Welcome, Guest |
You have to register before you can post on our site.
|
|
|
Welcome Guest!
|
Welcome to the Promo2day Community, where we feature software giveaways, computer discussion, along with a fun, safe atmosphere! If your reading this it means you are not yet registered.
You will need to Register before you can make posts, chat or enter the forum giveaways.
Be sure to also visit the Help/FAQ page.
|
1001 Jigsaw: Earth Chronicles 5 [PC Game] |
Posted by: ahmed - 02-10-2024 , 04:18 PM - Forum: Game Giveaway of the Day
- No Replies
|
|
1001 Jigsaw is the perfect gift for fans of classic jigsaws!
It's sure to go down a treat with anyone who has felt a pleasant morning wind or a warm evening breeze, tried grandma's homemade pie or exotic fruits in another country, played with a pet or seen a dolphin for the first time. Our Earth is vast and great. To learn more about it, you can choose a multitude of various methods or just play 1001 Jigsaw: Earth Chronicles 5
Seven themed jigsaw collections await you: wild animals, mysterious underwater lands, birds from all over the world, outstanding flora, beautiful views, gifts of nature, and the lives of the peoples of the world. All this awaits you in 1001 Jigsaw: Earth Chronicles 5.
Set a difficulty level to suit you in each jigsaw: number of pieces, spinning, and deformation. Save your progress at any time! Convenient controls with a multitude of hints and tools help make the gameplay more comfortable. Make the game more exciting by completing special quests to earn trophies!
1001 Jigsaw - your own encyclopedia of the most beautiful corners of the planet Earth! Do the puzzles and enjoy the views of our beautiful world.It's time to know your planet better, to see all it's beauty in full-color and solve all of the mysteries. Explore our incredible world with the 1001 Jigsaw Planet Earth 5.
- 1001 high quality unique images
- well designed game-play: useful hints, sort tool and magnifying glass.
- optional game difficulty control makes your gameplay infinite
- custom styles of pieces with rotation
- save game progress and continue to collect the puzzle at any time
- tasks and colorful trophies for those who love excitement
- pleasant and relaxing music
System Requirements:
Windows XP/ Vista/ 7/ 8/ 10; CPU: x86, 800 MHz; RAM: 2 GB; DirectX: 8.1 or later
Homepage:
https://store.steampowered.com/app/16649...onicles_5/
GP:
https://game.giveawayoftheday.com/1001-j...onicles-5/
|
|
|
TikTok, Meta, X, and others exploit push notifications on iOS to collect data |
Posted by: mrtrout - 02-09-2024 , 08:46 PM - Forum: Security News
- No Replies
|
|
https://adguard.com/en/blog/notification...-mysk.html TikTok, Meta, X, and others exploit push notifications on iOS to collect data about users
February 9, 2024 6 min read
Apple has long said that fingerprinting — tracking a user through the hardware and software features of their device — is not allowed. But apparently some popular apps have found a backdoor that they are exploiting in plain sight.
Privacy researcher Tommy Mysk has discovered that a number of popular iOS apps are using a push notification feature, first introduced in 2016, to send detailed data about the user’s device to their companies’ servers.
Mysk explained that he noticed this disturbing and seemingly persistent pattern when he examined several social media apps, including TikTok, Facebook, FB Messenger, Instagram, Threads, and X. All of these apps took advantage of the feature that allowed them to customize their push notifications even when not running.
This feature is not intrinsically malicious and serves an important purpose. For example, it can be useful for apps that need to decode the notification payload or download additional content to best present the notification to the user. When an app receives a push notification, iOS signals the app to wake up and run for a short time. During this time, the app can do whatever the developer wants, including tweaking the push notification’s appearance in some way. The latter would be the original purpose of the feature, but the problem is that the app may also be collecting data or sending information about the user during that time.
Mysk has observed that the apps he has studied have learned to take full advantage of this limited run time to collect data from the device and send that data to remote servers. The researcher calls the ability to run code in the background “a gold mine for data-hungry apps.”
So how does it all work, according to Mysk?
The app developer comes up with a code they want the app to run in the background
The developer sends a push notification to the user of the app. The push can be about anything, from a news update, a live sports score to a new friend request
The user’s device receives the push notification, but does not show it on the screen yet. iOS recognizes that the push notification is from the social app and wakes it up in the background. The app is now running, but the user can’t see it or interact with it
The app runs the code that the developer has prepared in the background. And while it may be innocuous, for example, be used to add more information, such as images, to the notification, it can also be used to harvest data from the user’s device and send that data to the developer’s servers
This scheme can provide developers with a unique combination of the software and hardware characteristics of the user’s device.
