Nvidia is upgrading its GeForce Now game streaming service to support 1440p resolution at 120fps in a Chrome or Edge browser. GeForce Now members on the RTX 3080 tier of the service will be able to access the new browser gameplay options today by selecting 1440p on the GeForce Now web version. From a report: Nvidia originally launched its RTX 3080 GeForce Now membership tier last year, offering streams of up to 1440p resolution with 120fps on PCs and Macs or 4K HDR at 60fps on Nvidia's Shield TV. Previously, you had to download the dedicated Mac or Windows apps to access 1440p resolution and 120fps support, as the web version was limited to 1080p at 60fps.

An anonymous reader quotes a report from Bleeping Computer: North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. The name of the false document was "Coinbase_online_careers_2022_07." When launched, it displays the decoy PDF above and loads a malicious DLL that ultimately allows the threat actor to send commands to the infected device. Security researchers at cybersecurity company ESET found that the hackers also had malware ready for macOS systems. They said that the malicious file is compiled for Macs with both Intel and Apple silicon, meaning that users of both older and newer models were targeted. In a thread on Twitter, they note that the malware drops three files [...].

ESET linked the recent macOS malware to Operation In(ter)ception, a Lazarus campaign that targeted high-profile aerospace and military organizations in a similar way. Looking at the macOS malware, the researchers noticed that it was signed on July 21 (as per the timestamp value) with a certificate issued in February to a developer using the name Shankey Nohria and team identifier 264HFWQH63. On August 12, the certificate had not been revoked by Apple. However, the malicious application was not notarized -- an automatic process that Apple uses to check software for malicious components. Compared to the previous macOS malware attributed to the Lazarus group of hackers, ESET researchers observed that the downloader component connects to a different command and control (C2) server, which was no longer responding at the time of the analysis.

Multiple people who appear to be employees of Microsoft have exposed sensitive login credentials to the company's own infrastructure on GitHub, potentially offering attackers a gateway into internal Microsoft systems, according to a cybersecurity research firm that found the exposed credentials. Motherboard reports: "We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it's becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days," Mossab Hussein, chief security officer at cybersecurity firm spiderSilk which discovered the issue, told Motherboard in an online chat. Hussein provided Motherboard with seven examples in total of exposed Microsoft logins. All of these were credentials for Azure servers. Azure is Microsoft's cloud computer service and is similar to Amazon Web Services. All of the exposed credentials were associated with an official Microsoft tenant ID. A tenant ID is a unique identifier linked to a particular set of Azure users. One of the GitHub users also listed Microsoft on their profile.

Three of the seven login credentials were still active when spiderSilk discovered them, with one seemingly uploaded just days ago at the time of writing. The other four sets of credentials were no longer active but still highlighted the risk of workers accidentally uploading keys for internal systems. Microsoft refused to elaborate on what systems the credentials were protecting when asked multiple times by Motherboard. But generally speaking, an attacker may have an opportunity to move onto other points of interest after gaining initial access to an internal system. One of the GitHub profiles with exposed and active credentials makes a reference to the Azure DevOps code repository. Highlighting the risk that such credentials may pose, in an apparently unrelated hack in March attackers gained access to an Azure DevOps account and then published a large amount of Microsoft source code, including for Bing and Microsoft's Cortana assistant. "We've investigated and have taken action to secure these credentials," said a Microsoft spokesperson in a statement. "While they were inadvertently made public, we haven't seen any evidence that sensitive data was accessed or the credentials were used improperly. We're continuing to investigate and will continue to take necessary steps to further prevent inadvertent sharing of credentials."

