding new settings that let you change tracking permissions for every app you’ve installed. How to use App Tracking Transparency in iOS 14.5You need to update to iOS 14.5 (or iPad OS 14.5) to use the new App Tracking Transparency settings, but once the update is installed, the feature is turned on by default. You’ll notice it take effect whenever you install a new app—a pop-up notification will now ask if you want to let the app track you. You can also review which apps are allowed to track you and change their permissions at any time in the iOS settings app:

1. Go to Settings > Privacy > Tracking.
2. Apps that request tracking permissions are listed under “Allow Apps to Request to Track.”
3. Tap one of the apps from the list to allow or restrict tracking permissions.

If you’d rather turn off tracking for all iOS apps, you can disable “Allow Apps to Request to Track” under Settings > Privacy > Tracking. This setting will also automatically apply to any new apps you download in the future.
​Note that disabling tracking will affect how an app works, and there’s a chance doing so could break features in some apps, while others may refuse to work at all. Generally, however, the most common effect is that you’ll see less relevant ads—something an app will warn you of if you disable its tracking permissions. You can always restore tracking permissions if that proves to be an issue for you (and you don’t mind being tracked). And if an app isn’t working with tracking disabled and you still don’t want to be tracked, you can always delete that app. iOS 14.5’s App Tracking Transparency isn’t the only privacy-focused feature Apple has recently rolled out to its users. The App Store now tells you what kinds of data iOS apps track before you download them, and the latest versions of Safari prioritize anonymity and make you difficult to track.
​

3. Now from these options, select settings

4. Now select Account option

5. And now you have to select Privacy option in WhatsApp

6. When you are on a Privacy page, you will see About option, click on it

7. In About Option you will get 3 options:

• Everyone
• My Contacts
• Nobody

• Everyone: if you select Everyone option, then everyone will able to see      your WhatsApp number in WhatsApp groups.
• My Contacts: if you select My Contacts, then every person which is added in your contact list will able to see your number in WhatsApp groups.
• Nobody: and the last option is Nobody, if you select Nobody, then nobody  will able to see your WhatsApp number, whether they are in your contacts or not.

I personally use My contacts option in the about section because everyone in my contacts is known to me and there will be no problem if the see my WhatsApp number.

Now if you join a WhatsApp group or your friend adds you in a WhatsApp group, your number will be hidden, according to which option you choose in about option.

Few important things to remember

• If you don't share your last seen, you won't be able to see other users’ last seen.
• If you turn off read receipts, you won't be able to see read receipts from other users. Read receipts are always sent for group chats.
• If a contact has turned off read receipts, you won’t be able to see if they’ve viewed your status updates.
• There’s no way to change you can see when you’re online or typing....

This complete process is also available on FAQs by WhatsApp

If your iPhone isn't charging, you should try cleaning your charging port. 
​

• If your iPhone isn't charging, then there might be so much dust, dirt, and lint in the port that the Lightning cable can no longer make a solid connection.
• You can clean it with compressed air or a toothpick, but always be very careful to ensure you don't damage anything inside the small port.
• Never insert anything metallic in the iPhone's Lightning port, and do not get it wet.

There are a few reasons that your iPhone might not be charging properly you might need to restart your phone, check the Lightning cable for kinks and breaks, and ensure your power source is working. If you check all those things and it still doesn't work, it's possible there's enough debris in your port to keep the connector from making a solid connection.
Yes, your iPhone's port can get so dirty it stops working. Anytime you put it in a pocket or bag, small bits of dirt, dust, and lint can find their way in. And when you insert the cable, that compresses and packs the dirt deep in the port. Eventually, it might become so fouled with debris that it stops working.
How to clean the iPhone's Lightning portYou should get a flashlight, or work under a bright LED desk lamp — the brighter the better, since you need to see deep into the Lightning port.

What is RDP?RDP, or the Remote Desktop Protocol, is one of the main protocols used for remote desktop sessions, which is when employees access their office desktop computers from another device. RDP is included with most Windows operating systems and can be used with Macs as well. Many companies rely on RDP to allow their employees to work from home.
What are the main RDP security vulnerabilities?A vulnerability is a gap or an error in the way a piece of software is constructed that allows attackers to gain unauthorized access. Think of an improperly installed deadbolt on the front door of a house that allows criminals to break in.
These are the most important vulnerabilities in RDP:

1. Weak user sign-in credentials. Most desktop computers are protected by a password, and users can typically make this password whatever they want. The problem is that the same password is often used for RDP remote logins as well. Companies do not typically manage these passwords to ensure their strength, and they often leave these remote connections open to brute force or credential stuffing attacks.
2. Unrestricted port access. RDP connections almost always take place at port 3389*. Attackers can assume that this is the port in use and target it to carry out man-in-the-middle attacks, among others.

