Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

security service
Cyber Security Cyberattacks CyberCrime Hackers Kyivstar security service

SBU Cybersecurity Chief Exposes Persistent Hacker Presence in Kyivstar

 


An attack on Kyivstar, a telco company that has some 24 million users in Ukraine, appears to have been carried out by Russia's Sandworm crew last month. It appears they shut down mobile and internet services to these users. 

According to the head of the Security Service of Ukraine (SBU)'s cyber department, Illia Vitiuk, the incident should serve as a "big warning" to the West concerning the security of Ukraine. Vitiuk, who worked for the Russian Ministry of Defense, has revealed exclusive details about a cyberattack published last Thursday (Jan 4), according to which the hack caused "disastrous" destruction and was one of the goals of the campaign to gain intelligence about the enemy.  

Approximately 24 million users' services were disrupted for a period of several days beginning on December 12, after an attack that took place from at least May of the previous year. The attack was widely viewed as being one of the most significant cyberattacks since nearly two years ago when Russia invaded Ukraine. 

As revealed in an interview published on Thursday, the spy chief confirmed that Kyivstar's services were blacked out long before the company's servers went down on December 12, in what he described as a "disastrous" intrusion. 

The intrusion destroyed thousands of virtual servers and PCs.  It is also reported that the attack disrupted some banking services in Kyiv and the air raid alert system in the region. In the same week as the attack on the Ukrainian capital, two separate missiles struck, injuring at least 53 people and causing significant damage to homes, a children's hospital, and a medical centre. 

According to Vitiuk, the Kyivstar hackers entered the network sometime between May and November 2023, if not earlier. They gained full access to the system by the end of November. The attackers would have had access to customer information, phone location information, SMS messages, and possibly Telegram account credentials if they had been successful in carrying out this attack. 

As Vitiuk points out, the attacker is believed to have been Sandworm, which is it the state-controlled hacker group that attacked earlier this month. In a statement, Sandworm claimed responsibility for the breach earlier this month, but Solntsepek has previously been considered to be Sandworm. 

Several virtual servers and personal computers were wiped out by the hackers, according to Vitiuk, including thousands of servers and personal computers. Earlier this week, Kyivstar's CEO Oleksandr Komarov claimed that the attackers had managed to destroy some functions in the company's core network, which serves as the main structure of the company's communication network.

It has been suggested by the SBU, which is investigating the incident, that hackers may have had the ability to steal personal information, understand the locations of phones, intercept SMS messages, or even perhaps steal Telegram accounts based on the level of access they gained. Earlier this month, Kyivstar said that no personal or subscriber data had been stolen. 

Many hackers are still trying to damage Kyivstar after the major cyberattack on the operator, Vitiuk said, and there have been several new attempts made by hackers to damage the operator since then. In the early stages, Komarov said he suspected an internal intrusion into Kyivstar's network but did not specify what he meant by that. 

It is not clear how hackers penetrated the network and what kind of malware they used. As he added, there had to be movement within the network to cause such severe damage to the network. As a result of the attack, the goal was to cause "disastrous" destruction, to deliver a psychological blow, and to gather intelligence. 

As he put it, Kyivstar is a Ukrainian subsidiary of the Netherlands-based VEON, which is considered to be a big warning for the Western world. Vitiuk said that it would be one of Ukraine's biggest and wealthiest private companies in the future, with 3,500 employees and $815 million in revenues in the year 2022. No one is untouchable in the company, he added.

The Ukrainian telecom company reported that it suffered billions in losses in Ukraine's national currency (1 billion hryvnia is about $26.2 million) as a result of the cyberattack, according to Komarov in an interview he gave in December. 

While this is the case, Kyivstar has decided not to bill its subscribers for January and apologized for any inconvenience this may have caused. It is a telecom provider that has nearly 24 million subscribers across Ukraine. 

There were several technical difficulties with the company's service in Ukraine and abroad before the company was able to restore all of its services on December 20. Apart from cutting off Ukrainians from the mobile internet and cellular network, the attack also disrupted air raid sirens, some banks, ATMs and point-of-sale terminals. 

In Vitiuk's view, the hack did not impact the communications systems of the Ukrainian armed forces, which he describes as not relying on telecom operators and utilizing what he involves as "different algorithms and protocols" employed by the Ukrainian armed forces. According to Vitiuk, Russian hackers continue to target telecom operators as a potential targets.

