‘Something Has Gone Seriously Wrong,’ Dual-Boot Systems Warn After Microsoft Update
With Microsoft maintaining radio silence, those affected by the glitch have been forced to find their own remedies. One option is to access their EFI panel and turn off secure boot. Depending on the security needs of the user, that option may not be acceptable. A better short-term option is to delete the SBAT Microsoft pushed out last Tuesday. This means users will still receive some of the benefits of Secure Boot even if they remain vulnerable to attacks that exploit CVE-2022-2601. The steps for this remedy are outlined here (thanks to manutheeng for the reference).
Read more of this story at Slashdot.
Toyota Confirms Breach After Stolen Data Leaks On Hacking Forum
“We have hacked a branch in United States to one of the biggest automotive manufacturer in the world (TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB,” the threat actor claims. “Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords.” While Toyota hasn’t shared the date of the breach, BleepingComputer found that the files had been stolen or at least created on December 25, 2022. This date could indicate that the threat actor gained access to a backup server where the data was stored. “We are aware of the situation. The issue is limited in scope and is not a system wide issue,” Toyota told BleepingComputer. The company added that it’s “engaged with those who are impacted and will provide assistance if needed.”
Read more of this story at Slashdot.
‘Civilization 7 Captures the Chaos of Human History In Manageable Doses’
“It’s tough to even get through the whole game,” designer Ed Beach says, singling out the key problem that Firaxis aims to solve with the forthcoming Civilization 7. While the early turns of a campaign in Civilization 6 can be swift, when you’re only deciding the actions for the population of a single town, “the number of systems, units, and entities you must manage explodes after a while,” Beach says. From turn one to victory, a single campaign can take more than 20 hours, and if you start falling behind other nations, it can be tempting to restart long before you see the endgame. That’s why Civilization 7’s campaign has been split into three ages — Antiquity, Exploration and Modern — with each ending in a dramatic explosion of global crises. “Breaking the game into chapters lets people get through history in a more digestible fashion,” Beach says.
When you start a new campaign, you pick a leader and civilization to govern, and direct your people in establishing their first settlements and encounters with the other peoples populating a largely undeveloped land. You’ll choose the technologies they research, the expansions they make to their cities, and whom they try to befriend or conquer. Every turn you complete or scientific, economic, cultural and military milestone you pass adds points to a meter running in the background. Once that meter hits 200, you and all the other surviving civilizations on the map will transition into the next age. When moving from Antiquity to Exploration and later Exploration to Modern, you select a new civilization to lead. You’ll retain all the cities you controlled before but have access to different technologies and attributes. This may seem strange, but it’s built to reflect history: think of London, which was once run by the Romans before being supplanted by the Anglo-Saxons. No empire lasts for ever, but they don’t all collapse, either.
Breaking Civilization 7 into chapters also gives campaigns a new rhythm. As you approach the end of an age, you’ll begin to face global crises. In Antiquity, for instance, you can see a proliferation of independent powers similar to the tribes that tore down Rome. “We’re not calling them barbarians any more,” Beach says. “It’s a more nuanced way to present them.” These crises multiply and strengthen until you reach the next age. “It’s like a sci-fi or fantasy series with a huge, crazy conclusion, and then the next book starts nice and calm,” Beach says. “There’s a point where getting to the next age is a relief.” Here’s a round-up of thoughts on Civilization 7 from some of the most respected gaming outlets and reviewers:
Civilization VII hands-on: This strategy sequel rethinks the long game — Ars Technica’s Samuel Axon
Civilization 7 pairs seismic changes with a lovably familiar formula — Eurogamer’s Chris Tapsell
Civilization 7 hands-on: Huge changes are coming to the classic strategy series – PC Gamer’s Tyler Wilde
Civilization 7 lets you mix and match history — and it’s a blast – The Verge’s Ash Parrish
Civilization 7 Hands-On Preview: Creating Your Legacy – Game Rant’s Joshua Duckworth
Sid Meier’s Civilization VII preview — possibly the freshest sequel yet – GamesHub’s Jam Walker
How Civilization 7 Rethinks The Series’ Structure – GameSpot’s Steve Watts
Read more of this story at Slashdot.
National Public Data Published Its Own Passwords
Following last week’s story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named “members.zip,” indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD’s founder, an actor and retired sheriff’s deputy from Florida named Salvatore “Sal” Verini.
Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company’s website, and that the site is slated to cease operations “in the next week or so.” “Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords,” Verini told KrebsOnSecurity. “Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative.” The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com’s homepage features a positive testimonial from Sal Verini.
Read more of this story at Slashdot.