Opera GX is a game-centric web browser developed by Opera Software AS, which was first announced on June 11, and now released as the world’s first gaming browser.

The browser is distinguishable by its gaming-inspired theme and the integration of Razer Chroma, which is perhaps the world’s largest lighting system for gaming devices, allowing you to enjoy a more thrilling and immersive experience browsing with the lighting effects on your supported device.

And there’s the presence of CPU and RAM limiter capabilities, aimed at speeding up your PC gaming experience altogether. Albeit, this may not be the first browser to integrate Razer Chroma, as Vivaldi already have it in version 2.5 which brings first-of-its kind integration to Razer Chroma for gaming devices.

Opera GX is currently supported only on Windows PCs, and expressly for use within games, just as Steam’s inbuilt browser works. Though, it isn't supported for game consoles like the Microsoft Xbox One or PlayStation game devices.

How to use Opera GX for gaming



With such features like Razer Chroma integration, and game collections from Twitch, you can use Opera GX, which functions like any standard Chromium browser, but with gamers at heart, and works just as Chrome browser would open a website.

Simply head over the official Opera Gx site to download the gaming browser, and once downloaded to your Windows PC, then launch the browser.



You'd most definitely love the looks and UI experience of the browser, and you'll find most social messengers that are available on the sidebar, which includes Facebook Vkontakte, Messenger, Telegram, and WhatsApp fully integrated, and you are able to chat right from the browser’s interface.

Additionally, Opera GX features a built-in free VPN, just like the main Opera browser and adblocker, with a “video pop out” feature to allow you playback videos in smaller overlay outside of the web browser.

What more features are available on the Gaming Browser?



There is the “GX Corner” panel that sits at the left corner of the tab bar, with news about new upcoming games and deals aggregation links for games on sale. It also includes a “Daily News” section, which by default, offers you a dedicated stream of latest gaming news.

Also, the sidebar features a Twitch panel, whereby you can easily browse through the channels you follow, and to see who's presently online streaming, or even get notified when a channel you’re following starts a live streaming.

Opera will be bringing a “Video over game” feature so that you can also watch a video walkthrough or other video on top of a game section, even while you’re still playing it, though this feature isn’t yet available for now.

How to use Opera GX to Enhance your Online Gaming experience



The iPhone lockscreen bypass bug that was reported by a security researcher, Jose Rodriguez has gone unpatched as Apple is prepping to release the newest version of its mobile OS next week.

While the exploit allow just anyone to bypass the iPhone lockscreen to gain access to contact information, and perhaps other piece of information saved on the device. The bug was first spotted in 2018 on iOS 12.1, and now the latest iOS 13 still suffers the same bug using similar technique, which revolves around the activation of FaceTime call and accessing the Siri voiceover feature to enable access to contact list.

The bypass technique also works on iOS 13 GM which runs on iPhone X, albeit access to photos is denied on the device, but ordinarily, the procedure requires physical access to the iPhone, and the enabling of voiceover by initiating a FaceTime call.

And perhaps, this latest bug is inline with a long list of lockscreen bypass bugs on iOS, which started from iOS 6.1 & 7 far back in 2013, that allowed just anyone access to iPhone contact information and even saved photos. Even on the iOS 8.1 and iOS 12.1, the lockscreen can also be bypassed using same procedure.

But the good news is that Apple is already working on the permanent fix, which is expected in the iOS 13.1 beta, which is planned for release on September 30th.

Apple to release iOS 13 without patching the LockScreen Bypass bug



Google announced plans to implement DNS-over-HTTPS (DoH) in the next version of its browser, Chrome 78 with users given the option of choosing the corresponding DoH server to use for DNS resolution.

This is coming on the heels of Mozilla's enabling of DoH in the main Firefox browser release for a small percentage of its users, and promise of subsequently making it available for all Firefox users. While the actual support for DoH was added to Firefox 62 to improve the way the browser interacts with DNS, using encrypted networking to obtain DNS information from the server that is configured within the browser.

Albeit, Mozilla is been criticized for enabling the feature by default on Firefox and domiciling all the DNS traffic to Cloudflare.

Google, on the other hand, is towing a different part, as it will first check whether a user's DNS provider is on its list of known DoH-compatible providers, which if the user's DNS provider is on the list, will automatically upgrade Chrome DoH to that provider's DoH server for DNS resolution.

