Dismiss this notice
ExpressVPN Valentines 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=14246

Dismiss this notice
Internet Download Manager Giveaway - https://www.geeks.fyi/showthread.php?tid=14245

Information Hackers Steal FIFA 21 Source Code, Tools in EA Breach
Posted by: silversurfer - Yesterday, 07:23 - Forum: Privacy & Security News - No Replies

Quote:Hackers have breached computer game maker Electronic Arts (EA) and stolen source code and related tools for the company’s extensive game library, the company has confirmed.
EA said it’s investigating “a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” according to a statement published in numerous online reports. The longtime game developer is known for titles such as The Sims, Madden NFL and FIFA 21.
“No player data was accessed, and we have no reason to believe there is any risk to player privacy,” the company said. EA did not immediately return an emailed request for comment from Threatpost Friday morning.
Despite EA’s downplaying of the incident, the initial source that reported it suggested the breach was indeed quite serious. A report in Vice Motherboard published late Thursday claims hackers posted on a dark web forum that they have taken the source code for EA’s FIFA 21 as well as code for its matchmaking server, in addition to numerous other company assets.
That post appears to be available via a Google cached web page from June 6 that bears the headline “We sell the FIFA 21 full src code and tools,” asking for a price of $28 million for the 780 gigabyte data dump.
The web page, which was emailed to Threatpost, lists a raft of stolen information, including the FIFA 21 matchmaking server, FIFA 22 API keys and some SDK and debugging tools; and the source code for FrostBite, the engine that powers other EA games, including Battlefied, as well as related debugging tools.
Hackers also claim they have code for “many proprietary EA games, frameworks and SDKs,” as well as other EA proprietary code and API keys. “You have full capability of exploiting on all EA services,” they wrote in the post.

Read more: Hackers Steal FIFA 21 Source Code, Tools in EA Breach | Threatpost

Print this item

Information Cyberpunk 2077 Hacked Data Circulating Online
Posted by: silversurfer - Yesterday, 07:21 - Forum: Privacy & Security News - No Replies

Quote:Earlier this year, the company suffered a ransomware attack in which a cyberattack group (believed by some to be the HelloKitty gang) “gained access to our internal network, collected certain data belonging to CD PROJEKT Capital Group and left a ransom note,” the company said at the time.
The ransomware also encrypted the company’s systems, but CD Projekt Red was able to restore everything from backup – leaving the real issue to be the stolen data.
Ransomware gangs have doubled down on the increasingly common “double-extortion” threat, saying they will auction stolen data if victims don’t pay. Many also maintain “name and shame” blogs – used by operators to post leaked data from victims that refused to send over a ransom.
And indeed, in the CD Projekt Red ransom note (also tweeted out), the cybercriminals said that they had “dumped full copies” of the source code for Cyberpunk 2077, Gwent, the Witcher 3 and an “unreleased version” of the Witcher 3; and, stolen sensitive corporate information relating to accounting, administration, HR, investor relations, legal and more.
“Source codes will be sold or leaked online, and your documents will be sent to our contacts in gaming journalism,” according to the note, which went on to say that not paying up has an impact to the company’s public image, stock price and investor confidence. The attackers claimed that the information will expose how terribly the company is run.
Now, four months later, the crooks seem to be making good on their promise regarding the information. In an update posted late Thursday, CD Projekt Red said that its security staff “now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the internet.”
It added that it’s in the process of clarifying just which data is being circulated, “though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.”

