Amazon Archives - Page 29 of 30 - Appunti dalla rete

5 Ways to Figure Out What to Sell on Amazon

With over 300 million active customers on Amazon, it’s no wonder you want to sell a product on the internet’s most visited ecommerce website. Fortunately, choosing what to sell on Amazon, and how to sell it, isn’t as hard as you might think. In fact, most of your research can be done for free on the site itself.

To ensure you choose a low-risk, high-return product to sell on Amazon, we’ve created this guide. Keep reading to learn about top-selling items, what you should sell, and how to conduct research to ensure whatever you’re selling is a safe bet on the ecommerce giant.

Download Now: Ecommerce Conversion Rate Calculator

Top Selling Items on Amazon

First, for inspiration, let’s take a look at some of the top-selling products on Amazon.

Amazon itself curates a list of current best-sellers, ranging from toys to books to video games —and the list is updated hourly. Here are some of the top product categories:

1. Home & Kitchen

what to sell on amazon example: home and kitchen products

Given the wide range of products that fall within Home & Kitchen — appliances, furniture, décor, and more — it’s no wonder that 32% of sellers on Amazon opt to sell in this category. Plus, it’s a pretty booming industry with global retail sales of home and household appliances amounting to $448 billion dollars in 2021.

It’s important to note that because Home & Kitchen is so popular it may be more difficult for new sellers to find success in this category. So, if you’re considering breaking into this market, make sure you have a product that is high quality and serves a specific niche.

2. Clothing, Shoes & Jewelry

what to sell on amazon example: clothes, shoes, and jewelry products

It should be no surprise that Clothing, Shoes, & Jewelry is one of Amazon’s top product categories. After all, the ecommerce platform holds a nearly 35% share of all apparel sold online, making it one of the best-selling online fashion retailers. Specifically, Amazon shoppers prefer casual clothing over luxury apparel, with their top brands being Hanes and Amazon Essentials.

It’s important to note that this category can get a bit oversaturated, so it’s critical you ensure you’re able to offer something unique. People don’t turn to Amazon for expensive brand items — instead, they look for discounts. So, if you’re thinking of selling clothes, shoes, and jewelry, make sure your product is high quality and low price.

3. Electronics

what to sell on amazon example: electronics

From computers and TVs to surveillance systems and wearable technology, consumers are always looking for the latest in tech — especially when they are online shopping. In fact, almost half of all computer and electronics sales occur online.

Amazon consistently displays impressive prices on some of the world’s most popular electronics, so it makes sense that consumers often buy from the platform. This could be a promising category to consider as a third-party seller if you’re able to buy electronics in bulk.

4. Beauty & Personal Care

what to sell on amazon: beauty and personal care products

Though the Beauty & Personal Care industry experienced a 15% decrease in global sales in 2020, don’t underestimate its significance and resilience. The market bounced back with a revenue increase of nearly $3 billion in 2021 and is expected to continue to grow.

The Beauty & Personal Care category includes everything from makeup and skincare to fragrances and hair products. Even though there is quite a bit of competition in this market with 23% of third-party sellers listing items, those who specialize in creating handmade cosmetics may really excel in this category.

Of course, like anything, the more popular the product category, the more intense the competition. It’s important you find your niche to ensure you’re not competing with the 300,000 other search results for “white t-shirt.”

Before we get to what to sell on Amazon, let’s discuss how much it costs.

What does it cost to sell on Amazon?

Amazon offers two selling plans: Professional and Individual. The Professional selling plan costs $39.99 per month, plus per-item selling fees, which vary by category. Alternatively, the Individual selling plan allows you to pay $0.99 per item sold plus other selling fees, which vary by category. The Individual selling plan doesn’t have a monthly subscription fee, so if you plan to sell less than 40 items, this is likely the smarter choice.

You’ll want to do your research on shipping costs and Amazon seller fees, so you know how much you’ll need to spend depending on your item. This information can help you narrow your decision — for instance, a two-to-three pound item will be lightweight and easy to ship, which can help lower your shipping fees.

Along with weight, you’ll want to consider products that aren’t easily breakable when you’re transporting them.

Additionally, most products on Amazon vary between $10 and $50, so you’ll want to choose items you can sell for relatively cheap while still making a profit.

How to Know What to Sell on Amazon

Once you’ve determined you’re willing to pay shipping costs — and that your product likely falls within a fair price range — it’s time to figure out what you want to sell. Here are five methods that can help you narrow down your search:

1. Manually conduct research on Amazon.com.

To manually research popular products on Amazon, you’ll want to start with Amazon’s best-selling items in a certain category. From there, you’ll start exploring that category’s sub-categories and narrow down on a niche.

When you check out Amazon’s best-sellers list, you might also look at the “Customers also bought” section to get ideas for similar products.

Once you make a list of items, check Google keyword planner to see whether those products have search volume, which indicates a level of demand. Alternatively, you could use Sellerapp’s product intelligence tool specifically for Amazon. Sellerapp offers a seven-day free trial, which allows you to begin investigating popular products on Amazon via keywords to further narrow your list.

2. Use a chrome extension to research products in a niche market.

There are two popular chrome extensions to help you conduct keyword research on Amazon: Jungle Scout and Unicorn Smasher.

Jungle Scout shows you monthly sales volumes on products and displays products with low competition. It allows you to save products to track them over time. Undoubtedly, Jungle Scout’s analytics can help you quickly and efficiently narrow down on a product or an industry in which you could excel. However, Jungle Scout is relatively pricey, particularly if you’re just starting out.