And Chrome DoH will run on all platforms other than Linux and iOS, including Android 9 and later, which if the user has configured a DNS-over-TLS provider, Chrome will also use that instead of the ones from their list, except there is an error.

The upgrading of DNS Resolution to DoH will happen according to the user's current DNS provider, that given that it is supported, as Google feels that the users DNS resolution experience will need to remain the same.

Nonetheless, DNS-over-HTTPS (DoH) have not been welcomed in enterprise environments, governments and ISPs, as some ISPs in certain countries block connection to sites via monitoring the DNS traffic.

It will allow users to bypass such censorship or spoofing attacks and increase privacy as the DNS requests would be hard to monitor. And just anyone, including privacy advocates would be able to bypass traffic filters set in place by rogue governments to track the citizens.

Chrome 78 to make debut with DNS over HTTPS (DoH) support



Mozilla announced plans to enable DNS-over-HTTPS (DoH) by default in the Firefox browser, starting with US users this month. But the news was received with lots of criticism, as most security researchers believed the idea of domiciling all the DNS traffic to Cloudflare, is bad idea.

While the operating system is what's normally responsible for managing DNS and other network settings on all applications, but Mozilla is looking to change all that, by making Firefox able to dictate the pitch. And should other applications also follow this example, it will only lead to chaos over the Web.

Now, imagine if you get different DNS for different applications or perhaps, have the applications implementing own IP stack, with different addresses, routing and so forth. Though, DoH generally, is a good technology as it brings privacy via encryption, but the correct way would be to standardise DoH and add support for it into automatic address configurations and operating systems, not applications.

Mozilla should revert the change to allow users, at least to opt-in, and choose their DoH provider, rather than automatically defaulting to Cloudflare. The company must take real responsibility by working together with the security community to create RFCs to make DHCPv6, DHCPv4 and Router support DNS URLs instead of IP addresses.

It could also contribute in developing support for the operating systems, if truly privacy is a concern for Mozilla. And whether you've got trust for Cloudflare or not, directly supporting centralization by using DoH in Firefox sucks.

The best way to voice out against it is perhaps is to turn DoH off in your Firefox browser, simply go to Settings - Network Settings and uncheck the Enable DNS over HTTPs checkbox.

Why Mozilla's defaulting of Firefox DoH to Cloudflare is a bad idea?



Cloud Dataproc is a fully managed cloud service for running Apache Spark and Hadoop clusters in a simpler, and more cost-efficient manner, by reducing operational hours, and you paying only for the resources used.

Now, Google Cloud brings Spark as a service to the Kubernetes container, and ditching the virtual machine-based Hadoop clusters, with other non-Spark analytics engines support coming in the future. While the open source container orchestration platform, Kubernetes has been a big deal in the Cloud industry, which cluster computing has become increasingly important in big data processing.

Google is launching the alpha of Cloud Dataproc to Kubernetes as an important step for the Cloud service to serve as a hybrid cloud model.

The overriding idea, however is for enterprise customers to have the ability to run Apache Spark on Google Kubernetes Engine (GKE) clusters, with products such as Anthos making GKE available virtually anywhere, customers will be able to take Cloud Dataproc to their data centers as well.

Google Cloud Dataproc coming to Kubernetes is significant as it provides customers with single control plane for both deployment and managing of Apache Spark on Google Kubernetes Engine on public cloud or on-premises environment.

This is bringing enterprise-grade support, management, and security to Apache Spark jobs on Kubernetes, which is also the first of many objectives, including to simplify infrastructure complexities for data scientists around the world.

Google Cloud Dataproc comes to Kubernetes with an alpha release



Mozilla has progressed in its effort to thwart network snoopers by encrypting connections to the web servers that host websites, using DNS-over-HTTPS (DoH), the combination of the network technology, DNS and HTTPS, to prevent middlemen from figuring out the internet servers.

While the support for DoH was added to Firefox 62 as a way to improve the way the browser interacts with DNS, employing encrypted networking to obtain DNS information from the server that is configured within Firefox, but it does not use DoH by default, as users are required to go through the configuration editor to enable it.

Now, the company has announced plans to enable support for the DNS-over-HTTPS protocol by default within the Firefox browser, starting with US users this month.

