[ad_2]
Source link
According to The Verge’s Tom Warren, Microsoft has already started testing the new touch controls, which seem to be similar to those on the company’s Xbox Cloud Gaming service.
Although using a Bluetooth controller with the Xbox mobile app offers a far better experience, there are many users who don’t own one, so adding touch controls provides them with a feature that they would otherwise not be able to use.
Credits – Tom Warren, The Verge
Even so, the report claims that the implementation of the touch controls by Microsoft is “surprisingly good,” which makes these a great alternative for those who already own a Bluetooth controller but want more convenience.
There’s no ETA at the moment, but touch controls will eventually be available for all users of Microsoft’s Xbox mobile apps. It’s important to add that the touch controls will work with nearly all games available on the platform, which feels like a great achievement.Cybersecurity specialists from the Ukrainian HUR (Main Intelligence Directorate of the Ministry of Defense of Ukraine) have claimed a successful cyber attack on IPL Consulting. They reportedly destroyed its entire IT infrastructure, resulting in communication outages across the country.
For your information, IPL Consulting is a Russian company that implements information systems in the local industry. As per HUR’s announcement on Facebook, the company is among the most advanced of all Russian enterprises facilitating information system implementation services to institutions in the automotive, aviation, heavy engineering, and defense sectors. Ukrainian intelligence reports that HUR specialists targeted dozens of its servers and databases.

IPL Consulting’s internal network was breached by hackers, resulting in the deletion of over 60 terabytes of data and the destruction of dozens of servers and databases. The full cost of damages remains unclear. According to HUR, the damage is particularly significant amidst ongoing sanctions pressure and affects numerous Russian companies operating in the defence sector.
Cyberattacks have become a common tool in the Russia-Ukraine war, with a devastating attack on telecom firm Kyivstar on December 12, 2023, resulting in widespread communication outages. The Russian hacker group Solntsepek, linked to Russia’s military intelligence agency, claimed responsibility for this attack. Ukrainian cyber specialists have also been quite aggressive on the digital front lately.
In a separate attack, a Ukrainian hacking group “Blackjack” infiltrated Russia’s Main Military Construction Directorate for Special Projects, downloading 1.2 TB of data, including technical documentation for over 500 military sites, confirmed HUR on its Telegram channel on January 19, 2024. The group also transmitted critical intelligence about Russian facilities to Ukrainian armed forces. The hackers temporarily disrupted the company’s operations.
Another cyberattack was launched against the Russian Far Eastern Research Center of Space Hydrometeorology “Planeta” in Khabarovsk on January 24, 2024, resulting in the destruction of 280 servers and the loss of 2 petabytes (2 million gigabytes) of data, valued at least $10 million. This attack is attributed to Volunteer Patriots from the BO Team group. Planeta is responsible for receiving/processing military satellite data.
According to HUR’s claim, hackers also managed to destroy weather and satellite data for various Russian agencies, including the Russian Ministry of Emergency Affairs, the Ministry of Defense, and Roscosmos. HUR states that the over $350,000 supercomputer cannot be restored, and given the Western sanctions on Russia, the country cannot obtain this software.
Moreover, they disrupted air conditioning, humidification systems, and emergency power supply regulations. The HUR also stated that the attack disconnected a Russian station in the Arctic, affecting strategic companies vital to defence and supporting Russian occupation forces.
The incident follows a previous incident in which the HUR collected 100 gigabytes of confidential, intelligence data valued at $1.5 billion, and belonging to Special Technology Center LLC, operating in Russia’s military-industrial complex.

Spotify CEO Eks blasts Apple on X
The executive added, “With our EU Apple install base in the 100 million range, this new tax on downloads and updates could skyrocket our customer acquisition costs, potentially increasing them tenfold. This as we have to pay on every install or update to our free or paid app, even for those who no longer use the service. So where does that leave us? Under the new terms, we cannot afford these fees if we want to be a profitable company, so our only option is to stick with the status quo. The very thing we’ve been fighting against for five years.”
But the new “core technology” fee is going to hurt smaller developers the most. Developer Steven Troughton-Smith notes that a free app that gets 2 million installs will have to pay $500,000 to Apple every year leading him to write on Mastodan, “I don’t think any app developer with free or freemium apps in their portfolio can accept Apple’s new business terms without the risk of being bankrupted. And as a result, that makes this specific implementation of the core technology fee unworkable.”
