Anyone searching for piracy websites on DuckDuckGo recently might have struggled to find them – but it wasn't because of an active choice by the company. 

Recent reports suggested that DuckDuckGo, a privacy-focused search engine and browser that frequently criticises Google, had removed results related to piracy sites such as YouTube-dl and The Pirate Bay. 

However company CEO Gabriel Weinberg has hit back, blaming the problem on an issue with its site:operator search commands (such as site:thepiratebay), which he says few customers actually use. 

In TechRadar Pro's testing today – using a clean Opera window with a VPN – finding pirate websites was pretty straightforward, suggesting there was no issue. 

In a statement to The Verge, DuckDuckGo said: "After looking into this, our records indicate that YouTube-dl and The Pirate Bay were never removed from our search results when you searched for them directly by name or URL, which the vast majority of people do (it’s rare for people to use site operators or query operators in general)." 

"We are having issues with our site: operator, and not just for these sites," said DuckDuckGo's Allison Goodman. "Some of the other sites routinely change domain names and have spotty availability, and so naturally come in and out of the index but should be available as of now."

A better way to search?

DuckDuckGo was also recently embroiled in a controversy over its decision to down-rank certain pro-Russia results after Russia's invasion of Ukraine, something that sits awkwardly with its "unbiased" marketing. 

The company has also repeatedly gone after Google for its search practices, arguing that the dominant search giant spies on users and delivers poor quality results.

First launched in 2008, DuckDuckGo says it aims to better cater to the needs of privacy-conscious internet users that don’t want their search data ending up in the hands of Google or other large tech giants. The company has since expanded its operations and it now offers its own browser in addition to a search engine.

Given that Google maintains a 91% share of the search engine market – compared to 3.1% for Bing, 1.5% for Baidu, and 0.69% for DuckDuckGo – search consumers seemingly seem not to mind about Google's foibles. 

• Cover your online tracks with the best VPNs

If you're looking for something a bit different when it comes to a business mouse, Logitech has unveiled a new vertical model that it says is the most comfortable yet.

The new Logitech Lift is a wireless, vertical, ergonomic, but small mouse, which the company says is designed for all-day working sessions, whether in the office or at home.

Available within the next few months, the Logitech Lift is set to cost $69.99/£69.99, meaning it should be a relatively inexpensive way to shake up your hybrid working setup.

Logitech Lift-off

Vertical mice have become something of an outlier in recent years, but Logitech thinks its new offering can make a real difference when it comes to both comfort and style. The Lift features a 57-degree vertical design that reportedly takes strain away from your wrist and provides a more natural forearm position whilst in use.

The Lift is reportedly designed especially for "small to medium sized hands", although exactly what sizes this relates to is unclear. The company says the mouse is 22% smaller than its previous MX Vertical model, and is available in three colors, one of which comes in both left and right-handed versions

The mouse itself features a soft rubber grip and a well-placed thumb rest to help make sure your hands don't get tired during long working days.

“Ergonomics and comfort play a vital role in overall workspace wellbeing,” said Olessia Hageman, head of the ergo business unit at Logitech. “Building on our philosophy of when we feel better, we do better, we have created Lift to help people work in comfort for hours and feel better at the end of a long day at the desk.”

The Lift is able to connect to Windows, macOS, Linux, Chrome OS, iPadOS and Android operating systems via Bluetooth and has a battery life of 24 months from a single AA battery.

• Soup up your WFH kit even more with the best business keyboards

Microsoft is readying an update for collaboration platform Teams that will allow admins to change the way meetings are displayed for all attendees.

As explained in a new entry to the company’s product roadmap, meeting hosts will soon be given the option to enable Together Mode for all participants. The update is still under development, but should take effect by the end of May.

Launched in the summer of 2020, Together Mode for Microsoft Teams brings all attendees into a shared virtual background, with the goal of “making it feel like you’re sitting in the same soom with everyone else”.

Together Mode in Microsoft Teams

Although the ambition behind Together Mode is a noble one, the execution leaves plenty to be desired. In this writer’s opinion, the virtual background filled with floating heads only serves to emphasize the fact a meeting is not, in fact, taking place in-person.

While Microsoft’s AI system does a decent enough job of cutting out each person’s home office background, and some people will get on with the feature better than others, there’s an welcome strangeness to the final result.

The idea that meeting hosts should be able to dictate that everyone uses the feature is particularly strange. While there’s something to be said for operating on a level playing field, some users are bound to find the feature more helpful (or unhelpful) than others, which makes a blanket policy counterproductive.

However, not all of Microsoft’s attempts to introduce variety to the way Teams meetings are displayed have been quite so divisive.

Last year, the company rolled out a series of new presenter modes designed to help Teams users flex their presentation style to the occasion. Standout Mode, for example, seats the presenter’s video feed in front of the slide deck, while Reporter Mode places content above the shoulder in the style of a news broadcast.