*In networking, a port is a logical, software-based location that is designated for certain types of connections. Assigning different processes to different ports helps computers keep track of those processes. As an example, HTTP traffic always goes to port 80, while HTTPS traffic goes to port 443.
What are a few ways to address these RDP vulnerabilities?To reduce the prevalence of weak sign-in credentials:
Single sign-on (SSO): Many companies already use SSO services to manage user logins for various applications. SSO gives companies an easier way to enforce strong password usage, as well as implementing even more secure measures like two-factor authentication (2FA). It is possible to move RDP remote access behind SSO in order to shore up the user login vulnerability described above. 
Password management and enforcement: For some companies, moving RDP behind SSO may not be an option. At the bare minimum, they should require employees to reset their desktop passwords to something stronger.
To protect against port-based attacks:
Lock down port 3389: Secure tunneling software can help stop attackers from sending requests that reach port 3389. With a secure tunnel in place, any requests that do not pass through the tunnel will be blocked.
Firewall rules: It may be possible to manually configure a corporate firewall so that no traffic to port 3389 can come through, except traffic from whitelisted IP address ranges (e.g. the devices known to belong to employees). However, this method takes a lot of manual effort, and is still vulnerable to attack if attackers hijack a whitelisted IP address or employee devices are compromised. In addition, it is typically very difficult to identify and whitelist all employee devices in advance, resulting in continual IT requests from blocked employees.
What other vulnerabilities does RDP have?RDP has other vulnerabilities that have technically been patched, but which are still severe if left unchecked.
One of the most severe vulnerabilities in RDP is called "BlueKeep." BlueKeep (officially classified as CVE-2019-0708) is a vulnerability that allows attackers to execute any code they want on a computer if they send a specially crafted request to the right port (usually 3389). BlueKeep is wormable, which means it can spread to all computers within a network without any actions from users.
The best defense against this vulnerability is to disable RDP unless it is needed. Blocking port 3389 using a firewall can also help. Finally, Microsoft issued a patch that corrects this vulnerability in 2019, and it is essential that system administrators install this patch.
Like any other program or protocol, RDP has several other vulnerabilities as well, and most of these can be eliminated by always using VPN to the network with max number of password layers.

Apple recently confirmed some serious problems for iPhones and iPads, and now there are more. Apple's iPhone 11 Pro and iPhone 11 Pro Max are among the iPhones affected by a new display problem, a growing number of iPhone owners are taking to Reddit, tech forums and social media to report a flaw with their iPhone displays. For some, the issue appears to be triggered by a recent iOS update, but for others it has been accepted by Apple as a hardware fault which has required a new display. The flaw is a bizarre green tint which colors the whole display with a swampy hue (see image below). For some it occurs only in low light, for others it’s momentary when unlocking their phones and for others it is there permanently. iPhone 11 Pro and Pro Max phones seem to be worst affected, though there are reports going back to the iPhone X - the common thread being OLED displays. Moreover, some iPhone owners report the problem first arrived for a minority of owners with iOS 13.4 and was made worse with the iOS 13.5 and iOS 13.5.1 software updates, while some recent buyers report the problem was there straight out the box. The green tint problem (right) affecting iPhones with OLED displays
Consequently, there is confusion about how this will be fixed. Given the reports of problems following iOS updates, it would appear Apple could fix this with software. That said, this is complicated by the fact most affected users find that taking a screenshot and viewing it on another display shows no tint, suggesting it is not at a software level. Apple has also acknowledged the problem in some cases and approved official resellers to replace the displays under warranty. Of course, the reality could be that this is a combination of software and hardware issues with a bad batch of OLED displays being impacted by an underlying change in recent iOS updates. Affected iPhone owners say the problem remains in Apple’s new iOS 13.5.5 beta, so the timeline for a fix is unknown either through software or a hardware recall. On the plus side, iOS 14’s inclusivity will buy Apple time but pressure is now on the company to explain what is going on.  

Cyble, a cybersecurity company, first noted the situation on April 1st: half a million Zoom accounts for sale on the dark web, available at a bulk price of $0.002 per account. Other accounts are reportedly being shared for free.
​
The video conferencing platform has been under intense scrutiny during an unprecedented moment when the world is depending on its technology more than ever. Following various issues, they halted all features development for 90 days in order to address the multiplying security concerns.
What information was compromised in this incident?

• Email addresses
• Passwords
• Personal meetings URLs and host keys

The host key is a six-digit pin tied to a user’s account that is used to claim host controls for a meeting.
Was Zoom hacked?No. The breached accounts appear to be an instance of credential stuffing, a type of attack in which hackers use previously stolen account credentials in a large-scale, automated attempt to gain access to a different company’s accounts.