VideoLan, the developer of popular media player VLC, says Indian telecom operators have been blocking its website since February of this year in a move that is potentially impacting some users in one of the open source firm's largest markets. From a report: "Most major ISPs [internet service providers] are banning the site, with diverse techniques," VideoLan president and lead developer Jean-Baptiste Kempf said of the blocking in India, in an email to TechCrunch. India represents 10% of all VLC users worldwide, he said. The website's traffic has seen an overall drop of 20% as a result of the blocking in India. [...] VLC, downloaded over 3.5 billion times worldwide, is a local media player that doesn't require internet access or connection to any particular service online for the vast majority of its features. But by blocking the website, India is pushing its citizens to "shady websites that are running hacked version of VLC. So they are endangering their own citizens with this ban," Kempf added.

An anonymous reader quotes a report from Ars Technica: A successful phishing attack at SMS services company Twilio may have exposed the phone numbers of roughly 1,900 users of the secure messaging app Signal -- but that's about the extent of the breach, says Signal, noting that no further user data could be accessed. In a Twitter thread and support document, Signal states that a recent successful (and deeply resourced) phishing attack on Twilio allowed access to the phone numbers linked with 1,900 users. That's "a very small percentage of Signal's total users," Signal writes, and all 1,900 affected users will be notified (via SMS) to re-register their devices. Signal, like many app companies, uses Twilio to send SMS verification codes to users registering their Signal app.

With momentary access to Twilio's customer support console, attackers could have potentially used the verification codes sent by Twilio to activate Signal on another device and thereby send or receive new Signal messages. Or an attacker could confirm that these 1,900 phone numbers were actually registered to Signal devices. No other data could be accessed, in large part because of Signal's design. Message history is stored entirely on user devices. Contact and block lists, profile details, and other user data require a Signal PIN to access. And Signal is asking users to enable registration lock, which prevents Signal access on new devices until the user's PIN is correctly entered. "The kind of telecom attack suffered by Twilio is a vulnerability that Signal developed features like registration lock and Signal PINs to protect against," Signal's support document reads. The messaging app notes that while Signal doesn't "have the ability to directly fix the issues affecting the telecom ecosystem," it will work with Twilio and other providers "to tighten up their security where it matters for our users."

If you're using Zoom on a Mac, it's time for a manual update. The video conferencing software's latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system. From a report: The vulnerability was first discovered by Patrick Wardle, founder of the Objective-See Foundation, a nonprofit Mac OS security group. Wardle detailed in a talk at Def Con last week how Zoom's installer asks for a user password when installing or uninstalling, but its auto-update function, enabled by default, doesn't need one. Wardle found that Zoom's updater is owned by and runs as the root user. It seemed secure, as only Zoom clients could connect to the privileged daemon, and only packages signed by Zoom could be extracted. The problem is that by simply passing the verification checker the name of the package it was looking for ("Zoom Video ... Certification Authority Apple Root CA.pkg"), this check could be bypassed. That meant malicious actors could force Zoom to downgrade to a buggier, less-secure version or even pass it an entirely different package that could give them root access to the system.

"Apple, the world's biggest listed company, updated its general employee conduct policy about two years ago to explicitly prohibit discrimination on the basis of caste," reports Reuters, "which it added alongside existing categories such as race, religion, gender, age and ancestry.

Apple has more than 165,000 full-time employees, the article points out, and "The inclusion of the new category, which hasn't been previously reported, goes beyond U.S. discrimination laws, which do not explicitly ban casteism." The update came after the tech sector — which counts India as its top source of skilled foreign workers — received a wake-up call in June 2020 when California's employment regulator sued Cisco Systems on behalf of a low-caste engineer who accused two higher-caste bosses of blocking his career.... Since the suit was filed, several activist and employee groups have begun seeking updated U.S. discrimination legislation — and have also called on tech companies to change their own policies to help fill the void and deter casteism....

Elsewhere in tech, IBM told Reuters that it added caste, which was already in India-specific policies, to its global discrimination rules after the Cisco lawsuit was filed, though it declined to give a specific date or a rationale.
Meta, Amazon, and Google do not mention caste in internal polices, the article points out — but they all told Reuters it's already prohibited by their current policies against discrimination.

