Opera GX is a game-centric web browser developed by Opera Software AS, which was first announced on June 11, and now released as the world’s first gaming browser.

The browser is distinguishable by its gaming-inspired theme and the integration of Razer Chroma, which is perhaps the world’s largest lighting system for gaming devices, allowing you to enjoy a more thrilling and immersive experience browsing with the lighting effects on your supported device.

And there’s the presence of CPU and RAM limiter capabilities, aimed at speeding up your PC gaming experience altogether. Albeit, this may not be the first browser to integrate Razer Chroma, as Vivaldi already have it in version 2.5 which brings first-of-its kind integration to Razer Chroma for gaming devices.

Opera GX is currently supported only on Windows PCs, and expressly for use within games, just as Steam’s inbuilt browser works. Though, it isn't supported for game consoles like the Microsoft Xbox One or PlayStation game devices.

How to use Opera GX for gaming



With such features like Razer Chroma integration, and game collections from Twitch, you can use Opera GX, which functions like any standard Chromium browser, but with gamers at heart, and works just as Chrome browser would open a website.

Simply head over the official Opera Gx site to download the gaming browser, and once downloaded to your Windows PC, then launch the browser.



You'd most definitely love the looks and UI experience of the browser, and you'll find most social messengers that are available on the sidebar, which includes Facebook Vkontakte, Messenger, Telegram, and WhatsApp fully integrated, and you are able to chat right from the browser’s interface.

Additionally, Opera GX features a built-in free VPN, just like the main Opera browser and adblocker, with a “video pop out” feature to allow you playback videos in smaller overlay outside of the web browser.

What more features are available on the Gaming Browser?



There is the “GX Corner” panel that sits at the left corner of the tab bar, with news about new upcoming games and deals aggregation links for games on sale. It also includes a “Daily News” section, which by default, offers you a dedicated stream of latest gaming news.

Also, the sidebar features a Twitch panel, whereby you can easily browse through the channels you follow, and to see who's presently online streaming, or even get notified when a channel you’re following starts a live streaming.

Opera will be bringing a “Video over game” feature so that you can also watch a video walkthrough or other video on top of a game section, even while you’re still playing it, though this feature isn’t yet available for now.

How to use Opera GX to Enhance your Online Gaming experience



The iPhone lockscreen bypass bug that was reported by a security researcher, Jose Rodriguez has gone unpatched as Apple is prepping to release the newest version of its mobile OS next week.

While the exploit allow just anyone to bypass the iPhone lockscreen to gain access to contact information, and perhaps other piece of information saved on the device. The bug was first spotted in 2018 on iOS 12.1, and now the latest iOS 13 still suffers the same bug using similar technique, which revolves around the activation of FaceTime call and accessing the Siri voiceover feature to enable access to contact list.

The bypass technique also works on iOS 13 GM which runs on iPhone X, albeit access to photos is denied on the device, but ordinarily, the procedure requires physical access to the iPhone, and the enabling of voiceover by initiating a FaceTime call.

And perhaps, this latest bug is inline with a long list of lockscreen bypass bugs on iOS, which started from iOS 6.1 & 7 far back in 2013, that allowed just anyone access to iPhone contact information and even saved photos. Even on the iOS 8.1 and iOS 12.1, the lockscreen can also be bypassed using same procedure.

But the good news is that Apple is already working on the permanent fix, which is expected in the iOS 13.1 beta, which is planned for release on September 30th.

Apple to release iOS 13 without patching the LockScreen Bypass bug



Google announced plans to implement DNS-over-HTTPS (DoH) in the next version of its browser, Chrome 78 with users given the option of choosing the corresponding DoH server to use for DNS resolution.

This is coming on the heels of Mozilla's enabling of DoH in the main Firefox browser release for a small percentage of its users, and promise of subsequently making it available for all Firefox users. While the actual support for DoH was added to Firefox 62 to improve the way the browser interacts with DNS, using encrypted networking to obtain DNS information from the server that is configured within the browser.

Albeit, Mozilla is been criticized for enabling the feature by default on Firefox and domiciling all the DNS traffic to Cloudflare.

Google, on the other hand, is towing a different part, as it will first check whether a user's DNS provider is on its list of known DoH-compatible providers, which if the user's DNS provider is on the list, will automatically upgrade Chrome DoH to that provider's DoH server for DNS resolution.

And Chrome DoH will run on all platforms other than Linux and iOS, including Android 9 and later, which if the user has configured a DNS-over-TLS provider, Chrome will also use that instead of the ones from their list, except there is an error.

The upgrading of DNS Resolution to DoH will happen according to the user's current DNS provider, that given that it is supported, as Google feels that the users DNS resolution experience will need to remain the same.

Nonetheless, DNS-over-HTTPS (DoH) have not been welcomed in enterprise environments, governments and ISPs, as some ISPs in certain countries block connection to sites via monitoring the DNS traffic.

It will allow users to bypass such censorship or spoofing attacks and increase privacy as the DNS requests would be hard to monitor. And just anyone, including privacy advocates would be able to bypass traffic filters set in place by rogue governments to track the citizens.

Chrome 78 to make debut with DNS over HTTPS (DoH) support



Mozilla announced plans to enable DNS-over-HTTPS (DoH) by default in the Firefox browser, starting with US users this month. But the news was received with lots of criticism, as most security researchers believed the idea of domiciling all the DNS traffic to Cloudflare, is bad idea.

While the operating system is what's normally responsible for managing DNS and other network settings on all applications, but Mozilla is looking to change all that, by making Firefox able to dictate the pitch. And should other applications also follow this example, it will only lead to chaos over the Web.

Now, imagine if you get different DNS for different applications or perhaps, have the applications implementing own IP stack, with different addresses, routing and so forth. Though, DoH generally, is a good technology as it brings privacy via encryption, but the correct way would be to standardise DoH and add support for it into automatic address configurations and operating systems, not applications.

Mozilla should revert the change to allow users, at least to opt-in, and choose their DoH provider, rather than automatically defaulting to Cloudflare. The company must take real responsibility by working together with the security community to create RFCs to make DHCPv6, DHCPv4 and Router support DNS URLs instead of IP addresses.

It could also contribute in developing support for the operating systems, if truly privacy is a concern for Mozilla. And whether you've got trust for Cloudflare or not, directly supporting centralization by using DoH in Firefox sucks.

The best way to voice out against it is perhaps is to turn DoH off in your Firefox browser, simply go to Settings - Network Settings and uncheck the Enable DNS over HTTPs checkbox.

Why Mozilla's defaulting of Firefox DoH to Cloudflare is a bad idea?



Cloud Dataproc is a fully managed cloud service for running Apache Spark and Hadoop clusters in a simpler, and more cost-efficient manner, by reducing operational hours, and you paying only for the resources used.

Now, Google Cloud brings Spark as a service to the Kubernetes container, and ditching the virtual machine-based Hadoop clusters, with other non-Spark analytics engines support coming in the future. While the open source container orchestration platform, Kubernetes has been a big deal in the Cloud industry, which cluster computing has become increasingly important in big data processing.