Read more: Cyberpunk 2077 Hacked Data Circulating Online | Threatpost

Print this item

Information Baby Clothes Giant Carter’s Leaks 410K Customer Records
Posted by: silversurfer - Yesterday, 07:18 - Forum: Privacy & Security News - No Replies

Quote:Baby clothes retailer Carter’s inadvertently exposed the personal data of hundreds of thousands of its customers, dating back years, according to a new disclosure.
The issue started with Linc, which is a vendor the company used to automate purchases online, according to analysts with vpnMentor who first discovered the issue. The Linc system was delivering customers shortened URLs with Carter’s purchase and shipping details without basic security protections. The links contained everything from purchase details to tracking information and more.
“Furthermore, by modifying the Linc URLs (to which the shortened URLs were redirecting), it was possible to access backend JSON data, which revealed even more personal information about customers that wasn’t exposed by the confirmation pages, such as: Full names delivery addresses and phone numbers,” the report explained.
The analysts calculated that more than 410,000 records, and hundreds of thousands of customer records, were exposed in the leak — which they estimated dates as far back as 2015.
“Those shortened URLs were easily discoverable to hackers due to a lack of sufficient entropy or compensating security protocols,” the vpnMentor analysts wrote. “Carter’s also put no authentication in place to verify that only the person who’d made the purchase could visit the confirmation page.”
Compounding the risk, the researchers found that the links never expired, meaning customers who might have purchased from Carter’s years ago were still potentially in danger.

Read more: Baby Clothes Giant Carter’s Leaks 410K Customer Records | Threatpost

Print this item

Information Monumental Supply-Chain Attack on Airlines Traced to State Actor
Posted by: silversurfer - Yesterday, 07:16 - Forum: Privacy & Security News - No Replies

Quote:A monster cyberattack on SITA, a global IT provider for 90 percent of the world’s airline industry, is slowly unfurling to reveal the largest supply-chain attack on the airline industry in history.

The enormous data breach, estimated to have already impacted 4.5 million passengers, has potentially been traced back to the Chinese state-sponsored threat actor APT41, and analysts are warning airlines to hunt down any traces of the campaign concealed within their networks.

SITA announced the attack in March, and soon after Singapore and Malaysia Airlines were the first airlines to disclose that their customers’ personal data had been exposed. Most recently, SITA’s customer Air India reported an attack on its systems.
“After Air India revealed the details of its security breach, it became clear that the carriers were most likely dealing with one of the biggest supply-chain attacks in the airline industry’s history,” Group-IB analyst Nikita Rostovcev said in a recent report about the discovery.

The campaign’s code name is ColunmTK, the Group-IB report said, which researchers came up with by combining the first two domains used for DNS tunneling in the attack: ns2[.]colunm[.]tk and ns1[.]colunm[.]tk.

Read more: Monumental Supply-Chain Attack on Airlines Traced to State Actor | Threatpost

Print this item

  First Preview Of Windows 11
Posted by: Imran - 11 June 21, 14:09 - Forum: Microsoft Windows News - No Replies

Quote:Silicon Valley: Experts keeping a close eye on Microsoft Corporation say that the first glimpse of Microsoft’s next and most advanced operating system “Windows 11” has been released, which has been hidden in a video.

This video, which was published by Microsoft on YouTube on June 10, 2021, is exactly eleven (11) minutes long, in which the music of the launch of various Windows operating systems can be heard in a very “slow-motion”.

In this video, at 10:33 (33rd second of the tenth minute) the Windows 10 logo appears with its shadow falling on the floor.

It is unknown at this time what he will do after leaving the post, but Microsoft has suggested that it may be renamed to “Windows 11”.

This is also being said because, regarding Windows, Microsoft has announced that its event will be held on June 24, at 11 pm US time.

Not only that, but in this video, the image on the floor from the window (Windows 10 logo) looks like “11”, which is probably a hint of Windows 11.

Regardless of the name, it is said that some features of the “Sun Valley” operating system project at Microsoft will also be part of this new operating system.

Rumors are circulating that in addition to the user interface and system fonts, the next Windows operating system will undergo a number of external and internal changes.

It may also have a battery usage feature that will tell you which application is using how much battery. This feature has been present in smartphones for years, but so far it has not been included in Windows operating systems.

The new operating system will be (expected) enabled to be used on desktops/laptops as well as tablets and smartphones with equal ease.

The website Digital Trends has even speculated that the new Windows will also have Android apps available that can be downloaded from the Microsoft Store.