The features were an example of the way in which virtual backgrounds and clever positioning of content can legitimately improve the quality of video meetings, delivering on Microsoft’s stated ambition to “help presenters deliver content more professionally and offer meeting participants dynamic experiences”.

• Complete your video conferencing setup with the best business webcams around

Several well-known VPN providers - including Surfshark, TurboVPN and VyprVPN - are among six brands called out for a risky practice that potentially undermines user security. 

As part of its Deceptor programme, security research firm AppEsteem found that providers’ apps install a trusted root certificate authority (CA) cert on users’ devices and some providers even fail to obtain users’ consent for doing so. 

AppEsteem recently expanded its programme to include VPN providers, researching VPN apps to look for deceptive and risky behavior that could harm consumers. 

Not good practice

AppEsteem also pointed out that popular VPN provider Surfshark installs its root CA cert on the user’s device even when the user cancels the installation. Surfshark clearly mentions the use of its own trusted root certificate “solely to connect to VPN servers using the IKEv2 protocol”. 

TechRadar Pro’s security expert, Mike Williams, stated “Installing trusted root certificates isn’t good practice. ‘If it’s compromised, it could allow an attacker to forge more certificates, impersonate other domains and intercept your communications.”

What are the risks of installing an additional trusted root certificate?

Root CA certs are the cornerstone of authentication and security in software and on the Internet. They’re issued by a certified authority (CA) and, essentially, verify that the software/website owner is who they say they are.

The installation of an additional root CA cert potentially undermines the security of all your software and communications. When you include a new trusted root certificate on your device, you enable the third-party to gather almost any piece of data transmitted to or from your device. 

Plus, an attacker who gets hold of the private key that belongs to a trusted root certificate authority can generate certificates for his own purposes and sign them with the private key.

This applies to software applications, websites or even email. Anything from a man-in-the-middle attack to installing malware is possible, as illustrated by hacks in 2021 in Mongolia and in 2020 in Vietnam where CAs were compromised. 

The power that Root CA certs have over a user’s device is why state actors like Russia have been pushing citizens to install their new root CA, a move that EFF describes as “paving the way for a decade of digital surveillance”.

The six VPN providers that were found to install root CA certs on user devices are Surfshark, Atlas VPN, VyprVPN, VPN Proxy Master, Sumrando VPN and Turbo VPN. Two of the better known providers on the list, Surfshark and Atlas VPN, both recently joined NordVPN’s parent company Nord Security. However, NordVPN was not among the named providers. 

Why would a VPN company want to install a trusted root certificate?

We don’t believe that’s necessary even for IKEv2 compatibility, and most top-rated VPNs do not do this. 

When an additional root CA cert is installed by a VPN provider, you are relying only on the provider’s encryption and authenticity checks, as the trusted root certificate can overwrite the encryption and authenticity checks of the actual service you’re using (e.g. Mozilla Firefox, WhatsApp). 

This makes it possible for the VPN provider to intercept and monitor essentially all your traffic, in a worst case scenario. We’ve reached out to Surfshark, Atlas VPN and VyprVPN and will update the article when we hear back.

• Make sure you stay protected with the best business VPN around

People working in cryptocurrency businesses are being targeted by Lazarus, a well-known threat actor with strong ties to the government of North Korea, law enforcement groups have warned.

The CISA, the FBI, and the US Treasury Department have banded together to issue a warning to firms in the cryptocurrency industry, urging them to be on their guard.

According to the warning, Lazarus is looking to infect endpoints in crypto firms with trojans, in order to try and drain them of their funds.

Multiple fake apps being distributed

As usual, the attacks start by threat actors assuming the identity of someone close, or of interest, to the victim.

“Intrusions begin with a large number of spearphishing messages sent to employees of cryptocurrency companies—often working in system administration or software development/IT operations (DevOps)—on a variety of communication platforms," it says in the warning.

"The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications, which the U.S. government refers to as TraderTraitor."

TraderTraitor, it was said, is an Electron-based, cross-platform utility built on JavaScript and the Node.js runtime environment. Depending on the device it targets, TraderTraitor can carry different variants of a Remote Access Trojan (RAT) called Manuscrypt.

"Observed payloads include updated macOS and Windows variants of Manuscrypt, a custom remote access trojan (RAT), that collects system information and has the ability to execute arbitrary commands and download additional payloads," the federal agencies added.

There are multiple apps that are being referred to, by the security agencies, as TraderTraitor: DAFOM (cryptocurrency portfolio application for macOS), TokenAIS (portfolio builder for AI-based crypto trading for macOS), CryptAIS (portfolio builder for AI-based crypto trading for macOS), AlticGO (crypto price tracker and predictor for Windows), Esilet (crypto price tracker and predictor for macOS), and CreAI Deck (AI and deep learning platform for Windows and macOS).