Google is launching the alpha of Cloud Dataproc to Kubernetes as an important step for the Cloud service to serve as a hybrid cloud model.

The overriding idea, however is for enterprise customers to have the ability to run Apache Spark on Google Kubernetes Engine (GKE) clusters, with products such as Anthos making GKE available virtually anywhere, customers will be able to take Cloud Dataproc to their data centers as well.

Google Cloud Dataproc coming to Kubernetes is significant as it provides customers with single control plane for both deployment and managing of Apache Spark on Google Kubernetes Engine on public cloud or on-premises environment.

This is bringing enterprise-grade support, management, and security to Apache Spark jobs on Kubernetes, which is also the first of many objectives, including to simplify infrastructure complexities for data scientists around the world.

Google Cloud Dataproc comes to Kubernetes with an alpha release



Mozilla has progressed in its effort to thwart network snoopers by encrypting connections to the web servers that host websites, using DNS-over-HTTPS (DoH), the combination of the network technology, DNS and HTTPS, to prevent middlemen from figuring out the internet servers.

While the support for DoH was added to Firefox 62 as a way to improve the way the browser interacts with DNS, employing encrypted networking to obtain DNS information from the server that is configured within Firefox, but it does not use DoH by default, as users are required to go through the configuration editor to enable it.

Now, the company has announced plans to enable support for the DNS-over-HTTPS protocol by default within the Firefox browser, starting with US users this month.

Mozilla had been testing the DoH support in Firefox way back since 2017, and so far, no issues have been recorded with the new protocol. So, it now plans to enable DoH in the main Firefox browser release for a small percentage of its users, and subsequently enable it for all Firefox users.

What this means is that Firefox will ignore the DNS settings setup in the operating system, and instead, use the browser-side DoH resolver. And the encryption of the DNS traffic will effectively hide DNS information from ISPs and traffic filters, or even , enterprise firewalls and any other third-party that wants to intercept a user's traffic.

Albeit, DNS-over-HTTPS has not been welcomed by enterprise environments, governments and ISPs, as DoH could allow just anyone, including privacy advocates to bypass traffic filters set in place by rogue governments to track the citizens.

Mozilla's implementation of DoH, however would help to seal off major holes, regarding privacy and security, though there will be some technical challenges, but gradually things will surely improve.

Mozilla will now enable Firefox DNS-over-HTTPS (DoH) by default



Lilu (Lilocked) ransomware was first discovered by a ransomware note uploaded on ID Ransomware, a portal for identifying new ransomware based on the demand specified in the ransomware note.

Now, the new strain of ransomware has reportedly infected thousands of Linux servers around the world, with the attacks haven commenced in mid-July, but severe cases were most evidence in the last few weeks. While the actual mechanism employed in the attack remains unknown, it is quite obvious that bad actors are targeting Linux-based servers running on the defunct Exim software.

The ransomware note that accompanied the attacks come with the encrypted message: “I’ve encrypted all your sensitive data!!! It’s a strong encryption, so don’t be naive to restore it;)” according to a Russian forum.

And once the victims click on the link within the note, they are redirected to a site on the dark web, demanding that they enter the key from the note, which when entered, requires them to deposit 0.03 bitcoin or the equivalent of $325 in an Electrum wallet in order to recover their files.

But luckily, the ransomware doesn't affect any system file, and Linux systems will continue to run as normal; as it target only files with such extensions as CSS, PHP, HTML, SHTML, JS, INI and other formats. Albeit, the actual number of infected Linux servers could not be ascertained as there are many of such servers currently not indexed on Google.

For now, there is no security advisory issued to mitigate the attack, however as per usual security recommendation, try to ensure your passwords are strong and all apps are updated to latest versions.

Linux Servers targeted by new strain of Lilocked (Lilu) ransomware



The cybersecurity researchers at Avast have disclosed that about 29 models of GPS tracking devices used in keeping tabs on children manufactured by Chinese companies, come with a number of vulnerabilities.

While the GPS tracking devices are estimated to be over 500,000 (available for purchase on Amazon and some other online merchants) all come shipped with "123456" as the default password, which an attacker could easily break into as most of the users never bothered to change the default password.

The vulnerabilities stems from the fact that communication between the 'Cloud and GPS trackers' and 'Cloud and the device's mobile Apps' and 'Users and the device's web application' were done over unencrypted HTTP protocol, leaving it open to man-in-the-middle (MiTM) attackers who could intercept the data with unauthorized commands.

As communications via the web application is over HTTP; the JSON requests are also in plaintext and unencrypted, allowing an tracker to call an arbitrary mobile number, which when connected would enable them to listen to the tracker through the other party without trace.

Again the communication in text-based protocol lacks any form of authorization, which process works by identificartion of the tracker by its IMEI number.

The researchers also discovered that remote attackers could obtain the real-time GPS coordinates of any target device by simply sending SMS to the mobile number associated with the SIM card which is to provide DATA and SMS capabilities to the device.

Albeit, the attackers would need to first know the associated mobile number and password on the tracker to be able to carry out an attack, though it can be exploited by the cloud/mobile app flaws to authorize the tracker to send SMS to an arbitrary mobile number by itself, allowing the attackers to obtain the trackers specific mobile number.

Once access is gained to the device's mobile number and given that the default password '123456' remains for most of the devices, the attacker can easily use the SMS as attack vector.

The researchers, however claimed to have since notified the manufacturerers of the GPS tracking devices critically affected by the security vulnerabilities, as well as the vendors, but still no response.

How GPS Tracking devices could expose Kids real-time Location data



Twitter has temporarily disabled the 'Tweet via SMS' feature after it was reportedly abused by hackers to compromise the company's CEO, Jack Dorsey's Twitter account, whereby a series of tweets with racial slur was posted on the timeline.

The hacking group called "Chuckling Squad" - replicated the mobile number associated with the CEO's Twitter account to gain access to tweet racist, cum offensive messages and threats via SMS. The procedure known as "SIM Swap" allows anyone to recover a supposedly lost or displaced SIM by requesting the telecom company to transfer the number to another SIM card.

Through social engineering trick, the group were able to get Dorsey's mobile phone number and provider, which enabled it gain unrestricted access, whereby they used the popular 'Tweet via SMS' feature to post tweets under his username, without actually breaking into his account.

While the Tweet via SMS feature allow users to make post directly to Twitter by simply sending an SMS message to a specific Twitter number from the registered mobile number associated with the account. Albeit, it requires no extra authorization which was the bane that allowed it to be easily hijacked by the hacking group.

Twitter halted the feature to forestall such incidence from repeating itself, and has promised to reactivate it in markets that depend on SMS for reliable communication soon.

The company also confirmed it was working on longer-term strategy because of the vulnerabilities that must be addressed by the mobile carriers to have a linked phone number for two-factor authentication.

Twitter halts the 'Tweet via SMS' feature after an Impromptu hack



Mozilla has been at the forefront in fight against websites that track users online activities, which tracking is only beneficial to advertisers who target specific users, despite that it invades their privacy.

