Feed aggregator

Article URL: https://text.npr.org/nx-s1-4974964

Comments URL: https://news.ycombinator.com/item?id=42091423

Points: 22

# Comments: 4

Article URL: https://old.reddit.com/r/GraphicsProgramming/comments/11khkfb/my_phd_advisor_said_that_computer_graphics_is/

Comments URL: https://news.ycombinator.com/item?id=42091421

Points: 1

# Comments: 0

Article URL: https://www.avabear.xyz/p/do-we-ever-get-over-things

Comments URL: https://news.ycombinator.com/item?id=42091420

Points: 1

# Comments: 0

Article URL: https://simonwillison.net/2024/Nov/8/chainforge/

Comments URL: https://news.ycombinator.com/item?id=42091379

Points: 2

# Comments: 0

Article URL: https://www.nytimes.com/2024/11/06/opinion/trump-democrats-loss.html

Comments URL: https://news.ycombinator.com/item?id=42091377

Points: 3

# Comments: 0

These board games will give you and your friends and family a reason to start having game night.

Getting solar installed in Virginia gets you a federal tax benefit. Check out these recommended solar panel installation companies to get started.

The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While we noted a decrease in loaders distributed via malvertising for the past 3 months, today’s example is a reminder that threat actors can quickly switch back to tried and tested methods.

After months of absence, Fakebat (AKA Eugenloader, PaykLoader) showed up on our radar again via a malicious Google ad for the productivity application Notion. FakeBat is a unique loader that has been used to drop follow-up payloads such as Lumma stealer.

In this blog post, we detail how criminals are targeting their victims and what final malware payload they are delivering post initial infection. The incident was found and reported to Google on the same day as this publication.

Google Ads distribution

Last time we saw FakeBat was on July 25 2024, via a malicious ad for Calendly, a popular online scheduling application. In that instance, FakeBat’s command and control infrastructure ran from utd-gochisu[.]com.

Fast forward to November 8, 2024, and we have an ad appearing at the top of a Google search for ‘notion’. That sponsored result looks entirely authentic, with an official logo and website. We already know that criminals are able to impersonate any brand of their liking by simply using a click tracker — or tracking template — in order to bypass detection.

According to Google’s Ads Transparency Center , the Notion ad was shown in the following geographic locations:

Below is the network traffic from the ad URL to the payload. We can see the use of the tracking template (smart.link), followed by a cloaking domain (solomonegbe[.]com), before landing on the decoy site (notion[.]ramchhaya.com):

Why does this work and bypasses Google? Likely because if the user is not an intended victim, the tracking template would redirect them to the legitimate notion.so website.

FakeBat drops LummaC2 stealer

After extracting the payload, we recognize the classic first stage FakeBat PowerShell:

Security researcher and long time FakeBat enthusiast RussianPanda was kind enough to give us a hand by looking at this installer in closer detail.

After some fingerprinting to avoid sandboxes, we get this second stage PowerShell:

Of note, the threat actors are still using the same old RastaMouse AMSI bypass script from April 2024:

The loader is obfuscated with .NET Reactor, where it decrypts the embedded resource with AES and then injects it into MSBuild.exe via process hollowing:

The decrypted payload is LummaC2 Stealer with user ID: 9zXsP2.

Conclusion

While malicious ads delivering malware payloads have been a little more rare for the past several weeks, today’s example shows that threat actors can and will make a comeback whenever the time is right.

Brand impersonation via Google ads remains problematic, as anyone can leverage built-in features to appear legitimate and trick users into downloading malware.

We appreciate and would like to thanks RussianPanda‘s quick analysis on the payload, as well as security researcher Sqiiblydoo for reporting the malicious certificate used to sign the installer.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Indicators of Compromise

Malvertising chain

solomonegbe[.]com
notion[.]ramchhaya.com

Malicious Notion installer

34c46b358a139f1a472b0120a95b4f21d32be5c93bc2d1a5608efb557aa0b9de

FakeBat C2

ghf-gopp1rip[.]com

1.jar (PaykRunPE)

373cd164bb01f77ad1e37df844010ee5

LummaC2 (decrypted payload)

3e8c406831a0021f76f02c704b68ee60

JwefqUQWCg (encrypted resource)

497dc11a77a4898b6b5e3cc28a586a38

Malicious URLs

furliumalerer[.]site/1.jar
pastebin[.]pl/view/raw/a58044c5

LummaC2 Stealer C2s:

rottieud[.]sbs
relalingj[.]sbs
repostebhu[.]sbs
thinkyyokej[.]sbs
tamedgeesy[.]sbs
explainvees[.]sbs
brownieyuz[.]sbs
slippyhost[.]cfd
ducksringjk[.]sbs

Every time I start a new project, it’s the same drill: setting up authentication, routing, databases, UI, etc. Sound familiar? I wasted 10+ hours on the same repetative setup.

So I built Getstart, a SaaS-ready framework with everything you need to go from zero to launch—fast. It’s all here: NextAuth for easy auth Prisma + MongoDB for scalable databases Next.js API routes pre-built Nodemailer for emails Razorpay for both domestic and international payments Tailwind and Shadcn for sleek and customizable UI

Let me know what you guys think and what can be improved

Comments URL: https://news.ycombinator.com/item?id=42091198

Points: 2

# Comments: 0

Article URL: https://colab.research.google.com/drive/12aFvstG8YFAWXyw-Bx5IXtaOqOzliGt9

Comments URL: https://news.ycombinator.com/item?id=42091190

Points: 1

# Comments: 0

Article URL: https://twitter.com/MikeDubrovsky/status/1854354818787054027

Comments URL: https://news.ycombinator.com/item?id=42091188

Points: 2

# Comments: 0

Article URL: https://github.com/maelstrom-rs/maelstrom

Comments URL: https://news.ycombinator.com/item?id=42091181

Points: 1

# Comments: 0

Amazon currently has the brand-new 2024 M4 Mac Mini desktop computer on sale for $549 with an on-page coupon.

