Fortnite just landed on Amazon Luna and Fire TV

andreasc
-
0
Fortnite just landed on Amazon Luna and Fire TV
[ad_1]

Despite not being available on iOS and Android, Fortnite still remains one of the most popular battle royale games on the market. It is still accessible on several platforms including game consoles, PCs, and certain cloud gaming platforms. According to Amazon, Fortnite is now available on Amazon Luna, Amazon Fire TV, and Fire tablets.

In case you don’t remember, Epic Games, the company behind Fortnite, pulled the game from the iOS and Android stores. This was because of the 30% fee that Epic Games had to pay each respective platform for hosting its app. This led to a messy legal battle and Fortnite being yanked off of both platforms.

However, the game still remains playable on mobile devices via GeForce Now, Nvidia’s cloud gaming service.

Fortnite is available on Amazon Luna, Fire TV, and Fire Tablets

According to a blog post from the company, you can play Fortnite using these platforms if you’re in the United States, Canada, Germany, or the UK. This is very convenient if you miss having Fortnite on your mobile device. It’s also great if you just want to play the game in general.

Amazon Luna, being a cloud gaming service, allows you to play games on a wide range of devices including PCs, MacBooks, Android tablets/iPads, and Android phones/iPhones. You can use it if you have the Chrome browser, Microsoft Edge, or Safari browser. You can see the full list of compatible devices here.

If you already have a Luna-compatible device, and you use it, then you’re all set to go. In order to play Fortnite on your Luna device, you will need to have a Luna Plus subscription. The plan costs $9.99/month, so it’s not too bad.

If you own an Amazon Fire TV device, you can also use that to play Fortnite. The game is compatible with Amazon Fire TV Sticks as old as the second generation, and Amazon Fire TV Cubes as old as the first generation. It’s also compatible with the third-generation Fire TV along with the Toshiba Fire TV, Insignia Fire TV, and several more. The full list is in the link above.

Also, you can also use fire tablets. It’s compatible with the Fire 7 (2019 or newer), Fire HD 8 (2018 or newer), and Fire HD 10 (2019 or newer) tablets. It’s available today if you want to get playing Fortnite as soon as possible.


[ad_2]
Source link

Google Accounts receives a major security feature today

andreasc
-
0
Google Accounts receives a major security feature today
[ad_1]

Google Accounts already have a few layers of security features meant to protect accounts from multiple types of online attacks. Today, the search giant launched a brand-new security feature, which seems to be the most powerful ever supported by Google Accounts: passkeys.

Passkeys aren’t just an almost foolproof protection method for those using Google Accounts, but a very convenient way to sign in. If you’re not familiar with the term, passkeys have been around for a while, and they represent an alternative to passwords. Passkeys are used to sign in to apps and websites and are not just much easier to use than passwords, but also more secure.

Basically, passkeys work the same way as many of the unlocking options that we now have available on just about every smartphone: fingerprint, face scan, or screen lock PIN. Instead of using a password, passkeys allow you to sign in to apps and websites using any of the methods mentioned.

As you can imagine, passkeys are safer than passwords because they’re resistant to online attacks, including phishing. They’re even more secure than SMS one-time codes.

Google announced that it’s now rolling out support for passkeys across Google Accounts on all major platforms, including Android and iOS. These will not replace current sign in options, but they will be available as an additional option that users can take advantage of.

Passkeys aren’t enabled by default, so you’ll have to set them up via your Google Account settings. As far as Google Workspace accounts go, administrators will soon have the option to enable passkeys for their end-users during sign-in for, the company confirmed earlier today.

The passwordless sign-in experience is certainly something more convenient and more secure than anything Google Accounts offer currently. Considering that most smartphones these days come with a fingerprint sensor or face unlock support, just about anyone will be able to use the new security feature.


[ad_2]
Source link

A CISO’s guide to cloud security

andreasc
-
0
A CISO’s guide to cloud security
[ad_1]

To secure enterprise assets in the cloud, CISOs must address several challenges previously unseen in traditional IT and on-premises data centers. This whitepaper explores the key strategies to secure your enterprise cloud infrastructure from cyber threats. 

Cloud migration has many benefits, including virtual storage and virtual network support. However, cloud storage and infrastructure also adds complexity to network security. Unique cloud dynamics require future-proof solutions in order to ensure they are adequately protected. 

