radar-rss
Fake AI video generators are being used to hack Windows and macOS devices
Crooks are advertising fake software hiding malware and infostealers.
Security researchers discover ad campaign for a piece of fake softwareSoftware was advertised as an AI-powered photo and video editorIn reality, it was distributing the AMOS and Lumma Stealer malware
Hackers are hiding infostealers and other malware behind fake AI-powered photo and video editors, experts have claimed.
A cybersecurity researcher alias g0njxa found a socail media advertising campaign promoting the malware, posing as a fake editor called EditPro, and propped up an accompanying website editproai[dot]pro.
Then, they created deepfake videos of Presidents Trump and Biden enjoying ice cream together, and used them in ads posted on social media sites such as X. The fake editors were built for both Windows and macOS, but anyone who falls for the trick and downloads the program, will end up installing either Lumma Stealer or AMOS.
Lumma and AMOS
Lumma Stealer is a malware-as-a-service (MaaS) tool designed to steal sensitive information, including login credentials, cookies, browsing history, credit card data, and cryptocurrency wallet details.
The malware employs sophisticated techniques like process injection and encrypted communications with command-and-control servers, making it challenging to detect and mitigate. It has been active since 2022, with frequent updates enhancing its evasion and data theft strategies.
AMOS, short for Attack Management and Operations System, is a platform that enables threat actors to manage malware campaigns with minimal technical skills. It acts as a command-and-control (C2) system, and provides tools for deploying malware, managing infected systems, and exfiltrating stolen data.
It is typically used to coordinate large-scale attacks, automating many aspects of the cybercriminal workflow.
If you downloaded the fake EditPro software, assume that all of your passwords, and sensitive information stored on the device, are compromised. As such, make sure to first remove any traces of the malware from the computer, before updating all passwords and other sensitive data. Enable 2FA wherever possible, and move your cryptos and NFTs to a new wallet with a new seed phrase.
Via BleepingComputer
You might also like
Lumma Stealer malware linked as project fixes in GitHub commentsHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now
Equinix is closing its bare metal IaaS platform
After around six years on offer, Equinix Metal is set to be discontinued from June 30, 2026.
Equinix Metal will no longer be sold from June 30, 2026Performance, security and stability updates will be prioritized until thenMarket dominance by established hyperscalers makes it hard to compete
Equinix has confirmed it will discontinue its bare-metal infrastructure-as-a-service (IaaS) platform from June 2026.
The decision to ax Equinix Metal was communicated to customers in a letter from Chief Business Officer Jon Lin and Chief Sales Officer Mike Campbell, giving a warning period of more than 18 months.
New features are no longer being prioritized for Equinix Metal, however the company promises to continue delivering performance, security and stability features until it is sunsetted.
Equinix Metal given 2026 end-of-life date
Equinix’s bare-metal service is a fairly recent addition to the company’s portfolio. It came about after the company acquired hosting company packet for $100 million, but will have only been available for a period of around six years once it gets discontinued on June 30, 2026.
Besides continuing to offer the relevant updates, Equinix is also offering to support customers in transitioning to alternative solutions, including collocation, managed and third-party services.
The service has been launched to allow businesses to deploy x86 and Arm servers within Equinix’s data centers, however CFO Keith Taylor suggested that Metal accounts for just 1.25% of the company’s revenue, which ultimately led to the decision to end support for the product.
The company confirmed: “Equinix is moving towards the end-of-life for our bare metal as a service product as we focus on the growth and acceleration of parts of our business, like colocation, interconnection, and hyperscale.”
More broadly, in October 2024 Equinix signed a joint venture deal to raise $15 billion to build xScale data centers for hyperscaler clients in a nod to the surging demand for AI-driven workloads.
The decision to retreat from the market is also a reflection of the highly competitive landscape, dominated primarily by hyperscalers like Amazon Web Services, Microsoft Azure and Google Cloud.
You might also like
We’ve listed all the best cloud computing servicesIBM will now rent you a cloud-ready bare metal setupCheck out our roundup of the best servers for small businesses
T-Mobile confirms its network was hit by Chinese hackers
T-Mobile struck by its ninth breach since 2019, with Salt Typhoon to blame.
T-Mobile has joined the list of Salt Typhoon victimsSalt Typhoon has been heavily targeting the telecommunications sectorNo evidence has been found to suggest customer data access
T-Mobile has joined the growing list of US telecom operators who have been breached by Salt Typhoon.
