Category: Unicorns

Categories
Featured Guest Post Language Microsoft Tech News Unicorns

TypeScript Team Releases TypeScript v4.6 With New Updates

Typescript team announces the availability of TypeScript 4.6. TypeScript is a language that builds on JavaScript and adds syntax for types. Types help describe what kinds of values you’re working with, giving your code better readability by telling the editor about any mistakes made in it before they become errors! You won’t need to worry much when using this tool because not only does TypeScript check out all possible errors but also gives many excellent features like completions so there’s no excuse not use them anymore.

In their beta version, TypeScript developers missed documenting two great features – control flow analysis for destructured discriminated unions and the addition of es2022 output target. They also made an additional noteworthy change since their beta – removing void 0 arguments in react-jsx mode. All these changes are available in the TypeScript 4.6.

The RC (Release Candidate) team finally captured the community’s suggestions for mismatched JSDoc parameter names, and these changes will be included in this update of TypeScript 4.6.

List of changes in TypeScript 4.6

To start using TypeScript, you can get it through NuGet or use npm with this command:

npm install typescript

References:

  • https://devblogs.microsoft.com/typescript/announcing-typescript-4-6/
  • https://devblogs.microsoft.com/typescript/announcing-typescript-4-6-rc/
Categories
Featured Google Guest Post Tech News Uncategorized Unicorns

Google Introduces Google Forms API: Bringing Programmatic Access For Managing Forms And Acting On Responses

Source: https://developers.googleblog.com/2022/03/introducing-google-forms-api.html

Google Dev team introduces the Google Forms API to join the large family of APIs available to developers under the Workspace Platform. The programmatic access provides powerful integrations, empowering you with your forms and actions on them.

The API enables developers to build automation for acting on incoming responses. For instance, you could create a real-time dashboard or visualization that watches what people are doing in your form and then trigger an email campaign based on their actions.

Some use cases include education automation integrations with learning management systems (LMS), customer management and support by auto-generating surveys/forms based on customer data, and data analysis and visualization with response data.

The Google Forms API has a good set of methods to perform these operations.

Core Methods

  • forms.create – Creates a new form
  • forms.get – Get all information on a form
  • forms.batchUpdate – Perform form updates (add, edit, delete form items)
  • forms.responses.list – List all responses from a form
  • forms.responses.get – Get a single response from a form

Event types

  • Schema – Changes to form content or settings
  • Response – When form responses are submitted

Watch Methods

  • forms.watches.create
  • forms.watches.delete
  • forms.watches.list
  • forms.watches.renew

Some of the portals that are supporting the beta version of Google API Form are Zapier, Portant, Automagical Apps, 

Resources to use Google Forms API:

Reference: https://developers.googleblog.com/2022/03/introducing-google-forms-api.html

Categories
Cyber Security Featured Guest Post Microsoft Security Tech News Uncategorized Unicorns

Gh0stCringe Malware Targets Microsoft SQL, MySQL Servers

Hackers target Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. The recent Gh0stCringe (also known as CirenegRAT) variant of Gh0stRAT malware was most recently deployed in 2020 Chinese cyber-espionage operations but dates back to 2018. Security researchers have found that the GhostCringe threat actors are targeting database servers with weak account credentials and no oversight, which could lead to more victims.

As mentioned in the article on bleepingcomputer.com, you can see below, the threat actors are breaching the database servers and using the mysqld.exe, mysqld-nt.exe, and sqlserver.exe processes to write the malicious ‘mcsql.exe’ executable to disk.

https://asec.ahnlab.com/en/32572/

Gh0stCringe was developed based on the source code of publicly released Gh0st RAT. You can see the difference between below:

https://asec.ahnlab.com/en/32572/

Malware can be deployed with specific settings concerning their functions, as detailed below:

  • Self-copy [On/Off]: If turned on, copies itself to a certain path depending on the mode.
  • Mode of execution [Mode]: Can have values of 0, 1, and 2. See below for explanations on the modes.
  • File size change [Size]: In Mode #2, the malware copies itself to the path ‘%ProgramFiles%\Cccogae.exe’, and if there is a set value, it adds junk data of the designated size to the back of the file.
  • Analysis disruption technique [On/Off]: Obtains the PID of its parent process and the explorer.exe process. If it results in a value of 0, terminates itself.
  • Keylogger [On/Off]: If turned on, keylogging thread operates.
  • Rundll32 process termination [On/Off] If turned on, executes ‘taskkill /f /im rundll32.exe’ command to terminate the rundll32 process that is running.
  • Self-copy file property [Attr]: Sets property to read-only, hidden, and system (FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM).

