Latest Tech News

Cybersecurity researchers have discovered a new malware strain that infects Windows and Linux endpoints of all sizes and uses them for distributed denial of service (DDoS) attacks and cryptocurrency mining.

Experts from Lumen's Black Lotus Labs say the malware is written in Chinese and uses China-based command & control (C2) infrastructure.

They called it Chaos, and say it is built on Go. It is able to infect all kinds of devices, from those running on x86 infrastructure, to certain ARM-based devices. In a nutshell, everything from home routers to enterprise servers is at risk. Apparently, Chaos is the next iteration of the Kaiji malware, another strain that was able to mine cryptocurrencies and launch DDoS attacks. 

Kaiji returns

"Based upon our analysis of the functions within the more than 100 samples we analyzed for this report, we assess Chaos is the next iteration of the Kaiji botnet," they said. It expands by looking for known, unpatched vulnerabilities, as well as SSH brute-force attacks. 

What’s more, it can use stolen SSH keys to infect an even greater number of endpoints. 

Read more

> A fearsome new botnet is rapidly gaining momentum

> This is the most powerful botnet ever seen

> Here are the best ransomware protection tools around

Whoever the threat actors are, they’re not limiting themselves to a specific industry, though: "Using Lumen global network visibility, Black Lotus Labs enumerated the C2s and targets of several distinct Chaos clusters, including a successful compromise of a GitLab server and a spate of recent DDoS attacks targeting the gaming, financial services and technology, and media and entertainment industries – as well as DDoS-as-a-service providers and a cryptocurrency exchange," the researchers said.

"While the botnet infrastructure today is comparatively smaller than some of the leading DDoS malware families, Chaos has demonstrated rapid growth in the last few months."

When it comes to geographies, though, Chaos does seem to have a preference. Even though there are bots everywhere, from the Americas, to the Asia-Pacific region (APAC), most of its victims are based in Europe. 

• Check out the best firewalls right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/WEdQlXv

Amazon Alexa: 5 Hidden Features You've Gotta Try on Your Echo - CNET

You know Alexa can play music and give you the weather, but how about finding your phone or guarding your home?

from CNET https://ift.tt/dFsuHgy

M&M's Debuts Purple Candy, Its First New Color in 10 Years - CNET

"I'm just gonna be me," the new female peanut M&M declares in a promo video.

from CNET https://ift.tt/ExIlV6N

Hidden Perks of Amazon Prime Make It Much More Than a Delivery Service - CNET

Amazon's subscription service provides a bevy of benefits beyond expedited shipping.

from CNET https://ift.tt/G1tu7JV

Latest Tech News

Cybercriminals have been observed using SEO poisoning to distribute a new malware loader which tries to infect the target endpoint with a dozen malware families.

Researchers from Kaspersky discovered that for many people, typing the keyword “software crack” into Google brings up multiple websites distributing this new malware loader, some of which have even made it to the famed first page of the search results. The loader in question is called “NullMixer”, and is designed for the Windows operating system and apparently, it installs all kinds of password stealers, viruses, backdoors, banking trojans, crypto miners, you name it. The only thing seemingly missing is ransomware.

Among the malware families installed this way are Redline Stealer, Danabot, Raccoon Stealer, Vidar Stealer, SmokeLoader, PrivateLoader, ColdStealer, Fabookie, PseudoManuscrypt, and others.

Baiting with cracks

The attackers chose “software crack” as their main keyword, researchers believe, due to the fact that people looking for cracks will usually ignore warnings coming from their antivirus programs and install the executable files anyway. 

According to Kaspersky, NullMixer has so far tried to infect more than 47,000 endpoints protected by its security solutions. The victims were located all over the world, including the U.S., Germany, France, Italy, India, Russia, Brazil, Turkey, and Egypt. 

Read more

> Here's another good reason never to use cracked software

> Here's another excellent reason not to pirate your software

> These are the best antivirus tools out there

The researchers were also baffled by the number of malware families being installed via NullMixer. It’s not exactly subtle. Devices that fall victim to this attack will become significantly slower, have windows popping up for no reason, and will showcase numerous other symptoms of infection. Kaspersky suspects that NullMixer could actually be a demonstration, showing other malware operators what it’s capable of doing, until one decides to use it for their own distribution efforts.

