Technology

Encrypted email service Tuta was the victim of multiple DDoS attacks this week.

The German-based provider first announced the incident with a post on X on Tuesday, December 3, 2024, with another attack causing the service downtime two days later. Tuta is said to have successfully mitigated both attacks, but some users are still lamenting issues accessing their accounts or using the service.

Short for Distributed Denial of Service, a DDoS attack's goal is to make a website, service, or machine inaccessible to users. Cybercriminals achieve this by flooding the targeted network with internet traffic to overwhelm their capacity to carry on with legitimate requests.

The impact on Tuta's users

"While we have to mitigate DDoS attacks constantly, and usually do so without the users noticing, the attackers used new attack vectors which our DDoS protection system was not prepared for," Hanna Bozakov, press officer at Tuta, told TechRadar, commenting on this week's incidents.

We are a privacy-focused service, we can not simply hide our application behind mitigation services

Matthias Pfau, Tuta's co-founder

DDoS attacks cause downtime to targeted networks as they become unable to respond to user queries. On a practical level, people using Tuta services couldn't get into their accounts.

While Tuta users couldn't access their mailbox for some time, Bozakov ensures that no emails received during the attack have been lost or users' privacy has been compromised. She said: "[Users' data] is encrypted end-to-end on our servers, and no data has been harmed. The attacks only aim at the availability of our service."

The team is currently working on hardening its systems against these types of attacks. As Matthias Pfau, co-founder of Tuta, explains, however, these incidents are among the challenges of building a privacy-first secure email service.

He said: "As we are a privacy-focused service, we can not simply hide our application behind mitigation services that require our SSL key for their service. This would be a violation of the trust that users put into Tuta Mail to keep their data safe and private."

We should support Tuta - especially NOW from r/tutanota

Tuta's sub-Reddit group has been filled with frustrated customers reporting connectivity issues starting on Monday, with the latest report being shared only a few hours ago.

The provider, however, confirms the attacks have now been mitigated. At the time of writing, Tuta's status page also confirmed that "all systems are operational."

If you are still experiencing issues accessing your inbox, this could mean your IP address has been blocked during the attacks by Tuta's DDoS protection system.

One of the best VPN apps could help here as it spoofs your IP by assigning you another one for each session. Bear in mind, though, that VPNs could also have been blocked by Tuta's mitigation systems as many people tried to use them during the attack.

Bozakov then suggests rather using a completely different connection to access your Tuta's app, such as another WI-Fi or mobile internet data.

The provider is still analyzing the attacks at the time of writing and is set to publish a detailed report of what happened in the coming days.

• Microsoft says a new threat actor started targeting critical infrastructure
• The group is linked to Silk Typhoon
• It engages in spear phishing and vulnerability exploits

Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States.

This is according to Sherrod DeGrippo, director of threat intelligence strategy at Microsoft.

Speaking to The Register recently, DeGrippo said that the group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices.

Commodity malware

Once they get the access, they deploy different Remote Access Trojans (RAT) and other malware to obtain login credentials for services such as Microsoft 365. They also steal sensitive documents and whatever else they can get their hands on. The goal of the campaign is cyber-espionage.

An interesting thing about Storm-0227 is that it uses off-the-shelf malware which, a few years ago, would come as quite the shock: “Even national-aligned threat actors … are pulling commodity malware out of that trading ecosystem and using it for remote access," she told the publication. Half a decade ago "that was sort of a shocking thing to see a nation-sponsored, espionage-focused threat actor group really leveraging off the shelf malware," she added. "Today we see it very frequently."

There was no word on the number of victims, but DeGrippo described the group as an “embodiment of persistence”.

"China continues to focus on these kinds of targets," she said. "They're pulling out files that are of espionage value, communications that are contextual espionage value to those files, and looking at US interests."

Storm-0227 seems to overlap, at least in part, with Silk Typhoon, it was further said. There is a whole list of “typhoon” threat actors, all on the payroll of the Chinese government, and all apparently tasked with spying on western governments, critical infrastructure firms, and other areas of interest (military, aerospace, and similar).