Many apps are using this feature as an opportunity to send detailed device information while running quietly in the background. This includes: system uptime, locale, keyboard language, available memory, battery status, device model, display brightness, to mention a few.
This data can subsequently be used to track the user across applications, Mysk points out.
What data is being collected?
In the video describing the examples of such trickery, Mysk shows the types of data that can be collected by social media companies through the push notification loophole. The collection is done either through the company’s own services or with the help of third-party tools, such as Google’s analytics tools — Google Analytics and Firebase.
TikTok
With TikTok, for example, the app sends the iPhone’s boot time to the remote servers every time it receives a push notification.
TikTok sends a lot of data to external servers
That means that TikTok knows exactly when the user last restarted their iPhone. If collected over a period of time, the boot time can tell how often the user reboots their iPhone, which can indicate how much they use it or how stable it is. It can be also used to identify the user’s device or track their activity.
When the Facebook app sends a push notification to the same device, Facebook receives the same data about the user’s iPhone last boot time.
Facebook
As the researcher notes, this may facilitate tracking the user across different apps. That is because the boot time can be used as a unique identifier for the user’s device. If the same device has multiple apps that collect and send the boot time to the same or different servers, these servers can compare the boot time data and link it to the same device. This way, they can track the user’s behavior and preferences across different apps, even if the user does not use the same account or login information for each app. All of this makes the exploitation of the push notification feature by social media companies a legitimate privacy threat.
Moreover, Mysk notes that some apps, for example Facebook and TikTok, also send data when clearing their notifications in Notification Center, which is an iOS feature that provides an overview of alerts from applications.
For example, when a user clears a Facebook notification, the app sends a request with detailed information, including the information about available memory, the last app event, such as liking a post, the time since last app event, the actor ID, that identifies the user’s account on Facebook, the preferred content size, the timestamp (i.e. the exact date and time) when the notification was cleared, the connection type, and so forth.
When a user clear a Facebook notification, the app sends detailed information about the user to the external servers
Twitter (X) handles the collection of the user’s information more or less the same way as Facebook and TikTok do.
X/Twitter
All three companies are using Firebase, a service offered by Google, Mysk notes, adding that “the frequency at which many apps send device information after being triggered by a notification is mind-blowing.”
New Apple rule for devs: what will they change?
Mysk pins a lot of hopes on the new rules for developers that Apple has put in place and that will come into effect this spring. As it unveiled the rules, Apple announced that developers would need to explain why their apps have to use certain APIs (Application Programming Interfaces), which are methods for different apps to communicate and share data.
The developers will have to explain why they need to access device information not only for their own code, but also for third-party SDKs (software development kits) that they add to their apps. Both apps and third-party SDKs will need to write one or more “approved reasons” for why they need to access device information through specific APIs in separate documents called “privacy manifest files.” These reasons should be “consistent with the app’s functionality.” We wrote a detailed review of Apple’s new requirement for developers in August — check it out here.
But the question is, will it stop companies from harvesting data from apps through the push notification backdoor? In theory, it should, but only if Apple seriously enforces these rules and monitors developers’ compliance. Which is by no means guaranteed.
We believe that the new rules will improve the situation, but by how much? It is a difficult question with many variables. Developers will have to take the new rules into account, so there’s a chance they’ll try to follow them in good faith. However, those who are hell-bent on continuing to collect this data will likely choose to take risks. And then it’ll be up to Apple and its reviewers to catch these apps in the act.
In any case, we hope Apple takes a proactive and transparent approach to privacy enforcement, or users’ data will continue to be at risk. https://safeweb.norton.com/report?url=ht...sk.html%20 Report
adguard.com
URL Analysed: https://adguard.com/en/blog/notification...n-mysk.htm...
Norton Rating
Safe
Norton Safe Web has analyzed adguard.com for safety and security problems.
|
|
|
BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico |
Posted by: vietnamrum - 02-09-2024 , 01:19 AM - Forum: Security News
- No Replies
|
|
BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM
News
By Aaron Klotz published 2 days ago
BitLocker's reliance on a TPM for security is its own downfall in this specific exploit.
