Netflix starts testing games on TV following its new game controller mobile app

0
[ad_1]
Back in 2021, Netflix jumped into the gaming scene for mobile devices. Just recently, it sprang a surprise with a new app that transforms your iPhone into a game controller. The problem with using your smartphone as a controller was that the company’s games library was only available on IOS and Android, but this will change soon.Netflix is rolling out a limited beta test to a small number of users in Canada and the UK. The company’s goal is to make games playable on every device where users can use Netflix, including TVs, computers, and mobile. In the following few weeks, games on Netflix will also be available for beta test on supported browsers on PCs and Macs through netflix.com.

So, what’s on the testing menu? Right now, a pair of games: Oxenfree from Night School Studio and Molehew’s Mining Adventure, a game that’s all about snagging gems in an arcade setting. If you’re one of the lucky ones with beta access, you can grab the Netflix game controller app from the App Store and use your iPhone as the controller. The app isn’t out for Android users yet, but there’s a chance it could be coming soon.

According to Netflix, this trial run is all about putting its game streaming technology and controller to the test, so the company can fine-tune the user experience as time goes on. When it comes to gaming on your TV, Netflix is gearing up. Games will be available on various devices from Netflix’s partners like Amazon Fire TV Streaming Media Players, Chromecast with Google TV, LG TVs, Nvidia Shield TV, Roku devices and TVs, Samsung Smart TVs, and Walmart ONN.

More devices will be added gradually, and Netflix is determined to bring gaming on its platform to users all around the world. Right now, you can already dive into a bunch of games on the Netflix mobile app. This year, the streaming platform is adding 40 new mobile games to the mix. And that’s not all – it also says that it is cooking up 70 more titles in collaboration with its partners.


[ad_2]
Source link

Intel Patched Newly Reported Downfall Attack Affecting Its CPUs

0
[ad_1]

Google researchers recently reported a vulnerability in Intel CPUs leading to a new “Downfall” side-channel attack. The attack seems a predecessor for the previously discovered Meltdown and Fallout flaws, leaking data. Following the report, Intel released a microcode firmware update to fix the vulnerability.

Downfall Attack Threatens Intel CPUs

Security researcher Daniel Moghimi shared insights about a severe vulnerability affecting Intel CPUs. Exploiting this vulnerability enabled Moghimi to devise a new side-channel attack “Downfall” that triggers data leak.

The vulnerability, CVE-2022-40982, affects the Intel CPUs’ microarchitecture, causing information disclosure to an authenticated adversary. The flaw exists in the memory optimization features exposing internal vector register files during speculative execution.

Executing this attack requires using the Gather instruction; hence the researcher devised two techniques, Gather Data Sampling (GDS) and Gather Value Injection (GVI), to demonstrate the exploit.

Although, detecting the Downfall attack is theoretically possible if a detection system scans hardware performance counters for anomalies like cache misses. However, most existing antivirus software cannot detect Downfall attacks.

On the other hand, executing this attack is “highly practical” for an adversary with a shared physical processor core can execute the attack. The attacker may deploy malware to execute this attack and steal sensitive data, such as passwords and encryption keys.

The researcher has shared a detailed technical analysis of the vulnerability and the Downfall attack in a separate research paper. Whereas users may also visit the specific web page created for this attack to learn more about Downfall, and find the PoC on GitHub.

Intel Released A Fix

The Downfall attack affects a large number of Intel processors, making various computers and laptops vulnerable globally. Moghimi explained that the vulnerability existed since 2014, but remained under the radar. Specifically, the vulnerability impacts Intel Core processors from the 6th Skylake through the 11th Tiger Lake generation.

Following the researcher’s report in August 2022, Intel worked on developing a fix for the flaw. Consequently, a year after the initial disclosure, the tech giant released a patch with the latest firmware updates for all devices, alongside sharing a detailed list of vulnerable CPUs, urging users to update their systems. Besides, Intel has also published a detailed security guide in this regard.

Let us know your thoughts in the comments.