One developer who had a few hundred thousand installs last year told Gurman’s Power On newsletter that with the new fees, there is no incentive to make an app for the iPhone. However, developers can decide to stick with the current 15%-30% “Apple Tax” range if they promise not to use third-party payment platforms or get listed in third-party app stores. We’re pretty sure that Spotify’s Ek is thinking that the more things change, the more they stay the same, or get worse.
FortiGuard Labs’ latest research report reveals a concerning trend: threat actors are leveraging the Python Package Index (PyPI), an open repository for Python-developed software packages, to upload malware-infected packages. This exploitation of PyPI’s infrastructure poses significant risks to users.
FortiGuard Labs team recently identified a PyPI malware author, “WS,” uploading malicious packages to PyPI, estimating over 2000 potential victims. The identified packages, including nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111, show attack methodologies that resemble the attacks identified by Checkmarx in 2023.
These packages contain base64-encoded Python scripts, which are executed depending on the victim’s operating system. The packages deploy Whitesnake PE malware on Windows devices or a Python script to steal information from Linux devices.
What’s interesting in this scheme is that Python scripts are using a new method to transmit stolen data, using a range of IP addresses as the destination instead of a single fixed URL. This helps ensure successful data transmission even when one server fails.
Recently identified packages primarily target Windows users, whereas previous ones targeted both Linux and Windows users. The objective is to exfiltrate sensitive information from victims.
The Whitesnake PE payload is a Python-compiled executable created using the PyInstaller tool, displaying an incomplete script file ‘main.pyc’ and another file ‘addresses.py.’ This is rather suspicious. ‘Main.pyc’ is clandestine code that copies itself to the Windows startup folder for autorun, probes logical drives, and monitors the count of running instances.
It also retrieves clipboard contents and compares them against predefined cryptocurrency address patterns, prompting it to overwrite the clipboard with corresponding addresses from ‘addresses.py’, potentially deceiving victims into directing cryptocurrency transactions to an unexpected destination.
The payload, an encrypted.NET executable launches an invisible window right after its installation and adds itself to Windows Defender‘s exclusion list. It then creates a scheduled task to run every hour on the compromised device. The task connects a malicious IP to a client using “socket.io” and collects sensitive user data, including IP address and host credentials.
The payload captures wallet and browser data and sends it to a suspicious IP address via a remote server as a.zip file with multiple encryption layers, which the attacker extracts and exfiltrates. Debugging revealed strings that indicated information stolen from a wide range of devices, such as cryptocurrency services, applications, and browsers.
The research reveals how easily a single malware author can distribute multiple info-stealing packages into the PyPI library, highlighting the need for vigilance when using open-source packages.
“Information-stealing malware is an increasingly pertinent and pressing subject. Safeguarding against such persistent adversaries demands a strategic and forward-thinking approach to fortify your defences,” FortiGuard Labs researchers concluded.
Soap2day permanently shut down in June 2023 – While the official site and its major mirror sites closed down, it seems like some copycats or imitators have emerged using new domains to offer similar illegal streaming services.
Soap2day, the once-infamous haven for free movie and TV show streaming, met its apparent demise in June 2023. Legal pressure and a barrage of copyright infringement takedowns seemingly snuffed out the life of this unauthorized streaming giant. But just like a phoenix rising from the ashes, Soap2day has begun to flicker back to life under new guises, leaving users and authorities alike scratching their heads.
The original Soap2day was a hydra of sorts, with countless mirror sites popping up as fast as the old ones were shut down. This online game of whack-a-mole frustrated content creators and copyright holders for years. However, a coordinated takedown effort in mid-2023 seemed to deal a decisive blow, leaving behind a digital graveyard of dormant URLs.
But death, it seems, can be temporary in the ever-evolving web. New domains bearing the Soap2day name have started surfacing, offering the same illicit library of movies and TV shows.
These digital doppelgangers appear disconnected from the original operators, possibly opportunistic copycats eager to fill the void left in the streaming underworld. Some of these new domains, like Soap2day.rs, Soap2day.day, and Soap2day.store, are easily accessible through Google. They offer access to thousands of recently released content for free.