Unicorn Smasher is Jungle Scout’s free alternative. While the data isn’t as accurate as Jungle Scout, and it lacks some of Jungle Scout’s sophisticated features, it’s nonetheless a helpful free option to gather estimated monthly sales and estimated monthly sales revenue for Amazon products.

Some other popular product research extensions include:

3. Find a gap in the market.

You can find gaps by using one of the previously mentioned chrome extensions to research products with high monthly sales volume and low competition. However, you might also come across a gap on Amazon through a simple organic search.

For instance, when I search “perfume” there are over 30,000 results, but when I search “natural vegan amber perfume” there are only 247.

This is a simplified example, but sometimes you need to narrow down your product search to find a place to make an impact on Amazon. Plenty of people are already selling perfume, but there might be a certain scent, style, or feature that is missing on the site.

amazon search example for natural vegan amber perfume

Alternatively, you can find a gap in the market by reading customer reviews in your product market niche. Even if there are plenty of products similar to yours already, you might find that customers are unsatisfied with the current brands and want something you can provide.

4. Find products that don’t have too much competition.

If you’re trying to sell a product that currently has 100,000 search results, it’s likely going to be very difficult to stand out against the competition and achieve the sales you want. Fortunately, it’s relatively easy to find a niche within a larger market that has less competition, which ensures your product is more easily found by searchers. Best of all, those searchers are likely more willing to buy your product, since they needed to search for a more specific keyword.

For instance, let’s say you want to sell cookbooks. The search term “Cookbooks” has over 70,000 results.

Alternatively, the search term “Cookbooks for instant pot cooking” has only 3,000 results. Not only is your product more likely to become a best-seller in this category, but it’s a more targeted keyword. If someone searches “Cookbooks” they could mean anything from “Kids cookbooks” to “Holiday cookbooks.” If someone searches “Cookbooks for instant pot cooking,” however, they’re more likely to be satisfied with your product.

5. Search for categories with at least three results with Best Sellers Rank (BSR).

Amazon’s Best Sellers Rank (BSR) reflects both recent and historical sales of an item. A high BSR indicates that the product is in-demand, which is critical to know as a seller.

If you find just one product in a category with a high BSR, and none of the other items are best-sellers, it could be an indication that a single product is dominating the market. Instead, you want to target product categories that feature multiple items with a high BSR because it signifies demand in that area and allows room for your product to succeed.

For instance, let’s say you want to sell sports products, but you find “basketball” has only one item with a high BSR. However, upon further research, you find “football” as a category has multiple best-selling products on the first page.

As a new seller, I would prioritize selling footballs over basketballs since this research demonstrates a user’s willingness to peruse different footballs before purchasing one.

What to Sell on Amazon

Undoubtedly, you can obtain an impressive profit from selling products on Amazon, but it’s critical you’re able to offer unique, budget-friendly products with minimal competition to truly succeed on the site.

Over-saturation on the platform proves it’s more difficult than ever to stand out, so it’s not smart to sell on Amazon for the sake of selling on Amazon. Instead, you want to ensure you’re truly able to offer something of value.

If you have a product in mind, follow the tips above to refine your strategy and find a niche segment within a larger demographic. If you don’t have a product in mind, start with the basics: what are the most-searched keywords on Amazon, and which products are most successful?

Once you have a list based on keyword research, consider similar products the user might find more compelling or useful than the ones currently listed on Amazon.

Editor’s note: This post was originally published in March 2019 and has been updated for comprehensiveness.

Originally published Sep 13, 2022 7:00:00 AM, updated September 13 2022

Source :
https://blog.hubspot.com/marketing/what-to-sell-on-amazon

Password Security and the Internet of Things (IoT)

The Internet of Things (IoT) is here, and we’re using it for everything from getting instant answers to random trivia questions to screening visitors at the door. According to Gartner, we were expected to use more than 25 billion internet-connected devices by the end of 2021. But as our digital lives have become more convenient, we might not yet have considered the risks involved with using IoT devices.

How can you keep yourself secure in today’s IoT world, where hackers aim to outsmart your smart home? First we’ll look at how hackers infiltrate the IoT, and then we’ll look at what you can do right now to make sure the IoT is working for you – not against you.

How hackers are infiltrating the Internet of Things

While we’ve become comfortable asking voice assistants to give us the weather forecast while we prep our dinners, hackers have been figuring out how to commandeer our IoT devices for cyber attacks. Here are just a few examples of how cyber criminals are already infiltrating the IoT.

Gaining access to and control of your camera

Have you ever seen someone with a sticker covering the camera on their laptop or smartphone? There’s a reason for that. Hackers have been known to gain access to these cameras and spy on people. This has become an even more serious problem in recent years, as people have been relying on videoconferencing to safely connect with friends and family, participate in virtual learning, and attend telehealth appointments during the pandemic. Cameras now often come with an indicator light that lets you know whether they’re being used. It’s a helpful protective measure, but not a failsafe one.

Using voice assistants to obtain sensitive information

According to Statista, 132 million Americans used a digital voice assistant once a month in 2021. Like any IoT gadget, however, they can be vulnerable to attack. According to Ars Technica, academic researchers have discovered that the Amazon Echo can be forced to take commands from itself, which opens the door to major mischief in a smart home. Once an attacker has compromised an Echo, they can use it to unlock doors, make phone calls and unauthorized purchases, and control any smart home appliances that the Echo manages.

