Latest Tech News

Scammers are planting malicious advertisements in the Microsoft Edge news feed, according to new research from antivirus and VPN provider Malwarebytes.

In a blog post by its threat intelligence team, the company claims that the scheme, set up to “direct victims to tech support scam pages”, has been in motion for at least two months.

This particular scam operation has been particularly effective because of Microsoft Edge’s news feed doubling as the web browser’s homepage, increasing the chances that users may be lured by “shocking or bizarre stories” that have been placed there by attackers.

Fake news in Microsoft Edge

Once a user has clicked on a false news story, a script is run to decide if a user should be targeted by the scam. According to Malwarebytes, the script aims to filter out “bots, VPNs, and geolocations that are not of interest,” and that these machines are instead sent to a harmless decoy page.

“This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers”, wrote Malwarebytes, in reference to the scourge of malvertising, whereby threat actors serve up fake advertisements to users in order to compromise their devices.

The scam operation relies on an ever-changing list of malicious domains served up by DigitalOcean’s cloud-based web hosting infrastructure, making the threat difficult to stamp out completely. Malwarebytes claimed that, over the course of 24 hours, over 200 different hostnames were being used to scam tech support pages.

It also noted the considerable efforts to obscure identifying information (known as fingerprinting) about servers and devices involved in the campaign.

The company did, however, connect one of the collected domains, previously reported as suspicious, to Sumit Kalra, listed as a director for “Mws Software Services Private Limited”, a Delhi-based company working in “Computer and related activities”.

It also linked Kalra to a number of other domains involved with this particular campaign, which Malwarebytes has said is “one of the biggest we are seeing in terms of telemetry noise”. 

TechRadar Pro has asked Kalra, Mws Software Services Private Limited, and Microsoft for comment.

Default browsers and malvertising

Microsoft Edge is the default web browser on Windows 10 and 11, making it a prime target for scammers looking to target the largest number of unsuspecting users who are less aware of what measures they can take to stay secure online.

Users looking to protect themselves from fake tech support scams and other threat actors may wish to install one of the best free VPNs, consider an anonymous web browser, or simply change their Microsoft Edge homepage from the default news feed.

They should also maintain a healthy skepticism when interacting with content from an unfamiliar or disreputable source. If a news story sounds too good to be true, thinking twice before clicking on it can go a long way.

READ MORE

 > Check out our picks for the best browsers with a built-in VPN

> Opera launches Pro tier for its built-in browser VPN

> You could soon control your VPN through Microsoft Edge

Clicking on a fake advertisement can result in a device being infected with malware. But scammers sometimes just want users to believe they’ve been infected, and follow through with what the page is requesting of them. This may be to call a certain phone number, or send money to an unknown actor - the latter being a form of ransomware. 

To stay safe, users should also be vigilant about the pages making these requests. Usually, it’s antivirus software, not a web browser, that reports on threats to a device’s security. 

• Here's a list of the best VPNs for PCs

from TechRadar - All the latest technology news https://ift.tt/NyPipXE

How to Get Word, Excel and PowerPoint Without a Microsoft 365 Subscription - CNET

These classic Microsoft programs are available at no cost, as long as you stay online.

from CNET https://ift.tt/7X8m0ZA

Apple Arcade: Every Game and Update Coming in September - CNET

Here's what's on Apple Arcade's lineup for September.

from CNET https://ift.tt/9SiTu0y

Latest Tech News

A new report have revealed JavaScript is no longer top dog when it comes to the world’s most popular programming languages. 

CircleCI's 2022 State of Software Delivery report found that TypeScript has now overtaken JavaScript to the number one position, toppling one of the biggest names in the industry.

The company says the change is likely down to its developer-friendly features, like allowing them to catch smaller errors locally and to commit working code more frequently compared with JavaScript.

Top programming languages

From 2019 to 2021, only Python remained consistent in its popularity according to the report, which places the language at fourth place. Other top-ten languages include HTML, Java, and PHP.

Further down the list, HashiCorp (HCL) has entered the top-ten list, coming in at a respectable ninth place, leading the way for both HTML and Swift trailing one and two places behind respectively.

Read more

> We've rounded up the best laptops for programming

> Google thinks its new programming language can topple C++

> Meta developers will be asked to program almost exclusively in these four programming languages

“Elite software delivery teams are adopting developer-friendly tools and practices that allow them to automate, scale, and successfully embrace change when necessary," CircleCI VP of Platform Michael Stahnke noted.

“High performers are gravitating toward tools that encourage collaboration, repeatability, and productivity.”