As things stand now, the best way to eliminate NullMixer from a compromised device is via a Windows reinstall.

• Check out the best firewalls right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/LW3Ofxw

Amazon Reveals All-New Fire Devices video - CNET

At an Amazon event, the company shows off all new Fire TV devices, including the Fire TV Cube, Remote Pro and Fire TV Omni QLED.

from CNET https://ift.tt/uGWNCVJ

Latest Tech News

Google has announced a bunch of changes to its core search functionality, focusing on making searching the web a quicker and more convenient process, and more besides.

Announced at its Search On conference, All of these changes will be rolling out in the US down the line, and the first major introduction is that shortcuts to various tools are going to be brought in, nestling right underneath the search bar.

These are things like an icon for translating text with the camera, or identifying a tune by humming it, or indeed to help with a homework problem via the camera – common tasks that you might need, and can now be very swiftly accessed with a tap on the relevant shortcut.

In this case, the feature is coming to the Google app for iOS in the US (English language) to begin with, and a wider rollout will doubtless follow.

In terms of making core search quicker and more intuitive, Google is ushering in topic options that appear directly below the search box as you type a query. The example Google gives is someone typing a search for ‘best Mexico cities’, and after having entered that text, a bunch of suggestions for finishing the query pop up – such as ‘for families’, ‘for expats’, ‘to retire’, and so forth. These are the most likely options you’ll need, and will hopefully allow you to quickly finish your query with a simple tap.

Again, this feature will launch in the US (in English) to begin with, in the “coming months” Google informs us, and the same is true of the remaining capabilities we’re about to explore.

Next up are the details surfaced by a search, which again in Google’s example of searching for a city will now prominently include visual stories and the likes of video clips from folks who have visited that particular place. The emphasis is on imparting more practical info such as tips on getting around the city, how to travel there, or what to do during your stay, rather than just, say, historical or geographical facts for example (not that you won’t still receive some of that as results).

After a search, suggestion buttons will also pop up below the search box pointing to further topics you might want to explore, such as the beaches of that city you’re going to visit – and you simply tap these, and dive down even deeper into further suggestions if required.

Finally, Google tells us it’s revamping the way search results are presented to “better reflect the ways people explore topics”, meaning that as you scroll down, related topics will be highlighted. Sticking with the city example provided, those subjects include the likes of results pertaining to the local cuisine and recipes, musical traditions, art, and so forth.

---

Analysis: Some chunky changes to move with the times

The broad thrust here, then, is to make searching easier and quicker as we mentioned at the outset, and to surface more practical content and advice – with the likes of videos from folks who have visited a place – as well as making it as simple as possible to see and explore all manner of related topics.

In some corners of the web in more recent times, we’ve noticed complaint threads about how Google isn’t what it used to be when it comes to the quality of search results, and so perhaps the company felt it was time to start changing things up – in a pretty big way. There’s certainly a fresh take on search here with all these different elements, so it’s going to be interesting to see how this plays out when we actually get to use the new search; and of course what the reaction is from those who have become more skeptical about Google.

Google is about as old a veteran of the web as you’ll find, and mustn’t fail to move with the times. So when there’s chatter about youngsters hitting up TikTok to discover things rather than Google search, that must be, well, maybe not a threat to Google, but certainly something which is a bit of a worry and should be paid attention to.

When other regions outside the US will get these changes, we don’t know, but seeing as they’re down as arriving in the “coming months” in the States, it sounds like it’ll be a slow rollout, particularly in global terms.

from TechRadar - All the latest technology news https://ift.tt/wzESI38

Target's Deal Days Sale Kicks Off Oct. 6 With 3 Days of Discounts Ahead of Amazon's Next Sale - CNET

Amazon's Prime Early Access Sale (or second Prime Day) kicks off on Oct. 11 -- but Target is looking to get a head start this year.

from CNET https://ift.tt/SGa5o4m

Latest Tech News

Almost a hundred apps across the Android and iOS ecosystems have been discovered engaging in advertising fraud, researchers have claimed.

The apps, 80 of which were built for Android, and nine for iOS, have more than 13 million downloads between them, and include games, screensavers, camera apps, and more - some with more than a million downloads. 