However, he added that it had been stopped by the Russians following a serious attempt to penetrate one of Ukraine's telecom operators, which resulted in the removal of the software. Additionally, Mandiant has alleged that Sandworm was the cause of the blackouts that occurred in Ukraine in October 2022, which were previously attributed to missile strikes. 

Strikes against Ukraine's electrical grid were one of the causes of some of the blackouts that occurred. Despite that, threat hunters think that a seemingly coordinated cyberattack on an electrical generation plant in the country could also have played a factor, according to the report.  

According to Hultquist, Sandworm has been responsible for several electronic blackouts in Ukraine, but they reach across the entire globe. Several targets have been targeted in the US and France, including elections and opening ceremonies at the Olympics. A number of their attackers have also been tied to the global NotPetya attack - one of the most expensive cyberattacks in history.
Read more »
Technology
AI technology Artificial Inteligence Microsoft 365 Microsoft Copilot Technology

Microsoft is Rolling out an AI Powered Key

 


Prepare for a paradigm shift as Microsoft takes a giant leap forward with a game-changing announcement – the integration of an Artificial Intelligence (AI) key in their keyboards, the most substantial update in 30 years. 

This futuristic addition promises an interactive and seamless user experience, bringing cutting-edge technology to the tips of your fingers. Explore the next frontier of computing as Microsoft redefines the way we engage with our keyboards, setting a new standard for innovation in the digital age. The groundbreaking addition grants users seamless access to Copilot, Microsoft's dynamic AI tool designed to elevate your computing experience. 

At the forefront of AI advancements, Microsoft, a key investor in OpenAI, strategically integrates Copilot's capabilities into various products. Witness the evolution of AI as Microsoft weaves its intelligence into the fabric of everyday tools like Microsoft 365 and enhances search experiences through Bing. 

Not to be outdone, rival Apple has long embraced AI integration, evident in Macbooks featuring a dedicated Siri button on their touch bar. As the tech giants vie for user-friendly AI interfaces, Microsoft's AI key emerges as a pivotal player in redefining how we interact with technology. 

Copilot, the star of Microsoft's AI arsenal, goes beyond the ordinary, assisting users in tasks ranging from efficient searches to crafting emails and even generating visually striking images. It's not just a tool; it's your personalised AI companion, simplifying tasks and enriching your digital journey. Welcome to the era where every keystroke opens doors to boundless possibilities. 

By pressing this key, users seamlessly engage with Copilot, enhancing their daily experiences with artificial intelligence. Similar to the impact of the Windows key introduced nearly 30 years ago, the Copilot key marks another significant milestone in our journey with Windows, serving as the gateway to the realm of AI on PCs. 

In the days leading up to and during CES, the Copilot key will debut on numerous Windows 11 PCs from our ecosystem partners. Expect its availability from later this month through Spring, including integration into upcoming Surface devices. 

This addition, which simplifies access to Copilot, has already made waves in Office 365 applications like Word, PowerPoint, and Teams, offering functionalities such as meeting summarization, email writing, and presentation creation. Bing, Microsoft's search engine, has also integrated Copilot. 

According to Prof John Tucker from Swansea University, the introduction of this key is a natural progression, showcasing Microsoft's commitment to enhancing user experience across various products. Despite Windows 11 users already having access to Copilot via the Windows key + C shortcut, the new dedicated key emphasises the feature's value.

Acknowledging the slow evolution of keyboards over the past 30 years, Prof Tucker notes that Microsoft's focus on this particular feature illustrates its potential to engage users across multiple products. Google, a dominant search engine, employs its own AI system called Bard, while Microsoft's Copilot is built on OpenAI's GPT-4 language model, introduced in 2022. 

The UK's competition watchdog is delving into Microsoft's ties with OpenAI, prompted by disruptions in the corporate landscape that resulted in a tight connection between the two entities. The investigation seeks to understand the implications of this close association on competition within the industry. 

As we anticipate its showcase at CES, this innovative addition not only reflects Microsoft's commitment to user-friendly technology but also sparks curiosity about the evolving landscape of AI integration. Keep your eyes on the keyboard – the Copilot key signals a transformative era where AI becomes an everyday companion in our digital journey.


Read more »
Legal Problem
23andMe Data Breach data security Legal Problem

23andMe Faces Legal Backlash Over Data Breach and Blames Victims

Facing a deluge of more than 30 lawsuits from individuals impacted by a substantial data breach, genomics company 23andMe has taken a defensive stance by placing responsibility on the victims themselves. The breach came to light in October when customer data surfaced for sale on the Dark Web. Presently, 23andMe is contending with numerous legal actions filed by individual victims, as the cyberattack compromised the user accounts of nearly 7 million users, marking a significant breach in the company's security. 

