Magecart is a relatively new online exploit group that has been in the news recently for affecting British Airways, and Ticketmaster in the recent past months. This hithero-unrecognized group uses a web-based card skimmer script by injecting a precious few lines of malicious code in a website, to then steal sensitive data that customers enter in the payment sections of said affected websites. Two large digital threat management outfits, RiskIQ and Volexity, today released their reports on how Newegg was similarly affected during the time period of August 13, 2018 through September 18, 2018, and what this means to users who may have performed a transaction on the website during this period.

In particular, Newegg.com was affected when the criminals behind Magecart registed the neweggstats.com domain (now inactive) via domain provider Namecheap. As RiskIQ points out, this was soon changed to navigate to the 217.23.4.11 IP address, which is a Magecart server that was used to receive and store all collected user data from the compromise that happened since. A fake certificate was issued to add a layer of legitimacy to the domain, as seen below. Be sure to read past the break to find out more details, and also what the bottom line is for affected users.

In today's world, data breaches, phishing attacks, malware, and exploits are a daily occurrence. We are all familiar with the typical phishing emails that grace our inbox day in day out. You might even get a phone call from a fake Microsoft tech support employee, who attempts to gain access to your system. However, in our always-online world, it is a bit surprising to hear about hackers that would decide to use snail mail. In what will likely elicit a few giggles, U.S. state and local government agencies, along with the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued an alert, in what I can only describe as an attack from the stone age; malware infested CDs.

CTS-Labs, following up on Tuesday's "Masterkey" exploit proof-of-concept video, posted a guide to bypassing Windows Credential Guard on an AMD Ryzen-powered machine. We once again begin in a privileged shell session, of an AMD-powered machine whose Secure Processor that has been compromised using admin privileges, by exploiting it using any of the 13 vulnerabilities chronicled by CTS-Labs. Mimikatz, a tool that is used by hackers to steal network credentials, should normally not work on a machine with Windows Credential Guard enabled. Using a modified version of Mimikatz, the CTS-Labs researchers are able to bypass Windows Credential Guard (which relies on hardware-level security features present on the processor), leveraging the AMD Secure Processor malware microcode they wrote.The proof-of-concept video follows.

In what amounts (for now) to the biggest heist in the history of the world, Japanese cryptocurrency exchange Coincheck, which handles about 3% of the total cryptocurrency transactions, has apparently been on the receiving end of a $500 million hack to its crypto vaults. The heist, which seems to have particularly over the NEM cryptocurrency, took some $532 million worth of the cryptocurrency from the exchanges' coffers. This news comes after Coincheck halted all NEM transaction on its exchange starting this morning, without previous warning, which raised red flags on the NEM investor community and Coincheck users. Additionally, it's being reported that there was an additional $123 million worth of Ripple cryptocurrency taken, as well.

For now, Coincheck has only issued an update saying that "Depositing NEM on Coincheck is currently being restricted. Deposits made to your account will not be reflected in your balance, and we advise all users to refrain from making deposits until the restriction has been lifted", so, there's no confirmation of the heist as of now. However, Nikkei is reporting that Coincheck has reported the theft to the local Financial Services Agency and the police. If confirmed, this is easily the biggest heist in the world's history, and not coincidentally, the biggest in crypto history as well.

Another high-profile hack has hit Bitcoin, as cryptocurrency mining pool Nicehash has confirmed that they've suffered a hack which has rendered users' wallets with the service to be emptied. The heist, currently valued at more than $68M, transferred 4,736.4281 BTC in total to the unknown party's (the perpetrator's, almost certainly) wallet. A single transaction of 4,655.25349748 BTC was the most high-profile one to take place, and has left Nicehash users in the cold.

In a post on Reddit, Nicehash representatives confirmed the heist, stating that "Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours. Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken."

"Where's my Bitcoin?" is a question no miner, investor or mere user in the cryptocurrency ever wants to have to ask. There's always someone willing to take advantage of someone else's hard work or subjection to risk in order to increase their own value; and if there's something years of cyber security have told us, is that hackers seldom lag in picking up new sources of undeserved revenue. So it was only a matter of time before general purpose ransomware started seeing updates so as to take advantage of the newer trends in valuable assets. Enter cryptocurrency. And you can probably guess the rest of this piece.

