February 2023 – Friki Linux

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Posted on 2023-02-28 by Kernel

Image: Shutterstock.com

Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

The conclusions above are based on an extensive analysis of Telegram chat logs from three distinct cybercrime groups or actors that have been identified by security researchers as particularly active in and effective at “SIM-swapping,” which involves temporarily seizing control over a target’s mobile phone number.

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order — including access to any financial, email and social media accounts tied to that phone number.

All three SIM-swapping entities that were tracked for this story remain active in 2023, and they all conduct business in open channels on the instant messaging platform Telegram. KrebsOnSecurity is not naming those channels or groups here because they will simply migrate to more private servers if exposed publicly, and for now those servers remain a useful source of intelligence about their activities.

Each advertises their claimed access to T-Mobile systems in a similar way. At a minimum, every SIM-swapping opportunity is announced with a brief “Tmobile up!” or “Tmo up!” message to channel participants. Other information in the announcements includes the price for a single SIM-swap request, and the handle of the person who takes the payment and information about the targeted subscriber.

The information required from the customer of the SIM-swapping service includes the target’s phone number, and the serial number tied to the new SIM card that will be used to receive text messages and phone calls from the hijacked phone number.

Initially, the goal of this project was to count how many times each entity claimed access to T-Mobile throughout 2022, by cataloging the various “Tmo up!” posts from each day and working backwards from Dec. 31, 2022.

But by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary. The tally shows that in the last seven-and-a-half months of 2022, these groups collectively made SIM-swapping claims against T-Mobile on 104 separate days — often with multiple groups claiming access on the same days.

The 104 days in the latter half of 2022 in which different known SIM-swapping groups claimed access to T-Mobile employee tools.

KrebsOnSecurity shared a large amount of data gathered for this story with T-Mobile. The company declined to confirm or deny any of these claimed intrusions. But in a written statement, T-Mobile said this type of activity affects the entire wireless industry.

“And we are constantly working to fight against it,” the statement reads. “We have continued to drive enhancements that further protect against unauthorized access, including enhancing multi-factor authentication controls, hardening environments, limiting access to data, apps or services, and more. We are also focused on gathering threat intelligence data, like what you have shared, to help further strengthen these ongoing efforts.”

TMO UP!

While it is true that each of these cybercriminal actors periodically offer SIM-swapping services for other mobile phone providers — including AT&T, Verizon and smaller carriers — those solicitations appear far less frequently in these group chats than T-Mobile swap offers. And when those offers do materialize, they are considerably more expensive.

The prices advertised for a SIM-swap against T-Mobile customers in the latter half of 2022 ranged between USD $1,000 and $1,500, while SIM-swaps offered against AT&T and Verizon customers often cost well more than twice that amount.

To be clear, KrebsOnSecurity is not aware of specific SIM-swapping incidents tied to any of these breach claims. However, the vast majority of advertisements for SIM-swapping claims against T-Mobile tracked in this story had two things in common that set them apart from random SIM-swapping ads on Telegram.

First, they included an offer to use a mutually trusted “middleman” or escrow provider for the transaction (to protect either party from getting scammed). More importantly, the cybercriminal handles that were posting ads for SIM-swapping opportunities from these groups generally did so on a daily or near-daily basis — often teasing their upcoming swap events in the hours before posting a “Tmo up!” message announcement.

In other words, if the crooks offering these SIM-swapping services were ripping off their customers or claiming to have access that they didn’t, this would be almost immediately obvious from the responses of the more seasoned and serious cybercriminals in the same chat channel.

There are plenty of people on Telegram claiming to have SIM-swap access at major telecommunications firms, but a great many such offers are simply four-figure scams, and any pretenders on this front are soon identified and banned (if not worse).

One of the groups that reliably posted “Tmo up!” messages to announce SIM-swap availability against T-Mobile customers also reliably posted “Tmo down!” follow-up messages announcing exactly when their claimed access to T-Mobile employee tools was discovered and revoked by the mobile giant.

A review of the timestamps associated with this group’s incessant “Tmo up” and “Tmo down” posts indicates that while their claimed access to employee tools usually lasted less than an hour, in some cases that access apparently went undiscovered for several hours or even days.

TMO TOOLS

How could these SIM-swapping groups be gaining access to T-Mobile’s network as frequently as they claim? Peppered throughout the daily chit-chat on their Telegram channels are solicitations for people urgently needed to serve as “callers,” or those who can be hired to social engineer employees over the phone into navigating to a phishing website and entering their employee credentials.

Allison Nixon is chief research officer for the New York City-based cybersecurity firm Unit 221B. Nixon said these SIM-swapping groups will typically call employees on their mobile devices, pretend to be someone from the company’s IT department, and then try to get the person on the other end of the line to visit a phishing website that mimics the company’s employee login page.

Nixon argues that many people in the security community tend to discount the threat from voice phishing attacks as somehow “low tech” and “low probability” threats.

“I see it as not low-tech at all, because there are a lot of moving parts to phishing these days,” Nixon said. “You have the caller who has the employee on the line, and the person operating the phish kit who needs to spin it up and down fast enough so that it doesn’t get flagged by security companies. Then they have to get the employee on that phishing site and steal their credentials.”

In addition, she said, often there will be yet another co-conspirator whose job it is to use the stolen credentials and log into employee tools. That person may also need to figure out how to make their device pass “posture checks,” a form of device authentication that some companies use to verify that each login is coming only from employee-issued phones or laptops.

For aspiring criminals with little experience in scam calling, there are plenty of sample call transcripts available on these Telegram chat channels that walk one through how to impersonate an IT technician at the targeted company — and how to respond to pushback or skepticism from the employee. Here’s a snippet from one such tutorial that appeared recently in one of the SIM-swapping channels:

“Hello this is James calling from Metro IT department, how’s your day today?”

(yea im doing good, how r u)

i’m doing great, thank you for asking

i’m calling in regards to a ticket we got last week from you guys, saying you guys were having issues with the network connectivity which also interfered with [Microsoft] Edge, not letting you sign in or disconnecting you randomly. We haven’t received any updates to this ticket ever since it was created so that’s why I’m calling in just to see if there’s still an issue or not….”