And yet, "Over 1,600 Google workers demanded the addition of caste to the main workplace code of conduct worldwide in a petition, seen by Reuters, which they emailed to CEO Sundar Pichai last month and re-sent last week after no response."

Union-organizing startup "Unit of Work" received a $1.4-million pre-seed investment led by the venture capital arm of billionaire Mike Bloomberg, reports the Los Angeles Times.

The startup's outside investors "have made fortunes backing technologies such as artificial intelligence, cryptocurrencies and video games. One is among California's foremost critics of public-sector labor unions." But the head of the startup's lead investment firm says that "whenever a community has a want that's going unfilled, there's an opportunity for companies." [T]hese people used to multibillion-dollar sales and IPOs see a big opportunity in the atomized, restive condition of America's workforce and the possibility of transforming it through a new era of unionization. "We only invest in areas where we think we can get a return," said Roy Bahat, head of Bloomberg Beta, the venture arm of billionaire Mike Bloomberg's media empire.

Unit's business model works like this: The startup's organizers provide free consulting to groups of workers organizing unions within their own workplaces — helping them build support to win elections, advising them on strategy in contract-bargaining sessions, guiding them through paperwork filings and around legal obstacles. Once a contract is in place, members of the new union can decide to pay Unit a monthly fee — similar to traditional union dues — to keep providing support.... Once the company starts earning income, it plans to buy out its investors and give their equity to the unions it helped organize, effectively transitioning corporate control to the customer base.

The approach has attracted some strange bedfellows. The second investment firm in the round, Draper Associates, is led by Tim Draper, a third-generation venture capitalist, bitcoin evangelist and outspoken critic of organized labor... [H]e launched a ballot initiative to ban public-sector unions in California.... "Unit of Work is making unions decentralized," Draper wrote in an email explaining his investment. "That will be awesome. Centralized unions tend to restrain trade, and government unions create bloated bureaucracy and poor government service on the whole.... "

Despite Draper's enthusiasm for independent unions, as opposed to nationally affiliated labor organizations, Unit's leaders and its website make clear that they support their clients if they decide to affiliate with a larger union.

The Independent reports that the UK's National Health System is experiencing a major outage "expected to last for more than three weeks" after a third-party supplying the NHS's "CareNotes" software was hit by ransomware.

Unfortunately, this leaves doctors unable to see their notes on patients, and the mental health trusts that provide care "across the country will be left unable to access patient notes for weeks, and possibly months." Oxford Health NHS Foundation Trust has declared a critical incident over the outage, which is believed to affect dozens of trusts, and has told staff it is putting emergency plans in place. One NHS trust chief said the situation could possibly last for "months" with several mental health trusts, and there was concern among leaders that the problem is not being prioritised.

In an email to staff, Oxford Health NHS Foundation Trust chief executive Nick Broughton, said: "The cyberattack targeted systems used to refer patients for care, including ambulances being dispatched, out of hours appointment bookings, triage, out of hours care, emergency prescriptions and safety alerts. It also targeted the finance system used by the trust.... An NHS director said: "The whole thing is down. It's really alarming...we're carrying a lot of risk as a result of it because you can't get records and details of assessments, prescribing, key observations, medical mental health act observations. You can't see any of it...Staff are going to have to write everything down and input it later."

They added: "There is increased risk to patients. We're finding it hard to discharge people, for example to housing providers, because we can't access records."
"'Weeks' is an unreasonable period," argues Slashdot reader Bruce66423, wondering why it couldn't be resolved with a seemingly simple restore from backups?

And Alan Woodward, a professor of cybersecurity at Surrey University, warns the Guardian that "Even if it was ransomware ... that doesn't mean data was not stolen."

Google uses Linux "in almost everything," according to the leader of Google's "product security response" team — including Chromebooks, Android smartphones, and even Google Cloud.

