Recently, different users reported receiving a Windows 11 upgrade banner on their Windows 10 devices despite not meeting minimum requirements.  Microsoft already explained that it was a mistake, saying the upgrade offer was “inaccurate” and accepting it would just result in failure. Nonetheless, this caused confusion among those unaware of the current Windows 11 minimum requirements. So, who is eligible for a Windows 11 upgrade? Windows 11 was just released in October 2021. With this, you can expect that most devices purchased in the last 18-24 months will be compatible with Windows 11. If you want a better way to check your device’s eligibility, you can use Microsoft’s PC Health Check, an app that can inspect your device. It can be a useful tool to help you determine why your device doesn’t make the cut for Windows 11 upgrade. It will also provide suggestions you can apply to get Windows 11 upgrade in case you don’t meet the minimum requirements.  If you don’t want to install the app and check the requirements yourself, here is a brief summary of what you need to meet to be eligible for the Windows 11 upgrade. According to Microsoft’s updated February 2023 document, you must satisfy specific minimum hardware requirements to get the upgrade. Aside from the internet connectivity you need for the process, Microsoft laid out a detailed requirement list. Currently, Microsoft only requires 64GB for the last requirement regarding storage. However, it is important to note that given Windows 11’s frequent updates and rollout of new features, higher storage might be needed to ensure you’ll get updates in the future. Microsoft explains that different factors will determine the amount of free space required for such Windows 11 updates in the future. Aside from hardware requirements, there are some current operating system requirements you also need to meet if you are on Windows 10. Specifically, Microsoft says Windows 10 devices must be on version 2004 or later with September 14, 2021 security update or later already installed. Also, it is important to note that Windows 11 in S mode is only available in the Windows 11 Home edition. That said, you won’t be offered a Windows 11 upgrade if you are in the Pro, Enterprise, or Education editions of Windows 10 in S mode. Fortunately, you can resolve this by simply switching out of S mode.  If you think your Windows 10 device is eligible for a Windows 11 upgrade and meet the minimum requirements, you can visit your PC’s Windows Update page to check for a notification saying your device is ready for an upgrade. Just go to Start > Settings > Update & Security > Windows Update > Check for updates. If you don’t meet the requirements (or your device has some known issues), installing Windows 11 is not suggested. Nonetheless, if you are decided to have the new OS version despite possible consequences, there are a variety of ways you can still do to upgrade to Windows 11, including using Installation Assistant or creating Windows 11 installation media. But, then again, it is better to avoid doing them as force upgrades translate to compatibility issues and will soon lead to devise malfunction. Additionally, getting Windows 11 updates (especially security updates) on such ineligible devices that used force installations is not guaranteed. Complete details are posted on OUR FORUM.

Google has announced the release of the first developer preview for Android 14, the next major version of the world's most popular mobile operating system, which comes with security and privacy enhancements, among other things. Starting with Android 14, apps will have to declare precisely how they plan to use certain phone features, data exchange between them will be limited, and additional files downloaded by apps will be read-only. A highlighted security feature in Android 14 is to block the installation of malicious apps that target older API levels (Android versions), which allows easier abuse of sensitive permissions. Starting with the "Runtime receivers," which enable apps to receive intents broadcast by the system or other applications, all apps targeting Android 14 must declare if they need to receive information from other apps or if they should be limited to system "broadcasts." This new security measure continues the "Context.registerReceiver()" feature introduced in previous Android releases. It aims to prevent malicious apps on the device from intercepting or misusing broadcasts meant to reach other apps. To further tighten up the information exchange between apps and prevent malware from gripping sensitive user data, Android 14 will also restrict the sending of "intents" that don't have a specified recipient. With this new security enhancement, malware can no longer intercept intents sent from other apps and read their contents. The third security feature that will land on Android 14 is "safer dynamic code loading," which limits all files downloaded by an application to read-only mode. This would help prevent some code-injection scenarios involving manipulated executables that are meant to be run by privileged apps. Finally, Android 14 will block the installation of harmful apps that target SDK versions lower than 23 (Android 6.0) to achieve easier permissions abuse. "Malware often targets older API levels to bypass security and privacy protections that have been introduced in newer Android versions," explains Google. "To protect against this, starting with Android 14, apps with a targetSdkVersion lower than 23 cannot be installed." In Android 6.0 (2015), Google introduced a runtime permission model that required apps to request the user to grant permission access requests for sensitive operations like the device's camera, microphone, GPS sensors, phone calls, and SMS access upon the app's launch. Malware targeting previous SDK versions can specify it in the manifest XML file and request access to sensitive permissions upon installation, which is easier for users to overlook and approve. The new permissions protection system will also make it impossible for users to install apps that haven't been updated for some time. However, Google says older apps already installed on devices that upgrade to Android 14 will continue to work. Android 14 is still far from its final form, and we may see more security features land on the second developer preview in March 2023. For more on this thread please visit OUR FORUM.

