Zoom software


Zoom videoconferencing is hugely popular as a result of the global lockdown, as remote workers are using it to connect with business and social engagements; but it's recommended to make sure you're running the latest version of the Zoom software on your PC.

While the most-anticipated Zoom end-to-end encryption feature, though only available to paid users, is a welcome development to solve the critical privacy and security issues that have saddled the videoconferencing software. Besides, there is a latest warning about newly discovered vulnerabilities in Zoom chat.

According to researchers at Cisco Talos, two critical vulnerabilities have been discovered in the Zoom software that could allow hackers access into the systems of an individual recipient or group chat participants remotely.

Two Critical Flaws in Zoom videoconferencing software



The two flaws in Zoom are both path traversal vulnerabilities that can be exploited to run arbitrary codes on the systems running a vulnerable version of the video conferencing software.

The first vulnerability, marked as (CVE-2020-6109) resided in how the videoconferencing software leverages GIPHY service, which service was recently bought by Facebook, to allow its users search and use animated GIFs while chatting. While the second vulnerability (CVE-2020-6110) resided in how Zoom application process code snippets shared via chat.

The security researchers were able to successfully exploit both of the flaws, as they require very little or no interaction from targeted chat participants and can be executed by simply sending specially crafted messages via the chat feature to any individual or a group.

Zoom application failed to check whether a shared GIF is loading from Giphy service or not, which is the bane that could allow an attacker to embed GIFs from a third-party controlled server, which by design is cached/stored on the recipients' system in a specific folder associated with the Zoom application.

How to Mitigate against the Flaws



The researchers from Cisco Talos tested both flaws on the Zoom client application version 4.6.10 and had responsibly reported it to the company. And Zoom has released version 4.6.12 of its video conferencing software for Windows, macOS, or Linux with the patch for the both critical vulnerabilities.

It is therefore recommended that all users should upgrade to the latest version of the Zoom client application version 4.6.10 released last month.

Critical Flaws in Zoom that Could allow Hackers access to Systems via Chat

Android Studio 4.0


The official IDE for Android development, Android Studio 4.0 latest upgrade was released on May 28, with a set of exciting features like Motion Editor and Build Analyzer.

While the new Motion Editor is a simple visual design editor for the MotionLayout type, which makes it easier to use the MotionLayout API to manage motion and widget animation in applications. It also offered support for editing constraint sets, view attributes, transitions and keyframes.

And MotionLayout builds upon the capabilities of ConstraintLayout for the designing of large and complex Android views, with XML files generated to make the task easier for developers.

What's New in Android Studio 4.0?



Besides the new features of Motion Editor and Build Analyzer, Android Studio 4.0 other capabilities include:

  • Kotlin Android Live Templates: Live templates offers a convenient IntelliJ feature that allow developers to insert common constructs into their code by typing simple keywords. Android Studio 4.0 includes Android-specific live templates for Kotlin code.
  • Upgraded Layout Inspector: It makes debugging a UI intuitive by providing access to data sync with running app and offering insights on resource usage. Also a Layout Validation capability compares UI across multiple screen dimensions.
  • Kotlin DSL build script files (*kts) support: Kotlin build scripts that offer a suite of quick fixes from the Project Structure dialog.
  • CPU Profiler: In Android Studio 4.0, it provides CPU recordings separate from the profiler timeline, and organized in groups for easier analysis.
  • Primary language analysis engine: clangd is the primary language analysis engine for code navigation, inspection, completion and displaying code errors and warnings, with the clang-tidy linter tool now bundled with Android Studio.


Additionally, Smart Editor for R8 Rules was introduced in Android Gradle plug-in 3.4.0 to combine desugaring, obfuscating, shrinking, optimizing, and dexing in one step, resulting in build performance improvements. Build Analyzer is supported in the Android Gradle 4.0.0 plug-in via Java 8 language APIs and creating feature-on-feature dependencies between Dynamic Feature modules.