"Because of this, we have heavily invested in Linux's security — and today, we're announcing how we're building on those investments and increasing our rewards." In 2020, we launched an open-source Kubernetes-based Capture-the-Flag (CTF) project called, kCTF. The kCTF Vulnerability Rewards Program lets researchers connect to our Google Kubernetes Engine (GKE) instances, and if they can hack it, they get a flag, and are potentially rewarded.

All of GKE and its dependencies are in scope, but every flag caught so far has been a container breakout through a Linux kernel vulnerability.

We've learned that finding and exploiting heap memory corruption vulnerabilities in the Linux kernel could be made a lot harder. Unfortunately, security mitigations are often hard to quantify, however, we think we've found a way to do so concretely going forward....

First, we are indefinitely extending the increased reward amounts we announced earlier this year, meaning we'll continue to pay $20,000 — $91,337 USD for vulnerabilities on our lab kCTF deployment to reward the important work being done to understand and improve kernel security. This is in addition to our existing patch rewards for proactive security improvements.

Second, we're launching new instances with additional rewards to evaluate the latest Linux kernel stable image as well as new experimental mitigations in a custom kernel we've built. Rather than simply learning about the current state of the stable kernels, the new instances will be used to ask the community to help us evaluate the value of both our latest and more experimental security mitigations. Today, we are starting with a set of mitigations we believe will make most of the vulnerabilities (9/10 vulns and 10/13 exploits) we received this past year more difficult to exploit. For new exploits of vulnerabilities submitted which also compromise the latest Linux kernel, we will pay an additional $21,000 USD. For those which compromise our custom Linux kernel with our experimental mitigations, the reward will be another $21,000 USD (if they are clearly bypassing the mitigations we are testing). This brings the total rewards up to a maximum of $133,337 USD.

We hope this will allow us to learn more about how hard (or easy) it is to bypass our experimental mitigations.....

With the kCTF VRP program, we are building a pipeline to analyze, experiment, measure and build security mitigations to make the Linux kernel as safe as we can with the help of the security community. We hope that, over time, we will be able to make security mitigations that make exploitation of Linux kernel vulnerabilities as hard as possible.
"We don't care about vulnerabilities; we care about exploits," Vela told the Register. "We expect the vulnerabilities are there, they will get patched, and that's nice and all. But the whole idea is what do to beyond just patching a couple of vulnerabilities." In total, Google paid out $8.7 million in rewards to almost 700 researchers across its various VPRs last year. "We are just one actor in the whole community that happens to have economic resources, financial resources, but we need the community to help us make the Kernel better," Vela said.

"If the community is engaged and helps us validate the mitigations that we have, then, we will continue growing on top of that. But the whole idea is that we need to see where the community wants us to go with this...."

[I]t's not always about the cash payout, according to Vela, and different bug hunters have different motivations. Some want money, some want fame and some just want to solve an interesting problem, Vela said. "We are trying to find the right combination to captivate people."

AmiMoJo shares a report from Wired: Since 2018, ELON Musk's Starlink has launched more than 3,000 small satellites into orbit. This satellite network beams internet connections to hard-to-reach locations on Earth and has been a vital source of connectivity during Russia's war in Ukraine. Thousands more satellites are planned for launch as the industry booms. Now, like any emerging technology, those satellite components are being hacked. Today, Lennert Wouters, a security researcher at the Belgian university KU Leuven, will reveal one of the first security breakdowns of Starlink's user terminals, the satellite dishes (dubbed Dishy McFlatface) that are positioned on people's homes and buildings. At the Black Hat security conference in Las Vegas, Wouters will detail how a series of hardware vulnerabilities allow attackers to access the Starlink system and run custom code on the devices.