While many of us unplugged from the internet over the holidays to spend time with loved ones, LastPass, the maker of a popular security program for managing digital passwords, delivered a most unwanted gift.  It recently published details about a security breach in which cybercriminals obtained copies of customers’ password vaults, potentially exposing millions of people’s online information. From a hacker’s point of view, this is equivalent to hitting the jackpot. When you use a password manager like LastPass or 1Password, it stores a list containing all the usernames and passwords for the sites and apps you use, including banking, healthcare, email, and social networking accounts Huh. It keeps track of that list, called a vault, in its own online cloud so you can easily access your passwords from any device. LastPass said the hackers stole a copy of the list of usernames and passwords for each customer from the company’s servers. This breach was one of the worst things that could happen to a security product designed to take care of your passwords. But besides the obvious next step — to change all your passwords if you used LastPass — there are important lessons we can learn from this debacle, including that security products are not foolproof, especially when they Store our sensitive data in the cloud. First, it’s important to understand what happened: The company said the intruders gained access to its cloud database and a copy of the data vault containing millions of customers using credentials and keys stolen from a LastPass employee. LastPass, which published details about the breach in a blog post on December 22, attempted to reassure its users that their information was likely to be secure. It said that some parts of people’s vaults – such as the website addresses for sites they logged into – were unencrypted, but sensitive data including usernames and passwords were encrypted. This shows that hackers can know the banking website that someone uses but do not need the username and password to log into that person’s account. Most important, the master password that users set to unlock their LastPass vaults was also encrypted. This means hackers would have to crack the encrypted master password to get to the rest of the passwords in each vault, which would be difficult to do as long as people used a unique, complex master password. LastPass CEO Karim Touba declined to be interviewed but wrote in an emailed statement that the incident demonstrated the strength of the company’s system architecture, which he said kept sensitive Vault data encrypted and secure. Is. He also said that it was the users’ responsibility to “practice good password hygiene”. Many security experts disagreed with Mr. Touba’s optimistic spin, saying that every LastPass user should change all of their passwords. “It’s very serious,” said Sinan Eren, an executive at security firm Barracuda. “I think all those managed passwords have been compromised.” Casey Ellis, chief technology officer at security firm BugCrowd, said it was important that the intruders had access to lists of website addresses that people used. “Let’s say I’m following you,” said Mr. Ellis. “I can see all the websites you have saved information for and use that to plan an attack. Every LastPass user has that data now in the hands of an adversary. We can all learn from this breach to stay safe online. While many of us unplugged from the internet over the holidays to spend time with loved ones, LastPass, the maker of a popular security program for managing digital passwords, delivered a most unwanted gift. It recently published details about a security breach in which cybercriminals obtained copies of customers’ password vaults, potentially exposing millions of people’s online information. From a hacker’s point of view, this is equivalent to hitting the jackpot. When you use a password manager like LastPass or 1Password, it stores a list containing all the usernames and passwords for the sites and apps you use, including banking, healthcare, email and social networking accounts Huh. It keeps track of that list, called a vault, in its own online cloud so you can easily access your passwords from any device. LastPass said the hackers stole a copy of the list of usernames and passwords for each customer from the company’s servers. This breach was one of the worst things that could happen to a security product designed to take care of your passwords. But besides the obvious next step — to change all your passwords if you used LastPass — there are important lessons we can learn from this debacle, including that security products are not foolproof, especially when they Store our sensitive data in the cloud. First, it’s important to understand what happened: The company said the intruders gained access to its cloud database and a copy of the data vault containing millions of customers using credentials and keys stolen from a LastPass employee. LastPass, which published details about the breach in a blog post on December 22, attempted to reassure its users that their information was likely to secure. More details can be found on OUR FORUM.

