Generally speaking, you shouldn’t download just any free stuff you find or open links that promise freebies. Something that seems to be free can still cost you, even if your good mood is the only price. Here, we share some tips about how to choose a game so that you will not be disappointed later. Download games show more ...
from trusted sources More and more gaming platforms appear every year: Steam’s dominant market position has spurred Origin, uPlay, Epic Games Store, and others to try to develop their own offerings. And many indie developers want to sell games directly on their own sites to avoid paying sales commissions to stores. Therefore, some gamers have gotten used to the idea that there is nothing wrong with downloading a game directly from a random website, even if they have never encountered it before. Sorting out such a diverse range of offerings can be difficult, a situation Internet scammers exploit. For example, they lure gamers to phishing sites, where they distribute malware made to look like new games or well-known free-to-play titles such as Fortnite. So, if you are prompted to download something from an unknown site, resist the temptation. (Also, never click on links from strangers; even a single click on a URL can download some nasty stuff.) Manually enter the address of the game store in your browser Links that claim to lead to official sites will not always take you there. If someone writes a post on a forum claiming that you can download the Battlefield collection free from the Origin store, take care before entering your username and password on whatever page the link opens. The site may well be fake, hosted at an address very similar to the one for the real store. Hackers want to collect your login information and hijack your account. Generally speaking, even if an offer on a forum does not seem suspiciously generous, it can still be a trick. It’s best to use the game stores’ official clients or enter the URL in your browser’s address bar manually. Look for verified developers and publishers Even small studios can release games that become global hits, so gamers follow new developers just as closely as they follow large, established publishers. The cybercriminals who disguise malware as the latest indie gem in early access are looking to exploit this interest. Therefore, before downloading anything, you should first search for information about the project on the Internet. If the developer has encountered any security issues, then most likely you’ll find stories about it in gaming media and on forums. Which leads us to our next tip … Read other players’ reviews In 2018, the developers of the game Abstractism, which had passed moderation on Steam, were caught secretly mining cryptocurrency on users’ computers. It was the gamers who exposed the scheme, having noticed the program was an extreme resource hog. Even before the platform’s administrators caught on to the scam, reviews left by angry gamers tanked the game’s rating. So, be sure to read reviews before installing a game. If a game has garnered a lot of criticism, that should give you pause. Do not turn off protection It is very difficult to be on constant alert. If for any reason you distractedly click on a link, however, you can count on a reliable security solution to combat malware and scammers. Antivirus software can detect a fraudulent website before it causes any harm, scan installation files, block suspicious activity, and protect your most valuable data. Some gamers disable their protection because they think that will help maximize their game’s performance. That’s actually a bad idea, mainly because the moment you disable your antivirus solution, Windows’ built-in protection will kick in, and it will eat up some of your computer’s resources. By contrast, some third-party solutions, such as Kaspersky Security Cloud, offer a gaming mode in which the antivirus software lightens its load on the CPU during game play. Microsoft Defender does not offer that feature. Play freely and securely Free-to-play games can offer just as much fun and quality as paid products. The examples of Dota 2, League of Legends, Fortnite, and numerous indie development projects on Steam prove this. However, you should keep security in mind. Download games from official sources only. If you are not familiar with a site, then how do you know the stranger who posted the game installer did not add anything to it? Check the reputation of the developer and publisher before downloading a game: If they have already been found to have acted unethically in the past, then you should avoid this release. Explore comments and impressions about the game from other users. If it’s a scam, other victims may have already written an angry review. Protect yourself with a security solution. If you use our products, then you don’t have to worry about performance; our gaming mode minimizes resource consumption.
For the 157th episode of the Kaspersky Transatlantic Cable podcast, Dave and I jump back and forth over the Atlantic for some fun and interesting stories. We start off looking at some charges the former CSO of Uber is facing. According to the allegations, hush money was paid. There may also have been some lying to show more ...
investigators and suppression of evidence. We stay in the States for the next story, about the University of Utah paying cybercriminals nearly half a million dollars because of a ransomware attack. Across the pond, the UK’s Home Office had a bit of a Passw0rd1 problem. You see, the agency displayed a flip chart in one of its office windows. The flip chart happened to have a staff password on it. We close out the podcast with a new lawsuit against Zoom. Some folks argue that the marketing of the company, especially having to do with the word encryption, was misleading. If you like what you heard, please consider sharing with your friends or subscribing. For more information on the topics discussed, please click on the links below. Former Uber CSO charged with paying “hush money” in 2016 breach cover-up University of Utah pays $457,000 to ransomware gang Home Office responds after password displayed in Plymouth government building window Zoom sued by consumer group for misrepresenting its encryption protections
At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set show more ...