To access the satellite dish's software, Wouters physically stripped down a dish he purchased and created a custom hacking tool that can be attached to the Starlink dish. The hacking tool, a custom circuit board known as a modchip, uses off-the-shelf parts that cost around $25. Once attached to the Starlink dish, the homemade printed circuit board (PCB) is able to launch a fault injection attack -- temporarily shorting the system -- to help bypass Starlink's security protections. This 'glitch' allows Wouters to get into previously locked parts of the Starlink system. The researcher notified Starlink of the flaws last year and the company paid Wouters through its bug bounty scheme for identifying the vulnerabilities. Wouters says that while SpaceX has issued an update to make the attack harder (he changed the modchip in response), the underlying issue can't be fixed unless the company creates a new version of the main chip. All existing user terminals are vulnerable, Wouters says. Wouters is making his hacking tool open source on GitHub. Following his presentation, Starlink says it plans to release a "public update" to address the issue but additional details were not shared.

joshuark shares a report from Computerworld: Despite previously claiming the DogWalk vulnerability did not constitute a security issue, Microsoft has now released a patch to stop attackers from actively exploiting the vulnerability. [...] The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems. DogWalk affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.

The vulnerability was first reported in January 2020 but at the time, Microsoft said it didn't consider the exploit to be a security issue. This is the second time in recent months that Microsoft has been forced to change its position on a known exploit, having initially rejected reports that another Windows MSDT zero-day, known as Follina, posed a security threat. A patch for that exploit was released in June's Patch Tuesday update.

Facebook announced on Thursday it will begin testing end-to-end encryption as the default option for some users of its Messenger app on Android and iOS. The Guardian reports: Facebook messenger users currently have to opt in to make their messages end-to-end encrypted (E2E), a mechanism that theoretically allows only the sender and recipient of a message to access its content. Facebook spokesperson Alex Dziedzan said on Thursday that E2E encryption is a complex feature to implement and that the test is limited to a couple of hundred users for now so that the company can ensure the system is working properly. Dziedzan also said the move was "not a response to any law enforcement requests." Meta, Facebook's parent company, said it had planned to roll out the test for months. The company had previously announced plans to make E2E encryption the default in 2022 but pushed the date back to 2023. "The only way for companies like Facebook to meaningfully protect people is for them to ensure that they do not have access to user data or communications when a law enforcement agency comes knocking," Evan Greer, the director of the digital rights group Fight for the Future, said. "Expanding end-to-end encryption by default is a part of that, but companies like Facebook also need to stop collecting and retaining so much intimate information about us in the first place."

Software sold by market leaders tend to be primary purchases for regular consumers. Brand comfort is important but so too is affordability, especially when pirate copies are available for free. Some find a middle ground with purchases of discounted activation keys but, as a new Microsoft lawsuit shows, that can amount to copyright infringement for buyers and sellers alike. From a report: In a complaint filed at a Washington court this week, Microsoft targets Canadian company The Search People Enterprises Ltd (TSPE), assumed director Mehtabjit Singh, and 'John Doe' defendants 1-10. The defendants are described as prolific distributors of "black market access devices," aka activation keys and tokens for Microsoft software. Those who bought keys and tokens may have been under the impression that they were purchasing official software but as Microsoft explains, that is not only misleading but a mischaracterization of the things they were sold.

Products including Microsoft Office, Project, Visio, Windows 10, and Windows 11 are all subject to licensing terms that restrict how the products can be used. Microsoft can also provide a product activation key to be entered as part of the installation process, with data about the activation sent to the company's servers. Like software tokens, which enable downloads and automatic software activation, activation keys are anti-piracy tools, and exchanging money for them is not the same as buying a license. Indeed, Microsoft makes itself very clear -- the activation of a piece of software means nothing in the absence of a license. Microsoft's problem is that product activation keys can be 'decoupled' from the software they were meant to authorize and then reused to activate more copies of the software, in some cases more copies than the attached Microsoft license permits.