Many bad actors prefer the quiet approach, however, slipping in undetected and stealing information. They can piggyback on a voice assistant’s privileged access to a victim’s online accounts or other IoT gadgets and make off with any sensitive information they desire. With the victim being none the wiser, the attackers can use that information to commit identity fraud or stage even more ambitious cyber crimes.

Hacking your network and launching a ransomware attack

Any device that is connected to the internet, whether it’s a smart security system or even a smart fridge, can be used in a cyber attack. Bad actors know that most people aren’t keeping their IoT gadgets’ software up to date in the same way they do their computers and smartphones, so they take advantage of that false sense of security. Once cyber criminals have gained access to an IoT device, they can go after other devices on the same network. (This is because most home networks are designed to trust devices that are already connected to them.) When these malicious actors are ready, they can launch a ransomware attack that brings your entire digital life to a halt – unless you agree to fork over a hefty sum in bitcoin, that is.

Using bots to launch a DDOS attack

Although most people never notice it, hackers can and do infect IoT devices with malware en masse, gaining control over them in the process. Having turned these zombie IoT devices into bots, the hackers then collectively use them to stage what’s called a botnet attack on their target of choice. This form of assault is especially popular for launching distributed denial of service (DDOS) attacks, in which all the bots in a botnet collectively flood a target with network requests until it buckles and goes offline.

How you can keep your Internet of Things gadgets safe from hackers

So how can you protect your IoT devices from these determined hackers? Fortunately, you can take back control by becoming just a little more cyber smart. Here are a few ways to keep your IoT gadgets safe from hackers:

Never use the default settings on your IoT devices. Although IoT devices are designed to be plug-and-play so you can start enjoying them right away, their default settings are often not nearly as secure as they should be. With that in mind, set up a unique username and strong password combination before you start using any new IoT technology. While you’re at it, see if there’s an option to encrypt the traffic to and from your IoT device. If there is, turn it on.
Keep your IoT software up to date. Chances are, you regularly install the latest software updates on your computer and phone. Hackers are counting on you to leave your IoT gadgets unpatched, running outdated software with vulnerabilities they can exploit, so be sure to keep the software on your IoT devices up to date as well.
Practice good password hygiene. We all slip into bad password habits from time to time – it’s only human – but they put our IoT security at risk. With this in mind, avoid re-using passwords and be sure to set unique, strong passwords on each of your IoT devices. Update those passwords from time to time, too. Don’t store your passwords in a browser, and don’t share them via email. A password manager can help you securely store and share your passwords, so hackers never have a chance to snatch them.
Use secure, password-protected WiFi. Cyber criminals are notorious for sneaking onto open, insecure WiFi networks. Once they’re connected, they can spy on any internet activity that happens over those networks, steal login credentials, and launch cyber attacks if they feel like it. For this reason, make sure that you and your IoT devices only use secure, password-protected WiFi.
Use multi-factor authentication as an extra layer of protection. Multi-factor authentication (MFA), gives you extra security on top of all the other measures we mentioned above. It asks you to provide one more credential, or factor, in addition to a password to confirm you are who you say you are. If you have MFA enabled and a hacker tries to log in as you, you’ll get a notification that a login attempt is in progress. Whenever you have the option to enable MFA on any account or technology, take advantage of it.

Protect your Internet of Things devices with smart password security

The IoT is making our lives incredibly convenient, but that convenience can be a little too seductive at times. It’s easy to forget that smart home devices, harmless-looking and helpful as they are, can be targeted in cyber attacks just like our computers and phones. Hackers are counting on you to leave your IoT gadgets unprotected so they can use them to launch damaging attacks. By following these smart IoT security tips, you can have the best of both worlds, enjoying your smart life and better peace of mind at the same time.

Learn how LastPass Premium helps you strengthen your password security.

Source :
https://blog.lastpass.com/2022/08/password-security-and-the-iot/

New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings

Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user’s device to access sensitive information and camera recordings.

The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm systems. Amazon acquired the doorbell maker for about $1 billion in 2018.

Application security firm Checkmarx explained it identified a cross-site scripting (XSS) flaw that it said could be weaponized as part of an attack chain to trick victims into installing a malicious app.

The app can then be used to get hold of the user’s Authorization Token, that can be subsequently leveraged to extract the session cookie by sending this information alongside the device’s hardware ID, which is also encoded in the token, to the endpoint “ring[.]com/mobile/authorize.”

Armed with this cookie, the attacker can sign in to the victim’s account without having to know their password and access all personal data associated with the account, including full name, email address, phone number, and geolocation information as well as the device recordings.

https://youtube.com/watch?v=eJ5Qsx4Fdks

This is achieved by querying the below two endpoints –

account.ring[.]com/account/control-center – Get the user’s personal information and Device ID
account.ring[.]com/api/cgw/evm/v2/history/devices/{{DEVICE_ID}} – Access the Ring device data and recordings

Checkmarx said it reported the issue to Amazon on May 1, 2022, following which a fix was made available on May 27 in version 3.51.0. There is no evidence that the issue has been exploited in real-world attacks, with Amazon characterizing the exploit as “extremely difficult” and emphasizing that no customer information was exposed.

The development comes more than a month after the company moved to address a severe weakness affecting its Photos app for Android that could have been exploited to steal a user’s access tokens.