Crypto companies are under a constant barrage of cyberattacks. Only recently, a flaw in the operations of Beanstalk Farms, a stablecoin protocol, has allowed an unknown threat actor to siphon $182 million from the network.

Before that, hundreds of millions of dollars in cryptocurrency were stolen after the Ronin Network, which provides the blockchain "bridge" that powers NFT game Axie Infinity, was compromised.

• Prevent state-sponsored hackers from stealing your cryptos with the best malware protection around

Via: BleepingComputer

Microsoft has confirmed that it will not be supporting its Office 2013 software suite for very much longer.

The company revealed that its office software offering will reach its official end of support within the next twelve months, after which it will no longer receive updates and security protection from the company.

Users of Microsoft Office 2013 are now being urged to upgrade or switch software before April 11, 2023, or possibly risk being hit by cyberattacks.

Farewell Microsoft Office 2013

"After five years of Mainstream Support, and five years of Extended Support, Office 2013 will reach the End of Extended Support on April 11, 2023. Per the Fixed Lifecycle Policy, after this date security updates for Office 2013 will no longer be available," Microsoft said in an email to customers seen by BleepingComputer.

"After Office 2013 reaches the end of support, Microsoft won't provide any new security updates, and the continued use of Office 2013 after April 2023 may increase your organization's exposure to security risks or impact your ability to meet compliance obligations."

In place of Office 2013, Microsoft has suggested users switch to Microsoft 365 Apps, a subscription-based model. Most commonly seen as part of Microsoft 365 and Office LTSC 2021 subscriptions, this package provides most of the key apps for business users, and receives regular updates and patches.

"Please start upgrading to Microsoft 365 Apps, which is designed to receive regular updates, and will help you stay current by getting security updates and our latest features," noted Microsoft.

"Alternatively, if your organization requires a static, unchanging product, consider moving to Office LTSC 2021."

The news is the latest key Microsoft product to reach its end of life in recent months. Most famously, Windows XP was put out to pasture back in 2014, although following months of back-and-forth, Microsoft eventually relented and said it would still offer some forms of support for users of the ancient software.

• If you're hunting for something a bit different, try one of the best Microsoft Office alternatives

Via BleepingComputer

GitHub is making one of its most important tools more useful with a significant update. 

A company blog postexplains that GitHub has been working behind the scenes to improve Dependabot, an automated alert service that flags potential vulnerabilities in code. 

While this might sound excellent in theory – and likely saved a lot of heartache further down the coding line – in practice the bot can be quite noisy, something GitHub developers have been complaining about for a while.

A change in tact 

The latest update from GitHub changes Dependabot's strategy, surfacing whether code is calling vulnerable code paths, which should help increase the ratio of signal to noise. 

Since being acquired by Github in 2019, nearly three million developers have used Dependabot, which is testament to how useful automated tools can be for the often laborious task of coding apps and services.  

As GitHub outlines, the service currently curates data on vulnerable packages in a centralised Advisory Database. In the future, GitHub will include data on affected functions for each source library, powered by Stack Graphs. 

And that's not all. GitHub also plans to roll out additional changes over the coming months to improve Dependabot's alerts, including flagging development dependencies and transitive dependency paths. 

Microsoft to the rescue 

Microsoft acquired GitHub in 2018 for $7.5 billion, consolidating its position as one of the leading services providers for anyone using a computer. There were a lot of initial fears that Microsoft would ruin the service, which is beloved by developers. 

But these fears have mostly been allayed, besides a few hiccups along the way, including introducing an algorithmic feed. 

The service remains hugely popular for everyone at all stages of the coding process. 

• Code like a pro with the best text editors

Andreessen Horowitz, also known as a16z, is one of the most well-known venture capital firms operating in Silicon Valley, and is now expanding into even more new territory. 

a16z is launching START, a startup accelerator program for early-stage founders wanting to get their idea off the ground and into reality. 

"Powered by the a16z seed fund in collaboration with partners investing across American Dynamism, Consumer, Enterprise, and Fintech, a16z meets START entrepreneurs where they are in their journey," the firm said announcing the news. 

"a16z START entrepreneurs are introduced to a network of peers, repeat founders, domain experts, potential customers and more to help refine their thesis and scale it into a world-changing business."

Solving old problems? 

The basic idea is that a16z offers founders up to $1 million at the very earliest stages of their journey for a percentage share in their company. These are funded by a16z's $400 million seed fund, announced in 2021. 

Specific terms are decided on an ad hoc basis, which differs from other accelerators, such as the legendary Y Combinator, which offers $125,000 for a 7% stake. 

a16z's program is remote and rolling, meaning it will accept founders at all times. 

As TechCrunch notes, the a16z START landing page offers no diversity mandate or specifies how long the program will run or who will be mentoring the startups. 

There is also no focus on attracting early-stage crypto startups, something a16z has been keenly focused on through its huge $2.2 billion fund. 

The START program is a first for a16z, which has previously invested in startups at seed stages onwards. Working at the startup formation stage is different because the ideas are less well-defined and investors are betting on the specific founder to execute. 

