Most Hackaday readers will be familiar with the idea of a network time server; a magical box nestled away in some distant data center that runs the Network Time Protocol (NTP) and allows us to conveniently synchronize the clocks in our computers and gadgets. Particularly eager clock watchers can actually rig up their own NTP server for their personal use, and if you’re a true time aficionado like [Cristiano Monteiro], you might be interested in the portable GPS-controlled time server he recently put together.
Kaseya is requiring customers affected by the massive REvil ransomware attack to sign non-disclosure agreements in order to obtain the decryption key, a move that could shroud the incident in further mystery. Although the decryption key will no doubt bring relief to some victims, others are stating that it will have minimal impact.
A new CNN report published on Friday revealed the non-disclosure agreements, citing several cybersecurity experts working with victims of the attack. The outlet notes that these agreements are not unusual in the cybersecurity industry, but that they could make it harder to understand how the attack occurred. The revelation is the latest step in Kaseya’s tight-lipped response since it announced it had obtained a “universal decryptor” from a “trusted third party” on Thursday.
The latest victim is the public telecom giant of Ecuador, CNT, that disclosed a cyber attack. Researchers suspect a ransomware incident possibly from the RansomEXX gang.
Ecuador’s CNT Suffered Cyber Attack Reportedly, the public telecommunication firm of Ecuador, Corporación Nacional de Telecomunicaciones (CNT EP) has suffered a security incident. CNT itself disclosed the cyber attack recently via a security notice on its website (snapshot below).
Rad Power Bikes‘ RadRover might be the most popular ebike in the US. In fact, according to the company, it’s ‘North America’s best-selling ebike,” and I see the fat-tire ebike all the time when riding around town.
Now the company has gone ahead and completely redesigned the bike, bringing a more premium design (and price) with the new RadRover 6 Plus.
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang.
Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to facilitate the intrusions, Bitdefender researchers said in a report published last week.
A sophisticated social engineering attack undertaken by an Iranian-state aligned actor targeted think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies (SOAS).
The Security Service of Ukraine (SSU) on Thursday reported that Ukrainian law enforcement has pulled the plug on a clandestine cryptocurrency mining farm in the city of Vinnytsia. The perpetrators had set up camp in an old warehouse and stealthily tapped into the city's power grid to mine cryptocurrency. Most interestingly, the miners were caught with a shocking number of Playstation 4's. And pretty much everything else, too.
The Ukrainian authorities reportedly seized up to 5,000 pieces of hardware, including over 500 graphics cards, 50 processors and 3,800 PlayStation 4 (PS4) consoles, all of which are in short supply in the U.S. and beyond, as well as other tidbits.
For Gareth Southgate, it had to be penalties. The England manager’s personal story has been shaped by his decisive shootout miss against Germany back in 1996 at this stadium in the semi-finals of this competition. Now, after 120 nerve-shredding minutes of England men’s first major final since the 1966 World Cup victory, when initial control gave way to a fraught struggle, it once again boiled to the ultimate test of nerve.
Southgate and his players have torn down so many psychological barriers over the past three years, reconnecting the team with the nation, beginning with the surge into the semi-finals of the 2018 World Cup in Russia. Back then, there was the victory in a shootout against Colombia in the last 16 – only England’s second such success in eight major tournament attempts; a major step forward.
Two long droughts ended on Saturday at the Copa América final. Argentina won their first major title since 1993 with a 1-0 win against Brazil in Rio de Janeiro and Lionel Messi finally lifted his first major trophy for the national team, filling in one of the biggest gaps in his decorated career.
“I needed to remove from myself the thorn of achieving something with the national team,” said the Argentina captain after raucous celebrations.
Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection.
"One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion," Sucuri Security Analyst, Ben Martin, said in a write-up. "These can later be downloaded using a simple GET request at a later date."
When you own crypto, what you really own is a private key that gives you access to your coins. You need to keep this key completely safe.
Ledger recently announced the launch of the Ledger Nano X. This new product is built around a new hardware architecture, while taking advantage of our versatile security Operating System BOLOS.
The company says it introduced the limit to improve battery life.
For the third time in its short history, OnePlus finds itself embroiled in a controversy over the performance of its phones. This week, AnandTech published a report in which it said it found the OnePlus 9 Pro and OnePlus 9 throttle the capabilities of their Snapdragon 888 processors when running popular apps like Chrome, Twitter and WhatsApp. AnandTech wasn't able to suss out a complete list of all the applications where the two phones limit their CPU output, but what's notable about the outlet's findings is that the OnePlus 9 Pro and OnePlus 9 don't throttle any benchmarking tools.
Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "mirai_ptea" that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks.
Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021.
The Mirai botnet, since emerging on the scene in 2016, has been linked to a string of large-scale DDoS attacks, including one against DNS service provider Dyn in October 2016, causing major internet platforms and services to remain inaccessible to users in Europe and North America.
Since then, numerous variants of Mirai have sprung up on the scene, in part due to the availability of its source code on the Internet. Mirai_ptea is no exception.
Not much has been disclosed about the security flaw in an attempt to prevent further exploitation, but the researchers said the KGUARD DVR firmware had vulnerable code prior to 2017 that enabled remote execution of system commands without authentication. At least approximately 3,000 devices exposed online are susceptible to the vulnerability.
Besides using Tor Proxy to communicate with the command-and-control (C2) server, an analysis of the mirai_ptea sample revealed extensive encryption of all sensitive resource information, which is decoded to establish a connection with the C2 server and retrieve attack commands for execution, including launching DDoS attacks.
"The geographic distribution of bot source IPs is [...] mainly concentrated in the United States, Korea and Brazil," the researchers noted, with infections reported across Europe, Asia, Australia, North and South America, and parts of Africa.