Now, the company has released Firefox 69 with ability to block third-party tracking cookies by default, which is powered by the new tool called Enhanced Tracking Protection, a step-up from its earlier approach of manually keeping websites and advertisers from tracking users online activity.

While the Enhanced Tracking Protection debuted in Firefox 57 as an option to block website elements (analytics trackers, ads and social share buttons), enabling tracking protection outside of private browsing. It aims to help in mitigating privacy threats and put the users back in control of their online activities without fear of snooping and tracking of their browsing behavior across websites — without knowledge or consent.

Firefox 69 goes even beyond the cookies, as cookies aren't the only tracker that follow users around on the web; it also block Cryptominers, which are capable of accessing the CPU, resulting slow down and fast battery draining, which helps the miners to generate cryptocurrency — certainly not for the user, but for themselves.

Firefox allows you to view those sites that are already blocked via the Blocking Tracking Cookies section, and you can also turn off blocking for specific sites.

The Enhanced Tracking Protection is ultimately aimed at blocking only third-party trackers (ad cookies), as it allow first-party cookies, such as logins, so that you can continue where you last left off, without having to retype passwords.

Mozilla's move to tackle cryptomining, stems from the fact that it uses CPU to generate the cryptocurrency, and fingerprinting that track users across the web. The fingerprinting scripts is capable of harvesting a snapshot of computer’s configuration, which can be used to track a user, without consent.

Firefox users, however can turn on ‘Strict Mode’ to get protection from fingerprinting scripts; albeit Mozilla promises to turn fingerprinting protections on by default in future releases.

Firefox 69 block third-party Cookies & Cryptominers by default



Google has released the latest iteration of its renowned mobile OS, Android 10, breaking from the decade old norm of naming it after sweet delicacies, as the Internet giant is done with fancy dessert names for Android. But, even more significant is the bevy of new security and privacy features coming to the mobile operating system.

While the most important upgrades are concerned with privacy, especially those that prevent apps from profiling you. As Android 10 will generate a randomized MAC address for the device, which unique identifier is used for the network hardware, and will require extra permissions to access the IMEI and serial numbers, which all uniquely identify the device.

Amongst the privacy-focused enhancements, is the control over how apps access a phone’s location - Android 10 brings a new dialog to let users choose if an app can have access to location, with options like at all times or only on running in the foreground.

Google also took steps to protect information around how apps interact with your contacts. As whenever you grant an app access to contacts, Android will not provide any ‘affinity information’ which organizes the data according to your most recent interacts. And this privacy features are not only for individual users, but organizations also gets more flexibility and privacy capabilities, such as when using corporate-owned devices, employees will experience even more privacy using their work device.

And Organizations can provision company-owned devices into work profile mode with zero-touch enrollment or other methods, so that employees can enjoy better privacy for personal reasons and IT admins can have more ways of managing company-owned and BYOD devices.

It will also offer new privacy section within the settings, to enable employees view all the controls in one place, coupled with more granular controls for location data that allow an app access to location only when the app is in use.

Android 10 will bring over 50 security and privacy improvements that's specifically targeted at organizations and employees, with enterprise ability to block installation of apps via unknown sources on devices with a work profile, to reduce organization-wide risk of malware.

The IT admins can also set a private DNS on a managed device, including the requirement of DNS over TLS to avoid the leaking of URL queries.

Google perhaps has been listening to feedback from its users who complained about phone sensors ability to implicitly reveal users details. More reason Android 10 will introduce new version to its ACTIVITY_RECOGNITON permission for apps that track physical activities, such as step count.

Additionally, Android 10 will require specific location permissions for apps requesting to access selected Wi-Fi, telephony, or Bluetooth functions. While another a new feature called scoped storage, will restrict app’s access to files on external storage, giving access to only its specific directory and media types.

How Google's latest software, Android 10 takes privacy a notch higher



Hangouts, which originally launched with Google+ social network, is a messaging system that allows for collaboration between workers, with offerings like video chats and voice call, in addition to regular text messaging.

While Google+ has been discontinued, the company had scheduled the transition from classic Hangouts app to Meet (a more secure, and improved video chat for meeting experience providing better performance over the classic Hangouts app) for G Suite customers starting from last May 2018 to October 2019 deadline.

Launched in March 2017, Meet is an improvement on the video meeting experience providing better performance over the classic Hangouts video calls, with better security and reliable method for guests to join meetings.

Google had earlier planned to retire classic Hangouts with the purported full migration of G Suite users to the new platform, but now, it has extended the migration deadline for G Suite customers to make the switch to Hangouts Chat and Meet tools.

And the new final transition date, according to google will be “no sooner” than June 2020; though not a more precise time frame, the company promised to make a clear announcement when the date is closer to the deadline. While G Suite customers that need to upgrade to the latest versions of Hangouts can still do so, by requesting an invitation via the Accelerated Transition Program.

Google promises to continue to improve the transition of classic Hangouts group conversations, as well as additional new Chat features, like the "Read receipts" - which notifies a user when messages have been read.

However, the migration by organizational unit isn't yet available, instead the classic Hangouts group conversations can be recreated in Chat, albeit it requires a review of the Deployment Guide and Known Limitations, to determine whether the migration experience will be right for your organization.

Google pledges to provide an advance notice once there is more definitive date, and advises customers to keep a watch on the G Suite Updates blog for new information.

Google Hangouts migration deadline extended for G Suite customers



Google is grappling with the outbreak of data-abusive apps on its platforms, with instances like the Cambridge Analytica scandal, which affected the Facebook app, whereby users data were sold purposely, albeit illegitimately without the users consent.

The company in a bid to contain the situation has announced the expansion of it's vulnerability reward program, which includes: the Developer Data Protection Reward Program (DDPRP), and the Verifiably & Unambiguous Evidence of data abuse in Android apps and Chrome extensions; also now extended to the OAuth projects.

It has also expanded the scope of the Google Play Security Rewards Program (GPSRP) to include all apps on Google Play Store with over 100 million installs, and offering help to affected developers in fixing such vulnerabilities through responsive disclosures.

Getting Bounty by Finding Data-Abusive Chrome & Android Apps



Whenever a developer reports a data abuse related to any Android app or Chrome extension, which app or extension will be liable for removal from the Play Store or Chrome Web Store; though no reward table is listed at the moment, but depending on the severity of impact, it could net as much as $50,000 for a bounty reward.

The reward is aimed for just anyone who is able to provide a verifiable and unambiguous evidence of data abuse, which measures will help Google to thwart malicious apps and Chrome extensions that abuse users' data on its platforms, and also beef up security on the Play Store.

The program will open door for researchers to help in identifying and fixing vulnerabilities in apps, and if any developer succeeds in pinpointing an abuse on its own apps, will also receive rewards directly from Google. That will encourage more app developers to start checking their own apps, and to disclose possible vulnerability or bug; which validates the bounty program's working directly with the developer community.

How to Get Bounty by finding Any Data-Abusive Chrome or Android App



Microsoft's removal of its hold on patents to the exFAT file system, through the Open Invention Network (OIN), has made it available on the Linux kernel for use by the open source community.