That includes Volt Typhoon, Salt Typhoon, Flax Typhoon, and Brass Typhoon. Salt Typhoon was recently linked to a number of high-profile breaches, including at least four major US telecom operators.

Via The Register

You might also like

• Chinese hackers reportedly infiltrate several major US internet firms
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

Thanks to iOS 16 (and now iOS 18), you can view, copy and share Wi-Fi passwords much easier than before.

This charging station is down to an all-time low price, just in time for those last minute holiday gifts.

More than 70,000 people have their Social Security benefits suspended or terminated each year.

"We need to get this next test flight right," said NASA Administrator Bill Nelson.

Sea kelp, otherwise known as bladderwrack, has become a trendy superfood. But the modern hype doesn’t hold up.

The Christmas countdown is underway, with the best streaming services serving up a variety of festive films and not-so-seasonal favorites. From this year's best new movies finally getting a streaming release to the premieres of new DC Cinematic Universe (DCU) and Star Wars series, there's a real mix of fresh content to get through this weekend.

The star power in this week's lineup is also immense: You'll be able to catch Margo Martindale as a maple syrup farmer, Scarlett Johansson and Channing Tatum faking a moon landing, Kiera Knightly kicking ass, a haunted Winona Ryder, Sabrina Carpenter being, well, Sabrina Carpenter, David Harbour as Frankenstein, and Nick Frost as a rusty droid. Enjoy!

Star Wars: Skeleton Crew (Disney Plus)

It's high time that Star Wars started dipping its toes in other genres. And, after the critical success that spy thriller series Andor was met with in mid- to late 2022, a pirate-themed galactic misadventure in the shape of Star Wars: Skeleton Crew has arrived to expand the iconic sci-fi franchise's horizons.

So, what's it about? Essentially, four kids who get lost in space who, with the aid of Jude Law's enigmatic Jod Na Nawood and a cranky, decrepit droid named SM-33 (voiced by Nick Frost), try to get back home. Think of it as 'Goonies in space' and you'll get the gist. Its first two episodes are already available on Disney Plus, but read my Star Wars: Skeleton Crew review first to find out why it's not only a show worth *ahem* treasuring, but also one that's destined to join our best Disney Plus shows guide.

Tom Power, senior entertainment reporter

• Watch Star Wars: Skeleton Crew on Disney Plus

Creature Commandos (Max)

The DC Extended Universe (DCEU) is dead, long live the DCU! Okay, the acronyms are almost identical, but James Gunn and Peter Safran's rebooted DCU couldn't be more different to its now-defunct and frustratingly inconsistent shared universe.

A prime example of how different the DCU will be is clear in DCU Chapter One's first project: Creature Commandos. An R-rated animated series, it follows Task Force M, a group of supervillains and anti-heroes charged with protecting Princess Ilana of Pokolistan from Circe, a powerful sorceress and long-time Wonder Woman adversary.

Check out my spoiler-free review of Creature Commandos to learn more about it ahead of tuning in to see its two-episode premiere on Max. In short: it's good enough that it'll squeak onto our best Max shows list, but I hope future DCU projects like Gunn's Superman movie will be even better.

Tom Power, senior entertainment reporter

• Watch Creature Commandos on Max

A Nonsense Christmas with Sabrina Carpenter (Netflix)

Which artists were at the top of your Spotify Wrapped 2024 this year? I've been hearing a real eclectic mix in the office, but Sabrina Carpenter has been a clear favorite. Indeed, when TechRadar's Rowan Davis heard about Netflix's holiday music special with the pop princess, he couldn't contain his excitement.

Expect to tune into Carpenter performing songs from her holiday record Fruitcake, then, as well as other Christmas covers, alongside some guests, including comedians and other artists tonight at 6pm ET / 11pm GMT on Netflix. Now, please please please grab an espresso, as you won't want to sleep through this.

