Season 2 of The Finals launches on March 14, and strange things are happening in the arena. The game show has been compromised by the rogue hacking collective CNS, and showrunners are scrambling to decipher their cryptic messages—but one thing is clear: the show must go on! Throughout the jam-packed season of this free-to-play game, contestants can experience new weapons for each class, the hacked new map SYS$HORIZON, the all-new 5v5 game mode Power Shift, a new skill-based League System, rewarded weekly career progression, private matches—for now in a feature-limited beta version—and the new Hacker Playstyle, which adds several ways for contestants to alter the arena to their favor.

THE Finals' new Hacker Playstyle lets players step into the shoes of CNS, with a set of new gadgets and a new specialization that can be mixed and matched with players' existing toolset. Remove walls, defy gravity, tunnel across the arena, and transform items—become the glitch in the system, the ultimate cyber tactician, and bring a new dimension to the game.

Owners of TP-Link routers ought to heed a warning from the US government's Cybersecurity and Infrastructure Security Agency (CISA), as at least one router model from the company is vulnerable to known exploits. The exploit is actively targeted by Mirai botnet operators and it allows for injection of commands that could allow them to take over the routers via remote code execution (RCE) software. The router from TP-Link that is known to be vulnerable to the exploits is the Archer AX-21, a fairly recent entry level AX1800 Wi-Fi 6 model that is sold globally by the company.

The specific exploit for the Archer AX-21 is tracked as CVE-2023-1389 and is affecting all Archer AX-21 routers with a firmware version older than 1.1.4 2023019, as it's said to address the vulnerabilities. Users who have linked their router to a TP-Link cloud account and allow for automatic updates should already have had their router firmware automatically updated, but everyone else should update their router firmware as soon as possible. There have already been reports of the exploit being actively used by the Mirai botnet to take over routers in Eastern Europe as of the middle of last month, but further parts of the world aren't spared from attacks either by now. Routers might often be devices that are forgotten in a corner somewhere, but it's important to keep the firmware up to date, especially as they are increasingly becoming the target of hackers.

Western Digital has declared that its My Cloud online service has been compromised by a group of hackers late last month: "On March 26, 2023, Western Digital identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company's systems. Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities."

The statement, issued on April 4, continues: "The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company's business operations."

Earlier this week a 160 GB hoard consisting of 2869 files from Acer internal systems appeared for sale on a shady internet forum. The hacker claims to have stolen the data over the course of February 2023, and that it contains valuable files including confidential product data, technical manuals, binaries, backend infrastructure data, product model documentation, BIOS and ROM components, product keys, ISOs, and internal information on various laptops, phones, and tablets. Alongside the list of ill-gotten data they provided a snapshot of the trove to prove the authenticity, and requested payment via the cryptocurrency Monero (XMR).

Acer confirmed the breach on Tuesday to multiple sources stating:

We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server."

RansomHouse, a newly established group aimed at monetizing stolen data, claims to own more than 450 Gb of data coming from AMD. The RansomHouse group is structured as the middleman and makes sure that hackers and victims negotiate to get the funds to hackers and data back to victims. It is claimed that the leaked AMD data contains network files, system information, and AMD passwords. This could be a very dangerous data breach, as inter-company passwords are used to access confidential files and personal information. The group notes that they own 450 Gb or gigabits of data, which translates into 56.25 GB or gigabytes of stolen data. We are not yet sure if the Gb notation is misspelled. It is claimed that AMD's poor security practices like using "password" passwords lead to the data breach, and no special ransomware software was used.

Tom's Hardware reached out to AMD for a statement, and got the following response:

AMD Representative for Tom's HardwareAMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.

Internet services provider Cloudflare has announced that it has successfully protected one of its clients from one of the most powerful DDoS (Distributed-Denial-of-Service) attacks in history. According to the services provider, an undisclosed cryptocurrency platform was targeted by a botnet comprising around 6,000 "zombie" computers distributed throughout 112 different countries. The botnet ultimately generated a collective 15.3 million requests per second. While that's still shy of the largest recorded metric - set at 17.2 million requests per second - the fact that the DDoS attack occurred through HTTPS likely pushed its complexity above the record-setting attack, due to the higher computational workload of secure HTTP. The attack lasted 15 seconds.