The company joined the Open Invention Network (OIN) in late 2018 in a move perceived as its endorsement of open source, which it essentially agreed to grant royalty-free and unrestricted license to its patent portfolio. Microsoft has now also removed its hold on the patents related to the exFAT file system, which Linux users have had to undergo hard times dealing with on their PCs.

The exFAT (Extended File Allocation Table) is a file system released by Microsoft for Windows, which made debut with Windows CE 6.0., and had remained a proprietary software, only available to paid Microsoft subscribers.

Albeit, the exFAT file system is also compatible with macOS, but Linux users had been in pains dealing with exFAT-formatted SD cards and flash drives on their PCs. And in comparison to the erstwhile FAT32 which only support file size of up to 4GB, the exFAT allows nearly unlimited for both partition and file sizes.

Though, there's FUSE-based workarounds implemented to achieve a level of compatibility with Linux, and Samsung haven also published its own Linux driver for the exFAT file system, but still nothing worked better.

Microsoft maintains that this latest addition to the open source patent consortium, is the company’s effort to ease things up for Linux users and in fact, the whole of the open source community.

Additionally, the company has also integrated its software with Linux via Windows Subsystem for Linux (WSL) on Windows 10.

Microsoft's romance with Open Source, brings exFAT File System to Linux



Getnamenecklace.com is a specialist jewelry store for connoisseurs with great taste for fashionable and gorgeously customized jewelry collections.

While the online store prides itself as the one stop place for fashionista jewelry, it also offers the option of having your jewelry customized or personalized by your name, initial letters, assorted metal and stones to meet your peculiar sense of style, all at a relatively cheaper price.

Amongst Getnamenecklace's best collections include: Monogram chocker necklaces, rings and pendants, with all pieces fabricated in top quality using the latest jewelry making technologies, and at a good competitive price. The manufacturing procedures are pretty well organized to ensure efficiency at all times - right from the technical aspects to actual product shipment, it affords you a comprehensive checkout with easy tracking and the packaging processes done with utmost precision, for guaranteed timely delivery.



Getnamenecklace.com comprises of professional designers who are hugely talented in the art of churning out masterpieces of jewelry using personal names and initials, with every piece a distinct lovely piece of jewelry.

The Single Infinity Name Necklace is one of their specialty collector items, and also, Everyday Classic offering you the appeal to show off the essence of the word "forever" and what it truly represents and it makes the perfect gift to loved ones, as you can even get your name and that of your significant other engraved on it.

You can also check out the other Infinity-branded necklaces by clicking here, with each masterpiece having the option of been personalized and customized to your style.

In fact, you can never go wrong in choosing Getnamenecklace.com as your preferred online destination for jewelry shopping, you'd be spoilt for the huge choices available and what's more, when you can also get any inspirational word, or anything else you fancy on the necklace.

Why GetNameNecklace.com is the best Online Store for your Customized Jewelry



Facebook had after several testing released a privacy tool, called 'Off-Facebook Activity' to allow users to have more control over their data and also be able to choose which specific parts of their data to share with advertisers and which to remove.

While the social network giant, Facebook had earlier resorted to many privacy measures with the sole aim to give users more granular control and have better transparency about how they and other third-party apps use the data, this is perhaps the first time it is giving users total control in clearing data from third-party websites and apps.

Facebook has seemingly ran into some challenges with privacy, as it tries to organize browsing data by date, which instead the former privacy tool organizes by profile, making it a bit difficult to single out an individual user's browsing history data.

What does and does not qualify as Off-Facebook Activities?



As Facebook is privy to collect information of users in different ways, first it does so through the filling out of your information into its platform via website and apps, and secondly, it tracks your browsing history via the Login with Facebook, embedded Like button, Facebook comments, and other hidden script called Facebook Pixel embedded on most websites.

Now, through these several processes Facebook is able to know which websites a user visit, even when not on the platform itself. And perhaps you've experienced whenever you scroll through your Facebook feed, it displays advertisements from specific brands especially those websites you recently visit.

These are what is classified as Off-Facebook activities and serves to help them to target ads more effectively, albeit evading users privacy. But with the new 'Off-Facebook Activity' Tool, concerned users should now be able to clear their personal data on the platform.

Steps to clear your Data using the Off-Facebook Activity Tool



The new tool makes it possible for you to be able to view a summary of your data which other websites or apps sent to Facebook through its various tools, and also allow you to disconnect the data or even all future activity altogether from your Facebook account.

Simply navigate to your account's Settings and you'll see the Off-Facebook Activity tab, click on it. Then you will be able to see the websites and apps that have been tracking your activity for ad targeting by sending reports to Facebook.

Now, just tap on the "Clear History" button to clear every of your browsing history and disconnect your account from the selected apps and websites or even prevent all of the third-part sites from tracking you in the future.

How to use 'Off-Facebook Activity' Tool to clear your personal data



Google has made proposal for a set of open standards on privacy, dubbed Privacy Sandbox, that will fundamentally prevent profiling of users and still support Free and Open Internet for digital advertisements.

While the issue of targeted advertising encroach on web users privacy, with tracking technologies becoming too invasive through intrusive practices by advertisers to accurately identify individuals for ads serving, there is now serious concerns amongst Internet users.

Google wants to help in finding a solution that will both protect users privacy and also help web content remain freely accessible on the web. The idea of Privacy Sandbox is to ensure secure environment for personalization that fundamentally protects user privacy. It includes new approaches that ensure ads will continue to be relevant for users, but without user data been shared with websites and advertisers, by anonymously aggregating the data, and maintaining more information on-device only.

The company hopes to work with the web community in developing the new standards to advance privacy, and by following the web standards process and seeking industry feedback on ideas for the Privacy Sandbox.

As part of its effort to advance privacy, Google had earlier made known its plans to improve the classification of web cookies, by giving clarity and visibility to the cookie settings, as well as aggressively blocking all fingerprinting techniques, thereby allowing users to evade web tracking.

Google has also made available its documentations on the specific problems they are trying to solve with the Privacy Sandbox, and have shared series of explainers with the web community. As the project will require significant thought, debate and input from stakeholders and generally, this may take multiple of years.

Privacy Sandbox: Google's new initiative for Open Standards on Privacy



Microsoft's open source code editor, Visual Studio Code was adjudged as one of the best text editors for programming, and the bringing of the Visual Studio Code as a Snap, to cater for the open source community has endeared it to the highly disparate Linux crowd.

Now, the company has released a new extension for Visual Studio Code, dubbed Web Template Studio (WebTS) to provide a platform to create web applications effortlessly and to enable developers generate a ReadMe.md with step-by-step guide on the development process.

While the Visual Studio Code serves as redefined editor for building modern web and cloud applications, with full support for debugging of a number of frameworks; the availability of WebTS will help developers to generate boilerplate code for each web app with options to choose between any of the different front-end/back-end frameworks, pages and cloud service.

Microsoft had earlier released Snap, the new universal packaging system for Linux apps, which is capable of been updated on any supported distro without affecting the host, and is hugely loved by the open source community.