However, the returns are much greater for far less capital investment, something that has made YC – which invested in Airbnb, Stripe, Instacart, Coinbase, DoorDash, OpenSea, and many others at very early stages – a lot of money over the years. 

Legendary VC firm Sequoia recently also launched an accelerator fund, Arc, in the US and Europe, hoping to attract the next crop of huge tech startups. Like a16z, Sequoia will invest $1 million for an unspecific stake. 

• Invest with ease with the best stock trading platforms

Scraping public data is legal, the U.S. Ninth Circuit of Appeals has ruled in a potentially landmark decision. 

The decision follows a ruling by a federal court of appeals that reaffirmed its earlier decision, notably that web scraping (data harvesting, en masse) of data that’s made available to the general public, does not violate the Computer Fraud and Abuse Act (CFAA).

The CFAA is used to determine what can be described as “hacking” under US law.

hiQ Labs vs LinkedIn - round two

The ruling is the epilogue of a legal battle between LinkedIn and hiQ Labs, a talent management algorithm focused on people analytics and data science machine learning. The latter has been scraping LinkedIn user profiles, something the world’s largest social network for professionals described as against its terms of service, equal to hacking, and was in violation of the CFAA.

LinkedIn lost the first lawsuit in 2019, but even after the second knockdown, it doesn’t want to give up.

“We’re disappointed in the court’s decision. This is a preliminary ruling and the case is far from over,” said LinkedIn spokesperson Greg Snapper in a statement. 

“We will continue to fight to protect our members’ ability to control the information they make available on LinkedIn. When your data is taken without permission and used in ways you haven’t agreed to, that’s not okay. On LinkedIn, our members trust us with their information, which is why we prohibit unauthorized scraping on our platform.”

Reporting on the news, TechCrunch gives it a positive spin, saying the ruling is “good news for archivists, academics, researchers, and journalists”.

“Without a ruling in place, long-running projects to archive websites no longer online and using publicly accessible data for academic and research studies have been left in legal limbo,” it says.

However, it also reminds that some companies’ use of web scraping, such as the one done by facial recognition startup Clearview AI, is borderline illegal. This company scrapped “billions of social media profile photos,” over the years.

• Keep your data safe and anonymous online with the best VPN services

Via: TechCrunch

Popular web hosting and website builder platform Web.com has unveiled  its new ecommerce product.

Built with the same drag-and-drop feature, Web.com’s ecommerce website builder now gives sellers a single location where they can manage all the day-to-day tasks that go with running an online business.

The new product comes with a marketplace manager and links to social media platforms allowing users to reach customers on Instagram, Facebook and other social sites. 

Web.com SMB ecommerce builder 

Available now, the ecommerce platform offers 25, 50 and unlimited eShop pages, each with unlimited email accounts.

Web.com’s Marketplace manager also allows online sellers to reach more customers through popular marketplaces such as Amazon, eBay and Etsy. Online sellers can now list products and update existing product listings from inside the platform without having to log into separate services.

The essential ecommerce plan for small businesses includes one hour free design support, a free domain and private registration for $13.95 per month. Its ecommerce premium plan starts at $19.95 per month and includes automated sales tax, multi-currency, and restock/purchase orders.

“For a small business looking to launch an online store, the process can be overwhelming with several moving pieces. Web.com’s new solutions make it easy to get an online store up and running in one place quickly so small businesses can start taking orders from customers,” said Ed Jay, President of Newfold Digital, parent company of Web.com. 

“Online sellers can quickly launch with Web.com’s intuitive drag-and-drop builder and easily list products from anywhere. Once live, online sellers can leverage the platform’s powerful integrations like the online marketplace manager to reach more customers.”

Through the ecommerce platform, Web.com is also offering 24/7 automated inventory sync technology to show where customers sell. The plan also comes with the assistance from Web.com’s team to help new ecommerce sellers launch their online presence.

“Our new eCommerce platform is backed by an expert support team that is available for customer questions via chat, phone, and email support,” added Jay. “Included in every package is a one-hour professional design consultation, so customers can launch with confidence.” 

• Most ecommerce website builders offer SEO tools, which will make your site stand out and rank higher among search engine results 

A threat actor could abuse the popular archiving app, 7-zip and gain elevated privileges on a device to which they already have access.

A GitHub user going by the name Kagancapar discovered a zero-day vulnerability in 7-zip for the Windows operating system (OS). The findings, posted on GitHub, revealed that, "Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area."

Here’s how it works: a threat actor crafts a malicious file, and gives it a .7z extension (the one that an archive compressed with 7-zip can have). They then need to drag and drop that file onto the 7-zip help window, and run a command in admin mode.

Waiting for a patch

After that, they’ll get elevated privileges on the target endpoint, allowing them to run more complex commands and run different apps. More details can be found in this proof-of-concept video.