DDoS attacks aim to flood a network with requests and data packets in a bid to overload and paralyze it. The attack also showcases the ingenuity of bad actors, as the originated from cloud-based ISPs, as attackers leverage more complex and capable networking hardware than what's usually offered by last-mile ISPs. According to Cloudflare, the botnet seems to have mostly compromised systems with Java-based applications that were still open to the recently-discovered CVE-2022-21449 vulnerability.

Samsung has reportedly been hacked by the LAPSUS$ hacker group who were responsible for the recent NVIDIA hack and source code releases. The group has previously stolen approximately 1 TB of data from NVIDIA servers and are currently demanding that NVIDIA release open-source GPU drivers and a bypass for the LHR GPU hash rate limiter. The stolen Samsung data is reportedly 190 GB in size containing the source code for Trusted Applets, bootloader, and account authentication in addition to biometric unlock algorithms and confidential source code from Qualcomm. This breach could have serious security ramifications for both Samsung & Qualcomm is these claims are substantiated.

Last week, NVIDIA systems were compromised by the attack of a hacking group called LAPSUS$. It has been a few days since the attack happened, and we managed to see source code of various software leaks through third-party anonymous tipsters and next-generation GPU codenames making an appearance. Today, NVIDIA issues a statement for the German PC enthusiast website Hardwareluxx, and we manage to see it below fully. The key takeaway from this quote is that NVIDIA believes that the compromised files will not impact the company's business in any meaningful manner, and operations continue as usual for NVIDIA's customers. The company's security team is analyzing the situation, and you can check out the complete statement below.

NVIDIA StatementOn February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.

We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.

Security is a continuous process that we take very seriously at NVIDIA - and we invest in the protection and quality of our code and products daily.

The mother of all cyberattacks hit NVIDIA over the weekend, putting out critical driver source-code, the ability to disable LHR for mining, and even insights into future NVIDIA hardware, such as the Blackwell architecture. An anonymous tipster sent us this screenshot showing a list of files they claim are the source-code of DLSS.

The list, which looks credible enough, includes C++ files, headers, and assets that make up DLSS. There is also a super-convenient "Programming Guide" document to help developers make sense of the code and build correctly. Our tipsters who sent this screenshot are examining the code to see the inner workings of DLSS, and whether there's any secret sauce. Do note that this is DLSS version 2.2, so a reasonably recent version including the latest DLSS 2.2 changes. This code leak could hold the key for the open-source Linux driver community to bring DLSS to the platform, or even AMD and Intel learning from its design. Stealing Intellectual Property is a big deal of course and NVIDIA's lawyers will probably be busy picking apart every new innovation from their competitors, but ultimately it'll be hard to prove in a court of law.

According to several reports in various media, NVIDIA has been hacked and several key systems, such as email and its internal developer tools have been down for the past few days. According to CRN, NVIDIA is investigating "an incident" and the company issued the following statement to the publication. "Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don't have any additional information to share at this time."

In a regulatory filing back in October 2021, NVIDIA seemingly warned its shareholders of a future attack on the company of some kind. NVIDIA claimed that it's hard to protect against attacks, as the attacks are getting more "prevalent and sophisticated". The filing went on to say "Our efforts to prevent and overcome these and similar challenges could increase our expenses and may not be successful. We may experience interruptions, delays, cessation of service and loss of existing or potential customers." Based on media reports, it's currently not known whether any data has been stolen or damaged and it appears that the attacker(s) haven't been identified.

If you've deployed an Asustor-made NAS (Network Attached Storage) to access your treasure trove of files across the wires of the Internet, you should disconnect it it from the Internet as soon as possible. A number of Asustor users have taken to Reddit and the company's forums, claiming their Asustor-bound files have been claimed and encrypted by a ransomware attack through a Deadbolt payload. This is the same ransomware that wreaked havoc with QNAP's NAS devices a while back.