Amidst over 30 legal actions filed by individuals affected by its extensive data breach, 23andMe has adopted a strategy of shifting culpability onto the victims, seeking to exonerate itself from any liability. This development was communicated in a letter addressed to a cohort of victims. 

Hassan Zavareei, a legal representative for the victims who received the letter from 23andMe, expressed concerns that rather than accepting responsibility for the data security breach, the company appears to be distancing itself from its customers and downplaying the severity of the situation. This comes after 23andMe disclosed in December that hackers had unlawfully accessed the genetic and ancestry data of 6.9 million users, constituting nearly half of its customer base. 

The inception of the data breach involved hackers initially gaining entry to approximately 14,000 user accounts. The perpetrators employed a method known as credential stuffing, wherein they forcefully accessed these initial accounts by employing passwords already identified as linked to the targeted customers. 

After infiltrating a mere 14,000 customer accounts initially, the hackers proceeded to extract personal data from an additional 6.9 million customers whose accounts were not directly compromised. In correspondence addressed to a collective of hundreds of 23andMe users currently pursuing legal action against the company, 23andMe asserted that the users in question had, according to the company, negligently reused and neglected to update their passwords in the aftermath of previous security incidents. 

Notably, 23andMe contended that these prior incidents were unrelated to the company's own security measures. Following the receipt of 23andMe's letter, Dante Termohs, an affected customer of the data breach, expressed his dismay to TechCrunch, stating that he finds it reprehensible that 23andMe is seemingly evading accountability rather than offering assistance to its customers. Meanwhile, 23andMe's legal representatives put forth an argument asserting that the pilfered data lacks the capacity to cause monetary harm to the victims.
Read more »
Technology
Browser Chrome Cookies Google Technology

Google Disables 30 Million Chrome User Cookies


Eliminating Cookies: Google's Next Plan

Google has been planning to eliminate cookies for years, and today is the first of many planned quiet periods. About 30 million users, or 1% of the total, had their cookies disabled by the Chrome web browser as of this morning. Cookies will be permanently removed from Chrome by the end of the year—sort of.

Cookies are the original sin of the internet, according to privacy campaigners. For the majority of the internet's existence, one of the main methods used by tech businesses to monitor your online activity was through cookies. Websites use cookies from third firms (like Google) for targeted adverts and many other forms of tracking.

These are referred to as "third-party cookies," and the internet's infrastructure includes them. They are dispersed throughout. We may have sent you cookies if you visited Gizmodo without using an ad blocker or another type of tracking protection. 
Years of negative press about privacy violations by Google, Facebook, and other internet corporations in 2019 were so widespread that Silicon Valley was forced to respond. 

Project: Removing third-party cookies from Chrome

Google declared that it was starting a project to remove third-party cookies from Chrome. Google gets the great bulk of its money from tracking you and displaying adverts online. Since Chrome is used by almost 60% of internet users, Google's decision to discontinue the technology will successfully eliminate cookies forever.

First of all, on January 4, 2023, Google will begin its massive campaign to eradicate cookies. Here's what you'll see if you're one of the 30 million people who get to enjoy a cookieless web.
How to determine whether Google disabled your cookies

The first thing that will appear in Chrome is a popup that will explain Google's new cookie-murdering strategy, which it terms "Tracking Protection." You might miss it if, like many of us, you react to pop-ups with considerable caution, frequently ignoring the contents of whatever messages your computer wants you to read.

You can check for more indicators to make sure you're not getting a ton of cookies dropped on you. In the URL bar, there will be a small eyeball emblem if tracking protection is enabled.

If you wish to enable a certain website to use cookies on you, you can click on that eyeball. In fact, you should click on it because this change in Chrome is very certain to break some websites. The good news is that Chrome has a ton of new capabilities that, should it sense a website is having issues, will turn off Tracking Protection.

Finally, you can go check your browser’s preferences. If you open up Chrome’s settings, you’ll find a bunch of nice toggles and controls about cookies under the “Privacy and security” section. If they’re all turned on and you don’t remember changing them, you might be one of the lucky 30 million winners in Google’s initial test phase.

Google is still tracking you, but it’s a little more private

Of course, Google isn’t about to destroy its own business. It doesn’t want to hurt every company that makes money with ads, either, because Google is fighting numerous lawsuits from regulators who accuse the company of running a big ol’ monopoly on the internet. 