The vulnerability is now tracked as CVE-2022-29072. The latest 7-zip version is 21.07, released in late December last year, which means the zero-day was not yet patched. 

Those worried about potentially being targeted through 7-zip can protect their virtual premises by deleting the 7-zip.chm file, Tom’s Hardware reported. Another method is to grant 7-zip only read and run permissions for all users. 

The file compression company doesn’t seem to have commented on the vulnerability much, other than refusing to take responsibility for the flaw, given that it depends on Microsoft Help in Windows. However, as Kagancapar explained, dropping the malicious file on the Help window triggers a heap overflow in 7zFM.exe, which leads to the escalation of privilege, arguing that for this reason alone - it’s 7-zip who should be addressing the issue.

7-zip is one of the three most popular file archiving applications, whose popularity is only rivaled by giants WinZIP and WinRaR. 

• If you're looking for a place to host your files, check out these best services around

Via: Tom's Hardware

Graphics cards from both AMD and Nvidia have been steadily stabilizing over the last few months, with prices plummeting yet again during April – though progress has been notably slower for Nvidia GPUs.

According to German retailer 3D Center, GPU prices have declined by an average of 13%, though if we look at the data provided, Nvidia only manages an improvement of around 6%. Still, prices are consistently falling across the board, with the Nvidia GeForce RTX 30 series sitting at around 19% over MSRP, while the AMD's Radeon RX 6000 series is now just 12% over MSRP.

Is this still expensive? Well yes, but relative to the massive inflation we were seeing just after both Ampere and RDNA 2 were released to the market back in 2020, this is a significant improvement, and not out of the realms of affordability. According to additional data from 3D Center, AMD and Nvidia GPUs were sitting at 83% and 87% respectively over their official retail prices just a few months ago in December 2021.

3D Center notes in its report that the recently released Nvidia GeForce RTX 3090 Ti was purposefully omitted from the data as it was so widely expensive that it was purchasable at its official MSRP from its launch date, and this would unnecessarily falsify the average results.

Snapping up a new GPU from either Team Red or Team Green has been almost impossible for the entire lifespan of each card so far, with a mixture of the chip shortage and competition from cryptominers causing almost the entire market to wildly inflate.

These results certainly feel like the news we've all been waiting to hear, but it does come with some salt being rubbed into our wounds. For one, as these prices are based on the German market, they don't necessarily reflect the worldwide market with the same accuracy, so while prices do appear to be falling in other regions across the rest of Europe and the USA, the percentages we're seeing won't be applicable.

3D Center does note that this works both ways though, as the fluctuations between the US Dollar and Euro have caused the fall of graphics card pricing to slow in Germany. We're also seeing that cards are becoming easier to find on shelves, which should decrease demand and keep the prices falling. Who knows, perhaps by the time the GeForce RTX 40 and RDNA 3 series are released, the current generation of GPUs might finally slip below their launch prices.

Analysis: It's not all good news

It's not all good news, at least if we look at historical graphics card pricing and market fluctuations. Tom's Hardware mentions in its own reporting that GPU prices should be around 10-20% lower than their original list price by now as both Nvidia and AMD prepare to announce the next generation of hardware.

Computex is also just around the corner, starting on May 24, so we're running out of time to see the same market affordability as years gone by, and if we see similar inflation with the release of cards like the Nvidia GeForce RTX 4080 and AMD RX 7900 XT, there's nothing to prevent prices spiking again for the current generation of GPUs.

Truly 'cheap' graphics cards are a long way off, and may even be a thing of the past entirely depending on what you believe to be a budget GPU, but at least the situation is improving. Who knows, maybe you'll soon be able to get your hands on your dream card without having to sell all of your prized possessions to finance it.

Intel could also help to stabilize the market with the release of its desktop Arc Alchemist graphics cards. Pricing and a release date have yet to be confirmed, but with early benchmarks showing some promise for gamers targeting high frames at a 1080p resolution, they could help to reduce the cost of GPUs like the Nvidia GeForce RTX 3060 and AMD Radeon 6600 XT

This could make for a great first GPU, especially if you're planning to run low-demand games and applications, which should take some pressure off the wider market. Only time will tell though, and if the last two years have taught us anything, it's to make the most of a good thing. 

There's no way of knowing if prices will skyrocket across the board again in the coming months, but if you've been holding out to buy a new graphics card, now might be your chance to do so at a 'reasonable' price.

Security researchers have found a fake Windows 11 upgrade website that promises to offer a free Windows 11 install for PCs that don’t meet the minimum specifications, but actually installs data-stealing malware.

Windows 11 has some… interesting… requirements to run, and its most famous demand is for Trusted Platform Module (TPM) version 2.0 support. This has led to perfectly capable, and powerful, PCs and laptops being unable to upgrade to Windows 11, as they did not meet the minimum specifications.