The analysis delved into other areas of programmer’s workflow, too, uncovering four key benchmarks that define some of the most successful engineering teams. They include workflow durations averaging between five and 10 minutes, recoveries from failed runs fixed or reverted within one hour, at least 90% success rate for the default branch of their application, and regular deployment as per business requirements, at a minimum of once daily.

• This is the best monitor for programming

from TechRadar - All the latest technology news https://ift.tt/vMfnqQG

Turn Your Old Android or iPhone Into a Security Camera With This Free Hack - CNET

Don't throw away that old phone. You can turn it into a security camera for free.

from CNET https://ift.tt/XFYkUA1

Sorry, That's Not a Cute Cat You're Seeing in NASA Mars Rover Image - CNET

Meow on Mars? Not so fast.

from CNET https://ift.tt/pioMS1E

Latest Tech News

Thursday, September 15 marks the kickoff of the seventh year of Game Devs of Color Expo, which is a weekend-long event that celebrates games developed by game developers of color from around the world.

You can watch the hour-long direct, which highlights some of the many titles that are featured on the official page, on both YouTube and Twitch. And be sure to check out the Gradient Convergence page, which not only has ongoing sales of previously released games but will showcase devs livestreaming their games starting Thursday, September 15 through Monday, September 19.

The expo highlights a number of titles that star and feature POC and their cultures, animals, or fantastic monsters, many of which are sure to be some of the best PC games out there. And if you’re a ticketed viewer, you can view panels, interviews, and talks from game devs and featured speakers on various topics ranging from storytelling to business and more.

Tickets can still be purchased on the official GDoCExpo page, and you can view the full schedule of events and more here.

The importance of events like Game Devs of Color Expo 

As mentioned before, 2022 marks seven years of Game Devs of Color Expo, an event meant to highlight games created by game developers of color that would otherwise be ignored.

Since then, it’s grown to also host talks, interviews, and panels led by POC in order to educate others on the realities of indie development as well as host discussions on storytelling and character development from POCs' point of view. 

There’s even an award ceremony, where at least $90,000 in development grants will be awarded, including the $15,000 Made in NY Grant and the Game Devs of Color Expo Grant. The latter of which will go to three developers of color, each receiving $25,000.

Game Devs of Color Expo has become such a valuable and vital event that gives POC the media exposure and funding that they never would have received in such a white-centric industry. And hopefully, it can continue to grow and help even more developers of color in the future, and continue to set a precedent for a more equitable gaming industry future.

from TechRadar - All the latest technology news https://ift.tt/XfwO7kP

Nintendo Switch Sports' Free Golf Update Now Coming This Holiday - CNET

The next free update for the Wii Sports successor has been delayed slightly.

from CNET https://ift.tt/LRmdKwM

Latest Tech News

There is a security flaw in Microsoft Teams that allows threat actors to log into other people’s accounts, even if those accounts are protected with multi-factor authentication, researchers have claimed.

Cybersecurity analysts from Vectra say the Teams desktop application for Windows, Linux, and Mac, stores user authentication tokens in cleartext, without any locks guarding the access. Anyone with local access to a system with Teams installed can steal these tokens and use them to log into the accounts. 

"This attack does not require special permissions or advanced malware to get away with major internal damage," Vectra’s Connor Peoples said - Microsoft, on the other hand, says the whole deal is blown out of proportion and it is not interested in addressing the issue at this time.

Active tokens

The problem lies in the fact that Microsoft Teams is an Electron app, running in a browser windows. As Electron does not come with support for encryption, or protected file locations by default, it is somewhat easier to use, but also risky on the data protection side of things. Deeper analysis uncovered that the tokens were not stored in error, or as part of a previous data dump. 

"Upon review, it was determined that these access tokens were active and not an accidental dump of a previous error. These access tokens gave us access to the Outlook and Skype APIs,” Vectra explained. What’s more, the “cookies” folder also held tokens, account information, session data, and other valuable information. 

But Microsoft played the whole thing down, saying it isn’t that severe and that it doesn’t meet the criteria for patching.

In a statement sent to BleepingComputer, Microsoft said “The technique described does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network. We appreciate Vectra Protect’s partnership in identifying and responsibly disclosing this issue and will consider addressing in a future product release.”

Read more

> This brutal hacking tool could steal virtually all of your logins

> Best authenticator apps today: add an extra layer of online security

> These are the best VoIP headsets right now

Vectra, on the other hand, disagrees, and to prove its point, it developed an exploit that abuses an API call, allowing a user to send messages to themselves. By reading the cookies database through SQLite engine, the exploit was able to receive the authentication tokens in a message. 

If you’re worried about your business having its tokens snatched, you should switch to the browser version of the Teams client, Vectra suggests. Linux users should migrate to a different collaboration platform, as well. 