Cloud security has far-reaching implications for organizational success. A cloud security maturity model can help business leaders to benchmark and assess their organization’s security evolution. Securing cloud infrastructure can have a number of enterprise-wide positive effects including reducing security risks, lowering your security budget and reducing the likelihood of a cyber security incident.

Download this whitepaper to learn:

  • How to transform cloud security challenges into business opportunities. 
  • Where your organization fits into the cloud security maturity model. 
  • The six cloud security strategies to harden your enterprise cloud infrastructure. 

[ad_2]
Source link

Malware Campaigns Abusing Telegram Bots to Spread Rapidly

andreasc
-
0
Malware Campaigns Abusing Telegram Bots to Spread Rapidly
[ad_1]
Malware Telegram Bots

Numerous updates and alterations were witnessed in the major malware families employed in phishing scams during the first quarter of 2023, alongside significant variations in TTPs.

The Cofense Intelligence team has recently published Active Threat Reports, which provide insights into the latest malicious email threats. At the same time, all these reports are based on their thorough observations and analysis of the threats.

During the first quarter (Q1), a substantial increase has been observed in Active Threat Reports, with a 20% increase compared to the previous quarter and a 34% increase compared to Q1 of the previous year.

Malware Campaigns Abusing Telegram Bots

During Q1 of 2023, there has been a significant surge in evasive, malicious campaigns that exploit Telegram bots

The volume of these attacks has increased dramatically, surpassing the volume of Q4 2022 by a staggering 397% and exceeding the entire volume of attacks witnessed in 2022 by 310%.

The volume of credential phishing attacks observed in the current quarter has been highly unstable and witnessed a sharp rise of 527%. 

Compared to the same period last year (Q1 2022), the overall increase in credential phishing attacks is significant, amounting to a rise of 40%.

Despite the significant volume of dissemination, Emotet failed to reach inboxes as frequently as Qakbot, making Qakbot the most successful malware family in terms of reaching inboxes. 

In fact, Qakbot reached inboxes 185% more often than Emotet during the period under observation. During Q1, threat actors have been observed experimenting with various combinations of delivery mechanisms. 

The notable thing is the increased usage of OneNote files as a common delivery mechanism for threats. This indicates threat actors’ continued efforts to refine their methods and evade detection.

The inclusion of YouTube in the list of Top 10 .com domains being exploited by threat actors came as a surprise. 

These actors were observed using open redirects on youtube.com to direct victims toward phishing pages, which is a cause for concern.

Cofense Intelligence conducts a quarterly analysis of credential phishing emails that successfully bypass Secure Email Gateways (SEGs) and reach users’ environments.

This analysis is crucial in identifying the latest tactics and techniques employed by threat actors and helps organizations to protect their users from phishing attacks better.

EHA

Building Your Malware Defense Strategy – Download Free E-Book


[ad_2]
Source link

Twitter may let you add pictures to your long tweets

andreasc
-
0
Twitter may let you add pictures to your long tweets
[ad_1]

As turbulent as things are with Twitter Blue and its perks, we can’t say that the platform is not adding more features to the subscription service. Not too long ago, Twitter increased the character limit to a whopping 10,000 per tweet. Now, according to a new report, Twitter may eventually let you add pictures in the middle of your long tweets.

Twitter has been increasing the current limit for tweets over the past several years, but it really exploded in just the past year. After Elon Musk took over, the character limit jumped up from 280 to 4,000 characters. After that, it increased again to 10,000 characters. Why write a hot take when you can write a full article?

Not only that, but Twitter also allows Blue users to use bold and italic fonts for their tweets. This all lets people add a lot more personality to their tweets rather than having to cut them short. While all the drama is still going on with the blue check mark, this is at least a little bit of good news.

Twitter may let you add pictures in the middle of your long tweets

This information comes to us from Jane Manchun Wong on Twitter. The tweet has a screenshot of a tweet actively being written. In it, we see a couple of images being pasted directly into the tweet with text in between them.

So, your tweets will probably resemble actual blog posts rather than short thoughts. Looking at the interface itself, it almost appears to have been taken from a computer rather than a smartphone. We’ll have to wait and see if that’s the case. If so, then this feature may be available to desktop users before mobile users.