Bitlocker is one of the most easily accessible encryption solutions available today, being a built-in feature of Windows 10 Pro and Windows 11 Pro that's designed to secure your data from prying eyes. However, YouTuber stacksmashing demonstrated a colossal security flaw with Bitlocker that allowed him to bypass Windows Bitlocker in less than a minute with a cheap sub-$10 Raspberry Pi Pico, thus gaining access to the encryption keys that can unlock protected data. After creating the device, the exploit only took 43 seconds to steal the master key.
Article:-
https://www.tomshardware.com/pc-componen...ry-pi-pico
|
|
|
KeepSolid Passwarden [Lifetime / Annual] |
Posted by: tarekma7 - 02-08-2024 , 04:42 PM - Forum: Official & Exclusive Promo2day Giveaways
- Replies (30)
|
|
KeepSolid Passwarden
Password managers make it easy and convenient to use dozens of unique random passwords without getting overwhelmed. They help protect your passwords and streamline their management.This helps combat the biggest cybersecurity threat from using the same password over and over again simply out of convenience.
Passwarden is an easy and safe password manager. Store your passwords and other important data protected by encryption. The program will easily transfer your external data, keep your data safe online, synced between devices and simplify your online routine. You can easily sign in to all your accounts in one click.
Single sign-on (SSO) : Only one password to remember
Secure storage for any sensitive info
Generator of complex & unique passwords
Unlimited devices per one account
Security Dashboard
Two-factor authentication
Secure data sharing
Cross-platform
Duress mode
Extra layers of security
Data backup on cloud servers
Company Website
www.keepsolid.com
Homepage:
https://www.keepsolid.com/passwarden/
Downloads:
https://www.keepsolid.com/passwarden/downloads
Pricing:
https://www.keepsolid.com/passwarden/pricing
Supported Platforms:
Protect your information with a Master password
The program requires a dedicated password - a Master password. This password reliably protects your in-app data and takes a fundamental role in encryption and synchronization processes. Make sure to create a strong Master password, as from now on, it is the only password you will have to remember.
Never forget and lose your passwords again
Tired of forgetting your logins, account credentials, and passwords? Worried about available account recovery options? The reliable Windows 10 password manager is at your disposal! Save your sensitive information to the Passwarden storage, always have all passwords and login credentials at your arm’s reach, and never be forced to restore your account!
Speed up login process with Windows password manager app
Thanks to the Autofill feature, you don't have to print complex combinations of random characters that are highly confusing to type and hard to remember. As a result, you can negate any typing errors when filling out sign-in forms with the Autofill option. To top it off, this feature protects you from keyloggers and phishing websites. Make your online routine easier and safer with our best Windows password manager app.
Make the password creation process a breeze
The full-featured Windows 10 password manager provides the ability to create random passwords directly in the application. Furthermore, you can customize password length and decide whether to use digits, upper case letters, and special symbols. Get started with Passwarden right now and generate strong passwords in a matter of seconds!
Features That Make Passwarden the Best Password Manager
Security
Safety and security above all else
Passwarden is here to remember everything for you and keep your data safe from any third parties
Security Dashboard
If you read the news about password leakage and feel anxious about it, check out this feature. It will let you know whether you need to change your password. Keep getting up-to-date information about the security of your credentials.
Duress mode
If you’re ever forced to open Passwarden under duress, enter a dedicated password to hide previously designated important data, passwords and private and sensitive information.
Password sharing
If you ever want to share your passwords with others, Passwarden is a safe and secure alternative to sending them via messengers or emails.
Data Bullet-proof encryption
When it comes to sensitive info like your passwords, security is a key. To this end, Passwarden employs client-side data encryption using AES-256 and ЕС р-384 protocols. These protocols render your personal information and passwords unreadable to any third parties, be it hackers or even KeepSolid employees.
These encryption protocols will ensure that your passwords and personal information stay out of harm's way at all times. More info about encryption HERE
Two-factor authentication
Add another layer of security to your passwords and information. A one-time passcode will be sent to your indicated email address to ensure that only you can access your account. For extra protection, we also utilize Authenticator App OTP codes.
Master password
A Master password is a specialized password that is required to log in to your Passwarden profile. All your sensitive data is securely locked behind this password. As well, this password plays a crucial role in data encryption and decryption processes. Even Passwarden employees can’t access your Master password or any data in your Passwarden storage.