Amelia Schwanke, senior entertainment editor

• Watch A Nonsense Christmas with Sabrina Carpenter on Netflix

Beetlejuice Beetlejuice (Max)

The anticipated follow-up to 1980s classic horror comedy Beetlejuice is a real treat. With a star-studded cast including the return of original stars Michael Keaton, Winona Ryder, and Catherine O'Hara, plus newcomers Monica Bellucci, Jenna Ortega and Willem Dafoe, Beetlejuice 2's ensemble easily made it one of my most anticipated new Max movies for December.

Set more than 30 years after the first movie, it follows Lydia Deetz who's, unsurprisingly, now a woman – and one struggling to keep her family together in the wake of a loss as Beetlejuice returns to haunt her. It doesn’t quite reach the heights of the first flick, but it’s still a very good watch and worthy of a spot on the best Max movies list.

Lucy Buglass, senior entertainment writer

• Watch Beetlejuice Beetlejuice on Max

Black Doves (Netflix)

It's the most wonderful time of the year! Not because it's the festive season, but because I get to see Keira Knightley as a butt-kicking secret agent in new Netflix spy thriller Black Doves.

In it, Knightley is worlds away from her period drama era as she takes on the role of Helen Webb, a fearless spy who goes on a quest for revenge when her secret lover is murdered by the dangerous London underworld. Joining Helen on her mission is old assassin friend Sam (Ben Whishaw) after he's called in to protect her.

I knew it was going to be one of the best Netflix shows of 2024 after I watched the action-packed Black Doves trailer, and now I can't wait for the comedic spy duo to bring bullets, bloodshed, and British wit during the holidays. Oh, and it's already been renewed for a second season, so Merry Kill-mas!

Grace Morris, entertainment writer

• Watch Black Doves on Netflix

Fly Me to the Moon (Apple TV Plus)

Some of the best Apple TV Plus movies often attract Hollywood A-listers like Leonardo DiCaprio, Tom Hanks, and Jennifer Lawrence. Now, Scarlett Johansson and Channing Tatum are part of that famous list with the rom-com Fly Me to the Moon. Set against the backdrop of NASA's historic Apollo 11 moon landing, marketing specialist Kelly Jones (Johansson) and launch director Cole Davis (Tatum) are tasked with creating a fake moon landing in case the mission fails.

I love a good rom-com and Fly Me to the Moon looks like an old-fashioned Apple-produced romance I can get behind, especially if it involves Johansson and Tatum. Is the sci-fi TV show utopia that is Apple TV Plus about to produce a top-tier romantic comedy? Judging by its respectable 65% Rotten Tomatoes score (it was released in theaters earlier this year, FYI), maybe!

Grace Morris, entertainment writer

• Watch Fly Me to the Moon on Apple TV Plus

The Sticky (Prime Video)

When I first saw the trailer for Prime Video's The Sticky, I said it looks like Breaking Bad with maple syrup instead of meth. If that isn’t enough to sell you, I don’t know what will, because this show looks bonkers in the best possible way. The Sticky is actually based on a bizarre real-life crime story called the Great Canadian Maple Syrup Heist, which saw $18.7M worth of maple syrup was stolen in Quebec. In the dramatized version, a syrup farmer turns to a Bostonian mobster and a French-Canadian security guard for their aid in stealing Quebec's maple syrup surplus.

I can’t wait to watch it either, especially with legends like Jamie Lee Curtis and Margo Martindale attached to the cast. If I had things my way, it would already have a spot on our best Prime Video shows list. I just hope it doesn't come unstuck when more people check it out!

Lucy Buglass, senior entertainment writer

• Watch The Sticky on Prime Video

For more streaming coverage, read our guides on the best Hulu movies, best Apple TV Plus shows, best Paramount Plus movies, and best Netflix movies.

• Security researchers found two new malware variants, an infostealer and a loader
• The developers seem to be the same group that's behind more_eggs
• The infostealer can grab passwords, cookies, and more

Venom Spider, a threat actor behind the infamous More_eggs malware, is expanding its malware-as-a-service (MaaS) operation. This is according to a new report from cybersecurity researchers Zscaler ThreatLabz, who recently found two new malware families linked to the same developer.

In a detailed report published earlier this week, the researchers said that Venom Spider (also known as Golden Chickens) built an infostealer called RevC2, and a loader named Venom Loader.

