PlayStation’s Holiday Sale is offering hit titles up to 75 percent off. You can get Game of the Year winner Elden Ring, NBA 2K23, Horizon Forbidden West, Gotham Knights, Sonic Frontiers and more at a discounted rate.
Ukraine is set to receive more than 10,000 Starlink terminals.
The country’s deputy prime minister Mykhailo Fedorov confirmed the news to Bloomberg. Several countries, part of the European Union, are ready to help pay for the service, he said.
The announcement momentarily puts an end to questions on how Ukraine could fund the satellite internet service. Starlink’s satellite internet terminals served as a vital source of communication when they first arrived in the country following Russia’s Invasion that destroyed Ukraine’s communications infrastructure.
But its presence was questioned this fall when SpaceX said it might stop funding the service. The company asked the U.S. to provide financial resources for the service.
“As of now all financial issues have been resolved,” Fedorov told Bloomberg. While he didn’t go into detail, Fedorov said it will need financial assistance by spring 2023.
Ukraine has received roughly 22,000 Starlink antennas since February.
“Regarding internet, we have a lot of Starlinks, but the key point is we have got a nod for another shipment that will be used to stabilize connection for critical situations,” Fedorov said.
Some source code of identity and access management provider Okta has reportedly been stolen from its private GitHub repositories, says the Bleeping Computer news service.
The site said it has obtained a security incident notification Okta has been emailing its security contacts. The site also says it has confirmed that multiple sources, including IT administrators, have received the same Okta email notification.
The email, from chief security officer (CSO) David Bradbury, says the company was told by GitHub about suspicious activity earlier this month and then discovered the attack.
The attacker didn’t access customer data or the Okta service, Bradbury said. The stolen code involves Okta Workforce Identity Cloud (WIC) and not any Auth0 (Customer Identity Cloud) products, he added.
It’s the second theft of code the company has reported in four months. In August, a person notified Okta that they possessed a copy of certain Auth0 code repositories dating from October 2020 and earlier. “We immediately launched a thorough internal investigation and enlisted the services of a leading third-party cybersecurity forensics firm. Both investigations, recently concluded, confirmed that there was no evidence of unauthorized access to our environments, or those of our customers, nor any evidence of any data exfiltration or persistent access.”
The company said it has taken steps to ensure that this code cannot be used to access Okta or customer environments. It has also notified law enforcement.
Okta bought Auth0, a cloud-based single-sign-on access management provider, in 2021. It isn’t clear from the Okta statement when the person acquired the Auth0 code, only that it wasn’t through customers or access to systems controlled by Okta.
Okta would be considered a prime target for threat actors. Enterprises around the world depend on it for providing universal, single-sign-on and passwordless login services protected with multifactor authentication.
Its most recent product is Okta for US Military, a new identity environment built for the U.S. Defense Department on Amazon AWS.
Okta was the victim of a third-party hack in January when the Lapsus$ extortion gang breached the IT environment of Twillio and used their access to steal one-time passwords sent via text message to Okta customers. Okta later apologized for not publicly responding fast enough when news of that attack broke.
“This time Okta’s reaction seems to be much faster and more professional compared to the January incident,” says Ilia Kolochenko, founder of ImmuniWeb.
“The consequences of this security incident may seem insignificant,” he added. “However, access even to a small part of the source code may have a domino effect on the organization. Oftentimes, some parts of source code is shared among different products, offering attackers a plethora of unique opportunities to reverse engineer business-critical software and find zero-day vulnerabilities.
“Likewise, modern source code still contains numerous hardcoded secrets, such as database passwords or API keys, despite the growing implementation of more secure mechanisms to handle secrets. This incident is a telling example that cybercriminals are now actively targeting their victims’ CI/CD [continuous integration/development] pipelines that have become prevalent in a corporate environment, whilst being largely underprotected due to the novelty and comparative complexity of the technology. We should expect more similar attacks in 2023.”
Having source code can make it easier for a threat actor to find vulnerabilities, Johannes Ullrich, director of research at the SANS Institute, said in an interview. But, he added, exploiting them depends on how good Okta is at scanning its code before making products live. “If they do their due diligence, the attacker should not have any easier time finding vulnerabilities than Okta has.”
The South Pasadena Police Department is looking to question a member of Elon Musk’s security team after the team member allegedly hit the car of another person — that person was the same one Musk later claimed was a threat to his family.
