 Cyberpunk 2077 is an Early Access game. It wasn't labeled that way at launch, but it should have been (and while it may not have sold quite so many copies, it probably would have cut down on the outrage from players at the state of it). Cyberpunk 2077 was far from finished when CDPR pushed it out the door a couple of years too early, and despite a massive patch released earlier this week that made a number of improvements, it's still far from finished today. Cyberpunk 2077's 1.2 patch, released earlier this week, weighs in at 33GB and includes nearly 500 fixes for the PC version of the game. That's a hefty patch, and it contains tons of important fixes for quests, gameplay systems, and the many, many, many bugs Cyberpunk 2077 shipped with. Despite the surprisingly long list of fixes and tweaks, the experience post-patch is ultimately about the same. After playing a couple of hours with the 1.2 patches, I can't say I really noticed much of a difference. Yes, the patch made it so cops and police drones spawn a bit further away when you commit a crime, but that doesn't really make their response feel any less ridiculous, especially when you're in a remote area with hardly anyone around and can see them blip into the world. And despite the swarms of teleporting police, they're still incredibly easy to evade because they give up the moment you're out of sight and never jump into cars to pursue you. Post-patch, I still get the bug where I'm suddenly thrown hundreds of meters away from the spot I was standing. I still regularly see NPCs floating in the air. I still see those ridiculous 2D cars that are supposed to simulate traffic at a distance, and I still see them in places where there's no need to simulate traffic at a distance. I still can't get the second part of the vending machine quest to kick off, despite the quest marker pointing me to the spot I need to go to kick it off. I don't have any mod conflicts, either—this is a completely clean install of the patched game. It's just still heavily broken. The first thing I did after installing the patch was run to the spot outside V's apartment, where on day one I witnessed cars repeatedly and hilariously smashing into a barricade on the sidewalk. They're still doing that. There are fewer cars on the road now, which makes it less noticeable, but every car that does go down that road still smashes immediately into that barrier and sends hunks-o-car flying through the air. It's still funny to me, but it demonstrates just how much more there is to fix. (Though at least now V sleeps on their bed like an actual human being would.) Some players are having an easier time post-patch, reporting that driving is much improved on PC using the keyboard now that there's a steering sensitivity slider. Some say performance has improved as well, with more consistent fps and quicker load times. Naturally, as happens on PC with patches for just about every game ever made, other players are reporting a worse experience. More crashes, lower fps, and new quest bugs in place of old ones. The subreddit is still packed with glitch gifs, as it has been since day one. I do think Cyberpunk 2077 is still worth playing, both when it launched and right now. There are lots of great characters and some really interesting quests. It looks amazing and it's a beautiful world (if a rarely rewarding one) to explore. Yes, the glitches and bugs and half-assed systems like police responders can grating and frustrating, but the goofy physics bugs can be amusing, too, and at times the characters and story are engaging enough that even distracting bugs don't completely ruin them. Learn more by visiting OUR FORUM.
 The newest method of infecting your computer is remarkably old-fashioned: It uses a telephone call. Online researchers are documenting a new malware campaign they've dubbed "BazarCall." One of its primary malware "payloads" is the BazarLoader remote-access Trojan, which can give a hacker full control over your PC and be used to install more malware. The attack starts with an email notifying you that a free trial subscription for a medical service that you've supposedly signed up for is about to run out, and your credit card will be charged in a few days — at $90 a month or some other ridiculous rate. The subject line may read "Thank you for using your free trial," "Do you want to extend your free period," or something similar, according to The Record and Bleeping Computer. Naturally, you're wondering what the hell this email is, but you're pretty sure you don't want to be paying for something you never agreed to. Fortunately, the message provides a phone number you can call to cancel the subscription, plus a subscriber ID number that you can refer to during the call. You've heard of, and maybe even seen, phishing emails that want you to click on a link, but then take you a site that asks for your password or tries to install something on your computer. But there's no link in this email. It seems safe. And what harm can come from calling a phone number? So you call. You're placed on hold. You wait for a couple of minutes. And then a helpful call-center operator — he or she sounds suspiciously like someone who'd be part of a tech-support scam — comes on the line and listens to your questions about the email. The operator asks for the subscriber ID mentioned in the email. Now here's the key thing. That subscriber ID is very important because it lets the crooks know who you are — and many of their targets are people who