Malware-as-a-service lets hackers steal your data for $10

A new (and cheap) service that offers hackers a straightforward method to set up a base where they manage and perform their cyber crimes has been discovered — and it’s gaining traction.

As reported by Bleeping Computer, security researchers unearthed a program called Dark Utilities, effectively providing a command and control (C2) center.

Getty Images

The service supports payloads for Windows, Linux, and Python. It also saves hackers from initiating and setting up a C2 communication channel. For reference, a C2 server is the central hub in managing the distribution of malware.

It also allows threat actors to administer commands, configurations/new payloads, and, most importantly, extract data from systems that have been breached.

The Dark Utilities platform operates as a “C2-as-a-service” (C2aaS). It’s presented as an anonymous C2 infrastructure, with prices starting as low as 9.99 euros, or a little over $10.

It’s certainly starting to gain momentum among underground hacking services, with Cisco Talos confirming it already boasts 3,000 active subscribers. As a result, whoever is behind the operation is netting around 30,000 euros in revenue.

Word of Dark Utilities’ existence materialized in the opening stages of 2022. It delivers a fully fledged C2 system that is compatible with both the famed Tor network and regular browsers. Payloads are found within the Interplanetary File System (IPFS), which acts as a decentralized network system that stores and shares data.

Researchers from Cisco Talos confirmed that after an operating system is chosen by the threat actor, it produces a command string that “threat actors are typically embedding into PowerShell or Bash scripts to facilitate the retrieval and execution of the payload on victim machines.”

The report also adds how the administrative panel for Dark Utilities features various options for different attacks, ranging from the standard distributed denial-of-service (DDoS) operations and crypto-jacking.

Bleeping Computer stresses that when considering the popularity it has attained within the span of a few months, coupled with an attractive price point, Dark Utilities is all but set to become an even more in-demand platform, especially for hackers who don’t have a lot of experience in cybercriminal activity.

The amount of activity related to hacking throughout 2022 is unprecedented, to say the least. With hackers constantly changing their methods and moving faster than ever when it comes to scanning possible vulnerabilities, it’s no surprise that cyberattacks have nearly doubled since last year.

Editors’ Choice

Repost: Original Source and Author Link


Hackers targeted AMD to steal huge 450GB of top-secret data

A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.

Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.

Stock Depot/Getty Images

As reported by Bleeping Computer and Tom’s Hardware, RansomHouse is not your regular hacking group that randomly targets whoever they can.

They have a more specific methodology — infiltrate a specific corporate network in order to extract any data it can obtain, after which a ransom demand is made if the victim doesn’t want it leaked or sold to others.

By providing updates over the past week via Telegram, RansomHouse stated it would soon make available for purchase tranches of data for a business that has three letters in its name, with the first letter being A.

As expected, on Monday, AMD was added to its website. It claims to be in possession of 450GB of data, but the exact details pertaining to what that contains remain unconfirmed.

Tom’s Hardware highlights how Restore Privacy reviewed the data published by the group — it found that it seemingly includes “network files, system information, as well as AMD passwords.” The website points out a caveat, though — whether the source of information has actually been extracted from AMD or one of its subcontractors is another question entirely.

In any case, RansomHouse said that AMD relied on extremely straightforward passwords such as, well, “password,” which is one of the ways it managed to gain access to its networks.

The semiconductor and GPU company’s network was compromised on January 5, 2022, according to the group’s statement.

However, RansomHouse told Bleeping Computer that its “partners” breached and gained access to AMD’s network around a year ago. January 5, 2022, is when the hackers ultimately lost that access.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

AMD was not contacted by the group as it prefers to sell the data due to the perceived high value. It says that among the 450GB of stolen data is research and financial information. Such data is currently being analyzed so they can calculate an exact monetary value.

“No, we haven’t reached out to AMD as our partners consider it to be a waste of time: it will be more worth it to sell the data rather than wait for AMD representatives to react with a lot of bureaucracy involved,” a RansomHouse representative told Bleeping Computer.

Although ransomware was reportedly not involved in the breach, a leaked CSV shows a list of over 70,000 devices that are seemingly connected to AMD’s internal network, in addition to a purported list of AMD corporate credentials. As well as ‘password’, other weak passwords that were reportedly used by AMD employees also included “P@ssw0rd,” “amd!23,” and “Welcome1.”