Mozilla had been testing the DoH support in Firefox way back since 2017, and so far, no issues have been recorded with the new protocol. So, it now plans to enable DoH in the main Firefox browser release for a small percentage of its users, and subsequently enable it for all Firefox users.

What this means is that Firefox will ignore the DNS settings setup in the operating system, and instead, use the browser-side DoH resolver. And the encryption of the DNS traffic will effectively hide DNS information from ISPs and traffic filters, or even , enterprise firewalls and any other third-party that wants to intercept a user's traffic.

Albeit, DNS-over-HTTPS has not been welcomed by enterprise environments, governments and ISPs, as DoH could allow just anyone, including privacy advocates to bypass traffic filters set in place by rogue governments to track the citizens.

Mozilla's implementation of DoH, however would help to seal off major holes, regarding privacy and security, though there will be some technical challenges, but gradually things will surely improve.

Mozilla will now enable Firefox DNS-over-HTTPS (DoH) by default



Lilu (Lilocked) ransomware was first discovered by a ransomware note uploaded on ID Ransomware, a portal for identifying new ransomware based on the demand specified in the ransomware note.

Now, the new strain of ransomware has reportedly infected thousands of Linux servers around the world, with the attacks haven commenced in mid-July, but severe cases were most evidence in the last few weeks. While the actual mechanism employed in the attack remains unknown, it is quite obvious that bad actors are targeting Linux-based servers running on the defunct Exim software.

The ransomware note that accompanied the attacks come with the encrypted message: “I’ve encrypted all your sensitive data!!! It’s a strong encryption, so don’t be naive to restore it;)” according to a Russian forum.

And once the victims click on the link within the note, they are redirected to a site on the dark web, demanding that they enter the key from the note, which when entered, requires them to deposit 0.03 bitcoin or the equivalent of $325 in an Electrum wallet in order to recover their files.

But luckily, the ransomware doesn't affect any system file, and Linux systems will continue to run as normal; as it target only files with such extensions as CSS, PHP, HTML, SHTML, JS, INI and other formats. Albeit, the actual number of infected Linux servers could not be ascertained as there are many of such servers currently not indexed on Google.

For now, there is no security advisory issued to mitigate the attack, however as per usual security recommendation, try to ensure your passwords are strong and all apps are updated to latest versions.

Linux Servers targeted by new strain of Lilocked (Lilu) ransomware



The cybersecurity researchers at Avast have disclosed that about 29 models of GPS tracking devices used in keeping tabs on children manufactured by Chinese companies, come with a number of vulnerabilities.

While the GPS tracking devices are estimated to be over 500,000 (available for purchase on Amazon and some other online merchants) all come shipped with "123456" as the default password, which an attacker could easily break into as most of the users never bothered to change the default password.

The vulnerabilities stems from the fact that communication between the 'Cloud and GPS trackers' and 'Cloud and the device's mobile Apps' and 'Users and the device's web application' were done over unencrypted HTTP protocol, leaving it open to man-in-the-middle (MiTM) attackers who could intercept the data with unauthorized commands.

As communications via the web application is over HTTP; the JSON requests are also in plaintext and unencrypted, allowing an tracker to call an arbitrary mobile number, which when connected would enable them to listen to the tracker through the other party without trace.

Again the communication in text-based protocol lacks any form of authorization, which process works by identificartion of the tracker by its IMEI number.

The researchers also discovered that remote attackers could obtain the real-time GPS coordinates of any target device by simply sending SMS to the mobile number associated with the SIM card which is to provide DATA and SMS capabilities to the device.

Albeit, the attackers would need to first know the associated mobile number and password on the tracker to be able to carry out an attack, though it can be exploited by the cloud/mobile app flaws to authorize the tracker to send SMS to an arbitrary mobile number by itself, allowing the attackers to obtain the trackers specific mobile number.

Once access is gained to the device's mobile number and given that the default password '123456' remains for most of the devices, the attacker can easily use the SMS as attack vector.

The researchers, however claimed to have since notified the manufacturerers of the GPS tracking devices critically affected by the security vulnerabilities, as well as the vendors, but still no response.

