Security News

In an unexpected twist, a Microsoft support engineer resorted to running an unofficial 'crack' on a customer's Windows PC after a genuine copy of the operating system failed to activate normally. A South-Africa based freelance technologist who paid $200 for a genuine copy of Windows 10 was startled to see a Microsoft support engineer "Crack" his copy using unofficial tools that bypass the Windows activation process.

The paper, titled "Factoring integers with sublinear resources on a superconducting quantum processor," suggests that the application of Claus Peter Schnorr's recent factoring algorithm, in conjunction with a quantum approximate optimization algorithm, can break asymmetric RSA-2048 encryption using a non-fault tolerant quantum computer with only 372 physical quantum bits or qubits. The speculation has been that orders of magnitude more qubits, in conjunction with robust error correction at scale, may allow future quantum computers to run Peter Schor's algorithm - not to be confused with the similarly named Schnorr - quickly, on very large numbers, thereby breaking RSA encryption.

A new information-stealing malware named 'RisePro' is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install malware distribution service. The malware was spotted by analysts at Flashpoint and Sekoia this week, with both cybersecurity firms confirming that RisePro is a previously undocumented information stealer now being distributed via fake software cracks and key generators.

The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries. A second set of 250 accounts on Facebook and Instagram linked to another Israeli company called QuaDream was found "Engaged in a similar testing activity between their own fake accounts, targeting Android and iOS devices in what we assess to be an attempt to test capabilities to exfiltrate various types of data including messages, images, video and audio files, and geolocation."

The White House's second International Counter Ransomware Initiative summit has concluded, and this year the 36-nation group has made clear it intends to crack down on how cryptocurrencies are used to finance ransomware operations. Last year's summit ended with far fewer actionable, concrete steps in this direction, concluding with a joint statement indicating "Countering illicit finance" was a priority without stating in specific terms that the Countering Ransomware Initiative was focused on cryptocurrencies.

India's Home Ministry has asked state governments to crack down on illegal lending apps it says have led to "Multiple suicides by citizens owing to harassment, blackmail, and harsh recovery methods." A letter sent last week states: "Large numbers of complaints have been reported across India pertaining to illegal digital lending apps that provide short-term loans or micro credits at exorbitant interest rates with processing or hidden charges, especially to vulnerable and low-income people and use the borrower's confidential personal data like contacts, location, photos/videos for blackmail/harassment."

The new 'Erbium' information-stealing malware is being distributed as fake cracks and cheats for popular video games to steal victims' credentials and cryptocurrency wallets. Erbium is a new Malware-as-a-Service that provides subscribers with a new information-stealing malware that is gaining popularity in the cybercrime community thanks to its extensive functionality, customer support, and competitive pricing.

Authorities in Sihanoukville, Cambodia announced on Sunday that a raid last week uncovered evidence of forced labor cybercrime syndicates that participated in human trafficking and torture. The five-day operation led to the discovery of 130 Chinese immigrants and 11 from Vietnamese, mostly all male, who had entered the country illegally, with 262 more foreigners working without permits.

A developer says he was able to run his own software on his car infotainment hardware after discovering the vehicle's manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. Turns out the encryption key in that script is the first AES 128-bit CBC example key listed in a NIST document.

Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "Persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT targeting individuals in New Zealand, India, Pakistan and the U.K. "Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware," Meta said in its Quarterly Adversarial Threat Report.