How to Get Started with Android Studio 4.0



You can get Android Studio 4.0 by downloading it from the Android Studio developers website. With the latest versions of the Android Gradle plugin and Google Maven dependencies to build your project offline available here.

But if you do not need Android Studio, you can also download the basic Android command line tools and use the included sdkmanager to download other SDK packages.

What's New in Android Studio 4.0? Animation & Builds get Special attention

Video Chapters


YouTube's recently launched "Video Chapters" uses timestamps that creators can apply to their videos to allow viewers to easily jump back or forward to a specific section of the video.

The feature works only when the creator input the timestamps, as such, you may not find it yet on all the videos for now. YouTube has a built in haptic feedback that let users feel a slight “thump” to notify them that they’re moving into a new chapter on mobile.

And for other platforms where haptic feedback is not available, there is a “snapping” behavior that indicates the start of the new chapter.

How to Make Videos Skippable with Video Chapters on YouTube



The videos will require at least three timestamps that are about 10 seconds or more long in order to use the video chapters feature.

While Video Chapters will automatically be enabled as a line of timestamps and titles when video creators add chapter information to their video’s description, with the first timestamp marked as 0:00, and separated by a space from the chapter’s title.

The next line will have the timestamp where the next chapter starts (for instance, let's say 1:45), then a space and the chapter’s title.

How to Skip through Relevant Sections in a Video



YouTube users on mobile devices can slide their finger up or down while scrubbing to reveal the scrubber bar and see where they’re putting on the playhead.

After the feature gained a lot of positive feedback during testing, YouTube increased the number of supported chapters across devices on realizing that it was helpful to users to allow devices to determine how many chapters can be shown, based on available screen size.

So, if you are using a tablet, you're sure going to get more supported chapters than someone on a mobile phone, which means in a video with lots of chapters, you'll see more on desktop than on mobile devices, and also when you’re full screen on your device than when viewing the video in a portrait player.

YouTube Video Chapters: How to Skip through Relevant Sections in a Video



In every home, there are always issues arising that need to be fixed through simple ideas. The solutions to these problems are known as tech hacks. Most of them are easy to follow and implement.

Below are some of the best hacks you should try at home. You can also check for more on this website.

6 Most Amazing Tech Hacks You Need to Know



  1. The use of Alexa to locate a misplaced phone: There are moments when you are in the house, all alone, and you can’t figure out where you put your phone. If you had someone else in the house with a phone, it could have been easier because you could call and get the phone immediately. However, when you are alone, the best way is to use Amazon Echo by saying, “Alexa, get my phone” immediately, you will hear the sound and locate your phone with ease.
  2. Using household items to create a DIY speaker: At home, there are those materials that are no longer in use. Out of the items, you can customize a home-made speaker. You only need a cardboard tube, a paper used for wrapping, a 2-liter bottle, or a Pringle’s sleeve. The basis of the sound produced will depend on the material used. When cutting the material, remember the hole should match with that of your phone type.
  3. Improvise the old tablet into something else: Every year comes with new trends, such as tablets. They are updated more often, depending on the trending technology. When you have one that is no longer in use, transform it into a beautiful digital picture frame. You can use the frame to put on the dressing table, which can as well make the room look prettier.
  4. Modify the speaker of your phone: Ever wondered why many people prefer to use earphones when listening to music? Well, it is to enjoy the music. However, this is impossible, especially when you have a to-do-list that you need to accomplish. In such cases, you want to work and enjoy your music from the phone. The best hack is to have a clean bowl or cup and put in your phone with the speaker facing downwards. You will enjoy the music as you work.
  5. How to improve the signal of the Wi-Fi: There is nothing worse like a poor or weak internet connection, especially if you are working from home. Well, in such a case, that CD that is not in use can be of great significance. However, the process is a bit technical but worth trying out. The materials required include coaxial cable, a glue gun, a plastic CD case, and a pair of wire strippers. You use the cloth hanger as the antenna, then glue the CD to the plastic container and put the antenna on one side of the coaxial cable then pull a string through the case of the CD.
  6. Testing the batteries of the remote: The process of testing the batteries involves removing them then check with a tester, which is a long process. Do you have an iPhone? Well, you no longer have to remove the batteries to test their power. You only turn on the camera and point at the lens of the remote. When you look at the screen of the phone, you easily see the lights, which will indicate when the batteries are okay.