However, there is no such thing as a free lunch. Online streaming services are infamous for phishing users or even dropping malware through pop-up bombardment. The risks are far greater than the potential benefits, making it not worth it. Therefore, engaging with these copycat sites exposes users to a plethora of dangers, including:
So, why take the risk when a plethora of legal alternatives exist? Streaming platforms like Netflix, Hulu, and Disney+ offer vast libraries of content for a reasonable price. Additionally, numerous free, legal options like Tubi TV and Crackle provide access to movies and TV shows without compromising your security or wallet.
Here is a detailed list of legal and free online streaming services for movies and TV shows. Remember, using legal platforms not only ensures a safer and more reliable experience but also supports the entertainment industry and content creators.
The Soap2day saga highlights the ephemeral nature of illegal streaming sites. Their days are numbered, yet copycats will always appear, and the risks associated with them far outweigh the fleeting satisfaction of pirated content. Choose legal and safe alternatives, and enjoy your favourite shows and movies with peace of mind.

“As the leading European browser developer, we embrace the changes introduced through the DMA, aimed at fostering competition and offering users a more diverse selection of browsers on iOS. We intend to deliver on this with the AI-centric Opera One for iOS. Furthermore, we are excited to see the confirmation that Apple will also implement a browser choice screen for iOS, making it easier for users to choose their favorite browser as default also on their mobile devices,” said Jørgen Arnesen, EVP Mobile at Opera.
It’s hard to believe that Apple will implement these changes in regions around the globe other than the EU, but we’re allowed to dream. If you’re an iOS user and live in the EU, good things are headed your way. March can’t come soon enough.
Apple’s System Status support page tells you which of Apple’s features are not working correctly
And Apple’s subscription purchase feature also suffered from an outage Friday evening between 6:29 pm-7:42 pm EST. In this case, Apple noted that “Users may have experienced intermittent issues with this service.” The System Status support page says that Apple was able to resolve the outage.

After getting his iPhone stolen, the thief sends the victim a text asking him to disable the Find My app. DON’T DO IT!
The text continues with a request that the victim disable the Find My app on the stolen phone. That’s the one thing that you should never do if your phone is lost or stolen. Once that is done, the thief can change the Apple ID password, create a new passcode, reset Face ID, and get access to the passwords on all of your apps. The victim contacted Apple and the device was locked and wiped. The phone is now located somewhere in China but can only be sold to an unsuspecting person in the country.
More sensitive requests, such as disabling the Find My app, changing the Apple ID password, or resetting Face ID or Touch ID will require a one-hour pause so that the device owner can determine if his device has been stolen or is lost, and if it is, contact Apple to have the device locked. Even after the one-hour passes, Face ID or Touch ID must verify the ID of the device owner.
It is a well-known fact that cybercriminals have evolved over the years. The emergence of AI-powered malicious chatbots, such as WormGPT and FraudGPT, has enabled malicious threat actors to not only refine their skills but also consolidate all their malicious activities and tools into one, like a toolbox. Understanding these tools is the first step towards safeguarding yourself against their scams.
While cybercriminals create their toolbox, as a user you should also keep yourself ready for unsuspecting cyberattacks and keep a safety toolbox for your defence.
One major part of that toolbox should be a Virtual Private Network or VPN. Why? because this tool hides your real-time IP address and protects your online privacy from cyber criminals and state-backed threat actors. VPNs, like CyberGhost, encrypt your internet connection, shielding your online activities from prying eyes.
Additionally, employing two-factor authentication (2FA), such as Google Authenticator, Microsoft Authenticator, Okta, and Authy, adds an extra security layer, making it harder for fraudsters to gain unauthorized access to your accounts, even if they have your passwords. These tools, combined with regular updates and vigilance, are crucial in safeguarding against sophisticated scams.
Let’s dive into the tools commonly used by fraudsters, followed by the countermeasures you can employ to protect yourself.
Spoofing is a deceptive practice where fraudsters falsify information to appear as a legitimate entity. This can involve altering caller IDs or email addresses to mimic those of trusted organizations or individuals. The primary goal is to gain the victim’s trust, making them more susceptible to divulging sensitive information or granting access to their accounts.
Phishing is a widespread technique that involves sending fraudulent communications that appear to come from a reputable source. Typically executed through email, these messages aim to steal sensitive data such as login credentials, credit card numbers, or personal identification information. Phishers often use urgency or fear to bypass rational judgment.