Hank Green✔@hankgreenThis is being discussed as a hack of Zoom, but Zoom didn't leak the passwords. Hackers used previously-leaked username/password combos from other hacks to attempt to login to Zoom. Hackers found over 500,000 that worked. https://twitter.com/SAI/status/1249986400512024576 …
Business Insider Tech✔@SAIResearchers found and bought more than 500,000 Zoom passwords on the dark web for less than a cent each http://www.businessinsider.com/500000-zoom-accounts-sale-dark-web-2020-4 …

What is the best way to protect yourself from this type of credential stuffing attack?Stop reusing the same passwords on multiple accounts. All your accounts—but especially those that store sensitive information like credit card or social security numbers—should be protected with strong, unique passwords. A strong password has a minimum of 8 characters and includes a mix of uppercase letters, lowercase letters, numbers, and special characters. Here are some additional tips to help you get out of the habit of reusing passwords:
Use a password manager
The average person has over 150 accounts. That is too many complex, unique passwords for the human brain to remember. That’s where password managers can help.These have a built-in password generator to help you create strong passwords for new accounts and save them securely, plus in-app security alerts that notify you immediately when you need to change your passwords after a data breach.
Enable 2FA
You have the option to add extra protection with two-factor authentication (2FA), especially on sensitive apps like your social media and online banking accounts.
Quit reusing weak passwords. 

How to keep your Zoom chats secure and privateThere’s a reason Zoom is wildly popular. It’s incredibly simple and intuitive, but in removing all friction from its product, the company neglected crucial security elements—a decision they are currently reevaluating. In the meantime, here are some tips for making your Zoom conferences more secure:
Keep your Zoom link or code private
Don’t share it out on public channels or social media.
Set a meeting password
A password will keep unwanted people from crashing your meeting. Here is info on how to add a password.
Make a waiting room
This will let the host see all attendees and invite the appropriate people to join the meeting. Here’s how.
Update to the latest version of Zoom
Zoom has shifted resources to fixing the security issues so make sure to keep the app updated as changes come in. More info here.

Apple FaceTime Spying Bug: What You Need to Know
Apple moved quickly last night to disable an embarrassing privacy flaw that let iPhone users spy on other iPhone and Mac users via Group FaceTime. The company promised a permanent fix later this week.
Until then, you may want to disable FaceTime just as a precaution. In iOS, the off switch is in Settings > FaceTime. In macOS, you have to open FaceTime, then select "Turn FaceTime Off" from the menu bar.
Somebody -- a teenager, according to one report -- discovered that if you made a FaceTime call from an iPhone running iOS 12.1 or later, then swiped up on the screen to add your own number to the call before the other party picked up, you could hear all the audio from the other phone's microphone even if the other person never answered.
The trick spread across social media Monday (Jan. 28), according to 9to5Mac, which first reported on the bug. The Verge was able to replicate the bug, and discovered that it transmitted video too if the recipient of the call pressed the power or the volume-down button -- as one might do to dismiss the call or, um, turn on the camera.
"We have identified a fix that will be released in a software update later this week," Apple told the Verge and Buzzfeed News in virtually identical statements.
We were able to confirm that the trick worked Monday evening by placing a FaceTime call from an iPhone SE to an iPhone 7. The audio came through from the 7 without it answering the call. When the power button was pressed, the video came through as well.
But about an hour later, Apple switched off the servers that make Group FaceTime possible. Apple's System Status page noted that as of 10:16 p.m. EST Monday, Group FaceTime was "temporarily unavailable."
We confirmed Tuesday morning that the trick no longer worked. Attempting to add yourself to a FaceTime call while the other party's phone rang resulted in an error message stating that the call had "failed."
On Monday, Twitter user Benji Mobb posted video of the trick in action. Both iPhones needed to be running iOS 12.1 or later, or macOS 10.14 Mojave. (Group FaceTime was added in iOS 12.1 and apparently is where the problem lies.)
Twitter user @tythegoddess tweeted about the bug at around noon Monday Eastern time.
"There's apparently a bug that allows people to still be able to talk to you even if you don't answer the call," she wrote. "Don't believe me? FaceTime someone and then add yourself to the call."
That may have been what got the ball rolling on social media, but a little-noticed tweet from more than a week earlier indicated that someone had already tried to notify Apple.
"My teen found a major security flaw in Apple's new iOS," wrote user @MGT7500 on Jan. 20. "He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport ... waiting to hear back to provide details. Scary stuff!"