Source :
https://thehackernews.com/2022/08/new-amazon-ring-vulnerability-could.html

Better Together: AWS and Trend Micro

There’s a very good reason why AWS remains a leader in cloud computing. While many providers describe themselves as “customer obsessed,” few come close to our long-time partner in the lengths it goes to earn and retain the trust of its customers.

AWS starts with the customer and works backwards. That means the vast majority of its feature enhancements and new services are directly driven from their input. The latest is Amazon GuardDuty Malware Protection.

This threat detection tool, which will work closely with Trend Micro cloud solutions, will provide another valuable layer of defense in our fight against a shared adversary.

Shining a light on an expanding attack surface

Spurred by a drive for greater cost efficiency and business agility, global organizations are migrating to the cloud in droves. Gartner predicts the worldwide market for public cloud services will reach almost $495bn this year, and grow by over 21% in 2023. In this environment, security remains a persistent concern for cloud builders, because if not properly managed, investments can increase the digital attack surface.

According to recent Trend Micro research, many global organizations are already struggling to securely manage their cloud assets. We found that 73% of IT and business leaders are concerned with the size of their attack surface, and 43% claim it is “spiralling out of control.” Cloud is the area where most respondents say they have least insight. They want their cloud providers to do more—for example by building enhanced detection into their systems, to complement third-party tools.

That’s part of the reason why AWS built Amazon GuardDuty Malware Protection was built. This new feature is triggered by detection of known malicious signatures across the cloud network. Based on this detection, the service scans the associated Amazon EBS storage environment for malware and reports any findings to AWS Security Hub. Open APIs from here link to products like Trend Micro Cloud One to enhance existing detection and response efforts.

Better together

Trend Micro and AWS have been working closely together for over a decade now, and this latest announcement represents another exciting stage in the journey. Customers will welcome AWS native threat detection as a complement to their Trend Micro Cloud One capabilities, delivering a comprehensive range of features to secure the hybrid cloud. Once they add the AWS tool to our virtual patching, vulnerability scanning, lateral movement detection, posture management and other capabilities, joint customers will have a powerful set of integrated offerings to deliver simple, all-in-one cloud security and compliance.

In addition, this move from AWS validates our XDR strategy, which is focused on using as many data sources as possible to enhance detection and response. The bottom line is that security takes a village. Customers, cloud providers and security vendors have a shared responsibility to work together as the threat landscape continues to evolve. That’s what we’ll continue to do, expanding and deepening our strategic partnerships with AWS and other providers in a collective effort to make the digital world safer.

Source :
https://www.trendmicro.com/en_us/research/22/g/aws-trend-micro.html

Spectre and Meltdown Attacks Against OpenSSL

The OpenSSL Technical Committee (OTC) was recently made aware of several potential attacks against the OpenSSL libraries which might permit information leakage via the Spectre attack.¹ Although there are currently no known exploits for the Spectre attacks identified, it is plausible that some of them might be exploitable.

Local side channel attacks, such as these, are outside the scope of our security policy, however the project generally does introduce mitigations when they are discovered. In this case, the OTC has decided that these attacks will not be mitigated by changes to the OpenSSL code base. The full reasoning behind this is given below.

The Spectre attack vector, while applicable everywhere, is most important for code running in enclaves because it bypasses the protections offered. Example enclaves include, but are not limited to:

The reasoning behind the OTC’s decision to not introduce mitigations for these attacks is multifold:

Such issues do not fall under the scope of our defined security policy. Even though we often apply mitigations for such issues we do not mandate that they are addressed.
Maintaining code with mitigations in place would be significantly more difficult. Most potentially vulnerable code is extremely non-obvious, even to experienced security programmers. It would thus be quite easy to introduce new attack vectors or fix existing ones unknowingly. The mitigations themselves obscure the code which increases the maintenance burden.
Automated verification and testing of the attacks is necessary but not sufficient. We do not have automated detection for this family of vulnerabilities and if we did, it is likely that variations would escape detection. This does not mean we won’t add automated checking for issues like this at some stage.
These problems are fundamentally a bug in the hardware. The software running on the hardware cannot be expected to mitigate all such attacks. Some of the in-CPU caches are completely opaque to software and cannot be easily flushed, making software mitigation quixotic. However, the OTC recognises that fixing hardware is difficult and in some cases impossible.
Some kernels and compilers can provide partial mitigation. Specifically, several common compilers have introduced code generation options addressing some of these classes of vulnerability:
- GCC has the -mindirect-branch, -mfunction-return and -mindirect-branch-register options
- LLVM has the -mretpoline option
- MSVC has the /Qspectre option

Nicholas Mosier, Hanna Lachnitt, Hamed Nemati, and Caroline Trippel, “Axiomatic Hardware-Software Contracts for Security,” in Proceedings of the 49th ACM/IEEE International Symposium on Computer Architecture (ISCA), 2022.↩

Posted by OpenSSL Technical Committee May 13th, 2022 12:00 am

Source :
https://www.openssl.org/blog/blog/2022/05/13/spectre-meltdown/

Your Guide to WordPress Favicons

Recognition is crucial for your website to succeed. From creating a great logo to developing key messaging and delivering great content, the easier it is for visitors to recognize your brand, the better the chances they’ll remember your site and make the move from content curiosity to sales conversion.