The new, updated Cerber ransomware routine now not only encrypts a user's files, it also looks for some specific, known Bitcoin wallet applications (namely, and as of time of writing, Bitcoin Core, Electrum, and Multibit), copies them to an external server controlled by the hackers, and proceeds to delete them from the user's PC. Naturally, Cerber also has a routine that handles copying passwords that are stored in your browser of choice. The wallet stealing and copying isn't much of a concern per se; there are additional security measures in any given wallet before the hackers can access their potential treasure trove of cryptocurrency. However, many people also keep files with passwords or some such on their computers; and could be doing a disfavor to themselves by not keeping another copy of their wallets on a secure, non-internet connected hardware wallet, or even USB pen. Naturally, a user who kept the password for their wallet on their system is vulnerable to the entire "ransomware" portion of the Cerber malware; and if someone doesn't even have another copy of their wallet but keeps an ungodly amount of value in it, could very well be facing losses towards the entirety of their wallet. Definitely not a good place to be.

Since the launch of AMD Ryzen, a small piece of hardware that handles basic memory initialization as well as many security functions has been the center of some controversy. Called the Platform Security Processor (the "PSP" for short) it is essentially an arm core with complete access to the entire system. Its actions can be considered "above root" level and are for the most part invisible to the OS. It is similar in this regard to Intel's Management Engine, but is in some ways even more powerful.

Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.

You've heard of the Petya ransomware by now. The surge, which hit around 64 countries by June 27th, infected an estimated 12,500 computers in Ukraine alone, hitting several critical infrastructures in the country (just goes to show how vulnerable our connected systems are, really.) The number one hit country was indeed Ukraine, but the wave expanded to the Russian Federation, Poland, and eventually hit the USA (the joys of globalization, uh?) But now, some interesting details on the purported ransomware attack have come to light, which shed some mystery over the entire endeavor. Could it be that Petya (which is actually being referred to as NotPetya/SortaPetya/Petna as well, for your reference, since it mostly masquerades as that well-known ransomware) wasn't really a ransomware attack?

A bug in Intel's AMT (Active Management Technology), ISM (Standard Manageability) and SBT (Small Business Technology) firmware versions 6 to 11.6 sits unpatched since 2008 - a bug which allows "an unprivileged attacker to gain control of the manageability features provided by these products." Potentially, this could have led systems to be exploited for remote control and spyware infection (and maybe it did lead to that, and we just don't know about it.) Through this flaw, hackers could log into a vulnerable computer's hardware - outside the security features of the OS and any anti-virus suites - and silently install malware and other thriving pieces of malevolent coding. AMT having direct access to the computer's network hardware ensures this could have been done outside of local tampering. The vulnerable AMT service is part of Intel's vPro suite of processor features, so it's catering more to businesses and server boxes than for the usual consumer-based products - though we all know some hardware enthusiast's usage of this kind of processors in their personal rigs. If you don't have vPro or AMT present at all, you are in the clear. However, some outlets report that Intel systems are vulnerable to direct hardware access even if their AMT, ISM, or SBT implementations aren't provisioned - it's just the network access that doesn't work.

These insecure management features have been available in various Intel chipsets for nearly a decade, starting with the Nehalem Core i7 in 2008, all the way up to this year's Kaby Lake Core parts. Luckily, this "feature", which is present in millions of Intel chips and potentially provides a "backdoor-esque" entry point to equal millions of systems, appears to be able to be addressed through a microcode update. However, this update will have to be pushed by your system manufacturer, and you can probably begin to imagine by now how such a process will linger on, and how hard it will be for this to happen to every affected system.

The "DoublePulsar" exploit exposed recently as part of the leaked NSA-derived hacking toolkit posted online, is set to become one of the more significant issues related to the leak. Not because it is unpatched, because it has been patched for roughly a month, but rather because according to a threatpost.com report, few users are as up to date as they should be.

At this year's CCC hacker congress, researchers from Positive Technologies have released information, which documents vulnerabilities in Intel's Skylake and Kaby Lake series processors' handling of USB 3.0-based debugging - which could be used to attack, corrupt, and even subvert a user's system.