Creating fake profiles on social media, dating websites, and other platforms is a common tool in a fraudster’s arsenal. These profiles are carefully crafted to appear genuine, often mimicking the identities of real individuals or organizations. The objective is to build trust with potential victims, eventually manipulating them into financial transactions or sharing confidential information.
Fraudsters frequently utilize stolen or altered images to bolster the credibility of their fake profiles or websites. Additionally, they might establish counterfeit entities, such as businesses or charities, to appear legitimate. These entities are used to facilitate various scams, including fraudulent sales, charity fraud, and investment scams.
The latest and ongoing incident involving deepfake images of Taylor Swift is just one example of the nightmarish scenarios that cybercriminals can create in your life.
Scammers use persuasive narratives and false claims to trick their victims. These may include threats of legal action, false claims of lottery winnings, or other deceptive propositions that require the victim to make payments or provide personal information.
Fraudsters often impersonate authority figures or institutions using fake names, credentials, and badge numbers. This tactic is designed to intimidate or convince the victim of the legitimacy of their requests, thereby facilitating the extraction of sensitive information or money.
The prevalence of unwanted pop-ups bombarding your screen is a key reason why adblockers have gained immense popularity. Pop-up warnings on computers are commonly used to spread malware or obtain personal information.
These pop-ups often carry false alerts about viruses or security breaches, prompting the user to take immediate action, which usually involves downloading harmful software or calling a fraudulent support number.
Automated calls, or robocalls, are used extensively by scammers to reach many potential victims efficiently. These calls might contain deceptive messages about unpaid taxes or lottery winnings or offer fake services, aiming to extract personal information or direct payments.
Lead lists are databases of individuals who have previously fallen for scams. Fraudsters trade and sell these lists, knowing that individuals scammed once are more likely to be targeted and tricked again.
A common tactic used by scammers is to demand secrecy from their victims. By insisting that the dealings remain confidential, fraudsters aim to isolate the victim and prevent them from seeking advice or help from others. They often employ a mix of charm, flattery, and threats to manipulate and control their targets.
Emotional manipulation involves fraudsters playing on the victim’s emotions to extract money or personal information. They may pretend to be in a romantic relationship, a distressed family member, or a charity representative. The fabricated scenarios often evoke strong emotional responses, compelling the victim to act impulsively.
Fraudsters often use search engine optimization techniques (SEO Poisoning) to promote their scam websites, making them appear legitimate and trustworthy in online searches. They also distribute malicious links through emails or messages, which lead to fraudulent websites or directly install malware when clicked.
Always verify the identity of callers, especially when they request personal information. If someone claims to be from a legitimate organization, hang up and contact the organization directly using a verified phone number to confirm their authenticity.
Exercise caution with email links and attachments, especially from unknown senders. Hover over email addresses and links to verify their authenticity. Be cautious of emails that use urgency or pressure tactics to gather personal information or payments.
Staying informed about common scam tactics and trends is essential. Regularly educating oneself and others about the latest fraud methods can significantly reduce the risk of falling victim to these scams. In simple terms, having cybersecurity knowledge for yourself and your employees is the master key to protecting against every known cyberattack to date.
Ensure your devices are protected with reliable and updated anti-virus software. This software is capable of detecting and preventing malware attacks, which are commonly used in various scams.
Pop-up or ad blockers can prevent malicious ads and links from appearing on your devices. These pop-ups often contain false claims or threats designed to trick users into downloading malware or revealing personal information.
If you are on Chrome browser, you can disable pop-ups from settings. > Chrome > Settings > Privacy and security > Site Settings > Pop-ups and redirects.
Avoid conducting sensitive transactions over public wi-fi networks. Always use secure, private networks for online banking, shopping, and other activities that require personal information.
Businesses should employ a variety of fraud detection tools to safeguard their operations. These include:
Keeping software and fraud detection tools up to date is crucial. Regularly updating your knowledge about new fraud tactics and protective measures can help you stay ahead of scammers.
Fraudsters are always changing their tactics, which makes it crucial for individuals and businesses to stay informed and alert. Understanding the tools used by fraudsters and implementing strong protective measures can significantly reduce the risk of falling victim to these sophisticated scams. Regular updates, continuous education, and employing advanced fraud detection tools are key to safeguarding against these threats.