Hackers are once again targeting poorly secured Linux SSH servers, researchers have claimed.
The aim of the attackers is to install tools that will enable them to breach more servers. Ultimately, they either sell this access to their peers or install cryptocurrency miners and other malware on the endpoints.
Cybersecurity researchers from the AhnLab Security Emergency Response (ASEC) claim to have observed threat actors installing port scanners and dictionary tools on vulnerable servers.
Selling the access
First, the hackers would try to guess the target’s SSH credentials with a classic brute-force, or dictionary attack. The process is automated and allows them trying thousands of possible username/password combinations in a short amount of time.
If the server is poorly protected and has a password that’s easy to guess (for example, “password”, or “12345678”), they can access it and then install other malicious software. The researchers have seen the attackers install scanners hunting for port 22 activity. As they explained, that port is associated with the SSH service, and that allows them to identify additional endpoints to target.
At that point, they have multiple options – either to sell the access on the dark web, or install additional malware. In examples of the latter, the threat actors were observed installing distributed denial of service (DDoS) tools as well as cryptocurrency miners.
“Threat actors can also choose to install only scanners and sell the breached IP and account credentials on the dark web,” the researchers said. “These tools are believed to have been created by PRG old Team, and each threat actor modifies them slightly before using them in attacks,” they concluded.
The best way to keep your servers safe from these attacks is to use a strong password, consisting of lowercase and uppercase letters, numbers, and special symbols. It would be even better if the characters were seemingly random and didn’t follow a pattern (for example, a name or an important date).
The income tax department has clarified the applicability of TDS liability of e-retailers trading through the government’s ONDC initiative. ONDC or Open Network for Digital Commerce is a new initiative of the Department for Promotion of Industry and Internal Trade (DPIIT) incorporated in December 2021. A Section 8 company, ONDC is an initiative of the DPIIT to create a facilitative model to help small retailers take advantage of digital commerce. It is not an application, platform, intermediary, or software but a set of specifications designed to foster open, unbundled, and interoperable open networks. CBDT issues FAQ on taxation As per the FAQs issued by the Central Board of Direct Taxes (CBDT), a 1% TDS will have to be deducted from the gross sale amount after including convenience/ packaging/shipping fees as charged by ecommerce trading platforms for the order placed on ONDC. The CBDT had received representations seeking clarity on who should be liable for Tax Deducted at Source (TDS) compliance under I-T laws. Under the law, every ecommerce operator is required to deduct TDS at the rate of 1% of the sales amount of goods/services sold through its platform. The CBDT has clarified that in a situation where multiple e-commerce operators (ECOs) are involved in a single transaction through the ECO platform, the TDS compliance is to be done by the supplier side, who finally releases the payment to the supplier.
The Ohio Lottery apperas to have suffered a ransomware attack which forced it to shut some of its systems down and also allegedly lost sensitive data on millions of its users.
On December 24, the company issued a press release claiming to have suffered a “cybersecurity incident” that resulted in the shutdown of “some of its internal applications”.
An investigation is already underway, but the gaming system remains “fully operational”, the company confirmed.
Selling the access
However, mobile cashing, as well as prize cashing above $599 at Super Retailers, are currently not available. “The Lottery will notify the public once these services resume. In the interim, prize claims can still be mailed to the Ohio Lottery Central Office,” the press announcement reads.
What’s more, winning numbers for KENO, Lucky One, and EZPLAY Progressive Jackpots are also not available on the company website or mobile app. Users can check the results at any Ohio Lottery Retailer, the company said.
The company did not share any details about the threat actors, their methods, or demands, but BleepingComputer has. In its writeup, the publication says DragonForce has claimed responsibility for the attack. This is a relatively new and unknown entrant in the ransomware space.
“More than 3,000,000+ entries, first name, last name, mail, addresses, winning amounts! SSN + DOB records of employees and players,” the group was cited as saying on a dark web page. “The total weight of the leak when unpacked is about 600+ gigabytes.”
For hackers, stealing sensitive identity data from a lottery company is the same as hitting the jackpot (pun definitely intended). Personal data is often used for phishing attacks. These emails typically carry a sense of urgency, which can deter victims from thinking things through before acting. Ohio Lottery players should exercise caution when receiving email messages claiming they have won a grand prize.