According to a press release shared by the police (via The Verge), the incident occurred at around 9:51pm on the 700 block of Mission Street in Pasadena, California. The press release notes that the victim, identified only as a 29-year-old from Connecticut, was the only one at the scene when police arrived.
The Connecticut man said he exited the 110 freeway and stopped to use his phone when another car “pulled directly in front of him, blocking his path.” According to the police report, the driver of that car got out and accused the Connecticut man of following him on the freeway. Both men apparently recorded each other on their phones. The driver then got back in his vehicle and, as he was leaving, struck the Connecticut man’s vehicle. When police arrived, the driver had already left the scene.
“At no time during the incident did the victim identify the suspect or indicate the altercation was anything more than coincidental,” the report reads.
The report goes on to note that two days after the incident, Pasadena police determined the driver was a member of Musk’s security team but that Musk was not present during the confrontation. The report notes that efforts are underway to contact Musk and his security team for statements.
These details come after Musk’s December 14th Twitter posts, which alleged that a stalker followed a car carrying his son, thinking Musk was in the vehicle. Musk tweeted that the alleged stalker blocked the vehicle from moving and climbed on the hood, but there is no mention of that in the police report. Musk also tweeted a video of a masked man sitting inside a car and asked if anyone recognized the person or the car.
Musk used the incident to justify banning several Twitter accounts
Those tweets kicked off a chaotic few days that saw Twitter ban Jack Sweeney and his @ElonJet account, which shared details about the flights of Musk’s private jet using publicly available information. Musk blamed the alleged stalker incident on Sweeney and Twitter introduced hasty new policies prohibiting the sharing of real-time location information. Moreover, Twitter started banning journalists covering the story and introduced another policy prohibiting accounts from linking to other platforms in a bid to tamp down on people linking to Sweeney’s accounts on other platforms. Musk eventually apologized and began rolling back the changes.
However,The Washington Post previously published a story with an interview with a person named Brandon Collado, who claimed to be in the video shared by Musk. Collado said he was driving for Uber Eats and showed the Post a video of what he claimed was a member of Musk’s security team. That video appeared to match the from shared by Musk but from the other angle. Collado made several odd claims referencing Musk’s ex-girlfriend, Canadian artist Grimes, and believed he received coded messages from Grimes through Instagram.
It will be interesting to see what other details emerge about the altercation, but so far, it seems like the @ElonJet account had little, if anything, to do with it. As noted by the Post, Musk’s jet landed in Los Angeles, California, on Monday, December 12th. Moreover, Musk was in San Francisco the previous night, where he was booed at Dave Chappelle’s comedy show. Police told the Post that there was no evidence to suggest the alleged stalker had used the jet-tracking account.
You can read the latest in the ongoing saga of Musk and Twitter here.
Google is working on diversifying the languages it uses in Search results to display information in more than one language, as first reported by Android Police.
The new experiment is starting with the Hindi language in India, but could soon be developed to support multilingual queries in French and English in Canada.
In a majorly multilingual market like India, Google has found that users prefer viewing Search results that are linguistically dynamic, and not just presented in the same language as the searched keyword.
Although users can find Search results in different languages, it either requires you to search for their query in the language they’re looking for the result in or change their device’s language outright.
At our eighth #GoogleForIndia, we shared the progress that we, along with our partners have made to bring you more AI-based innovations that are India-first and India-focussed.
What the company is doing now in India is making Search bilingual, regardless of the language your search keyword are in. “To make it easier for people who use more than one language to seek and explore information, we’re now making search results pages bilingual, for people who prefer it that way,” reads Google’s blog about the functionality. “Using advanced machine learning-based translation models and a cross-language search technology, we’ll serve you high-quality and relevant content in your local language alongside English results, if that’s how you choose to view them.”
The functionality has rolled out in Hindi, with Google intending to expand the feature to other Indian languages, including Tamil, Telugu, Marathi and Bengali, in the coming year.
The feature is likely to be tested in India for a while before it makes its way to other bi/multilingual countries like Canada.
More malware found in the PyPi registry, GitHub expands security scanning and more
Welcome to Cyber Security Today. It’s Wednesday, December 21st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
More warnings are going out to software developers who download code from open-source repositories. One comes from researchers at Phylum, who recently found 16 packages with versions of the W4SP information stealer dropped into the Python language open-source repository called PyPI. This comes after the discovery of 29 versions of W4SP found last month.
