submitted by /u/oliver-zehentleitner
[link] [comments]

The naming choice for Anthropic's latest update is yet another instance of the company humanizing its products.

Researchers at Rapid7 say that they have spotted what they believe was an Iranian intelligence cyber unit masquerading as the Chaos ransomware gang to hide a state-sponsored espionage operation. The intrusion was spotted earlier this year, and investigators say breadcrumbs left behind give them "medium confidence" in saying it was the work of MuddyWater, which has been linked to intrusions affecting Western government and banking networks in recent months. Attackers began with a Microsoft Teams phishing campaign, which is not uncommon. They also encouraged targets to share their screens. Again, it was nothing too out of the ordinary. However, what must have required some expert persuasion work was that they convinced these individuals to enter their credentials into local text files, and even modify MFA settings to allow attacker-controlled devices to complete authentication. Rapid7 researchers Alexandra Blia and Ivan Feigl wrote: "While connected, the [threat actor (TA)] executed basic discovery commands, accessed files related to the victim's VPN configuration, and instructed users to enter their credentials into locally-created text files. "In at least one instance, the TA also deployed a remote management tool (AnyDesk) to further facilitate access." From there, browser artifacts suggested that attackers lifted credentials through phishing pages. At least one mimicked a Microsoft Quick Assist page. Armed with valid credentials, the attackers then executed various commands via RDP, which downloaded payloads using curl. These payloads included a backdoor malware dubbed Darkcomp, a malicious Microsoft WebView2 loader to disguise traffic, and an encrypted configuration file that sent instructions to Darkcomp. Then it was a case of performing lateral movement by using additional compromised accounts and scooping up sensitive data along the way. The attackers used the same accounts to send emails internally notifying organization leaders about the intrusion and data theft, and included an onion link leading to Chaos ransomware’s data leak site (DLS), where a corresponding entry appeared with all data redacted and hidden behind a countdown timer. Follow-up emails aimed to build the illusion of a genuine ransomware attack, although the illusion was short-lived. The attackers instructed recipients to look for a file containing "access credentials" they could use to begin ransom negotiations. Unlike the plaintext credential files the attackers had socially engineered the original targets into creating, this file did not actually exist. There was no way to contact the attackers, whereas in a typical scenario the intruders would be looking for a payout. There was also no file encryption, which is inconsistent with Chaos affiliates' typical way of working. "Despite these inconsistencies in the initial proof-of-compromise, the TA later published the stolen data on its DLS in line with modern extortion tactics," Blia and Feigl wrote. "The leaked data was assessed to be legitimate." If not for financial gain, then what? MuddyWater – if that is indeed the group behind this – did not extort the organizations in question, nor did they deploy a ransomware payload, but they did pose as an established ransomware group. Rapid7 believes the group did this as an extension of its false-flag operations to provide a plausible front for cyberespionage activity, or preposition work to underpin potential destructive cyberattacks. It wouldn't be the first time MuddyWater or Iranian intelligence (MOIS) was found LARPing as a ransomware crew. Both have previously been linked to an attack on an Israeli hospital, allegedly carried out by a Qilin affiliate. "Following the subsequent public attribution of that incident to the MOIS, it is plausible that the group adopted alternative ransomware branding, in this case Chaos, in an effort to reduce attribution risk and maintain a degree of plausible deniability," said the researchers. The unique benefits of masquerading as ransomware crooks include muddying attribution for attacks by leaving behind ransomware breadcrumbs, as well as redirecting defensive efforts toward locating signs of ransomware deployment instead of the backdoors that underpin espionage activity. ®

Nervous about a job interview? AI could help you get ready.

It's not just you. Scammers, hackers, and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity.

Zorin OS is one of the most popular Linux distributions on the market. If you want to make the most of it, consider these optimizations I typically use.

submitted by /u/mdulin2
[link] [comments]

I've tried using 5G in cities and on interstates. Now, I'm going through small towns with three Samsung phones in hand.

submitted by /u/onlinereadme
[link] [comments]

submitted by /u/mk3s
[link] [comments]

Privacy groups, VPN providers, and civil liberties outfits have lined up to warn the UK government that its latest plan to slap age gates across swathes of the internet risks breaking the web while doing little to keep kids safe. In a joint statement, signatories including the Electronic Frontier Foundation, Mozilla, the Open Rights Group, Proton, and the Tor Project took aim at proposals now moving forward after the Children's Wellbeing and Schools Bill cleared Parliament, with access to some platforms, services, and specific features potentially restricted by age checks. "The open internet is a global public resource that has long since become foundational to the flourishing of individuals, businesses, and societies," the letter states, warning that "this openness and the opportunities it affords are coming under threat in the UK." Ministers are now consulting on measures that could include curfews for younger users and restrictions across services ranging from games and VPNs to static websites. The signatories say that will quickly turn into a system where everyone, not just children, has to prove their age to get full access. "Implementing such access restrictions hinges on all users having to verify their ages, not just young people," the letter warns, adding that the approach "focuses on restricting young people's access, rather than ensuring services are designed to uphold their rights and interests by default." Early results are not exactly inspiring. It's been months since tougher checks under the Online Safety Act began rolling out, and some systems have already been fooled by little more than a drawn-on mustache, raising questions about how effective the tech really is at keeping minors out. This hasn't gone unnoticed. "Existing age assurance technologies are either insufficiently accurate, undermine privacy and data security, or are not widely available across populations," the letter says, warning that rolling them out broadly "creates serious new security threats." It is not just a privacy headache either: the groups argue the policy could tilt the market further toward Big Tech. Mandating checks across more services risks "cementing the dominance of gatekeeper app stores, operating systems, and platforms' walled gardens," while turning the web into "a patchwork of age-gated jurisdictions." Instead of doubling down on access controls, the groups argue policymakers are targeting the wrong problem. "These risks are real and require thoughtful policy interventions that address the root of the issue, not just simplistic policies like access bans," the letter says, pointing to business models built on "massive collection of user data" as a bigger driver of harm. The closing line does not leave much room for interpretation: "Now is the time to hold tech to account, not undermine the open internet." ®

Google is updating AI Overviews with five new features, including an improved way to preview and explore sources.

The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social engineering techniques via Microsoft Teams to initiate the infection sequence. Although the incident

For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and security products that keep hunting threats 24/7 — even when it’s hard. Most of the time, this work is

The ReMarkable Paper Pure pairs an accessible design with thoughtful features while retaining ReMarkable's niche functionality.

Wix and Squarespace are two of the most popular website builders - so how do they compare?

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide for

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying enough is enough. Here's the plan.

Amazon's Prime for Young Adults plan gets college students and other young people a big break on the membership. Here's what to know.

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams said. The initiative builds upon the foundation of Pixel Binary Transparency, which Google introduced in October 2021