This vulnerability allows attackers to bypass typical security mechanisms - both at the hardware and at the OS level - by using a new debugging interface, which could allow them to install malware and/or rewrite the system's firmware and BIOS. The exploit is currently undetectable using existing security tools, and according to the researchers, this mechanism can be used on a hacked system regardless of the OS installed.

While trying to hack the PS4 in order to make it run Linux (in a bid to get Steam and possibly other programs running on the PS4's hardware), hackers hit a snag: they couldn't get the PS4's GPU to display any kind of output or process any kind of graphics. Like any good researcher would, when hit with a snag, the hackers turned to scouring the Internet in hopes of finding any kind of documentation that could help them harness the PS4's Pitcairn-based GPU.

The official discussion board for Epic Games, frequented by developers and gamers of Unreal Engine, "Unreal Tournament," and soon "Paragon," was hacked, exposing dates of birth, IP addresses, registration dates, registration e-mail addresses, and allegedly passwords, of over 800,000 users, reports The Hacker News. The hackers reportedly got their hands on the data by exploiting a vulnerability in the outdated version of vBulletin that Epic Games uses.

Epic Games, however, denies that the hackers got their hands on passwords. "We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext," the company stated. ZDNet reports that a larger portion of the vBulletin database, which includes user posts and private-messages, could also have been stolen.

Russian cyber-security company Kaspersky Labs exposed a breakthrough U.S. spying program, which taps into one of the most widely proliferated PC components - hard drives. With the last 5 years seeing the number of hard drive manufacturing nations reduce from three (Korean Samsung, Japanese Hitachi and Toshiba, and American Seagate and WD) to one (American Seagate or WD), swallowing-up or partnering with Japanese and Korean businesses as US-based subsidiaries or spin-offs such as HGST, a shadow of suspicion has been cast on Seagate and WD.

According to Kaspersky, American cyber-surveillance agency, the NSA, is taking advantage of the centralization of hard-drive manufacturing to the US, by making WD and Seagate embed its spying back-doors straight into the hard-drive firmware, which lets the agency directly access raw data, agnostic of partition method (low-level format), file-system (high-level format), operating system, or even user access-level. Kaspersky says it found PCs in 30 countries with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

An [ethical?] hacker going by the Twitter handle @peterwintrsmith discovered a gaping security hole in NVIDIA's display driver service that allows ordinary local and remote users to gain administrator privileges in Windows. Mr. Winter-Smith posted a description and details of the exploit, in which he describes the NVIDIA Display Device server (NVVSVC) as listening on a pipe (a means by which different processes talk to each other) "\pipe\nsvr," which has an null/empty discretionary access control list (DACL, a security whitelist for users/groups), letting ordinary logged in local and remote users (firewall permitting, and the remote admin has a local account) to gain administrator rights to the system. In our opinion, the exploit is plausible, and could cut short winter breaks of a few in Santa Clara.

Online gaming giant Blizzard Entertainment reported unauthorized access to its servers. The security breach was detected earlier this week, and the company claims that the hackers may have accessed user data such as e-mail addresses of Battle.net users, their personal security questions, and information related to mobile and dial-in authentications.

Blizzard claims that the information compromised is not enough for anyone to gain access to the Battle.net accounts, and that there was no evidence to suggest that more vital bits of user data, such as real names, credit card information, or billing addresses were accessed. Users' Battle.net passwords, which are cryptographically-scrambled, may have been accessed. Since SRP (secure remote protocol) is used to protect the passwords, it is extremely difficult to unscramble them. Blizzard strongly recommends users to change their passwords as investigations into the security breach are on.