It is also being said that users who have Windows 10 installed on their computers will have to pay some extra cost to upgrade their system and install Windows 11.

When will Windows 11 be available? It is unknown at this time what he will do after leaving the post. It is expected to be available to the public in the last quarter of this year.

It should be noted that so far all these things are only in the form of speculations and estimates made by people with special expertise in this field.

The exact situation will be known on June 24, the day that Microsoft will hold a special event on Windows.

Source : https://expertbeas.com/first-preview-of-windows-11/

Print this item

Information Chrome Browser Bug Under Active Attack
Posted by: silversurfer - 11 June 21, 11:17 - Forum: Privacy & Security News - No Replies

Quote:Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue.
In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the Chrome desktop browser.
“Google is aware that an exploit for CVE-2021-30551 exists in the wild,” wrote Chrome technical program manager Prudhvikumar Bommana in a Wednesday post. That exploit is identified as a type confusion bug within Google’s V8 open-source JavaScript and WebAssembly engine.

The confusion vulnerability is tied to the browser’s ActionScript Virtual Machine. “Usually, when a piece of code doesn’t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion,” according to a technical description of the bug.

The update coincides with the release of the Android Chrome browser to Chrome 91 (91.0.4472.101), also on Wednesday. While the desktop and mobile versions of the Chrome web browser share the same version number, it is unclear if the updated Android Chrome browser is impacted by the same vulnerabilities.

Read more: Chrome Browser Bug Under Active Attack | Threatpost

Print this item

Information Microsoft: Big Cryptomining Attacks Hit Kubeflow
Posted by: silversurfer - 11 June 21, 11:12 - Forum: Privacy & Security News - No Replies

Quote:Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency.
The Kubeflow open-source project is a popular framework for running machine learning (ML) tasks in Kubernetes, while TensorFlow is an end-to-end, open-source ML platform.
Given that the attack is still active, any new Kubernetes clusters that run Kubeflow could be compromised, according to Microsoft.
On Tuesday, Microsoft security researchers warned that toward the end of May, they saw a spike in deployments of TensorFlow pods on Kubernetes clusters – pods that are running legitimate TensorFlow images from the official Docker Hub account. But a closer look at the entry point of the pods revealed that their purpose is to mine cryptocurrency.
Yossi Weizman, senior security research software engineer at Microsoft’s Azure Security Center, said in a post on Tuesday that the “burst” of these malicious TensorFlow deployments was “simultaneous,” indicating that the attackers initially scanned the clusters, kept a list of potential targets, and then pulled the trigger on all of them at once.
Weizman explained that the attackers used two separate images: The first is the latest version of TensorFlow (tensorflow/tensorflow:latest) and the second is the latest version with GPU support (tensorflow/tensorflow:latest-gpu). The use of TensorFlow images in the cluster “makes a lot of sense,” Weizman said, given that “if the images in the cluster are monitored, usage of [a] legitimate image can prevent attackers from being discovered.”

Another reason why the attackers’ choice is understandable is that the TensorFlow image they chose is a convenient way to run GPU tasks using CUDA, which “allows the attacker to maximize the mining gains from the host,” he said. CUDA is a toolkit created by NVIDIA, used to develop, optimize and deploy GPU-accelerated apps.

Read more: Microsoft: Big Cryptomining Attacks Hit Kubeflow | Threatpost

Print this item

Information ‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoS Efforts
Posted by: silversurfer - 11 June 21, 11:09 - Forum: Privacy & Security News - No Replies

