14 C
New York
Monday, March 17, 2025
Home Blog Page 17

New Microsoft 365 Assault Leverages OAuth Redirection for Credential Theft

codesanitize
-
0
New Microsoft 365 Assault Leverages OAuth Redirection for Credential Theft


Menace researchers at Proofpoint are at the moment monitoring two refined and extremely focused cyber-attack campaigns which are using OAuth redirection mechanisms to compromise consumer credentials.

These assaults mix superior model impersonation methods with malware proliferation, specializing in Microsoft 365-themed credential phishing designed to facilitate account takeovers (ATOs), as per a report shared within the platform, X.

Key Options of the Assault

  1. OAuth Redirection Mechanism: The attackers exploit OAuth, a protocol used for safe authorization, by redirecting customers to pretend login pages. This misdirection trickery permits attackers to intercept login credentials, together with usernames and passwords.
  2. Model Impersonation: Attackers are utilizing refined model impersonation strategies to imitate Microsoft 365 and different respected manufacturers. This tactic helps construct belief with potential victims, growing the probability that targets will unknowingly present delicate data.
  3. Malware Proliferation: Along with credential phishing, these campaigns additionally contain the distribution of malware. As soon as malware is put in on a tool, it could possibly extract extra delicate data or facilitate additional unauthorized entry.
  4. Focused Strategy: These campaigns are extremely focused, specializing in particular people or teams inside organizations. This tailor-made strategy means that attackers have carried out in depth reconnaissance to establish priceless targets, making the assaults more practical.

The mixture of OAuth redirection and credential phishing poses important dangers to companies and people utilizing Microsoft 365.

If profitable, these assaults can result in unauthorized entry to delicate knowledge, monetary loss, and reputational injury.

Furthermore, using well-known model impersonation can erode belief in reliable companies, complicating efforts to distinguish between real and malicious communications.

Suggestions for Safety

To safeguard towards these threats, customers and organizations ought to:

  • Confirm URLs: All the time verify the authenticity of URLs earlier than coming into login credentials.
  • Use MFA: Implement multi-factor authentication (MFA) so as to add layer of safety.
  • Common Updates: Preserve software program and safety options up to date with the newest patches.
  • Worker Coaching: Educate customers on recognizing phishing makes an attempt and the significance of safety greatest practices.

As these campaigns proceed to evolve, vigilance and consciousness are essential in stopping and mitigating such assaults.

Companies should stay proactive in enhancing their cybersecurity posture to guard their knowledge and pursuits successfully.

In conclusion, whereas the menace panorama continues to develop into extra complicated, understanding these assault strategies and taking proactive measures might help forestall important losses.

Are you from SOC/DFIR Groups? – Analyse Malware Incidents & get stay Entry with ANY.RUN -> Begin Now for Free. 



routing – Two Routers Two related Lans – No bi-directional pinging

codesanitize
-
0
routing – Two Routers Two related Lans – No bi-directional pinging


To begin with I have to day that I’m NOT a community engineer and my Networking information is sort of restricted and no matter is there could be largely concept and fewer observe – so please forgive me if the query is silly / trivial or if the entire setup is very unsuitable.

I’ve a community setting which is greatest expressed in The next diagram:

Network Sketch two routers

So Mainly two routers daisy-chained ( or change ) the place Router01 is related to modem and assign DHCP IP’s to purchasers and Router02 is Really a Consumer getting IP from Router01 as [ 10.0.0.110 ] whereas having it is personal DHCP assigning 192.168.1.xxx Addresses to different purchasers, and personal LAN IP of [ 192.168.1.199 ] and Gateway as Router01 with [ 10.0.0.1 ]

The preliminary cause for that two – router setup separation is the the Router02 has a VPN consumer on it – which shouldn’t be uncovered to Router01 Community [ 10.0.0.xxx ] purchasers which means solely Shoppers on Router02 ought to have entry to that VPN connection.

Really, this setup is considerably working OK more often than not for many functions ( besides atypical home windows sharing / networking / DNS and host title resolving which is all the time a ache ) BUT – for me there’s a single concern that drives me loopy – and that’s the indisputable fact that I can ping / entry Shoppers and machines from Router02 — to –> Router01 – however NOT the opposite means round.

It really works in a single course and fails within the different.

Not solely that it fails – if I’m on 10.0.0.xxx attempting to ping 192.168.1.199 [ Router02 ] I immediately see the ping reply is from 192.168.1.2 ( all the time, it doesn’t matter what deal with I ping ) which to my information – is an deal with that DOES NOT EVEN EXISTS on the Route02 not DHCP ( out of vary ) and never in any other case.
If I connect with Router02 – no Points I can entry all companies servers NAS Printers, sharing, VM and so on and so on on 10.0.0.xxx.