Keeping with the tradition, Tata Sons chairman N Chandrasekaran sent a ‘New Year message’ to Tata Group employees. In his year-end letter to employees, Chandrasekaran cautioned employees about the anticipated volatility and disruption in 2024, driven by data privacy regulations and evolving global landscape with 40 nations heading to polls during the year. Appoint AI champions “The next decade will belong to companies who excel in giving customers excellent experiences. With our growing footprint in consumer businesses, we have to bring empathy to every interaction—be that in Air India, Tata Motors or Titan. Brand Tata must be recognisable across all companies. And our group’s aim should not be merely to adopt, or adapt to, technology. We need to shape it, and make it. This New Year, I urge each company to appoint an AI champion to proactively pursue the benefits of AI—economically, operationally and socially,” he said. “The world faced an array of destabilising trends, from escalating geopolitical tensions to the mass adoption of generative AI to the ever-accelerating push toward sustainability. Some of these trends have been welcome; others much less so. But all of them have made the rules and processes governing our world trickier to navigate—and all of them have added to the pressure to adapt,” he said. “I am thrilled that in this difficult global context, our Group performed admirably in 2023. Our transformation—following the principles of Simplification, Synergy, Scale, Sustainability, Supply Chain and AI—has progressed well across our companies. There are too many successes to list here. We also celebrated Tata Technologies’ historic IPO, and the announcement of new gigafactories—exciting moves that I am confident will bring resilient growth for decades to come,” he added. India’s future is bright As part of the group’s commitment to tackling India’s unique challenges, it launched the Tata Transformation Prize, an award celebrating path breaking research and development. “The first entries have already vindicated my faith in India’s exceptional science and research community. I am certain that with the right support, transformational breakthroughs will come across multiple fields,”’ Chandrasekaran said. Need to introduce right rules for AI While the near-term global outlook feels shadowed with uncertainty, India’s future is bright, he said. “In 2023, we fared better than most. Our economy is thriving, with GDP on track to double to USD 7 trillion over the next five years. And I am certain that India is poised to benefit from the shifts transforming the world. Generative AI, for example, is a potential antidote to our access and inequality problems—provided we are careful and introduce the right rules” he said..
Getting a new computer is super exciting, whether you’ve picked up a new gaming rig or an updated laptop. But getting the new hardware invariably means that you now have some old gear hanging around. Sure, you could put it in a cupboard or the garage and forget about it, or you could send it to the scrapheap instead. But wouldn’t be better to find a cool new use for it?
There are plenty of different ways to turn an old PC or laptop into something useful, including the doorstop that more than a few old machines have found themselves becoming. But there are some real ways that old computers can make themselves useful, and best of all they normally won’t cost you a penny.
The possibilities are almost endless, but we’re going to focus on a handful of the most interesting ways an old computer can find a new lease of life in your home or office.
The home fileserver
This is one that’s particularly handy if you’re a family or working in a small office, both instances where giving people quick and easy access to information can be a huge win. Whether those files are MP3s of your music collection or the latest business proposal, having them to hand at all times is easy with a fileserver.
Many people use things like Raspberry Pis or network-attached storage (NAS) devices for this kind of thing, but you can set your old computer up to do the same job without buying any additional hardware. You can of course use the same operating system that’s already installed, likely a flavor of Windows, or you can install software built for the job. Amahi is one solution, as is FreeNAS, and as ever, Google is your friend.
The web server
Setting up a web server on the internet is surprisingly cheap these days, but where’s the fun in letting someone else do it for you? Thanks to fast always-on home internet connections there are now few reasons that you can’t host your own server and provide web pages to the internet yourself.
Setting up a web server will give you the chance to learn more about cool technology like Linux as well as how the internet actually works — including the dastardly world of DNS. If you’re technically inclined, setting up a web server can be a rewarding experience and you can then self-host a website via WordPress or one of the many different solutions without spending a penny.
The learning PC
If you’re learning how computers work there are few better ways to do it than with a machine that you aren’t worried about breaking — and your newly-old PC or laptop is the perfect example.
Whether you want to get to know how to fix problems with Windows or get to grips with the command line and Linux — and the many different versions thereof — a PC that you don’t need to work at the end of the day is vital. It takes the pressure off and gives you the room you need to make mistakes and learn from them.
The firewall and ad-blocker
Similar to the idea of hosting your own website or fileserver, you can also turn any old computer into a firewall for additional control over how your devices connect to the internet.
PiHole is software that can be run on just about anything — not just a Raspberry Pi, as the name suggests — and then configured to block ads and control what websites different devices can access. This can be a real boon if you have kids and want to prevent their personal phones and tablets from reaching specific websites and services, for example. And like the rest of our examples, this won’t cost a thing to get up and running and you’ll even learn a thing or two in the process.
Distributed computing
If none of those ideas get you excited, you could always turn to distributed computing as a way to put that old computer to good use.
Distributed computing projects use the collective power of computers all around the world to crunch numbers in an attempt to solve complicated problems. Those problems include trying to locate extraterrestrial intelligence and helping with scientific research.