The company confirmed in a statement to the Wall Street Journal that while a breach had occurred, there was no evidence to suggest the attackers had accessed or exfiltrated any customer data.
“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information. We will continue to monitor this closely, working with industry peers and the relevant authorities,” the company said in its statement.
Salt Typhoon continues attack
Salt Typhoon has been conducting a broad attack against US and Canadian telecommunications companies and internet service providers in what is thought to be a critical infrastructure mapping and espionage campaign.
The FBI recently confirmed the group had successfully gained access to networks and private communications of members of the US government.
The US government has also issued a warning through the Consumer Financial Protection Bureau (CFPB) for its workers to avoid using personal cell phones for work purposes, stating, “While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised.”
In a further statement to BleepingComputer, T-Mobile added, “Due to our security controls, network structure and diligent monitoring and response we have seen no significant impacts to T-Mobile systems or data. We have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced.”
The group is widely recognized as a Chinese state-sponsored threat actor and the campaign is thought to be a mapping and vulnerability hunting campaign for future attacks.
Other telecommunications companies affected by the same campaign include AT&T, Lumen Technologies, and Verizon, with the attackers potentially having access to customer data and networks for several months. A network used by US authorities to submit requests pursuant to court orders was also breached.
A roundup of T-Mobile breaches by BleepingComputer puts this as the ninth since 2019, with the company suffering a number of data leaks, attacks and extortion attempts.
You might also like
Take a look at the best malware removalThese are the best endpoint protection servicesSecurity pros tell us how they are infiltrating cybercriminal networks and striking back from within
The risks and rewards of penetration testing
Uncover hidden vulnerabilities with penetration testing—stay one step ahead of cyber threats. Protect your business today!
“We have a problem here…” said the voice on the phone. Our customer hired us to test their computer systems for vulnerabilities…and we had just found a big one.
Our testing had uncovered a serious bug in the customer’s firewall. This bug crashed the network, knocking the whole company offline. The bug was similar to the recent CrowdStrike flaw, but on a vastly smaller scale.
After a tense 30 minutes, we got the customer’s network back online. Our customer was appalled that in years testing, nobody thought to attack the firewall protecting the network. We did. Because that is what a black hat hacker might do.
Penetration testing, or “white hat” hacking, attempts to exploit weaknesses in systems, applications, or networks to determine how vulnerable the organization is to a data breach. The idea is for the “white hat” hackers (good guys) to find the flaws before “black hat” hackers (bad guys) do. For our customer, the test revealed a serious flaw in their network that they patched quickly, preventing another disaster.
Penetration testing is a vital part of building a secure environment, but it is not without risks. I did “white hat hacking” for years. Before you hire a penetration tester, here are some important issues to consider.
Risk is unavoidable
It is impossible to predict how systems may react to penetration testing. As was the case with our customer, an unknow flaw or misconfiguration can lead to catastrophic results.
Skilled penetration testers usually can anticipate such issues. However, even the best white hats are imperfect. It is better to discover these flaws during a controlled test, then during a data breach. While performing tests, keep IT support staff available to respond to disruptions. Furthermore, do not be alarmed if your penetration testing provider asks you to sign an agreement that releases them from any liability due to testing. The whole point of a test is to see what breaks. It is unreasonable to expect a penetration testing provider to shoulder the expense and liability of an outage or data loss due to testing.
Hacking the void
Black hat hackers will attack anything and everything they can. Consequently, penetration tests must test everything. If parts of your network are excluded or systems are turned off, testers cannot assess their security. If you cannot test everything, then define a generous sample set that encompasses every possible type of system, application, and network you control. Likewise, testers cannot test something they cannot access. Testers will need access to all parts of the network to make the tests valid.
Path of least resistance
Black hats will generally follow the path of least resistance to break into systems. This means they will use well-known vulnerabilities they are confident they can exploit. Some hackers are still using ancient vulnerabilities, such as SQL injection, which date back to 1995. They use these because they work. It is uncommon for black hats to use unknown or “zero-day” exploits. These are reserved for high-value targets, such as government, military, or critical infrastructure.