On the bottom right-hand corner of the top image, we see the edit icon, which means that you will also be able to edit your pictures just like with regular tweets.

Right now, there’s no telling when or if this feature will ever make it to the public. Twitter is currently operating with a heavily diminished crew and with a ton of drama overhead. We will just have to wait and see what happens


[ad_2]
Source link

New Atomic macOS malware can steal your iCloud Keychain passwords

andreasc
-
0
New Atomic macOS malware can steal your iCloud Keychain passwords
[ad_1]

MacOS is generally regarded as a more secure operating system when compared to Windows, thanks in part due to Apple’s stringent control over installing third-party apps and other safety measures. However, a new report from Cyble Research & Intelligence Labs suggests otherwise, as threat actors are now selling a new malware called ‘Atomic’ or ‘AMOS’ through private telegram channels for a monthly subscription of $1,000.

The report describes Atomic as a sophisticated malware packaged in a DMG file containing a 64-bit Go-based program. And for the price, subscribers also get a set of comprehensive tools to steal information from the victim. These tools include a ready-to-use web panel for managing victims, a MetaMask brute-forcer, a cryptocurrency checker, a DMG installer, and the ability to receive stolen logs on Telegram.

How does the malware work?

Once installed and executed, the malware displays a fake password prompt on the victim’s Mac to obtain the system password and gain privileges on the machine. Then it extracts the Keychain password and proceeds to steal information from cryptocurrency wallets, wallet extensions, web browsers, system information, and files stored on the Desktop. After gathering all the information, the malware zips the stolen data and sends it to the threat actor’s command and control server.

Moreover, to make matters worse, many antivirus engines did not flag Atomic as malware, emphasizing the need for improved detection methods for macOS malware, and threat actors are also updating the malware regularly to evade detection.

How to stay protected?

To keep your Mac protected from malware, it is essential to take some necessary precautions, including not downloading apps or software from third-party app stores, using strong passwords and 2FA, enabling biometric security features such as TouchID, not opening suspicious links in emails, keeping devices up to date, and using good antivirus software. As macOS gains more popularity, it’s now more important than ever for users to stay vigilant.

atomic macos stealer malware list


[ad_2]
Source link

Card Skimmers and ATMs Used to Drain EBT Accounts in SoCal

andreasc
-
0
Card Skimmers and ATMs Used to Drain EBT Accounts in SoCal
[ad_1]

Thirteen people have been arrested for allegedly stealing millions of dollars from low-income Southern California residents, according to the Los Angeles Police Department.

The suspects are accused of using card skimmers and ATMs to drain electronic benefit transfer (EBT) accounts, which are used to pay for food through the Supplemental Nutrition Assistance Program (SNAP).

The police department received a community tip on April 25 about fraud and identity theft suspects residing at a Van Nuys motel on the 4700 block of Sepulveda Boulevard. Following a search warrant, authorities recovered skimming devices, card readers, a large number of false identification cards and documents, and $36,062 in cash.

Investigators believe that the suspects may be part of a Romanian syndicate known to “target persons experiencing economic hardship for their EBT cards.” The group allegedly stole millions of dollars every month from Californians with EBT accounts.

According to LAPD’s press release, the investigation is ongoing. However, this is not the first time such a crime has been committed in the area. Back in March 2023, 15 suspected Romanian nationals were also arrested for stealing over $38 million from low-income SoCal families.

The suspects stole funds disbursed through CalWORKs and CalFresh programs using cloned EBT cards from skimming devices at ATMs.

  1. Life is cheap on Dark Web where your entire identity is for sale
  2. Man convicted for identity theft fraud against US Military veterans
  3. Ex-army admin jailed for 12 years over US military health data theft

[ad_2]
Source link

New BGP Protocol Flaws Let Attackers Trigger DoS Attacks

andreasc
-
0
New BGP Protocol Flaws Let Attackers Trigger DoS Attacks
[ad_1]
New BGP Protocol Flaws

Forescout Vedere Labs recently highlighted the neglected BGP security aspect – software implementation vulnerabilities.

FRRouting’s BGP message parsing vulnerabilities discovered by Forescout Vedere Labs could enable attackers to trigger a DoS state on susceptible BGP peers.