Research from cybersecurity firm HUMAN Security found that by targeting advertising software development kits (SDK), the unknown threat actors were able to compromise these apps for their own personal benefit, in multiple ways: by pretending to be apps they’re not; by rendering ads in places where users wouldn’t be able to see them; and by faking clicks and taps (keeping track of real ad interactions and faking them later).

Evolution of Poseidon

The campaign, which HUMAN dubbed Scylla, is still ongoing, meaning at least some of the apps are still up and running. “These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla,” the researchers say. 

The Charybdis operation the researchers mention is an older campaign, out of which Scylla evolved. Charybdis itself evolved from an even older campaign, called Poseidon, leading the researchers to conclude that the threat actors are actively developing these apps and that new variants are bound to appear. 

HUMAN says it “worked closely” with both Google and Apple to have all of the identified malicious apps removed from the respective app repositories. 

Read more

> This PDF reader app has a million downloads on the Play Store - but it's just adware

> Millions of us are using malicious browser extensions without realizing

> We've rounded up the best privacy tools and anonymous browsers

However, that doesn’t mean the threat is completely gone - users who have downloaded these apps in the meantime are still vulnerable, and will remain so until they remove them from their endpoints. 

The company urges users to go through the entire list of apps found here and make sure they remove any apps they might have installed.

• Here are the best firewalls right now

from TechRadar - All the latest technology news https://ift.tt/VMxZF6T

You Might Be Able to Outrun the World's Fastest Two-Legged Robot... for Now - CNET

Cassie the robot isn't ready for the Olympics just yet, but it might outpace you very soon.

from CNET https://ift.tt/N9UZ0fl

Latest Tech News

Skullcandy is coming back to the world of gaming with three new headsets: the SLYR, SLYR Pro, and the PLYR headphones; all of which are aimed at varying levels of gamers.

It’s been about 10 years since Skullcandy launched its last gaming headset, the PLYR 2, a device the company doesn’t officially sell anymore. Since then, gaming headsets have evolved dramatically, which means Skullcandy has its work cut out for it. The solution, at least according to the announcement, is to offer headsets that have a wide range of functionality for multiple platforms at a decent price.

Each pair of headphones is currently available for purchase on Skullcandy’s online store and are compatible with PC, mobile devices, and gaming consoles.  

Features and specs

First, you have the SLYR ($59.99)headset. Compared to the other two, this device is the more barebones model. It's a basic set of entry-level headphones; great for people who just want to plug in and listen. It houses two 50mm drivers that Skullcandy claims deliver a wide “frequency range and rich, detailed sound.” There’s also an extending microphone plus mute and volume controls on the cups. So, a pretty basic headset with no bells and whistles.

The SLYR Pro ($99.99), as the name implies, adds substantially more. It comes with a Clear Voice Smart Mic that filters out backward noise to maintain clear audio with the help of AI. Gamers can calibrate their audio via a combination of Skullcandy’s Enhanced Sound Perception hearing test and the new Skull-HQ app. In the app, you’ll also be able to adjust the mix between the game and voice chat so you can have one louder than the other, and manage the audio equalization. For its battery, the SLYR Pro will last you, according to Skullcandy. 24-hours. It also has fasting charging.

For the PLYR ($129.99) headset, it's hard to see what warrants that extra $30 price tag. If you take things at face value, the PLYR headset has two unique features: Bluetooth 5.2 connectivity and a built-in Tile feature, which is a type of tracking technology. Using the Tile app, you can have the PLYR headset “ring” so you can locate it if it's lost. However looking through the specifications for each headset, all of them have Bluetooth 5.2 connectivity. Plus the SLYR Pro has the same Tile tracking feature embedded within.

We reached out to Skullcandy to clarify what makes the PLYR stand above the SLYR Pro. Plus, we asked how people can download the Skull-HQ app for controlling audio. It's not publically on any online app store, as far as we can tell.

Decent headphones

Looking at everything, Skullcandy’s new headsets look potentially solid, even if two of them are a little too similar for our liking. But the question remains: will this be enough for Skullcandy to stand toe-to-toe (or ear-to-ear) with gaming headset industry titans? Probably not, but then again, these headsets are more entry-level and for gamers who don't want to mess around with the settings too much. On that front, they look good enough.