It is not feasible for white hats to test every possible way to exploit a system. Rather, they should focus on a broad set of commonly used exploits. Lastly, not every vulnerability is dangerous. A good white hat hacker will rank vulnerabilities based on how easily they are to exploit. Exotic or complex attacks may be interesting, but they consume time and can distract your team from the more mundane, and more likely to be exploited, vulnerabilities.
Skill matters
Most white hats use a broad set of tools for testing. While automated and AI tools can speed up the process, they are no replacement for skilled hackers with extensive IT knowledge and an understanding of human behavior. Before hiring a penetration testing company, validate the team’s experience, ensuring senior members have at least five years of specific penetration testing experience. Be careful with testing providers that assign only junior or contracted testers.
Change testers regularly
While it is good to build relationships with testing providers, change companies annually to avoid complacency. Use a pool of three to five companies and rotate among them. Different companies have different skill sets. For example, my company was exceptionally skilled with attacking infrastructure, which is how we found the firewall bug mentioned at the beginning of this article.
Beware of “gotcha” testing
A “gotcha test” focuses exclusively on breaking into the environment rather than assessing overall security. These tests will focus on a single exploit path and can miss many other exploitable avenues. A good testing company will conduct both a systemic assessment and a focused “black hat” style break-in.
Third party traps
One of the most significant areas of weakness is third party applications or systems. WordPress servers, for example, tend to be full of vulnerabilities due to the widespread use of third party plugins that do not undergo rigorous security testing.
Unfortunately, some vendors may specifically prohibit you from testing their systems. This can present a massive set vulnerabilities you cannot detect or defend against. Require third party vendors to either provide you with proof that they conducted their own independent penetration tests or permit you to perform testing with your own vendor(s).
Social engineering has limitations
Social engineering tests trick employees into divulging confidential information through fake phone calls or phishing emails. These tests are overwhelmingly successful, because people are inherently trusting.
Rather than random tests, perform targeted phishing tests to evaluate if employees follow security policies. If users fail a social engineering test, focus on education not admonishment.
Time is the enemy
Time is the ultimate constraint for any penetration tester. There are only so many hours in an engagement. Consequently, testers must use their time efficiently. This means automating as much as possible, so they can focus their attention on the more nuanced vulnerabilities. Black hats, on the other hand, do not have time restrictions. They can take weeks, months, or even years to break in. This inherently creates an unequal arrangement. It is unreasonable to expect penetration testers to devote unlimited time or effort into a test. This would make the testing outlandishly expensive.
Fixing falls on you
Penetration tests do not typically fix discovered vulnerabilities; that task falls to your internal teams or a contractor. Allocate resources to address issues after the test.
Think systemically
Avoid fixing vulnerabilities individually. Implement systemic improvements across the organization. Most vulnerabilities can be remediated through automated software and OS patching. For misconfigurations, standardize system deployment and management. For mission critical systems, you may want to consider emerging technologies like Moving Target Defense, which creates a dynamic, constantly updating environment that is extremely difficult to exploit.
Conclusion
Penetration testing is essential for any organization. It is better to have an white hat hacker find a vulnerability before black hat does. However, no security control or technology is perfect. Flaws are inherent in any complex system. Even the best security products, practices, and people can fail. The technologies you use are not as important as how you manage, monitor, and test those technologies.
Lastly, it is important to remember that black hats do not follow rules, policies, or org charts. They will break anything to get your data. For security to be effective, you need to think like a black hat hacker, and test everything. Especially the systems you believe are safe.
We’ve featured the best encryption software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
From AI boom to AI bottlenecks
Ivo Ivanov, CEO at DE-CIX discusses how why some enterprises struggle to achieve viable returns on their AI investments.
We’re almost at the point where AI can no longer be simply defined as an emerging technology. It’s here, and it’s booming. According to McKinsey, more than 70% of companies worldwide have either already deployed AI-based technology, or are seriously exploring its capabilities. That’s up from just 20% in 2017. In the past year alone we’ve seen incredible advancements in the AI space, particularly when it comes to generative AI and the use of Large Language Models (LLMs) to compute, make predictions, generate content, and analyze large sets of data in real-time for a plethora of applications.
Studies by the likes of HubSpot and IBM reveal that AI can save employees roughly 2.5 hours per day, and businesses can cut their overall costs by almost a third. An entire ecosystem of partners and complementary services is now being formed around AI, and its reach isn’t just confined to business. ChatGPT users can now have live conversations with AI; Meta’s Llama 3.2 update allows its AI assistant to read and comment on images, and Apple Intelligence is about to leave beta and allow users to do everything from generate code to create new graphics, all with technology they can carry in their pockets.