Quote:A distributed denial-of-service (DDoS) extortion group has blazed back on the cybercrime scene, this time under the name of “Fancy Lazarus.” It’s been launching a series of new attacks that may or may not have any teeth, researchers said.
The new name is a tongue-in-cheek combination of the Russia-linked Fancy Bear advanced persistent threat (APT) and North Korea’s Lazarus Group. The choice seems natural, given that the gang was last seen – including in a major campaign in October – purporting to be various APTs, including Armada CollectiveFancy Bear and Lazarus Group.
According to Proofpoint, this time around the gang has been sending threatening, targeted emails to various organizations, including those operating in the energy, financial, insurance, manufacturing, public utilities and retail sectors – asking for a two-Bitcoin (BTC) starting ransom (around $75,000) if companies want to avoid a crippling DDoS attack. The price doubles to four BTC after the deadline, and increases by one BTC each day after that. The targets are mostly located in the U.S.
While it’s hard to make a definitive correlation, the timing of some of the Fancy Lazarus campaigns correspond with high-profile ransomware attacks over the past six months, in terms of targeting the same vertical industries, according to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.
“These include utility, natural gas and manufacturing,” she told Threatpost. “This could be an attempt to ride the coattails of high-profile news stories and result in a higher likelihood of payment. Another trend we have seen over the past four months are a focus on sending these threats to financial institutions and large insurance providers.”

Read more: 'Fancy Lazarus' Cyberattackers Ramp up Ransom DDoSes | Threatpost

Print this item

Information JBS Paid $11M to REvil Gang Even After Restoring Operations
Posted by: silversurfer - 11 June 21, 11:08 - Forum: Privacy & Security News - No Replies

Quote:JBS Foods paid the equivalent of $11 million in ransom after a cyber-attack that forced the company to shut down some operations in the United States and Australia over the Memorial Day weekend.
The company made the payment to cybercriminals to ensure the protection of its data and mitigate any further damage to its customers, as it was paid even after the world’s largest meat distributor had managed to return most of the facilities affected back to full operational capacity, a company official said.
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

A group believed to be the REvil cyber gang hit several servers supporting North American and Australian IT systems of JBS Foods–a global provider of beef, chicken and pork with 245,000 employees operating on several continents–on the Sunday of Memorial Day weekend. The group later claimed in an interview on Telegram, however, that its original target was a Brazilian entity.
No company or customer data appears to have been exfiltrated during the attack, which the company largely resolved using redundant systems and encrypted backup servers, according to the statement. As of Tuesday, JBS said it had been able to resume shipping food from nearly all of its U.S. facilities and making progress in resuming plant operations in the U.S. and Australia.
The company’s decision to pay despite having the situation nearly under control came after consultation with internal IT professionals and third-party cybersecurity experts, according to the statement. Indeed, experts said that the attack could have had a ripple effect on could have a downstream effect on the food supply chain not only in Australia but also globally had it not been resolved quickly.

Read more: JBS Paid $11M to REvil Gang Even After Restoring Operations | Threatpost

Print this item

Lightbulb Avast Blog_Tips & Advices: What do security cameras know about you?
Posted by: harlan4096 - 11 June 21, 07:09 - Forum: Avast Blog News and Info - No Replies

[Image: WDTIKAM_security-cameras.jpg]

Are you being watched? Find out what data security cameras in your neighborhood collect about you and what they do with it.

When we talk about “surveillance culture” or the “surveillance economy” in the tech world, we’re usually talking about digital surveillance.

Tracking on social media. Cookies across the web. Data brokers creating “shadow profiles.” But this week on What Does the Internet Know About Me?, I want to take a closer look at what happens when old school video surveillance crosses wires with new school digital surveillance.

You’re probably aware of the fact that some of your neighbors have home surveillance cameras and systems. That’s nothing new, right? I’m pretty sure my parents even got one after our home was burglarized in the ‘90s. 

But the difference between those early home surveillance systems and the ones out there today is the fact that they’re hooked up to the internet. So let’s take a look at what security cameras in my neighborhood know about me.

What types of surveillance can you expect in your neighborhood?

Obviously every neighborhood is different and is going to have varying levels of surveillance. For example, if you live in public housing you can probably expect that your building has some level of security system that’s monitored by the government agency that lets your building. On the other hand, if you live in a neighborhood that’s primarily single family homes, you’re more likely to be watched by a variety of different private home security systems. And if you have shops in your neighborhood, you might also be surveilled by closed-circuit television (CCTV) cameras or other private security systems. Each of these presents a different potential privacy issue.