You can now go check the options in your browser. The "Privacy and security" area of Chrome's settings contains a number of useful toggles and controls regarding cookies. If all of them are on and you don't recall turning them off, you could be among the fortunate 30 million individuals who won in Google's initial test phase.

You are still being tracked by Google, but it's a little more discreet

Naturally, Google has no intention of ruining its own company. It also doesn't want to harm other businesses that rely on advertising revenue, as Google is now defending itself against multiple cases from authorities who claim the corporation has a monopoly on the internet.






Read more »
surveillance
DTEK Kyiv Privacy Russia-Ukraine War Russian intelligence Security Service of Ukraine(SBU) surveillance

Russia Hacks Surveillance Cameras to Monitor Attacks in Kyiv


During Tuesday's intense missile and drone strikes on Ukraine's capital, Kyiv, which left over 250,000 people without internet or electricity amid dropping winter temperatures, Russian military intelligence broke into surveillance cameras to spy on Ukrainian air defenses and Kyiv's vital infrastructure.

Security Service of Ukraine informed that it responded to the hack by blocking and dismantling the suspected camera. 

The agency further advised online users to cease transmitting and watching security camera feeds online, as Russian military intelligence is utilizing the "collected data for preparing and adjusting strikes on Kyiv."

Russia has been attacking Kyiv and Kharkiv since New Year’s holiday weekend, resulting in five casualties and over 130 injured. On Tuesday, around 100 missiles were fired on the two cities. 

These attacks were monitored by the Russian intelligence by hacking into the online surveillance cameras that are privately-owned. "According to SBU cyber specialists, one of the devices was located on the balcony of an apartment building and was used by a local condominium to monitor the surrounding area," the SBU reported.

Hackers secretly recorded all visual data inside the surveillance camera's viewing range by gaining remote access to the device and altering its viewing angle. According to the SBU, Russian intelligence then viewed the feed on YouTube to assist the military in tracking the airstrikes and informing soldiers about their targets.

The hacked surveillance camera used for monitoring the parking lot of other residential complex in Kyiv helped hackers to surveille the surrounding areas, which comprised vital infrastructure facilities.

Internet and Power Supply Affected

The energy company DTEK said that Russian missiles had damaged power grid equipment and overhead lines in Kyiv and the surrounding region, causing blackouts that affected nearly 260,000 Kyiv residents. Russian missiles, drones, and bombers also struck Ukrainian internet and power supply services.

DTEK tweeted, "Critical infrastructure, industrial, civilian and military facilities were attacked. The main focus of the attack was the capital of Ukraine[…]DTEK's power engineers are quickly restoring power after the attack."

As of Wednesday, DTEK Executive Director Dmytro Sakharuk announced that all 260,000 residents in Kyiv and an additional 185,000 residents in the surrounding districts had their power restored. "We are now continuing to repair networks after yesterday's shelling, because some consumers had to be connected via backup circuits."  

Read more »
ransom refusal
Cybersecurity Data Breach Data Theft Estes Express Lines FBI Investigation Freight shipping identity monitoring IT Security Personal Data Breach ransom refusal

Estes Declines Ransom Demand Amidst Personal Data Breach and Theft

 

Estes Express Lines, a major private freight shipping company in the United States, has notified over 20,000 customers about a security breach where their personal information was stolen by unknown hackers.

The company revealed that on October 1, 2023, unauthorized individuals gained access to a part of their IT network and deployed ransomware. Despite the standard advice from the FBI and financial regulators, Estes chose not to pay the ransom demanded by the attackers. 

Initially disclosed in early October as a "cyberattack" affecting their IT infrastructure, Estes later announced the full restoration of their system capabilities by October 24 through a video posted by their chief operating officer, Webb Estes.

A group known as Lockbit claimed responsibility for the breach a month later and disclosed that they leaked data taken from the company on November 13. On New Year's Eve, Estes filed a data breach notice with the Maine Attorney General, providing further insights into the digital intrusion, now confirmed to be a ransomware attack.

According to Estes, they are collaborating with the FBI in the investigation. While the forensic analysis confirmed that personal information was stolen, the specifics of the accessed data were not explicitly mentioned in the sample notification letter. 

However, the Maine filing indicated that it involved names or other personal identifiers combined with Social Security numbers, suggesting a broader scope of compromised information.