But reliable recognition isn’t just about the big things — done well, even the smallest details of your WordPress website can help it stand out from the crowd and attract customer notice. This is the role of the favorite icon or “favicon” that’s used in web browser tabs, bookmarks, and on mobile devices as the app image for your site.

Not sure how favicons work or how to get them up and running on your site? We’ve got you covered with our functional guide to favicons — what they are, why they matter, and how to enable them in WordPress.

Grow Your Business With HubSpot’s Tools for WordPress Websites

If you would rather follow along with a video, here’s a walkthrough created by Elegant Themes:

https://youtube.com/watch?v=B4pmaGumOWY%3Ffeature%3Doembed

What is a WordPress Favicon?

The official WordPress support page defines a favicon as “an icon associated with a particular website or web page.” This description doesn’t do the term justice — in fact, favicons are everywhere and are intrinsically associated with your brand.

Let’s take a closer look at how favicons look and why they matter below.

WordPress Favicon Size

The typical size of a WordPress favicon is 512 x 512 pixels. These icons are stored as .ico files in the root directory of your WordPress server.

But what does a favicon look like in real life? For a quick example, take a look at the browser tab of this webpage if you’re on a desktop or the area just under the address bar on your mobile device. Notice anything? That orange symbol with lines and circles is HubSpot’s favicon — and it shows up anytime you’re on our site.

In most cases, favicons are the same as brand logos scaled down to fit web and mobile browsers. Where this isn’t possible — such as cases where your logo is too complex or detailed — site owners typically opt for similar color schemes and thematic elements to ensure brand consistency.

Once you start seeing favicons you can’t unsee them; from webpages to tabs to bookmarks and mobile applications, the icon you choose for your favicon is inextricably linked to your site and your brand — so make sure you choose wisely.

Why Favicons Matter

Favicons are the visual currency of your brand. They’re everywhere — from browsers to bookmarks to mobile apps — and become an integral part of your site’s overall branding strategy.

As result, effective favicon design and deployment offers three broad benefits:

Improved Brand Recognition

Think of your favicon like your calling card — the icon needs to be simple, recognizable and consistent. The more places your favicon appears, the better, since this makes it easy for users to connect your WordPress site with your icon image.

Consistency is also key as users open multiple browser tabs and the available space for text descriptions naturally shrinks. Open enough tabs and all that’s left is — you guessed it — room for the favicon.

Increased Consumer Confidence

While visitors may not be able to define what a favicon is or how it works, these icons are inherently familiar. So familiar, in fact, that sites without favicons often stand out from the crowd for all the wrong reasons.

Much like relevant social media content and secure site connections, favicons are critical to boosting consumer confidence in the products or services you offer on your site.

Integrated Mobile Consistency

The impact of mobile devices can’t be ignored, with smartphones and tablets now outpacing desktops as the primary means of consumer online interaction. Favicons make it possible to ensure your brand easily translates to mobile — when users create website bookmarks on mobile home screens, your favicon stands in for the link.

Favicon Creation Guidelines

Not sure how to get started creating your site’s favicon? Let’s break down some best-practice guidelines.

1. Get the size right.

As noted above, favicons are typically 512 x 512 pixels in size. While it’s possible to use a larger WordPress favicon size, the platform will often ask you to crop the image down.

2. Keep it simple.

While it’s possible to add background colors and other customization to your favicon, keeping it simple is often the best choice. Here, simplicity includes opting for transparency over background colors and keeping the number of foreground colors in your favicon to one or two at most.

Ideally, your favicon will look almost identical to your brand’s logo — if that’s not possible, try to pull elements from your logo such as shapes or color schemes that help tie in your new favicon.

3. Choose wisely.

Site owners can update their favicon at any time, but it’s a good idea to keep the number of changes to a minimum. Here’s why: If users see a different favicon every time they log on to your website, they won’t have an opportunity to associate a specific image with your brand.

Bottom line? Better to go without a favicon until you find one that works for your site and that you don’t plan on changing.

How to Enable WordPress Favicons

To get your favicon up and running on your WordPress site, you’ve got three options:

Use the Site Icon feature
Install a favicon plugin
Upload the new favicon yourself

Let’s break down each method in more detail.

1. Use the site icon feature.

As of WordPress version 4.3, the content management system (CMS) includes a Site Icon function that enables favicons. Simply prepare your image file — which can be a .jpeg, .ico, .gif or .png file — and head to the Administration page of your WordPress Site.

Next, click on “Appearance” and then “Customize”, then click “Site Identity.” Now, click “Select Image” under the Site Icon subheading and upload the file you’ve prepared. You should see a screen like this:

Using site icon feature in WordPress dashboard to create favicon

If you like the favicon you’ve created, no further action is required. If not, you can easily remove the file or upload a new image.

2. Install a favicon plugin.

You can also use a plugin — such as Favicon by RealFaviconGenerator — to create and deploy your favicon. This must-have WordPress plugin not only lets you customize your favicon but also ensures that multiple versions are created to satisfy the requirements of different operating systems and device versions.

As long as the image you upload to the plugin is at least 70 x 70 pixels, the RealFaviconGenerator will take care of the rest.

3. Upload the new favicon yourself.

If you’d rather do the legwork yourself, you can create and upload your own favicon to your WordPress site.

First, create an image that’s at least 16 x 16 pixels and is saved as a .ico file. Then, use an FTP client to upload this file to the main folder of your current WordPress theme — typically the same place as your wp-admin and wp-content folders.