“The kind of internet-enabled video surveillance which is prevalent now can have increased privacy risks over more traditional CCTV approaches, because it is more widely adopted by private citizens and thus may appear in new contexts: Where you previously expected to be surveilled in a shop, do you now have to expect it in or outside your friends' homes?” Avast Chief Privacy Officer Shane McNamee says. “They’re also often set up in a way that involves the recordings being transmitted to and stored by third parties, on their servers, unlike traditional CCTV setups which normally stored recordings locally and for a limited time.”

If we’re looking just at private homes, the top 10 home security brands are:

Nest camera
  • Arlo
  • Google Nest
  • Amason Ring
  • Blink xt2 (blink for home)
  • Logitech
  • Reolink Argus 2
  • Netatmo Welcome
  • Vantrue N2 Pro
  • Canary Flex
  • YI Home Camera
And if we’re looking at businesses, the top five security camera brands for small businesses are, according to Google:
  • Arlo
  • Swann
  • Reolink
  • Panasonic
  • D-Link Vigilance
  • Google Nest
What data is collected about me by neighborhood security cameras? Where does it go?

Each brand collects different levels of data and does different things with them, so it’s going to be pretty difficult to figure out what exactly is being collected stored in any given neighborhood. For example, some of the popular home surveillance systems are owned by companies that are known to suck up data. (Ring, which is owned by Amazon, is the most obvious and well-known example of this.) Others don’t. It’s really going to vary from company to company.

All of the companies collect personal info about the owner of the device, both in order to provide the services they paid for and, in some cases, to put into their pool of data about users. They all also record and store video and audio recordings for a set amount of time, based on the owner’s preference.

In other words: It’s kind of impossible to know exactly what’s being recorded and stored about me by my neighbors’ security cameras.

Additionally, homeowners now post videos of package thieves and attempted home entry to hyperlocal social media sites like Nextdoor, sharing that information to an even broader audience than ever before. And when and if Amazon and other surveillance companies start incorporating facial recognition software into their products, the privacy implications will be massive.

If you live in the EU or the UK, another consideration is that cameras surveilling public spaces — i.e. anything beyond the homeowner’s property — might be subject to the GDPR. That means you might have rights to access and even delete that data. You can learn more about how GDPR applies to neighborhood surveillance here.

While most What Does the Internet Know About Me? posts end with me saying whether or not a product is worth the privacy tradeoffs, unfortunately I can’t do that here. None of us are in charge of what our neighbors record on or in front of their property — or what they do with those recordings. 

What you can do, however, is to start or continue advocating for better privacy regulation across the board, both digital and in person. Let your politicians know that this is an issue you care about and are willing to go to bat for. It’s the only way this type of thing is going to change. 
Continue Reading

Print this item

You have to register before you can post on our site.



Recent Posts
Hackers Steal FIFA 21 Source Code, Tools...
Hackers have breac...silversurfer — 07:23
Cyberpunk 2077 Hacked Data Circulating O...
Earlier this year,...silversurfer — 07:21
Baby Clothes Giant Carter’s Leaks 410K C...
Baby clothes retai...silversurfer — 07:18
Monumental Supply-Chain Attack on Airlin...
A monster cyberatt...silversurfer — 07:16
Ashampoo Snap 12: A ‘limited-comparativ...
Wow! such a great r...jasonX — 03:46

Today's Birthdays
avatar (27)horancos
Upcoming Birthdays
avatar (34)Tedscolo
avatar (41)brakasig
avatar (40)JamesReshy
avatar (42)Francisemefe
avatar (35)leoniDup
avatar (34)Patrizaancem
avatar (34)biobdam
avatar (35)storoBox
avatar (43)kinotHeemn
avatar (34)Ceballos1976
avatar (35)efynu

Online Staff
There are no staff members currently online.