Conclusion



Many activities are revolving around our daily lives. How you approach the issues is what matters.

You can always find solutions for common technical issues at home without necessarily having to hire a technician and spending extra cash.

6 Most Amazing Tech Hacks You Need to Know Today



MX Linux is a popular Linux distro based on Debian and running on core antiX components, developed by the antiX and former MEPIS communities.

While the latest version, MX Linux 19.2 which brings bug fixes and application updates, comes as second update to the MX Linux 19 ‘Patito Feo’ series. As a collaborative Debian-based Linux distro, MX Linux features antiX software packages which now have been removed from default Apt sources.

And the standard 32-bit and 64-bit editions of MX Linux 19.2 update its Debian kernel to version 4.19, it means that the kernel will now also auto-update by default along with Debian package sources.

What’s New in MX Linux 19.2?



MX Linux 19.2 refreshes its new 64-bit ISO edition, AHS (Advanced Hardware Support) which made debut with the previous MX-19.1 release. It features the latest Mesa 20, Debian kernel 5.6, and updated firmware package.

Also, the latest MX Linux pulls updates from its upstream Debian Buster 10.4 and thus, upgrades its core MX repository and software packages include:

  • VLC 3.0.10
  • GIMP 2.10.12
  • Xfce 4.14
  • Thunderbird 68.6.1
  • LibreOffice 6.1.5
  • Firefox 76
  • Clementine 1.3.1


Additionally, MX-apps and MX-Fluxbox have received tons of new features, such as new vertical launcher bar, localized default menus, MX tool, updated artwork, and docs, among others.

How to Upgrade to MX Linux 19.2?



For those already using MX Linux 19 ‘Patito Feo’ series, you can update your system to MX-19.2 by manually upgrading your packages. 

And for a fresh installation from scratch, the ISO image of MX Linux 19.2 can be downloaded from the official website. While there are three different available ISOs, namely: MX-19.2_386 (32-bit), MX-19.2_x64 (64-bit), and MX-19.2 x64 ahs (advanced hardware stack for latest hardware support).

You can create an MX Linux bootable USB and then install it, once you download the required image. If you encounter any difficulty, you can reach out for the user manual section 2.5 for the complete installation guide.

MX Linux 19.2: The Debian & antiX OS Spinoff Release with New Enhancements



Do you want to unlock Windows 7 password faster? Here are the two most reliable methods that will easily help you reset Windows 7 password without cd disk.

Are you unable to remember your Windows 7 password and don’t know how to unlock Windows 7 Password? Unlocking your password is more than a headache, and the situation can be worse when you have important data stored on your computer. So what should you do in such a case? Is reinstalling Windows the right choice?

Well, it certainly isn't. If you have forgotten your Windows 7 password and don't want to install Windows again, we have the right solution for you. With the help of these two methods, you can change password Windows 7 without knowing password.

Let’s discuss these methods one after the other.

Method 1: Unlocking Windows 7 Password with Windows Password Reset Software



There are many ways to unlock Windows 7 password, but if you are looking for an efficient solution, then Passcope Windows Password Reset is the perfect application to use. This software helps to reset the password of all Windows versions, including Windows 7 professional, Win 8, Win 8.1, etc.

The Key Features of Passcope

  • Easily create a password reset disc
  • Ability to reset the password of local accounts, administration accounts, and domain accounts
  • Easily delete the user account, and for that, you don't have to log in to Windows
  • Ability to reset the password of all devices, including Dell, HP, IBM, etc.
  • Support for IDE hard disk, RAID, etc.
  • Simple UI that can be managed easily


Do you want to change forgot password Windows 7 no reset disk? Below are the detailed steps that you can follow.

NB: In order to successfully follow the steps, make sure you have an accessible computer. As these steps can't be followed on a locked computer.