The infostealer can grab people’s login credentials, and cookies from Chromium-powered browsers (Chrome, Edge, Brave, and others). It can run shell commands, grab screenshots, and proxy traffic using SOCKS5. Finally, it can run commands as a different user, as well. The loader, on the other hand, is customized for each victim, and uses their computer’s name to encode the payload, it was said.

VenomLNK

The researchers first observed the new malware being used in August this year, and have been tracking it ever since. They don’t know exactly how the malware is distributed to the victims, but suspect it all starts with VenomLNK. This is an initial access tool that the researchers observed being used to deploy both of the above-mentioned malware, while at the same time, showing a decoy PNG image to the victim.

This is not the first time VenomLNK was seen in the wild, as the experts said it was used to deploy More_eggs lite before.

More_eggs is a JavaScript-based loader used to infiltrate systems by downloading and executing additional malicious payloads, typically after gaining an initial foothold through phishing emails or malicious links.

The malware is notorious for its stealthy behavior, as it leverages legitimate processes and tools to evade detection. Attackers often deploy more_eggs to install ransomware, steal sensitive data, or provide remote access to compromised systems.

More_eggs has been around for at least three years, possibly for longer.

Via The Hacker News

You might also like

• Uh oh, malicious Windows shortcuts are making a return
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

• Google Photos is rolling out a new Recap feature today
• Recap videos give you a Spotify Wrapped-style summary of your year
• The feature includes highlights and stats like your longest photo streak

If you're a big Google Photos fan, the service knows a lot about your life – and from today it's crunching all of that data together to make a new Spotify Wrapped-style highlights video of your year called Recap.

Rolling out from today in the Google Photos app, Recap goes a bit further than the Memories feature it's based on. There are the usual photo and video highlights, but like Wrapped you get stats based on your photos – like your longest photo streak and the top colors you photographed in 2024.

Recap can also reveal who you smiled the most with this year, but to power all of this you need to have Google Photos' 'Face Groups' setting turned on. To check that, inside the app go to your Account profile photo or initials in the top-right, then Settings > Privacy > Face Groups.

The Recap feature takes the form of a short video that sits in your Memories carousel and you'll get a notification in the Google Photos app when yours is ready. Google says it'll sit in the carousel throughout December so it's handy for sharing over the holidays, but you can also share it to social media from the app.

Google also says that "select users" in the US can also opt in to receive a version of their Recap video with personalized captions that are generated by Google Gemini. To do that, you'll need to head into the app's Settings and opt into using Gemini features.

How much do you want Google Photos to know?

(Image credit: Google)

New Google Photos features like Recap and 'Ask Photos' could divide opinion among its users. For some, they'll be fun, time-saving tools that save them from what were once huge photo book projects. But others could find its all-knowing analysis of their photo libraries a little creepy and invasive.

Recap goes a step beyond being a highlights reel with stats like the number of smiles you captured, who you smiled with the most and your favorite colors of 2024 (above).

That's all pretty innocent, but there's also a danger that those who haven't delved into Google Photos Memories settings like 'hide a face' could get a Recap video that treads on sensitive ground. A Google spokesperson told us: "Not all memories are worth revisiting, so we use filters and do our best to avoid resurfacing upsetting memories. However, there may be times where we don’t get it right."

"That’s why Google Photos includes controls to hide photos of certain people or time periods within Memories. Hidden people and dates will not appear in your Recap," the spokesperson reassured us.

Gemini-powered features like 'Ask Photos' (and the personalized Recap captions available to "select users" in the US) are also opt-in, so Google recognizes there is a sensitivity to its most powerful AI features being applied to Google Photos.

The tech giant's privacy hub for Google Photos says that your personal data in Photos is "never used for ads" and that your 'Ask Photos' responses "aren't reviewed by humans", but with cloud photo libraries becoming increasingly smart it's worth deciding how much you want the services to know about your life.

