Month: June 2016

(credit: Leo Reynolds)

Attackers are exploiting a critical vulnerability in Adobe's widely used Flash Player, and Adobe says it won't have a patch ready until later this week.

The active zero-day exploit works against the most recent Flash version 21.0.0.242 and was detected earlier this month by researchers from antivirus provider Kaspersky Lab, according to a blog post published Tuesday by Costin Raiu, the director of the company's global research and analysis team. It's being carried out by "ScarCruft," the name Kaspersky has given to a relatively new hacking group engaged in "advanced persistent threat" campaigns that target companies and organizations for high-value information and data. Raiu wrote:

ScarCruft is a relatively new APT group; victims have been observed in several countries, including Russia, Nepal, South Korea, China, India, Kuwait and Romania. The group has several ongoing operations utilizing multiple exploits—two for Adobe Flash and one for Microsoft Internet Explorer.

Currently, the group is engaged in two major operations: Operation Daybreak and Operation Erebus. The first of them, Operation Daybreak, appears to have been launched by ScarCruft in March 2016 and employs a previously unknown (0-day) Adobe Flash Player exploit, focusing on high profile victims. The other one, “Operation Erebus” employs an older exploit, for CVE-2016-4117 and leverages watering holes. It is also possible that the group deployed another zero day exploit, CVE-2016-0147, which was patched in April.

We will publish more details about the attack once Adobe patches the vulnerability, which should be on June 16. Until then, we confirm that Microsoft EMET is effective at mitigating the attacks. Additionally, our products detect and block the exploit, as well as the malware used by the ScarCruft APT threat actor.

The currently unfixed vulnerability is indexed as CVE-2016-4171. Adobe's bare-bones advisory is here.

The stars of the Warcraft movie as they appeared in Warcraft I and II. (We cheated a bit for Durotan, who doesn't appear in the games.) (credit: Ron Amadeo)

Editor's note: This article contains minor spoilers throughout. (Unless you're an avid WoW player, that is.)

"Blizzard should make a movie" has been a wish for just about every fan that has seen one of the company's gorgeous CG cinematics. And this weekend, these gamers sort of got their wish when the Warcraft movie finally arrived stateside.

Sadly, I can't imagine many fans wanted to see this Warcraft story get made into a movie. While the film was obviously created due to the success of World of Warcraft, it is not "World of Warcraft: The Movie." The story simply doesn't take place in the "Modern" Warcraft era depicted in WoW and Warcraft 3. Instead, this is the "First War" film—depicting the battle between the Orcs and Humans. If you're going by the games, the story more or less follows "Warcraft: Orcs & Humans" (aka "Warcraft 1"), the original DOS real-time strategy game from 1994.

(credit: BBC)

A few weeks ago, the BBC's new season of Top Gear debuted, complete with a brand new cast (and an online addition, Extra Gear). We weren't too impressed with the premiere, suggesting that it was time for the broadcaster to think outside its (gear)box. But three episodes in, we're happy to relay that the rebuilt transmission appears to be bedding in, and things are looking up. And even better, Chris Harris and Neil Carey will be working together again to produce more of the long-form car videos beloved by car nerds on the Internet.

Back to the main event. After the stilted and at times boring season opener, Top Gear appears to be finding its feet (tires?). We got to see Sabine Schmitz make Chris Evans lose his breakfast—strawberries, in case you were curious—by lapping Laguna Seca in an Audi R8. Harris also made his first appearance on the big show, driving a Ferrari 250 Tour de France back to back with its new descendent, the F12 TdF. Rory Reid gave us a great piece on the Ford Focus RS, a car that apparently anyone can drift like the Stig. (We'll be putting that to the test next month when Ford lets us drive the Focus RS, and the company is even bringing one of the former Stigs along to offer some tuition.)

We also got to see the piece that caused a media scandal in the UK earlier this year. Months before Top Gear's new season started, the show was making negative headlines after Ken Block (the hoonatic with a billion YouTube views) showed off his drifting skills in London. Burning rubber and doing donuts within sight of the Cenotaph (a war memorial) did not go down well with UK "Red Tops" that were already on the hunt for bad news about Top Gear.