[ad_2]
Source link

New Gigabud Android RAT Bypasses 2FA, Targets Financial Orgs

0
[ad_1]
  • New Malware Variant: Gigabud introduces a fresh wave of sophisticated cyber danger.
  • Global Operation: Gigabud has targeted at least 25 companies, financial institutions, and government departments across several countries.
  • Bypasses 2FA: Gigabud malware can adeptly circumvent two-factor authentication (2FA).
  • Targets Financial Giants: Financial institutions face a growing threat from Gigabud’s focused attacks.
  • Gigabud family: Gigabud.Loan variant presents itself as a fake loan application, luring victims with promises of low-interest loans.
  • Emerging Cyber Risk: The rise of Gigabud underscores the evolving landscape of financial cyber threats.

A new banking trojan named Gigabud has emerged as a formidable adversary, posing a persistent danger to financial institutions worldwide. Originating as an Android Remote Access Trojan (RAT), Gigabud first came to the attention of security experts in September 2022 when it targeted a Thailand-based financial organization and its customers across the Asia-Pacific region.

Group-IB’s experts, in response to a customer’s request, undertook a comprehensive analysis of the malware to decode its intricate tactics. The defining feature of Gigabud is its cautious approach to executing malicious actions.

Unlike conventional malware that acts immediately upon infiltration, Gigabud waits for user authorization within the malicious application, a strategy that makes it notably elusive. Instead of relying on HTML overlay attacks, Gigabud employs screen recording to gather sensitive information, further complicating its detection.

One standout feature of Gigabud is its use of accessibility services, which allows it to perform actions on the victim’s device remotely. This capability, known as “TouchAction,” enables the attacker to perform gestures on the user’s device, giving them the power to evade defence mechanisms, including two-factor authentication (2FA).

Gigabud RAT has targeted at least 25 companies, financial institutions, and government departments across several countries, aiming to mimic their identities and deceive users.

Researchers also uncovered a parallel threat within the Gigabud family: Gigabud.Loan. This variant presents itself as a fake loan application, luring victims with promises of low-interest loans. Once users engage with the app, they are coerced into providing sensitive personal information, which can later be exploited by the threat actors.

Gigabud.Loan’s modus operandi involves impersonating fictional financial institutions from various countries, such as Thailand, Indonesia, and Peru.

The distribution strategy for both Gigabud.RAT and Gigabud.Loan centers around phishing websites. These websites are disseminated through tactics like “smishing,” where victims are sent misleading messages via instant messengers, SMS, or social networks, leading them to malicious links. In certain cases, the malware is even delivered directly through messages on platforms like WhatsApp.

Watch as Group-IB’s researchers looks into Gigabud RAT

Over the course of 2022 to 2023, Group-IB’s researchers detected over 400 Gigabud RAT samples and more than 20 Gigabud.Loan samples using advanced hunting techniques. 

To counteract the threat posed by Gigabud, Group-IB suggests a multi-pronged defence strategy. Organizations should prioritize proactive monitoring of user sessions, prioritize client education on safe online practices, and employ digital protection tools.

Users, in turn, are advised to exercise caution when clicking on links, refrain from downloading risky apps, and utilize reliable VPNs on public Wi-Fi networks.

  1. FakeTrade Android Malware Attack Steals Crypto Wallet Data
  2. Android banking malware distributed with fake Google reCAPTCHA
  3. New Android banking malware Xenomorph found in Play Store apps
  4. Experts concerned over emergence of Android banking trojan S.O.V.A.
  5. Iranian Stalkerware ‘Spyhide’ Steals Data from 60,000 Android Devices

[ad_2]
Source link

FBI warns against threat actors using beta apps to steal money

0
[ad_1]

Beta programs are an excellent way for developers to test their applications in real-world scenarios as it helps them identify and resolve bugs before a public release. However, according to a new report from the FBI, threat actors have started taking advantage of the relaxed security policies for beta apps to steal personal information and gain unauthorized access.