Now – the primary although I had as a novice was that the gateway in both was unsuitable – however I’ve tried all doable mixtures that I might consider – and nothing helped.

Than I Thought I’d add static routing – on both Routers and likewise on Each – however that didn’t appear to assist both ( Actually, in a number of trials and errors I truly created some infinite loops that just about bricked the routers and solely Laborious FW reset and re-flashing the NVram helped )

Only for reference – the Routing desk on Router01 now’s :

Vacation spot     Gateway         Genmask         Flags    Metric Ref    Use Sort Iface
100.72.0.1      *               255.255.255.255 UH       0      0        0 WAN0 ppp0
10.0.0.0        *               255.255.255.0   U        0      0        0 LAN  br0
192.168.1.0     *               255.255.255.0   U        0      0        0 MAN0 eth0
192.168.1.0     10.0.0.110      255.255.255.0   UG       1      0        0 LAN  br0
default         100.72.0.1      0.0.0.0         UG       0      0        0 WAN0 ppp0
default         192.168.1.1     0.0.0.0         UG       1      0        0 MAN0 eth0

And on Router02 is :

Vacation spot LAN NET     Subnet Masks         Gateway         Flags   Metric      Interface
default                 128.0.0.0           198.18.64.1     UG          0           tun0
default                 0.0.0.0             10.0.0.1        UG          0           WAN
1.1.1.2                 255.255.255.255     198.18.64.1     UGH         0           un0 // <-- For those who truly studying this You most likely now scratch your head and surprise why Community masks of 255.255.255.255 ( /32) - effectively, So do I.
10.0.0.0                255.255.255.0       *               U           0           WAN
10.0.0.1                255.255.255.255     10.0.0.1        UGH         0           WAN
88.216.2.165            255.255.255.255     10.0.0.1        UGH         0           WAN // <-- No thought what it's and why it popped out - most likely VPN associated
128.0.0.0               128.0.0.0           198.18.64.1     UG          0           tun0
192.168.1.0             255.255.255.0       *               U           0       LAN & WLAN
198.18.64.0             255.255.240.0       *               U               0       tun0 WAN // <-- No thought what it's and why it popped out - most likely VPN associated

I additionally learn a number of questions that may be associated to 2 router setups like This one or This or This and several other others – however truthfully My networking information is so minimal that it didn’t actually helped me to grasp the problem.

So mainly, I’m prepared to surrender on this setup and simply take care of often, like at the very least twice an hour altering my wifi connection, However as a final resort I although possibly somebody right here might graciously assist.

if want any additional information I’d be joyful to Add / Edit what is required.
Thanks Prematurely

Stronger waste prevention measures wanted to speed up the Nordic transition to a round financial system

codesanitize
-
0
Stronger waste prevention measures wanted to speed up the Nordic transition to a round financial system






Stronger waste prevention measures wanted to speed up the Nordic transition to a round financial system
Accumulating clothes for recycling (picture credit score: Getty Pictures/Maskot).

Extra systematic waste prevention methods are wanted to realize regional and nationwide sustainability objectives in Scandinavia, in accordance with a brand new report. It outlines sensible measures to strengthen the round financial system within the Nordics, with a specific deal with waste prevention and reuse.

The Nordic Council of Ministers engaged sustainability specialist Sweco to supply suggestions on accelerating waste prevention throughout the area. The undertaking, which centres on municipal waste, was carried out by a crew of Sweco specialists from Finland, Sweden, Denmark and Norway.

“The report’s foremost takeaway is that whereas waste prevention is a precedence within the Nordic nations, a transparent want exists for systematic, sturdy measures to show these insurance policies into tangible outcomes,” mentioned Thomas Hietto, Enterprise Space President of Sweco Finland.

The report attracts on worldwide greatest practices and evaluates a spread of efficient financial devices that may very well be adopted by the Nordic nations, comparable to focused charges on quick trend, VAT reductions for second-hand commerce and restore companies, and R&D funding for revolutionary round enterprise fashions.

Hietto mentioned the report “offers essential insights on how the Nordic nations can advance their waste administration methods from conventional recycling to a completely built-in round financial system. This strategy addresses your complete product worth chain and makes it simpler for residents to make sustainable selections”.