• These are the best VoIP solutions right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/ELhyK7Q

Best Game Pass and Xbox Live Deals - CNET

The best places to get an Xbox gaming subscription at a bargain.

from CNET https://ift.tt/cQPrOqe

Best TV Streaming Service Deals - CNET

Take advantage of savings from HBO Max, Hulu, Paramount Plus and more with these streaming service discounts.

from CNET https://ift.tt/6tuwY0l

2022 Emmy Awards: The Complete List of Winners - CNET

Succession, Ted Lasso and The White Lotus picked up major awards on Monday night. Here's the full list of 74th Emmy Award winners.

from CNET https://ift.tt/gTeWj2H

Latest Tech News

A zero-day vulnerability found in a premium WordPress plugin is being actively exploited in the wild, researchers are saying, urging users to remove it from their websites until a patch is released.

WordPress security plugin makers WordFence uncovered a flaw in WPGateway, a premium plugin helping admins manage other WordPress plugins and themes from a single dashboard.

According to the researchers, the flaw is tracked as CVE-2022-3180, and carries a severity score of 9.8. It allows threat actors to create an admin user on the platform, meaning they’d have the ability to take over the entire website if they so pleased. 

Millions of attacks

"Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator," said Ram Gall, Wordfence researcher.

Wordfence added it successfully blocked more than 4.6 million attacks, against more than 280,000 sites, in the last month, alone. That also means that the number of attacked (and possibly compromised) websites is probably much, much larger. 

A patch for the flaw is not yet available, the researchers said, and there is no workaround. The only way to stay safe, for the time being, is to remove the plugin from the website altogether, and wait for the patch to arrive, researchers stressed. 

Webmasters looking for indicators of compromise should check their sites for admin accounts named “rangex”. Furthermore, they should look for requests to "//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1" in the access logs, as that is a sign of an attempted breach. This sign, however, doesn’t necessarily mean it was successful.

Read more

> WordPress plugin exposes half a million sites to attack

> Yet another WordPress plugin puts hundreds of thousands of sites at risk

> These are the best WordPress Plugins right now

Other details are scarce for the moment, given the fact that the flaw is being actively exploited, and that the fix is not yet available. 

WordPress is the world’s most popular website builder, and as such, is under constant attack by cybercriminals. While the platform itself is generally considered safe, its plugins, of which there are hundreds of thousands, are often the weak link that leads to compromise.

• Here are the best managed WordPress hosting providers today

Via: The Hacker News

from TechRadar - All the latest technology news https://ift.tt/knNzjPS

Nintendo Switch Sports' Free Golf Update Now Coming This Holiday - CNET

The game's next free update has been delayed slightly.

from CNET https://ift.tt/FOnYeTH

Latest Tech News

The Linux Foundation has announced plans to form a new entity, the OpenWallet Foundation (OWF), which will provide the basis for companies to create digital wallets on an open source platform.

“The mission of the OWF is to develop a secure, multi-purpose open source engine anyone can use to build interoperable wallets," the organization explained.

“The OWF aims to set best practices for digital wallet technology through collaboration on open source code for use as a starting point for anyone who strives to build interoperable, secure, and privacy-protecting wallets.”

Linux OpenWallet Foundation

The idea behind the OWF is not to create a wallet to rival the likes of Apple Wallet and Google Wallet, but rather to create a “multi-purpose open source engine anyone can use to build interoperable wallets”, which the foundation sees being utilized for things like secure payments and digital keys.

Companies will then be able to leverage the work of the OWF and develop their own digital wallets, which the Linux body says will enhance interoperability, security, and privacy.

Read more

> The best Linux distros for developers

> Meta is handing over its PyTorch AI platform to the Linux Foundation

> The kids are ditching their physical wallets in favor of mobile payments 

Linux Foundation Executive Director Jim Zemllin said in a statement that “digital wallets will play a critical role for digital societies”, thus the work of the OWF could prove valuable to ensuring a more level playing field in years to come.

Moving forward, Global Metaverse Continuum Business Group & Blockchain Lead at Accenture, David Treat, believes that “universal digital wallet infrastructure will create the ability to carry tokenized identity, money, and objects from place to place in the digital world.”

Meanwhile, Pramod Varma, Chief Architect at Aadhaar & India Stack, sees “verifiable credentials… becoming an essential digital empowerment tool for billions of people and small entities”, which emphasizes the standardization work that the OWF hopes to carry out.

The body’s goal is to launch the new entity later in 2022, and interest to collaborate can be expressed on the OpenWallet Foundation website.

• These are the best laptops for programming and the best Linux laptops

from TechRadar - All the latest technology news https://ift.tt/x7EkNj9