by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good. Hieu Minh Ngo, in his teens. For several years beginning around 2010, a lone teenager in Vietnam named Hieu Minh Ngo ran one of the Internet’s most profitable and popular services for selling “fullz,” stolen identity records that included a consumer’s name, date of birth, Social Security number and email and physical address. Ngo got his treasure trove of consumer data by hacking and social engineering his way into a string of major data brokers. By the time the Secret Service caught up with him in 2013, he’d made over $3 million selling fullz data to identity thieves and organized crime rings operating throughout the United States. Matt O’Neill is the Secret Service agent who in February 2013 successfully executed a scheme to lure Ngo out of Vietnam and into Guam, where the young hacker was arrested and sent to the mainland U.S. to face prosecution. O’Neill now heads the agency’s Global Investigative Operations Center, which supports investigations into transnational organized criminal groups. O’Neill said he opened the investigation into Ngo’s identity theft business after reading about it in a 2011 KrebsOnSecurity story, “How Much is Your Identity Worth?” According to O’Neill, what’s remarkable about Ngo is that to this day his name is virtually unknown among the pantheon of infamous convicted cybercriminals, the majority of whom were busted for trafficking in huge quantities of stolen credit cards. Ngo’s businesses enabled an entire generation of cybercriminals to commit an estimated $1 billion worth of new account fraud, and to sully the credit histories of countless Americans in the process. “I don’t know of any other cybercriminal who has caused more material financial harm to more Americans than Ngo,” O’Neill told KrebsOnSecurity. “He was selling the personal information on more than 200 million Americans and allowing anyone to buy it for pennies apiece.” Freshly released from the U.S. prison system and deported back to Vietnam, Ngo is currently finishing up a mandatory three-week COVID-19 quarantine at a government-run facility. He contacted KrebsOnSecurity from inside this facility with the stated aim of telling his little-known story, and to warn others away from following in his footsteps. BEGINNINGS Ten years ago, then 19-year-old hacker Ngo was a regular on the Vietnamese-language computer hacking forums. Ngo says he came from a middle-class family that owned an electronics store, and that his parents bought him a computer when he was around 12 years old. From then on out, he was hooked. In his late teens, he traveled to New Zealand to study English at a university there. By that time, he was already an administrator of several dark web hacker forums, and between his studies he discovered a vulnerability in the school’s network that exposed payment card data. “I did contact the IT technician there to fix it, but nobody cared so I hacked the whole system,” Ngo recalled. “Then I used the same vulnerability to hack other websites. I was stealing lots of credit cards.” Ngo said he decided to use the card data to buy concert and event tickets from Ticketmaster, and then sell the tickets at a New Zealand auction site called TradeMe. The university later learned of the intrusion and Ngo’s role in it, and the Auckland police got involved. Ngo’s travel visa was not renewed after his first semester ended, and in retribution he attacked the university’s site, shutting it down for at least two days. Ngo said he started taking classes again back in Vietnam, but soon found he was spending most of his time on cybercrime forums. “I went from hacking for fun to hacking for profits when I saw how easy it was to make money stealing customer databases,” Ngo said. “I was hanging out with some of my friends from the underground forums and we talked about planning a new criminal activity.” “My friends said doing credit cards and bank information is very dangerous, so I started thinking about selling identities,” Ngo continued. “At first I thought well, it’s just information, maybe it’s not that bad because it’s not related to bank accounts directly. But I was wrong, and the money I started making very fast just blinded me to a lot of things.” MICROBILT His first big target was a consumer credit reporting company in New Jersey called MicroBilt. “I was hacking into their platform and stealing their customer database so I could use their customer logins to access their [consumer] databases,” Ngo said. “I was in their systems for almost a year without them knowing.” Very soon after gaining access to MicroBilt, Ngo says, he stood up Superget[.]info, a website that advertised the sale of individual consumer records. Ngo said initially his service was quite manual, requiring customers to request specific states or consumers they wanted information on, and he would conduct the lookups by hand. Ngo’s former identity theft service, superget[.]info “I was trying to get more records at once, but the speed of our Internet in Vietnam then was very slow,” Ngo recalled. “I couldn’t download it because the database was so huge. So I just manually search for whoever need identities.” But Ngo would soon work out how to use more powerful servers in the United States to automate the collection of larger amounts of consumer data from MicroBilt’s systems, and from other data brokers. As I wrote of Ngo’s service back