Matt Edmondson, a hacker and digital forensics expert, built a Raspberry Pi-powered anti-tracking tool that "scans for nearby devices and alerts you if the same phone is detected multiple times within the past 20 minutes," reports Wired. The device, which can be carried around or placed in a car, consists of parts that cost around $200 in total. From the report: The homemade system works by scanning for wireless devices around it and then checking its logs to see whether they also were present within the past 20 minutes. It was designed to be used while people are on the move rather than sitting in, say, a coffee shop, where it would pick up too many false readings. The anti-tracking tool, which can sit inside a shoebox-sized case, is made up of a few components. A Raspberry Pi 3 runs its software, a Wi-Fi card looks for nearby devices, a small waterproof case protects it, and a portable charger powers the system. A touchscreen shows the alerts the device produces. Each alert may be a sign that you are being tailed. The device runs Kismet, which is a wireless network detector, and is able to detect smartphones and tablets around it that are looking for Wi-Fi or Bluetooth connections. The phones we use are constantly looking for wireless networks around them, including networks they've connected to before as well as new networks.

Edmondson says Kismet makes a record of the first time it sees a device and then the most recent time it was detected. But to make the anti-tracking system work, he had to write code in Python to create lists of what Kismet detects over time. There are lists for devices spotted in the past five to 10 minutes, 10 to 15 minutes, and 15 to 20 minutes. If a device appears twice, an alert flashes up on the screen. The system can show a phone's MAC address, although this is not much use if it's been randomized. It can also record the names of Wi-Fi networks that devices around it are looking for -- a phone that's trying to connect to a Wi-Fi network called Langley may give some clues about its owner. "If you have a device on you, I should see it," he says. In an example, he showed WIRED that a device was looking for a network called SAMSUNGSMART.

To stop the system from detecting your own phone or those of other people traveling with you, it has an "ignore" list. By tapping one of the device's onscreen buttons, it's possible to "ignore everything that it has already seen." Edmondson says that in the future, the device could be modified to send a text alert instead of showing them on the screen. He is also interested in adding the capability to detect tire-pressure monitoring systems that could show recurring nearby vehicles. A GPS unit could also be added so you can see where you were when you were being tracked, he says. [...] Edmondson has no plans to make the device into a commercial product, but he says the design could easily be copied and reused by anyone with some technical knowledge. Many of the parts involved are easy to obtain or may be lying around the homes of people in tech communities. For those interested, Edmondson open-sourced its underlying code and plans to present the research project at the Black Hat security conference in Las Vegas this week.

An anonymous reader quotes a report from Motherboard: A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others, which are used by tens of millions of people all over the world. At the Black Hat cybersecurity conference in Las Vegas on Thursday, the researchers presented their findings, detailing how they could have hacked people who use Discord, Microsoft Teams, and the chat app Element by exploiting the software underlying all of them: Electron, which is a framework built on the open source Chromium and the cross-platform javascript environment Node JS. In all these cases, the researchers submitted vulnerabilities to Electron to get them fixed, which earned them more than $10,000 in rewards. The bugs were fixed before the researchers published their research.

Aaditya Purani, one of the researchers who found these vulnerabilities, said that "regular users should know that the Electron apps are not the same as their day-to-day browsers," meaning they are potentially more vulnerable. In the case of Discord, the bug Purani and his colleagues found only required them to send a malicious link to a video. With Microsoft Teams, the bug they found could be exploited by inviting a victim to a meeting. In both cases, if the targets clicked on these links, hackers would have been able to take control of their computers, Purani explained in the talk. For him, one of the main takeaways of their research is that Electron is risky precisely because users are very likely to click on links shared in Discord or Microsoft Teams.

Mailchimp appears to have suspended the accounts of several crypto-related firms, according to the affected outlets. Crypto firms on the chopping board include intelligence platform Messari. From a report: Founder Ryan Selkis posted on Twitter revealing the suspension and expressing his disappointment. Crypto wallet provider Edge, NFT artist Ocarina, and Jesse Friedland -- the founder of NFT collection Cryptoon Goonz -- are among prominent names that appear to have had their accounts suspended in the last several weeks, according to the Decrypt report.