Estes has not provided immediate responses to inquiries regarding details about the breach, such as the stolen data specifics, the initial network access point for the hackers, the ransom amount demanded, and the rationale behind the decision to refrain from paying the ransom. 

This decision has sparked a contentious debate encompassing practical considerations like effective backups and financial implications, along with broader ethical concerns such as potential support for criminal activities like human trafficking, terrorism, or future cybercrimes through ransom payments.

Both paying and not paying ransoms have proven to be financially burdensome for affected entities. Caesars Entertainment allegedly paid $15 million to a ransomware group to decrypt their data and prevent customer information leakage after a September breach, while MGM Resorts, despite not paying the ransom in a similar attack, suffered losses surpassing $100 million.

While the US government advises against ransom payments, some voices advocate for a complete ban on such extortion payments. Despite the breach, Estes has stated that they are not currently aware of any instances of identity theft, fraud, or financial losses stemming from the incident. Additionally, they plan to offer affected individuals 12 months of free identity monitoring services through Kroll.
Read more »
Technology
cyber threat CyberCrime Data Breach Healthcare cybersecurity Technology

Patient Privacy in Focus: Healthcare's Cyber Challenges





Amidst the rapid evolution of technology in healthcare, a crucial focus has come to light: the security of medical devices. Let's explore the intricacies of this issue together, understanding its importance and finding the right balance between advancing technology and strengthening our healthcare foundation. 

The Growing Threat 

Healthcare systems are prime targets for hackers looking to snag valuable patient data. This isn't just a disruption in patient care – there's a twist involving our medical gadgets. Beyond compromising records, even medical devices like MRIs and ventilators face potential risks, especially those running on outdated software. 

Government Recommendations 

A recent government watchdog recommended increased collaboration between the Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) to enhance the security of medical devices. Although these devices haven't been the primary focus of cyber threats, their vulnerabilities pose risks to both hospital networks and patient well-being. 

Expert Insights 

Toby Gouker from First Health Advisory emphasises the critical nature of this issue, describing it as a significant vulnerability for health systems. Recognizing this weakness, healthcare providers must prioritise cybersecurity efforts, particularly concerning medical devices, to ensure the safety of patient data and uninterrupted healthcare services. 

Challenges in Legacy Devices 

Looking ahead, the focus on device security is not just a theoretical concern; according to Gouker, these devices will likely become more attractive targets as health systems improve their defences against hacking attempts targeting health records. Gouker emphasises the financial impact, pointing out that high-value devices like MRIs are often the backbone of hospital revenue. Disrupting these multimillion-dollar machines could potentially cripple entire health systems. 

Regulatory Measures and Connectivity Concerns 

A crucial detail is that, since March of the previous year, a new law mandates manufacturers to submit cybersecurity plans for new medical devices to the FDA. However, this regulation doesn't extend to the plethora of already-existing connected devices. Chelsea Arnone from the College of Healthcare Information Management Executives highlights the widespread connectivity, noting that everything from hospital beds to infusion pumps and vital-sign monitors is online and thus susceptible to hacking. Many of these devices use off-the-shelf software vulnerable to threats like viruses and worms. 

Urgent Need for a Comprehensive Approach 

Despite recent requirements for new devices, manufacturers have historically not been obligated to provide patches or solutions for vulnerabilities in ageing devices, although some have done so for a limited period. This information underscores the urgent need for a comprehensive approach to address cybersecurity risks in the evolving landscape of medical devices. 

Real-world Incident and Awareness Gap 

In a recent incident, a hospital discovered unauthorised access to a medical device from Russia, stressing on the challenges in addressing cybersecurity threats. An FDA report suggests managing cybersecurity risks for legacy devices, but only a fraction of health systems implement such measures due to cost and awareness issues. There's a pressing need for heightened awareness and cost-effective solutions to fortify medical device cybersecurity across healthcare organisations. 

In addressing healthcare cybersecurity challenges, bureaucratic obstacles appear to be of great concern, causing delays and inefficiencies in responding to hacking threats. Streamlining these processes is paramount. Be attentive, advocate transparency, and support efficient protocols to secure our healthcare systems against burgeoning cyber threats.



Read more »
Orbit Chain
Crypto Hack Crypto Theft Cyber Crime Orbit Chain

Orbit Chain Loses $86M in Cross-Chain Bridge Hack

 

Orbit Chain, a South Korean platform designed to act as a multi-asset blockchain hub, revealed a massive breach on December 31, 2023. The company disclosed an "unidentified access to Orbit Bridge," its decentralised cross-chain technology, which resulted in the theft of more than $80 million in cryptocurrency. 