SANTA MONICA, Calif.—Your history and experience with video games may very well be defined by the acronyms you hold near and dear. All-caps letter slams like WASD, LFG, GLHF, QTE, and HPB represent a lot for certain gaming genres or eras (and probably read like gobbledygook to outsiders), but in the console gaming space, one acronym may very well count as the longest-lasting of them all: ATB.

That stands for the Active-Time Battle system from Final Fantasy, which debuted in its fifth game and has remained a constant in a series that otherwise revels in full memory-slate wipes with its every sequel. Sure, the games share constants like Chocobos, mechanics named Cid, and elemental magic mixed with giant-monster summons, but the RPG series is probably best known for, and identified by, its meter-charging twist on turn-based combat.

The upcoming release of Final Fantasy XV is interesting in a lot of ways, from its enormity to its car-cruising "band of bros" premise. But after being given full room to roam in the game's entire first chapter, the largest takeaway by far is its battle-system shift. Forget the teases and dances with real-time active combat in games like FFXIII; Square Enix has finally, truly pushed its golden child into the real-time combat realm.

The Donald. (credit: Gage Skidmore)

A hack on the Democratic National Committee has given attackers access to a massive trove of data, including all opposition research into presidential candidate Donald Trump and almost a year's worth of private e-mail and chat messages, according to a published report.

In an article published Wednesday, The Washington Post reported that researchers with CrowdStrike, the security firm DNC officials hired to investigate and contain the breach, determined the intrusions were carried out by two separate hacker groups that both worked for the Russian government. One, dubbed Cozy Bear, gained access last summer and has been monitoring committee members' e-mail and chat communications. The other is known as Fancy Bear and is believed to have broken into the network in late April. It was the latter intrusion that obtained the entire database of Trump opposition and later tipped off IT team members the network may have been breached.

The DNC intrusion is just one of several targeting US political organizations, the WaPo said, with the networks of Trump, rival presidential candidate Hillary Clinton, and some republican political action committees also being targeted by Russian spies. Details about those campaigns weren't available. The hackers who penetrated the DNC network were expelled last weekend. No financial and donor information appears to have been taken, leaving analysts to suspect the attack was a case of traditional espionage and not the work of criminal hackers. According to Wednesday's report:

That's not exactly what we mean when we say consoles are becoming more like mobile phones... (credit: Destructoid)

For decades now, the game console market has progressed in a reliable pattern. Roughly every six or seven years, console makers would introduce new hardware expected to completely replace the old. After a short transitional period, support for the older hardware would dry up on the part of both developers and the console makers themselves. Everyone would move on.

This year's E3 has provided an important inflection point for that model. Both Sony and Microsoft are announcing new hardware intended to complement, rather than replace, their current consoles. It's a move that will have far-reaching implications for what console gaming looks like going forward. Goodbye to the game console as we know it. Hello to the tiered console platform.

Sony technically started things off, confirming days before E3 that the codenamed PlayStation 4 Neo would "sit alongside and complement the standard PS4" throughout that system's lifecycle. Microsoft took it even further at its press presentation Monday, announcing the codenamed Xbox One Scorpio as a six-teraflop workhorse that will support "true 4K gaming" and high-end virtual reality by the end of 2017.

(credit: Canonical)

Ubuntu's "snappy" new way of packaging applications is no longer exclusive to Ubuntu. Canonical today is announcing that snapd, the tool that allows snap packages to be installed on Ubuntu, has been ported to other Linux distributions including Debian, Arch, Fedora, and Gentoo among others.

If you have no idea what the above paragraph means, here's a summary. Traditionally, applications for Ubuntu and similar distributions are packaged in the deb (short for Debian) format. These packages consist of the application a user wants to install, and they can also install other things that the package depends on in order to run (libraries, other applications, scripting, support files, and so on). Applications often require a lot of dependencies, making things more complicated, for example, when one application needs one version of another piece of software and a second application needs a different version of that other piece of software.

"Snap packages solve this problem by creating self-contained packages," we noted in our review of Ubuntu 16.04, which brought snaps to servers and desktops. "With snap packages, applications are installed in their own container, and all the third-party applications are installed with them so there are no version conflicts. Snap packages are also smart enough to not install a package more than once, meaning applications installed via Snappy don't take any more disk space than regular applications."