Major networking vendors depend on software suites that implement BGP, which are widely used online. 

What is BGP?

The internet’s primary routing protocol is BGP, and large data centers frequently use BGP for internal traffic routing, while BGP extensions like MP-BGP are extensively implemented for MPLS L3 VPNs.

Organizations should avoid relying solely on their Internet Service Providers (ISPs) to ensure BGP security. It appears that attackers can still exploit easily accessible vulnerabilities in current BGP implementations.

By enabling the exchange of routing and reachability information, BGP facilitates the interaction of autonomous systems (ASes), which are sets of leased IP addresses allocated to organizations by registrars for a specific period.

A BGP failure may make an AS unreachable, as others cannot route packets. A threat actor may abuse a BGP setting to reroute network traffic in an unintentional direction.

Vulnerabilities

An analysis was conducted by security analysts using both manual analysis methods and fuzzing techniques to assess the following seven popular BGP implementations:-

  • FRRouting (Open-source)
  • BIRD (Open-source)
  • OpenBGPd (Open-source) 
  • Mikrotik RouterOS (Closed-source)
  • Juniper JunOS (Closed-source)
  • Cisco IOS (Closed-source)
  • Arista EOS (Closed-source)

Analysts discovered three previously unknown vulnerabilities in Free Range Routing (FRRouting) version 8.4, released November 7th, 2022.

Here below, we have mentioned the complete flaw profile of the detected vulnerabilities:-

  • CVE ID: CVE-2022-40302
  • Description: Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option.
  • CVSSv3.1: 6.5
  • Potential Impact: DoS
  • CVE ID: CVE-2022-40318
  • Description: Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option. This is a different issue from CVE-2022-40302.
  • CVSSv3.1: 6.5
  • Potential Impact: DoS
  • CVE ID: CVE-2022-43681
  • Description: Out-of-bounds read when processing a malformed BGP OPEN message that abruptly ends with the option length octet (or the option length word, in case of OPEN with extended option lengths message).
  • CVSSv3.1: 6.5
  • Potential Impact: DoS

In 2016, FRRouting was created by developers from multiple commercial organizations by forking Quagga, another open-source project. FRRouting is now employed by major vendors, including nVidia Cumulus, and utilized by large organizations like:-

  • PayPal
  • Yahoo
  • Dutch National Police

While apart from this, Amazon supports DENT, and Microsoft supports SONiC, which is employed in some routers from Juniper.

In the case of repeated sending of malformed packets, the DoS condition can last indefinitely. Almost 1,000 of the 330,000 internet-enabled hosts with BGP enabled to respond to uninvited BGP OPEN messages.

It should be noted that most of the BGP hosts reside in the following countries:-

EHA
  • China (close to 100,000)
  • The US (50,000)
  • The UK (16,000)

A new open-source tool has been released (https://github.com/Forescout/bgp_boofuzzer/) by cybersecurity researchers for organizations to assess the security of their internally used BGP suites. Further, this tool can be used to discover new vulnerabilities in BGP implementations by cybersecurity researchers.

There are several scripts available with the tool to demonstrate how it can be used for testing the vulnerabilities found and testing the concept cases for:-

  • BGP OPEN
  • UPDATE
  • ROTE REFRESH
  • NOTIFICATION messages

Recommendation

Patching network infrastructure devices frequently is the most effective recommendation to minimize the risks associated with vulnerable BGP implementations like the ones discovered in FRRouting.

Maintaining an updated asset inventory that monitors the networking devices and software versions running on them is crucial to achieving this objective.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus


[ad_2]
Source link

Twitter allows free access to its API for critical use cases

andreasc
-
0
Twitter allows free access to its API for critical use cases
[ad_1]

Twitter has restored free access to its API for some public institutions. The company says verified government and publicly-owned services that use the tool for critical purposes such as weather alerts, transport updates, and emergency notifications will get free access to it. “One of the most important use cases for the Twitter API has always been public utility,” the social network said in a tweet announcing this policy change. It blocked free API access for all in early April.

Twitter restores free API access for some public institutions

Twitter has undergone numerous changes since Elon Musk took over the company in October last year. Mont notably, the social network removed legacy verified checkmarks and blocked free access to its API. Both of these changes took effect last month, though the firm has been preparing for it for a long time. It abruptly blocked several third-party Twitter clients in mid-January citing API rules. The company said developers would need to pay for API access.