Zero-Knowledge Architecture
Passwarden implements end-to-end encryption that guarantees complete invulnerability to all the data kept in Vaults. No one except the owner of the Master Password can get access to the encrypted information stored in Passwarden. Even if third parties succeed to intercept the traffic that goes from your device, they will receive only a bunch of encoded symbols.
VPN with a password manager
KeepSolid allows you to combine the benefits of password managers and VPNs for an ultimate security combo. Get our MonoDefense security bundle and protect all aspects of your cyberlife.
The safest password manager
Passwarden grants a variety of benefits to its users. No wonder, considering that it was developed by cybersecurity experts, with years of experience and millions of satisfied customers.
Convenience
1 account for all devices
Pay for a single subscription and use our password manager on any amount of supported devices and browsers. No need to pay extra for additional devices or worry you may run out of slots.
Data import
It’s super-easy to transfer data from external sources to Passwarden with the Migration feature. For instance, you can export passwords from Chrome and to our password manager
Multi-platform software
Passwarden is available on a multitude of devices. You can use this password manager on iOS, Android, macOS, Windows, Chrome, Edge, Opera, Firefox, and as a web app.
Offline mode
Need your credentials or password, but the internet went down? No problems! You can access Passwarden even without an active internet connection.
Free subscription
You can use our password manager for free with some minor feature limitations. Using a free plan, you are not able to share items and vaults, can’t create and manage Family, and are limited to one device only.
Cross-device synchronization
Open your data Vaults and access your passwords and stored information whenever and wherever you need. All the changes will be automatically synced between other devices
Universal KeepSolid ID
Use a single KeepSolid ID to access any and all KeepSolid products in one click. Get access to the KeepSolid User Office and manage all your subscriptions from there.
Random strong passwords
Streamline the process of creating strong passwords. With a single click of a button, Passwarden will generate a random strong password for you and save it for later use.
Other types of data
Besides just your passwords, Passwarden can store and protect all sorts of other data, including personal information, login credentials, payment info, licenses, etc.
Password autofill
Manually entering long, complex, and random passwords every time can be quite a hassle. Benefit from the Passwarden’s Autofill feature to avoid such nuisance and have our app do all the work for you
Family password management
Protect those that are the most important to you. With the Passwarden Family plan, you’ll be able to extend the benefits of our password manager to your whole family - most securely and conveniently.
All-around password manager
Passwarden weaves together a modern, intuitive interface and a universal approach to your protection. The password manager’s features streamline password creation, management, sharing, and protection.
Summary:
Download the best Windows password manager, easily import information from other sources, generate strong and unique passwords in a matter of seconds, and reliably secure all the data within Passwarden – password manager for PC!
Developer:
KeepSolid Inc. is a security expert with 9-year experience and services, used by 35+ million customers worldwide. This vast expertise helped us develop Passwarden password manager, the solution that meets the highest industry standards and safety regulations.
Important Links:
Features:
https://www.keepsolid.com/passwarden/features
Teams:
https://www.keepsolid.com/passwarden/pas...-for-teams
Family:
https://www.keepsolid.com/passwarden/family
Twitter:
https://twitter.com/keepsolidinc
YouTube:
https://www.youtube.com/c/KeepsolidInc
Telegram:
https://t.me/keepsolid
Pricing
https://www.keepsolid.com/passwarden/pricing
Downloads:
https://www.keepsolid.com/passwarden/downloads/windows
Help/Support/Manuals/Extra:
https://www.keepsolid.com/passwarden/help
About:
https://www.keepsolid.com/passwarden/hel..._use-cases
|
|
|
KeepSolid VPN Unlimited [Lifetime / Annual] |
Posted by: tarekma7 - 02-08-2024 , 02:06 PM - Forum: Official & Exclusive Promo2day Giveaways
- Replies (44)
|
|
VPN Unlimited
The VPN technology keeps hackers and identity thieves at bay and unblocks restricted web content in your country by connecting to worldwide servers. VPN Unlimited is a simple and powerful VPN solution that will let you secure your online activities, Wi-Fi connections and bypass ISP restrictions. VPN Unlimited is as a very capable VPN, with main focus yo unblock multiple streaming sites. P2P is supported, though only at five locations(opens in new tab): Canada, France, Luxembourg, Romania and the US (California).
Protocol support includes OpenVPN, IKEv2 and the speedy WireGuard. There's a further protocol bonus which redirects traffic through the TCP 443 and UDP 33434 ports. This will make it more difficult to detect and block.