Taking advantage of Google’s relaxed security testing, threat actors design counterfeit beta apps that, at first glance, seem authentic. Once the app is up and running, the threat actors then send out phishing emails, luring unsuspecting victims to download the app embedded with malicious software. In some instances, cybercriminals even succeeded in persuading users to jailbreak their devices and permit installations from unofficial sources.

According to the report, the scam primarily focuses on cryptocurrency enthusiasts, luring them with promises of substantial investment returns via counterfeit trading apps. Upon downloading the app, the unsuspecting users are manipulated into sharing their online financial account credentials, under the impression that this information will be employed to oversee their investments. Unfortunately, the threat actors exploit this data to execute fund transfers.

How to spot such malicious apps?

To help people identify such beta apps, the FBI, in its report, has also highlighted the telltale signs of such malware on your device. These include rapid battery depletion, sluggish processing performance, and the abrupt appearance of unauthorized applications. Additionally, users should also be wary of installing apps from unfamiliar developers and always check user reviews, particularly those detailing excessive battery drainage or overheating concerns.

Moreover, in order to protect against cyberattacks, the FBI advocates refraining from clicking on suspicious links within emails, meticulously checking emails that prompt immediate action, and activating two-factor authentication (2FA).

However, should one, unfortunately, fall victim to such a scam, the FBI has established a system where victims can fill out a form, contributing to the broader endeavor of countering these cyber threats.


[ad_2]
Source link

The Zuckerberg and Elon fight experiences delay thanks to X’s CEO

0
[ad_1]

Ever since the news made its way to the internet, the Zuckerberg and Elon fight has gotten tons of attention. However, one party involved in this fight accuses the other party of delaying the showdown. Mark Zuckerberg, founder and CEO of Meta, has taken to his Threads page to point out Elon’s delay.

According to Zuckerberg, his opponent Elon Musk is yet to agree “on an actual date.” The CEO of Meta also says that he is and has always been ready for the fight. Regardless of how ready Meta’s CEO is, he needs to agree with his opponent on a date.

Because this fight is one that the tech world looks forward to, it’s not going to be a small brawl between friends. There are plans that the fight will stream live, although it’d still be friendly. For these reasons, there is a need for both parties to agree on a date when they’d meet in a cage and settle the months-long question of which of them is stronger.

Details on the supposed cage fight between Zuckerberg and Musk

Back in June, Elon Musk, CEO of X had a brilliant idea to challenge Zuckerberg to a fight. Both men have a major of training and experience in various forms of martial art. Elon had the idea that they both bring their various skills into a cage to determine who’s better fit in combat.

Lots of tech enthusiasts labeled this fight X versus Threads as the two platforms competing with one another. For a fight to hold, there must be a set date when contestants will tackle each other in the ring. This area is becoming a problem for the Zuckerberg and Musk fight, as both parties are yet to agree on a date.

Zuckerberg’s initial suggestion was that the fight takes place on August 26th, which is a few days away. This suggestion became public at the beginning of the month, with Musk kicking against it considering his recent minor surgery. According to X’s CEO, he needs to heal first before getting into the cage with Zuckerberg and showing off his strength.

Elon Musk also took to his Twitter account to share details on the fight. These details include how it’d be live-streamed, its overall style, and much more. According to him, the fight will be Roman-styled, which might sound like some gladiator event in a coliseum.

He goes on to tell the public that he has spoken with the PM of Italy and an epic location is ready. But the Cultural Minister of Italy says that the fight won’t take place in Rome, this points out some lack of planning. Regardless of all this, Musk takes to Twitter again to call out Zuckerberg, hence accepting his challenge.

Meta’s CEO, on his part, says he’s ready, as long as Elon is ready. Does Elon’s recent tweet mean that he’s no longer stalling the fight? Will the Zuckerberg and Elon fight take place on August 26th or at a later date? The answers to these questions will be available in the coming days.


