More stories

  • in

    How a researcher with no malware-coding skills tricked AI into creating Chrome infostealers

    ZDNETGenerative AI has stirred up as many conflicts as it has innovations — especially when it comes to security infrastructure.Enterprise security provider Cato Networks says it has discovered a new way to manipulate AI chatbots. On Tuesday, the company published its 2025 Cato CTRL Threat Report, which showed how a researcher — who Cato clarifies had “no prior malware coding experience” — was able to trick models, including DeepSeek R1 and V3, Microsoft Copilot, and OpenAI’s GPT-4o, into creating “fully functional” Chrome infostealers, or malware that steals saved login information from Chrome. This can include passwords, financial information, and other sensitive details. Also: This new tool lets you see how much of your data is exposed online – and it’s free”The researcher created a detailed fictional world where each gen AI tool played roles — with assigned tasks and challenges,” Cato’s accompanying release explains. “Through this narrative engineering, the researcher bypassed the security controls and effectively normalized restricted operations.” More

  • in

    How AI agents help hackers steal your confidential data – and what to do about it

    SEAN GLADWELL/Getty Images Like many people, cybercriminals are using artificial intelligence to help them work faster, easier, and smarter. With automated bots, account takeovers, and social engineering, a savvy scammer knows how to enhance their usual tactics with an AI spin. A new report from Gartner shows how this is playing out now and how […] More

  • in

    I always turn off this default TV setting when watching movies – here’s why you should, too

    Kerry Wan/ZDNETI love March Madness, at least when my team is invited to the Big Dance. I even enjoy watching other teams play their hearts out like everything is on the line — because it is. While NCAA basketball continues to be broadcast in standard HD, the games can look clear, bright, and beautiful on most modern TVs. Part of that appeal, though, is owed to your TV’s motion-smoothing capabilities. Also: How to watch March Madness 2025: The best streaming optionsFor many people, motion smoothing is only appropriate for gaming and watching live sports; enthusiasts typically prefer turning off the feature to watch anything else because it can detract from the filmmaker’s original intent, making on-screen images seem artificial or hyper-realistic. This is what’s called the “soap opera effect.” It’s a perfectly descriptive metaphor that probably requires no explanation. You can see it all too well: the cinematic film should not look like a daytime soap; you shouldn’t feel like you’re on the set with the actors. But it is appealing to feel like you’re in the stadium watching your team with thousands of fans. The soap opera effect makes sense for live sporting event broadcasts. More

  • in

    You have 4 days to update Firefox before everything breaks

    ZDNETOn March 14, 2025, a root certificate used to verify signed content and add-ons for Firefox, Thunderbird, and other Mozilla projects expired. The expiration of this certificate will cause problems for Firefox users unless they update to version 128 (or ESR 115.13+). This includes versions for Linux, MacOS, Windows, Android, and iOS — in other words, all platforms.Also: The Firefox I loved is gone – how to protect your privacy on it nowWithout updating, all features that rely on remote updates will cease to function, all add-ons will be automatically disabled, and DRM-protected content will stop playing. In addition, all systems dependent on content verification could stop functioning as expected. The web browser itself will continue to work, but much of what you do with the browser will be broken. Also: How to protect yourself from phishing attacks in Chrome and FirefoxThis means every Firefox user around the world must update to the latest version; otherwise, they’ll find out the hard way that this upgrade isn’t optional. What is a root certificate? A root certificate is used to verify the authenticity of websites, add-ons, and software updates. Without a root certificate in place, your browser cannot verify these items, and you could wind up with malicious software on your hands. Also: The best secure browsers for privacyRoot certificates are crucial for the following reasons: Top-level validation: When a website or application requests a digital certificate from an intermediate certificate authority, it can be validated by checking the signature against the root certificate.Trusted certificates: When you visit a website, your browser checks that each certificate in the chain is signed by a trusted root certificate.Security chain: Every certificate has an issuer that points to a certificate higher in the hierarchy, which forms a chain of trust from the website back to the root certificate. More