work in specific companies. "They will be able to identify the company that got that email when you give them a valid customer [ID] number on the phone," Binary Defense security expert Randy Pargman told Bleeping Computer. "But if you give them a wrong number they will just tell you that they canceled your order and it’s all good without sending you to the website." Here's a YouTube video illustrating the entire process. The interaction with the call-center operator starts about 2 minutes and 45 seconds in. Anyway, the customer-service rep puts you back on hold for a bit to check your subscriber ID, then comes back to tell you who signed up and provided a credit card for this subscription — and it's someone who's not you. There must be a mistake. The friendly customer-support person tells you that because this concerns a medical service, you've got to fill out some forms online to cancel the subscription. He sends you to a professional-looking website, where you can continue the cancellation process. There are at least five possible websites, again listed here. The one we saw all looked the same, but someone took a lot of effort to make each site look decent. The websites have FAQs, privacy statements, terms of use and even contact information listing street addresses of Los Angeles office towers and southern California phone numbers. We called a couple of the listed phone numbers but got nowhere. We also discovered that all five websites we visited have domains that were registered last week using the same alias and the same Russian email address. Back on the customer-support call, the rep directs you to the site's signup page, where you can click Unsubscribe. However, the Unsubscribe field doesn't ask for your name or your email address. Instead, it again asks for the subscription ID number found in the original email notification you received. Click Submit on the Unsubscribe dialogue box, and your browser prompts you to allow download of a Microsoft Excel spreadsheet or Word document. The customer-support rep says you must download, open and digitally "sign" this document to cancel the subscription. Now, Microsoft Office files downloaded from the internet are so dangerous that Windows itself "sandboxes" them so that they can't run macros — little mini-programs — without your permission. But the customer-support rep you have on the phone insists that you click the yellow bar that appears across the top of this Excel or Word file to enable macros so that you can "sign" the document. We have a lot more posted on OUR FORUM.  An upgraded variant of Purple Fox malware with worm capabilities is being deployed in an attack campaign that is rapidly expanding. Purple Fox, first discovered in 2018, is malware that used to rely on exploit kits and phishing emails to spread. However, a new campaign taking place over the past several weeks -- and which is ongoing -- has revealed a new propagation method leading to high infection numbers. In a blog post on Tuesday, Guardicore Labs said that Purple Fox is now being spread through "indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes." Based on Guardicore Global Sensors Network (GGSN) telemetry, Purple Fox activity began to climb in May 2020. While there was a lull between November 2020 and January 2021, the researchers say overall infection numbers have risen by roughly 600% and total attacks currently stand at 90,000. The malware targets Microsoft Windows machines and repurposes compromised systems to host malicious payloads. Guardicore Labs says a "hodge-podge of vulnerable and exploited servers" is hosting the initial malware payload, many of which are running older versions of Windows Server with Internet Information Services (IIS) version 7.5 and Microsoft FTP. Infection chains may begin through internet-facing services containing vulnerabilities, such as SMB, browser exploits sent via phishing, brute-force attacks, or deployment via rootkits including RIG. As of now, close to 2,000 servers have been hijacked by Purple Fox botnet operators. Guardicore Labs researchers say that once code execution has been achieved on a target machine, persistence is managed through the creation of a new service that loops commands and pulls Purple Fox payloads from malicious URLs. The malware's MSI installer disguises itself as a Windows Update package with different hashes, a feature the team calls a "cheap and simple" way to avoid the malware's installers being connected to one another during investigations. In total, three payloads are then extracted and decrypted. One tampers with Windows firewall capabilities and filters are created to block a number of ports -- potentially in a bid to stop the vulnerable server from being reinfected with other malware. An IPv6 interface is also installed for port scanning purposes and to "maximize the efficiency of the spread over (usually unmonitored) IPv6 subnets," the team notes, before a rootkit is loaded and the target machine is restarted. Purple Fox is loaded into a system DLL for execution on boot. Purple Fox will then generate IP ranges and begin scans on port 445 to spread. "As the machine responds to the SMB probe that's being sent on port 445, it will try to authenticate to SMB by brute-forcing usernames and passwords or by trying to establish a null session," the researchers say. The Trojan/rootkit installer has adopted steganography to hide local privilege escalation (LPE) binaries in past attacks. To learn more visit OUR FORUM.
|
Latest Articles
|