You might also like

• Google Photos is rolling out AI-powered search now – and it could be its biggest upgrade in years
• Gemini AI could soon be adding narration to your memories in Google Photos
• Google Photos will soon fix your average videos with a single ‘enhance’ tap

• Apple has introduced Passwords support for Firefox
• The extension allows Mac users to store, sync, and autofill credentials
• Apple has apparently taken ownership of an existing extension

Apple has gradually added more credential management features to both iOS and MacOS, with autofill features and a password generator being added in software updates.

The release of iOS 18 and macOS 15 Sequoia saw Apple introduce its very own password manager, suitably named ‘Passwords’, allowing users to sync, store, and autofill password from a single app.

Now, Apple is setting its sights on introducing more password support for browsers outside of its native Safari.

Passwords for Firefox

Apple has now introduced a browser extension for Firefox, allowing MacOS users with a preference for the flaming Vulpes to enjoy the same functionality offered in Safari and supported Chromium based browsers such as Chrome and Edge.

The extension simply requires a Mac device that is already synced with your iCloud account running either macOS Sonoma or macOS Sequoia. Once installed, the extension will prompt you to type in a six-digit code, and you can now store and autofill passwords in Firefox.

The basis for the extension, however, is not new. Apple has apparently claimed ownership of an existing extension that offered support for Apple passwords in the Firefox browser, with the Github page stating that Apple “are now the sole owners in charge of maintaining their own official iCloud Passwords extension.”

Unfortunately, Windows users are going to have to wait before Apple Password sync is enabled, as the Firefox extension is not compatible with the Firefox browser when running on Windows or Linux - however the Github page for the original extension does support Windows version that can run iCloud for Windows, so Apple may have Firefox Password support for Windows in the pipeline.

Via Ars Technica

You might also like

• Take a look at the best forensic and pentesting Linux distros
• How to prepare for the Windows 10 shutdown
• Take a look at the best secure browsers

• A yearly certification should be mandatory for US telcos, FCC Chair said
• The initiative should help businesses tackle rising attacks
• China denies any involvement

It should be mandatory for American telecommunications organizations to every year submit a certification, confirming they have a solid cyber-incident response plan set up.

This is a proposal set forth by US Federal Communications Commission Chairwoman Jessica Rosenworcel, in response to recent news that Chinese state-sponsored threat groups have entrenched themselves deeply into US telecom providers, possibly snooping in on important communications for years.

Earlier this year, multiple cybersecurity organizations, and then government agencies too, reported that Chinese threat actors named Salt Typhoon infiltrated some US telecommunications giants and were pulling valuable data.

Immediate effect

Later, a number of organizations confirmed the findings, including T-Mobile, Verizon, Lumen Technologies, and AT&T. The campaign seems to be global, affecting “dozens” of private and public sector firms around the world.

"While the Commission's counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future," Rosenworcel said in a statement.

Reuters cited Rosenworcel saying the proposal was being circulated to other commissioners in her agency. If adopted, it would take effect immediately, it was added.

The victims are now working diligently on ousting the spies in an ongoing effort, with no concrete deadline set up.

At the same time, the Chinese government remains silent. In the past, it has denied these allegations on numerous occasions, even accusing the US of being the world’s cyber-bully at one point. A few months ago, it released a report in which it claimed that Volt Typhoon, another hacking collective, was actually a CIA asset.

The document asserts that China consulted over 50 cybersecurity experts, who collectively determined both the US and Microsoft do not have enough evidence to implicate China’s involvement with Volt Typhoon. However, the names of the experts are not included in the document.

Via Reuters

You might also like

• US Government says Salt Typhoon still lurks on telecoms networks, shares some top tips to stay protected
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

Today's employment reading queues up another Fed rate cut later this month.

The Federal Reserve can still cut interest rates this month, but today's data points to fewer reductions in 2025. Here's what that means for refi rates.

Strong economic data could encourage the Federal Reserve to postpone interest rate cuts in 2025.

• Romania has cancelled its presidential election as a result of a spate of cyberattacks
• The cyberattacks targeted electoral systems, with over 85,000 attacks in total
• The election will be re-run, likely with closer oversight over systems and social media

A recently declassified report [PDF] from Romania’s Intelligence Service (SRI) has revealed that the election’s infrastructure was targeted by over 85,000 cyberattacks over the run up to election day.