References:

  • https://asec.ahnlab.com/en/32572/
  • https://www.bleepingcomputer.com/news/security/unsecured-microsoft-sql-mysql-servers-hit-by-gh0stcringe-malware/
Categories
Europe Featured Guest Post Meta Privacy Region Tech News Uncategorized Unicorns

Irish Data Protection Commission Fines Facebook €17m For Breaching EU Data Privacy Laws in 2018

The Irish Data Protection Commission has hit Facebook with a fine of €17m after finding they did not fully comply with GDPR. The decision followed an inquiry by the commission into 12 breach notifications it received in six months period between June and December 2018, examining their compliance with GDPR requirements for personal data processing at different points during this time frame.

The Data Protection Commission found that Meta Platforms failed to put in place adequate technical and organizational measures, which would make it easy for them to demonstrate the security precautions they implemented. This is despite having 12 personal data breaches.

According to The Irish data watchdog, Meta’s platforms had “failed to have in place appropriate technical and organizational measures” in the context of the 12 personal data breaches.

Ireland has a well-established tradition in regulating the tech industry, especially with regard to internet companies that have their European Union headquarters there.

References:

  • https://www.bbc.com/news/articles/cp9yenpgjwzo#
  • https://techcrunch.com/2022/03/15/facebook-2018-breaches-dpc-decision/
  • https://www.rte.ie/news/business/2022/0315/1286598-facebook-fined-by-dpc/
Categories
Featured Language Meta Security Tech News Uncategorized Unicorns

This Open-Source Browser Extension Verifies Code Authenticity on The Web

Source: https://engineering.fb.com/2022/03/10/security/code-verify/

WhatsApp has long protected your messages with end-to-end encryption as they transit from sender to recipient. But now, security-conscious users need to be confident that when WhatsApp Web receives these encrypted messages, it is also protected – in contrast, what happens when people download a mobile app onto their device instead of using the internet through a desktop browser or laptop hotspot, etc. WhatsApp has been on the rise as a popular messaging platform. With more users every day, it’s important for WhatsApp Web to be secure so that your messages are safe from hackers trying in on them. But now, Code Verify is bringing even more security to WhatsApp Web.

Code Verify works in partnership with Cloudflare, an internet infrastructure and security company, to provide independent third-party verification that your code is being served correctly. 

WhatsApp has come up with a way to make its messaging service even more secure. They are now offering it as an open-source so that other companies can use this for themselves and improve on what WhatsApp does best: encryption! 

Source: https://engineering.fb.com/2022/03/10/security/code-verify/

The team at Code Verify is passionate about making the web more secure, and they’ve come up with a way to enhance security by checking resources on the entire webpage. This process relies heavily upon Cloudflare as an independent third party that acts as a trusted source for verifying the integrity of all files being requested from websites across their network.

The Code Verify extension will be available on the official browser extensions stores for Google Chrome, Microsoft Edge, and Mozilla Firefox. The plugin doesn’t log any data or user information – it just checks if there are hints of malware in your WhatsApp web traffic so you can take action before anything happens. You can think of Code Verify as a traffic light for your WhatsApp Web code.

Reference: https://engineering.fb.com/2022/03/10/security/code-verify/

Download Extensions: Chrome | Edge | Firefox 

Categories
Featured Google Guest Post Java Language Tech News Uncategorized Unicorns

Google Open-Sources The App Engine Standard Java runtime

Source: https://cloud.google.com/appengine/docs/standard/java/javadoc

The introduction of Google App Engine in 2008 opened up a whole new world for developers – one without worrying about infrastructure management or scaling web applications. Java 8, 11 and 17 all run on this platform along with alternative JVM languages like Apache Groovy or Kotlin are also part of it.

But now, Google has finally opened-source the Java Source code for its Google App Engine Standard environment, which includes all of its production runtime features as well as APIs and local SDKs.