Nvidia, Microsoft, Facebook, and other large corporations were all infiltrated throughout 2022 by the hacking group LAPSUS$, who also claimed to have breached all these firms predominantly via weak passwords.

Editors’ Choice

Repost: Original Source and Author Link


Two SIM swappers phished a phone company so they could steal $16K in crypto

Twenty-year-old Kyell Bryan of Pennsylvania has pleaded guilty to aggravated identity theft for a SIM swapping and cryptocurrency theft scheme, according to the United States Attorney’s Office of the District of Maryland.

According to the initial indictment statement, in June 2019, Bryan, who was 19, conspired with Jordan K. Milleson, then 21, and others. The group engaged in phishing and vishing (voice phishing) to trick employees at an unnamed wireless operator into coughing up their login credentials.

As Brian Krebs reported when Bryan and Milleson were indicted, they were active participants of the OGUsers trading forum, which has spawned similar phishing attacks against Twitter and others, usually with the intent of stealing and trading social media handles. Leaked messages from OGUsers reveal that in 2019, Bryan asked another member for help crafting a site that would look like T-Mobile’s employee login page.

They used those credentials to conduct unauthorized SIM swaps, redirecting their target’s phone number to bypass the two-factor authentication process that is supposed to protect accounts. SIM swapping attacks are why AT&T faced a now-dismissed lawsuit alleging negligence for failing to stop them in 2018, and the method opened up a way to temporarily hijack Twitter CEO Jack Dorsey’s handle in 2019.

According to the prosecutors, after performing the swap, Bryan instructed Milleson to transfer cryptocurrency valued at $16,847.47 out of the victim’s account.

The scheming partnership turned into a mission to find Milleson’s true identity when Bryan and other accomplices suspected Milleson cheated them out of their share. After finding out his aliases and personal information from another co-conspirator, Bryan attempted to “swat” him at his home.

Bryan called the Baltimore County Police claiming he was at Milleson’s home address with a handgun, saying he’d shot his father and threatening to shoot himself. In the call, he threatened to shoot if confronted by police, attempting to set up the kind of dangerous encounter that has already killed some swatting victims.

BCPD didn’t find a gunman at the house, but officers spoke to Milleson’s relative, who told them about a phone call made earlier claiming that Milleson stole $20,000.

Milleson was sentenced to two years in federal prison and ordered to pay restitution of $34,329.01 in May.

Bryan is set to be sentenced in January 2022 and faces two years in federal prison following one year of supervised release. As part of his plea agreement, Bryan will be ordered to pay $16,847.47 in restitution.

Repost: Original Source and Author Link


OpenSea fixes vulnerabilities that could let hackers steal crypto with malicious NFTs

OpenSea has fixed vulnerabilities in its platform that could’ve let hackers steal someone’s crypto after sending them a maliciously crafted NFT. The issue was found by security firm Check Point Research, which noticed tweets from people claiming they were hacked after being gifted NFTs, according to a blog post. The researchers talked to one of the people saying they were attacked, and found vulnerabilities proving an attack could happen this way and reported the problems to OpenSea. The security firm says the NFT trading platform fixed the issue within an hour and worked with researchers to make sure the fix worked.

While the attackers potentially being able to drain entire wallets is certainly not a good look for OpenSea, it wasn’t a simple matter of just gifting someone an NFT — the exploit needed its target to click on a few prompts first, including one that might include transaction details. While being sent an NFT gift doesn’t require any interaction on your part, the malicious NFTs were harmless if they just sat unviewed in an OpenSea account.

The transfer confirmation message users may see while viewing an infected NFT.
Image: Check Point Research

The potentially dangerous situation occurs when viewing the image by itself (by, say, right-clicking on it and hitting “open in new tab”). For users with a crypto-wallet browser extension like MetaMask installed, it initiates a popup asking to connect to their wallet. If the target clicks yes, the attackers could snag the wallet’s information and trigger another popup asking to approve a transfer from the victim’s wallet to their own. If you’re not paying attention or didn’t realize what was going on and confirmed the transfer, you could wind up losing everything in your wallet.

OpenSea says in a statement that it hasn’t found any instances of someone actually carrying out that kind of attack — though it’s still unclear what happened to the people who say they were attacked. As far as I could find, there were only a few people talking about being hacked after receiving a gift NFT.