This new extension will bring several app page templates to the Visual Studio Code, such as grid page, blank page, list, and master detail, to help developers in creating web apps more easily; and given that web apps created using WebTS posses well structured and readable code, which can also incorporate cloud services on Azure, makes implementation faster.

The Web Template Studio supports languages such as Node.js and Flask (for backend); with React, Vue and Angular (for frontend) and it's currently available on GitHub, so developers can contribute to further improve it or employ the tool for their projects.

Microsoft launches new extension (WebTS) for Visual Studio Code



Apple's browser engine, WebKit has announced a new tracking prevention policy which is aimed at bolstering privacy on the Safari browser and thus help to protect users on Apple's ecosystem.

While the open source project, WebKit announcement is following on the heels of Mozilla's push for privacy with its own anti-tracking policy, that is solely targeted at quashing all the web tracking technologies that follow users on Firefox browser.

The WebKit Tracking Prevention Policy, among other things spelt out the types of tracking it will target and how it will effectively deal with the issues, with implementation of mechanisms in WebKit to prevent such web tracking procedures. And the ever evolving policy will also profile additional tracking techniques as they arise, in a bid to include the new techniques in the policy and implement measures to prevent them.

Before now, Mozilla had been the single advocate of the browser-side protection that block websites from following web users online, which tracking has been proven to benefit advertisers who target specific users, even though it invades their privacy. With Firefox 67 which was released in May, the company debuted Letterboxing feature to protect against the so-called window-size related fingerprinting, which is employed in the profiling and tracking of Web users, whereby their personal information are collected from their various devices for identification.

Apple WebKit will bar any cross-site tracking and fingerprinting, with Safari browser already blocking some of the cross-site tracking techniques under its Intelligent Tracking Protection (ITP), which debuted with macOS Mojave and iOS 12; albeit it's still lacking in full blockade - as such information that can be used to identify some trackers are non-existence.

That's what the new policy will seek to address, through the discovery of additional tracking techniques, including the types of tracking created and how to deal with their effects.

Ironically, both Mozilla's Firefox and Apple's Safari browsers have been on the losing side in the browser wars, with huge declines in user share in the recent months; and despite Google's Chrome stealthy position, it has continued to climb in user share worldwide.

And perhaps, there will be a likely reversal in usage as more users begin to see the implementation of effective privacy policies from the competitors, that is, if privacy means anything for the average web users.

Apple to turn full throttle on Privacy with Safari Anti-tracking mechanism



While Spotify boasts of millions of songs available for streaming, you can only download and listen to it on the platform as Spotify songs are protected by DRM, and that limits how users could enjoy the songs in many ways. As a freemium service, it offers basic features for free with advertisements; albeit you can get music videos with additional features such as improved quality and better streaming as a premium subscription.

And the digital rights management (DRM) protection measures are set of access control technologies meant to restrict how proprietary or copyrighted works are used. The technologies only try to control the modification and distribution of such works such as multimedia content, and also systems within specific devices that enforce the policies. For instance, Apple too uses DRM to protect contents on iTunes, App Store, etc. Just as Spotify Music Streaming service uses DRM to protect their music, even though the DRM technology remains a controversial issue and hasn't been universally received across the globe.

But, TunesKit affords you the best DRM removal tool so that you can convert Spotify songs and easily download millions of DRM-ed songs/playlists into any format, including MP3, AAC, WAV, FLAC, M4A, M4B and also for offline listening on all devices and players even without a premium subscription. TunesKit Spotify Music Converter is fully capable of converting all DRM protected Spotify Musics from DRM to other formats (including MP3, FLAC, AAC, and WAV) losslessly and you are able to freely download the music track and playlist offline for even supposedly unsupported devices without any limitations.

What are the key Features of TunesKit Spotify Music Converter?



  • Easily Convert protected Spotify songs and playlists to MP3, AAC, WAV, FLAC, M4A, M4B:
  • TunesKit Music Converter for Spotify offers the ability to download Spotify music, and also remove DRM to convert the songs, and playlists to popular formats, like MP3, AAC, WAV, FLAC, M4A, M4B for support on different devices, such as MP3 player, mobile device, sound system, and car radio. Additionally, you are able to play the downloaded Spotify music offline on the various devices.

  • Losslessly preserve quality and metadata of Spotify music as the original:
  • TunesKit Spotify Music Converter combines the latest DRM music decryption removal technology which makes it fully capable of cracking any DRM encryption technology employed by Spotify without any loss in the quality of the music. Unlike other Spotify music downloaders in the market, that only rip songs through recording with unexpected quality reduction on the final output, TunesKit Spotify Music Converter retain 100% ID tags and metadata of the original Spotify streams, such as track number, artist, genre, composer, etc.

  • Download any track, album, artist and playlist from Spotify within free subscription:
  • TunesKit Music Converter for Spotify allows the downloading of all kinds of music from Spotify easily just by dragging the Spotify track, artist or playlist to the screen and download will be completed in seconds with only one click.


Steps to setup TunesKit Spotify Music Converter for Windows



Simply download TunesKit Spotify Music Converter for Windows from the site. And once downloaded, then double tap on it to initiate the installation process, and accept the terms and conditions. Now choose the destination location for installing the app, among other setup requirements.



The installation is quite jiffy and completes in a few minutes, after which the application will then start. TunesKit has a clean UI that doesn't require a lot of learning curves to use.

As seen in the above image, there is provision to insert Spotify track link. Just copy and paste the song link, and from the list icon at the top panel you can customize the format. When finally done, simply hit the convert button. That's it!



Now, you'll have the converted file available in the output location you set. But remember, you must have got Spotify installed on your device before carrying out the setup and conversion.

Our Verdict!



TunesKit Spotify Music Converter is fully compatible with the Spotify application which makes launching it automatic. And the flawless running of the application makes removal of DRM protection from Spotify songs as easy as pie.

TunesKit Spotify Music Converter for Windows lets you download freely anywhere



The Firefox Password Manager is intended to help keep all users' passwords in one place, so that they can log in automatically onto websites, or find their saved passwords easily; but to ensure a foolproof security, it also gives you a master password.

While the password manager is active by default, and accessible by going to the Privacy & Security section on the Preferences page, however there is a catch, the master password itself is not turned on for fresh installs, which leaves the stored passwords vulnerable to hackers or cybercriminals.



The fix as issued by Mozilla, is rated as “moderate” – given that it does not allow just anyone to extract passwords from the computer – but Firefox users are advised to check to make sure their browser is up-to-date for their optimum security.

If you've got automatic update turned on, then you should make sure to verify manually that it is working properly. Albeit, the easiest way is to select the About Firefox menu, which shows you the version of the browser you’re currently running, and check for any update, or offers you haven’t received yet.



Once there’s an available update, you’ll see the [Restart to update Firefox] button: simply click it and you’re about now done – as Firefox will remember all the tabs you have open and the session cookies: what you set, exit, update, reload and promptly open your tabs back again.

And if all goes accordingly, you’ll be restored back to where you were, logged into the same sites and ready to continue where you stopped. It is, however, recommended never to store unprotected password databases on your computer.