The paid version of Twitter API was supposed to arrive in February but was delayed until late March. The firm eventually launched three tiers, including a Free tier. However, the new free version offers very little. It is limited to “write-only use cases and testing the Twitter API”. It allows a maximum of 1,500 tweets per month and one app ID. The $100 per month “Basic” tier, meanwhile, is ideal for “hobbyists or prototypes,” Twitter said. It also comes with fixed caps on tweets.

Finally, for “businesses and scaled commercial projects,” Twitter offers an “Enterprise” tier of its API with varying monthly subscription plans. Depending on the individual use case, it can cost tens of thousands of dollars. A week or so after launching the paid version, the company blocked access to the existing free version of its API. Unsurprisingly, the cost of the Enterprise tier was too much for some developers, forcing them to shut down their projects. The Free and Basic tiers, meanwhile, didn’t offer enough resources to keep them alive.

While Twitter won’t backtrack on this decision, it has shown leniency for public institutions. Services that use its API for communicating emergency information and other critical purposes would get back free access. But for everyone else, it’s a choice between paying the company or stopping using its full API suite. Microsoft has already refused to pay and removed Twitter from its social media tool for advertisers.


[ad_2]
Source link

Dimensity 9200+ could be the most powerful Android SoC yet

andreasc
-
0
Dimensity 9200+ could be the most powerful Android SoC yet
[ad_1]

MediaTek is all set to launch a new flagship smartphone chipset next week. The Dimensity 9200+ will debut on May 10 as an overclocked version of last year’s Dimensity 9200, filling in the gap until the company comes up with its next-gen solution Dimensity 9300 later this year. Ahead of its unveiling, an alleged Geekbench score sheet of the new chipset has surfaced online revealing that it will be the most powerful processor for Android. It comfortably outperformed the current leader, Qualcomm’s Snapdragon 8 Gen 2 launched in November last year.

The Dimensity 9200+ scored 2,121 points in the single-core test and 5,655 points in the multi-core test on Geekbench 6. As GSMArena puts it, these scores are “considerably more” than what the Snapdragon 8 Gen 2 has achieved so far. The latter’s highest single-core and multi-core score’s on Geekbench are 1,992 and 5,641, respectively. It achieved those scores with ASUS’ upcoming gaming smartphone ROG Phone 7 Ultimate. The device had the performance X Mode turned on, which pushes the CPU to its limit to ensure smooth gaming performance.

The new MediaTek chipset, on the other hand, managed to beat the latest Qualcomm processor in standard mode with no performance boost at the CPU level. The Geekbench 6 score sheet of the Dimensity 9200+ is from a Vivo smartphone. It is probably the Vivo X90s or the Vivo X90s Pro. There are rumors of the Chinese firm working on a couple of new models in the X90 series with the upcoming MediaTek processor. ASUS may also launch a Dimensity 9200+ variant of the ROG Phone 7 Ultimate.

Dimensity 9200+ rumored specs

As said earlier, the Dimensity 9200+ will be a minor upgrade over last year’s Dimensity 9200. However, unlike in the past, MediaTek appears to be raising the CPU frequency across the board instead of just making the prime CPU core faster. The Cortex-X3 prime core reportedly operates at 3.35GHz on the new chipset, up from 3.05GHz. Likewise, the three Cortex-A715 performance cores get a frequency boost from 2.85GHz to 3.0GHz. The clock speed of the four Cortex-A510 efficiency cores is not known (1.8GHz on the Dimensity 9200).

Based on this Geekbench run, the Dimensity 9200+ is all set to reign the Android processor space for at least a few months as there’s no competition in the market. Rumors are that Qualcomm won’t launch a Snapdragon 8+ Gen 2 this year. It will go straight to the Gen 3 solution, which may arrive in late October 2023 with a clock speed of up to 3.7GHz. MediaTek will also launch the Dimensity 9300 around the same time. It remains to be seen which chip behemoth comes out on top.

Dimensity 9200 Geekbench 6 score


[ad_2]
Source link
1...1,2521,2531,254...1,452Page 1,253 of 1,452