Understandably, this annoyed people with relatively new hardware that couldn’t upgrade to the latest version of Windows, and many looked at ways of circumnavigating the TPM 2.0 requirement to install Windows 11 on their unsupported devices.

It’s these people that this new threat is targeting, as Bleeping Computer reports.

Looking legitimate

While the website’s address (URL) should be a red flag (we won't mention it here), as it’s clearly not a Microsoft website, the actual website itself does look like it’s an official Microsoft website, using logos and artwork that makes it difficult to tell it apart from a real Microsoft page.

However, as security researchers CloudSEK discovered by clicking the ‘Download now’ button, the website downloads an ISO file that contains malware.

This malware, called ‘Inno Stealer’, uses a part of the Windows installer to create temporary files on an infected PC. These create processes that run and place four additional files on your PC, some of which contain scripts that disable various security features, including in the Windows registry. They also tweak the built-in Windows Defender anti-virus, and remove other security products from Emisoft and ESET.

Other files then run commands at the highest system privileges, while yet another file is created in the C:\Users\\AppData\Roaming\Windows11InstallationAssistant folder, and it’s this file that contains the data-stealing code, named Windows11InstallationAssistant.scr. This then takes information from web browsers, as well as cryptocurrency wallets, stored passwords and files from the PC itself. This stolen data is then sent to the malicious users who created the malware.

Pretty nasty stuff.

Analysis: Be careful what you wish for

The scale of the infection here, and what it’s able to steal from you, is very scary, but the good news is that it’s easy to avoid.

No matter how desperate you are to install Windows 11, you should only download ISO files from sources you are absolutely certain are legitimate. While the makers of this malware have put in a lot of work to make the website look legitimate (like many so-called ‘phishing’ attacks), there are some tell-tale signs, such as the aforementioned URL, which highlights that this is not a genuine Microsoft website.

If your PC is eligible for a Windows 11 upgrade, you’ll be alerted via Windows Update, a tool that’s built into Windows operating systems. This is the safest way to ensure you are downloading and installing a genuine copy of Windows 11.

If your PC isn’t eligible, due to not meeting the TPM 2.0 requirements, then there are some safer ways to install Windows 11 without TPM anyway. But we don’t really recommend any of them, especially as Microsoft is making it harder to run Windows 11 on unsupported systems, which could mean you miss out on important updates, security fixes and features in the future.

Above all, however, you should never attempt to download and install a Windows 11 ISO file from any website that isn’t run by Microsoft itself.

• Find out how to safely install and download Windows 11

Catalan politicians have reportedly been targeted by a new form of mobile security threat that attacks iOS devices. 

Cybersecurity researchers at Citizen Lab discovered a new zero-click exploit in iMessage - iPhone’s native texting app. The new exploit was allegedly used to install Pegasus, known spyware from the dreaded NSO Group.

Although the team say they can’t know with absolute certainty, they believe that individuals from Spain were behind the attack, with Catalonia, a region in the north east of the country, seeks to gain its independence from the Spanish crown. 

NSO Group strikes again

NSO Group is an Israeli tech startup known for selling malware and spyware to governments around the world. It has frequently been criticized for its role in the abuse of human rights, especially against politicians, journalists and civil rights activists.

This time around, it appears Pegasus was installed on endpoints belonging to Catalan Members of the European Parliament (MEPs), every Catalan president since 2010, as well as Catalan “legislators, jurists, journalists, and members of civil society organizations and their families”.

The newly discovered zero-day has been dubbed HOMAGE, and is reportedly only found on iPhone devices running iOS 13.2 or earlier.

"Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.

"We are not aware of any zero-day, zero-click exploits deployed against Catalan targets following iOS 13.1.3 and before iOS 13.5.1."

The researchers don’t know who’s behind the attack, but suspect individuals from the Spanish government. 

"At this time the Citizen Lab is not conclusively attributing these hacking operations to a particular government, however a range of circumstantial evidence points to a strong nexus with one or more entities within Spanish government," Citizen Lab added.

• Defend your premises with the best ransomware protection services right now

Via: BleepingComputer

Cybersecurity experts from ESET have found three security flaws in hundreds of different Lenovo laptop models which could put millions of users at risk.

ESET said exploiting these vulnerabilities would allow attackers to deploy and successfully execute UEFI malware either in the form of SPI flash implants like LoJax or ESP implants like ESPecter. 

In total, three vulnerabilities have been discovered, which are now tracked as CVE-2021-3970, CVE-2021-3971 (also known as SecureBackDoor and SecureBackDoorPreim), and CVE-3972 (SMM memory corruption inside the SW SMI handler function). 

Bypassing security measures

The first two can be activated to disable SPI flash protections (BIOS Control Register bits and Protection Range registers) or the UEFI Secure Boot feature from a privileged user-mode process during operating system runtime. The third, ESET explains, can allow an attacker to execute malicious code with SMM privileges, potentially leading to the deployment of an SPI flash implant.