Step 1: Install The Application

The first step is to download the utility software from the official website. As it's compatible with all the new and old Windows versions, then you don't have to worry about system requirements and it's a freeware, meaning the application is free!

Step 2: Create Windows Password Reset Disk (USB Device or CD/DVD)

There are two ways to create Windows Password Reset Disk. The first is using a USB device, and the other is using a CD/DVD. You can choose the type according to your requirements to change password on Windows 7 without knowing the password.

Image 1


If you have selected CD/DVD option, then you have to choose a writable CD or DVD for that. After that, insert the selected CD or DVD and choose the "Begin Burning" option.

In case you have selected the option USB device, then insert the USB Device in your computer, click "Begin Burning" to start the process. But make sure to format your USB device before you insert it into the computer.

Image 2


Now, the next steps can be carried out even on a locked computer.

Step 3: Boot the Locked Computer

To start the boot process, you have to insert the USB device and then restart your computer. Now move towards the Boot Menu option by pressing Boot Menu Key(F12 or ESC). After that, choose the USB Device so you can boot the locked computer.

Step 4: Follow Methods on the Dashboard

When you see Windows Password Reset the main page, follow the instructions given on the panel. The panel will ask you to select the Windows type and the user so you can reset password.

Image 3


Step 5: Reset and Reboot

Finally, you can choose the “Reset” option to reset the password and then choose the “Reboot” option. After reboot, you will see a prompt message, choose "Yes" and now you can log in with your new password.

Method 2: Unlock Windows 7 Password if Forgot with Install Disk



Do you want to reset Windows 7 password with install disk? Here is the procedure that you can follow. This process is simple and works 100% successfully without losing your data.

Step 1. Insert the valid Windows Installation disk to boot the system. Now select the language in which you want to install Windows and also set the date and currency format. After that, click the "Next" option.

Image 4


Step 2. After next, select the option “Repair Your Computer” and move to the next step.

Image5


Step 3. You will see some Recovery Options, so select the “Command Prompt” option.

Now, type the below command and press enter. This command will make sure to copy the following sethc.exe file.
copy c:\windows\system32\sethc.exe c:\


After typing the above command, type another command mentioned below.

copy/y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe


Step 4. Once you are done with the command, it’s time to press Shift keys five-time to open Command Prompt again. Now, type lusrmgr.msc, and it will display a graphical interface to you.

Step 5. You will see different folders; hence select the "Users" folder. In the "User" folder, you can see all the information of Users created. Now choose the user so you can unlock the password.

Step 6. Right-click on the selected users and choose the "Set Password" option. And type the password in both new and confirm password fields. After that, press "OK" to continue the process.

Congratulations! You have successfully reset Windows 7 password with installation disk. Now, you have unlocked Windows 7 password, which means you can use the PC.

Conclusion



If you feel that you need to reset Windows 7 without disk, you can use the first method, which is resetting passwords with the help of Windows Password Reset. It’s a simpler method and helps to change Windows 7 password effortlessly.

But, if you want to unlock Windows 7 with the help of Windows installation process, then you can choose the second method.

How to Unlock Windows 7 PC with Password forgotten without Factory Reset

Octopus Scanner

Octopus Scanner is the name given to the malware spreading through the Apache NetBeans IDE (integrated development environment), which environment is composed of editors and templates that help GitHub users to create apps in Java, PHP and several other languages.

According to GitHub’s security team, they received a message on March 9 from a security researcher about a set of GitHub-hosted repositories that were actively serving malware. And after a thorough analysis of the malware, they uncovered something that have not been seen before on its platform; a malware designed to enumerate and backdoor NetBeans projects.

The malware dubbed Octopus Scanner uses the build process and its resulting artifacts to spread itself, with about 26 open source projects already backdoored by this malware and were actively serving backdoored code.