Orbit Chain revealed specifics of the theft in a series of posts on X, saying the hacker employed cryptocurrency mixer Tornado Cash to fund an initial Ethereum wallet before attacking Orbit Chain's Ethereum vault. Last year, Tornado Cash made headlines when its co-founders were charged with money laundering. 

The stolen funds were then transferred to a number of Ethereum wallets. Orbit Chain's Bridge balance fell from $115 million to $31 million between December 31 and January 1, according to blockchain analytics company Arkham Intelligence. Orbit Chain stated in a post on X earlier this week (2 January) that the stolen assets "remain unmoved" at the time of publishing and that the team is constantly tracking the stolen funds. 

“Orbit Chain team has developed a system for investigation support and cause analysis with the Korean National Police Agency and KISA (Korea Internet and Security Agency), enabling a more proactive and comprehensive investigation approach. Furthermore, we are also discussing close cooperation with domestic and foreign law enforcement agencies,” the firm explained in a post. “We sincerely request that all members of the Orbit Chain community and the Web3 ecosystem help spread this information as widely as possible.” 

Crypto turmoil

Over the past few years, the crypto industry has come under more scrutiny; many have dubbed it an unregulated "wild west." Particularly in 2023, there were several widely reported crypto attacks. Hackers exploited vulnerable code to steal an estimated $197 million from the UK-based cryptocurrency platform Euler Finance in March. The money was later refunded by the hackers, though.

In the meantime, a significant hack on the Ethereum-based cryptocurrency exchange Curve occurred in July 2023. A few months later, in September, a report published by the blockchain analytics firm Elliptic claimed that the well-known North Korean hacker group Lazarus had stolen nearly $240 million in cryptocurrency in less than four months. 

Apart from cybercriminal attacks, the crypto business has received attention for the exploits of its own executives. Sam Bankman-Fried, the founder of crypto exchange FTX, was likely the most notorious, having been convicted of conspiracy to conduct wire fraud and money laundering. Binance CEO Changpeng Zhao pleaded guilty to federal money-laundering crimes in November 2023.

Despite all of this illicit activity, efforts have been made to regulate this unregulated industry. Markets in Crypto Assets, often known as MiCA, was passed by EU lawmakers in April of last year as a major piece of legislation for managing and preserving the crypto industry. 

The legislation went into effect in June 2023 and is now in the implementation phase, which involves consultations on a variety of technical standards. The European Securities and Markets Authority intends to submit the proposed technical standards for approval to the European Commission by June 30, 2024.
Read more »
Marvel Wolverine
Cyber Leaks Cyberattacks CyberCrime Cybersecurity data threat Insomniac Marvel Wolverine

Regenerate and Conquer: Wolverine's Real-Time Damage System to Dominate the Gaming Landscape

 


Marvel's Wolverine has leaked details which suggest that the game will use advanced features, even those that are not available on current PlayStation 5 hardware, to play the game. In the recent Insomniac data breach, a new rumour has been circulating suggesting that the upcoming Marvel film Wolverine may include real-time damage and regeneration, as Logan's powers in the comics were. 

It has been suggested that the recent data leak from Insomniac might have sparked speculation about Marvel's Wolverine, suggesting that it will include real-time damage and regeneration as if Logan's abilities in comic books were to be emulated.

In addition to the plot and characters in the game, this leak has also revealed footage of early Alpha builds of the game, which is one of the most intriguing revelations about the game. One of the most interesting revelations is that Logan's healing factor might be implemented as part of the game's plot. 

Insomniac documents have been leaked for several weeks now, but users are still finding interesting things about them despite it not being long since they were leaked. In response to the leaked gameplay from the vertical slice of Marvel's Wolverine, users had mixed reactions: many viewers of the initial version of the game criticized the combat system, pointing out that there was insufficient blood and damage to the enemies as well as Logan.

They also complained that there was no regeneration system as in X-Men Origins: Wolverine. Although it appears that the release version of the game will make this much better, it is still too early to tell. There was a lot of anticipation among Marvel gamers when Insomniac announced the development of Marvel's Wolverine in 2021, a series of games that were critically acclaimed for their Spider-Man titles. 

With the promise of a darker and more brutal take on the mutant hero, as well as an intense combat style, the anticipation surrounding the game has been growing rapidly. There were, however, many setbacks associated with the excitement, as Insomniac suffered a massive ransomware attack that compromised the company's sales and development records, resulting in the loss of significant sales and marketing information. 