But if you’re in the market for something beefier, be sure to check out TechRadar’s best gaming headsets. We really like the Arctic Nova Pro from Steelseries. They come with low latency and spatial audio built-in. Just be prepared to pay a pretty penny.

from TechRadar - All the latest technology news https://ift.tt/o7gsTpH

See What Happens When AI Turns 'Simpsons' Characters Into Real People - CNET

D'oh! Mild-mannered Homer suddenly looks like the Hulk of Springfield.

from CNET https://ift.tt/qMRiSL3

Latest Tech News

Cybercriminals are trying to distribute new information-stealing malware by presenting it as gaming cheats and hacks. 

According to cybersecurity researchers from Cluster25, the malware, dubbed “Erbium”, is a malware-as-a-service, meaning whoever pays the monthly fee, gets to use all of its features.

Right now, the tool is being distributed as a game crack, but that could change at any time, should another threat actor rent it out, or go after a different type of victim.

Cheaper than RedLine Stealer

When it comes to features and prices, Erbium is similar to the infamous RedLine Stealer in its abilities, but is available for a fraction of its cost. 

The researchers are saying it can steal information stored in popular browsers (passwords, cookies, payment data, autofill information, etc.), data from cryptocurrency wallets (Atomic, Exodus, Electrum, and many others), two-factor authentication codes from a number of tools (Trezor Password Manager, EOS Authenticator, Authy 2FA, Authenticator 2FA), as well as grab screenshots, take Steam and Discord tokens, and Telegram authentication files.

At the same time, it is quite cheaper than RedLine, reprotedly only costing $100 for a monthly subscription, or $1,000 for a yearly license. While this still might sound like a lot, it costs roughly a third of what RedLine charges, and it is also worth mentioning that the price of Erbium rose from $9, signaling not only strong demand but also its rising popularity.

Read more

> This new Windows botnet could drain your crypto wallet

> Here's another good reason not to download pirated software

> Keep your endpoints safe with these tools

 The hacking community has also praised Erbium’s creators for all their hard work and the fact that they’re listening to and implementing the community’s feedback.

Speaking of the creators, Cluster25 did not determine who the authors are, but did find Erbium being promoted on Russian-speaking forums this past summer.

At the same time, endpoints in the US, France, Colombia, Spain, Italy, India, Vietnam, and Malaysia, were found compromised.

• Here's our rundown of the best firewalls right now

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/93S8kR2

Stop Sleeping With Your Dog - CNET

You might love nighttime snuggles with your pet -- but it can actually make your sleep worse.

from CNET https://ift.tt/1Lzb75m

Latest Tech News

Linux boss Linus Torvalds has optimistically announced that version 6.0 of the open-source operating system should be with users very soon, despite some minor delays.

According to his September 18 update on release candidate six (Linux 6.0-rc6), a lot of maintainers had been travelling because of the Maintainers' Summit in Dublin, as well as OSS EU and LPC. For this reason, rc6 was “artificially small”. 

Torvalds continues to discuss the smaller-than-usual size of the release candidate: “Or - putting my ridiculously optimistic hat on - maybe things are just so nice and stable that there just weren't all that many fixes?”

Linux 6.0 release date

Talking about the latest release candidate - rc7 - on the blog, Torvalds said he expected it to be “​​larger than usual due to pull requests having shifted one week later” which could lead to the Linux OS needing one further release (number 8). 

Read more

> These are the best Linux laptops around

> Linux 6.1 will tell you when your CPU is crocked

> Torvalds confirms Rust is coming to the new version of Linux

Despite expecting that rc7 would be a larger release than usual, it “​​doesn't really seem to have happened” according to Torvalds’ latest September 25 announcement. “It's marginally bigger than the historical average for this time of the release cycle, but it definitely isn't some outlier, and it looks fairly normal.”

He continues to dispel the previous indication that a further rc8 would be required. A successful rc7 makes him think that “the final release will happen right on schedule next weekend, unless something unexpected happens.”

In fact, according to the most recent Linux 6.0 update, it’s “the first time we have a clean 'make allmodconfig' build with no warnings from clang”.

Torvalds concludes his message with his hopeful plan of one final week of testing. The probable elimination of that rc8 means that Linux 6.0 looks to be “right on schedule next weekend”, leading us to believe that an early-October release is most likely.

• Check out the best laptops for programming

from TechRadar - All the latest technology news https://ift.tt/JIAisxu