  • in

    How to guard against a vicious Medusa ransomware attack – before it’s too late

    ZDNETFederal authorities are warning individuals and organizations to watch out for a dangerous ransomware campaign that has recently added hundreds of victims to its count. Identifying the ransomware as Medusa, the FBI, CISA, and MS-the ISAC (Multi-State Information Sharing and Analysis Center) have issued a joint advisory with details on how these attacks have played out and how people can defend themselves against them.What is Medusa?First spotted in June 2021, Medusa is a ransomware-as-a-service (RaaS) variant that targets critical infrastructure organizations, such as those in the medical, education, legal, insurance, technology, and manufacturing sectors. Using RaaS, the developers farm out work to affiliates who carry out the actual attacks. Since just last month, developers and affiliates have hit more than 300 victims. Medusa started as a closed ransomware variant, meaning that the same cybercriminals who develop the malware also carry out the attacks. But over time, it has transitioned to an affiliate model, where hired guns launch the attacks while the developers focus on ransom negotiations and other actions. Developers typically recruit affiliates on dark web forums and marketplaces, offering them anywhere from $100 to $1 million for exclusive work. Also: That weird CAPTCHA could be a malware trap – here’s how to protect yourselfThe affiliates compromise a targeted organization using one of two methods. Phishing campaigns are the primary approach, but the attackers also exploit unpatched software vulnerabilities to gain access to a company’s resources. Once that initial access is gained, the criminals use a variety of tools to advance further. Legitimate utilities such as Advanced IP Scanner and SoftPerfect Network Scanner are used to scan for vulnerable users, systems, and open ports to exploit. Tools like PowerShell and the Windows command prompt are used to compile a list of network and file resources. The next goal is to move laterally through the network to find files that can be stolen and encrypted. For that, the attackers use remote access software such as AnyDesk, Atera, and Splashtop in combination with Remote Desktop Protocol and PsExec. When they find a valid username and password, they’ll use PsExec to run certain files and processes with system-level privileges. Also: Why rebooting your phone daily is your best defense against zero-click attacksThroughout the entire attack, the criminals also need to cover their tracks and evade detection. For that, they may exploit vulnerable or signed drivers to kill endpoint detection and response tools. A utility known as Certutil is often used to skirt detection when accessing files for encryption. Additionally, the attackers may delete the PowerShell history to wipe their command lines. Double-extortion modelLike many other strains of ransomware, Medusa employs a double-extortion model. The stolen data is not only encrypted to prevent the victim from accessing it, but the criminals also threaten to release the data publicly unless the ransom is paid. Victims are told to respond to the ransom note within 48 hours, or else the attackers will contact them by phone or email. Also: Got a suspicious E-ZPass text? It’s a trap – how to spot the scamA Medusa data leak site lists the ransom demands with a countdown until the information is released publicly. But even before the countdown ends, Medusa will promote the sale of the stolen data to interested buyers. Victims can pay $10,000 in cryptocurrency to add another day to the timer. The reported culprit behind Medusa is a group called Spearwing, according to a report published by Symantec earlier this month. Since early 2023, the group has listed almost 400 victims on its data leak site, with the actual number likely much higher. Attackers using Medusa have demanded ransoms ranging from as low as $100,000 to as high as $15 million. More

  • in

    5 Chromecast features you’re not using enough on your TV (including a smart home buff)

    Jason Hiner/ZDNETSince 2014, Google’s Chromecast has been an affordable means for helping viewers turn their older model TVs into smart TVs, allowing them to stream content from their phones, tablets, and computers to a bigger screen. Also: ‘Untrusted device’ errors on Chromecast? Google is rolling out a fixAlas, the era of the Chromecast has come to an end. Google is replacing it with the Google TV Streamer, promising a faster processor, Thread and Matter integration, and the ability to summarize TV episodes or whole seasons, among other new tricks.But that doesn’t mean the Chromecast is obsolete yet; in fact, Google has promised to continue providing software and security updates for now. I found a number of cool things anyone can do with their trusty Chromecast that most users are unaware of. More

  • in

    TikTok rolls out a new Security Checkup tool. Here’s how it works

    Jakub Porzycki/NurPhoto via Getty Images TikTok is a few weeks away from the end of the 75-day extension that President Donald Trump granted the service in January. The extension followed a temporary ban for “national security” reasons.  As potential offers for TikTok roll in from potential US suitors and unprecedented levels of White House involvement continue […] More

  • in

    This slick Linux browser is like a tricked-out Opera – and it’s faster than Firefox

    ZDNETThere is no shortage of web browsers. But what makes FireDragon a browser you should try?First off, FireDragon was originally a fork of LibreWolf, but the development team (which is the same team behind Garuda Linux) decided to switch to the Floorp browser as its base.Also: I’ve tried nearly every browser out there and these are my top 6 (none are Chrome)FireDragon reminds me of a tricked-out version of Opera (without the integrated AI or Workspaces). There’s even a built-in Workspaces option, similar to that of Opera. As for the UI, I would have liked to at least see a vertical tabs option, but that can always be added via an extension (such as Sidebery). My only wish is that, when using extensions such as Sidebery, the horizontal tab bar could be hidden. What makes FireDragon special? The Garuda team knows its way around a UI, and it creates some of the coolest looking themes on the market. I’m not a big fan of dark themes, but I can admit that everything the Garuda developers touch turns out beautiful. But beyond the beauty, why should you consider FireDragon? Also: 5 great Chrome browser alternatives that put your privacy firstBefore we get too deep into this, know that FireDragon is only available for Linux and can be installed on Arch-based distributions from within the AUR repository and on other distributions via Flathub, AppImage, or binary tarballs. FeaturesWith that said, FireDragon is a privacy-focused web browser that includes: Searx and Whoogle search engines (the default being SearxNG), which can even be run locally (if necessary)Dark ReaderWorkspaces for improved tab managementdr460nized brandingFirefox account supportPresets for both profile-sync-daemon and Firejail (for even more security)Fast webpage loading thanks to customized settings, FastFox tweaks, and the disabling of media autoplayHidden navigation buttons (instead of grayed-out buttons when inactive)PBMode Security (for security/tracking protection that blocks HTTP loads at the network level)Latest Fingerprinting is an option in firedragon.cfgShips with uBlock Origin pre-installedA custom self-hosted sync server for Firefox accounts, which may provide additional privacy compared to standard Firefox syncMouse gestures, thanks to GesturefyThe thing about FireDragon that appeals to me is that it’s almost like the love-child of Firefox and Opera. It feels like Firefox but looks like Opera, and (to me) that’s a good thing. And because it’s privacy-focused, you can bet it’s safe to use. For example, out of the box, FireDragon uses Resist Fingerprinting (RFP) instead of the regular FireDragon fingerprinting protection settings. From within Settings > Privacy & Security > “Resist Fingerprinting & IP address leaks” section, you can enable strong protection against fingerprinting, which is the added protection from Firefox that includes forced light mode, some API disabling, and more. The one thing about this setting is that it will most likely break some sites you visit. Also: 6 obscure browsers that are better than ChromeThe good news is that the default protection is solid, so you probably won’t need to enable the strong protection against fingerprinting option. All of the bits and pieces found in FireDragon come together to create a nice and secure experience. More