The primary concern from these attacks is the state-sponsored online influence campaign promoting the election of front-runner and Pro-Moscow candidate Călin Georgescu. Access credentials for election websites were stolen by threat actors and leaked on a Russian hacker forum, which is a worrying development given the volatility of the region’s political landscape.

The SRI confirmed that an attack on the IT infrastructure of the Romanian Permanent Electoral Authority (AEP) compromised a server which mapped data connected to the AEP’s network, which occurred on November 19th. In light of these developments, the election has since been cancelled by Romanian courts to allow for a re-run of the presidential election first round.

Significant breaches

Between the initial breach and November 25th, which was the end of the first round of Presidential elections, BleepingComputer reports that the 85,000 attacks were targeting the information systems which support the electoral process. Analysts have confirmed that the scale of the campaign would point to a state actor.

"Romania—along with other states on NATO's eastern flank—has become a priority for Russia's hostile actions; there is a growing interest in the Kremlin to influence (at least) the mood and agenda in Romanian society in the electoral context through propaganda and disinformation." the report confirms.

Romanian Prime Minister Marcel Ciolacu said that anulling the election was "the only correct decision," with the judges of the Constitutional Court citing the same report as a factor in its decision making.

It’s important to note that the SRI has not directly attributed these attacks to a specific threat actor, but geopolitical tensions do seem to suggest that they’re looking in a specific direction.

Russian cyber influence campaigns have been reported during the US election cycle, so there is precedent for similar incidents. Russia has denied any interference with Romanian elections.

Romania’s infrastructure is still being affected by vulnerabilities, the agency warned, and these could be exploited heading into the second round of the election.

More from TechRadar Pro

• Check out our list of the best endpoint protection software around
• Majority of US Congress members at risk of personal information being exposed
• Take a look at our best firewall software

If you want to log or analyze your shut-eye, these WIRED-tested sleep trackers are the way to go.

There are plenty of uses for the iPhone's Action button, but the best hacks can be found in Apple's Shortcuts app.

Sticking to New Year's resolutions can be challenging but some small and actionable goals can help you make changes for the better.

• Broadcom gives 1,500 of its 2,000 biggest customers back to channel partners
• The company hopes partners will be able to offer customers better deals
• It’s all in an effort to stop losing VMware customers

According to new information revealed by Ars Technica, Broadcom has reversed its plans to take its 2,000 biggest customers directly, instead taking just 500 and leaving channel partners to pick up the rest.

It’s believed that Broadcom is branding the change as one that will drive additional value for money to customers through partner-driven deals, which it hopes will keep customers using its services rather than looking to migrate.

Since its acquisition of VMware a little over a year ago, Broadcom has caused uproar in the virtualization world by implementing a series of changes it said were meant to simplify its portfolio, but the reality has been increased costs for many customers.

Broadcom giving VMware deals back to partners

Some of the changes affecting customers have included the company’s decision to end perpetual licenses and move to subscription-based models, the bundling of multiple products into fewer (and more expensive, in some cases) SKUs, and the termination of the channel partner program.

Broadcom’s decision to reintroduce channel partners is likely a strategic move to help it maintain business and not lose any more customers.

The firm said in a statement: “We announced a program that is currently in development to offer qualified VCF customers a 15 percent professional service entitlement of their annual contract value to access partner-delivered or Broadcom professional services. This will help customers improve both time to value and ROI.”

Speaking about the change, Canalys Chief Analyst Alastair Edwards said that Broadcom handing back 1,500 big customers back to channel partners and giving its channel 15% of the value of deals they win would be its best defense against potential migrations.

However, posting on LinkedIn, Edwards said that Broadcom CEO Hock Tan’s efforts to “strip out layers of cost and complexity” have so far “come at the expense of customer and partner relationships.”

You might also like

• These are the best cloud computing services
• AWS launches a VMware-as-a-service offering
• We’ve rounded up a list of the best virtual desktop software