Technology - Google News

---

• What accessories have you gotten for your Note 10? - Android Central
• Patch time! Microsoft warns of new worm-ready RDP bugs - Naked Security
• Misfit's Vapor X smartwatch boasts longer battery life and Spotify - Engadget

What accessories have you gotten for your Note 10? - Android Central Posted: 14 Aug 2019 05:41 AM PDT We've been talking a lot about the Galaxy Note 10 recently, and that's because there's a ton going on with the phone. It has some of the slimmest bezels we've ever seen on a Samsung phone, the S Pen got meaningful upgrades, and the new colors look incredible. Our forum community recently talked about what cases they were picking up for the Note 10, but now we want to dive a bit deeper into a similar discussion. Along with cases, there are also screen protectors, skins, and other goodies you can get for the phone to really take it to the next level. Here's what some of our members had to say this time around. Let's block ads! (Why?)

Patch time! Microsoft warns of new worm-ready RDP bugs - Naked Security Posted: 14 Aug 2019 06:27 AM PDT by Danny Bradbury Microsoft's Patch Tuesday bought some very bad news yesterday: more wormable RDP vulnerabilities, this time affecting Windows 10 users. CVE-2019-1181 and -1182 are critical vulnerabilities in Remote Desktop Services (formerly Windows Terminal) that are wormable – similar to the BlueKeep vulnerability that people have already created exploits for. Wormable means that the exploit could, in theory, be used not only to break into one computer but also to spread itself onwards from there. These new vulnerabilities, which Microsoft found while it was hardening RDS, can be exploited without user interaction by sending a specially-crafted remote desktop protocol (RDP) message to RDS. Once in, an attacker could install programs, change or delete data, create new accounts with full user rights, and more. CVE-2019-1222 and -1226 also address these flaws. Unlike BlueKeep, these new RDP vulnerabilities affect Windows 10, including server versions, as well as Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. Microsoft said that these vulnerabilities haven't yet been exploited in the wild, but urged customers to get ahead of the game by patching quickly: It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide. Computers with network level authentication (NLA) are partly protected, because crooks would need to authenticate before making a request, meaning that an attack couldn't spread without human interaction on NLA-enabled systems. Microsoft also fixed several other critical bugs in this Patch Tuesday, including a remote code execution (RCE) vulnerability in Internet Explorer's scripting engine (CVE-2019-1133 and -1194). Attackers can exploit the bug via a specially crafted website or by sending a malicious ActiveX control marked "Safe for initialization" to any MS Office program that uses the Internet Explorer rendering engine. Edge users didn't get away scot-free either. There's a similar bug (CVE-2019-1131, -1139 to -1141, and CVE-2019-1195 to -1197) in that product's Chakra Scripting Engine. It allows for remote code execution in the current user context, and it's exploitable via malicious websites. Sophos Phish Threat Phishing attack simulation and training for end users Try for Free Microsoft fixed a critical RCE bug in its Hyper-V hypervisor (CVE-2019-0720), which exploits poor input validation in the Hyper-V Network Switch and could be exploited by a malicious application running in the guest OS. There are also some related denial-of-service (DoS) bugs patched in Hyper-V. CVE-2019-0736, -0965, and -1213 are RCE bugs in the Windows DHCP server that an attacker can exploit by sending malicious DHCP responses to a client, while CVE-2019-1188 is a flaw in the way that Windows processes files with a .LNK extension. LNK files point to executable files, but improper processing enables remote code execution. Attackers could exploit this bug via removable drives or remote shares. Flaws in the way that Windows processes fonts (CVE-2019-1145, and -1149 to -1152) allow an attacker embedding maliciously crafted fonts in a website or file to execute code remotely on the system. There were also some bugs in Microsoft Office. A flaw (CVE-2019-1199-1200) in the way that Outlook handles objects in memory means that an attacker could execute code remotely using a malicious file delivered via email or a website. Outlook's preview pane is an attack vector there, as it is for a bug in Microsoft Word (CVE-2019-1201 and -1205) that allows for remote code execution from maliciously-crafted Word documents. The final critical bug in the bunch was CVE-2019-1183, which is a flaw in the Windows VBScript Engine that allows malicious websites or ActiveX objects to trigger remote code execution on the target system. However, Microsoft is in the process of getting rid of browser-based VBScript and has now turned it off by default in Internet Explorer 11 in this round of updates. Let's block ads! (Why?)

Misfit's Vapor X smartwatch boasts longer battery life and Spotify - Engadget Posted: 14 Aug 2019 07:00 AM PDT The latest smartwatch from Misfit is hoping to overcome the pain of limited wearable battery life. Enter the Vapor X, which offers a more power efficient processor and a battery saving mode to keep it going for longer. The Vapor X uses the Qualcomm Snapdragon Wear 3100 chipset, an ultra low power platform to extend battery life. Other power efficiency measures include a battery saving mode and a rapid charging feature which means the smartwatch can be almost completely charged in one hour. This should mitigate one of smartwatches' biggest annoyances -- constantly low battery levels. The device runs Wear OS, Google's Android version for wearables, and will compete with latest generation smartwatches like the Fossil Gen 5. It'll be compatible with phones running Android 4.4 and above or iOS 10 and above, with basic specs including 4GB of storage and 512MB of memory. Plus there's standalone GPS and it'll be swimproof in shallow water. It will come with Spotify pre-installed, so you can listen to music on to go. It can even operate as a music player without being paired to a phone, as long as you have a paid subscription to either Pandora or Google Play Music. The Vapor X is compatible with Google Pay, so you can make payments via NFC and there's also safety app Noonlight pre-installed which can be used to trigger a request to emergency services. In terms of health tracking, it comes with a heart rate sensor and the Cardiogram app which will monitor your vital signs to keep tabs on your health. For those looking for more style, the Vapor X will come in five colors with interchangeable straps, and the watch face is customizable for a more personalized look. Misfit is selling the Vapor X for $199.99 for a limited time, after which it'll rise to $279.99. Source: Misfit In this article: battery life, gear, misfit, misfit vapor x, smartwatch, wearables All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. Comments 46 Shares Share Tweet Share Save Let's block ads! (Why?)

You are subscribed to email updates from Technology - Latest - Google News. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States