Mozilla fixes the glitch with Firefox “master password” bypass



The renown Kaspersky security solution has been reported to be flawed with how it runs remotely-hosted JavaScript file in the source code of every website a user visits in its processes of matching the site against the list of suspicious web addresses on its database.

Kaspersky Lab is a cybersecurity and antivirus provider headquartered in Russia, but operational as a multinational holding company, with extensive facilities in the United Kingdom.

The flaw marked as CVE-2019-8286 and credited to Ronald Eikenberg, an independent security researcher, stems from how the URL scanning module (Kaspersky URL Advisor) integrated into the antivirus program works. While the profiling is even active in private browsing mode (otherwise known as Incognito Mode in Chrome browser), with the flaw exposing a user by disclosing the UUID (Universally Unique Identifier) information associated with that user to every visited website.

The UUID can easily be traced to a particular individual and capturable by any website, or even third-party analytics services, since the file contains a string which is unique to the Kaspersky user.

Kaspersky, on the other hand, has acknowledged the flaw and issued a patch for it by assigning a general constant value mark (FD126C42-EBFA-4E12-B309-BB3FDD723AC1) for all Kaspersky users instead of the Universally Unique Identifier. But even with that, the Kaspersky URL Advisor still exposes users by allowing websites and third-party services to know if a visitor has the antivirus software installed on their system.

This particular issue has been classified as User Data disclosure, and could allow an attacker to prepare and deploy a more malicious script to track the perceived protected user with an implant on the web servers.

Though, users can disable this tracking altogether by manually disabling the URL Advisor on the software by going to Settings, click on Additional, then Network, and uncheck the traffic processing box.

How Kaspersky Antivirus flaw exposes users to advanced Web tracking



ClickDo is a UK based SEO agency, made up of SEO experts who are intensely result-oriented. As every online business need to stand out from the crowd, which is the only way to guarantee appearance in search engine results, they'll need to employ some techniques to boost their website's search engine optimization.

While local search engine optimization is focused on optimizing business website so that it will be available on the top search results whenever a user searches for a local keyword for its products or services. If you are searching for London's best SEO services and marketing consultancy agency, look no further than ClickDo.

Fernando Raymond, the CEO & Founder at ClickDo is a renown SEO expert with amazing track records that speak volume, and such assurance from the company as "Give us 100 days, we will double your traffic" - sums up the result-oriented nature of the coy.

Why hire a SEO Agency?



Nowadays, every information is available at our fingertips, and not only one-word answer or approach, but full encyclopedia that's present in just one single click. And these needs of web searchers are taken up by search engines like Google where they prefer sites with complete in and out details about the related topic all in a single source.



As such, search engines follow a pattern to only show those sites in its result that cover the topic in a holistic manner. That's where the job of a SEO expert comes in, SEO serves to help in increasing the traffic flow to your website, and the optimization work affords it the better chances to reach more people. Albeit, SEO works take time and resources to get the desired results.

Why CHOOSE ClickDo for YOUR SEO SERVICES?



ClickDo boasts of having the #1 SEO Consultant in London, in the person of Fernando Raymond onboard, who brings his wealth of knowledge in Local SEO in auditing your business website to make sure everything is in perfect shape.

However, you don't have to take our words for it, find below a sample of recent local SEO service project successfully delivered to its client, so that you'd know what to expect in your own business site's traffic.



The website formerly could not even come first page for its own keywords for years after a major penalty. But when Fernando Raymond was contacted by the client, ClickDo expertise helped in bringing back the website to rank #1 on Google UK for their most competitive keywords.

Also note that organic traffic is perhaps the best for high conversions and even though you get traffic from Google AdWords it won't quite measure up to it, as it comes at a higher cost.

ClickDo Review: Best SEO Agency In London (UK) for Local SEO Services

.

Microsoft had deferred the Windows 7 Extended Security Updates deadline beyond January 2020, given that Enterprises are still grappling to upgrade to the newer operating system, so that now the extended support will culminate to three years of the deadline.

The company in a bid to make the migration easier and smoother, has launched what it calls "FastTrack", which program comes free with the purchase of a minimum of 150 licenses for any of the eligible Enterprise subscription plans or services, including Office 365 as well as Microsoft 365 (M365), the pricier bundles Office and a plethora of other management and security tools.

While Windows 7 Extended Security Updates will continue through to January 2023, it will only be available for PCs running Windows 7 Professional/Enterprise edition, with those versions of Windows obtained through volume licensing deals.

According to Microsoft, FastTrack will also help in deploying a service or subscription, with Desktop App Assure, it will work with customers to ensure that the desktop application running under Windows 7 will continue to run on Windows 10 after the successful migration. Albeit, the tool is designed to assist only Enterprise or Professional customers migrating from Windows 7 or Windows 8.1 Enterprise or Professional, to Windows 10 Enterprise.

Microsoft, however did emphasize on Professional-to-Enterprise migration too, and will provide Windows 10 deployment guidance to help in the upgrade from Windows 7 and Windows 8.1 Professional to Windows 10 Enterprise. But, it should be noted that FastTrack does not involve Microsoft's sending of engineers to an organization to supervise the OS upgrade, instead representatives are made available for consultation to provide guidance.

Microsoft will continue to offer customers on Windows Server's Extended Security Updates patches for "Critical" or "Important" rated vulnerabilities, with the top two tiers in its four-step risks ranking system.

How Businesses can leverage on FastTrack Assistance Program



SeekaHost offers cutting edge Web hosting solutions at bottom prices, without compromising on the quality of service, and guarantees optimal hosting availability that is unbeatable anywhere.

While many so-called cheap hosting services are often caught in lackluster services, where claims to offer 100% unlimited hosting for an outrageous price is more or less a ploy to corner your hard earned bucks. And those getting newly on board the website creation scenario, are faced with the choice of seeking a host that will not actually compromise on quality nor bore a hole in their pocket.

That is exactly what we want to offer with this review - SeekAHost is a great hosting provider based in the United Kingdom, with servers scattered all over the world for optimal service delivery.

Why SeekaHost?





Nowadays, everybody is seeking for a web hosting service that is first affordable, then reliable and efficient at the same time. SeekaHost offers the cheapest hosting services that will be suitable for both personal and business web hosting requirements, haven deployed the latest technologies in web hosting, with modern servers and infrastructures that guarantees integrity in the systems, tested for more than a decade to ensure best performance.

And their services are backed by 24/7 professional customer service personnel with years of experience in the web hosting verticals; you just can't go wrong choosing SeekaHost as your preferred web hosting service provider.

3 levels of Web hosting Packages



Personal hosting packages: This web hosting package is for hosting your personal website, it gives your stories wing and make them live on the Internet at a pretty cheap rate. The package starts at $1.99/month with 1 Domain, 1GB Disk Space, 10GB Data Transfer Unlimited Email accounts and it guarantees optimal service delivery.

Business hosting packages: The business web hosting is geared to provide a gateway to your customers, with enough power to ensure the success of your business in the digital economy. The plan starts at $7.99/month and includes 5 Domains, 10GB Disk Space, 100GB Data Transfer and Unlimited Email accounts.