While this should display your favicon in most web browsers, some older browser versions will require you to edit WordPress header HTML code. The result? DIY favicons aren’t recommended unless you’re familiar with more technical WordPress functions.

Final Favicon Thoughts

Whie favicons form only a small part of your WordPress website build, they’re critical for website recognition. Consistent and clear favicons make it easy for visitors to remember your site and carry this mental connection across desktop, tablet, and mobile devices.

Source :
https://blog.hubspot.com/website/wordpress-favicon#:~:text=WordPress%20Favicon%20Size&text=These%20icons%20are%20stored%20as,directory%20of%20your%20WordPress%20server.

Vulnerability in Amazon Photos Android App Exposed User Information

Cybersecurity firm Checkmarx has published details on a high-severity vulnerability in the Amazon Photos Android application that could have allowed malicious apps to steal an Amazon access token.

With more than 50 million downloads, Amazon Photos offers cloud storage, allowing users to store photos and videos at their original quality, as well as to print and share photos, and to display them on multiple Amazon devices.

In November 2021, Checkmarx researchers identified an issue in the application that could have leaked the Amazon access token to malicious applications on the user’s device, potentially exposing the user’s personal information. The bug was addressed in December 2021.

The leaked Amazon access token is used for user authentication across Amazon APIs, including some that contain personal information such as names, addresses, and emails. Through the Amazon Drive API, for example, the attacker could access the user’s files, Checkmarx says.

The issue, the researchers explain, resided in a misconfigured component that was “exported in the app’s manifest file, thus allowing external applications to access it.”

The issue resulted in the access token being sent in the header of a HTTP request, but the most important aspect was the fact that an attacker could control the server receiving this request.

“The activity is declared with an intent-filter used by the application to decide the destination of the request containing the access token. Knowing this, a malicious application installed on the victim’s phone could send an intent that effectively launches the vulnerable activity and triggers the request to be sent to a server controlled by the attacker,” Checkmarx notes.

The leaked token could provide the attacker with access to all of the user information available through the Amazon API. Using the Amazon Drive API, the attacker could access users’ files and read, re-write, or delete their contents.

The researchers also explain that the access token could have allowed anyone to modify files and erase their history, to prevent recovery, or could have completely deleted files and folders from the user’s Amazon Drive account.

“With all these options available for an attacker, a ransomware scenario was easy to come up with as a likely attack vector. A malicious actor would simply need to read, encrypt, and re-write the customer’s files while erasing their history,” the researchers say.

The vulnerability might have had a wider impact, given that the potentially affected APIs that the researchers identified represent only a small subset of the entire Amazon ecosystem, Checkmarx also notes.

Source :
https://www.securityweek.com/vulnerability-amazon-photos-android-app-exposed-user-information

Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity

The European Parliament announced a “provisional agreement” aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union.

The revised directive, called “NIS2” (short for network and information systems), is expected to replace the existing legislation on cybersecurity that was established in July 2016.

The revamp sets ground rules, requiring companies in energy, transport, financial markets, health, and digital infrastructure sectors to adhere to risk management measures and reporting obligations.

Among the provisions in the new legislation are flagging cybersecurity incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks, failing which can incur monetary penalties.

“The directive will formally establish the European Cyber Crises Liaison Organization Network, EU-CyCLONe, which will support the coordinated management of large-scale cybersecurity incidents,” the Council of the European Union said in a statement last week.

The development closely follows the European Commission’s plans to “detect, report, block, and remove” child sexual abuse images and videos from online service providers, including messaging apps, prompting concerns that it may undermine end-to-end encryption (E2EE) protections.

The draft version of NIS2 explicitly spells out that the use of E2EE “should be reconciled with the Member States’ powers to ensure the protection of their essential security interests and public security, and to permit the investigation, detection and prosecution of criminal offenses in compliance with Union law.”

It also stressed that “Solutions for lawful access to information in end-to-end encrypted communications should maintain the effectiveness of encryption in protecting privacy and security of communications, while providing an effective response to crime.”

That said, the directive will not apply to organizations in verticals such as defense, national security, public security, law enforcement, judiciary, parliaments, and central banks.

As part of the proposed agreement, the European Union member states are mandated to incorporate the provisions into their national law within a period of 21 months from when the directive goes into force.

“The number, magnitude, sophistication, frequency and impact of cybersecurity incidents are increasing, and present a major threat to the functioning of network and information systems,” the Council noted in the draft.

“Cybersecurity preparedness and effectiveness are therefore now more essential than ever to the proper functioning of the internal market.”

Source :
https://thehackernews.com/2022/05/europe-agrees-to-adopt-new-nis2.html

This World Password Day consider ditching passwords altogether

Did you know that May 5, 2022, is World Password Day?¹ Created by cybersecurity professionals in 2013 and designated as the first Thursday every May, World Password Day is meant to foster good password habits that help keep our online lives secure. It might seem strange to have a day set aside to honor something almost no one wants to deal with—like having a holiday for filing your income taxes (actually, that might be a good idea). But in today’s world of online work, school, shopping, healthcare, and almost everything else, keeping our accounts secure is more important than ever. Passwords are not only hard to remember and keep track of, but they’re also one of the most common entry points for attackers. In fact, there are 921 password attacks every second—nearly doubling in frequency over the past 12 months.²

But what if you didn’t have to deal with passwords at all? Last fall, we announced that anyone can completely remove the password from their Microsoft account. If you’re like me and happy to ditch passwords completely, read on to learn how Microsoft is making it possible to start enjoying a passwordless life today. Still, we know not everyone is ready to say goodbye to passwords, and it’s not possible for all your online accounts. We’ll also go over some easy ways to improve your password hygiene, as well as share some exciting news from our collaboration with the FIDO Alliance about a new way to sign in without a password.