The attack infects the user's NAS and proceeds to encrypt its contents, leaving each user with a message pointing towards a unique Bitcoin address. The offer: receive the decryption key in exchange for 0.03 Bitcoin (~$1,102, ~€976) - the same value asked at the time of the QNAP attack. Interestingly, Asustor doesn't seem to have received the same offer the perpetrators put forward to QNAP: 5 Bitcoin (~$183,906, ~€162,267) in return for information for the exploit data (€162,799) - or a universal decryption key for all affected users for 50 Bitcoin (~$1,8 million). That last bit there serves to put pressure on the company to pay up for the affected users, which could themselves pressure the company to take the deal.

Intel is expanding its Bug Bounty program with Project Circuit Breaker, bringing together a community of elite hackers to hunt bugs in firmware, hypervisors, GPUs, chipsets and more. Project Circuit Breaker broadens and deepens Intel's existing open Bug Bounty program by hosting targeted time-boxed events on specific new platforms and technologies, providing training and creating opportunities for more hands-on collaboration with Intel engineers. Project Circuit Breaker's first event, Camping with Tigers, is already underway with a group of 20 researchers who received systems with Intel Core i7 processors (formerly "Tiger Lake").

Project Circuit Breaker is possible thanks to our cutting-edge research community. This program is part of our effort to meet security researchers where they are and create more meaningful engagement. We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats - and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry's security assurance practices, especially when it comes to hardware. We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do."
-Katie Noble, director, Intel Product Security Incident Response Team (PSIRT) and Bug Bounty

BadgerDAO, "one of the most security-minded DAOs in operation", has been hit with a cryptocurrency heist enabled via a JavaScript hack on their website. BadgerDAO enables Bitcoin holders to "bridge" their cryptocurrency over to the smart-contract and DeFi-enabled Ethereum platform via its token, thus allowing access to the world of decentralized finance. After preliminary investigations aided by blockchain security and data analytics Peckshield, it seems that the bad actors inserted a malicious script in the BadgerDAO website - in turn intercepting Web 3.0 transactions and inserting a request to transfer the victim's tokens to the attacker's chosen address. It's currently estimated that around $120 million were siphoned off via this attack. A single transfer saw 896 Bitcoin being diverted this way - a cool $50 million.

As soon as BadgerDAO became aware of suspect wallet activity, the company immediately froze all smart contracts running in its platform - a way to stem the bleeding until the security audit could be conducted. Thursday night, BadgerDAO announced it had "retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own."

You might remember our recent post about the major GIGABYTE hack by attacker group RansomEXX where they stole 112 GB of data including confidential technical documents from Intel and AMD in addition to various GIGABYTE files. The attack occurred the week of August 2 and resulted in the temporary closure of GIGABYTE's headquarters, it would appear that GIGABYTE did not reach an agreement with the attackers as the first 7 GB of these documents have now been published online. The files were uploaded to RansomEXX's public website and included confidential AMD documents along with the source code for the Intel Manageability Commander. These documents have already confirmed the details of AMD's upcoming Ryzen Threadripper 5000 lineup and Socket AM5 cooler compatibility, we expect the hackers will continue to publish the stolen data unless an agreement is reached with GIGABYTE.

PC components major GIGABYTE has reportedly been hacked, with the attacker group, which goes by the name RansomEXX, stealing 112 GB in data that contains confidential technical documents from Intel, AMD, and others; which are released to GIGABYTE under strict NDAs, to help it design motherboards, notebooks, desktops, servers, and graphics cards. The group also deployed ransomware to encrypt GIGABYTE's data, which includes these documents. The attack allegedly occurred in the week of August 2, and GIGABYTE was forced to shut down its systems in its Taiwan headquarters. This even caused some downtime for its websites.

While it's conceivable that a company of GIGABYTE's scale would maintain timely cold backups of its data, and can recover almost everything RansomEXX encrypted, there's another aspect to this attack, and it's the data the attackers stole. They threaten to leak the data if a ransom isn't paid in time. This would put a large amount of confidential documents, including motherboard designs, UEFI/BIOS/TPM data/keys, etc., out in the public domain. GIGABYTE didn't comment on the issue beyond stating that it has isolated the affected servers from the rest of its network and notified law enforcement.