In the below picture representation, items in orange are public modules artifacts and items in yellow are internal ones. Modules ending with * are only used on the production server-side:

Source: https://github.com/GoogleCloudPlatform/appengine-java-standard
PackageDescription
com.google.appengine.apiProvides facilities for server lifecycle management, threading and namespaces/multitenancy.
com.google.appengine.api.appidentityProvides a service to sign arbitrary byte arrays using an internally-generated, rotated private key.
com.google.appengine.api.backendsProvides access to long-running, addressable servers.
com.google.appengine.api.blobstoreProvides management and persistent storage of large, immutable byte arrays.
com.google.appengine.api.capabilitiesProvides status information about the services available via the Google App Engine APIs.
com.google.appengine.api.datastoreProvides persistent storage, also accessible via JDO or JPA interfaces.
com.google.appengine.api.filesProvides a service for file storage and access.
com.google.appengine.api.imagesProvides facilities for the creation and manipulation of images.
com.google.appengine.api.logProvides access to request logs and application logs.
com.google.appengine.api.mailProvides a service to send email messages on behalf of administrators or authenticated users, also accessible via a JavaMail interface.
com.google.appengine.api.memcacheProvides fast but unreliable data storage, also accessible via a JCache interface.
com.google.appengine.api.modulesUtility functions for working with modules.
com.google.appengine.api.oauthProvides a method for clients to access server resources on behalf of a resource owner, as well as a process for end-users to authorize third-party access to their server resources without sharing their credentials.
com.google.appengine.api.quotaProvides measurement of API and CPU usage during requests.
com.google.appengine.api.searchProvides a service for indexing documents and retrieving them using search queries.
com.google.appengine.api.search.checkers 
com.google.appengine.api.search.query 
com.google.appengine.api.taskqueueProvides a mechanism to perform work initiated by a user request, outside of that request.
com.google.appengine.api.urlfetchProvides a service to make HTTP/S requests of other servers on the internet.
com.google.appengine.api.usersProvides facilities to check if a user has authenticated, retrieve their email address, and check if they are an administrator for this application.
com.google.appengine.api.utilsProvides common utility classes.
com.google.apphosting.apiProvides access to the ApiProxy, which dispatches API calls to backend services.

Github: https://github.com/GoogleCloudPlatform/appengine-java-standard

References:

  • https://cloud.google.com/appengine/docs/standard/java/javadoc
  • https://cloud.google.com/blog/topics/developers-practitioners/open-sourcing-app-engine-standard-java-runtime
  • https://www.infoq.com/news/2022/03/google-appengine-java/
Categories
Featured Guest Post Microsoft Security Tech News Unicorns

Microsoft Introduces Microsoft Defender For Azure Cosmos DB

Source: https://azure.microsoft.com/en-us/blog/stay-on-top-of-database-threats-with-microsoft-defender-for-azure-cosmos-db/

The evolution of databases gives developers and organizations a wide range of database types that can be tailored for their varying needs. In order to protect these sensitive data sets against common threats, customized security measures are required as well because each type has its own unique features.

The use of NoSQL databases has become more prevalent in recent years, as they offer single-digit millisecond response times and can scale automatically with your application’s needs. Azure Cosmos DB is one such service that provides fast access to data without sacrificing flexibility or manageability through its automatic management features.

Microsoft recently announced that users of their cloud service, Microsoft Defender for Cloud, can now access an early preview of Defender for Azure Cosmos DB. 

Defender for Azure Cosmos DB is an ultimate solution to protect your database from various kinds of attacks, such as application layer hacking or SQL injection. It also helps you identify any potential risks before they become dangerous by monitoring all activity on the account and raising alerts when something unusual happens with it to take steps immediately to stop further damages done regarding this situation.

You can get started with a free trial

Reference: https://azure.microsoft.com/en-us/blog/stay-on-top-of-database-threats-with-microsoft-defender-for-azure-cosmos-db/

Categories
Featured Guest Post Java Language Meta Tech News Unicorns

Meta Open-Sources A Compositional Deadlock Detector for Android Java

Source: https://engineering.fb.com/2022/03/08/android/deadlock-detector-for-android-java/

The research team at Meta has developed a new static analyzer that catches deadlocks in Java code for Android without ever running the app. What distinguished this work from past efforts is its ability to analyze revisions within large software libraries with hundreds of millions of lines–enough time and space so problems can be found before they manifest themselves as bugs or crashes. The proposed analyzer is open-sourced and forms part of the Infer static analysis framework.

Using abstract interpretation techniques, the proposed analyzer has been designed to summarize how each method behaves when acquiring locks and releasing them and whether it can run on the main thread or background task. This is done elegantly by compounding all behaviors into one summary that reflects what callers will be affected if their operation depends upon this particular piece of code being fast enough for them not to experience lags while running through various parts within your application’s workflow process.