in November 2011: “Superget lets users search for specific individuals by name, city, and state. Each “credit” costs USD$1, and a successful hit on a Social Security number or date of birth costs 3 credits each. The more credits you buy, the cheaper the searches are per credit: Six credits cost $4.99; 35 credits cost $20.99, and $100.99 buys you 230 credits. Customers with special needs can avail themselves of the “reseller plan,” which promises 1,500 credits for $500.99, and 3,500 credits for $1000.99. “Our Databases are updated EVERY DAY,” the site’s owner enthuses. “About 99% nearly 100% US people could be found, more than any sites on the internet now.” Ngo’s intrusion into MicroBilt eventually was detected, and the company kicked him out of their systems. But he says he got back in using another vulnerability. “I was hacking them and it was back and forth for months,” Ngo said. “They would discover [my accounts] and fix it, and I would discover a new vulnerability and hack them again.” COURT (AD)VENTURES, AND EXPERIAN This game of cat and mouse continued until Ngo found a much more reliable and stable source of consumer data: A U.S. based company called Court Ventures, which aggregated public records from court documents. Ngo wasn’t interested in the data collected by Court Ventures, but rather in its data sharing agreement with a third-party data broker called U.S. Info Search, which had access to far more sensitive consumer records. Using forged documents and more than a few lies, Ngo was able to convince Court Ventures that he was a private investigator based in the United States. “At first [when] I sign up they asked for some documents to verify,” Ngo said. “So I just used some skill about social engineering and went through the security check.” Then, in March 2012, something even more remarkable happened: Court Ventures was purchased by Experian, one of the big three major consumer credit bureaus in the United States. And for nine months after the acquisition, Ngo was able to maintain his access. “After that, the database was under control by Experian,” he said. “I was paying Experian good money, thousands of dollars a month.” Whether anyone at Experian ever performed due diligence on the accounts grandfathered in from Court Ventures is unclear. But it wouldn’t have taken a rocket surgeon to figure out that this particular customer was up to something fishy. For one thing, Ngo paid the monthly invoices for his customers’ data requests using wire transfers from a multitude of banks around the world, but mostly from new accounts at financial institutions in China, Malaysia and Singapore. O’Neill said Ngo’s identity theft website generated tens of thousands of queries each month. For example, the first invoice Court Ventures sent Ngo in December 2010 was for 60,000 queries. By the time Experian acquired the company, Ngo’s service had attracted more than 1,400 regular customers, and was averaging 160,000 monthly queries. More importantly, Ngo’s profit margins were enormous. “His service was quite the racket,” he said. “Court Ventures charged him 14 cents per lookup, but he charged his customers about $1 for each query.” By this time, O’Neill and his fellow Secret Service agents had served dozens of subpoenas tied to Ngo’s identity theft service, including one that granted them access to the email account he used to communicate with customers and administer his site. The agents discovered several emails from Ngo instructing an accomplice to pay Experian using wire transfers from different Asian banks. TLO Working with the Secret Service, Experian quickly zeroed in on Ngo’s accounts and shut them down. Aware of an opportunity here, the Secret Service contacted Ngo through an intermediary in the United Kingdom — a known, convicted cybercriminal who agreed to play along. The U.K.-based collaborator told Ngo he had personally shut down Ngo’s access to Experian because he had been there first and Ngo was interfering with his business. “The U.K. guy told Ngo, ‘Hey, you’re treading on my turf, and I decided to lock you out. But as long as you’re paying a vig through me, your access won’t go away’,” O’Neill recalled. The U.K. cybercriminal, acting at the behest of the Secret Service and U.K. authorities, told Ngo that if he wanted to maintain his access, he could agree to meet up in person. But Ngo didn’t immediately bite on the offer. Instead, he weaseled his way into another huge data store. In much the same way he’d gained access to Court Ventures, Ngo got an account at a company called TLO, another data broker that sells access to extremely detailed and sensitive information on most Americans. TLO’s service is accessible to law enforcement agencies and to a limited number of vetted professionals who can demonstrate they have a lawful reason to access such information. In 2014, TLO was acquired by Trans Union, one of the other three big U.S. consumer credit reporting bureaus. And for a short time, Ngo used his access to TLO to power a new iteration of his business — an identity theft service rebranded as usearching[.]info. This site also pulled consumer data from a payday loan company that Ngo hacked into, as documented in my Sept. 2012 story, ID Theft Service Tied to Payday Loan Sites. Ngo said the hacked payday loans site gave him instant access to roughly 1,000 new fullz records each day. Ngo’s former ID theft service usearching[.]info. BLINDED