As security and innovation collide, Denuvo by Irdeto today announces it has joined the exclusive PlayStation 5 Tools and Middleware program. Denuvo, the leader in video games protection, offers its Anti-Cheat solution through this program to publishers and developers whose games are available on PlayStation 5.

Denuvo is at the forefront of games security with over 2 billion unique game installs protected across all platforms, and over 1,000 games secured. Joining the PlayStation 5 Tools and Middleware program therefore fosters Denuvo's continued commitment to excellence and innovation in game security. It also supports Denuvo's goal of protecting the developers' investment, where approximately 70% of their revenue is earned in the first two weeks after the launch of a game.

Oh the irony! Hacking was a very viable way to develop your character and play Cyberpunk 2077, but CD Projekt RED did not think their 2021 would be made worse due to an IRL hack. Not only did they lose out invaluable source code to hackers, but said hackers also sold the codes in a move that jeopardizes the structural integrity of a video game developer. You could make jokes about the 90's meme letter the hackers sent to the company, however they clearly don't see the humor in this situation as this has taken up resources which otherwise were meant to go towards patching Cyberpunk 2077- especially on older gen consoles.

CD Projekt RED took to twitter earlier today to inform us that the patch is delayed, as many speculated, but also that the additional time will also contribute towards increasing the scope of the patch beyond earlier updates. Indeed, in a situation where they simply can't seem to catch a break, perhaps transparency and downplaying expectations would have been the way to go. As it stands, the public feedback to this news is a gentle reminder to the sane TPU reader to keep social media and public comments at arm's length to maintain said sanity. We sympathize with CD Projekt RED and hope that they come out better to do better by their paying customers alike.

As if CD Projekt Red needed any more problems on their plate that weren't of their own creation, it seems that the hackers who recently infiltrated the company's infrastructure have turned out a profit on sensitive data. After source code for CD Projekt Red's Red Engine, Cyberpunk 2077, The Witcher 3, and Gwent were stolen from the company's servers, the company announced they had gone to the relevant authorities, and that they wouldn't negotiate with the data terrorists. Now, according to Cybersecurity company Kela, the hackers have de-listed their auction for the data - after requiring a starting bid of $1 million, and expecting $7 million for the entire package.

The deal apparently went through, with a condition that bars the hackers from re-selling the data to any other parties. It remains to be seen whether or not the thieves will abide by their word and the conditions reportedly set upon the sale. Of course, it is in the realm of possibility that CD Projekt Red themselves acquired the data anonymously so as to protect their corporate and technology interests - one can only imagine the repercussions of the company's efforts being exposed this way. And despite any ill sentiment that can be levied at the company for the state of Cyberpunk 2077's last-gen versions, I'd say that respect for the company's developers and team should have us all on their side on this one.

Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.

A Report via the New York Times paints an increasingly challenging picture for security specialists, technology users and businesses. Security firm Emsisoft reported a 41% increase in ransomware attacks in 2019 (in the US) compared to the previous year (up to 205,280 distinct attacks). The advent of cryptocurrencies with built-in anonimity, such as Monero, have become the favored extortion method employed by wrongdoers, shielding them from the usual checks and balances of the banking system. And with increasingly complex tools in the hands of hackers, plus the advantage of first strike new attacks enjoy, ransomware is becoming harder and harder to battle. According to the New York Times, citing security firm Coveware, the average payment for file decryption in 2019 rose to $84,116 in the Q4 2019, double what it was just in Q3. And in the last month of the year, the average decryption payment jumped more than twofold to $190,946.

Ouch doesn't even begin to describe how much that headline hurt. As far as speculative execution goes, it's been well covered by now, but here's a refresher. Speculative execution essentially means that your CPU tries to think ahead of time on what data may or may not be needed, and processes it before it knows it's needed. The objective is to take advantage of concurrency in the CPU design, keeping processing units that would otherwise be left idle to process and deliver results on the off-chance that they are indeed required by the system: and when they are called for, the CPU saves time by not having to process them on the fly and already having them available.

