With E3 (Electronic Entertainment Expo) starting this week, we can expect a flood of gaming news. It remains to be seen if the person or people trying to extort Polish game developer CD Projekt Red will choose this week to leak stolen Cyberpunk 2077 game files.Instead of staying quiet about an extortion attempt, CD Projekt Red, the developers behind The Witcher 3, got out ahead of any potential leak by tweeting:
An unidentified individual or individuals have just informed us they are in possession of a few internal files belonging to CD PROJEKT RED. Among them are documents connected to early designs for the upcoming game, Cyberpunk 2077.To read this article in full or to leave a comment, please click here
If you were running Windows 10, then you didn’t need to worry about your box being hit with the leaked NSA EternalBlue exploit; but things change and now researchers have ported EternalBlue to Windows 10.After the WannaCry ransomware attack, some defenders focused on building detection rules to protect against the DoublePulsar backdoor implant; but beware as RiskSense researchers completely removed DoublePulsar. They warned that DoublePulsar is a “red herring for defenders to focus on, as stealthier payload mechanisms can be crafted.”While they are not revealing all the details about the exploit chain so attackers can jump on them, they hope white hat security researchers benefit from the technical overview of the exploit process “so that new generic and targeted techniques can be developed to prevent attacks.”To read this article in full or to leave a comment, please click here
If you were running Windows 10, then you didn’t need to worry about your box being hit with the leaked NSA EternalBlue exploit; but things change and now researchers have ported EternalBlue to Windows 10.After the WannaCry ransomware attack, some defenders focused on building detection rules to protect against the DoublePulsar backdoor implant; but beware as RiskSense researchers completely removed DoublePulsar. They warned that DoublePulsar is a “red herring for defenders to focus on, as stealthier payload mechanisms can be crafted.”While they are not revealing all the details about the exploit chain so attackers can jump on them, they hope white hat security researchers benefit from the technical overview of the exploit process “so that new generic and targeted techniques can be developed to prevent attacks.”To read this article in full or to leave a comment, please click here
Russian military intelligence hackers, believed to be working within the Russian General Staff Main Intelligence Directorate (GRU), tried to break into VR Systems, a company that sells voting registration equipment which was used in the 2016 election. That’s what the NSA determined, according to a classified intelligence report which was leaked to The Intercept.An hour after The Intercept published the NSA document, the Justice Department announced charges against Reality Leigh Winner, a 25-year-old intelligence contractor working for Pluribus International Corporation in Georgia. She had only been working as a Pluribus contractor since Feb. 13. Winner, accused of “removing classified material from a government facility and mailing it to a news outlet,” has been charged with Espionage Act.To read this article in full or to leave a comment, please click here
Russian military intelligence hackers, believed to be working within the Russian General Staff Main Intelligence Directorate (GRU), tried to break into VR Systems, a company that sells voting registration equipment which was used in the 2016 election. That’s what the NSA determined, according to a classified intelligence report which was leaked to The Intercept.An hour after The Intercept published the NSA document, the Justice Department announced charges against Reality Leigh Winner, a 25-year-old intelligence contractor working for Pluribus International Corporation in Georgia. She had only been working as a Pluribus contractor since Feb. 13. Winner, accused of “removing classified material from a government facility and mailing it to a news outlet,” has been charged with Espionage Act.To read this article in full or to leave a comment, please click here
They’re back…The Dark Overlord, the hacking group which released 10 of 13 new Orange Is the New Black episodes in late April after Netflix refused to pay a ransom, has now leaked nearly the entire first season of ABC’s upcoming Steve Harvey’s Funderdome.Back in April, TDO warned ABC, National Geographic, Fox and IFC that the group wasn’t playing games anymore. Then on June 2, TDO tweeted, “American Broadcasting Company may be up next, ladies and gentlemen.”To read this article in full or to leave a comment, please click here
They’re back…The Dark Overlord, the hacking group which released 10 of 13 new Orange Is the New Black episodes in late April after Netflix refused to pay a ransom, has now leaked nearly the entire first season of ABC’s upcoming Steve Harvey’s Funderdome.Back in April, TDO warned ABC, National Geographic, Fox and IFC that the group wasn’t playing games anymore. Then on June 2, TDO tweeted, “American Broadcasting Company may be up next, ladies and gentlemen.”To read this article in full or to leave a comment, please click here
If your phone doesn’t ring, yet you have received voicemail, did that voicemail qualify as a call? If it didn’t count as a call, then the telemarketer behind the pre-recorded voicemail message may claim it can leave “ringless voicemail” (RVM) for people even on the Do Not Call list.The FCC is currently deciding if it should ban ringless voicemail or if those spammy voicemail messages don’t count as calls as companies using direct-to-voicemail insertion technology claim.All About the Message, a ringless voicemail company, petitioned the FCC to “declare that the delivery of a voice message directly to a voicemail box does not constitute a call that is subject to the prohibitions on the use of an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice” under the Telephone Consumer Protection Act (pdf).To read this article in full or to leave a comment, please click here
If your phone doesn’t ring, yet you have received voicemail, did that voicemail qualify as a call? If it didn’t count as a call, then the telemarketer behind the pre-recorded voicemail message may claim it can leave “ringless voicemail” (RVM) for people even on the Do Not Call list.The FCC is currently deciding if it should ban ringless voicemail or if those spammy voicemail messages don’t count as calls as companies using direct-to-voicemail insertion technology claim.All About the Message, a ringless voicemail company, petitioned the FCC to “declare that the delivery of a voice message directly to a voicemail box does not constitute a call that is subject to the prohibitions on the use of an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice” under the Telephone Consumer Protection Act (pdf).To read this article in full or to leave a comment, please click here
OneLogin, an identity management company which provides a single sign-on platform for logging into multiple apps and sites, was hacked. US customer data was potentially compromised,“including the ability to decrypt encrypted data.”The company, which claims “over 2000+ enterprise customers in 44 countries across the globe trust OneLogin,” announced the security incident on May 31. It was short on details, primarily saying the unauthorized access it detected had been blocked and law enforcement was notified.To read this article in full or to leave a comment, please click here
OneLogin, an identity management company which provides a single sign-on platform for logging into multiple apps and sites, was hacked. US customer data was potentially compromised,“including the ability to decrypt encrypted data.”The company, which claims “over 2000+ enterprise customers in 44 countries across the globe trust OneLogin,” announced the security incident on May 31. It was short on details, primarily saying the unauthorized access it detected had been blocked and law enforcement was notified.To read this article in full or to leave a comment, please click here
About 28GB of sensitive US intelligence data was discovered on a publicly-accessible Amazon Web Services’ S3 storage bucket. The cache, containing over 60,000 files, was linked to defense and intelligence contractor Booz Allen Hamilton, which was working on a project for the US National Geospatial-Intelligence Agency (NGA). NGA provides satellite and drone surveillance imagery for the Department of Defense and the US intelligence community.The unsecured data was discovered by Chris Vickery, who now works as a cyber risk analyst for the security firm UpGuard.According to UpGuard, the “information that would ordinarily require a Top Secret-level security clearance from the DoD was accessible to anyone looking in the right place; no hacking was required to gain credentials needed for potentially accessing materials of a high classification level.”To read this article in full or to leave a comment, please click here
About 28GB of sensitive US intelligence data was discovered on a publicly-accessible Amazon Web Services’ S3 storage bucket. The cache, containing over 60,000 files, was linked to defense and intelligence contractor Booz Allen Hamilton, which was working on a project for the US National Geospatial-Intelligence Agency (NGA). NGA provides satellite and drone surveillance imagery for the Department of Defense and the US intelligence community.The unsecured data was discovered by Chris Vickery, who now works as a cyber risk analyst for the security firm UpGuard.According to UpGuard, the “information that would ordinarily require a Top Secret-level security clearance from the DoD was accessible to anyone looking in the right place; no hacking was required to gain credentials needed for potentially accessing materials of a high classification level.”To read this article in full or to leave a comment, please click here