Features and Benefits
Total Security
Whatever data you send (personal passwords or credit cards data), whatever WiFi you use, you are 100% secure. We encrypt your personal data protecting it from prying third-parties and hackers
Absolute Privacy
Stay anonymous and untracked on any website from any location. We protect your privacy changing your physical location (IP address). So websites, hackers, and advertisers can’t track you.
Part of cybersecurity bundle
VPN Unlimited is a part of the MonoDefense® security bundle. This bundle combines several credible apps that offer you all-around protection, an improved online experience, and sensitive data safety.
Unlimited devices
Pay for 1 get 4 for FREE! Or even more - with one subscription, you can use our VPN on unlimited devices. You can use any device (desktop, tablets, mobile phones) and any platform (macOS, iOS, Android, Windows, Linux.)
Uncompromising speed
Thanks to our technologies you can be sure you won’t slow down. KeepSolid Wise improves user experience and internet speed. Plus our super fast VPN servers all over the world ensure the best connections speed.
Additional services
For the most demanding users, we offer special extras, such as a Lifetime VPN subscription, Personal Server & Personal IP options, and even the ability to set a VPN on your WiFi Router.
You can use it in China. Its stealth protocols allow you to bypass China’s Great Firewall.
AES-256: Top-tier security features. The software comes with AES-256 encryption, WireGuard, and its own Stealth protocol. It encrypts our web traffic using the industry standard of AES-256
No-Log Policy
This feature stands for the absolute anonymity of users and not saving any of their private details and online-activity data. By choosing a VPN app with such a policy, you ensure that no one (including your no-log VPN provider) encroaches on your online privacy. The app do not log the following information that transfers the network during your VPN session: Browsing history, Connection times, Metadata, Downloads, Server usage, Data content, IP address
3000+ high-speed servers across 80+ locations all over the world
Choose a preferred location to get an optimal performance and access to geo-restricted content with KeepSolid VPN Unlimited
https://www.vpnunlimited.com/help/specia...-locations
Protect All Your Devices:
Whatever device you have, VPN Unlimited supports them all! It’s available for macOS, Windows, Linux, Android, iOS, Windows Phone, and also comes as a browser extension for Chrome, Opera, and Firefox.
To top it off, you can set it up on your router, NAS and streaming devices, and much more. Protect your entire online life with KeepSolid VPN Unlimited!
Homepage:
https://www.vpnunlimited.com
Downloads:
https://www.vpnunlimited.com/downloads/
Pricing:
Benefits from using VPN Unlimited to access video streaming content:
Access HBO Now, Max, and Go from anywhere in the world
Unblock the US Hulu with KeepSolid VPN Unlimited
Enjoy BBC iPlayer outside the UK
Watch ESPN+ sports streaming online anywhere
Unblock US CBS All Access with VPN Unlimited
Watch RaiPlay from any spot in the world
Unblock Disney Plus with KeepSolid VPN Unlimited
Stream Channel 4 from abroad with VPN Unlimited
Watch Amazon Prime Video outside the US
Access Sony Crackle with KeepSolid VPN Unlimited
VPN Protocol:
KeepSolid VPN Unlimited Extras: 4 Additional Offers for Advanced VPN Protection:
KeepSolid VPN Unlimited provides our users with complete online security. In case if the basic functionality of our software is not enough for you and you‘d like to enhance your online experience, we offer you extra 4 security features of VPN.
Personal VPN Server to Increase VPN Connection Speed
Skyrocket the level of your internet protection thanks to a powerful personal VPN server and its uncompromised performance, you get the strongest internet protection from any cyber threats
Unprecedented connection speed: Since there are no other users on your personal VPN server, you surf the web with the most blazing fast bandwidth and connection speed
Break-free from internet censorship: Choose the server location that satisfies your content appetite best and get the same online access as the residents of this country
Best VPN server for Gaming: Reduce the lags, enhance your gaming experience, and access your gaming accounts wherever you are
Lifetime VPN Subscription for Never-Ending Protection
Pay once, enjoy forever: no recurring payments at all.
Get unlimited protection and freedom: Along with unlimited duration of your VPN subscription, you get unlimited traffic and bandwidth.
Lifetime VPN for all your devices: You can use on up to 5 devices at once, or even extend this number if required.