The technology is soaring, but like a busy road with too much traffic, there’s always a bottleneck. AI adoption is off the charts, business ambition is strong, but do we have the connectivity infrastructure to meet the low-latency needs of new AI applications? The traffic is coming; perhaps it’s time to turn our attention to the roads.
The invisible hurdle
Attitudes to AI are largely positive, but part of that is down to novelty. One metric that truly matters, return on investment (ROI), is still proving elusive for most business AI deployments. Three-quarters of enterprises have not moved beyond “baby steps”, that is one or two pilot projects (MIT Technology Review). And, although 50% of those surveyed expect to deploy AI at scale across all business functions within two years, they reported implementation challenges and bottlenecks – not due to capital, culture or lack of expertise, but in the infrastructure carrying their data.
Let’s be clear. These aren’t just teething troubles. Short-term hiccups at the start of the project are to be expected, but the underlying implementation challenges enterprises have highlighted point to a more fundamental, structural issue with the feasibility of AI roll-outs.
Underperforming AI is bad for business, and not just in the sense that it won’t realize its ROI, but because its insights and other outputs are limited. This happens when AI systems struggle to access and interpret data across the organization in real-time. The full potential of AI can only be realized when organizations have the right infrastructure in place to support its implementation. One critical aspect often overlooked is the importance of network interconnection. Here’s how this plays out within a typical enterprise.
Cloud and AI – a winning combination
Cloud computing plays a crucial role in AI implementation. Partly in response to the accelerating pace of data generation meaning that on-premise data storage is becoming unviable and partly because of the many accessibility benefits of storing raw and structured data in the cloud, businesses are increasingly migrating data lakes and warehouses to the cloud, enabling scalability and access to vast computing power. The AI Infrastructure Alliance showed that 38% of organizations had their AI infrastructure fully set up in the cloud, while 29% operate a hybrid environment.
These organizations rated the availability of cost and computing power as the number one challenge when scaling AI and their number one computing concern was latency (28%). A similar picture emerges across different territories, too. For example, a joint survey of European organizations by DE-CIX and IDC highlighted network performance and latency (22%) as the main concern, especially when AI use cases require real-time data.
The connectivity conundrum
Let’s consider how organizations typically use AI. Firstly, they need to train AI models, either first-time development or the periodic retraining that models need from time to time. For this, latency is not such a big issue, but high bandwidth connectivity is critical. In the cloud, it is best to use the cloud provider’s own connectivity solution (such as Microsoft ExpressRoute or AWS Direct Connect), accessible from a range of cloud exchanges, to avoid costly overheads for data egress. Secondly, they need AI to work in real-time, which is where latency does matter. Many use cases fall into this category, from customer services bots to product support where real-time interaction is desirable right through to where it is critical, such as autonomous vehicles, healthcare, and some financial services use cases. Here, the AI models need real-time access to data sources, as well as to the intended users of the insights and AI agents for different services and workloads.
In short, AI needs both high bandwidth and low latency network performance. Oh, and did we mention this all needs to be seamless?
The missing link is interconnection
Here is when the network performance bottleneck becomes apparent. Too many enterprises still rely on public internet or third-party transit for connecting data and AI systems. This creates considerable performance and security issues, with enterprises having little or no control over data pathways, network bandwidth and latency, and the security of critical company data in transit.
To control data flows, enterprises need to control how networks interconnect with each other. That’s why increasingly organizations are choosing network interconnection solutions, which provide secure, dedicated connections between on-premise systems and cloud-based AI services. By establishing direct, high-performance links, businesses ensure control over performance, security, and data routing. In practice, this network interconnection creates responsive, interoperable environments for cloud and multi-cloud scenarios, enabling low-latency access to AI-as-a-service offerings and real-time data analysis. It assures secure data exchange within partner ecosystems and improves the overall resilience of the cloud infrastructure environment, enabling business to roll out AI implementations at scale that deliver their intended ROI.
Enterprises need AI-ready infrastructure
AI offers organizations unprecedented opportunities to transform their operations and revenue generation. The awe-inspiring capabilities of AI models and data analytics tools naturally enough garner much attention, but organizations need to ensure that the underlying infrastructure supporting AI implementations is equally scalable and resilient for AI to live up to its potential. Investing in a robust interconnection strategy alongside cloud migration is critical for businesses to overcome AI connectivity bottlenecks and truly unlock its transformative potential.