Article URL: https://qz.com/novo-nordisk-cagrisema-ozempic-1851691005

Comments URL: https://news.ycombinator.com/item?id=42091171

Points: 1

# Comments: 0

Article URL: https://www.tomshardware.com/pc-components/cpus/amds-desktop-pc-market-share-skyrockets-amid-intels-raptor-lake-crashing-scandal-amd-makes-biggest-leap-in-recent-history

Comments URL: https://news.ycombinator.com/item?id=42091170

Points: 1

# Comments: 0

EFF, along with ACLU and the New York Civil Liberties Union, filed an amicus brief in the U.S. Court of Appeals for the Second Circuit urging the court to require a warrant for border searches of electronic devices, an argument EFF has been making in the courts and Congress for nearly a decade.

The case, U.S. v. Kamaldoss, involves the criminal prosecution of a man whose cell phone and laptop were forensically searched after he landed at JFK airport in New York City. While a manual search involves a border officer tapping or mousing around a device, a forensic search involves connecting another device to the traveler’s device and using software to extract and analyze the data to create a detailed report the device owner’s activities and communications. In part based on evidence obtained during the forensic device searches, Mr. Kamaldoss was subsequently charged with prescription drug trafficking.

The district court upheld the forensic searches of his devices because the government had reasonable suspicion that the defendant “was engaged in efforts to illegally import scheduled drugs from abroad, an offense directly tied to at least one of the historic rationales for the border exception—the disruption of efforts to import contraband.”

The number of warrantless device searches at the border and the significant invasion of privacy they represent is only increasing. In Fiscal Year 2023, U.S. Customs and Border Protection (CBP) conducted 41,767 device searches.

The Supreme Court has recognized for a century a border search exception to the Fourth Amendment’s warrant requirement, allowing not only warrantless but also often suspicionless “routine” searches of luggage, vehicles, and other items crossing the border.

The primary justification for the border search exception has been to find—in the items being searched—goods smuggled to avoid paying duties (i.e., taxes) and contraband such as drugs, weapons, and other prohibited items, thereby blocking their entry into the country.

In our brief, we argue that the U.S. Supreme Court’s balancing test in Riley v. California (2014) should govern the analysis here. In that case, the Court weighed the government’s interests in warrantless and suspicionless access to cell phone data following an arrest against an arrestee’s privacy interests in the depth and breadth of personal information stored on a cell phone. The Supreme Court concluded that the search-incident-to-arrest warrant exception does not apply, and that police need to get a warrant to search an arrestee’s phone.

Travelers’ privacy interests in their cell phones and laptops are, of course, the same as those considered in Riley. Modern devices, a decade later, contain even more data points that together reveal the most personal aspects of our lives, including political affiliations, religious beliefs and practices, sexual and romantic affinities, financial status, health conditions, and family and professional associations.

In considering the government’s interests in warrantless access to digital data at the border, Riley requires analyzing how closely such searches hew to the original purpose of the warrant exception—preventing the entry of prohibited goods themselves via the items being searched. We argue that the government’s interests are weak in seeking unfettered access to travelers’ electronic devices.

First, physical contraband (like drugs) can’t be found in digital data. Second, digital contraband (such as child pornography) can’t be prevented from entering the country through a warrantless search of a device at the border because it’s likely, given the nature of cloud technology and how internet-connected devices work, that identical copies of the files are already in the country on servers accessible via the internet.

Finally, searching devices for evidence of contraband smuggling (for example, text messages revealing the logistics of an illegal import scheme) and other evidence for general law enforcement (i.e., investigating non-border-related domestic crimes) are too “untethered” from the original purpose of the border search exception, which is to find prohibited items themselves and not evidence to support a criminal prosecution.

If the Second Circuit is not inclined to require a warrant for electronic device searches at the border, we also argue that such a search—whether manual or forensic—should be justified only by reasonable suspicion that the device contains digital contraband and be limited in scope to looking for digital contraband. This extends the Ninth Circuit’s rule from U.S. v. Cano (2019) in which the court held that only forensic device searches at the border require reasonable suspicion that the device contains digital contraband, while manual searches may be conducted without suspicion. But the Cano court also held that all searches must be limited in scope to looking for digital contraband (for example, call logs are off limits because they can’t contain digital contraband in the form of photos or files).

In our brief, we also highlighted three other district courts within the Second Circuit that required a warrant for border device searches: U.S. v. Smith (2023), which we wrote about last year; U.S. v. Sultanov (2024), and U.S. v. Fox (2024). We plan to file briefs in their appeals, as well, in the hope that the Second Circuit will rise to the occasion and be the first circuit to fully protect travelers’ Fourth Amendment rights at the border.

There’s a mattress for every sleep style and body type. Here are the best mattresses for plus-sized sleepers, tested by our experts.

Article URL: https://www.gamesindustry.biz/ps5-pro-signposts-a-disc-less-future-that-few-actually-want-opinion

Comments URL: https://news.ycombinator.com/item?id=42091137

Points: 2

# Comments: 1