Personal Static IP:
Clean personal IP address: used only by you, your browsing history and online activity is under your control
Boosted online security: Easily assign your personal IP address to your online banking, log in to your account with the dedicated IP, and enhance its online protection
Extended access to any wished content: you won’t be blocked on any websites because of the other users
Additional Devices to Protect All Your Devices:
Enjoy additional slots: If you are out of the basic 5 free slots, you can easily extend your limit and protect all your devices with KeepSolid VPN Unlimited
Select the desired amount of additional devices
Choose the most perfect duration of your plan: there are monthly, yearly, and lifetime types of subscription, so you could select the one that fits your needs best
Unlimited VPN Protection for Teams:
Advanced VPN Unlimited technology: you and your team will get personal VPN servers and clean IP addresses for unmatched security
Easy team management thanks to the easy-to-use interface to manage your teams and control the number of devices you use
I would like to thank KeepSolid Team for this EXCLUSIVE RARE Giveaway
We have XXX annual license codes valid for XXX
Giveaway duration: 4 weeks
Rules:
You must be registered in Promo2day, Giveaway is open for all users
Reply here about your current VPN Solution and why you want to use Unlimited VPN
Share on social media or other websites
PM me within 3 days of winners announcement
Good Luck for All!
|
|
|
SUB NINJA-high-performance spectrum analyzer Plugin [for free] |
Posted by: ahmed - 02-06-2024 , 01:59 PM - Forum: External Giveaways/Freebies
- No Replies
|
|
Great plugin with which you can analyze in detail the lowest frequencies of the spectrum. Mainly used to mix Kicks and Bass (Sub). It allows you to visualize the waveform of sounds so you can make the necessary adjustment to make your mixes sound professional.
Sub Ninja is the perfect visual tool to help you nail the mix of your sub/bass and kicks. It helps you by showing you exactly what's going on in your low-end, making it easy to get a great mix.
Visit:
https://dsp.thehim.com/#buy
Code:
|
|
|
Ballad of Solar [PC Game] |
Posted by: ahmed - 02-04-2024 , 09:06 AM - Forum: Game Giveaway of the Day
- No Replies
|
|
Guide Solar and his band as they set out to stop the dark sorcerer Grogan!
In a land of enchantment, torn by evil, a hero arrives to save the day! His name is Solar, and he brings courage, bravery, and skill with a sword. No orc can stop him, no troll can trip him up, and no goblin can gobble him for dinner! Guide Solar and his band of helpers as they set out to stop the dark sorcerer Grogan from achieving eternal life and to rescue the fair Lumina. As you go, you'll put your time and resource management skills to work rebuilding towns, completing quests for friends you make along the way, and stopping the enemy from striking. Told with a laugh and a wink, Ballad of Solar is a colorful, challenging and utterly unforgettable adventure for all ages!
System Requirements:
Windows: XP/ Vista/ 7/ 8/ 10; Processor: 1.7 GHz; Memory: 512 MB RAM; Graphics: 128 MB; DirectX: Version 9.0c; Storage: 270 MB available space
Homepage:
https://store.steampowered.com/app/30249..._of_Solar/
GP:
https://game.giveawayoftheday.com/ballad-of-solar-2/
|
|
|
Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution |
Posted by: mrtrout - 02-04-2024 , 06:49 AM - Forum: Security News
- No Replies
|
|
https://www.securityweek.com/vulnerabili...execution/ Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution
Two memory safety vulnerabilities in WatchGuard and Panda Security products could lead to code execution with System privileges.
By
Ionut Arghire
January 29, 2024
Vulnerabilities in WatchGuard and Panda Security products could allow attackers to cause denial of service (DoS) conditions or execute arbitrary code with System privileges.
The bugs were identified in the Panda Kernel Memory Access driver (pskmad_64.sys) that is installed alongside WatchGuard EPDR, Panda AD360, and Panda Dome for Windows.
The first of the issues, tracked as CVE-2023-6330, is described as a memory pool overflow defect that could allow an attacker to overflow the allocated kernel memory pool.
According to cybersecurity firm Sophos, which identified the vulnerabilities, the driver fails to properly validate the contents of registry values related to OS version, allowing an attacker to place maliciously crafted content in these registries and overflow the memory.
“The minimum impact is a denial of service. With additional research, an attacker might be able to achieve RCE by chaining CVE-2023-6330 with other vulnerabilities,” Sophos explains.
The second security defect, CVE-2023-6331, is an out-of-bounds write issue also leading to a kernel memory overflow.