TMO DOWN!

The TMO UP data referenced above, combined with comments from the SIM-swappers themselves, indicate that while many of their claimed accesses to T-Mobile tools in the middle of 2022 lasted hours on end, both the frequency and duration of these events began to steadily decrease as the year wore on.

T-Mobile declined to discuss what it may have done to combat these apparent intrusions last year. However, one of the groups began to complain loudly in late October 2022 that T-Mobile must have been doing something that was causing their phished access to employee tools to die very soon after they obtained it.

One group even remarked that they suspected T-Mobile’s security team had begun monitoring their chats.

Indeed, the timestamps associated with one group’s TMO UP/TMO DOWN notices show that their claimed access was often limited to less than 15 minutes throughout November and December of 2022.

Whatever the reason, the calendar graphic above clearly shows that the frequency of claimed access to T-Mobile decreased significantly across all three SIM-swapping groups in the waning weeks of 2022.

SECURITY KEYS

T-Mobile US reported revenues of nearly $80 billion last year. It currently employs more than 71,000 people in the United States, any one of whom can be a target for these phishers.

T-Mobile declined to answer questions about what it may be doing to beef up employee authentication. But Nicholas Weaver, a researcher and lecturer at University of California, Berkeley’s International Computer Science Institute, said T-Mobile and all the major wireless providers should be requiring employees to use physical security keys for that second factor when logging into company resources.

A U2F device made by Yubikey.

“These breaches should not happen,” Weaver said. “Because T-Mobile should have long ago issued all employees security keys and switched to security keys for the second factor. And because security keys provably block this style of attack.”

The most commonly used security keys are inexpensive USB-based devices. A security key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB key and pressing a button on the device. The key works without the need for any special software drivers.

The allure of U2F devices for multi-factor authentication is that even if an employee who has enrolled a security key for authentication tries to log in at an impostor site, the company’s systems simply refuse to request the security key if the user isn’t on their employer’s legitimate website, and the login attempt fails. Thus, the second factor cannot be phished, either over the phone or Internet.

THE ROLE OF MINORS IN SIM-SWAPPING

Nixon said one confounding aspect of SIM-swapping is that these criminal groups tend to recruit teenagers to do their dirty work.

“A huge reason this problem has been allowed to spiral out of control is because children play such a prominent role in this form of breach,” Nixon said.

Nixon said SIM-swapping groups often advertise low-level jobs on places like Roblox and Minecraft, online games that are extremely popular with young adolescent males.

“Statistically speaking, that kind of recruiting is going to produce a lot of people who are underage,” she said. “They recruit children because they’re naive, you can get more out of them, and they have legal protections that other people over 18 don’t have.”

For example, she said, even when underage SIM-swappers are arrested, the offenders tend to go right back to committing the same crimes as soon as they’re released.

In January 2023, T-Mobile disclosed that a “bad actor” stole records on roughly 37 million current customers, including their name, billing address, email, phone number, date of birth, and T-Mobile account number.

In August 2021, T-Mobile acknowledged that hackers made off with the names, dates of birth, Social Security numbers and driver’s license/ID information on more than 40 million current, former or prospective customers who applied for credit with the company. That breach came to light after a hacker began selling the records on a cybercrime forum.

In the shadow of such mega-breaches, any damage from the continuous attacks by these SIM-swapping groups can seem insignificant by comparison. But Nixon says it’s a mistake to dismiss SIM-swapping as a low volume problem.

“Logistically, you may only be able to get a few dozen or a hundred SIM-swaps in a day, but you can pick any customer you want across their entire customer base,” she said. “Just because a targeted account takeover is low volume doesn’t mean it’s low risk. These guys have crews that go and identify people who are high net worth individuals and who have a lot to lose.”

Nixon said another aspect of SIM-swapping that causes cybersecurity defenders to dismiss the threat from these groups is the perception that they are full of low-skilled “script kiddies,” a derisive term used to describe novice hackers who rely mainly on point-and-click hacking tools.

“They underestimate these actors and say this person isn’t technically sophisticated,” she said. “But if you’re rolling around in millions worth of stolen crypto currency, you can buy that sophistication. I know for a fact some of these compromises were at the hands of these ‘script kiddies,’ but they’re not ripping off other people’s scripts so much as hiring people to make scripts for them. And they don’t care what gets the job done, as long as they get to steal the money.”

Show User Name in Right corner of Top-bar in Ubuntu 22.04

Posted on 2023-02-28 by Kernel

Want to display your username in the top panel? It’s easy to do this job in Ubuntu, Fedora Workstation and other Linux with GNOME Desktop via an extension.

After following this tutorial, you’ll see your username appear in the far right corner in top panel, just like the screenshot below shows you:

1. First, open Ubuntu Software, search for and install Extension Manager app.

Install Extension Manager in Ubuntu 22.04+

2. Then, press Super (Windows Logo) key on keyboard to open the overview screen. Search for and launch Extension Manager.

3. When the tool opens, navigate to ‘Browse‘ tab. Finally, search for and click install “Add Username to Top Panel” extension.

After installation, your username should appear immediately on top panel. To remove it, go back “Installed” tab, then either turn off or remove the extension.

For other Linux, e.g., Fedora Workstation, Arch, Debian, RockyLinux with GNOME, go to this page in web browser and use the ON/OFF switch to install it.

Industry Embraces Single-Vendor SASE as Cato Reports Record Growth

Posted on 2023-02-28 by Kernel

Cato Networks, provider of the world’s leading single-vendor SASE platform, reported today its 2022 business results. Highlights include ARR exceeding $100M in record-breaking time, enterprise customers increasing by 45%, and more than 3,000 updates being made to Cato SASE Cloud in 2022. Today, 1600+ enterprises with 28,000+ sites and 520,000+ remote access ZTNA users across 150+ countries rely on Cato every day.

“Despite a stiffening market, enterprises continue to need better networking and security to support growth and digital transformation,” says Shlomo Kramer, co-founder and CEO of Cato Networks. “Cato’s strong performance attests to those needs, enabling enterprises to meet their strategic business outcomes while improving their operational efficiency, agility and risk posture.”