Free yourself with passwordless sign-in

Yes, you can now enjoy secure access to your Microsoft account without a password. By using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email, you can go passwordless with any of your Microsoft apps and services. Just follow these five steps:

Download and install Microsoft Authenticator (linked to your personal Microsoft account).
Sign in to your Microsoft account.
Choose Security. Under Advanced security options, you’ll see Passwordless account in the section titled Additional security.
Select Turn on.
Approve the notification from Authenticator.

User interface of Microsoft Authenticator app providing instructions on how to turn on passwordless account option.

Notification from Microsoft Authenticator app confirming user's password has been removed.

Once you approve the notification, you’ll no longer need a password to access your Microsoft accounts. If you decide you prefer using a password, you can always go back and turn off the passwordless feature. Here at Microsoft, nearly 100 percent of our employees use passwordless options to log into their corporate accounts.

Strengthen security with multifactor authentication

One simple step we can all take to protect our accounts today is adding multifactor authentication, which blocks 99.9 percent of account compromise attacks. The Microsoft Authenticator app is free and provides multiple options for authentication, including time-based one-time passcodes (TOTP), push notifications, and passwordless sign-in—all of which work for any site that supports multifactor authentication. Authenticator is available for Android and iOS and gives you the option to turn two-step verification on or off. For your Microsoft Account, multifactor authentication is usually only needed the first time you sign in or after changing your password. Once your device is recognized, you’ll just need your primary sign-in.

Microsoft Authenticator screen showing different accounts, including: Microsoft, Contoso Corporation, and Facebook.

Make sure your password isn’t the weak link

Rather than keeping attackers out, weak passwords often provide a way in. Using and reusing simple passwords across different accounts might make our online life easier, but it also leaves the door open. Attackers regularly scroll social media accounts looking for birthdates, vacation spots, pet names and other personal information they know people use to create easy-to-remember passwords. A recent study found that 68 percent of people use the same password for different accounts.³ For example, once a password and email combination has been compromised, it’s often sold on the dark web for use in additional attacks. As my friend Bret Arsenault, our Chief Information Security Officer (CISO) here at Microsoft, likes to say, “Hackers don’t break in, they log in.”

Some basics to remember—make sure your password is:

At least 12 characters long.
A combination of uppercase and lowercase letters, numbers, and symbols.
Not a word that can be found in a dictionary, or the name of a person, product, or organization.
Completely different from your previous passwords.
Changed immediately if you suspect it may have been compromised.

Tip: Consider using a password manager. Microsoft Edge and Microsoft Authenticator can create (and remember) strong passwords using Password Generator, and then automatically fill them in when accessing your accounts. Also, keep these other tips in mind:

Only share personal information in real-time—in person or by phone. (Be careful on social media.)
Be skeptical of messages with links, especially those asking for personal information.
Be on guard against messages with attached files, even from people or organizations you trust.
Enable the lock feature on all your mobile devices (fingerprint, PIN, or facial recognition).
Ensure all the apps on your device are legitimate (only from your device’s official app store).
Keep your browser updated, browse in incognito mode, and enable Pop-Up Blocker.
Use Windows 11 and turn on Tamper Protection to protect your security settings.

Tip: When answering security questions, provide an unrelated answer. For example, Q: “Where were you born?” A: “Green.” This helps throw off attackers who might use information skimmed from your social media accounts to hack your passwords. (Just be sure the unrelated answers are something you’ll remember.)

Passwordless authentication is becoming commonplace

As part of a historic collaboration, the FIDO Alliance, Microsoft, Apple, and Google have announced plans to expand support for a common passwordless sign-in standard. Commonly referred to as passkeys, these multi-device FIDO credentials offer users a platform-native way to safely and quickly sign in to any of their devices without a password. Virtually unable to be phished and available across all your devices, a passkey lets you sign in simply by authenticating with your face, fingerprint, or device PIN.

In addition to a consistent user experience and enhanced security, these new credentials offer two other compelling benefits:

Users can automatically access their passkeys on many of their devices without having to re-enroll for each account. Simply authenticate with your platform on your new device and your passkeys will be there ready to use—protecting you against device loss and simplifying device upgrade scenarios.
With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running. For example, users can sign in on a Google Chrome browser that’s running on Microsoft Windows, using a passkey on an Apple device.

These new capabilities are expected to become available across Microsoft, Apple, and Google platforms starting in the next year. This type of Web Authentication (WebAuthn) credential represents a new era of authentication, and we’re thrilled to join the FIDO Alliance and others in the industry in supporting a common standard for a safe, consistent authentication experience. Learn more about this open-standards collaboration and exciting passwordless capabilities coming for Microsoft Azure Active Directory in a blog post from Alex Simons, Vice President, Identity Program Management.