What makes them extremely dangerous, says ESET researcher Martin Smolár, is that they allow for the exploitation of UEFI threats that are executed early in the boot process, before transferring control to the operating system.

That means they can bypass “almost all security measures and mitigations higher in the stack that could prevent their operating system payloads from being executed,” he said. 

This is not the first UEFI threat that’s been discovered. All of them, however (including LoJax, MosaicRegressor, MoonBounce, ESPecter, or FinSpy) need to bypass or disable the device’s security mechanisms in order to work.

The UEFI boot and runtime services are essential for the operation of any endpoint, as drivers and applications need them to properly run. 

ESET’s researchers are “strongly” advising all Lenovo laptop owners to go through the list of affected devices found here, and update the firmware as per the manufacturer’s instructions. 

Owners whose devices reached end-of-life can use a TPM-aware full-disk encryption solution capable of making disk data inaccessible if the UEFI Secure Boot configuration changes, ESET concluded.

• No security stack is complete without a great firewall

Cybersecurity researchers from Citizen Lab have warned UK officials from 10 Downing Street and the Foreign and Commonwealth Office that their endpoints were being targeted with spyware.

The report claims that in 2020 and 2021, UK representatives, most likely working abroad in the United Arab Emirates (UAE), had their devices infected by the Pegasus spyware, a known malware strain developed and sold by NSO Group.

NSO Group is an infamous Israeli tech company that sells surveillance tools to governments around the world. It’s been often criticized due to the fact that Pegasus gets used against politicians, journalists, and civil rights activists. In one case, it was allegedly also used by Mohammed bin Rashid Al Maktoum, the ruler of Dubai, UAE, to hack his ex-wife's phone. He denied the claims.

NSO Group denies all allegations

Some western countries have banned the company from their jurisdictions, and banned the use of their tools, altogether. 

As for these specific allegations, NSO Group denied them all, claiming that such an attack “could not have taken place.”

"The information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons,” NSO Group’s spokesperson was quoted saying.

"NSO continues to be targeted by a number of politically motivated advocacy organizations, like Citizens Labs and Amnesty, to produce inaccurate and unsubstantiated reports based on vague and incomplete information.

"We have repeatedly co-operated with governmental investigations, where credible allegations merit."

Citizen Lab stumbled upon these findings while investigating the case of comprehensive spying of Catalan politicians. Allegedly, 65 officials of the northern Spanish region were being spied upon, including members of the European Parliament, Catalan presidents, legislators, jurists, and members of civil society organizations.

Researchers tested “a number of official phones”, including that of the prime minister, but we don’t know which endpoints were infected, and if any data had been stolen. 

• Keep your digital premises safe with the best firewalls right now

Via: BBC

Despite Apple’s rigorous App Review process, a new crop of scam apps for macOS have been discovered on the company’s App Store.

As reported by The Verge, principal software engineer at Red Hat, Edoardo Vacci discovered the first in the latest batch of scam apps. The app in question, My Metronome, locks up and won’t allow users to quit using either the menu bar or keyboard shortcuts (it can be Force Quit though) until they agree to pay a $9.99 per month subscription.

According to FlickType founder and scam app hunter Kosta Eleftheriou who spoke with The Verge, the developer behind My Metronome seems to have “experimented with various techniques over the years of preventing people from closing the paywall”.

Following a tweet from Eleftheriou, My Metronome was removed from the App Store but its developer, Music Paradise, LLC is also connected to another app development company called Groove Vibes that has created similar scam apps. In fact, according to the privacy policies of both companies, they’re registered at the same address and both mention Akadem GmbH.

Pay to quit apps

To see for themselves, The Verge decided to test Music Paradise’s Music Paradise Player app along with all of the Mac apps made by Groove Vibes.

According to the news outlet, all of the apps it tested immediately displayed a pop-up that asked users to sign up for a subscription. While three apps from Groove Vibes allowed users to quit using the menu bar or by pressing Command+Q, two of the company’s apps along with the Music Paradise Player app greyed out the quit option in the menu bar and prevented users from clicking the red button at the corner to close the app. Keyboard shortcuts were also of no use.

Unlike ransomware, the apps in question don’t lock users out of their files but instead prevent users from easily closing them so that they fall for the scam and sign up for a monthly subscription instead.

Surprisingly, all of these scam apps appeared to slip through the cracks during Apple’s App Review process which should have prevented them from being published in the first place. While scams like these do reappear from time to time, at least Apple added a “Report a Problem” button to the App Store so at least users can warn the company about scam apps.

• Regain control over your devices with the best malware removal software

Via The Verge

While Intel has already launched its mobile Arc GPUs, it seems that it may be delaying its Arc Alchemist A-Series graphics cards.

According to a leak from a reliable Intel leaker Enthusiastic Citizen and originally spotted by Wccftech, Intel’s desktop A-series might arrive as late as the end of Q2 or beginning of Q3 2022. It also looks like there are four desktop cards planned in the A-series: the A770, A750, A580, and A380.