Single-vendor Architecture Becomes the SASE Standard

Founded four years before SASE, Cato pioneered the convergence of security and networking into a global cloud service. Single-vendor SASE, at the time, was considered revolutionary, but today has become the accepted future of enterprise infrastructure. According to Gartner, by 2025, one-third of new SASE deployments will be based on a single-vendor SASE offering, up from 10% in 2022. Cato was recognised by Gartner as a Representative Vendor in the Gartner Market Guide for Single-Vendor SASE.

“The most notable vendor from a software architecture perspective out there today is probably Cato Networks. They have a very strong, unified software architecture and they were actually probably one of, if not the first, vendors doing SASE, and so they started with SASE.” SDxCentral quoted Gartner VP Analyst Andrew Lerner.

Porsche Motorsport and Other Large Enterprises Choose to Partner with Cato

SASE industry adoption propelled Cato’s ARR across $100M mark in just five years, becoming the fastest growing enterprise network security startup. More than 500 enterprises became Cato customers in 2022, an increase of 45% YoY. Existing customer commitment remained high as reflected in a Net Dollar Retention Rate of 120%. Significant wins in 2022 included:

SSE: A major automotive manufacturer preferred Cato over one of the world’s largest security vendors. So impressed was the IT team with Cato’s security capabilities that the manufacturer chose to use the existing firewalls at 3,000 sites as only SD-WAN devices, connecting to Cato’s SSE 360 for security processing.
SASE: Forvis, a leading accounting firm formed through the merger of Dixon-Hughes (DHG) and BKD, extended DHG’s Cato deployment to BKD despite the presence of legacy SD-WAN infrastructure. Along with Baker Tilly, Cato now serves two of the 10 largest CPA firms in North America
CASB: A $4B chemical company that chose Cato in April 2020, elected not to renew their subscription with a leading CASB provider, instead choosing Cato’s CASB and DLP built into the Cato SASE Cloud.
Global Connectivity: Porsche Motorsport chose to partner with Cato on their Formula-E race car. With this collaboration, Cato secures and connects Porsche’s racing teams worldwide to the cloud and Porsche headquarters.

Massive Product Innovation Extends Across Cato SASE Cloud

In 2022, Cato expanded the Cato SASE Cloud, extending the Cato Global Private Backbone to 80+ PoPs, a nearly 20 percent YoY increase. Simultaneously, Cato issued 3,213 feature updates and enhancements including:

Cato SSE 360, which is the only Security Service Edge (SSE) architecture to provide total visibility, optimisation, and control of traffic across all ports and protocols whether bound for the Internet or internal resources. SSE 360’s Cato CASB and Smart DLP were also introduced last year.
Network-based Ransomware Protection, which uses heuristic algorithms and deep network insight to detect and prevent the spread of ransomware across the enterprise without requiring endpoint agents.
Risk-based Application Access Control, which extended ZTNA with real-time, device context inspection even when restricting access within corporate applications, as well as Internet and cloud resources.

Cato also broke industry records for CVE mitigation times and security responsiveness, developing and deploying 397 new IPS signatures in record time. For example, Cato protected customers against Log4J within just 17 hours, which continues to be a problem for many enterprises.

Cato Invests in the Channel and Wins Accolades from Partners

Cato continues to invest in the channel at all levels. Frank Rauch joined as Global Channel Chief, headlining a series of channel promotions and hirings.

Cato partnered with Windstream Enterprise, a leading managed communications service provider, to deliver the first comprehensive managed SASE solution in North America. More recently, Windstream Enterprises launched its Cato-based SSE solution. Overall, contributing partners increased by 38% YoY and partner registered deals for new customers grew by 70% YoY.

Cato was also recognised for its channel excellence by leading Technology Service Distributors (TSDs). AVANT awarded Cato “Top Supplier for SD-WAN,” Intelisys awarded Cato the “Top Sales Engineering Team,” and Telarus recognised Cato for “Top Supplier for Cybersecurity.”

Demand for Technical Training Soars with SASE Adoption

Interest in SASE/SSE fueled enrollment in Cato’s hands-on training. Cato saw 3,500 new users take its partner training with a 36% increase in course completions. There was 106% growth in registrants for Cato’s SSE/SASE training and 129% growth in course graduates.

To learn more about Cato, visit us at https://www.catonetworks.com

The post Industry Embraces Single-Vendor SASE as Cato Reports Record Growth appeared first on IT Security Guru.

KDE Plasma 5.27 Available to Install in (K)Ubuntu via PPA

Posted on 2023-02-27 by Kernel

The latest KDE Plasma Desktop 5.27 was released 2 weeks ago. (K)Ubuntu 22.10 based systems can now get it via KUbuntu Backport PPA.

And, KUbuntu 23.04 will ship with Plasma 5.27 by default. For (K)Ubuntu 22.04 LTS the package is still in experimental PPA for testing, it should be made into the backport extra PPA later.

Plasma 5.27 features a new tiling system to automatically resize and place app windows side by side in screen. User can enable it in “System Settings > Workspace Behavior > Desktop Effects“. Then use Shift + Drag to tile windows, and use Windows Logo key + T to configure the layout. See more about KDE Plasma 5.27.

New window tiling systm

1. Add the PPA

The new packages are made into KUbuntu Backports PPA for (K)Ubuntu 22.10.

First, search for and open terminal (Koncole) from start menu. When it opens, run command to add the PPA:

sudo add-apt-repository ppa:kubuntu-ppa/backports

Type user password when it asks while no asterisk feedback,and hit Enter to continue.

2. Update package cache

Adding PPA should automatically refresh the package cache now. But in case you’re trying this in a Ubuntu based system that does not do the update, run command in terminal to manually refresh cache:

sudo apt update

3. Install KDE Plasma 5.27

Finally, KUbuntu 22.10 user or Ubuntu Studio 22.10 (not tested) can upgrade to Plasma desktop 5.27 by running command below in terminal (koncole):

sudo apt full-upgrade

Non-KDE user may also install the desktop environment by running command:

sudo apt install kubuntu-desktop

However it’s better to write down all the packages it’s going to install, so you can uninstall them to restore your system easily.

After installation, restart your computer and verify by going to System Settings -> About this System.