According to Sophos, an attacker could exploit the vulnerability by sending a maliciously crafted packet via an IRP request that has a specific IOCTL code, potentially overflowing a non-paged memory area.
“The vulnerability exists due to missing bounds check when moving data via memmove to a non-paged memory pool,” Sophos notes.
While both CVE-2023-6330 and CVE-2023-6331 could lead to code execution, their impact is mitigated by the fact that an attacker needs to be authenticated with administrative privileges to successfully exploit them.
Both security holes were addressed with the release of WatchGuard EPDR and Panda AD360 version 8.00.22.0023, and Panda Dome version 22.02.01.
The updates also resolve an arbitrary kernel memory read flaw in the pskmad_64.sys driver, which could allow an attacker to read arbitrary kernel memory.
Additional information on the patched vulnerabilities can be found on WatchGuard’s security advisories page. Malwarebytes Logo
ellipsis-vertical-icon
globe icon Current Website
globe icon Statistics
Full protection
Protection for this website:
Ads/Trackers
Malware
Scams
www.securityweek.com
1
Total
Ad networks, trackers, malware, scams blocked on this page
1
static.cloudflareinsights.com
block-icon
https://www.securityweek.com/vulnerabili...execution/
Norton Rating:
Safe
This website is considered safe. Web Protection by
Bitdefender
This page is safe
We did not find any suspicious elements on this page. Website status:
Safe
https://www.securityweek.com/vulnerabili...execution/
We combed through this website and everything looks good to us. You're safe!
info-icon Information Security
McAfee Site Advisor
|
|
|
Ashampoo Backup Lite |
Posted by: tarekma7 - 02-01-2024 , 09:26 PM - Forum: External Giveaways/Freebies
- Replies (1)
|
|
Ashampoo Backup Lite safeguards important files and protects against data loss. The application uses real-time file monitoring built into Windows for fast response times. Any file modification is instantly detected by Ashampoo Backup Lite and associated backup plans are triggered. The integrated user-friendly wizard makes setting up backup plans with dedicated source and target folders a breeze. Users are always in full control of all plan-related settings, including custom file type filters. Backup archives use Zip technology which offers both space efficiency and superior file accessibility. Whether important work document or personal photo, Ashampoo Backup Lite works in the background and automatically creates file backups on the selected target drive so your files can never get lost.
Overview:
Version: 1.0.18
Release date: 2024/01/31
Update release date: 2024/01/31
Category: Security Software
Pricing:
Price: EUR 25, USD 27.50,
Languages:
Chinese (traditional), Czech, Dutch, English, French, German, Greek, Italian, Norwegian, Polish, Portuguese, Portuguese (Brazilian), Rumanian, Russian, Slovakian, Spanish, Turkish
Size: 0,00 MB
Program links:
Download link (.exe)
https://www.ashampoo.com/ashampoo_backup_lite_sm.exe (0,00 MB)
Product Website:
https://www.ashampoo.com/en-us/backup-lite
Automated real-time backups
Detect and response to file changes in real time with Windows file monitoring
Safeguard your precious files and protect yourself against data loss. Ashampoo Backup Lite relies on Windows' own real-time file monitoring to detect and respond to file changes instantly. This ensures your backups are constantly updated in the specified target folder and your files can never get lost.
Fuss-free plan setup with built-in wizard
Select backup source and target folders with incredible ease
Setting up backup plans with Ashampoo Backup Lite is as easy as can be. The user-friendly wizard safely guides you through the very few steps and creates a unique backup plan with your selected source and target location. Select between individual file categories or create your own to back up documents, images, music, or any other file type. The flexible settings will help you create plans fully tailored to your needs!
Back up and recover files according to plan
Efficient data backups as compressed Zip archives
Ashampoo Backup Lite stores files as compressed Zip archives. This not only ensures space-efficiency but also makes your files easily accessible, either through the program itself or any other Zip-capable application. It's fast, it's easy, it's reliable–it's Ashampoo Backup Lite!
Reliable fully-automated data protection
Intuitive user-friendly interface
Ashampoo Backup Lite is the ideal solution to protect your folders against data loss. Whether bachelor thesis, business letter, vacation shots or any other type of data, Ashampoo Backup Lite backs up your files fully automatically exactly where you want them to be!
The great shareware with limitless possibilities
Need to backup entire hard disks, create disk images, or back up data to the cloud? Then check out Ashampoo Backup Pro!
|
|
|
|