<!–> ZDNET’s key takeaways The Blink Mini 2 is available for $40 on its own or bundled with a weather-resistant power adapter for $50 With a stronger construction, improved video quality, a new spotlight, person detection, and weather resistance for outdoor use, the Blink Mini 2 is a definite upgrade from the first generation As […] More

Kyle Kucharski/ZDNETChoosing the right laptop can feel overwhelming — even for someone like me who’s lived and breathed laptops for years. You get all these options, configurations, and feature lists that it’s impossible not to know up from down. So, to make things easier for you, I’ll be breaking down laptops and their essentials using three broad usage categories: school, work, and gaming.Also: Finally, a $699 Windows laptop that I wouldn’t mind putting my MacBook Air away forMost laptops fall into one of these buckets, and while there is some crossover regarding hardware, each type is designed with a specific purpose in mind. Below, I walk through what defines each category, highlighting key features to look out for and providing example products along the way.Keep in mind, this advice is based on my own experience and expertise. Ultimately, the best laptop is the one that fits your needs best.How to pick a laptop for school More

Level Lock Pro <!–> ZDNET’s key takeaways The Level Lock Pro is available for $350. This smart lock looks like a regular deadbolt, but supports Apple HomeKey, Matter-over-Thread, physical key, NFC fobs, and door status detection without extra sensors. You’ll have to purchase a keypad separately if you prefer one to unlock, and Android users […] More

Cryptocurrency expert Virgil Griffiths has pleaded guilty to helping North Korean officials evade sanctions using blockchain and cryptocurrency in 2019. Griffiths is now facing up to 20 years in prison and will be sentenced on January 18, 2022.  Griffiths was arrested in November 2019 after he flew to North Korea in April 2019 and gave a technical talk at the Pyongyang Blockchain and Cryptocurrency Conference. Griffiths was allegedly warned by US State Department officials not to go ahead of his trip but went anyway. The 38-year-old, who was a resident of Singapore before his arrest, pled guilty to conspiring to violate the International Emergency Economic Powers Act in US District Court on Monday. “As he admitted in court today, Virgil Griffith agreed to help one of our nation’s most dangerous foreign adversaries, North Korea. Griffith worked with others to provide cryptocurrency services to North Korea and assist North Korea in evading sanctions, and traveled to North Korea to do so,” US Attorney Audrey Strauss said. “In the process, Griffith jeopardized the national security of the United States by undermining the sanctions that both Congress and the President have enacted to place maximum pressure on the threat posed by North Korea’s treacherous regime.” 

US citizens are banned from “exporting any goods, services, or technology” to North Korea without a license from the Department of the Treasury’s Office of Foreign Assets Control.The Justice Department claimed Griffith began planning his assistance to the North Korea government in 2018 by “developing and funding cryptocurrency infrastructure there, including to mine cryptocurrency.”

He allegedly knew that the tools he was creating would be used to evade US sanctions and fund government activities that include the North Korean nuclear weapons program and “other illicit activities.” His presentation at the conference was “tailored to the DPRK audience,” according to a statement from the Justice Department.”At the DPRK Cryptocurrency Conference, Griffiths and his co-conspirators provided instruction on how the DPRK could use blockchain and cryptocurrency technology to launder money and evade sanctions,” the Justice Department explained.   “Griffiths’s presentations at the DPRK Cryptocurrency Conference had been approved by DPRK officials and focused on, among other things, how blockchain technology such as ‘smart contracts’ could be used to benefit the DPRK, including in nuclear weapons negotiations with the United States.”  Griffiths and others also helped answer questions about blockchain from North Korean government officials and worked to set up ways for cryptocurrency to be exchanged between North Korea and South Korea. The original criminal complaint says Griffith was working on “plans to facilitate the exchange of Cryptocurrency-1 [Ether] between the DPRK and South Korea.”The Justice Department accused Griffiths of going even further, pledging to recruit other experts to travel to North Korea for blockchain projects and set up connections between government officials and cryptocurrency service providers. Griffith was a member of the Ethereum Foundation’s Special Projects group before his arrest. He also operated a Tor-to-Web (Tor2Web) service called Onion.city, according to previous reporting from ZDNet. 

Blockchain in the news More

Image: Catalin Cimpanu
Threat actors have discovered they can abuse the Google Chrome sync feature to send commands to infected browsers and steal data from infected systems, bypassing traditional firewalls and other network defenses.
For non-Chrome users, Chrome sync is a feature of the Chrome web browser that stores copies of a user’s Chrome bookmarks, browsing history, passwords, and browser and extension settings on Google’s cloud servers.
The feature is used to sync these details between a user’s different devices, so the user always has access to his most recent Chrome data wherever they go.
Chrome sync feature was recently abused in the wild
Bojan Zdrnja, a Croatian security researcher, said on Thursday that during a recent incident response, he discovered that a malicious Chrome extension was abusing the Chrome sync feature as a way to communicate with a remote command and control (C&C) server and as a way to exfiltrate data from infected browsers.
Zdrnja said that in the incident he investigated, attackers gained access to a victim’s computer, but because the data they wanted to steal was inside an employee’s portal, they downloaded a Chrome extension on the user’s computer and loaded it via the browser’s Developer Mode.
The extension, which posed as a security add-on from security firm Forcepoint, contained malicious code that abused the Chrome sync feature as a way to allow attackers to control the infected browser.

Image: Bojan Zdrnja
Zdrnja said the goal of this particular attacker was to use the extension to “manipulate data in an internal web application that the victim had access to.”

“While they also wanted to extend their access, they actually limited activities on this workstation to those related to web applications, which explains why they dropped only the malicious Chrome extension, and not any other binaries,” Zdrnja said in a report published on Thursday.
Malicious code found in the extension suggested that the attacker was using the malicious add-on to create a text-based field to store token keys, which would then be synced to Google cloud servers as part of the sync feature.
“In order to set, read or delete these keys, all the attacker has to do is log in with the same account to Google, in another Chrome browser (and this can be a throwaway account), and they can communicate with the Chrome browser in the victim’s network by abusing Google’s infrastructure,” he said.
Data stored in the key field could be anything, Zdrnja said.
It could be data the malicious extension gathered about the infected browser (such as usernames, passwords, cryptographic keys, or more) or commands the attacker wanted the extension to execute on the infected workstation.
In this way, the extension could be used as an exfiltration channel from inside corporate networks to an attacker’s Chrome browser instance or as a way to control the infected browser from afar, bypassing local security defenses.
Malicious operations hide in legitimate Chrome traffic
Since the stolen content or subsequent commands are sent via Chrome’s infrastructure, none of these operations would be inspected or blocked in most corporate networks, where the Chrome browser is usually allowed to operate and transmit data unhindered.
“Now, if you are thinking on blocking access to clients4.google.com be careful – this is a very important web site for Chrome, which is also used to check if Chrome is connected to the Internet (among other things),” Zdrnja warned.
Instead, the researcher urged companies to use Chrome’s enterprise features and group policy support to block and control what extensions can be installed in the browser, preventing the installation of rogue extensions like the one he investigated. More