When Low-Tech Hacks Cause High-Impact Breaches

Posted on 2023-02-26 by Kernel

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

In a filing with the U.S. Securities and Exchange Commission (SEC), GoDaddy said it determined that the same “sophisticated threat actor group” was responsible for three separate intrusions, including:

-March 2020: A spear-phishing attack on a GoDaddy employee compromised the hosting login credentials of approximately 28,000 GoDaddy customers, as well as login credentials for a small number employees;

-November 2021: A compromised GoDaddy password let attackers steal source code and information tied to 1.2 million customers, including website administrator passwords, sFTP credentials, and private SSL keys;

-December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

“Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the company stated in its SEC filing.

What else do we know about the cause of these incidents? We don’t know much about the source of the November 2021 incident, other than GoDaddy’s statement that it involved a compromised password, and that it took about two months for the company to detect the intrusion. GoDaddy has not disclosed the source of the breach in December 2022 that led to malware on some customer websites.

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

The hackers were able to change the Domain Name System (DNS) records for the transaction brokering site escrow.com so that it pointed to an address in Malaysia that was host to just a few other domains, including the then brand-new phishing domain servicenow-godaddy[.]com.

The general manager of Escrow.com found himself on the phone with one of the GoDaddy hackers, after someone who claimed they worked at GoDaddy called and said they needed him to authorize some changes to the account.

In reality, the caller had just tricked a GoDaddy employee into giving away their credentials, and he could see from the employee’s account that Escrow.com required a specific security procedure to complete a domain transfer.

The general manager of Escrow.com said he suspected the call was a scam, but decided to play along for about an hour — all the while recording the call and coaxing information out of the scammer.

“This guy had access to the notes, and knew the number to call,” to make changes to the account, the CEO of Escrow.com told KrebsOnSecurity. “He was literally reading off the tickets to the notes of the admin panel inside GoDaddy.”

About halfway through this conversation — after being called out by the general manager as an imposter — the hacker admitted that he was not a GoDaddy employee, and that he was in fact part of a group that enjoyed repeated success with social engineering employees at targeted companies over the phone.

Absent from GoDaddy’s SEC statement is another spate of attacks in November 2020, in which unknown intruders redirected email and web traffic for multiple cryptocurrency services that used GoDaddy in some capacity.

It is possible this incident was not mentioned because it was the work of yet another group of intruders. But in response to questions from KrebsOnSecurity at the time, GoDaddy said that incident also stemmed from a “limited” number of GoDaddy employees falling for a sophisticated social engineering scam.

“As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks,” GoDaddy said in a written statement back in 2020.

Voice phishing or “vishing” attacks typically target employees who work remotely. The phishers will usually claim that they’re calling from the employer’s IT department, supposedly to help troubleshoot some issue. The goal is to convince the target to enter their credentials at a website set up by the attackers that mimics the organization’s corporate email or VPN portal.

Experts interviewed for an August 2020 story on a steep rise in successful voice phishing attacks said there are generally at least two people involved in each vishing scam: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page — including multi-factor authentication codes shared by the victim — and quickly uses them to log in to the company’s website.

The attackers are usually careful to do nothing with the phishing domain until they are ready to initiate a vishing call to a potential victim. And when the attack or call is complete, they disable the website tied to the domain.

This is key because many domain registrars will only respond to external requests to take down a phishing website if the site is live at the time of the abuse complaint. This tactic also can stymie efforts by companies that focus on identifying newly-registered phishing domains before they can be used for fraud.

A U2F device made by Yubikey.

GoDaddy’s latest SEC filing indicates the company had nearly 7,000 employees as of December 2022. In addition, GoDaddy contracts with another 3,000 people who work full-time for the company via business process outsourcing companies based primarily in India, the Philippines and Colombia.

Many companies now require employees to supply a one-time password — such as one sent via SMS or produced by a mobile authenticator app — in addition to their username and password when logging in to company assets online. But both SMS and app-based codes can be undermined by phishing attacks that simply request this information in addition to the user’s password.

One multifactor option — physical security keys — appears to be immune to these advanced scams. The most commonly used security keys are inexpensive USB-based devices. A security key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device. The key works without the need for any special software drivers.

In July 2018, Google disclosed that it had not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical security keys in place of one-time codes.

MSI Titan GT77 HX 13V Vs Razer Blade 16 Early 2023

Posted on 2023-02-26 by Kernel

Last Updated on February 26, 2023 by itsubuntu

MSI Titan GT77 HX 13V Vs Razer Blade 16 Early 2023

The comparison between MSI Titan GT77 HX 13V vs Razar Blade 16 Early 2023

MSI Titan GT77 HX 13V Vs Razer Blade 16 Early 2023

CPU Comparison of MS Titan GT77 HX 13V and Razer Blade 16 Early 2023:

13th-Gen Intel Core i9-13950HX Vs 13th Gen Intel Core i9 HX Processor

RAM Comparison of MS Titan GT77 HX 13V and Razer Blade 16 Early 2023:

64GB DDR5 4800MHz Vs 32 GB DDR5-5600MHz

Display Comparison of MS Titan GT77 HX 13V and Razer Blade 16 Early 2023:

17.3-inch UHD (3840 x 2160), 144Hz, Mini-LED, HDR 1000 Vs 16″ UHD+, 16:10 (3840 x 2400 WQUXGA) / FHD+ 16:10 (1920 x 1200, WUXGA)

GPU ( Graphics) Comparison of MS Titan GT77 HX 13V and Razer Blade 16 Early 2023:

16GB GDDR6 Nvidia GeForce RTX 4090 laptop GPU Vs NVIDIA® GeForce RTX™ 4090 (16GB GDDR6 VRAM)

Storage Comparison of MS Titan GT77 HX 13V and Razer Blade 16 Early 2023:

4TB (2x 2TB Samsung PM9A1 NVMe Gen 4×4 SSDs in a RAID 0 configuration) Vs 1 TB + 1 TB (2 TB) PCIe® 4.0 NVMe™ M.2 SSD

Battery Comparison of MS Titan GT77 HX 13V and Razer Blade 16 Early 2023:

