The Xiaomi Mi 10, which typically sells for well over $850, is now selling for just $679.99! The phone is technically not available in the US or many countries in Europe, but this amazing deal also comes with free international shipping, allowing you to have the phone delivered anywhere in the world. Just as a quick ...

Microsoft announced it has acquired Semantic Machines, a conversational AI startup providing chatbots and AI chat apps founded in 2014 having $20.9 million in funding from investors. The acquisition will help Microsoft catch up with Amazon Alexa, though the latter is more focused on enabling consumer applications of conversational AI.

Microsoft will use Semantic Machine’s acquisition to establish a conversational AI center of excellence in Berkeley to help it innovate in natural language interfaces.

Microsoft has been stepping up its products in conversational AI. It launched the digital assistant Cortana in 2015, as well as social chatbots like XiaoIce. The latest acquisition can help Microsoft beef up its ‘enterprise AI’ offerings.

As the use of NLP (natural language processing) increases in IoT products and services, more startups are getting traction from investors and established players. In June last year, Josh.ai, avoice-controlled home automation software has raised $8M.

Followed by it was SparkCognition that raised $32.5M Series B for its NLP-based threat intelligence platform.

It appears Microsoft’s acquisition of Semantic Machines was motivated by the latter’s strong AI team. The team includes technology entrepreneur Daniel Roth who sold his previous startups Voice Signal Technologies and Shaser BioScience for $300M and $100M respectively. Other team members include Stanford AI Professor Percy Liang, developer of Google Assistant Core AI technology and former Apple chief speech scientist Larry Gillick.

Siemens Building Technologies division announced it will acquire Enlighted Inc., a smart IoT building technology provider. The transaction is expected to close in Q3’18.

Enlighted Inc.’s core element is an advanced lighting control application. It is based on a patented, software-defined smart sensor that collects and monitors real-time occupancy, light levels, temperatures and energy usage.

The sensor can gauge temperature, light level, motion, energy, and has Bluetooth connectivity.

The Enlighted system works by collecting temperature, light and motion data via its smart sensors. A gateway device carries the information to Energy Manager, a secure browser-based interface to create profiles and adjust settings of the entire Enlighted Advanced Lighting Control System. The Energy manager operates as an analytics device.

The whole system consists of multi-function sensors, distributed computing, a network, and software applications run by Enlighted Inc.

Enlighted Inc.’s main target market is commercial real estate. Key use cases of its intelligent Lighting Control System are energy efficiency, controlling heating, ventilation and air conditioning, and building utilization reports.

Use the Postscapes 'Connected Products Framework' to understand the smart home and buildings eco-system.

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.

ASP Forums version 2.1 suffers from a database disclosure vulnerability.

ASP Gateway 1.0.0 suffers from a database disclosure vulnerability.

The ZyXEL P-660HN-T1 V2 rpWLANRedirect.asp page is missing authentication and discloses an administrator password.

Ac4p.com Gallery version 1.0 suffers from cross site scripting, phpinfo disclosure, shell upload, and insecure cookie handling vulnerabilities.

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

FreeBSD Security Advisory - The kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Sensitive kernel data may be disclosed.

The CA BrightStor Discovery Service overflow exploit is a perl module exploits a vulnerability in the CA BrightStor Discovery Service which occurs when a large request is sent to UDP port 41524, triggering a stack overflow. Targets include Win32, win2000, winxp, and win2003. More information available here.

CA BrightStor Discovery Service SERVICEPC Overflow for Win32, win2000, winxp, and win2003 which exploits a vulnerability in the TCP listener on port 45123. Affects all known versions of the BrightStor product. More information available here.

Phrack Viewer Discretion Advised write up called (De)coding an iOS Kernel Vulnerability.

Cisco Security Advisory - Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device. Cisco has available free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.