OpenSea says it’s working with third-party wallet providers to help people recognize malicious signature requests. Still, for the most part, standard internet safety rules apply — don’t click on things that seem out of the ordinary, and definitely don’t confirm any transaction requests unless you’re entirely sure it’s something you want to do.

While this particular attack required a lot of interaction (as well as at least some amount of inattention) from the target, it’s good to see Check Point’s confirmation that OpenSea has fixed it. It’s easy to imagine people new to NFTs potentially getting their wallets drained, and we’ve seen examples of bad actors and scammers in the crypto space. There are those who are willing to steal people’s Ethereum, pretend to be OpenSea support employees, or sell an almost certainly fake Banksy.

OpenSea also announced on Monday that it would hide gifted NFTs from an account’s page by default if they’re from unverified collections and add an option to suspend your account from buying or selling NFTs if you think your wallet has been compromised.

Repost: Original Source and Author Link


Fortnite alien parasites will steal your health and give you powers

Epic will soon release a new living object in Fortnite called alien parasites. As the name suggests, these creatures originate from the alien invasion and attach to players like parasites — but that’s not necessarily a bad thing. It seems these creatures will offer players certain abilities that can be useful depending on the situation.

Fortnite Chapter 2 – Season 7 kicked off with an alien invasion. Players got access to futuristic weapons and UFOs, plus there’s a giant mothership in the sky. That was only the start of this invasion, however, and Alien parasites are among the next big change. Players can expect to always find the parasites at the POIs with purple names, and there’s a greater than 50-percent chance they’ll also spawn at other random spots.

According to data-miner HYPEX, the parasites will appear as green eggs in the locations where they spawn. The creatures will emerge from the eggs if you walk near one, resulting in a swarm of purple parasites that want to be your ‘companions.’ If one attaches to you, you’ll sacrifice some health but gain ‘enhanced mobility.’

It’s unclear whether that is the only ability that will be offered by these parasites or if they’ll offer a variety of different boosts. Of course, you may not have enough health to sacrifice or may not need the ability, in which case you’ll be able to remove the parasite. The parasites will reportedly have 75 health, while the eggs will have 60 health.

HYPEX suggests that players may be able to pick up and throw the eggs, which would mean using them as a weapon against opponents who would lose some health. However, it’s unclear whether that feature will actually be made available or if that aspect of the alien parasites has been removed.

Repost: Original Source and Author Link


Hackers steal source code to ‘FIFA 2021’ and Frostbite engine from EA

Electronic Arts, the publisher of the Battlefield series and many other popular video game franchises, has been hacked. On multiple underground hacking forums, Motherboard found hackers claiming they had taken more than 780GB of data from the company. According to screenshots seen by the outlet, the trove includes the source code for FIFA 2021 and both the source code and tools for EA’s proprietary Frostbite game engine. Some of the other assets the hackers claim they took from the company include several software development kits. Those responsible are trying to sell the assets.

EA confirmed to Motherboard it was the victim of a data breach and that the data the publication saw online was what was stolen from it. “We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” a spokesperson for the company told the outlet. “No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”

We’ve reached out to EA for additional information.

EA isn’t the only video game publisher to get hacked this year. Following the buggy launch of Cyberpunk 2077, CD Projekt Red was hit by a ransomware attack. In that case, the hackers obtained and eventually sold the source code to the studio’s latest game. CD Projekt Red also blamed the hack for the delay in getting Cyberpunk’s 1.2 patch out. For now it appears EA is confident it won’t be affected in the same way. 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link


Laptop steal: This $529 Acer comes with Core i7 and a 512GB NVMe SSD

Sometimes it’s worth spending a little more on your laptop than simply settling for whatever low-power, low-cost notebook you can find—especially when you can pick up this much horsepower for this cheap. Walmart has cut the price of the 14-inch Acer Aspire 5 to just $529, nearly $100 off the $625 sticker price and a great deal for well-loaded Core i7 laptop.

It’s powered by the Core i7-8565U, a quad-core processor with eight threads, a base clock of 1.8GHz, and a boost clock to 4.6GHz. This processor came out in mid-2018, but it’s still a great mobile CPU with integrated Intel UHD 620 graphics. Those graphics drive the visuals on the 14.5-inch full HD (1920-by-1080 resolution) display.