[ad_2]
Source link

Amazon introduces AI-generated review summaries for mobile shoppers

0
[ad_1]
Shopping on Amazon has become a daily habit for some people, a go-to solution for last-minute gift seekers, and in general, a part of people’s lives. The Amazon mobile app has over 197 million monthly active users. If you’re one of them, you’re likely aware that product reviews often play a big role in whether you decide to make a purchase or not.Now, Amazon is rolling out an AI-generated review highlights feature (via Engadget), which, for now, will be available to “a subset of mobile shoppers in the U.S. across a broad selection of products.” The idea behind this new feature is to help customers quickly grasp the main themes from reviews, making it easier to decide if a product suits their needs.

This move makes sense, given that many products rack up hundreds of reviews, and most of us don’t have the time to sift through all of them. These AI-generated review summaries also highlight key insights about the product and make it simpler for customers to find reviews that mention specific attributes. For instance, if you’re wondering how easy a product is to use, you can find reviews mentioning “ease of use” by tapping on that attribute within the review summaries.

Amazon plans to expand this review highlights feature to more categories and customers in the next few months. However, one concern is whether AI can accurately distinguish between fake and genuine reviews, a problem that has plagued the platform for years. Amazon assures that it’s committed to investing significant resources to combat fake reviews.

The new AI-generated review highlights feature relies solely on Amazon’s reliable review collection from verified purchases. This ensures that customers can quickly grasp the community’s opinions without having to browse through all the reviews for a desired product.


[ad_2]
Source link

Hackers Use Weaponized PDFs and Chat Apps

0
[ad_1]

A malware campaign targeting the Ministries of Foreign Affairs of NATO-aligned countries was recently discovered, which used PDF files masquerading as a German Embassy email. One of the PDF files consists of Duke malware which was previously linked with a Russian-state-sponsored cyber espionage group, APT29.

APT29 was attributed to Russia’s Foreign Intelligence Service (SVR) and uses Zulip, an open-source chat application for command and control. This evades and hides the malicious network traffic behind legitimate traffic.

PDF with HTML Smuggling

Further investigations revealed that these two PDF files that are received through email consist of an invitation lure that targets diplomatic entities. The themes used for these documents have contents related to “Farewell to Ambassador of Germany” and “Day of German Unity”.

The first PDF document also contains an embedded JavaScript code for delivering the multi-staged payloads in HTML file format. When the victim opens the file after the warning from Adobe Acrobat, the code launches the malicious HTML file called “Invitation_Farewell_DE_EMB”.

Embedded HTML Smuggler (Source: EclecticIQ)

Through HTML Smuggling, a malicious HTML application file (HTA) is received, which is a widely used LOLBIN (Living Off the Land BINary). This HTA file acts as a standalone malware application that gets executed by the Windows HTA engine mshta.exe. This execution delivers the Duke malware variant.

Malware Delivery Stages (Source: EclecticIQ)

The other PDF document does not contain any malicious contents; instead, it sends a notification to the threat actor whether the attachment was opened.

Document
FREE Webinar

API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar

DLL Sideloading Abused to Execute Duke Variant Malware

The HTA file drops three executables on the directory C:\Windows\Tasks for DLL sideloading. The three files include 

  • AppVIsvSubsystems64.dll – This is a library loaded into msoev.exe for performing the execution without any failure.
  • Mso.dll – This is the Duke malware variant that is loaded into the msoev.exe through DLL Sideloading.
  • Msoev.exe – This is a signed Windows binary that automatically loads mso.dll and AppVIsvSubsystems64.dll when executed.

A complete report has been published, which provides detailed information on the malware campaign and the activities carried out.