Among the many details revealed by this breach was the fact that Marvel's Wolverine was a fully playable PC version, much to the dismay of both the developers and the fans involved in the game. According to the Insomniac Games document, there will be real-time damage to the characters in the game, according to leaks. 

Furthermore, the game has been leaking even more intriguing information. There is no doubt that Wolverine's healing factor is incredibly effective, helping him recover from damage like ripped skin, bulletshots, or even death. It is not clear from the leaked footage that the healing factor is a major goal of Marvel’s Wolverine, but Insomniac Games emphasized that it is an important part of the game, along with other targets. 

The regeneration system in X-Men Origins Wolverine, released in 2009, appears to be quite elaborate despite the low production value of the game. Though the game doesn't look that great in terms of production, it appears that it could serve as an inspiration for the upcoming game. An explosion in the forest can cause Wolverine to recover on more than just a surface level since individual tissues can heal before the skin. It is therefore expected that fans will be able to expect an even more polished version of this system. 

In addition, it was interesting to separate Wolverine's body from his costume, which proved to be another challenging task. Healing also stitched the spandex back together in the X-Men: Origins movie. This was, of course, a very bizarre feature of healing. Logan does not possess any superpowers that I am aware of, including the ability to repair subconsciously sewn garments. This has not yet happened, at least not shortly. 

An explosion in the forest can cause Wolverine to recover on more than just a surface level since individual tissues can heal before the skin. It is therefore expected that fans will be able to expect an even more polished version of this system. In addition, it was interesting to separate Wolverine's body from his costume, which proved to be another challenging task. 

Healing also stitched the spandex back together in the X-Men: Origins movie. This was, of course, a very bizarre feature of healing. Logan does not possess any superpowers that I am aware of, including the ability to repair subconsciously sewn garments. This has not yet happened, at least not shortly. 

It may be that Insomniac will implement a costume damage system in Wolverine in addition to regeneration for a more immersive experience, which follows the implementation of the costume damage system in Spider-Man 2. In any case, Wolverine's release date is confirmed to be 2026 (according to hacked internal documents released after the attack on Sony), and a lot can change in those two years. 

While Insomniac is currently experimenting with real-time healing, one of the most impressive aspects of Origins is the ability to heal players in real-time, making it even better. Besides destruction and dynamic weather in Marvel's Wolverine, the film will also include supernatural elements. 

It's expected that the PS5 will be able to handle the game in a very impressive way with the combination of all of these systems. The leaks have also made it clear that the game will aim to achieve a visual level similar to the one that was seen in Hellblade 2 and that may be an interesting piece of information.
Read more »
sensitive credential
cyber attack Cyber Attacks Data Leaks Free Leaksmas sensitive credential

Hackers Leak 50 Million Records in 'Free Leaksmas' Spree

Just before Christmas, hackers leaked around 50 million records full of private information. They shared these leaks on the Dark Web under the name "Free Leaksmas." It seems like they were doing this to thank each other and attract new customers during the busy holiday season. 

According to cybersecurity company Resecurity, they noticed that right before Christmas Eve, various hackers released a lot of data all at once. Some of this data seemed to come from previous security breaches, but there were also new breaches involved. The information was either stolen or copied from people worldwide. 

“Numerous leaks disseminated in the underground cyber world were tagged with 'Free Leaksmas,' indicating that these significant leaks were shared freely among various cybercriminals as a form of mutual gratitude”, Resecurity wrote on its website. 

One of the largest data releases came from a hack at the Peruvian telecom company Movistar. In this data dump, there were about 22 million records with sensitive information like customer phone numbers and DNI numbers (which are the main IDs for people in Peru). 

Other big leaks around Leaksmas included one with 2.5 million records from a Vietnamese fashion store's customers and another with 1.5 million records from a French company's customers. 

“A significant event during the 'Leaksmas' in the Dark Web involved the release of a large dataset from Movistar, a leading telecommunications provider in Peru. This dataset contained over 22 million records, including customers' phone numbers and DNI (Documento Nacional de Identidad) numbers”, Resecurity added. 

Not all the shared data Resecurity noticed during the holidays were from recent hacks; some seemed to be from older incidents. For instance, there was info about customers from a Swedish fintech company, Klarna. The hackers might have gotten this data from a rumoured (though not officially confirmed) breach in 2022. 

Another example was a data dump with 2 million records from customers of a Mexican bank. Resecurity's analysis suggested it might have come from a breach in 2021 or 2022. Over the holidays, cybersecurity experts found groups like SeigedSec and "Five Families" sharing stolen data online. 