Separately,researchers at ReversingLabs discovered a malicious package in the Python PyPI repository that pretends to be a software development kit from cybersecurity firm SentinelOne. The package is named SentinelOne and appears at first glance to be a fully functional client from that company. That’s because it was built on top of legitimate SentinelOne code. However, its real job is to infect a developer’s code with a backdoor, which would spread to those who install the compromised software. Developers using PyPI, NPM, RubyGems, GitHub and other public repositories for pieces of code must scan and inspect anything they download from the internet before putting it in their apps.
GitHub is extending its program for scanning open-source libraries on the platform for poorly-written code that leak developers’ credentials. It’s called the secret scanning partner program, not because it’s a secret, but because the scanning looks for things that are called secrets such as credentials and access tokens. Until now the program has been available only to users of GitHub’s Advanced Security service. But last week GitHub began a gradual beta rollout of secret scanning for all code on the platform. . GitHub developers will see an alert in the “Code security and analysis” tab of their repositories. It will show the compromised secret, its location and suggested action to be taken. This year GitHub notified enrolled partners of over 1.7 million potential secrets exposed in publicly-accessible GitHub repositories.
Epic Games, the creator of video games including Fornite, has agreed to pay US$520 million to settle allegations of violating a U.S. children’s privacy law and for tricking players into making unintentional purchases. The deal with the U.S. Federal Trade Commission relates to a complaint that Epic used privacy-invasive settings and deceptive interfaces that tricked underage Fortnite players. Personal information was collected from players under the age of 13 without parental consent allegedly in violation of a commission rule. It also alleged Epic violated a rule by enabling real-time voice and text chat communications by default for underage players.
Finally, for most of the year a Russian-based threat group dubbed Trident Ursa has been targeting organizations in Ukraine. However, a new report from Palo Alto Networks says the group is also trying to boost its intelligence collection and network access against NATO countries. That includes trying to compromise a large petroleum refining company in an unnamed country in August. Also known by researchers as Gamaredon, Primitive Bear and Shuckworm, this group has been accused by Ukraine of being part of Russia’s Federal Security Service. The report is an update of the indicators of compromise IT and security teams in governments and organizations should be looking for.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
The U.K. government makes password sharing of streaming services illegal, a fan reverse-engineered the 1995 Star Wars games, and artists are revolting against AI art.
That’s all the tech news that’s trending right now. Welcome to Hashtag Trending. It’s Wednesday, December 21, and I am your host, Samira Balsara.
Yesterday, the UK government Intellectual Property Office (IPO) issued a new piracy guidance, suggesting that people who share their Netflix, Amazon Prime or Disney Plus passwords are potentially violating copyright law, TorrentFreak reported. In March 2017, Netflix tweeted; “Love is sharing a password”. Clearly this did not age very well, as this year, Netflix reported a significant slump in revenue, and password sharing is particularly to be blamed for limiting the number of new subscribers. Password sharing is almost always illegal in a streaming platform’s terms of service and watchdogs paint it as such. IPO said to TorrentFreak that some provisions in criminal and civil law may be applicable in the case of password sharing where the intent is to allow a user to access copyright protected works without payment. However, the bar for criminality is very low as using the services of a members’ club without paying is cited as an example of fraud in the UK.
1995 Star Wars Dark Forces game does not look like much today, given modern standards, but brought significant technical innovations to the first person shooter genre, an Engadget report explained. Revisiting 90s games is challenging and enthusiasts would have to buy a digital copy of the game from Steam or GOG and use DOSBox to run it on a modern computer. LuciusDXL however launched The Force Engine (TFE) to reverse-engineer LucasArts’ proprietary Jedi Engine and make the two games that were built with it–Dark Forces and 1997’s Outlaws–easier to run on modern systems. The Force Engine, version 1.0 is compatible with both the GOG and Steam versions of Dark Forces. Once you’ve installed the software, it will automatically detect the game’s executable, and you can start playing without needing to do things like adjusting cycles in DOSBox. The Force Engine also adds several features to make the games more attractive, such as widescreen resolutions, mouselook support, save system and more.
Artists are revolting against AI-generated art on Artstation. The platform, owned by Epic Games, allows game, film, media and entertainment artists to showcase their portfolio. Artists started protesting by spam posting the same image that reads No to AI Generated Image. Artists pointed out that AI-generated images were being featured on the platform’s main explore page and that the juxtaposition of AI art against theirs is degrading to their skill. ArtStation released a FAQ, in response, regarding AI artwork on its platform where it defended the inclusion of AI-generated works on its platform. The company stated that its “content guidelines do not prohibit the use of AI in the process of artwork being posted.”