Google will stop giving snappy answers to stupid questions, the company has announced, as it seeks to improve its search engine's "featured snippets" service. From a report: That means users should see fewer answers to questions such as "When did Snoopy assassinate Abraham Lincoln?", to which the service would once merrily respond with "1865" -- the right date, but very much the wrong assassin. "This clearly isn't the most helpful way to display this result," said the company's head of search, Pandu Nayak, in a blogpost announcing the changes. "We've trained our systems to get better at detecting these sorts of false premises, which are not very common, but there are cases where it's not helpful to show a featured snippet. We've reduced the triggering of featured snippets in these cases by 40% with this update."

Snippets, which sometimes show up as a featured response to direct questions asked of Google Search, have long been a cornerstone of the company's AI strategy. The same technology powers its smart speakers and voice assistants, and lets the search engine satisfy search queries without visitors clicking away to other websites. But the snippets, which are automatically generated from the contents of websites, have also been a thorn in Google's side for just as long. [...] In an effort to address the root cause of such mistakes, Google is also rolling out new warnings for times when a search term has hit a "data void" -- a question where a good answer might simply not exist.

An anonymous reader quotes a report from BleepingComputer: Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee's account. "Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors," a Cisco spokesperson told BleepingComputer. "Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations. On August 10 the bad actors published a list of files from this security incident to the dark web. We have also implemented additional measures to safeguard our systems and are sharing technical details to help protect the wider security community."

The Yanluowang threat actors gained access to Cisco's network using an employee's stolen credentials after hijacking the employee's personal Google account containing credentials synced from their browser. The attacker convinced the Cisco employee to accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang that impersonated trusted support organizations. The threat actors finally tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user. Once they gained a foothold on the company's corporate network, Yanluowang operators spread laterally to Citrix servers and domain controllers.

"They moved into the Citrix environment, compromising a series of Citrix servers and eventually obtained privileged access to domain controllers," Cisco Talos said. After gaining domain admin, they used enumeration tools like ntdsutil, adfind, and secretsdump to collect more information and installed a series of payloads onto compromised systems, including a backdoor. Ultimately, Cisco detected and evicted them from its environment, but they continued trying to regain access over the following weeks. [...] Last week, the threat actor behind the Cisco hack emailed BleepingComputer a directory listing of files allegedly stolen during the attack. The threat actor claimed to have stolen 2.75GB of data, consisting of approximately 3,100 files. Many of these files are non-disclosure agreements, data dumps, and engineering drawings.

The preliminary Mercury Research CPU market share results are in for the second quarter of 2022, arriving during what is becoming a more dire situation for the PC market as sales cool after several years of stratospheric growth. From a report: According to the recent earnings report from Intel, AMD, and Nvidia, the recovery will be a long one. Still, for now, AMD appears to be weathering the storm better than its opponents as it continued to steal market share from Intel in every segment of the CPU market. The desktop PC market is still on fire, but it isn't a good kind of fire. Intel issued a dire earnings report last week -- the company lost money for the first time in decades, partially driven by PC declines. Intel also announced it was delaying its critical Xeon Sapphire Rapids data center chips and killing off another failing business unit, Optane; the sixth unit retired since new CEO Pat Gelsinger took over.

In contrast, AMD's revenue was up 70% year-over-year as the company continued to improve its already-great profitability. AMD is firing on all cylinders and will launch its Ryzen 7000 CPUs, RDNA 3 GPUs, and EPYC Genoa data center processors on schedule. That consistent execution continues to pay off. AMD continued to take big strides in the mobile/laptop market, setting another record for unit share in that segment with 24.8%. AMD also gained in the server market for the 13th consecutive quarter, reaching 13.9% of the market. Notably, AMD's quarterly gain in servers is the highest we've seen with our historical data, which dates back to 2017.