99.9Whr (4-Cell), 330W Adapter Vs Built-in 95.2 WHr rechargeable lithium-ion polymer battery with 2-year limited battery warranty, 330W GaN Power Adapter

Razer Blade 16 Early 2023 Tech Specs:

Processor	13th Gen Intel® Core™ i9-13950HX 5.5 GHz, Boost up to 5.5 GHz, 24 Cores / 32 Threads, 36MB of Cache
OS	Windows 11 Home
Display	16″ UHD+, 16:10 (3840 x 2400 WQUXGA) / FHD+ 16:10 (1920 x 1200, WUXGA)
Graphics	NVIDIA® GeForce RTX™ 4090 (16GB GDDR6 VRAM)

Graphic Features	NVIDIA® GeForce® RTX™ 4090 Laptop GPU 16GB GDDR6 VRAM TGP (Total Graphics Power) – Up to 175W NVIDIA CUDA® Cores – 9728 Boost Clock – Up to 2040MHz NVIDIA GPU Boost™ NVIDIA Optimus™ Technology NVIDIA Whisper Mode 2.0 VR Ready
Storage	1 TB + 1 TB (2 TB) PCIe® 4.0 NVMe™ M.2 SSD
Memory	32 GB DDR5-5600MHz
Keyboard	Per key RGB Powered by Razer Chroma™ N-Key rollover
Connectivity	Wireless Wi-Fi 6E AX211 (IEEE 802.11a/b/d/e/g/h/i/k/n/r/u/v/w/ac/ax/az)
Touchpad	Precision glass touchpad
Input & Output	1 x Thunderbolt™ 4 (USB-C™) (100W USB PD 3) 1 x USB-C 3.2 Gen 2 Supports Power Delivery 3 (100W) 3 x USB-A 3.2 Gen 2 HDMI 2.1 output UHS-II SD Card Reader
Audio	4 speaker array (tweeters x2, sub x2) 2 Smart Amps 3.5mm Combo-Jack Build-in 2-mic array THX® Spacial Audio 7.1 Codec Support (via HDMI)
Finish	T6 CNC Aluminum, anodized, black with illuminated Razer Logo
Dimensions	21.99 mm x 244 mm x 355 mm 0.87” x 9.61” x 13.98”
Approximate Weight	2.45 kg / 5.40 lbs
Battery and Adaptor	Built-in 95.2 WHr rechargeable lithium-ion polymer battery with a 2-year limited battery warranty 330W GaN Power Adapter
Additional Features	Windows® Hello built-in IR FHD w/ Shutter Razer™ Synapse 3 is enabled with performance, a programmable keyboard, backlighting, and fan control Kensington™ Security Slot Modern Standby Intel PTT – (sTPM 2.0)
Warranty	1-year limited laptop warranty 2-year limited battery warranty

Titan GT77HX 13VH Full Tech Specs:

Titan GT77HX 13VI	Titan GT77HX 13VH
CPU	Up to 13th Gen Intel^® Core™ i9 HX Processor	Up to 13th Gen Intel^® Core™ i9 HX Processor
OS	Windows 11 Home (MSI recommends Windows 11 Pro for business.) Windows 11 Pro	Windows 11 Home (MSI recommends Windows 11 Pro for business.) Windows 11 Pro
Display	17.3″ QHD (2560×1440), 240Hz, IPS-Level 17.3 UHD (3840×2160), MiniLED, HDR 1000, 144Hz, IPS-Level	17.3″ QHD (2560×1440), 240Hz, IPS-Level 17.3 UHD (3840×2160), MiniLED, HDR 1000, 144Hz, IPS-Level
Chipset	Intel^® HM770	Intel^® HM770
Graphics	NVIDIA^® GeForce RTX™ 4090 Laptop GPU 16GB GDDR6 Up to 2040MHz Boost Clock 175W Maximum Graphics Power with Dynamic Boost. May vary by scenario Full-Power GPU Design	NVIDIA^® GeForce RTX™ 4080 Laptop GPU 12GB GDDR6 Up to 2280MHz Boost Clock 175W Maximum Graphics Power with Dynamic Boost. May vary by scenario Full-Power GPU Design
CPU and GPU Combined Power	Max. 250W CPU-GPU Power with MSI OverBoost Technology. May vary by scenario OverBoost Ultra Technology for i9-13980HX Only.	Max. 250W CPU-GPU Power with MSI OverBoost Technology. May vary by scenario OverBoost Ultra Technology for i9-13980HX Only.
Memory	Max 128GB DDR5 4 Slots *Vary by CPU and Memory combination	Max 128GB DDR5 4 Slots *Vary by CPU and Memory combination
Storage Capability	2x M.2 SSD slot (NVMe PCIe Gen4), 1x M.2 SSD slot (NVMe PCIe Gen5) Compatible	2x M.2 SSD slot (NVMe PCIe Gen4), 1x M.2 SSD slot (NVMe PCIe Gen5) Compatible
Webcam	IR HD type (30fps@720p)	IR HD type (30fps@720p)
Keyboard	Cherry Mechanical Per-Key RGB Gaming Keyboard by SteelSeries	Cherry Mechanical Per-Key RGB Gaming Keyboard by SteelSeries
Communication	Killer Gb LAN (Up to 2.5G) Killer ax Wi-Fi 6E + Bluetooth v5.3	Killer Gb LAN (Up to 2.5G) Killer ax Wi-Fi 6E + Bluetooth v5.3
Audio	2x 2W Speaker 2x 2W Woofer	2x 2W Speaker 2x 2W Woofer
Audio Jack	1x Mic-in/Headphone-out Combo Jack	1x Mic-in/Headphone-out Combo Jack
I/O Ports	1x Type-C (USB / DP / Thunderbolt™ 4) with PD charging 1x Type-C (USB / DP / Thunderbolt™ 4) 3x Type-A USB3.2 Gen2 1x SD Express Card Reader 1x HDMI™ 2.1 (8K @ 60Hz / 4K @ 120Hz) 1x Mini-DisplayPort 1x RJ45	1x Type-C (USB / DP / Thunderbolt™ 4) with PD charging 1x Type-C (USB / DP / Thunderbolt™ 4) 3x Type-A USB3.2 Gen2 1x SD Express Card Reader 1x HDMI™ 2.1 (8K @ 60Hz / 4K @ 120Hz) 1x Mini-DisplayPort 1x RJ45
Battery	4-Cell 99 Battery (Whr)	4-Cell 99 Battery (Whr)
AC Adapter	330W adapter	330W adapter
Sensor	x1 Fingerprint	x1 Fingerprint
Dimension (WxDxH)	397 x 330 x 23 mm	397 x 330 x 23 mm
Weight (w/ Battery)	3.3 kg	3.3 kg
Color	Core Black	Core Black

Who’s Behind the Botnet-Based Service BHProxies?