Indicators of Compromise

PDF Lure:

Fc53c75289309ffb7f65a3513e7519eb
50f57a4a4bf2c4b504954a36d48c99e7

C2 Servers:

toyy[.]zulipchat[.]com
sgrhf[.]org[.]pk
edenparkweddings[.]com

Duke Malware Variant:

0be11b4f34ede748892ea49e473d82db
5e1389b494edc86e17ff1783ed6b9d37
d817f36361f7ac80aba95f98fe5d337d

MITRE ATT&CK Techniques

Spearphishing Attachment - T1566.001
DLL Side-Loading - T1574.002
HTML Smuggling - T1027.006
Embedded Payloads - T1027.009
Dynamic API Resolution - T1027.007
System Binary Proxy Execution: Mshta - T1218.005
Application Layer Protocol: Web Protocols - T1071.001
User Execution: Malicious File - T1204.002
Compromise Infrastructure: Web Services - T1584.006

Keep informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Google Keep text formatting get shown off in a new video

0
[ad_1]

Google Keep Notes is, as its name suggests, a notetaking app. It’s mostly meant to jot down simple notes and drawings, but the company has been planning on expanding its capabilities. The anticipated text formatting feature for Google Keep Notes was shown off in a short video.

Google Keep Notes is a really good notetaking application as is. You’re able to create both text-based notes and make drawings as well. The application lets you make checklists and upload images as well. Along with the mobile app, you can also use the web app if you want to use it on your computer.

The Google Keep Notes text formatting feature was shown in a video

This feature has been in the works for some time. We first started seeing strings for this feature hidden in the app last year. Now, we’re getting our first glimpse of the feature. @AssembleDebug (via 9To5Google) posted a video to X showing off how this feature’s going to look.

The text formatting tool sits in the toolbar right above the keyboard. It’s right next to the text color button, and when you tap it, it’ll open up its own toolbar with the options. The options won’t be robust, at least, that’s how it seems at the moment.

You’ll be able to create two sizes of sub-heading, and those are H1 and H2. This is for if you want to separate your notes into headings.

Next to those options, you have your basic bold, italics, and underline functions. These are self-explanatory, and you also have the strikethrough option. On the far right side of the toolbar, you’ll see a little “X” that will collapse the toolbar

Other than that, there aren’t any other formatting tools that you’ll be able to use. This is a bummer because you won’t be able to change the font of the text. That’d be a nice feature to have.


[ad_2]
Source link

A coming update will help fix some common Microsoft Teams mobile app flaws

0
[ad_1]

Microsoft Teams mobile app users around the world can now look forward to a fix they need. This fix has to do with how users of this mobile app join online meetings directly from their smartphones. Over the past few years, these users have had to endure the pain of joining online meetings in a rather complicated manner.

On mobile devices, users of Microsoft Teams had to endure joining through so many processes before joining a meeting. Unlike the experience on a Windows laptop or desktop, the Teams mobile app is no fun to use during meetings. The entire process on the mobile app is cumbersome and very tiring for most users.

However, Microsoft is working on an update that will fix the flaws users of their Teams mobile app face. Even though the update is still in its development phase, details on the benefits it’ll bring are already available. If you actively use the Microsoft Teams app, this article will inform you of the updates to expect and how they’d improve your experience.

Changes to come with the Microsoft Teams mobile app update aimed at fixing certain flaws

The major issue that this update aims to fix has to do with the joining of online meetings via the mobile app. In Microsoft’s recent 365 roadmap, the company outlines some of the changes that users of the Teams mobile app should expect. All major changes or improvements users will receive can be classified into three areas.

Each improvement will play a vital role in simplifying the meeting joining process via the Teams app. With the improvements, users of the Microsoft Teams mobile app will be able to join online meetings more freely. The update will also simplify the process of joining meetings online via the mobile app.

The first change Microsoft is bringing will help reduce the meeting joining process via the mobile app. This will improve speed while joining an online for users with smartphones and not Windows devices. To streamline this process, Microsoft will cut down on the steps necessary to join Teams meetings.

Microsoft will also give those joining the meetings without signing in to the 365 accounts preset and preview functions. This will enable them to set up their video and audio before entering the meeting room. Lastly, users with multiple accounts will now be able to switch from one account to another effortlessly.

These changes are all aimed at improving the overall user experience for Microsoft Teams mobile app users. The update to effect these changes will roll out for global users in October. Microsoft will provide this update to both Android and iOS users, enabling them to work more freely using their smartphones.


[ad_2]
Source link