Shared/Dedicated IPs: The Shared/Dedicated IPs plan is tailored for upcoming bloggers and include 500MB Disk Space, 5GB Data Transfer, 1 Website, 2 MySQL Database, cPanel Access, Free SSL Certificate, Unlimited Email accounts and Unlimited Sub Domains, all at $0.95 /month. What more would a newbie blogger ask for?

The package also comes with options to get your personal or small business sites up and running with the one-click WordPress installation for anyone who is looking to host their personal blogs for a low cost.

SeekaHost have robust network of servers stationed in different data centers around the world to guarantee optimal service delivery, as having your host near to your audience is a huge SEO advantage, and helps to ensure that your content can be accessed as fast as possible.

In conclusion, we are recommending SeekaHost mainly because of their cheap prices and vast network of servers that lets you choose where your site will be hosted, and the rigorous selection processes they put in to ensure that all data centers comply with the highest standards.

SeekaHost Review: Unbeatable Web hosting, including Shared/Dedicated IPs and VPS



Google had been working on TouchID and fingerprint capabilities to enable users on Chrome to login to account via Web Authentication, and developers to access biometric authenticators through the Credential Management API's PublicKeyCredential type.

Now, the feature dubbed, "Local user verification" is rolling out to users to allow them to log into both native/web applications by registering their fingerprint or any of the other available authentication method set up to unlock their device, such as pattern, pins or password.

While in the future, this three APIs: Face Detection API, Barcode Detection API and Text Detection API, will along with the Face Detection API allow users to return the location of faces and other facial attributes like nose and mouth for a more accurate result.

The feature relies on Web Authentication API and the Client to Authenticator Protocol (CTAP), which are designed to offer simpler and more secure authentication methods that websites can use for secure web-based logins, taking advantage of Android's inbuilt FIDO2 certified security key capability that was rolled out earlier to all devices running Android 7.0 Nougat and later.

Google has also added the functionality to its web based password manage: passwords.google.com, which provides an online platform where users can view and edit their saved passwords.

The new authentication feature will be more useful for people with extreme security practices, who often create strong and unique passwords for every website and thereby faced with the trouble of having to remember each for every transaction. Google plans to expand this functionality to more Google services, including Google Cloud in the near future.

Google rolls out Fingerprint Authentication for Native Applications and Web services



If you are an Apple fan, you'd be familiar with the impressive continuity or convergence between their various devices. Take for instance, if you are watching a movie on Mac wearing earphones and got a call on your iPhone, you'll be presented the option of receiving the call right on your computer without resorting to your phone.

But unfortunately, same can’t be said about Google products, with such convergence features lacking on Android, it has been a huge turn down, especially for those who are switching to Android phone from iPhone.

Even Chromebooks running Google's Chrome OS can't boost of the level of convergence in Apple products with Android, albeit as a larger ploy to tie Chromebooks and Android devices closer together, Google had earlier outlined authentication by a secondary device plan, which is to allow you bypass your phone or tablet’s lock screen (though, optional).

The limitation, however remains that you can only open your Chromebook with your Android device in your pocket, with the laptop automatically getting unlocked and signing you into your Google account, without requiring a password.

And still, the area where Android is found wanting is whenever you want to receive your call on desktop, it really can't beat Apple, no not yet — in the continuity or convergence capabilities, though you’ll be able to receive notifications about incoming calls and see your text messages right on desktop, but you just can't pick up from it.

When such limits exists in Google's own ecosystem, what then is to be expected from cross-platform compliance with Windows, given the general adoption of Android smartphone, Google should be thinking in the line of incorporating more convergence features into Microsoft systems.

Microsoft, on the other hand, have been trying hard to take charge of what’s running on Android, with additions like "Your Phone" app that Microsoft released in 2018. Since then, the company has also added other useful features such as SMS Organiser to help Android users achieve better cross-device compatibility with Windows 10.

For now, we can only make-do with the Your Phone app which lets you sync Android notifications to Windows 10, and also send/receive SMS on your PC. It also allows you to sync recent photos and videos, with support for both Android and iOS.

Google found wanting in Android/desktop Cross-platform compliance



The Chinese technology giant, Huawei has announced its long rumored operating system, Harmony OS (Hongmeng OS in Chinese) as a supposed Android alternative based on a micro-kernel modular created by the company.

While Huawei maintains that HarmonyOS is quite different from Android and iOS with more scalability across different kinds of devices, like wearables, smart televisions, IoT devices, refrigerators, and cars, among others. The company touts its modular design as a “decoupled” OS from hardware, meaning that developers will adapt to the software with just one attempt, and it's also much faster than Android.

The first device to run the new OS, is the new Honor Vision TV launched by Huawei's subsidiary company, with the new TV also featuring a smartphone-style pop-up camera, albeit, Huawei did not project the new Harmony OS as a direct competitor to Android, rather it will serve as a sort of plan B should the US authorities go ahead with sanctions to withdraw their Android license.

Harmony OS has been in development since 2012, with the initial target to cater for IoT products such as wearables, smart displays, smart speakers and so forth, but the unforeseen US trade issue with China has forced the company to rethink its future, thereby mandating the transformation of the OS to support multiple platforms.

At the moment, the OS doesn’t support Android apps out of the box, but developers only need a single coding to recompile their Android apps to work in Harmony.

However, the huge challenge for the company will be on how to woo developers to join in Harmony and build up the much needed app ecosystem that could measure up to Android. Even though Harmony OS is an open-source operating system, Huawei will have to offer lots of incentives to increase developers interest in the new platform.

And perhaps, the modularized Harmony OS can be harnessed to adapt more with flexibility to any device to create a seamless cross-device experience, with the distributed capability kit leading to a shared developer ecosystem.

Harmony OS: Does Huawei's new Operating System stand a chance?



The Web browser has become an ubiquitous hub for both work and play, often storing our most confidential information, including banking and other personal data than any other programs.

While most browsers offer to save your login details or personal data: which may include bank card details for online stores, and billing address, which convenience is to help you autofill such requirements on any website than filling out the forms all over again, so as to worry less about forgotten passwords or not having your card information beforehand.

But, with the convenience of the autofill data, cybercriminals can now scoop up data from your computer by getting it infected by a stealer malware — which is crafted to steal information from browsers.

According to Kaspersky Lab, browsers based on the Chromium engine (such as Chrome, Opera and Yandex.Browser) store user data in same place, making it easy for the stealer malware to find the stored data, albeit the data are stored in encrypted form, but as the malware already have access to the system, it acts as the request is coming from the computer users.

So the malware puts in a request to the browser’s data encryption tool to decrypt the information stored on the computer, which requests are seemingly from the user and considered safe by default, the stealer in turn will now get all the passwords and credit card details saved on the browser.

However, Firefox browser appears to function a bit differently, given that it hides the password databases from strangers, and creates a random profile name for it, so that the malware cannot decode where to look out for the stored information. Though, the file name with the saved data doesn't change, there is no protection to stop the stealer from sifting through all the profiles and identifying the required file, as the folders containing the data are stored in one place.