Posted on 2023-02-24 by Kernel

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.

The BHProxies website.

First identified in 2017 by the security firm Deep Instinct, Mylobot employs a number of fairly sophisticated methods to remain undetected on infected hosts, such as running exclusively in the computer’s temporary memory, and waiting 14 days before attempting to contact the botnet’s command and control servers.

Last year, researchers at Minerva Labs spotted the botnet being used to blast out sextortion scams. But according to a new report from BitSight, the Mylobot botnet’s main functionality has always been about transforming the infected system into a proxy.

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. BitSight researchers found significant overlap in the Internet addresses used by those domains and a domain called BHproxies[.]com.

BHProxies sells access to “residential proxy” networks, which allow someone to rent a residential IP address to use as a relay for their Internet communications, providing anonymity and the advantage of being perceived as a residential user surfing the web. The service is currently advertising access to more than 150,000 devices globally.

“At this point, we cannot prove that BHProxies is linked to Mylobot, but we have a strong suspicion,” wrote BitSight’s Stanislas Arnoud.

To test their hypothesis, BitSight obtained 50 proxies from BHProxies. The researchers were able to use 48 of those 50 proxies to browse to a website they controlled — allowing them to record the true IP addresses of each proxy device.

“Among these 48 recovered residential proxies IP addresses, 28 (58.3%) of those were already present in our sinkhole systems, associated with the Mylobot malware family,” Arnoud continued. “This number is probably higher, but we don’t have a full visibility of the botnet. This gave us clear evidence that Mylobot infected computers are used by the BHProxies service.”

BitSight said it is currently seeing more than 50,000 unique Mylobot infected systems every day, and that India appears to be the most targeted country, followed by the United States, Indonesia and Iran.

“We believe we are only seeing part of the full botnet, which may lead to more than 150,000 infected computers as advertised by BHProxies’ operators,” Arnoud wrote.

WHO’S BEHIND BHPROXIES?

The website BHProxies[.]com has been advertised for nearly a decade on the forum Black Hat World by the user BHProxies. BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022.

BHProxies initially was fairly active on Black Hat World between May and November 2012, after which it suddenly ceased all activity. The account didn’t resume posting on the forum until April 2014.

According to cyber intelligence firm Intel 471, the user BHProxies also used the handle “hassan_isabad_subar” and marketed various software tools, including “Subar’s free email creator” and “Subar’s free proxy scraper.”

Intel 471’s data shows that hassan_isabad_subar registered on the forum using the email address jesus.fn.christ@gmail.com. In a June 2012 private message exchange with a website developer on Black Hat World, hassan_isabad_subar confided that they were working at the time to develop two websites, including the now-defunct customscrabblejewelry.com.

DomainTools.com reports that customscrabblejewelry.com was registered in 2012 to a Teresa Shotliff in Chesterland, Ohio. A search on jesus.fn.christ@gmail.com at Constella Intelligence, a company that tracks compromised databases, shows this email address is tied to an account at the fundraising platform omaze.com, for a Brian Shotliff from Chesterland, Ohio.

Reached via LinkedIn, Mr. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. Shotliff shared an April 2014 password reset email from Black Hat World, which shows he forwarded the plaintext password to the email address legendboy2050@yahoo.com. He also shared a PayPal receipt and snippets of Facebook Messenger logs showing conversations in March 2014 with legendboy2050@yahoo.com.

Constella Intelligence confirmed that legendboy2050@yahoo.com was indeed another email address tied to the hassan_isabad_subar/BHProxies identity on Black Hat World. Constella also connects legendboy2050 to Facebook and Instagram accounts for one Abdala Tawfik from Cairo. This user’s Facebook page says Tawfik also uses the name Abdalla Khafagy.

Tawfik’s Instagram account says he is a former operations manager at the social media network TikTok, as well as a former director at Crypto.com.

Abdalla Khafagy’s LinkedIn profile says he was “global director of community” at Crypto.com for about a year ending in January 2022. Before that, the resume says he was operations manager of TikTok’s Middle East and North Africa region for approximately seven months ending in April 2020.

Khafagy’s LinkedIn profile says he is currently founder of LewkLabs, a Dubai-based “blockchain-powered, SocialFi content monetization platform” that last year reported funding of $3.26 million from private investors.

The only experience listed for Khafagy prior to the TikTok job is labeled “Marketing” at “Confidential,” from February 2014 to October 2019.

Reached via LinkedIn, Mr. Khafagy told KrebsOnSecurity that he had a Black Hat World account at some point, but that he didn’t recall ever having used an account by the name BHProxies or hassan_isabad_subar. Khafagy said he couldn’t remember the name of the account he had on the forum.

“I had an account that was simply hacked from me shortly after and I never bothered about it because it wasn’t mine in the first place,” he explained.

Khafagy declined to elaborate on the five-year stint in his resume marked “Confidential.” When asked directly whether he had ever been associated with the BHProxies service, Mr. Khafagy said no.

That Confidential job listing is interesting because its start date lines up with the creation of BHproxies[.]com. Archive.org indexed its first copy of BHProxies[.]com on Mar. 5, 2014, but historic DNS records show BHproxies[.]com first came online Feb. 25, 2014.

Shortly after that conversation with Mr. Khafagy, Mr. Shotliff shared a Facebook/Meta message he received that indicated Mr. Khafagy wanted him to support the claim that the BHProxies account had somehow gone missing.

“Hey mate, it’s been a long time. Hope you are doing well. Someone from Krebs on Security reached out to me about the account I got from you on BHW,” Khafagy’s Meta account wrote. “Didn’t we try to retrieve this account? I remember mentioning to you that it got stolen and I was never able to retrieve it.”