Partnering with high-performance interconnection providers can help in the design of a secure, scalable network tailored to specific AI needs. The future of AI has already arrived; we just need to make sure we’re ready for it.
We’ve featured the best IT infrastructure management service.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
If Apple is thinking again about building a TV it should just build a giant iPad
Apple’s rumored TV plans remind us that it already has a decent TV set in its product stable.
What is a TV? Does it have to be a giant panel that commands your attention in the living room, something attached to a wall, or nestled between wall-filling bookshelves? Not necessarily and if Apple is truly reconsidering making its own TV set, it may want to take a long hard look at its surging iPad Pro 13-inch.
Apple’s interest in TV sets and television in general, goes back at least 15 years, and was solidified in some ways when Apple CEO Tim Cook told interviewers that Apple considered TVs “an area of incredible interest.” He also noted that there was a grand vision for TV at the Cupertino tech company. In hindsight, Cook may have been describing Apple’s work on its Apple TV 4K streaming box, which was followed by the TV app (which replaced Video and the iTunes video library and store) and even Apple TV Plus, which introduced the world to Apple’s vision for streaming content. All in all, that does add up to something of a grand vision.
We find ourselves turning back the channel to talk yet again about the possibility of an Apple TV set because of a short item in Bloomberg’s Power On newsletter that indicates building an “Apple” branded TV set is “something it’s evaluating.” I know, it’s not a lot to go on and I’ve long been skeptical of the concept of an Apple Television, a seemingly unnecessary piece of Apple hardware.
I’m not denying the market allure. Statista puts the worldwide TV set revenue opportunity at nearly $100b. On the other hand, the market is anticipated to have less than 1% annual growth over the next five years. That might be because people buy these big TV sets and then hold onto them for at least 5 years. Apple likes markets that either promise annuities like its services – including Apple TV Plus – and ones that have built-in upgrade cycles like the best iPhones. TV sets by themselves provide neither.
It’s been the iPad all along
Let’s say, for argument’s sake, Apple is back on the TV hunt. It might be doing so not only because an Apple TV is the perfect delivery system for its own streaming service but also because of the obvious in-home branding opportunity: a big TV set with a visible Apple logo on the chin base. I believe, though, that the real reason Apple might be considering making a TV set is because it’s been selling millions of small TV screens to Apple fans for years.
Going all the way back to 2013, a survey found that more than 50% of respondents were watching TV on an iPad. At the time, the entertainment was squeezed into a 9.7-inch LCD. As I write this, my TV is playing next to me. It’s a 13-inch iPad Pro with a fantastic Ultra Retina XDR Tandem OLED (two stacked OLED panels) with clear and quite loud four-speaker audio that even supports spatial audio.
With my iPad, I have access to Apple TV Plus, Netflix, Amazon Prime Video, Max, and my new live-broadcast favorite Sling TV. Obviously, this is an able TV set and, if the rumors are true, larger tandem OLED displays are coming. Near term they might still top out at 30 inches, so Apple will probably stick to the tech currently used in the best OLED TVs for… oh let’s call it the 65-inch iPad Pro Max.
The limits
My iPad Pro 13, which is outselling all other iPads, is not a perfect TV. It lacks a remote (it’s a touchscreen!) and HDMI ports for, say, attaching a gaming console. On an actual Apple TV in the form of a giant iPad, perhaps Apple should still avoid HDMI ports, bringing us fully into the cable-free streaming future – but it could add a separate connections box for anyone who needs them. This could even be wireless, like LG M-series OLED TVs, so you can keep a clean space around your TV. And you could use your iPhone as the remote by default. Admit it, you’re already watching TV with your iPhone in your hand.
The benefit of the iPad Pro Max 65 inch as a TV set is that all the smarts are built in. It’s already a gaming platform and, with support for all your key productivity apps, could also double as a giant workspace. It’s already a smart home hub and might finally help people, if not fall in love with it, at least start adopting Apple Home in significant numbers. I even think the touchscreen TV could come in handy when you can’t locate the remote, but I would recommend adding the ability to turn off the touchscreen.
Apple isn’t, as I see it, far from building a TV set because it’s been selling them for 13 years. The iPad is a TV and it’s time for it to glow all the way up.