As for the precise method and type of storage for Microsoft Internet Explorer and Edge depends on the application version, but still the reliability also leaves much on the table. Again the malware can easily retrieve passwords and banking card details direct from storage, by requesting it seemingly on behalf of the computer user.

Afterwards, the malware will simply request the relevant browser to decrypt the files, and it usually succeeds, as the decryption of data request appears to come from the user, because it is supposedly acting on behalf of the users and the malware now sends the data back to the cybercriminals.

It is therefore recommended for security reasons that users do not entrust their important information like banking card details to browsers for storage, rather them should manually enter it each time there is need — even though it may take longer time, but this is safer. Otherwise, you can also make use of a trusted password manager.

Why you should not Store Personal Information with Browser Autofill



The Russian hacking group also known by aliases such as Pawn Storm, Sofacy Group, APT28, and Sednit, with the name "Fancy Bear" which was derived from a coding system used to identify them by the security researcher, Dmitri Alperovitch, are back in the news.

While Microsoft have long engaged in a silent war against the group, as they had mostly targeted Windows with their malware, and have chosen domain names heavily related to Microsoft products, which gave Microsoft a ground to carry out several lawsuit against them for reserving domain names that violate its trademarks.

The hacking group is believed to have links to Russia’s GRU military intelligence, which was responsible for IoT-based attack on some unnamed Microsoft product customers, with hundreds of thousands of business networking and storage devices have been compromised and loaded with so-called “VPN Filter” malware.

Microsoft Threat Intelligence Center researchers also discovered infrastructure communicating to several external servers, with attempts by the hackers to compromise popular IoT devices (including VOIP phone, office printer, and video decoder) across different locations.

According to the researchers, after gaining access to IoT devices, the hackers ran tcpdump to sniff network traffic on local subnets, and by enumerating administrative groups attempt, furthered the exploitation. The hackers were able to drop a simple shell script which enabled them to establish persistence on the network allowing extended access for exploitation.

The analysis of network traffic showed that the actors used stealthy means to gain initial access to corporate networks, albeit lack of full awareness by enterprises of the devices running on their networks could be blamed for the vulnerabilities.

Microsoft, however have shared the information with the manufacturers of the specific devices involved and have continued to explore new protections for their own products.

Microsoft traces IoT device exploits to the Russian hacking group



The Incognito mode is a browsing mode within the Chrome browser which allow web users to surf the net without the recording of their browsing history, and thus serve as a blockade to low-level tracking techniques.

While Incognito Mode can't be classified as an anonymity tool, it does offer a new window that's more like a newly installed browser in which there are no cookies, no bookmarks, no saved history and pre-filled forms.

But there is a loophole in Chrome that allow some websites to shut down users trying to slip past count meters via Incognito Mode, whereby they monitor an API that's automatically disabled in Incognito Mode; Google has followed suit to shut down the ability of sites to sniff out Incognito Mode through the API.

Since the FileSystem API leave traces of activity on someone’s device, websites can check for the availability of the FileSystem API to determine if a private session is occurring, now Chrome’s FileSystem API have been disabled in Incognito Mode to avoid leaving any traces of activity.

Another Chrome update in the Progressive Web Apps (PWA) support which mimics the experience of traditional apps, through the caching of a version on the device for offline use, that even if you don’t have an internet connection, you can still be able to use the web service, as locally-installed software with the flexibility of online services.

Google will simplify the installation of PWA with Chrome 76, that when the distributing website meets the PWA install criteria, the browser will display a small icon at the right edge of the address bar; and on clicking the icon initiates the PWA installation process.

The bringing of PWA to the forefront, means that Google will be raising more awareness of the standard, and as the line between traditional apps and web pages continue to get blurred, PWA will be fully supported on more modern browsers for better user experience.

Google closes loophole in Chrome Incognito Mode



The online security ecosystem is a fascinating area of computing, though it does have its own share of jargon, which terminologies will appear to the non-techie individuals as mere gibberish.

Such terminologies as spyware, adware, and malware can be really confusing, so it behooves us to break them down a bit, so that our non-techie readers can understand which is which, and what every specific term actually means. While many online surfer, take the term virus as generalized dangerous software on any computer, but not all the malicious software are viruses, as each has its own different characteristics.

Anyone using an Internet connected PC must have encountered a form of these dangerous software programs, either via file sharing with other online users or through streaming movies and music online, as such portals are where malicious actors come to play.

What is a Malware and how does it affect Computers and Smartphones?



Malware is often confused with a virus, mostly they have malicious intents against the interest of the computer user rather than to cause harm to the system. It may include Trojan horses, ransomware, spyware, and adware, among others, which are all geared at stealing users personal information or data, while spying on their online activities.

For instance, there was a time Sony shipped Compact discs with rootkit silently installed on users' PCs with the sole intent of preventing illicit sharing or copying; but it also spied on users' listening habits, which created extra security vulnerabilities.

What is a Virus?



Virus is a program that replicates itself by modifying other computer programs and inserting own code, with the affected system said to have been "infected" - which means that the effect is mainly on the system, and it often employ complex stealth strategies to evade detection by antivirus software.

It is often mistaken as malware, but the later encompasses malicious programs such as computer worms, Trojan horses, ransomware, spyware, adware, and rootkits; also including malicious Browser Helper Object (BHOs), among others.

Though malware are less harmful to computer systems, protection against it is necessary to prevent data loss and hackers gaining access to your computer. For this purpose, there are several antivirus software, firewalls and other strategies that can be used to help protect against the infiltration of malware.

Additionally, it is recommended to always check for the presence of malware or any malicious activity on your PCs and smartphone, as recovering from such attacks can be a herculean task.

Jargon Buster: Get to know Terminologies in Online Security



TrickBot is back again in the news, after infecting nearly 250 million Google accounts, this time it has resurfaced with some new tricks - that's capable of disabling the Windows inbuilt antivirus software altogether.

Microsoft introduced the Windows Defender Advanced Threat Protection to its newest operating system, Windows 10, which protect the PCs by moving it up from isolated defenses to a smart, interconnected, and coordinated defense grid that is intelligent, simple to manage, and ever evolving.

But TrickBot has proven that the hallowed defense isn't quite foolproof, as the malware variant now has the ability to disable Windows Defender by deploying some tricks, which includes the deletion of the WinDefend service and subsequently terminating its associated processes.

TrickBot also deploys a DisableAntiSpyware Windows policy to fully thwart the Windows Defender, and equally disabling the real-time protection and Windows security notification service.

Though, there are still some level of protections available for Windows 10 users, like blocking access to Windows Registry and removal of admin rights, which can prevent TrickBot from successfully disabling the Windows Defender. Albeit, this line of defense itself will depend on how advanced the particular variant of TrickBot is actually, as it is known to download additional payloads in order to gain higher system privileges.

However, Windows 10 users should ensure that the “Tamper Protection” feature is enabled, even though the feature remains ‘On’ by default, the malware is capable of of disabling it and as long as it is enabled, Windows 10 users shouldn't be so much worried about the Trojan, as it makes it relatively safer by preventing the disabling of the Windows Defender.

TrickBot can disable Windows Defender Advanced Threat Protection