Mr. Shotliff said Khafagy’s sudden message this week was the first time he’d heard that claim.

“He bought the account,” Shotliff said. “He might have lost the account or had it stolen, but it’s not something I remember.”

If you liked this story, you may also enjoy these other investigations into botnet-based proxy services:

A Deep Dive Into the Residential Proxy Service ‘911’
911 Proxy Service Implodes After Disclosing Breach
Meet the Administrators of the RSOCKS Proxy Botnet
The Link Between AWM Proxy & the Glupteba Botnet
15-Year-Old Malware Proxy Network VIP72 Goes Dark
Who’s Behind the TDSS Botnet?

GIMP 2.10.34 is out! JPEG-XL Export & 3.0 Dev Backports [Ubuntu PPA]

Posted on 2023-02-24 by Kernel

GIMP image editor released a new update for the 2.10 series few days ago! Here are what’s new and how to install guide for Ubuntu Linux users.

GIMP 2.10.34 is a new stable release features a lot of bug-fixes and a few enhancements. The official announcement is NOT ready somehow at the moment, though it’s released in gitlab project age. And, the source code is available to download at FTP web page.

For macOS, the DBus is now fully disabled as it in some cases could even cause app freeze. Open With feature still work fine, but other features using dbus (such as opening files or running batch commands from a separate GIMP process) won’t work. As well, check for updates function in macOS now works again.

The release also has some backports from the 2.99.x development releases. The “Canvas Size” dialog has been redesigned to use more horizontal space. And, it has new Template selector in resize dialog.

For PDF with transparent area, there’s new “Fill transparent areas with white” option which enabled by default on file import. And export dialog has “Fill transparent areas with background color” option to decide whether use transparent background.

Other changes in GIMP 2.10.34 include:

Symmetry dockable contents is now shown, yet deactivated, when no images are opened
Color scale preferences are now remembered across sessions.
Import JPEG-XL metadata support.
Export JPEG-XL support, always in 8bit lossless.
New header with “visible” and “link” icons in item dockables
Clipping layers better supported when importing PSD files
Paths are now exported to PSD
New option “Show reduced images” when loading TIFF images
16-bit per channel export for raw image data

How to Install GIMP 2.10.34 in Ubuntu Linux

Option 1: Flatpak

GIMP provides official Linux packages through universal Flatpak package, though it runs in sandbox environment.

Ubuntu user can press Ctrl+Alt+T on keyboard to open terminal, and run the following 2 commands one by one to install it:

Make sure the flatpak daemon installed by running command:
```
sudo apt install flatpak
```

Then, install GIMP as Flatpak via command:

flatpak install https://dl.flathub.org/repo/appstream/org.gimp.GIMP.flatpakref

Once installed, start it either from app launcher or run flatpak run org.gimp.GIMP in terminal.

Option 2: Ubuntu PPA

For those prefer the classic .deb package format. I’ve uploaded the package into the unofficial PPA, with support for Ubuntu 20.04, Ubuntu 22.04, Ubuntu 22.10.

First, press Ctrl+Alt+T on keyboard to open terminal. When it opens, run command to add PPA:
```
sudo add-apt-repository ppa:ubuntuhandbook1/gimp
```
Then either upgrade GIMP using Software Updater, or run command in terminal to install it:
```
sudo apt install gimp libgegl-0.4-0
```
For Linux mint, you may need to run sudo apt update to update package index first.

Uninstall GIMP:

For GIMP package installed as Flatpak, open terminal (Ctrl+Alt+T) and run command to remove it:

flatpak uninstall --delete-data org.gimp.GIMP

Also run flatpak uninstall --unused to clean useless runtime.

For .deb package from PPA, open terminal and run command:

sudo apt install ppa-purge && sudo ppa-purge ppa:ubuntuhandbook1/gimp

The command above will remove PPA and downgrade the GIMP package into stock version in system repository.

For choice, you may remove the PPA instead by running command:

sudo add-apt-repository --remove ppa:ubuntuhandbook1/gimp

And remove the GIMP image editor via:

sudo apt remove --autoremove gimp libgegl-0.4-0

How to address growing API security vulnerabilities in 2023

Posted on 2023-02-24 by Kernel

In many ways, considered the “new battleground for cybersecurity” in 2023, APIs can make – or break – a business in the coming year. The fact that they’re connectors, that they underpin and pull together the majority of digital services we use daily, makes them prime targets for hacks. The holy grail of a hacker is the ultimate low-risk, high-payout option. Because APIs are the hub for so many useful back-end services, they are a single point of entry and a single point of failure. Getting by in the coming year will be a matter of properly understanding and addressing these inherent threats that, with APIs, just come with the territory.

Can’t live with them, can’t live without them

APIs are so easy, which is why in today’s digitally native, fast-moving, instant-gratification-oriented information age, they are widely in use. In fact, they’re almost ubiquitous or will be in the next few years. Apple uses The Weather Channel API to give you those nice daily updates, music apps use APIs to show you what song you’re listening to, and parking services use APIs to let you know when there’s a next available space. A recent study indicated that 97% of enterprise leaders classify API use as essential to future growth, and another shows the average number of APIs used grew 82% over last year.

One quick example will illustrate why and why they’re a prime target for hackers. At a restaurant, you interface with a waiter, not the entire cook staff. Before APIs, users (be that the enterprise or the end-user) had a much larger knowledge burden and had to know about a lot in order to get the information they needed. In other words, you had to know the menu, the cook times, the stocking options, the dish rack, and the short-order grill. Now, APIs enter the scene, and you’ve got a waiter. Finally, someone to manage all that for you and be your single point of contact for dealing with the ever-complexifying back end. APIs are great and underpin the majority of digital services today. They’ve been a boon for DevOps and have only accelerated the already break-neck digital growth. However, because there’s so much resting on them and so much information travelling to and through them, they’re also a huge liability from a security standpoint.

There can be no chink in the armour, no weak link as it is. Even at its best, an API is at significant risk. However, add unnecessary and latent vulnerabilities into the mix, and they’re a ticking time bomb.