Scientists in Australia have identified a molecule that activates receptors in similar ways as insulin, thereby opening possibilities towards uncovering oral alternatives for insulin shots for people with diabetes. According to New Atlas, progress was long hindered by the instability of the hormone in the insulin pill and its inability to pass through the digestive tract without being broken down. Scientists have therefore developed biocompatible packaging to protect the pill from digestive enzymes and oral capsules that inject insulin through microneedles. They claim that these findings solve the mystery of whether unrelated molecules can mimic the role of insulin and will help explore ways to control the signaling of insulin receptors.
That’s all the tech news that’s trending right now. Hashtag Trending is a part of the ITWC Podcast network. Add us to your Alexa Flash briefings or your Google Home daily briefing. Make sure to sign up for our Daily IT Wire newsletter to get all the news that matters directly in your inbox every day. Also, catch the next episode of Hashtag Tendances, our weekly Hashtag Trending episode in French, which drops every Thursday morning. If you have a suggestion or a tip, drop us a line in the comments or via email. Thank you for listening, I’m Samira Balsara.
In 2019, writer-director Rian Johnson delighted audiences with his thoroughly entertaining comedy-mystery film, Knives Out.
Now, he’s back with a standalone sequel, Glass Onion: A Knives Out Mystery. The new movie once again stars Daniel Craig as comically accented detective Benoit Blanc — this time as he works to solve a murder on a billionaire’s private island.
Like its predecessor, Glass Onion features a star-studded ensemble cast that includes Edward Norton, Janelle Monáe, Kathryn Hahn, Dave Bautista, Leslie Odom, Jr., Kate Hudson, Jessica Henwick and Madelyn Cline.
However, unlike the first Knives Out, Glass Onion only played in select theatres for one week in November. Otherwise, the movie will begin streaming exclusively on Netflix on December 23rd. This is part of Netflix’s larger deal with original Knives Out distributor Lionsgate to acquire Glass Onion and one more sequel for $450 million USD (around $612 million CAD).
Glass Onion premiered at the Toronto International Film Festival in September to significant critical acclaim, with some even saying it’s better than the original.
Xbox has announced that High on Life, the latest title from Rick and Morty co-creator Justin Roiland’s Squanch Games, has set three Xbox Game Pass records.
In a blog post, the gaming giant confirmed that the comedic sci-fi shooter, which hit Xbox consoles and PC on December 12th, is the biggest Game Pass launch of any third-party title to date, the biggest Game Pass release of 2022 and the biggest single-player launch in Game Pass history. Xbox says these stats are based on the number of hours played in the first five days of release.
Having any new IP hit a milestone like this is significant in and of itself, but High on Life‘s success is especially notable since the game was originally set to release on Google Stadia, as reported in June by Axios‘ Stephen Totillo. We’ve since learned that Google’s struggling game streaming platform is officially set to shutter next month, so Squanch Games certainly dodged a bullet with this one.
In High on Life, players assume the role of a teenage bounty hunter who must use living weapons to save Earth from an alien invasion. As a Roiland-produced project, the game also has a ton of Rick and Morty-esque humour, although that’s proven to be a bit divisive so far.
Xbox Game Pass costs $11.99/month or $16.99 for Game Pass Ultimate, which includes Game Pass for console and PC, EA Play, Xbox Live Gold and Xbox Cloud Gaming.
It’s crazy to think that The Witcher 3: Wild Hunt came out over seven years ago. At the time, I’d recently been laid off (RIP Future Shop) and jumped at the chance to lose myself in an expansive open-world. And boy, did it deliver, becoming one of my favourite games of all time.
Now, developer CD Projekt Red has given the last-gen RPG a fresh coat of paint on PS5 and Xbox Series X/S via a free update to Wild Hunt‘s Complete Edition. It couldn’t have come at a better time, too — as one of many people who felt burned by the studio’s mishandling of its most recent game, Cyberpunk 2077, there’s a lovely comfort in revisiting something so beloved, especially with a bevy of current-gen enhancements and bug fixes.
And after nearly 200 hours across the main game and its Hearts of Stone and Blood and Wine expansions (which are all included in the Complete Edition), the update has me finding even more enjoyment with the whole experience.