SeigedSec targeted critical infrastructure in Israel and claimed responsibility for a breach in the Idaho National Laboratory. "Five Families" stole records from a Chinese store due to labour issues. Some criminals selling credit card data offered discounts. Cybercriminals are keen on getting personal info and exploiting weaknesses in websites and software.
Read more »
Technology
CESER DOE Energy Net Zero Emission Technology

U.S DOE Announces $70 Million Funding for Improving


Funding that will support research into tech

Today, the U.S. Department of Energy (DOE) announced funding of up to $70 million to support research into technologies intended to reduce risks and increase resilience to energy delivery infrastructure from a variety of hazards, such as natural disasters, extreme weather events caused by climate change, and cyber and physical threats. 

This new competitive funding opportunity will support the advancement of next-generation innovations that fortify the resilience of America's energy systems, which include the power grid, electric utilities, pipelines, and renewable energy generation sources like wind and solar. It will be accessible to stakeholders in the public and private sectors, universities, and DOE's National Laboratories. 

President Biden's aim of net-zero emissions

Achieving President Biden's objective of a net-zero emissions economy by 2050 will require strengthening America's energy and national security, which is why the announcement made today supports the Biden-Harris Administration's efforts to construct robust and secure energy infrastructure across the nation. 

Along with making significant investments in climate resilience and adaptation, the Biden-Harris administration has also received over $50 billion from the President's Investing in America agenda

Under the direction of the DOE's Office of Cybersecurity, Electricity Security, and Emergency Response (CESER), the All-Hazards Energy Resilience initiative aims to tackle upcoming obstacles to maintain a secure and dependable supply of electricity to communities all throughout the country.  

U.S. Secretary of Energy Jennifer M. Granholm said “Making smart investments in America’s energy systems today is essential to ensuring they’re more reliable and resilient against tomorrow’s threats, while also reaching President Biden’s ambitious clean energy and climate goals.” He further added, “As we build our clean energy future, these investments will help save money in the long run by identifying and developing innovative solutions that ensure our nation’s energy infrastructure can withstand emerging threats and the challenges of a changing world.”

This grant opportunity is purposefully wide, and recipients are encouraged to develop creative and distinctive solutions that are not "one size fits all," given the rapidly changing environment and technology landscape. 

The recipients of awards will encompass all categories of energy delivery infrastructure and will tackle a wide range of possible risks related to energy generation, production, transmission, and/or distribution. 

Under this funding opportunity, CESER anticipates funding up to 25 research, development, and demonstration (RD&D) projects with budgets ranging from $500,000 to $5,000,000. Applications are encouraged from diverse teams from state and local governments, national laboratories, colleges, charity and for-profit businesses, and tribal nations.   

The projects' suggested subject topics include the following:

Cyber Research and Development: Energy systems are more vulnerable to cyberattacks as a result of the expanding digital ecosystem. These initiatives will improve cybersecurity and lower cyber threats to the infrastructure used in energy distribution. 

Development and Research on Climate Mitigation: The world's vital energy infrastructure suffers from a growing number of extreme weather events, rising sea levels, and rising temperatures. Through the development and application of creative solutions, these projects will lessen the influence of climate change on the reliability and transmission of energy.  

Development and Research on Wildfire Mitigation: Communities, ecology, and energy systems are all severely impacted by wildfires. Through these studies, possibilities to fortify infrastructure against wildfires will be identified, allowing electric companies to increase rapid recovery, operate through catastrophic occurrences, and improve resilience.

Research and Development on Physical Security: Vandalism, sabotage, and ballistic damage are some of the hazards that utility power plants must deal with when it comes to their physical security. Physical barriers, access control, and video monitoring systems are some of the modern defenses against these attacks, although they are insufficient to reduce breaches and damage. 

University-Based Research and Development: By integrating university-based research, these projects will strengthen the electric sector's cyber and cyber-physical security posture. In line with the White House Initiative on Advancing Educational Equity, Excellence, and Economic Opportunity through Historically Black Colleges and Universities, applicants must be from historically black colleges and universities. Teams must consist of academic institutions as well as owners, operators, and/or providers of solutions for the energy sector. 

Please click here for a complete list of the topic areas and more in-depth information.  

Visit their official site to learn more about DOE's initiatives to safeguard and preserve the US energy industry.

Read more »
Subscribe to: Comments (Atom)