You might also like
Apple is reportedly ‘evaluating’ a launch of its long-lost TV set – and now might be the perfect timeEverything you need to know about Apple TV PlusWhat is the best streaming service?The best streaming deals for this month
Hurry: Exclusive discounts on Anker chargers and power banks
Hurry: Exclusive discounts on Anker chargers and power banks
Anker is well-known for making some of the world’s best fast chargers, power banks, and docks. Having sold over 200 million products worldwide, they certainly know what they’re doing and can be trusted to keep your devices up-and-running as well as connected.
With the number of electronic devices we own growing all the time, we need products that can charge them and connect them to one another. They must also be well-made and trustworthy so our phones and laptops are always ready-to-go. Anker delivers on all these fronts.
Quality products are worth paying for but it’s always great to benefit from a discount. We’ve partnered with Anker to offer TechRadar readers in the US an extra 20% off Anker products, including chargers, power banks, cables, hubs, and docks. To make use of the offer, you’ll need to use one of our exclusive codes at checkout.
This limited-time deal runs through to December 31st. If you’ve missed out on this latest deal you can always check out our Anker coupon codes hub for more offers throughout the year.
Anker.com get 20% off chargers, power banks, cables, hubs, and docks
TechRadar readers can use our exclusive code at Anker to get an extra 20% off any eligible product. With Christmas just around the corner, this coupon couldn’t have come at a better of time. Take advantage of it right now and get new tech for less.
US only: Ends December 31stView Deal
Our top picks from Anker
Anker Prime Charger: Charge multiple devices all at once
Get 200W of power delivery across six ports (four USB-C and two USB-A). That means you can plug in your phone, laptop, or wearable all at once so your devices will never be out of power again. With up to 100W of power, you can fast charge laptops and phones. In real terms, that means you can charge two 14-inch MacBook Pros to 50% in just 28 minutes.
Anker Prime 27,650mAh Power Bank: Power on the go
Two USB-C ports and one USB-A port deliver up to 250W of power when you need it most. The capacity of 27,650 mAh will charge an iPhone 14 almost five times over. The power bank itself can be fully replenished in only 37 minutes thanks to its 170W fast USB-C recharge abilities. Whether you’re on holiday or just away from a power source, use the Anker Prime Power Bank to keep your devices running.
Why we love Anker
Anker has one of the best reputations for designing and manufacturing mobile charging products. They have appeared on Yahoo, CNN, Forbes, Cnet, iMore, The Verge, as well as our very own TechRadar.
All products include a warranty so you can rest assured that any problems you encounter will be sorted out quickly. These warranties range from 24-months to lifetime with details to be found on each product page. If you do encounter any problems then the friendly Anker customer service team will be glad to help you.
We also love their AnkerCredits Rewards program which gives access to exclusive discounts and offers to its members. Benefit from an instant 500 credits when you register and one additional credit for every dollar you spend.
Microsoft accused of creating a monopoly on US government systems through free upgrades
Microsoft reportedly offered the US government $150m in free cybersecurity services, and injected consultants into agencies.
Microsoft gave the US government $150 million in cybersecurity toolsThe deal included the pricey Microsoft 365 Government G5Consultants accused of increasing dependency on Microsoft
As Microsoft looks to confront European antitrust regulator scrutiny, the company is also facing investigations over alleged business practices over the pond in the US.
It has been suggested Microsoft offered one of its most important customers, the US government, free services in order to keep it as a customer and stamp out competition.
A ProPublica report found the company pledged $150 million in cybersecurity services to the federal government during a 2021 White House summit led by President Joe Biden. Rumored to be internally known as the ‘White House Offer,’ Microsoft’s pledge would see federal agencies gain access to the Microsoft 365 Government G5 security suite, which includes security, compliance and collaboration features. G5 costs around 60% more than G3.
Microsoft accused of monopolizing US government contracts
Furthermore, Microsoft consultants working within the government’s agencies to assist with the implementation of the company’s tools reportedly created a dependency on its services, effectively making it more difficult for the US government to switch providers.
The White House Offer benefited Microsoft beyond the cybersecurity space, as well. By boosting adoption of its Azure cloud platform, Microsoft would be able to intensify its competition against Amazon Web Services, which accounts for the largest portion of the cloud pie.