API security vulnerabilities (and how to deal with them)

One of the most threatening vulnerabilities is the one already mentioned – their nature as interface between user and a myriad of back-end services. It puts a target on their back.

The rest are more subtle. Here are five:

Overly permissive APIs. They already handle enough. For that reason, the API should be treated as a super-user and protected with the same precautions. Also, it might be helpful to relegate them to “average user” and operate on the principle of least privilege. Only give the requesting entity (the person interfacing with the app) what they need and keep the rest of those super-connecting superpowers disabled. One in five API security survey respondents experienced a breach due to overprivileged APIs.
Faults in the code. True to their nature, many APIs are cut-and-pasted from open-source models. This makes a fast thing get to market even faster. And speed is great. But then we bump into the ever-present problem of security. An organisation asks a developer for an API for their spiffy new web app, and the team wants to get it out as efficiently as possible. Since it basically bridges the front and back ends, it’s not something that hasn’t been done before, and available source code exists on free repositories like GitHub. So, the team downloads a basic API tweaks it to fit the specifications and rolls it out – assuming it’s safe for use. It was tested before being published on GitHub, right? Not necessarily. Teams have to do their own checking because open-source APIs are not always updated with the latest upgrades or patches, and backdoors could exist.
Speed over security. This was alluded to earlier, but the best way to avoid late-stage disasters is to start building APIs with security in mind. You can catch them late in the game when some QC team is doing their due diligence (hopefully) or bake security features into the design from the start. The problem is investment. If you contract with an outside API designer, they have no vested interest in whether your company faces a breach or not. It will reflect on their reputation, perhaps, but if there is nothing in the contract about security expectations, the risk is assumed by the client. Be sure to check the fine print and specify your expectations and requirements beforehand. Not all APIs are created equal, so feel free to have an in-house or third-party agency give it a once-over before you buy. It does slow down the lightning-fastness of it all, but that speed will backfire for companies that cut corners.
Exposed (and hidden) APIs. This comes with the territory. As more and more APIs are opened to the outside world, the attack surface increases. There is a trade-off. On the one hand, exposing your APIs in an open API ecosystem allows organisations to track user/product interaction and provides valuable data. It allows clients to customise your product and helps with retention as customers get what they want. An exposed API can also combine products for enhanced user experience; some industries even demand it – banking, telecommunications, and healthcare, to name three. Ultimately, companies with an Open API strategy see a nearly 13% increase in revenue over those without one. However, before throwing the doors open, realise the risks and plan ahead: API sprawl, siloes, and security blind spots. Not to mention a statistical increase in coding errors, latent vulnerabilities, and privilege abuse.
Every API is unique. An API can be template-developed and unique, giving it the risk profile of two different worlds. For this reason, API attacks are typically crafted custom to the API. Securing against “one and done” attacks like SQL injections and testing pre-production code will only get you so far. Like a two-edged sword, the rapid, dynamic nature of APIs requires special attention to overlooked errors and specifically programmed business logic because attackers regularly test for inroads in both.

Addressing inherent (and trending) API vulnerabilities comes down to awareness first. The primary problem is that only a few organisations see the benefits without recognising the risks. Stay smart and either train in-house or consider an API security platform built to handle the changes. A key challenge of securing APIs is that the landscape constantly evolves, changing the threats along with it. The organisations that will thrive in 2023 will be the ones that can handle the changes.

The post How to address growing API security vulnerabilities in 2023 appeared first on IT Security Guru.

40+ Best Browser Games In 2023

Posted on 2023-02-24 by Kernel

Last Updated on February 24, 2023 by itsubuntu

List Of Best Internet-Based Browser Games In 2023

There are plenty of amazing games that you can play on Internet browsers. You don’t need to install them to play them. In this post, we will show you some of the best internet-based browser games that you can play in 2023.

40+ Best Browser Games In 2023

Slither.io
Krunker.io
Paper.io
Bonk.io
Hole.io
Zombs.io
Surviv.io
MooMoo.io
Diep.io
Shell Shockers
Little Alchemy
2048
Cookie Clicker
The Impossible Quiz
Tetris
Pac-Man
Bejeweled
Bloons Tower Defense 5
Super Mario Bros. Crossover
Snake
Minesweeper
Duck Hunt
Snail Bob
Wordle
Agar.io
Pong
Doom
Wolfenstein 3D
Quake
Diablo
Runescape
Club Penguin Rewritten
Neopets
AdventureQuest Worlds
Transformice
Habbo Hotel
Kingdom of Loathing
Township
Gardenscapes
Pirate101
Wizard101
My Little Farmies

Snail Bob

It is a popular browser-based puzzle game. In this game, You can play with the Snail where the player must guide a cute and slow-moving snail named Bob through various obstacles to reach his destination. The game has multiple levels each with its own challenges, and the player must navigate Bob through obstacles such as gaps, spikes, and moving platforms by clicking on different buttons and levers in the game world. The player must also avoid hazards like fires and water, and collect stars along the way to earn points.

Snail Bob is also available for mobile devices.

Agar.io

Agar.io is a popular online multiplayer game where players control a cell and try to grow in size by eating smaller cells while avoiding being eaten by larger ones. Agar.io has various game modes, including FFA (free-for-all), Party mode, and Teams mode, where players can form teams with their friends to compete against other teams. As the player grows, they become slower and easier to catch by other players, so it becomes more challenging to stay alive. The game is played in real-time, with players from around the world competing against each other. Agar.io is available to play on desktop browsers and mobile phones.

Wordle

Wordle is a popular word-guessing game that has gained popularity in recent months. The game is played by guessing a five-letter word within six attempts. The game creator provides a hint in the form of a colored box that appears around the letter if it is correctly guessed and in the correct position. A gray box indicates a correct letter but in a different position. Wordle is available to play for free on its official website. Wordle is a browser-based word-guessing game. NYTimes has acquired Wordle.

2048

2048 is a popular puzzle game. It was created by Gabriele Cirulli in 2014 and it was one most popular games of that time. The game is played on a 4×4 grid, and the goal is to combine tiles with the same number to create a tile with a value of 2048. The game ends when the grid is full and no more moves can be made, or when the player successfully creates a tile with the value of 2048.