The report is discovered right here. Within the report, Sweco concludes that:

  • Stronger coverage devices are vital to enhance waste prevention, comparable to regulatory and financial measures together with taxes, charges and bans.
  • Steering devices ought to goal your complete product worth chain, reasonably than focusing solely on the end-of-life stage.
  • Sustainable shopper selections must be made extra enticing.







reactjs – iOS Cell Video Audio Playback Points in React

codesanitize
-
0
reactjs – iOS Cell Video Audio Playback Points in React


I am experiencing points with audio playback in my React video participant part particularly on iOS cell units (iPhone/iPad). Even after implementing a number of advisable options, together with Apple’s personal pointers, the audio nonetheless is not working correctly on iOS Safari. It really works utterly positive on Android. On iOS, I ensured the video does not autoplay (it requires consumer interplay). Listed here are all the small print:

Setting

  • iOS Safari (newest model)
  • React 18
  • TypeScript
  • Video information: MP4 with AAC audio codec

Present Implementation

const VideoPlayer: React.FC = ({
  src,
  autoplay = true,
}) => {
  const videoRef = useRef(null);
  const isIOSDevice = isIOS(); // Customized iOS detection
  const [touchStartY, setTouchStartY] = useState(null);
  const [touchStartTime, setTouchStartTime] = useState(null);

  // Deal with contact begin occasion for gesture detection
  const handleTouchStart = (e: React.TouchEvent) => {
    setTouchStartY(e.touches[0].clientY);
    setTouchStartTime(Date.now());
  };

  // Deal with contact finish occasion with gesture validation
  const handleTouchEnd = (e: React.TouchEvent) => {
    if (touchStartY === null || touchStartTime === null) return;
    
    const touchEndY = e.changedTouches[0].clientY;
    const touchEndTime = Date.now();
    
    // Validate if it is a respectable faucet (not a scroll)
    const verticalDistance = Math.abs(touchEndY - touchStartY);
    const touchDuration = touchEndTime - touchStartTime;
    
    // Solely set off for fast faucets (< 200ms) with minimal vertical motion
    if (touchDuration < 200 && verticalDistance < 10) {
      handleVideoInteraction(e);
    }
    
    setTouchStartY(null);
    setTouchStartTime(null);
  };

  // Simplified video interplay handler following Apple's pointers
  const handleVideoInteraction = (e: React.MouseEvent | React.TouchEvent) => {
    console.log('Video interplay detected:', {
      sort: e.sort,
      timestamp: new Date().toISOString()
    });

    // Guarantee keyboard is dismissed (iOS requirement)
    if (doc.activeElement instanceof HTMLElement) {
      doc.activeElement.blur();
    }
    
    e.stopPropagation();
    
    const video = videoRef.present;
    if (!video || !video.paused) return;
    
    // Try playback in response to consumer gesture
    video.play().catch(err => console.error('Error enjoying video:', err));
  };

  // Impact to deal with video supply and preliminary state
  useEffect(() => {
    console.log('VideoPlayer props:', { src, loadingState });
    
    setError(null);
    setLoadingState('preliminary');
    setShowPlayButton(false); // By no means present customized play button on iOS
    
    if (videoRef.present) {
      // Set crossOrigin attribute for CORS
      videoRef.present.crossOrigin = "nameless";
      
      if (autoplay && !hasPlayed && !isIOSDevice) {
        // Solely autoplay on non-iOS units
        dismissKeyboard();
        setHasPlayed(true);
      }
    }
  }, [src, autoplay, hasPlayed, isIOSDevice]);

  return (
    
      
    
  );
};
  1. Apple’s Pointers Implementation
    • Eliminated customized play controls on iOS
    • Utilizing native video controls for consumer interplay
    • Guaranteeing audio playback is triggered by consumer gesture
    • Following Apple’s audio session pointers
    • Correctly dealing with the canplaythrough occasion

Present Habits

  • Video performs however with out sound on iOS cell
  • Mute/unmute button in native video controls does not work
  • Audio works positive on desktop browsers and Android units
  • Movies are confirmed to have AAC audio codec
  • No console errors associated to audio playback
  • Person interplay does not set off audio as anticipated

Questions

  1. Are there any extra iOS-specific necessities I am lacking?
  2. May this be associated to iOS audio session dealing with?
  3. Are there recognized points with React’s dealing with of video parts on iOS?
  4. Ought to I be implementing extra audio context initialization?

Any insights or strategies could be tremendously appreciated!

Constructing glorious video games with higher graphics and efficiency

codesanitize
-
0
Constructing glorious video games with higher graphics and efficiency



Constructing glorious video games with higher graphics and efficiency

Posted by Matthew McCullough – VP of Product Administration, Android

We’re stepping up our multiplatform gaming providing with thrilling information dropping at this yr’s Recreation Builders Convention (GDC). We’re bringing customers extra video games, extra methods to play your video games throughout gadgets, and improved gameplay. You’ll be able to learn all in regards to the updates for customers from The Key phrase. At GDC, we’ll be diving into all the newest video games coming to Play, plus new developer instruments that’ll assist enhance gameplay throughout the Android ecosystem.

At this time, we’re sharing a more in-depth have a look at what’s new from Android. We’re making Vulkan the official graphics API on Android, enabling you to construct immersive visuals, and we’re enhancing the Android Dynamic Efficiency Framework (ADPF) that can assist you ship longer, extra secure gameplays. Take a look at the video or hold studying under.