BY GREED By this time, Ngo was a multi-millionaire: His various sites and reselling agreements with three Russian-language cybercriminal stores online had earned him more than USD $3 million. He told his parents his money came from helping companies develop websites, and even used some of his ill-gotten gains to pay off the family’s debts (its electronics business had gone belly up, and a family member had borrowed but never paid back a significant sum of money). But mostly, Ngo said, he spent his money on frivolous things, although he says he’s never touched drugs or alcohol. “I spent it on vacations and cars and a lot of other stupid stuff,” he said. When TLO locked Ngo out of his account there, the Secret Service used it as another opportunity for their cybercriminal mouthpiece in the U.K. to turn the screws on Ngo yet again. “He told Ngo he’d locked him out again, and the he could do this all day long,” O’Neill said. “And if he truly wanted lasting access to all of these places he used to have access to, he would agree to meet and form a more secure partnership.” After several months of conversing with his apparent U.K.-based tormentor, Ngo agreed to meet him in Guam to finalize the deal. Ngo says he understood at the time that Guam is an unincorporated territory of the United States, but that he discounted the chances that this was all some kind of elaborate law enforcement sting operation. “I was so desperate to have a stable database, and I got blinded by greed and started acting crazy without thinking,” Ngo said. “Lots of people told me ‘Don’t go!,’ but I told them I have to try and see what’s going on.” But immediately after stepping off of the plane in Guam, he was apprehended by Secret Service agents. “One of the names of his identity theft services was findget[.]me,” O’Neill said. “We took that seriously, and we did like he asked.” This is Part I of a multi-part series. Check back tomorrow (Aug. 27) for Part II, which will examine what investigators learned following Ngo’s arrest, and delve into his more recent effort to right the wrongs he’s done.
The ransomware operates in a ransomware-as-a-service model and actively targets victims in corporate networks while adapting to the current scenarios, such as the COVID-19 pandemic.
Researchers have found a new ransomware operation, dubbed DarkSide, launching customized attacks on specific targets and asking for millions of dollars as ransom payout.
Although 97% of organizations said that Active Directory (AD) is mission-critical, over half never tested or prepared their AD cyber disaster recovery process at all, a Semperis survey revealed.
The US government has been forced to issue another warning to organizations doing business in China after reports of a widespread attempt to remotely target them with malware hidden in tax software.
Sixty-four percent of OT leaders have also taken on the responsibility of embedding security within the operations process, and 71% are regularly involved in IT cyber security strategy.
As distance learning continues across the Inland Empire amid school closures forced by the pandemic, some campuses are dealing with malware attacks and IT issues that have disrupted operations.
Sumitomo Forestry Co., Hitachi Chemical Co. and 36 other Japanese companies had authentication information to access their virtual private networks stolen and leaked by hackers this summer.
Bitdefender's researchers an espionage attack targeting an unnamed international architectural and video production company that had all the hallmarks of a carefully orchestrated campaign.
A team of academic researchers proposed an approach to define and verify a set of properties that a patch must have to ensure it doesn’t interfere with the device’s original functionality.
A malware attack on the servers of the Southeastern Pennsylvania Transit Authority (SEPTA) and has left some employees without access to crucial work files.
Ubuntu Security Notice 4474-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive show more ...
information between origins, or execute arbitrary code. It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. Various other issues were also addressed.
Ubuntu Security Notice 4473-1 - It was discovered that libmysofa incorrectly handled certain input files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Red Hat Security Advisory 2020-3560-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 84.0.4147.135. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-3559-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.2.0 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-3557-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.2.0 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-3556-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2020-3555-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.2.0 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-3558-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Issues addressed include a use-after-free vulnerability.
Hackers always find a way in, even if there's no software vulnerability to exploit. The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's computer network manually. Egor Igorevich Kriuchkov, 27-year-old, entered the United States as a tourist
It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab discovered yet another instance of an espionage attack targeting an unnamed international