The flaws have been announced by Intel in coordination with Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle. While some of the parties involved have named the four identified flaws with names such as "ZombieLoad", "Fallout", and RIDL, or "Rogue In-Flight Data Load", Intel is using the PEGI-13 "Microarchitectural Data Sampling (MDS)" name.

This is a pretty high-profile heist, as heist come, since Binance is actually the rworld's biggest crypto exxchange in terms of traded volume. The act was reported by Binance as a well-conducted orchestra, with hackers using seemingly unconnected accounts at the most opportune time to achieve a single, high-value withdrawal of $41M (roughly 7,000 Bitcoin at current pricing) - only 2% of Binance's total value in their so-called "hot wallet".

The hackers also took away with several information on users' accounts: a large number of user API keys, 2FA codes, and "potentially other info" were taken besides the cool $41M in Bitcoin. Binance CEO Changpeng Zhao warned that the hackers could still be controlling enough relevant accounts that could allow them to influence pricing and make even more money.

Having the world's most pervasive operating system (or office suite) is sure to leave a big mark on any company when it comes to exploitation attempts from hackers. It's a simple equation: aim your efforts at a software that runs in millions (if not billions) of machines and even a light chink in the armor could be enough to cause a cascading effect through that many users.

This principle applies to almost everything: a small effect across a billion users usually provides greater returns than a large effect on one or two players. Kaspersky labs on its security report, presented at the Security Analyst Summit, reported that the favorite target for cyber attacks was Microsoft's Office suite - a 70% figure suggests an incredible attention given to Office, really. These Office-related cyber attacks don't directly relate to the suite itself; there are other, OS-integrated components that can be targeted, or simply that Office file extensions are used as clever, headache-inducing ways of disguising malware as the second greatest evil in the world - spreadsheets.

You know that iPhone you bought? Or that home appliance? Or that tractor? They're not yours. Not completely, I mean, because if something breaks, you'll have to repair them through the official repair services of the hardware maker. You can try to repair them by yourself, but you'll probably have a lot of trouble doing it or even getting an unofficial technical service to do it. Oh, and until now it even wasn't legal for you to try. Companies such as Apple, Microsoft, Samsung or John Deere have turned repair control into an art form. The DRM they impose on their products is becoming more and more complex, and there are lots of devices that are very complicated to open to try to repair.

Agencies like EFF have long been fighting for the so-called "right to repair" movement to try to fight these kinds of strategies, and these days those efforts have paid off. The Librarian of Congress and US Copyright Office have adopted "exemptions to the to the provision of the Digital Millennium Copyright Act ("DMCA") that prohibits circumvention of technological measures that control access to copyrighted works". This means that from now on, users will be able to hack the software and fix the hardware on (some of) their devices in order to repair or maintain them. The new rules apply to smartphones, "home appliances" and "home systems", but they go beyond there and will allow users to repair cars, tractors and other motorized land vehicles (no boats or planes, though) by modifying their firmware.

Magecart is a relatively new online exploit group that has been in the news recently for affecting British Airways, and Ticketmaster in the recent past months. This hithero-unrecognized group uses a web-based card skimmer script by injecting a precious few lines of malicious code in a website, to then steal sensitive data that customers enter in the payment sections of said affected websites. Two large digital threat management outfits, RiskIQ and Volexity, today released their reports on how Newegg was similarly affected during the time period of August 13, 2018 through September 18, 2018, and what this means to users who may have performed a transaction on the website during this period.

In particular, Newegg.com was affected when the criminals behind Magecart registed the neweggstats.com domain (now inactive) via domain provider Namecheap. As RiskIQ points out, this was soon changed to navigate to the 217.23.4.11 IP address, which is a Magecart server that was used to receive and store all collected user data from the compromise that happened since. A fake certificate was issued to add a layer of legitimacy to the domain, as seen below. Be sure to read past the break to find out more details, and also what the bottom line is for affected users.