If you’re unfamiliar, Wild Hunt follows Geralt of Rivia, a magically enhanced monster hunter known as a witcher, who must find his adopted Ciri before the spectral warriors called The Wild Hunt. It’s a magnificently well-written tale that takes Geralt across the fantastical world of the Continent and embroils him in all kinds of fascinating political intrigue. The exceptional writing extends to the game’s many sidequests, which feel as high-quality as the main story missions and, as a result, flesh out the world even more. This all remains true in 2022, but it’s the technical improvements that have me falling in love once again with CDPR’s magnum opus, making it easily worth the time sink.
Like a lot of current-gen games, you now have a few graphical options, ranging from a 60fps performance mode with dynamic 4K resolution scaling and a 4K/30fps option with ray-tracing. The latter setting offers admittedly impressive lighting and shadow effects, but the trade-off for the reduced framerate ultimately wasn’t worth it for me.
But the 60fps performance mode is an absolute delight, adding a wonderful new level of smoothness to traversal and combat. On top of these options, CDPR has cleaned up several other aspects of the presentation, including crisper and more detailed character models, reworked foliage, richer foliage, a new ‘Gray Sky’ weather type and higher crowd density. Some fan-made mods have also been brought over from the PC version for further enhancements. The end result is something that looks and feels like a modern game, especially when you factor in how dense and NPC-heavy the world can be.
But beyond that, it actually encouraged me to play a bit differently. Admittedly, I sometimes rush through areas to get to the next quest or cutscene, in part because the experience is grabbing me but also because I just want to get to the next game in my ever-growing backlog. With the new Wild Hunt update, though, I found myself going through the Continent more methodically, even after I’d taken the time to initially take note of what’s improved.
I wanted to live and breathe in this world and soak in all of its refreshingly distinct Slavic-inspired touchstones, from the musky, sweltering swamps and lush, colourful forestry to the lively, bustling medieval cities. It’s a testament to the quality of both the original world design and the presentational overhaul that I felt this added layer of immersion. (The new photo mode is the perfect way to capture all this beauty.)
Gameplay-wise, CDPR has also made some smart changes. On a base level, there are new control and camera options to tweak how Geralt feels while moving, a nice way to address some complaints of clunky handling in the original game. But the bigger, more profound change is the utility of magic, known here as ‘Signs.’ As a witcher, Geralt can cast five basic Signs: Aard (a telekinetic blast), Axii (a Jedi mind trick-esque confusion spell), Igni (projectile fire), Yrden (slows down the enemy) and Quen (a temporary protective shield). In the original version of Wild Hunt, you would have to pull open a radial wheel to toggle equipped Signs, which could definitely slow the pace of battles.
Fight for Ciri. Fight to protect the helpless. Fight for principles. Fight as you were taught in a manner worthy of a witcher from the School of the Wolf 🐺
With the update, you can enable ‘Quick Sign Casting,’ which allows you to assign a spell to your controller’s face buttons and bring them using L2. My muscle memory had gotten accustomed to the wheel, but once I got the hang of the streamlined control option, it was a genuine revelation. All told, it significantly adds to the rhythm of the core combat, which is admittedly not terribly deep from a mechanical standpoint.
The layers instead came from how you respond to the staggeringly high number of enemies you encounter, like reading up on a monster’s strengths and weaknesses and brewing the necessary potions to counter that. That’s all still there, of course, but now you’re also encouraged to more actively switch between your Signs, making the already balletic swordplay feel more dynamic and engaging. For example, Yrden’s circular area of effect makes it effective for crowd control, but sometimes you just want to switch to Igni which, when upgraded, can have Geralt shooting a stream of flame out of fingers and incinerate foes.
Another noteworthy addition is a new questline that, upon completion, unlocks a set of armour inspired by Henry Cavill’s Geralt in Netflix’s The Witcher series. I could never get into the show, but it’s an undeniably cool way to add even more value to the update while paying homage to a popular part of The Witcher franchise. If nothing else, there’s a real novelty in hearing Geralt voice actor Doug Cockle reprise the role for some more charming and gravelly lines of dialogue.
In the end, I’ve really enjoyed my time with The Witcher 3‘s ‘next-gen’ update. From the litany of technical improvements to the small-but-meaningful gameplay additions, this really feels like a low-key remaster of an all-time great RPG. That CDPR is offering all of this for free is just brilliant, as it’s easy to see how other publishers would have sold this separately or even charged a small fee to upgrade. Whether you’re someone who’s never played The Witcher 3 or are an avid fan like I am, this update makes it absolutely worth your while to plan a trip to the Continent.