Extra immersive visuals constructed on Vulkan, now the official graphics API

Today, video games require extra processing energy for sensible graphics and cutting-edge visuals. Vulkan is an API used for low stage graphics that helps builders maximize the efficiency of recent GPUs, and in the present day we’re making it the official graphics API for Android. This unlocks superior options like ray tracing and multithreading for sensible and immersive gaming visuals. For instance, Diablo Immortal used Vulkan to implement ray tracing, bringing the world of Sanctuary to life with spectacular particular results, from fiery explosions to icy blasts.

Moving image showing ray tracing in Diablo Immortal on Google Play

Diablo Immortal operating on Vulkan

For informal video games like Pokémon TCG Pocket, which pulls gamers into the colourful world of every Pokémon, Vulkan helps optimize graphics throughout a broad vary of gadgets to make sure a clean and interesting expertise for each participant.

Moving image showing gameplay of Pokemon TCG Pocket on Google Play

Pokémon TCG Pocket operating on Vulkan

We’re excited to announce that Android is transitioning to a contemporary, unified rendering stack with Vulkan at its core. Beginning with our subsequent Android launch, extra gadgets will use Vulkan to course of all graphics instructions. In case your sport is operating on OpenGL, it is going to use ANGLE as a system driver that interprets OpenGL to Vulkan. We suggest testing your sport on ANGLE in the present day to make sure it’s prepared for the Vulkan transition.

We’re additionally partnering with main sport engines to make Vulkan integration simpler. With Unity 6, you may configure Vulkan per system whereas older variations can entry this setting by plugins. Over 45% of periods from new video games on Unity* use Vulkan, and we count on this quantity to develop quickly.

To simplify workflows additional, we’re teaming up with the Samsung Austin Analysis Middle to create an built-in GPU profiler toolchain for Vulkan and AI/ML optimization. Coming later this yr, this software will allow builders to make graphics, reminiscence and compute workloads extra environment friendly.

Longer and smoother gameplay periods with ADPF

Android Dynamic Efficiency Framework (ADPF) allows builders to regulate between the system and sport’s efficiency in real-time primarily based on the thermal state of the system, and it’s getting a giant replace in the present day to supply longer and smoother gameplay periods. ADPF is designed to work throughout a variety of gadgets together with fashions just like the Pixel 9 household and the Samsung S25 Collection. We’re excited to see MMORPGs like Lineage W integrating ADPF to optimize efficiency on their core goal gadgets.

Moving image showing gameplay from Lineage w on Google Play

Lineage W operating on ADPF

Right here’s how we’re enhancing ADPF with higher efficiency and simplified integration:

    • Stronger efficiency: Our collaboration with MediaTek, a number one chip provider for Android gadgets, has introduced enhanced stability to ADPF. Gadgets powered by MediaTek’s MAGT system-on-chip answer can now totally make the most of ADPF’s efficiency optimization capabilities.
    • Simpler integration: Main sport engines now provide built-in ADPF help with easy interfaces and default configurations. For superior controls, builders can customise the ADPF habits in actual time.

Efficiency optimization with extra options in Play Console

When you’ve launched your sport, Play Console presents the instruments to observe and enhance your sport’s efficiency. We’re newly together with Low Reminiscence Killers (LMK) in Android vitals, providing you with perception into reminiscence constraints that may trigger your sport to crash. Android vitals is your one-stop vacation spot for monitoring metrics that influence your visibility on the Play Retailer like sluggish periods. You could find this info subsequent to attain and gadgets which gives updates in your sport’s consumer distribution and notifies builders for device-specific points.

Android vitals details in Google Play Console

Test your Android vitals often to make sure excessive technical high quality

Bringing PC video games to cellular, and pushing the boundaries of gaming

We’re launching a pilot program to simplify the method of bringing PC video games to cellular. It gives help ranging from Android sport improvement throughout publishing your sport on Play. Beginning this month, video games like DREDGE and TABS Cellular are rising their cellular viewers utilizing this program. Many extra are following of their footsteps this yr, together with Disco Elysium. You’ll be able to specific your curiosity to be part of the PC to cellular program.

Moving image displaying thumbnails of titles of new PC games coming to mobile - Disco Elysium, TABS Mobile, and DREDGE

New PC video games are coming to cellular

You’ll be able to study extra about Android sport improvement from our developer web site. We will’t wait to see your title be part of the ranks of those superb video games constructed for Android. And if you happen to’ll be at GDC subsequent week, we’d like to say good day – cease by on the Moscone Middle West Corridor!

* Supply: Google inside knowledge measuring video games on Android 14 or later launched between August 2024 – February 2025.

1...161718...3,806Page 17 of 3,806

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved