The Verge United States of America

Google warns of ‘novel social engineering method’ used to hack security researchers - The Verge

Google says government-backed hackers based in North Korea are targeting security researchers with social engineering method and vulnerabilities. These includes unpatched Windows 10 and Chrome vulnerabilities.

Government-backed hackers in North Korea are reportedly responsible Illustration by Alex Castro / The Verge Government-backed hackers based in North Korea are targeting individual security researchers through a number of means including a novel social engineering method, Googles Threat Analysis Group is reporting. The campaign has reportedly been ongoing for several months, and worryingly appears to exploit unpatched Windows 10 and Chrome vulnerabilities. Although Google doesnt say exactly what the aim of the hacking campaign is, it notes that the targets are working on vulnerability research and development. This suggests the attackers may be trying to learn more about non-public vulnerabilities that they can use in future state-sponsored attacks. Hackers set up a network of Twitter accounts and a cybersecurity blog According to Google, the hackers set up a cybersecurity blog and series of Twitter accounts in an apparent attempt to build and amplify credibility while interacting with potential targets. The blog focused on writing up vulnerabilities that were already public. Meanwhile, the Twitter accounts posted links to the blog, as well as other alleged exploits. At least one of the purported exploits was faked, according to Google. The search giant cites several cases of researchers machines having been infected simply by visiting the hackers blog, even when running the latest versions of Windows 10 and Chrome. The social engineering method outlined by Google involved contacting security researchers, and asking them to collaborate on their work. However, once they agreed, the hackers would send over a Visual Studio Project containing malware, which would infect the targets computer and start contacting the attackers server. According to Google, the attackers used a range of different platforms including Telegram, LinkedIn and Discord to communicate with potential targets. Google listed specific hacker accounts in its blog post. It says anyone whos interacted with these accounts should scan their systems for any indication theyve been compromised, and move their research activities onto a separate computer from their other day-to-day usage. The campaign is the latest incident of security researchers being targeted by hackers. Last December, a leading US cybersecurity firm FireEye disclosed that it had been compromised by a state-sponsored attacker. In the case of FireEye, the target of the hack were internal tools it uses to check for vulnerabilities in its clients systems.

Facebook users’ phone numbers are for sale through a Telegram bot - The Verge

533 million Facebook users had their phone numbers and other data leaked in 2019. Now, someone is selling access to that data using a Telegram bot, and charging $20 per phone number.

Its $20 per number, unless youre buying in bulk Illustration by Alex Castro / The Verge Someone has gotten their hands on a database full of Facebook users phone numbers, and is now selling that data using a Telegram bot, according to a report by Motherboard. The security researcher who found this vulnerability, Alon Gal, says that the person who runs the bot claims to have the information of 533 million users, which came from a Facebook vulnerability that was patched in 2019. With many databases, some amount of technical skill is required to find any useful data. And there often has to be an interaction between the person with the database and the person trying to get information out of it, as the databases owner isnt going to just give someone else all that valuable data. Making a Telegram bot, however, solves both of these issues. Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts. This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021 The bot allows someone to do two things: if they have a persons Facebook user ID, they can find that persons phone number, and if they have a persons phone number they can find their Facebook user ID. Though, of course, actually getting access to the information you're looking for costs money unlocking a piece of information, like a phone number or Facebook ID, costs one credit, which the person behind the bot is selling for $20. Theres also bulk pricing available, with 10,000 credits selling for $5,000, according to the Motherboard report. The bot has been running since at least January 12, 2021, according to screenshots posted by Gal, but the data it provides access to is from 2019. Thats relatively old, but people dont change phone numbers that often. Its especially embarrassing for Facebook as it historically collected phone numbers from people including users who were turning on two-factor authentication. At the moment its unknown if Motherboard or security researchers have contacted Telegram to try to get the bot taken down, but hopefully its something that can be clamped down on soon. Thats not to paint too rosy a picture, though the data is still out there on the web, and its resurfaced a couple of times since it was initially scraped in 2019. Im just hoping that the easy access will be cut off.

Microsoft mocks Apple’s doomed Touch Bar in new Surface ad - The Verge

Microsoft’s new Surface commercial takes aim at Apple’s Touch Bar. The new TV ad pits the MacBook Pro against the Surface Pro 7, and bizarrely claims Surface is good for gaming.

Apples Touch Bar might be disappearing soon

The Xbox Series X is available at Target - The Verge

If you’ve had a hard time purchasing Microsoft’s flagship gaming console, the Xbox Series X, Target has a limited supply available on Sunday, January 24th, while supplies last.

This console has been difficult to find since its launch If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement. Photo by Vjeran Pavic / The Verge Microsofts flagship Xbox Series X is one of the most powerful gaming consoles available right now. If you are having difficulty finding it, Target has restocked the Xbox Series X today, so you may want to check it out while supplies last. Given the challenge it has been to secure a unit, inventory will likely not last long. Although no walk-in purchases are available, you will have the option to either have it shipped to your home or request an in-store pickup. Like every major hardware launch, the demand for the Xbox Series X and its competitor, the PlayStation 5, is through the roof, and the usual problems of supply and demand are exacerbated by the fact that both next-gen consoles launched during a pandemic. Many retailers have sold the console exclusively online. The biggest struggle has been trying to guess when and where the next PS5 or Xbox Series X / S restock will happen, and there is no clear indication of when they will resume in-store walk-in purchases. Prices taken at time of publishing. The Xbox Series X is Microsofts flagship console, serving as its most powerful (and biggest) option.

Facebook says ‘configuration change’ caused some users to be logged out unexpectedly - The Verge

A problem in Facebook’s app that caused some users to be abruptly logged out late Friday has been resolved, according to the company, which blamed the issue on a “configuration change.”

Users of the iOS app reported problems logging back in with two-factor authentication Friday Illustration by Alex Castro / The Verge Facebook says some users were logged out of their accounts unexpectedly Friday due to a configuration change, and the issue has been fixed as of Saturday morning. On January 22, a configuration change caused some people to be logged out of their Facebook accounts. We investigated the issue and fixed it for everyone earlier today. Were sorry for the inconvenience, a Facebook company spokesperson said in an email to The Verge. So Facebook, heard it was a "configuration change". to the engineers who fixed the issue and patiently tried to explain the cause to us to no avail. https://t.co/AUARhCZ7W2 Facebook App (@facebookapp) January 23, 2021 The problems began late Friday ET, with users on the r/Facebook Reddit board reporting they were receiving sign in prompts from their Facebook apps, but they had not signed out. Engadget found that iPhone users appeared most affected by the log-out issue, noting that users of Facebooks iOS app were having difficulty logging back into their accounts when using two-factor authentication. Most were able to log back in, but the authentication codes needed were taking a long time to reach users.

Microsoft backtracks on Xbox Live Gold price hike - The Verge

Microsoft has reversed its controversial Xbox Live price increase. The company announced a price hike on Friday that would have doubled the cost of a yearly subscription to the service for many users, but now it says the prices will stay the same.

Free-to-play games will also no longer require a Gold subscription Illustration by Alex Castro / The Verge Microsoft has reversed its controversial Xbox Live price increase. The company announced a price hike on Friday that would have doubled the cost of a yearly subscription to the service, which is required to play games online on Xbox consoles, to $120 for many users. Now, though, Microsoft says the price will stay the same. Beyond that, Microsoft has decided to bring Xbox Live in line with Sony and Nintendos online services by dropping the subscription requirement for free-to-play games. Popular free-to-play titles like Fortnite are playable on PlayStation consoles and the Nintendo Switch without an online subscription, but you still need one for Xbox consoles; Microsoft says its working hard to deliver this change as soon as possible in the coming months. Heres Microsofts full statement, which was just delivered as an update to a blog post: We messed up today and you were right to let us know. Connecting and playing with friends is a vital part of gaming and we failed to meet the expectations of players who count on it every day. As a result, we have decided not to change Xbox Live Gold pricing. Were turning this moment into an opportunity to bring Xbox Live more in line with how we see the player at the center of their experience. For free-to-play games, you will no longer need an Xbox Live Gold membership to play those games on Xbox. We are working hard to deliver this change as soon as possible in the coming months. If you are an Xbox Live Gold member already, you stay at your current price for renewal. New and existing members can continue to enjoy Xbox Live Gold for the same prices they pay today. In the US, $9.99 for 1-month, $24.99 for 3-months, $39.99 for 6-months and $59.99 for retail 12-months. Thank you. Microsofts focus in recent years has been on Xbox Game Pass, which has an Ultimate tier that includes access to Xbox Live Gold. While Game Pass provides great value for many players, the Gold price increases came off as an attempt to nudge people into paying for the more expensive service. Its not surprising that the initial announcement was so poorly received, but Microsofts reversal is good news for Xbox Live Gold subscribers who arent interested in Xbox Game Pass, and even better news for people who only use Xbox Live Gold to play free-to-play games.

Apple’s 2021 MacBook Pros will reportedly bring back the SD card slot - The Verge

Apple’s 2021 MacBook Pro models will finally bring back the SD card slot, according to a new report, in one of the most requested changes to the laptop lineup since the memory card slot was removed in 2016.

Apple may finally be bringing an integrated SD card slot to its upcoming 2021 models of its MacBook Pro laptops, according to a new report from Bloombergs Mark Gurman, in a move that would restore the popular port standard to the companys computers. The MacBook Pro lineup hasnt offered an SD card slot since Apple removed the feature in its 2016 redesign, which excised all the ports from the laptops in favor of four universal USB-C ports. This forced many professional users who rely on the popular memory card format to import photos and videos to their computers for editing to turn to much-reviled dongles to get the same functionality. The news comes after an earlier report from Gurman that originally detailed some of the changes that Apple was planning for the upcoming 14-inch and 16-inch designs. These changes include removing the controversial Touch Bar interface in exchange for physical function keys; offering a more squared-off design thats in line with the recent iPad Pro, iPad Air, and iPhone 12 lineups; adding brighter displays; and bringing back Apples magnetic MagSafe chargers. Thats all in addition to the biggest change, which will see the high-end laptops move from Intels processors to a more powerful version of Apples in-house, ARM-based M1 chipset. Noted Apple analyst Ming-Chi Kuo corroborated those reports by claiming that the new laptops would offer additional ports, but today marks the first confirmation of the SD card slot specifically. The news of the SD card slots return actually comes as an aside in a larger report on Apples planned refresh for a high-end MacBook Air model, which is said to offer similar MagSafe and processor benefits as the new MacBook Pros. Unfortunately, though, theres no mention of the SD card slot being offered on the upcoming Air refresh just a pair of USB-C ports.

Bond, Uncharted and Ghostbusters movies all just got delayed - The Verge

The upcoming James Bond film, No Time To Die, has been delayed for a fourth time. It’s set to release on October 8th, 2021. Uncharted is now coming in 2022, and Ghostbusters not till this fall.

No Time to Die was originally slated for April 2020 Photo: DANJAQ and MGM / Nicola Dove Hollywood has decided tonights the night to shove back their slate of films including James Bonds latest outing No Time To Die, the Uncharted movie, and Ghostbusters: Afterlife. No Time to Die now has a release date of October 8th, Ghostbusters will be pushed back five months to November 11th, and Uncharted now wont arrive until 2022, Exhibitor Relations reports. Bond was the big film whose third delay was enough to force theater chains Regal and Cineworld to close all their US and UK locations. It was originally slated for April 2020, then got pushed back to November 2020 and now to April 2021. If youre counting, this news marks the fourth delay. Instead of releasing the movie on streaming, as other studios have been doing, MGM seems adamant on premiering the movie in theaters but by the time its safe to do so, there may not be as many of them. AMC has warned investors that its about to run out of money, and other theaters also might not survive past the middle of 2021. So the Bond franchise moving to the end of the year is not a good sign. We can probably expect even more films to be delayed as delay piles on top of delay, since only a certain number of films can successfully premiere at physical theaters in any given span of time. Big ones we're waiting on right now: -F9-Black Widow-Minions: Rise of Gru-Top Gun: Maverick-Shang-Chi Not as big, but: -Cruella-Free Guy julia alexander (@loudmouthjulia) January 22, 2021 We havent heard from Disney yet, but you can also add delays for Edgar Wrights Last Night In Soho! (now October 22nd)andSonys Cinderella (now July 16th)to the pile.

The Raspberry Pi Pico is a tiny $4 microcontroller running off the company’s very own chip - Circuit Breaker

The Raspberry Pi Foundation has announced the Raspberry Pi Pico, a $4 microcontroller. The computer features the new RP2040, which will also show up in other products, thanks to the foundation’s partnership with companies like Adafruit, Arduino, and Pimoroni.

Filed under: The Raspberry Pi Foundation is designing its own chips Image: Raspberry Pi Foundation The Raspberry Pi Foundations tiny computers can be used for anything from homemade cameras to cucumber sorters, and now, the group is branching out into microcontrollers and custom silicon. The Raspberry Pi Pico is the first step. Its a new $4 microcontroller thats smaller than the average Pi, features a custom chip powerful enough to be used in machine learning projects (according to The Raspberry Pi Foundation), and is on sale now. In its introductory blog post, the company explains that todays Raspberry Pis are already often used alongside a smaller microcontroller: The Raspberry Pi takes care of heavyweight computation, network access, and storage, while the microcontroller handles analogue input and low-latency I/O and, sometimes, provides a very low-power standby mode. Now, the company has one of its own. In a first for the microcomputer maker, the Pico is powered by a custom chip designed in house called the RP2040. The Pico board features the new chip, 2MB of flash memory, a clickable button, and a Micro USB Type B port. Here are the RP2040s full specs: Dual-core Arm Cortex-M0+ @ 133MHz 264KB (remember kilobytes?) of on-chip RAM Support for up to 16MB of off-chip Flash memory via dedicated QSPI bus DMA controller Interpolator and integer divider peripherals 30 GPIO pins, 4 of which can be used as analogue inputs 2 × UARTs, 2 × SPI controllers, and 2 × I2C controllers 16 × PWM channels 1 × USB 1.1 controller and PHY, with host and device support 8 × Raspberry Pi Programmable I/O (PIO) state machines USB mass-storage boot mode with UF2 support, for drag-and-drop programming Those specs might go in one ear and out the other, but the best way to illustrate the potential for a new Raspberry Pi product is to see it used in something cool. The Raspberry Pi Foundation is partnering with companies like Arduino, Adafruit, and Pimoroni to integrate the new RP2040 chip into other boards and gadgets. Theres a whole list in the blog post announcing the Pico, but a few notable ones are Pimoronis PicoSystem game console, Adafruits Feather RP 2040 board, and the Arduino Nano RP2040 Connect. The Raspberry Pi Pico is available now from approved resellers for $4. The microcontroller will also be given away for free in February issues of HackSpace magazine.

Apple’s first VR headset reportedly includes a fabric design, a fan, and expensive price tag - The Verge

Apple’s first VR headset might be an expensive and niche device. A new report claims the headset may arrive in 2022 with a fabric design, a fan, and an expensive price tag.

Apples first VR headset could be a niche device Illustration by Alex Castro / The Verge Apple is reportedly working on a VR headset that will include a fabric design, a fan, and an expensive price tag. Bloomberg News reports that Apples first VR headset may launch as soon as 2022 as a standalone device that operates through batteries, similar to the Oculus Quest 2. Apple is reportedly working on some of its most advanced and powerful chips for this unannounced VR headset, with some chips reportedly beating its own M1 Mac processors. Apple has reportedly faced challenges in the development of this headset, with some prototypes ending up too big and heavy. Apple is reportedly using a fabric exterior to reduce the headset weight, but the company is also using a fan an unusual move for Apple given its emphasis on fan-less design. The Oculus Quest 2 VR headset. Photo by Amelia Holowaty Krales / The Verge Bloomberg News also reports that the size of Apples VR headset, which is codenamed N301, is similar to the Oculus Quest, and some prototypes being tested include external cameras to enable some AR features. Apple is also reportedly testing the ability to use these cameras to track hand movements, and include software features like a virtual keyboard. Its not clear exactly when Apples VR headset will launch, but it could be as soon as 2022. It will reportedly be an expensive and niche device, with some at Apple rumored to be anticipating that the company may sell only one headset per day at each of its retail stores, or less than 200,000 units per year. Apple has been working on VR and AR headsets for years, according to various reports. Bloomberg News also published a detailed look at Apples VR and AR ambitions last year, noting that the company has around 1,000 people working on AR and VR.

Samsung Display is mass-producing 90Hz OLED screens for laptops - The Verge

Samsung Display has announced plans to mass-produce the world’s first 90Hz OLED screens designed for laptops. Manufacturing will begin in March in “very large quantities,” and “several” laptop manufacturers are said to be planning models for this year.

Several companies set to introduce 14-inch OLED models this year Samsungs 2020 Galaxy Chromebook. Photo by Monica Chin / The Verge Samsung Display has announced plans to mass-produce the worlds first 90Hz OLED screens designed for laptops and says that several global IT companies are expected to release models with the new panels this year. Manufacturing will begin in March in very large quantities, the company says in a statement attributed to CEO Choi Joo-sun. The panels are 14-inch in size, though Samsung Display hasnt given details on specs like aspect ratio or resolution; its possible that there will be multiple versions available. Samsung does cite the faster response time of its OLED panels, claiming practically the same amount of blurring as a 120Hz LCD when displaying fast-moving content. No potential laptop OEM partners were named in the statement. OLED displays arent unheard of in laptops, but theyre not at all commonplace. While quite a few gaming laptops offer them as an option, the tradeoff there is that youve had to give up on high refresh rates. And despite Samsung itself launching an OLED-equipped Galaxy Chromebook last year, the 2021 followup uses a cheaper QLED-branded LCD display instead. Samsung is the worlds biggest vendor of OLED display panels, so the announcement today suggests that OLED laptops are likely to become much more of a common sight this year.

