Save-Point
News of the Cyber World - Printable Version

+- Save-Point (https://www.save-point.org)
+-- Forum: Official Area (https://www.save-point.org/forum-3.html)
+--- Forum: Tech Talk (https://www.save-point.org/forum-87.html)
+--- Thread: News of the Cyber World (/thread-7678.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37


RE: News of the Cyber World - kyonides - 10-17-2020

Twitter's Breach and a Request for a Specialized Regulator
New York’s Department of Financial Services Superintendent Linda Lacewell Wrote:Social-media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity.
The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer.
The risks posed by social media to our consumers, economy, and democracy are no less grave than the risks posed by large financial institutions.

CyberScoop Wrote:The New York regulator’s investigation also faulted Twitter for not having a chief information security officer at the time of the breach. Twitter has since hired Rinki Seth, a former IBM executive, as CISO.

Barnes & Noble cyber incident
could expose customer shipping addresses, order history
https://www.cyberscoop.com/barnes-noble-cyber-incident-customer-data/
CyberScoop Wrote:Barnes & Noble told customers it was the victim of a cyberattack that led to “unauthorized and unlawful access” of its corporate systems.
Barnes & Noble didn’t detail the entire nature of the “cybersecurity attack” in its email Wednesday, but confirmed that customers’ shipping addresses, billing addresses, email addresses and phone numbers could have been exposed. Payment card information wasn’t compromised as a part of this incident, but customers’ order history may also be exposed, according to Barnes & Noble.
Customers’ access to Nook e-readers has also been interrupted, Barnes & Noble said on Twitter.

TrickBot the Criminal Zombie Computer Network is Still Alive
https://www.cyberscoop.com/microsoft-trickbot-cyber-command-botnet/
Even if US Cyber Command, Microsoft and Symantec have joined forces to stop a network of infected computers controlled by Russian speaking hackers, TrickBot manages to survive. This means it's still stealing data and sending ransomware to its targets.
Cofense Labs, a cyber security company, reported seeing Emotet, a credential-stealing malicious software, again being used to distribute TrickBot.


Zoom to begin end-to-end encryption rollout with monthlong preview
https://www.cyberscoop.com/zoom-encryption-data-protection/
CyberScoop Wrote:Zoom says it will preview its end-to-end encryption feature for all users, free and paid, as the first phase of its plan to fully roll out the security technology.
The technical preview of end-to-end encryption is the inaugural phase of four, the company said Wednesday, with the idea that it will solicit user feedback during a 30-day period. End-to-end encryption means that no outsiders can access a call, not even law enforcement or Zoom itself.

They claim the system will distribute the encryption keys without storing them in their servers. Only call participants would be able to retrieve them. Confused Such method would probably imply decryption might take place in your computer not a server...


RE: News of the Cyber World - kyonides - 10-20-2020

US Government sued Google Shocked
https://www.bbc.com/news/business-54619148
BBC Wrote:The US government has filed charges against Google, accusing the company of violating competition law to preserve its monopoly over internet searches and online advertising.
Google called the case "deeply flawed".
"People use Google because they choose to - not because they're forced to or because they can't find alternatives," it said.

We've learned how many people view Google, Apple, Amazon, MS, Facebook and Twitter as major players in the technological field. How many times have people accused them of monopolizing the market? Thinking

Tongue sticking out Nope, I wasn't talking about a videogame featuring a tyrant with an apple for a head here but that also makes sense now. Laughing

Why would the US care about Google's business practices? Confused

BBC Wrote:The charges, filed in federal court, were brought by the US Department of Justice and 11 other states. The lawsuit focuses on the billions of dollars Google pays each year to ensure its search engine is installed as the default option on browsers and devices such as mobile phones.
Officials said those deals have helped secure Google's place as the "gatekeeper" to the internet, allowing it to own or control the distribution channels for about 80% of search queries in the US.
"General search engine competitors are denied vital distribution, scale, and product recognition - ensuring they have no real chance to challenge Google."
The suit said the deals have hurt the public by damaging search quality in terms of privacy and data protection, reducing choice and thwarting innovation.


OK, this makes a hell lot of sense now. Happy with a sweat If you've pretty much bought manufacturers out there, why would they be ever interested in preinstalling Bing or Amazon or even DuckDuckGo? Laughing

Check out what one of the experts think on this move.

BBC Wrote:Sally Hubbard, who works for the Open Markets Institute, a Washington think tank that has long pushed for more aggressive action against big tech firms, said focusing on Google's search distribution deals was one of the easiest legal cases to make against the company.

So is there a chance US government will actually win the lawsuit? Thinking Interesting... Shocked It's probable other states will join the lawsuit or file their own later on.
Let's keep in mind that the European Commission has demanded that Google should pay €8.2 billions or $9.5 billions in fines. Happy with a sweat

Use your cellphone on the Moon Shocked
https://www.theguardian.com/science/2020/oct/20/talking-on-the-moon-nasa-and-nokia-to-install-4g-on-lunar-surface

The Guardian Wrote:The Finnish equipment manufacturer said it was selected by Nasa to deploy an “ultra-compact, low-power, space-hardened” wireless 4G network on the lunar surface, as part of the US space agency’s plan to establish a long-term human presence on the moon by 2030.
The $14.1m contract, awarded to Nokia’s US subsidiary, is part of Nasa’s Artemis programme which aims to send the first woman, and next man, to the moon by 2024.
Nokia’s network equipment will be installed remotely on the moon’s surface using a lunar hopper built by Intuitive Machines in late 2022, Nokia said.

They claim it will be configured automatically upon deployment. Shocked



It will allow astronauts to command and control functions, remotely control lunar rovers, get real time navigation and even streaming HD video!

Initially they will deploy a 4G system, hoping to upgrade it later on.

NASA will also spent another $370 millions in other top notch technologies that might let people finally live on the moon. Shocked


RE: News of the Cyber World - kyonides - 10-24-2020

Phantasy Star Online 2: New Genesis Game Announced for 2021
https://www.animenewsnetwork.com/news/2020-07-24/phantasy-star-online-2-new-genesis-game-announced-for-2021/.162183
Just in case you had not heard anything about this as of yet, now you can get a few details on the new release. Grinning

Anime News Network Wrote:Phantasy Star Online 2 update launches for Xbox One, Series X, PC in West; PS4, PC, Switch in Japan
The Xbox Games Showcase announced the Phantasy Star Online 2: New Genesis game on Thursday for release in 2021. The game is listed for the Xbox One, Xbox Series X, and PC in the West. The game is listed for the PlayStation 4 and PC in Japan, with a cloud version for the Nintendo Switch and PC.
The "massive update" will mark the 20th anniversary of Phantasy Star Online and launch instead of a new episode after the release of Phantasy Star Online 2's Episode 6. The Phantasy Star Online 2: New Genesis open-field online role-playing game will feature an upgraded graphics engine and game system. The game will also have a new story, battle system, and character creation system. The game's official website notes that the "twin universes" of Phantasy Star Online 2 and Phantasy Star Online 2: New Genesis "exist side by side," and players will be able to switch between the two.

Nonetheless, I can't guarantee KDC won't be disappointed at how many scenes they will cut from the game.

Link to the



RE: News of the Cyber World - KDC - 10-24-2020

I'm, already well aware that THAT game is getting released. But no. I wouldn't be disappointed. But that would depend if there's an important part of the story missing or not because of a missing cut scene that Japan would have, and the rest of the world don't have.

Wait a moment. How is THAT Cyber World News?


RE: News of the Cyber World - kyonides - 10-24-2020

Well, it's Phantasy Star ONLINE 2 so yeah it's a cyber news article after all. Laughing
It doesn't matter if it's exclusive for PC or PS4 or 5 or multiplatform.

youtube-dl End Of Life?
https://www.zdnet.com/article/riaa-blitz-takes-down-18-github-projects-used-for-downloading-youtube-videos/
Microsoft seemed to have partnered with groups interested in protecting their copyrighted audiovisual works. Thus it no longer offers GitHub repositories for the popular youtube-dl Snake Python project. People that depended on it to download YouTube videos might have no other choice but stay connected to the internet to watch those videos every single time they need them. Laughing
It's supposed to be a HUGE loss for GitHub, it was one of its star repositories with over 72,000 stars. Shocked

Phishing groups are collecting
user data, email and banking passwords
via fake voter registration forms
https://www.zdnet.com/article/phishing-groups-are-collecting-user-data-email-and-banking-passwords-via-fake-voter-registration-forms/
ZeroDayNet Wrote:Spotted by email security firms KnowBe4 and Proofpoint, these campaigns are spoofing the identity of the US Election Assistance Commission (EAC), the US government agency responsible for managing voter registration guidelines.
Subject lines in this campaign are simple and play on the fear of US citizens that their voter registration request might have failed.
Using subject lines like "voter registration application details couldnt be confirmed" and "your county clerk couldnt confirm voter registration," users are lured to web pages posing as government sites and asked to fill a voter registration form again.

Data usually collected via these forms includes:
  • Name
  • Date of birth
  • Mail address
  • Email address
  • Social Security Number (SSN)
  • Driver's license information
The hacking group has now expanded its phishing site to include new fields that also ask for:
  • Bank name
  • Bank account number
  • Bank account routing number
  • Banking ID/username
  • Banking account password
  • Email account passwords
  • Vehicle Identification Number (VIN)
To allay fears, the spammers claim this extra information is needed so users can claim a "stimulus."


RE: News of the Cyber World - KDC - 10-24-2020

(10-24-2020, 07:07 PM)kyonides Wrote: Well, it's Phantasy Star ONLINE 2 so yeah it's a cyber news article after all. Laughing
It doesn't matter if it's exclusive for PC or PS4 or 5 or multiplatform.

Well, that's a fair point there. Never thought of it that way.


RE: News of the Cyber World - kyonides - 11-07-2020

Iran and suspicious domains
They used fake news websites
https://www.cyberscoop.com/more-domains-seized-iran-doj/
CyberScoop Wrote:27 domains in the latest takedown were “registered with U.S.-based domain registrars and used top-level domains owned by U.S.-based registries,” according to the Justice statement, making them subject to several U.S. laws that restrict Iran’s economic activity in the U.S.
DOJ said the four domains allegedly aimed at U.S. audiences — rpfront.com, ahtribune.com, awdnews.com and criticalstudies.org — were in violation of the Foreign Agents Registration Act, a transparency law that governs the political activities of representatives of foreign entities in the U.S.

Eastern European Ryuk Malware hits US Hospitals
https://www.cyberscoop.com/ransomware-hospitals-ryuk-fireeye/
CyberScoop Wrote:An Eastern European cybercriminal group has conducted ransomware attacks at multiple U.S. hospitals in recent days in some of the most disruptive cyber-activity in the sector during the coronavirus pandemic.The group, which FireEye calls UNC1878, has been deploying Ryuk ransomware and taking multiple hospital IT networks offline.

Oregon’s Sky Lakes Medical Center, Canton-Potsdam, Massena and Gouverneur hospitals are among its latest victims. Confused

Apple releases patches for 3 iOS zero days
that hackers have been using for targeted attacks
https://www.cyberscoop.com/apple-ios-update-vulnerabilities-exploited-google/

CyberScoop Wrote:Apple has issued fixes for three critical bugs in its software for iPhones, iPads and iPods that could allow an attacker to burrow into the inner sanctum of a device’s operating system and steal data.
Two of the bugs affect the kernel, the core of the device’s operating system which handles interactions between hardware and software. Controlling the kernel essentially gives an attacker free rein over a device’s operating system and the data stored in it.

Why should you apply the patches? Well, the consequences could be disastrous for hackers have been exploiting the vulnerabilities for quite some time now. Sad So if you haven't updated your device this Thursday, now it's a perfect time to do it! Shocked


RE: News of the Cyber World - kyonides - 11-13-2020

XBox Series X and S Lauched
https://www.eurogamer.net/articles/2020-11-12-xbox-series-x-s-was-the-biggest-xbox-launch-ever
They claimed they had sold more consoles in more countries than ever before.

Eurogamer Wrote:The mention of more countries this time around is also important. Xbox Series S/X arrived on the same day in 37 markets, compared to just 13 for the Xbox One.

They refused to tell us how many consoles they've sold so far and even stated that Google won't reveal how many chromecast pros they've sold.

Phil Spencer on XBox Series X
https://www.theguardian.com/games/2020/nov/11/xbox-phil-spencer-interview-microsoft-series-x
The Guardian Wrote:The looming Netflix-ification of video games threatens to upend the whole idea of video game consoles. Amazon and Google are both working on game streaming services that let people play cutting-edge games without paying for a box that sits under the TV. And Microsoft has spent the past five years spending billions on game developers to shore up its star service: Xbox Game Pass, a monthly subscription that lets you play hundreds of games for a monthly fee.

So be aware of their interest in going online instead of just focusing on a specialized console that depends on discs.

Microsoft Executive Vice President of Gaming Phil Spencer Wrote:Things that lack backwards compatibility become less interesting. Putting our games on PC becomes a reason that somebody doesn’t have to go and buy an Xbox Series X. I’ll hold fast to this.
The good part is that you can also play them on your PC! Grinning
Oh and Microsoft had acquired Bethesda Softworks for $7,5 billions. Happy with a sweat They're the company behind hits like Elder Scrolls and Fallout. Thinking

Microsoft Executive Vice President of Gaming Phil Spencer Wrote:From a pure business standpoint, I think what we’ve seen is an acceleration of a trend that was already happening: gaming is already the fastest-growing form of media and the largest business that’s out there. I know certain people say it’ll go back to normal, but I think what we’ve seen is new people finding video games as a great outlet for them, and that’s gonna continue for years and decades.

So it seems Microsoft feels confident their latest purchase will pay off in (a slightly short period of) time. Happy with a sweat


RE: News of the Cyber World - kyonides - 11-16-2020

Email Appender Implant
https://www.cyberscoop.com/email-appender-implant-gemini-advisory/
Hackers now might rely on a new tool to get into your email account and spread malware. It's called the Email Appender and it's available on the dark web.

How does it work?

CyberScoop Wrote:First, attackers must obtain valid email addresses and associated passwords, often available on the dark web at a low cost. Then the attacker has to upload the compromised credentials into Email Appender, which checks the credentials and connects to the accounts through the Internet Message Access Protocol, a standard protocol email clients use to retrieve messages. From there, attackers can use an IMAP feature that allows an authenticated user to append a message to their inboxes, and can amend the “Sender,” “From” and “Reply-To” fields.

The experts' recommendation

The best way to render Email Appender impotent is to enable multi-factor authentication. Once an account is protected with more than just a password, the malicious software can’t do its job.


RE: News of the Cyber World - kyonides - 11-17-2020

Video game company Capcom details attack
Data breach by ransomware gang
https://www.cyberscoop.com/capcom-ransomware-data-breach-ragnar-locker/
CyberScoop Wrote:The Japanese video game company known for the “Resident Evil” and “Street Fighter” series confirmed Monday that a ransomware attack in early November potentially exposed data about thousands of customers and business partners.
Capcom said an investigation of the Nov. 2 breach showed that personal information of a handful of current and former employees definitely had been compromised, as well as company sales reports and other financial information. Another 350,000 records of employees, shareholders, customers and other business partners also may have been exposed.
The company confirmed that the ransomware gang known as Ragnar Locker was responsible for the attack, and said it had referred the matter to law enforcement in Japan and the U.S., as well as data protection agencies in Japan and Europe. Earlier reports had pinned the Capcom attack on the group. Ragnar Locker also was blamed in a recent attack on beverage company Campari.

Here's why Americans and Canadians should care about this incident. Confused

CyberScoop Wrote:The potential North American victims of the breach include about 14,000 accounts on the Capcom Store website, where names, birthdates and email addresses were exposed.

Let's hope Ragnar Locker doesn't use the Email Appender tool to attach malware to emails. Sad

Zoom's New Tools to Combat Zoombombing
https://www.cyberscoop.com/zoom-zoombombing-tools/
CyberScoop Wrote:“Suspend Participant Activities,” one of the three tools Zoom detailed in a blog post, allows Zoom hosts to pause meeting functions to report disruptive attendees. Afterward, the host can resume video, audio, screen sharing and other features one-by-one.
A second tool, “Report by Participants,” allows other participants to directly file reports themselves about disruptive attendees, expanding a power hosts already have.
The third tool is one that Zoom has been using internally this fall. “At-Risk Meeting Notifier” scans social media for Zoom meeting links, then once it finds publicly posted meeting information that stands a high chance of being disrupted, notifies account owners.

Winking So please take advantage of these three new tools to get rid of pesky elements that pretend to hurt your eyes with indecent content.
By the way, Americans, the company also recently announced it would lift the 40 minute time limit for free users on Thanksgiving.