How GPS Tracking devices could expose Kids real-time Location data



Twitter has temporarily disabled the 'Tweet via SMS' feature after it was reportedly abused by hackers to compromise the company's CEO, Jack Dorsey's Twitter account, whereby a series of tweets with racial slur was posted on the timeline.

The hacking group called "Chuckling Squad" - replicated the mobile number associated with the CEO's Twitter account to gain access to tweet racist, cum offensive messages and threats via SMS. The procedure known as "SIM Swap" allows anyone to recover a supposedly lost or displaced SIM by requesting the telecom company to transfer the number to another SIM card.

Through social engineering trick, the group were able to get Dorsey's mobile phone number and provider, which enabled it gain unrestricted access, whereby they used the popular 'Tweet via SMS' feature to post tweets under his username, without actually breaking into his account.

While the Tweet via SMS feature allow users to make post directly to Twitter by simply sending an SMS message to a specific Twitter number from the registered mobile number associated with the account. Albeit, it requires no extra authorization which was the bane that allowed it to be easily hijacked by the hacking group.

Twitter halted the feature to forestall such incidence from repeating itself, and has promised to reactivate it in markets that depend on SMS for reliable communication soon.

The company also confirmed it was working on longer-term strategy because of the vulnerabilities that must be addressed by the mobile carriers to have a linked phone number for two-factor authentication.

Twitter halts the 'Tweet via SMS' feature after an Impromptu hack



Mozilla has been at the forefront in fight against websites that track users online activities, which tracking is only beneficial to advertisers who target specific users, despite that it invades their privacy.

Now, the company has released Firefox 69 with ability to block third-party tracking cookies by default, which is powered by the new tool called Enhanced Tracking Protection, a step-up from its earlier approach of manually keeping websites and advertisers from tracking users online activity.

While the Enhanced Tracking Protection debuted in Firefox 57 as an option to block website elements (analytics trackers, ads and social share buttons), enabling tracking protection outside of private browsing. It aims to help in mitigating privacy threats and put the users back in control of their online activities without fear of snooping and tracking of their browsing behavior across websites — without knowledge or consent.

Firefox 69 goes even beyond the cookies, as cookies aren't the only tracker that follow users around on the web; it also block Cryptominers, which are capable of accessing the CPU, resulting slow down and fast battery draining, which helps the miners to generate cryptocurrency — certainly not for the user, but for themselves.

Firefox allows you to view those sites that are already blocked via the Blocking Tracking Cookies section, and you can also turn off blocking for specific sites.

The Enhanced Tracking Protection is ultimately aimed at blocking only third-party trackers (ad cookies), as it allow first-party cookies, such as logins, so that you can continue where you last left off, without having to retype passwords.

Mozilla's move to tackle cryptomining, stems from the fact that it uses CPU to generate the cryptocurrency, and fingerprinting that track users across the web. The fingerprinting scripts is capable of harvesting a snapshot of computer’s configuration, which can be used to track a user, without consent.

Firefox users, however can turn on ‘Strict Mode’ to get protection from fingerprinting scripts; albeit Mozilla promises to turn fingerprinting protections on by default in future releases.

Firefox 69 block third-party Cookies & Cryptominers by default



Google has released the latest iteration of its renowned mobile OS, Android 10, breaking from the decade old norm of naming it after sweet delicacies, as the Internet giant is done with fancy dessert names for Android. But, even more significant is the bevy of new security and privacy features coming to the mobile operating system.

While the most important upgrades are concerned with privacy, especially those that prevent apps from profiling you. As Android 10 will generate a randomized MAC address for the device, which unique identifier is used for the network hardware, and will require extra permissions to access the IMEI and serial numbers, which all uniquely identify the device.

Amongst the privacy-focused enhancements, is the control over how apps access a phone’s location - Android 10 brings a new dialog to let users choose if an app can have access to location, with options like at all times or only on running in the foreground.

Google also took steps to protect information around how apps interact with your contacts. As whenever you grant an app access to contacts, Android will not provide any ‘affinity information’ which organizes the data according to your most recent interacts. And this privacy features are not only for individual users, but organizations also gets more flexibility and privacy capabilities, such as when using corporate-owned devices, employees will experience even more privacy using their work device.

And Organizations can provision company-owned devices into work profile mode with zero-touch enrollment or other methods, so that employees can enjoy better privacy for personal reasons and IT admins can have more ways of managing company-owned and BYOD devices.