The idea of crowdfunding to raise enough money to buy NSA-linked hacking tools from the Shadow Brokers is picking up steam and making some people steam.The price tag for getting hold of stolen Equation Group hacking tools is 100 Zcash. When I started the article about the Shadow Brokers revealing details about its June dump of the month subscription service, the cost of 100 Zcash was equal to $22,779. By the time I finished writing, it was equal to $23,251. As I start this article, 100 Zcash is equal to $24,128. By tomorrow, the first day to subscribe to the Shadow Brokers monthly dump service, Zcash will likely cost even more dollars. If you don’t have that kind of money, but want to partake in the spoils of the June dump, then maybe crowdfunding is the way to go?To read this article in full or to leave a comment, please click here
The idea of crowdfunding to raise enough money to buy NSA-linked hacking tools from the Shadow Brokers is picking up steam and making some people steam.The price tag for getting hold of stolen Equation Group hacking tools is 100 Zcash. When I started the article about the Shadow Brokers revealing details about its June dump of the month subscription service, the cost of 100 Zcash was equal to $22,779. By the time I finished writing, it was equal to $23,251. As I start this article, 100 Zcash is equal to $24,128. By tomorrow, the first day to subscribe to the Shadow Brokers monthly dump service, Zcash will likely cost even more dollars. If you don’t have that kind of money, but want to partake in the spoils of the June dump, then maybe crowdfunding is the way to go?To read this article in full or to leave a comment, please click here
The Shadow Brokers revealed pricing and other details about its monthly dump service which kicks off in June. Subscribers of the dump of the month club will not be shelling out bitcoins, but a different cryptocurrency: 100 (ZEC) Zcash. At the time of publishing, 100 Zcash was equal to $23,251.Over the weekend, the Shadow Brokers moved bitcoins worth about $24,000 to over 30 smaller wallets. The bitcoins had been received back when the group was trying to auction off the hacking tools. Mikko Hypponen noticed the change after an alert he set on their bitcoin wallet went off.To read this article in full or to leave a comment, please click here
The Shadow Brokers revealed pricing and other details about its monthly dump service which kicks off in June. Subscribers of the dump of the month club will not be shelling out bitcoins, but a different cryptocurrency: 100 (ZEC) Zcash. At the time of publishing, 100 Zcash was equal to $23,251.Over the weekend, the Shadow Brokers moved bitcoins worth about $24,000 to over 30 smaller wallets. The bitcoins had been received back when the group was trying to auction off the hacking tools. Mikko Hypponen noticed the change after an alert he set on their bitcoin wallet went off.To read this article in full or to leave a comment, please click here
Do you use Kodi, Popcorn Time, VLC or Stremio? Do you use subtitles while you watch? If so, then you need to update the platform as Check Point researchers revealed that not all subtitles are benign text files and hackers can remotely take control of any device running vulnerable software via malicious subtitles.The attack is not in the wild, since Check Point developed the proof of concept attack vector; however, with news of the attack vector and an estimated 200 million video players and streaming apps running vulnerable software, attackers might jump on the malicious subtitle wagon to gain remote access to victims’ systems.To read this article in full or to leave a comment, please click here
Do you use Kodi, Popcorn Time, VLC or Stremio? Do you use subtitles while you watch? If so, then you need to update the platform as Check Point researchers revealed that not all subtitles are benign text files and hackers can remotely take control of any device running vulnerable software via malicious subtitles.The attack is not in the wild, since Check Point developed the proof of concept attack vector; however, with news of the attack vector and an estimated 200 million video players and streaming apps running vulnerable software, attackers might jump on the malicious subtitle wagon to gain remote access to victims’ systems.To read this article in full or to leave a comment, please click here
When it comes to security and the iris recognition technology used in its flagship Galaxy S8 smartphone, Samsung touted, “The patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private.”But the Chaos Computer Club (CCC) made a mockery of Samsung’s “virtually impossible to replicate” claims, easily defeating the iris recognition system used in the new Galaxy S8 with nothing more than a camera, a printer, and a contact lens.Not only can the iris authentication system be broken to unlock an S8, the same trick could allow an attacker to access the victim’s mobile wallet. Just last week, Samsung Pay tweeted a short iris scan video ad along with, “Every eye is unique. Now you can use yours to make purchases with Samsung Pay.”To read this article in full or to leave a comment, please click here