​

A bug in Apple devices that let callers listen in on  others' microphones without their knowledge has been disabled after political leaders, business leaders and a number of media reports put pressure on the tech giant as it works to permanently solve the issue.
The software problem, which lets users use the group chat function in FaceTime, call someone and then listen in on their conversations even if the other person did not pick up, was demonstrated through videos online and reported on this week by tech blogs. The bug was first confirmed by Bloomberg News and subsequently reported elsewhere, including Fox News.
"We're aware of this issue and we have identified a fix that will be released in a software update later this week," Apple said in a statement Tuesday.

Perhaps serendipitously, the issue occurred on Data Privacy Day, a cornerstone for Apple and a day when CEO Tim Cook tweeted about privacy, writing "the dangers are real and the consequences are too important."
Tim Cook✔@tim_cookWe must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.
Apple's online support page noted there was a technical issue with the application and that Group Facetime "is temporarily unavailable."
New York governor Andrew Cuomo issued a statement warning people about the bug and urging people to disable the app until Apple fixes the issue.
"The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk," Governor Cuomo said in the statement. "In New York, we take consumer rights very seriously and I am deeply concerned by this irresponsible bug that can be exploited for unscrupulous purposes. In light of this bug, I advise New Yorkers to disable their FaceTime app until a fix is made available, and I urge Apple to release the fix without delay."
Jack Dorsey, CEO of Twitter, a company that has also had its share of privacy issues in recent memory, called on users to disable FaceTime until Apple fixes the issue.

jack✔@jackDisable FaceTime for now until Apple fixes
Andy Baio✔@waxpancakeWant to see a really bad bug? You can FaceTime any iOS device running 12.1 and listen in remotely—WITHOUT THE OTHER PERSON ANSWERING THE CALL. (via @bzamayo) https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/ …
The FaceTime bug exists on iOS devices that have iOS 12.1 or later. To disable the FaceTime app temporarily, users can go to Settings, select FaceTime and then toggle it to off until a patch has been issued.
The issue comes at a critical juncture for Apple, which has been beset by slowing iPhone sales. Earlier this month, the company issued a rare update to its quarterly revenue projections, saying it would miss fiscal first-quarter estimates by as much as $9 billion, due in part to the Trump administration's trade war with China.
Apple's market cap declined approximately $75 billion in value, though that has since been recovered on hopes that the worst may be over for the tech giant.
Cupertino, Calif.-based Apple is set to report fiscal first-quarter results after the close of trading on Tuesday. Analysts surveyed by FactSet expect Apple to report $4.17 a share in earnings and roughly $84 billion in revenue.

Facebook is planning to integrate its three instant messaging apps, WhatsApp, Facebook Messenger, and Instagram’s direct message function, it has been revealed. The plans come from Mark Zuckerberg, Facebook’s CEO, himself, The New York Times reports.
The three apps have, historically-speaking, targeted different audiences, had different uses, and different structures. Zuckerberg even insisted when Facebook first acquired them that Instagram and WhatsApp would have a certain amount of autonomy from their new owners. Lately, certain functions have begun to appear in all three of them – Instagram stories and Facebook stories for example, and the equivalent WhatsApp status – but the underlying structure of the apps has remained different and distinct. Not for long, apparently. The change is expected between the end of the year and the beginning of the next.
Zuckerberg has said that while the three apps will continue to be standalone and separate, their technical infrastructure will be the same. This change will also allow users to message each other from any of the three apps without having to switch platform.
This move requires that every communication will be end-to-end encrypted, visible only to the users and no-one else. Currently, only WhatsApp provides that as a default option. Facebook messenger allows encryption only in secret conversations, which can be accessed from the app, but it's not the default. Instagram doesn’t have anything like it. So, this is good news for privacy but only if it is done properly. And given Facebook's track record, people have every right to be skeptical.
“[T]his move could potentially be good or bad for security/privacy," Matthew Green, associate professor of Computer Science at the Johns Hopkins Information Security Institute said in a Twitter thread about the plans. "But given recent history and financial motivations of Facebook, I wouldn’t bet my lunch money on “good”. Now is a great time to start moving important conversations off those services.”
There is also the matter of different registration requirements when it comes to different apps. You need your Facebook identity for messenger, an email for Instagram, and your phone number for WhatsApp. There are clear concerns how the metadata from the future interactions between users across the platform will be used by Facebook. Some people might not want to have their identities across these platforms unified and would rather opt out. It is unclear at this time what guarantees will be put in place to address these concerns.
This close integration is a significant U-turn on the way the three platforms have been run until today and many speculate it is part of the reason why both Instagram and WhatsApp's founders stepped down from their board positions at Facebook last year.