The Irish Data Protection Commission (DPC) has launched an inquiry following last month's news reports of a massive Twitter data leak. This leak affected over 5.4 million Twitter users and included both public information scraped from the site as well as private phone numbers and email addresses. The data was obtained through the exploitation of an API vulnerability that Twitter had fixed in January. In a statement on Friday, the Irish privacy regulator said, "The DPC corresponded with Twitter International Unlimited Company ('TIC') in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance." It also added that it believes "one or more provisions of the GDPR and/or the Act may have been, and/or are being, infringed in relation to Twitter Users' personal data." The DPC, which serves as Twitter's lead EU watchdog, wants to determine if the social media giant has fulfilled its obligations as a data controller regarding the processing of user data and whether it has violated any provisions of the General Data Protection Regulation (EU GDPR) or the Data Protection Act 2018. Two years ago, the DPC fined Twitter €450,000 (~$550,000) for failing to notify the DPC of a breach within the 72-hour timeframe required by the GDPR and for inadequate documentation of the breach. In November 2021, the DPC also fined Meta €265 million ($275.5 million) for a major data leak on Facebook that exposed the personal information of hundreds of millions of users worldwide. In July 2022, the private information of more than 5.4 million Twitter users was put up for sale on a hacking forum for $30,000. While most of the data was publicly available, such as Twitter IDs, names, login names, locations, and verified status, the leaked database also included non-public information, such as email addresses and phone numbers. This data was collected in December 2021 through a Twitter API vulnerability disclosed through the HackerOne bug bounty program, which allowed anyone to submit phone numbers or email addresses into the API to link them to their associated Twitter ID. After BleepingComputer shared a sample of the stolen user records with Twitter, the company confirmed it had experienced a data breach linked to attackers using this API bug, which was fixed in January 2022. BleepingComputer found that the bug was exploited by Pompompurin, the owner of the Breached hacking forum, who also harvested the information of an additional 1.4 million suspended Twitter users using a different API. This brought the total number of Twitter profiles scraped for private information to almost 7 million. Stay in the loop by visiting OUR FORUM.

A couple of days ago, Elon Musk launched a poll asking Twitter users to vote on whether he should resign as the Twitter CEO. More than 50 percent of people think that the multi-billionaire should resign from that post.  Now Musk has announced that he will abide by the results and resign as the CEO of the social media company. But it may not happen anytime soon. While Musk says he will resign, he will not do so until he finds “someone foolish enough to take the job.” And no one really knows when that will happen. But according to reports, it’s not the poll result that has decided Musk’s future roles at Twitter, as he was looking for a CEO even before that. After taking over Twitter, Elon Musk also said that his role as the Twitter CEO would be “temporary.” However, Musk will continue to oversee software and server teams even after resigning as the CEO. Either way, while Musk may not be the CEO, he will definitely have a say in everything that Twitter will do in the future, at least until he keeps the company as a private entity. Under Musk’s leadership, Twitter underwent massive changes, including a Twitter Blue Verified system allowing genuine people to be verified. Its latest big announcement was that it would launch a poll on Twitter before making major policy decisions. This way, the company may be trying to avoid the kind of outrage it had to face after launching the now-deleted “Promotion of alternative social platforms policy.” However, polls regarding Twitter’s policy changes may not always remain free. Musk recently commented on whether Twitter should give voting power on major policy decisions to Blue subscribers only. The chief of Twitter said, “Good point. Twitter will make that change.” While giving voting power to Blue subscribers will make them feel special, it will be another polarizing decision and will definitely lead to outrage. It will be interesting to see if Musk launches a new poll asking users whether voting power should become a paid feature. Amid outrage over its now-deleted policy platform promotion policy, Twitter recently launched a new badging system for Business users. It allows a company to link any number of its affiliated individuals, businesses, and brands to its account. After linking, affiliated accounts will get a small square badge of their parent company’s profile picture next to their blue or gold checkmark. Follow this thread on OUR FORUM.