Steve Faehl, Federal Security CTO for Microsoft, stated the company’s “sole goal during this period was to support an urgent request by the Administration to enhance the security posture of federal agencies who were continuously being targeted by sophisticated nation-state threat actors.”
A White House spokesperson sought to distance the government from Microsoft’s conduct: “This was a voluntary commitment made by Microsoft… and Microsoft alone was responsible for it.”
You might also like
Microsoft facing major FTC probe over locking in users to Azure, productivity softwareProtect your business by rolling out the best endpoint protection softwareCheck out the best cloud computing software
Twitch data breach leaves Amazon with major fine
Amazon needs to pay Türkiye tens of thousands of dollars for failing to adequately protect user data.
2021 Twitch breach exposed sensitive data on thousands of usersAn investigation by the Turkish data protection watchdog concluded the company was to blameTwitch has to pay $58,000
Türkiye has fined Amazon $58,000 for the Twitch data breach in 2021 which affected thousands of Turkish nationals.
An anonymous hacker leaked the entirety of popular video game live streaming service Twitch, including its source code and personally identifiable information (PII) of its users. The leaked data was rolled into a 125 GB torrent, and its link was posted to the popular 4chan imageboard.
Since the breach was said to have affected Turkish citizens, the country’s Personal Data Protection Board (KVKK) opened up an investigation soon after the attack. In total, 35,274 Turkish nationals were affected, so KVKK imposed a 1.75 million lira fine for inadequate security and 250,000 lira for failing to report the breach.
Lumma and AMOS
The results of the investigation showed that the company, which was acquired by Amazon back in 2014 for $970 million in cash, “failed to take adequate security measures beforehand, addressing the issue only afterward.” What’s more, KVKK concluded that the company’s risk and threat assessment were “insufficient.”
At press time, Twitch was not commenting on the incident, however it did, at the time, downplay the importance of the breach, saying the attackers didn’t get their hands on the login credentials of users, suggesting that the threat was somewhat limited.
“Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information,” Twitch said.
At the time, it was reported the hacker wasn’t pleased with the community that had built around the service. and leaked the data in a bid to “foster more disruption and competition in the online video streaming space.”
Soon afterward, Twitch confirmed the breach, saying its team was “working with urgency” to understand the extent of the incident.
Via Reuters
You might also like
Here’s a list of the best firewalls todayThese are the best endpoint protection tools right nowAnnieMac says thousands of customers have had data stolen in breach
Top American mortgage lender AnnieMac says thousands of customers have had data stolen in breach
Hackers stole AnnieMac customer names and social security numbers.
AnnieMac says more than 170,000 people have had names and SSNs exposedNew filing with the Maine Attorney General covers Summer 2023 hackThe identity and motive of the attackers are unknown at this time
AnnieMac Home Mortgage has revealed suffering a data breach in which the sensitive data on hundreds of thousands of customers was exposed.
The mortgage company confirmed the information in a filing with the Maine Office of the Attorney General, saying it spotted “suspicious activity on certain systems” within its network on August 23, 2023.
Subsequent investigation determined that an unnamed attacker accessed the company’s IT infrastructure on August 21, and “viewed and/or copied certain files” from these systems.
No one claimed responsibility yet
These “certain files” held people’s full names and Social Security Numbers (SSN). A total of 171,074 individuals were affected by the incident.
This, arguably, isn’t that disruptive of a breach. Cybercriminals prefer databases with email addresses, postal addresses, and phone numbers, since they can use the information to impersonate other people, engage in spam and phishing, and more. There are not plenty of things they can do with just names and SSNs.
To tackle the incident, AnnieMac did what most victim organizations do these days – it employed a third-party forensics company, notified the police, mailed the affected people, and offered a year’s worth of identity theft protection and credit monitoring, via CyEx.
It also apologized, saying the “confidentiality, privacy, and security of personal information within our care are among AnnieMac’s highest priorities.”
We don’t know who stole the files. So far, no one has claimed responsibility for the attack, and the files are yet to pop up anywhere on the dark web.
AnnieMac Home Mortgage is a full-service mortgage lender that provides a wide range of home financing solutions, such as conventional loans, FHA loans, VA loans, USDA loans, and jumbo loans. With hundreds of thousands of customers, the company generates an estimated annual revenue of approximately $240 million.
Via The Register
You might also like
North Korean hackers are targeting Apple users with new macOS malwareHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now