This tool takes a different approach by not analyzing all source files in an app. Instead, it starts with the revisions’ modified methods first and uses that data for its analysis – which can be scalable because of this heuristic.

The team’s research proves that their analysis is sound and complete for a non-deterministic programming language, which means it can detect all deadlocks without false positives.

The static detection of deadlocks has been very valuable in analyzing and diagnosing. Our approach achieves this goal while also making it sufficiently scalable to deploy analyzers on large codebases.

Paper: https://discovery.ucl.ac.uk/id/eprint/10140070/1/deadlocks_final.pdf

Reference: https://engineering.fb.com/2022/03/08/android/deadlock-detector-for-android-java/

Categories
Featured Google Guest Post Tech News Uncategorized Unicorns USA

Google’s Jigsaw Unit is Releasing An Open-Source Tool Called ‘Harassment Manager’ to Reduce Toxicity Online for Journalists

Source: https://arxiv.org/pdf/2202.11168.pdf

When covering controversial topics or live under autocratic governments, online harassment is a constant challenge. For women, it can range from nuisances like insults and memes targeting their appearance to matters of life-threatening danger. They’ve been targeted before for reporting on stories that upset powerful groups with negative feedback who feel threatened by what you’re doing coverage-wise.

Google’s Jigsaw’s team of experts has made long-standing investments in user experience research, technology, and other initiatives to help women navigate targeted harassment online. Jigsaw unit releases the code for an open-source anti-harassment tool called Harassment Manager. The program enables journalists and other public figures to manage better abusive comments on social media platforms like Twitter with Jigsaw’s Perspective API, which sorts through potentially harmful messages.

Harassment Manager is a tool that helps users identify and document harmful posts, mute or block perpetrators of harassment on social media. It has an advanced filtering and reporting system that automatically sorts messages into queues, so you can address them all at once rather than individually through the platform’s default tools which are often not effective or well-suited for dealing with harassment issues on their own account. The interface provides insights into how much “toxicity” there was in each message while it’s being processed – this helps users decide whether they want certain replies blurred out before reading them.

Harassment Managers helps users keep track of abusive messages and downloads a standalone report containing the evidence. This creates an easy paper trail for their employer or law enforcement if necessary and gives them access to services like those provided by The Thomson Reuters Foundation which will be released soon.

Paper: https://arxiv.org/pdf/2202.11168.pdf

Github: https://github.com/conversationai/harassment-manager

References:

  • https://medium.com/@JigsawTeam/5edcac127872
  • https://www.theverge.com/2022/3/8/22966204/google-jigsaw-perspective-ai-twitter-moderation-harassment-manager-journalists
  • https://www.perspectiveapi.com/
Categories
Apple Featured Metaverse Tech News VR/AR

Apple May Let You Live in The Metaverse Through Its Virtual Reality Contact Lenses

Imagine a world where you can wear virtual reality contact lenses and experience life as if your eyes were actually in the metaverse. A recent report from Apple leak site Macrumors claims that APPLE is developing this exciting new piece of technology that would allow users to live digitally through their eyewear.

The ‘Apple Lens,’ as it has been called is expected to work in tangent with the iPhone and Apple Glass. This new technology would integrate virtual reality into someone’s daily life likely using an internally developed at Apple called ‘realityOS’.

As per Macrumors report: Apple analyst Ming-Chi Kuo predicted last year that Apple might release its virtual reality ‘contacts’ sometime in the 2030s. Kuo added that the lenses will take technology products from an era of “visible computing” to “invisible computing.”

Apple’s new contact lens project could provide a lightweight, wireless augmented reality experience without the need to wear glasses or headsets. For example, you might be able to view each store’s hours of operation while walking around in an outdoor shopping plaza with Apple Lenses.

If they work as predicted, these smart contact lenses could be a revolutionary new way to go about doing things. For example, instead of relying on an iPhone or 5G network, you would have access 24/7 without taking your phone out at all.

Apple has not officially confirmed virtual reality ‘contact lenses,’ but CEO Tim Cook called the AR and VR sectors “critically important” and “very profound technologies.”

Kuo has a strong track record for accurately predicting what Apple is working on behind the scenes. Nevertheless, he says there’s no visibility currently so it’ll be some time before we know if this product will ever come out or not.

References:

  • https://nypost.com/2022/03/03/apple-could-replace-your-iphone-with-vr-contact-lenses-that-let-you-live-in-the-metaverse/
  • https://www.macrumors.com/2021/03/12/augmented-reality-apple-contact-lenses-are-coming/