Acer’s laptop packs 8GB of RAM, which is more than enough for a laptop like this. The onboard storage is also really nice. Instead of a spinning hard drive, it’s packing a 512GB SSD that uses the speedy NVMe protocol. In plain English, the Aspire 5’s storage should be much zippier than traditional hard drives and even many SATA III SSDs, the more commonly used storage interface.

For ports, it has features a single USB 3.1 gen 1 Type-C port, two standard USB 3.1 ports (one of which can charge items even when the laptop’s off), one USB 2.0, and an HDMI 2.0 connection. For connectively, it offers 802.11ac Wi-Fi and Bluetooth 5.0, and there’s an ethernet port for people who prefer wired connections.

While we haven’t reviewed this configuration of the Acer Aspire 5, it’s a very well-rounded laptop that should prove capable in most situations, modern gaming aside. It’s a steal for $529.

[Today’s deal: 14-inch Acer Aspire 5 for $529 at Walmart.]

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.

Ian is an independent writer based in Israel who has never met a tech subject he didn’t like. He primarily covers Windows, PC and gaming hardware, video and music streaming services, social networks, and browsers. When he’s not covering the news he’s working on how-to tips for PC users, or tuning his eGPU setup.

Repost: Original Source and Author Link


Microsoft’s discounting its new Surfaces for Black Friday, but HP’s $299 laptop may be the steal

Microsoft is already teasing its Black Friday deals, which include heavy discounts on the recently introduced Surface Pro 7 and Surface Laptop 3 PCs. Microsoft’s also clearing the decks of older hardware, so there are further deals to be had.

Several deals begin November 22. Specifically, Microsoft’s shaving 22 percent off the price of the Core i5/8GB/256GB version of the Surface Pro 7. Bundled with the Type Cover (which normally ships separately), it will cost $999, $330 off the regular price. The Core i5/8GB/128GB option with Type Cover will be $799, or $230 off. Microsoft’s also promising up to $300 off for the Surface Laptop 3 beginning November 22.

On November 28, Microsoft will offer $500 off the aging Surface Book 2. Even more interesting on that day will be Microsoft’s third-party discounts: It’s promising HP laptops with 10th-gen processors inside them for as little as $299.

Surface Book 2 Adam Patrick Murray/IDG

The Surface Book 2 is a fantastic laptop, though it’s a lot bulkier than some of Microsoft’s other models.

Discounts on Microsoft’s older hardware aren’t especially surprising, as the new products arise. Microsoft’s fun, portable, though underpowered Surface Go will be $150 off, starting at $299. (The Microsoft Surface Pro X is expected to replace it to some degree, as a connected, long-lasting device.) Microsoft’s Surface Book 2, a powerful, pricey workhorse of a laptop with discrete GPU options, may be refreshed early in 2020.  

Microsoft will also be offering two HP laptops for discounted prices, with some obvious shortcomings but also some intriguing benefits. Beginning November 28, Microsoft will offer the 10th-gen Core HP 15-dy1731ms (normally $490) for nearly 40 percent off at $299. The 10th-gen, Core i5-powered model of the same machine, the HP 15-dy1751ms, (normally $600) is also on sale for $399, a 34 percent discount. A Core i7 version will be $599.

Note the tradeoffs with these low-cost HPs. We’ve barely begun seeing 10th-gen notebooks in the market, and these Ice Lake notebooks will take advantage of all of the capabilities Intel brings to the platform, including improved wireless capabilities. The displays, however, stink: 1366×768 HD WLED, instead of the 1080p resolution that’s almost table stakes these days. If it’s any consolation, Ice Lake can absolutely output 1080p or more to an external monitor, provided you have one. And the low-resolution display will certainly help battery life. There’s a decent-sized 41Wh battery inside, which we’d guess would net you about 8 hours.

Microsoft is already selling the Dell XPS 15 7590, which includes a Core i7 from Intel’s short-lived 9th-gen family, for $300 off, or $1,699. That deal will continue through Black Friday. Microsoft also says that gaming PCs like the Lenovo Legion Y540 15, Asus ROG Strix G GL531GT and Acer Predator Triton 500 will be up to $400 off. 

Microsoft, which ditched its own Windows Mobile phones, is also selling the Samsung Galaxy Note 10 for $200 off beginning November 21, with free Galaxy Buds. 