All you have to do is install a piece of software on your old computer and set it on its way. It’ll use its CPU and GPU to crunch numbers and solve problems, much in the same way that cryptocurrencies can be mined.
Which brings us to…
The crypto miner
There are tons of dedicated mining rigs out there, but you can use any computer. The more powerful the better, and strong GPUs are preferred. But while the days of making your fortune from mining crypto in your home are probably gone, it still might be something that you want to get into — again, it’s a learning experience as much as anything.
Really old computers are going to struggle here, so keep that kind mind. And sometimes just buying crypto is a better option. But where’s the fun in that?
Donate to a worthy cause
The final option on our list might be the best of all because it means that kids who might otherwise not have access to a computer get the opportunity to use one.
Many local schools or libraries will be more than grateful for a free computer, so long as it’s fully working and doesn’t look like it’s been kicked around the yard.
Don’t have a school or library to hand? There are plenty of charities that will accept your old hardware, and this is a great way to move on your old computer if you no longer need it yourself.
Samsung is expected to announce the Galaxy S24 series at its Galaxy Unpacked event in January next year. Ahead of that, several leaks and rumours about the upcoming phones have surfaced revealing key details about them. The most recent one comes in the form of an infographic that reveals the complete specifications of the upcoming Galaxy S24 series phones. The X post from WigettaGaming carries the image with all the specifications of the Galaxy S24 series phones.According to the infographics, Samsung will launch three variants in the Galaxy S24 series — Galaxy S24, Galaxy S24 Plus and Galaxy S24 Ultra. Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra: Revealed specifications The new leaked image claims that Samsung will launch the Snapdragon 8 Gen 3-powered Galaxy S24, Galaxy S24+ and Galaxy S24 Ultra in the US and Canada. The rest of the world will get the Exynos 2400-powered versions of the phone. Apart from that, all three handsets are expected to feature Dynamic AMOLED 2X displays with 120Hz variable refresh rate and a peak brightness of 2600 nits. As far as screen sizes are concerned, the Galaxy S24 is expected to come with a 6.2-inch display with FHD+ resolution, the Galaxy S24+ will feature 6.7-inch FHD+ and the Ultra will feature a 6.8-inch QHD+ display. Apart from this, the handsets will come with One UI 6.1 based on the Android 14 operating system out of the box. The infographic also confirms that the handsets are speculated to come loaded with several AI-based features like Dynamic Lock screen, Smart Keyboard, etc. In terms of camera, the Galaxy S24 and Galaxy S24+ are expected to share the same camera setup as the Galaxy S23 series. This includes a 50MP primary camera, a 12MP ultra-wide camera and a 10MP telephoto sensor with 3X optical zoom. At the front, the phone is expected to come with a 12MP dual-pixel selfie camera. The Galaxy S24 Ultra, on the other hand, is speculated to offer a 200MP primary camera along with a 12MP ultra-wide, a 10MP telephoto with 3x optical zoom, and a new 50MP telephoto sensor with 5x optical zoom. RAM and storage options are also expected to remain unchanged from the previous generation. The Galaxy S24 and Galaxy S24+ are expected to come with up to 8GB RAM and the S24 Ultra will offer 12GB RAM by default. Moreover, the Galaxy S24 is expected to offer a slightly slower UFS 3.1 storage compared to UFS 4.0 on other two variants. Galaxy S24 is expected to be backed by a 4000mAh battery, Galaxy S24+ is speculated to offer 4900mAh battery and the Ultra will most likely come with 5000mAh battery. Also, the vanilla variant will top out at 25W charging, while the other two are expected to support 45W fast charging.
South Korean video game developer and maker of BGMI has partnered with RisiginWings to announce the early access for the popular archery simulation game “Archery King” in India. The game is now available for early access on Google Play Store, where players can download and enjoy the test version of the game for free. What is Archery King “Archery King” is a mobile game that simulates the thrill and challenge of archery, where players use virtual bows and arrows to aim at targets and score points.The game features various levels of difficulty, realistic physics, and diverse environments, to constantly challenge and engage players. The game has previously enjoyed immense popularity in India, having accumulated 20 million downloads in the region in the past. Now, KRAFTON and RisingWings are working together to tailor the game to the preferences of the Indian gaming community. During the early access phase, feedback on player experiences and preferences will be collected through comprehensive surveys, in order to craft a gaming experience that truly resonates with the Indian audience. Minu Lee, Head of Publishing at KRAFTON India, expressed excitement, stating “We are very excited to bring back ‘Archery King’ to the Indian market, as we know how much the game is loved and missed by the fans. We hope that the early access version of the game will provide a satisfying and enjoyable experience for the players, and we look forward to hearing their feedback and suggestions. Our goal is to continue to deliver fun and immersive titles that resonate with the Indian community and constantly raise the bar for mobile gaming in the country.” The preview edition of “Archery King” provides a glimpse into thrilling features, including the “Challenge Mode,” which presents 120 increasingly difficult single-player stages with a range of targets, from standard to moving objectives. This mode assesses players’ timing and precision, providing an exciting gaming experience. Dive into the early access version of “’Archery King” on the Google Play Store(Link). Stay tuned for more updates.