The fastest one is said to be the A770, which is being compared to the RTX 3060 Ti in terms of performance. This particular detail, as well as the rumored delay, seem to be backed by Intel’s previous statement that some form of a ‘Limited Edition’ GPU would launch sometime in the middle of the year.

There also seems to be some confusion involving the A770, especially when it comes to the amount of memory. There are some leaks stating it to have a boost clock up to 2.4 GHz and 12GB of memory, while the new report indicates that it might have as much as 16GB VRAM.

The leaker who first revealed the leaks, ‘Enthusiastic Citizen,’ also stated that Intel has plans for a part called Arc A750, which past reports suggest would have 448 Xe Vector Engines (Execution Units). According to the grapevine, this and the A580 would feature 8GB GDDR6 memory.

• Gaming performance for Intel Arc Alchemist GPU unlocked by switching off one feature

In addition to its website builder, Wix is also making it easier for business owners and venues to create customized seating maps for their in-person events.

Hosting a large event for coworkers or customers can be a daunting task, especially for small businesses. Fortunately with the Wix’s new Seating Map Builder, business owners can now create a customized seating map according to their specific venue and create different types of tickets to match their seating map.

From tour buses to campsites and churches to clubs or big venues and even dinner parties, the company’s latest builder aims to simplify the process of creating, managing and monetizing events for business owners.

Wix’s Seating Map Builder is available to all of the company’s premium users at no additional cost and interested users can check it out here.

Seating Map Builder

Both business owners and venues themselves can create detailed maps of a venue and price tickets based on the location of each seat using Wix’s Seating Map Builder.

However, they can also build the map with any variation of seating for their events including tables, rows of seats, areas with general seating such as a standing room only area, reserved VIP sections or even a combination of any of these. When customers go to purchase their tickets, they’ll be able to see all of the available seating, hover over a seat to see its price and click to select the seats they would like to purchase.

Seating Map Builder is part of the company’s Wix Events event management platform for tickets and RSVPS. Besides live, in-person events, business owners can host and showcase their events on their website, connect video conferencing solutions such as Wix Live or Zoom, send invites and accept secure online payments. The platform also includes other networking and social tools for event attendees and businesses can leverage the Wix Owner App to check-in guests, sell tickets and even manage their events on the go.

Head of Wix Events, Donatas Dautartas provided further insight on the company’s new Seating Map Builder in a press release, saying:

"In the short period of time since releasing the Seating Map Builder to businesses, the average number of tickets per event and average ticket price per event have increased. This release has opened the door for businesses and venues to manage ticketing of their events on their own, when they previously had to hire developers to build these complex systems. We're proud to deliver this exciting builder to our existing users and look forward to working with new businesses and venues, and to help them grow their businesses."

• Not ready to host in-person events just yet? These are the best virtual event platforms

Intel’s neuromorphic Loihi chips could end up in future CPUs though they might also be available as a cloud service.

After being in development for the past several years, we now have a better idea regarding several potential commercial use cases for Intel’s Loihi neuromorphic chips.

Unlike the traditional chips found in other Intel processors, neuromorphic chips mimic the neurons of the human brain and due to their pin-like structure, these chips use far less energy as they only consume electricity when contributing data.

When Intel first released its Loihi chips back in 2017, the chipmaker pitched them as a way to handle AI tasks faster using far less energy than traditional chips. More recently though, researchers at Sandia National Laboratories in the US found that Loihi could be the future of high-performance computing (HPC) as Intel’s neuromorphic chips have the potential to make HPC more energy efficient, environmentally friendly and affordable.

According to a recent roundtable with journalists reported on by The Register, we now have a bit more insight into how Intel plans to offer Loihi as a commercial product to both consumers and businesses.

Loihi’s future

While speaking with journalists, Intel Labs' lead Rich Uhlig explained that the company could integrate Loihi into its future CPUs to perform AI tasks more efficiently though the chip giant may also make its neuromorphic chips available as a cloud service.

Uhlig stressed that Intel doesn’t yet have firm plans regarding Loihi’s future but at this point the company thinks it’s onto something. Now it’s just a matter of figuring out how to offer its neuromorphic chips to customers in a way which benefits them and allows the company to monetize the years it spent on researching and developing Loihi.

Intel Labs, which developed Loihi, is also now in a better place to begin trying to incorporate Loihi’s technology into its products after being moved under Intel’s Software and Advanced Technology Group. According to Uhlig, this allows Intel Labs to take its software-oriented innovations to the group which is responsible for identifying new software revenue opportunities.

Although we don’t yet know exactly how Intel will make Loihi available to consumers and businesses, the next version of the company’s neuromorphic chip will increase its chip scale from 128k neurons per chip to up to one million with large scale systems that combine multiple chips on a board.

• Tackle even the most demanding computing tasks with one of the best workstations

Via The Register