Octopus Scanner Malware mode of operation



Octopus Scanner malware disguises itself as an ocs.txt file, but actually, it is a Java Archive (JAR) file. And it is fully capable of identifying NetBeans project files and embedding malicious payload in the project files and build JAR files. The description of the Octopus Scanner operation is as follows:

  • Enumeration of Projects in the NetBeans directory
  • Identification of GitHub user's NetBeans directory
  • Modification of the nbproject/build-impl.xml file to make the malicious payload executable every time NetBeans project is build
  • Affects the newly built JAR file, once the malicious payload is an instance of the Octopus Scanner itself
  • Copy the malicious payload cache.dat to nbproject/cache.dat


Albeit, the malware C2 servers don't seem to be active at the time of the analysis, but the affected repositories still posed a risk to GitHub users which could potentially clone and build the projects. The diagram below shows the different parts of the malware:

Octopus Scanner Malware


Though the researchers could only access just a sample of Octopus Scanner malware (the build infecter), on reviewing the infected repositories, they discovered four different versions of the infected NetBeans projects and all but one, a downstream system, would be infected by either building from an already infected repository or using any of the artifacts that resulted from an infected build.

What's GitHub’s Security Incident Response Team (SIRT) Response?



Octopus Scanner is a multi-platform malware, meaning that it can run on Windows, macOS, and Linux and effectively able to download a remote access trojan (RAT). While the goal of the attack is to deliver the RAT on the machine of the developers working on projects to steal their personal and sensitive information.

But unlike other abuse cases on the GitHub platform, the owners of repository were most likely unaware of the malicious activity.

Therefore, blocking or banning the repository owners was not an option for the GitHub’s Security Incident Response Team (SIRT). GitHub Security Lab is conducting further investigation into the malware to figure out how to properly remove it from the infected repositories, without shutting down the accounts.

Octopus Scanner: New Malware spreading via the Open-source NetBeans projects

.NET Core


Microsoft has launched an experimental developer tool, Project Tye, which is intended to make the building, testing, and deployment of microservices and distributed applications easier.

Project Tye is a .NET Foundation project designed to help developers to run multi-application components simultaneously and easily deploy distributed apps to platforms like Kubernetes. It will among other things ease the common pain developers encounter when building applications that interface with a database or microservices.

The project has been scheduled to last for at least November 2020, which time the .NET 5 will make debut, and will be re-evaluated, if it worths taking to the next level.

What's the Projects main Goal?



If you're a developer having an app that talks to a database, or that is made up of different processes that communicate with each other, then Tye will be helpful in easing some of the tasks. Meanwhile, the main goals of Project Tye include:

  • Automate Deployment of .NET Applications to Kubernetes: by automatically containerizing .NET applications, generating Kubernetes manifests with minimal knowledge or configuration using a single configuration file.
  • Make Development of Microservices easier: by running many services with one command, using dependencies in containers and discovering addresses of services using simple conventions.


The demo of Project Tye is available in a few Build sessions which you can watch via these links: Journey to one .NET and Cloud Native Apps with .NET and AKS.

Getting Started with Project Tye



Microsoft is working to make Tye deployable to a variety of runtime environments. If you'd like a spin with Project Tye, kindly note that it requires .NET Core 3.1 to be installed as a global tool using the following command:

dotnet tool install -g Microsoft.Tye --version "0.2.0-alpha.20258.3"


It has also posted further instructions for running single and multiple services using Project Tye along with tips on deployment to Kubernetes.

The development features have been oriented towards local development, therefore developers are advised to avoid running Project Tye in a container.

Microsoft's Project Tye to Automate the Deployment of .NET Applications to Kubernetes

coreos exit


Fedora CoreOS is the combination of the underlying technology of CoreOS Container Linux and Fedora Atomic Host; which after Red Hat's acquisition of CoreOS, was initially released as a preview version.

Red Hat subsequently made Fedora CoreOS available for general use, while announcing the scheduled end-of-life support for CoreOS and Fedora Atomic Host, with Fedora CoreOS as the official replacement and successor to both of them.

As scheduled, CoreOS received its last updates on May 26 and will no longer get patches for any bugs or vulnerabilities going forward, and after September 1, Red Hat will take down all CoreOS image listings from marketplaces such as Amazon AWS, Azure, and Google Compute Engine.