It will also offer new privacy section within the settings, to enable employees view all the controls in one place, coupled with more granular controls for location data that allow an app access to location only when the app is in use.

Android 10 will bring over 50 security and privacy improvements that's specifically targeted at organizations and employees, with enterprise ability to block installation of apps via unknown sources on devices with a work profile, to reduce organization-wide risk of malware.

The IT admins can also set a private DNS on a managed device, including the requirement of DNS over TLS to avoid the leaking of URL queries.

Google perhaps has been listening to feedback from its users who complained about phone sensors ability to implicitly reveal users details. More reason Android 10 will introduce new version to its ACTIVITY_RECOGNITON permission for apps that track physical activities, such as step count.

Additionally, Android 10 will require specific location permissions for apps requesting to access selected Wi-Fi, telephony, or Bluetooth functions. While another a new feature called scoped storage, will restrict app’s access to files on external storage, giving access to only its specific directory and media types.

How Google's latest software, Android 10 takes privacy a notch higher



Hangouts, which originally launched with Google+ social network, is a messaging system that allows for collaboration between workers, with offerings like video chats and voice call, in addition to regular text messaging.

While Google+ has been discontinued, the company had scheduled the transition from classic Hangouts app to Meet (a more secure, and improved video chat for meeting experience providing better performance over the classic Hangouts app) for G Suite customers starting from last May 2018 to October 2019 deadline.

Launched in March 2017, Meet is an improvement on the video meeting experience providing better performance over the classic Hangouts video calls, with better security and reliable method for guests to join meetings.

Google had earlier planned to retire classic Hangouts with the purported full migration of G Suite users to the new platform, but now, it has extended the migration deadline for G Suite customers to make the switch to Hangouts Chat and Meet tools.

And the new final transition date, according to google will be “no sooner” than June 2020; though not a more precise time frame, the company promised to make a clear announcement when the date is closer to the deadline. While G Suite customers that need to upgrade to the latest versions of Hangouts can still do so, by requesting an invitation via the Accelerated Transition Program.

Google promises to continue to improve the transition of classic Hangouts group conversations, as well as additional new Chat features, like the "Read receipts" - which notifies a user when messages have been read.

However, the migration by organizational unit isn't yet available, instead the classic Hangouts group conversations can be recreated in Chat, albeit it requires a review of the Deployment Guide and Known Limitations, to determine whether the migration experience will be right for your organization.

Google pledges to provide an advance notice once there is more definitive date, and advises customers to keep a watch on the G Suite Updates blog for new information.

Google Hangouts migration deadline extended for G Suite customers



Google is grappling with the outbreak of data-abusive apps on its platforms, with instances like the Cambridge Analytica scandal, which affected the Facebook app, whereby users data were sold purposely, albeit illegitimately without the users consent.

The company in a bid to contain the situation has announced the expansion of it's vulnerability reward program, which includes: the Developer Data Protection Reward Program (DDPRP), and the Verifiably & Unambiguous Evidence of data abuse in Android apps and Chrome extensions; also now extended to the OAuth projects.

It has also expanded the scope of the Google Play Security Rewards Program (GPSRP) to include all apps on Google Play Store with over 100 million installs, and offering help to affected developers in fixing such vulnerabilities through responsive disclosures.

Getting Bounty by Finding Data-Abusive Chrome & Android Apps



Whenever a developer reports a data abuse related to any Android app or Chrome extension, which app or extension will be liable for removal from the Play Store or Chrome Web Store; though no reward table is listed at the moment, but depending on the severity of impact, it could net as much as $50,000 for a bounty reward.

The reward is aimed for just anyone who is able to provide a verifiable and unambiguous evidence of data abuse, which measures will help Google to thwart malicious apps and Chrome extensions that abuse users' data on its platforms, and also beef up security on the Play Store.

The program will open door for researchers to help in identifying and fixing vulnerabilities in apps, and if any developer succeeds in pinpointing an abuse on its own apps, will also receive rewards directly from Google. That will encourage more app developers to start checking their own apps, and to disclose possible vulnerability or bug; which validates the bounty program's working directly with the developer community.

How to Get Bounty by finding Any Data-Abusive Chrome or Android App