A new Kickstarter project is making waves, by proposing an open-source, hacker-friendly platform using Android as its backbone. "OUYA" merges the "satisfying" experience of a console with the developer-friendly nature of the Android marketplace. The project is seeking nearly a million dollars in funds, but it's already managed to reach more than half its lofty goal within just a day. The project's goal is $950,000, a figure it's likely to hit. It's been less than a day, and it's hit more than $590,000. That's no doubt because the higher dollar amounts, $95 and $99, offer the console itself as a reward. So far, the project hasn't outlined any stretch goals, but they seem likely. The funding will go towards converting the prototype to production models with approvals from regulatory agencies, development kits, production orders, and possibly some first-party game development. It also claims that games will be required to offer a free element, be it a demo or the full game with microtransactions. OUYA has already specified its technical specs, including a Tegra3 quad-core processor, 1 GB of RAM, 8 GB of flash storage, an HDMI connection, and Android 4.0. The controller looks fairly standard for consoles, with eight action buttons, two analog sticks, a D-pad, and the addition of a touch pad.

Playing against hackers and cheaters in multiplayer games is rarely fun, so now Rockstar is showing them just how it feels. It's hit upon a cruel and unusual punishment for cheaters in Max Payne 3's multiplayer: forcing them to play in a "Cheaters Pool" filled only with other hoodlums. "Anyone found to have used hacked saves, modded games, or other exploits to gain an unfair advantage in Max Payne 3 Multiplayer, or to circumvent the leaderboards will be quarantined from all other players into a 'Cheaters Pool', where they'll only be able to compete in multiplayer matches with other confirmed miscreants," Rockstar explains in a blog post. They'll also be cut from the leaderboards. Rockstar could deign to allow these rapscallions to rejoin civilised society, but will permaban them for a second infraction. Lets hope that one day all online games will adopt such measures.

From the launch day server meltdown to the way everyone you know seems to be playing, it's pretty clear that Diablo III is quite popular. But just how popular? Blizzard announced today that it sold 3.5 million copies within the first 24 hours, which supposedly makes it the fastest-selling PC game of all time. On top of those 3.5 million copies were another 1.2 million doled out free to World of Warcraft Annual Pass subscribers. After a week, Blizzard says, Diablo III was up to 6.3 million players--not including South Korean game rooms, where it's estimated to have a 39% share. "We're definitely thrilled that so many people around the world were excited to pick up their copy of Diablo III and jump in the moment it went live," CEO Mike Morhaime said in the announcement.

"We also regret that our preparations were not enough to ensure everyone had a seamless experience when they did so. I want to reaffirm our commitment to make sure the millions of Diablo III players out there have a great experience with the game moving forward, and I also want to thank them for their ongoing support." As well as rolling out sneaky little balance updates, Blizzard is investigating reports of nasty hacks, and preparing to launch the real-money auction house on May 29.

Shacknews is reporting Diablo III is pretty popular. So popular, in fact, that the servers have been overloaded by the flood of clickmaniacs trying to play when it launched at midnight. As Diablo III requires players be online to play, even by themselves, there are a lot of sullen faces around this morning, staring glumly at 'Error 37' messages. Still, some are able to play. There's a little good D3 news in that Blizzard is helping out Australian fans who pre-ordered from GAME, after the failing retailer said it wouldn't honour their orders but would keep their money.

"Due to high concurrency the login servers are currently at full capacity. This may cause delays in the login process, account pages and web services," a Blizzard representative said of Error 37. "We apologise for any inconvenience this may cause and thank you for your patience while this is being resolved." A message on the login screen notes, "We're also aware of issues affecting character creation and are working to resolve them at this time." Hang in there, then. As for the land down under, after GAME entered administration earlier this week, it told Diablo III pre-orders that they wouldn't receive their game, but nor could they get a refund. Blizzard kindly stepped in to save them, explaining that those with proof of preordering can buy a digital copy through Battle.net then submit their GAME receipt for a refund. You'll need to buy before May 21, and send your receipt in by June 30, though.