Therefore, it is recommended that all Fedora Atomic Host and CoreOS users should switch to Fedora CoreOS, which will be automatically-updated, and serves as a multi-platform operating system for running containerized workloads at scale.

How to Migrate from CoreOS to Fedora CoreOS



Fedora CoreOS is the official successor of CoreOS Container Linux, which reached its end of life on May 26, 2020. It is recommended that users should follow the steps below to migrate from CoreOS to Fedora CoreOS.

If you are switching from CoreOS Container Linux, you must first convert your old Ignition configs, Container Linux Configs, or cloud-config files to a Fedora CoreOS Config (FCC) and adapt the contents for FCOS. And as many of the configuration details have changed, you must also reference this through the CL migration issue on GitHub.

The following installation changes will be made as follows: the coreos-install script will be replaced with coreos-installer, which offers similar functionality. The coreos.autologin kernel command-line parameter is not currently supported in FCOS, so to access recovery purposes, follow the instructions available here.

And certain CL platforms, like Vagrant, are not currently supported in FCOS. You should refer to the download instructions to see the available image types.

However, if you’re trying Fedora CoreOS for the first time, you'll need to download the ISO image for a fresh installation. It is multi-platform compliant, which means, you can deploy it on a variety of platforms such as VMware, Cloud image, OpenStack, and bare-metal hardware.

Fedora CoreOS: The Official Replacement for CoreOS Container Linux

Strandhogg 2.0


The researchers at Promon, a Norwegian cybersecurity company has unveiled details of a new critical vulnerability (CVE-2020-0096) affecting almost all the Android operating system versions that could allow attackers to carry out a more sophisticated Strandhogg attack.

While Strandhogg attack was a security vulnerability that affects Android devices which malicious apps can exploit by masquerading as legitimate apps installed on a target device to display fake interfaces and tricking users into giving out their sensitive account information.

Now, the current strain of the vulnerability is dubbed 'Strandhogg 2.0' and affects all Android devices, except those running Android 10, which unfortunately, is only running on about 15 - 20% of the total Android-powered devices, leaving billions of smartphones vulnerable to the attack.

How the Malware has evolved from StrandHogg 1.0 to 2.0?



The malware, StrandHogg 1.0 resided in the multitasking feature on Android, whereas the new strain, Strandhogg 2.0 is an elevation of privilege vulnerability that allows attackers to gain access to almost all Android apps.

strandhogg malware attack


If a device is infiltrated, once a user taps the icon of a legitimate app, the malware exploits the Strandhogg vulnerabilities to intercept and hijack this activity to display a fake interface to the user instead of launching the actual application. But, unlike StrandHogg 1.0 which only attacks one app at a time, the latest vulnerability could allow attackers "dynamically attack nearly all apps on a given device simultaneously at the touch of a button," without requiring a pre-configuration for the targeted apps.

With StrandHogg 2.0, attackers can gain access to private SMS messages and photos, or even steal victims' login credentials, including online banking accounts; make and/or record phone conversations, and spy through the phone's camera and microphone.

How to Mitigate the Risks of the Malware



StrandHogg flaws are potentially dangerous, and besides stealing users login credentials through a convincingly fake UI screen, the malware can also escalate its capabilities by tricking users into granting it sensitive permissions while posing as a legitimate app.

And StrandHogg 2.0 will also be harder for any anti-virus or security scanners to detect, as such, it poses a significant danger to Android users. Albeit, the researchers had responsibly reported the new vulnerability to Google since December last year.

Google subsequently pushed out a patch for it in April 2020, but with the delays in compliance on the part of smartphone manufacturing companies, who have only started rolling out the software updates to their respective users for this month.

Therefore, if you wish to safegurad your device, prior to getting the security patch, keep an eye on permission popups that don't contain an app name, or permissions asked from an app that shouldn't need the permissions.

Strandhogg 2.0: New Android Flaw affecting all devices; exception of Android 10