Helping you stay secure year-round

Read more about Microsoft’s journey to provide passwordless authentication in a blog post by Joy Chik, Corporate Vice President of Identity. You can also read the complete guide to setting up your passwordless account with Microsoft, including FAQs and download links. And be sure to visit Security Insider for interviews with cybersecurity thought leaders, news on the latest cyberthreats, and lots more.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Source :
https://www.microsoft.com/security/blog/2022/05/05/this-world-password-day-consider-ditching-passwords-altogether/

Are bigger SSD’s faster?

It’s possible you’ve read somewhere or someone gave you the following advice: a bigger SSD is faster. That is correct. If you take a specific SSD drive model and compare its 250 GB size variant to the 1 TB variant, the bigger one will be faster.

Again, I can’t stress this enough: we’re talking about the same model from the same manufacturer – only the size differs.

In this whole idea, we’re talking about comparing something like the Kingston A400 240 GB model to the Kingston A400 960 GB model. In this example, even the manufacturer stats about 100 MB/s faster write performance.

Ok, but why is a bigger SSD faster?

To put it simply, a bigger SSD has more NAND chips ranks and more channels that they can use in parallel. This leads to faster data transfer. This is a lame simplified explanation.

This of course, varies from manufacturer to manufacturer and that is because there are different controllers out there, different things a manufacturer can do in the SSD’s firmware and so on. But usually, you’ll see a measurable difference between the low capacity drives and the higher capacity ones.

Consider the DRAM Cache

The way an SSD uses its cache is by placing data in this lower-latency area, called the cache, so future requests for that data can occur much faster. These caches are usually of two types: DRAM Cache or SLC Cache.

Fast SSDs, usually have a DRAM cache. The controller of the SSD actually has this dynamic random-access memory (DRAM). Do not confuse this with the SLC cache.

Why would you care? Well, bigger SSDs have a bigger DRAM cache. Just check Samsung’s datasheet for the 870 EVO – on page 3 you’ll see the 1TB, 2TB, and 4TB have bigger and bigger DRAM caches than the 250/500GB drives.

that is the DRAM cache. Its an additional chip!

DRAM Cache and SLC Cache are completely different animals. Yes they both do the ‘cache’ action. They both have the purpose of accelerating the drive’s speed, but the cost and logic are different.

A DRAM cache is basically a separate chip in the PCB of your SSD. This DRAM chip is responsible for the work in your SSD, just as your system RAM is responsible for the operation of your PC. It temporarily stores data for the purpose of accelerating processing.

And because of the temporary storage function of the DRAM cache, many read and write processes can directly use the data in this cache – and it is a lot faster than starting from the beginning.

When we’re talking about the SLC cache, it is not a separate chip. Because it is called a cache and it is not really a true SLC NAND Flash chip, but a part of the space in the TLC or QLC’s NAND Flash IC, it simulates the SLC writing method. It simulates it as in it writes only 1 bit of data in each cell. This does improve the read/write performance of the SSD. But not as long or as much as a DRAM cache.

But! For an SSD without a DRAM cache, just a SLC Cache, the speeds will drop dramatically after that cache is exhausted from sequential writes – thye drop to the original value of the TLC NAND Flash. For these types of SSDs, without a DRAM cache, usually the indicated read/write speed in the tech specs are measured using the SLC Cache. (the test does not get to saturate the SLC cache and the average speed is higher. But if it were to be really tested, we’d see lower numbers once the SLC Cache can’t keep up)

The bottom line is: a drive without a DRAM Cache will not be able to sustain those advertised speeds for long.

Plus, a bigger DRAM Cache means you can abuse that drive more. By abusing, I mean giving it heavy workloads like a lot of writes/reads at once.

My 2cents? Never buy a DRAM-less SSD. SSDs that have a DRAM cache are so cheap nowadays it does not make sense to trade off the performance. Heck, I’ve seen DRAM-less SSDs a couple of bucks more expensive than the ones with a DRAM cache. I don’t know why.

How to tell if that SSD has a DRAM cache?

Just look up the datasheet on the manufacturer’s website. PCpartpicker also sometimes lists this specification in the Cache column.

If I’m in a hurry, if the manufacturer does not say anything about the DRAM cache, I will assume it has none. If I really want to know, just Google some review of that model.

TBW – total bytes written

A specification where bigger drives win again, as they allow for more writes before failure.

To be fair, a normal gamer/user will probably never saturate this even if we’re talking about a small drive. It takes a lot of work to actually write so much data and usually… you’ll probably want to upgrade to a bigger or faster drive before your old SSD will fial.

Nonetheless, it is worth mentioning that the TBW figure is also bigger in a bigger SSD.

Always try to buy bigger and with DRAM Cache

Enough said. Spending a little more for a bigger drive with a DRAM cache is always worth it. Always!

Examples of popular SSDs that do have a DRAM cache:

Samsung 870 EVO, 860 EVO, 850 EVO, 860 PRO, 980 PRO, 960 PRO, 970 EVO drives
Crucial MX500 drives
Gigabyte Aorus Gen4 7000s
Patriot Ignite 960 GB
Kingston A2000 M.2

Do note that the list above is not complete. I’m sure I’ve missed some. Those are just some popular drives that I can actually recommend if you are looking for suggestions on what to buy – and always strive to get the biggest capacity you can afford!

Final thoughts

If there is something to remember from this whole article is this: buy as big as your budget allows you and always buy an SSD that has a DRAM Cache. These two ideas will guarantee that you’ll not be disappointed with your new SSD.

Source :
https://techie-show.com/bigger-ssd-faster/