Jim Bridenstine leaves Artemis program ‘in good shape’ for Biden’s NASA - The Verge

Former NASA administrator Jim Bridenstine spent his last days in office courting support for the Artemis program before handing it off to President Joe Biden, whose focus on other priorities makes the Moon program’s future uncertain.

Donald Trumps NASA chief leaves on a bipartisan note, handing the Artemis program off to President Biden Photo by Bill Ingalls / NASA At 12PM ET today, Jim Bridenstine officially stepped down from his role as NASA administrator. During his time at the agency, the former Oklahoma congressman and Naval aviator used his political chops to drum up bipartisan support for the Trump administrations Artemis program, the agencys cornerstone initiative to land humans on the Moon by 2024 a deadline widely viewed as nearly impossible to meet. In anticipation of President Joe Biden taking office and the Senate transitioning to Democratic control, Bridenstine, a Republican, spent his final days as administrator making one last push for the Artemis program, a parting bid to insulate the program from potential cancellation. Last week, he met with top Democrats including Sen. Patrick Leahy, whos expected to become the second-highest-ranking official in the Senate once Biden takes office. We have done everything we can to build the consensus necessary for this program to be long-term sustainable, Bridenstine told The Verge in an interview before heading out. I think as hard as weve worked to build the consensus over the last three years, I think were in good shape. I think as hard as weve worked to build the consensus over the last three years, I think were in good shape. The multibillion-dollar Artemis program will face a new administration focused on building consensus around other priorities, including battling the coronavirus pandemic and tackling climate change. Already, Congress has balked at the idea of a 2024 deadline for landing humans on the Moon: of the $3.3 billion NASA said it needed for next years budget to stay on track for 2024, Congress came up with $850 million. But Bridenstine still views that as a win: during a pandemic, NASAs budget is billions more than what it was when he took office. The $850 million for NASA marks the first time Congress agreed to fund a human lunar lander since the Apollo program. Thats notable, Casey Dreier, senior space policy adviser at The Planetary Society, said in an interview. It didnt get that far during the constellation program, the last time we tried going to the Moon. NASA couldnt successfully make the case to Congress as to why they needed the money now, and why they needed it for 2024 But it also shows NASA couldnt successfully make the case to Congress as to why they needed the money now, and why they needed it for 2024, Dreier said. On Wednesday, Bridenstine tweeted a final message as administrator in an emotional three-minute video, emphasizing that eliminating division is key to enabling long-term success for Artemis and welcoming the next administrator who will inherit the program. With that I say farewell. And Ill tell ya, when a new team comes in, give them all your support. Because they need it, they deserve it, and of course what were trying to do, were not only crossing multiple administrations, but multi-decade and multigenerational, he said. It has been my great honor to serve as your @NASA Administrator. I will miss the amazing NASA family and will forever be grateful for my time at this incredible agency. Ad astra. pic.twitter.com/Zba4MTawPV Jim Bridenstine (@JimBridenstine) January 20, 2021 Steve Jurczyk, NASAs former number two under Bridenstine, assumed the role of acting administrator at noon once Biden was sworn in. President Biden is expected to pick a woman to fill the NASA administrator role, which has only been occupied by men since the agencys founding in 1958. His transition team for NASA, led by the director of the National Air and Space Museum, Ellen Stofan, has spent over a month reviewing the agencys top programs and interviewing agency personnel, but it hasnt released any hints on where Biden will officially stand on space policy issues. Bridenstine told The Verge he plans to take a job in his home state of Oklahoma but declined to specify what that job will be. Asked if hes running for office again, he said Oh, no no no. No. Ill tell ya, I have no desire to run for office. They say never say never, but it would take something significant to get me back into politics. Ive never been so happy to not be in politics. In the Twitter video, where he choked up thanking NASA employees, Bridenstine ended with a simple message: Go get em. Go NASA. Ad astra.