WhatsApp has recently rolled out the latest beta version 23.25.10.72 on iOS. The update brings a new feature that will allow users to share audio and video during video calls. The feature, according to WABetaInfo, will be available for users during video calls when the screen-sharing feature is active. This means, the feature can be considered as an extension of the screen-sharing feature.If you don’t know, currently WhatsApp’s screen-sharing feature allows users to share non-protected video content with others during video calls. With the feature, users can now share audio as well and listen to it together with all the participants in the video call. The feature is being tested on the beta version of the app on iOS and it is currently available for select TestFlight users right now. We expect WhatsApp will expand it to other platforms as well as more users worldwide before officially rolling it out in the stable version of the app. How the feature works The functionality of the new audio-sharing feature appears to be pretty straightforward. Once the user has established a video call, as the feature does not work on audio calls, they can share their screen with the other user or participants in case of group video calls. After this, they can simply play a video file they want to share and WhatsApp will now transfer the screen content ( that it does when the screen sharing is on) along with the audio. Recently, WhatsApp has started testing a new feature that allows users to make WhatsApp more protected against attacks and scams. This includes a new Safety Tool that lets users block or report contacts.
Cybersecurity researchers from McAfee hae uncovered over a dozen malicious apps lurking in the Google Play Store.
The researchers claim these apps were carrying a potent piece of malware, capable of stealing sensitive data from the infected Android devices and possibly even running ad fraud.
The apps were downloaded at least 330,000 times.
Accessibility Service
According to the researchers, the backdoor is called “Xamalicious”, and has so far been discovered in thee following apps:
– Essential Horoscope for Android – 100,000 installs
– 3D Skin Editor for PE Minecraft – 100,000 installs
– Logo Maker Pro – 100,000 installs
– Auto Click Repeater – 10,000 installs
– Count Easy Calorie Calculator – 10,000 installs
– Dots: One Line Connector – 10,000 installs
– Sound Volume Extender – 5,000 installs
After being labeled as malicious, Google removed these apps from its app repository.
While Google’s action is commendable, the move doesn’t protect users who already downloaded the apps in the past, with some reportedly having been available for download since mid-2020. They will have to remove those manually and use an anti-virus program or cleaner to remove up any loose ends.
The majority of the victims were found in the US, the UK, Germany, Spain, Australia, Brazil, Mexico, and Argentina.
To operate properly, the malware asks the victim to grant it Accessibility Service permissions, which is often a red flag and should help most people identify a malicious app from a legitimate one.
That being said, with Accessibility enabled, the malware is able to grab device and hardware information, including Android ID, brand, CPU, model, OS version, language, developer options status, SIM details, and firmware. Furthermore, it can identify the device’s physical location, ISP name, organization, and services. It also comes with a few features to help it determine if it’s installed on a genuine device or an emulator.
Finally, the malware can pull a second-stage payload from the C2 server.
Meta-owned photo and video sharing platform Instagram has received tons of new features throughout the year. The biggest one has to be the Threads launch and it’s integration with Instagram. 2023 still has a couple of days left and ahead of that, Instagram is not done testing new features for the platform. A new report by Wccftech suggests that the social media platform is testing the ability to share another profile on your Instagram Story and also invite followers to visit and follow the Instagram profile shared by them. The new feature was spotted by an app developer Alessandro Paluzzi which claims that users may get “Add to Story” option in their profile that lets them share others profile in their Instagram Story.He also mentions that the feature is supposed to be straightforward as users can simply choose this option and then add others’ profile they want to share as their story. The feature appears to be interesting, especially for content creator and business owners who want to promote their page or product to gain more followers. The implications of this feature extend far and wide, particularly proving invaluable for influencers and individuals seeking to amplify the visibility of their secondary profiles. For instance, introducing a business page to followers will become effortless with the feature. The screenshot shared has a “View Profile” button on the Story asking users to click on it to visit the shared profile. The rollout details of the feature seems to be a little far fetched as of now. However, ndications point toward an early 2024 debut, possibly within the inaugural weeks of the new year.