Repost: Original Source and Author Link

Tech News

Five Android features I miss after switching to the iPhone 11 (and five I want to steal)

It’s that time of year again–when I get to test the latest iPhone against the best Android phones. There are three contenders this year: the Samsung Galaxy S10+, OnePlus 7T, and the upcoming Google Pixel 4–and it’s already shaping up to be a knock-down, drag-out fight even closer than last year’s (when the iPhone XR eked out a win).

Beyond the major categories like the camera, battery life, speed, and design that I’ll explore in depth, there are several smaller things I’ve noticed during the past week that set the iPhone apart, some of which I love and others that I miss from Android:

Features I miss from Android

Manual screen rotation

Few things are more annoying than when you’re lying in bed trying to read a story on your phone and your screen flips from portrait mode to landscape because you tilt your phone a little too much. Of course, the iPhone 11, like every other phone, includes a lock button that keeps your phone in whatever orientation you choose, but if you want to change it back, you need to go into the Control Center and tap the button.

android pie rotate screen IDG

On Android phones, you can manually rotate your screen even if you have orientation lock turned on.

Android 9 solved this problem. When you turn on orientation lock, your phone will still give you an option to switch temporarily if you need to turn your phone to watch a video or play a game. When you rotate your phone when orientation lock is on, a small icon will appear in the bottom right corner. Tap it, and your phone will rotate without needing to turn off orientation lock.

Control over notifications and a useful status bar

No phone has delivered a perfect system for receiving notifications, but the iPhone’s is much less perfect than Android’s. Even before you dive into the settings, the notification shade is far superior to Apple’s full-screen notification center, and the tiny icons that appear in the status bar are way more useful than Apple’s now-you-see-it-now-you-don’t approach. On my iPhone, I either have to turn on badges for everything or dutifully check the notification center, neither of which is an appealing option.

Android also offers far better control over when and which notifications appear. While it’s basically and on-or-off affair with iOS, on my Android phones, I get granular control over alerts via notification channels, smart grouping of silent notifications, and snoozing.

An app drawer

I’ve been banging this drum for as long as I’ve been using a smartphone. Apple still insists on littering home screens with every app you’ve ever downloaded, while Android let’s you keep as few as you want, tucking the others inside an app drawer accessible from the bottom of the screen. Why Apple refuses to make this an option is beyond my comprehension.

An always-on display

The feature I miss the most from Android is the always-on display. On nearly every Android phone, you can see the time, date, notifications, and other information even when the phone is off, thanks to a low-power, mostly black-and-white screen that stays on. I’ve lost count of how many times I’ve looked over at my iPhone in the middle of the night only to see a blank screen staring back at me. (In fact, I’ve started keeping an Android phone on my nightstand just so I can see the time.) Even if it sheds a little battery life, an always-on display is tops on the list of features I want to see in iOS 12.

Repost: Original Source and Author Link

Tech News

Chinese hackers are leveraging flaws in Microsoft Exchange Server to steal emails

Security researchers reported at least 30,000 organizations across the US have been hacked over the past few days by an unusually aggressive Chinese cyber-espionage unit focused on stealing email. The researchers say that many of the organizations targeted in the act include small businesses, cities, and local governments. The group of hackers is exploiting four newly-discovered flaws in Microsoft Exchange Server email software.

The hackers have been able to seed hundreds of thousands of victim organizations worldwide with tools to allow the hackers complete remote control over affected systems. Microsoft is attempting to combat the hackers and, on March 2, released emergency security updates that plugged four security holes in Exchange Server versions 2013 through 2019 being actively exploited. In the days following those security patches, security experts say that the Chinese cyber-espionage group has stepped up attacks on any vulnerable and unpatched Exchange server worldwide.

In each incident, the hackers left behind a web shell, an easy use and password-protected tool that can be accessed over the Internet from any browser. That web shell can give the hackers administrative access to the victim’s computer. According to two unnamed cybersecurity experts who have been part of briefings with US national security advisers, the hackers have seized control over hundreds of thousands of Microsoft Exchange Servers globally.

The group has targeted email systems in various industry sectors ranging from infectious disease researchers to law firms, defense contractors, and others. The attack was first discovered by a company called Volexity. The company says even those who patched their Exchange Server the same day the patches were published have a high likelihood of having a web shell on the server. The researchers say any company running Exchange that hasn’t patched yet is likely already compromised.

Repost: Original Source and Author Link