This month is the 20th Anniversary of Wolfenstein 3D. To celebrate id Software and Bethesda have given us all a free browser-based version of its seminal shooter. John Carmack has also given a director's commentary, full of the usual fascinating Carmackchat. You can play the snazzy HTML 5 version of Wolf 3D if you're browsing in Firefox 10, Chrome 16, Internet Explorer 9, Safari 5, or newer. Fingers crossed that your work computer is updated vaguely frequently. id Software got distracted by Doom and Quake after the release of a Wolf 3D prequel, but the series returned in 2001 with Return to Castle Wolfenstein from Grey Matter and Nerve Software. Splash Damage followed this with the superb free multiplayer spin-off Wolfenstein: Enemy Territory, then the last entry in the series was Raven's Wolfenstein in 2009. The iOS version is also going temporarily free in the App Store some time later today. Here is the Link

As Blizzard winds up to launch StarCraft II: Heart of the Swarm later this year, it's also preparing to finally roll out some features fans have been asking for since before SC2: Wings of Liberty launched back in 2010. These include resuming multiplayer matches from replays, playing in other global regions, and watching replays together with other folks. These features and more should be patched in "at or around the launch of Heart of the Swarm," production director Chris Sigaty wrote in a blog post. Resuming from replays will help tournaments go smoother, as SC2's lack of a LAN mode means that problems with a Internet or Battle.net connections can spoil a match.

Rather than starting over from scratch or having judges rule on whether to award the win to one player, they'll be able to pick up where they left off. Global play will let you, as you can probably guess, play on other regional servers around the world, rather than being limited to your home region. Multiplayer replay viewing is a feature from the original StarCraft but cut from the sequel, for when you fancy watching a replay with some chums and discuss the game together. Multilanguage support, a clan/group system, and unranked matchmaking are also in the works.

Hackintosh (running Apple OS X on a non-Apple PC) interest group tonymacx86 discovered that GIGABYTE's 3D UEFI BIOS is most trouble-free with hackintoshing, leaving you with no risky BIOS modding to do. The BIOS tells OS X about what the hardware environment is like. If the OS doesn't have an environment that it's designed for, it crashes with a kernel panic.

GIGABYTE 3D UEFI BIOS, tonymacx86 reports, as tested on a GA-Z77-DS3H, already has power-management descriptors, so you don't have to add any power-management DSDT tables for sleep/wake or power-management functions. Most other onboard devices on the Z77-DS3H run seamlessly with Apple's native drivers. The Atheros gigabit Ethernet controller works with MultiBeast driver, Realtek ALC887 HDA codec works with ALC8xxHDA/AppleHDA, and Intel HD 3000 graphics embedded into the Core i5-2500K (used in the testing) works just fine.

News that Prey 2 had not been cancelled, but rather delayed, was relieving to fans of the original. However, why has there been such secrecy surrounding the project over the last several months? According to a Shacknews source who asked not to be identified, Human Head was not happy with the terms of its contract with ZeniMax, and deliberately stopped work on the game in November so it could try to negotiate a more favorable deal. While doing that, many on the development team were laid off, with the hope they would be rehired if the contract issue was resolved favorably. The process seemed to be gathering some positive momentum until January when ZeniMax's responses all but stopped, causing some of the laid-off Prey 2 team to wonder if the game would ever see the light of day.

By March 1, the source said, things had progressed a bit, leaving the Prey 2 team hopeful that they would return to work soon. But that quickly soured the following day. The source could provide no further first-hand details after March 2. When contacted for a response, an official at ZeniMax responded that "we aren't commenting on the game's development beyond what was said in the statement that was released this morning." In light of the new information, the official stance that "the delay is due to the fact that game development has not progressed satisfactorily this past year, and the game does not currently meet our quality standards" seems to throw Human Head under the creative bus. With development stalled for months, it's no surprise that the game would be unable to meet so-called "quality standards."

According to Kotaku and Shack News, Borderlands 2 developer Gearbox Software is already working on DLC before the game is even released. What can you expect? A new character class. At a PAX East panel this past weekend, the developer showed conceptual images for a new Mechromancer class. The class will be available to everyone when the DLC hits 60-90 days after the game hits shelves, but it will be free to those that pre-order the game, according to Kotaku. Gearbox also detailed two special editions for the game. The first will be the "Deluxe Vault Hunters Edition" for $99, completed with a bobble-head doll of game narrator and weapons dealer Marcus Kincaid. The second will be the "Ultimate Loot Chest Edition," which offers a Borderlands 2-style loot chest, sans hydraulics. Finally, the Gearbox gang tossed out Easter eggs with codes inside, redeemable at a special website, that allowed attendees to compete to potentially insert their names into Borderlands 2 or Aliens: Colonial Marines as an Easter egg.