Tag Archive for: Razer

Gaming firm Razer hit by potential breach, hacker offering stolen data for $135k in crypto

/in


SINGAPORE – Gaming hardware company Razer has allegedly suffered a data breach, after a seller on a hackers’ forum offered stolen data for US$100,000 (S$134,898) in cryptocurrency on Saturday.

The firm said in a Twitter post on Monday that it is aware of a potential breach and is investigating.

Checks by The Straits Times found that the data being sold included the source code and back-end access logins for Razer’s website and its products.

This included folders labelled zVault – referring to Razer’s digital wallet that was launched in March 2017 and later gave way to Razer Gold in December 2018 – as well as those allegedly containing encryption keys and files pertaining to its reward system.

A sample seen by ST also showed the alleged e-mail addresses of customers with virtual credit in Razer Gold accounts. The seller claimed to have 404,000 accounts, but this could not be verified.

On the hackers’ forum, the seller said he would sell the data to only one customer for an asking price of US$100,000 in the Monero cryptocurrency. However, he added that he would be open to offers lower than the stipulated amount.

Unlike other cryptocurrencies such as Bitcoin or Ethereum, in which information on transactions is public as they take place on the blockchain, transactions on Monero are private, according to the cryptocurrency’s website.

Source…

Qualcomm dives into handheld gaming, powering new device in partnership with Razer

/in


What new bells and whistles might be coming to top-tier Android smartphones next year?

Qualcomm, whose mobile processors power some 2 billion handsets worldwide, gave a few hints this week at its annual Snapdragon Summit in Hawaii.

The San Diego company introduced technologies that deliver faster 5G and Wi-Fi, crisper photos, always-on cameras and CD-quality “lossless” Bluetooth audio, among other things.

It also added a few surprises, including a standalone mobile gaming device and a revamped branding campaign that seeks to make the Snapdragon name as well-known as “Intel Inside.”

Here are a few things to know about this week’s event.

Gonzo gaming

There are 2.5 billion mobile gamers worldwide, and they spend a lot of money on their preferred entertainment. Qualcomm estimates the amount at $90 billion to $120 billion a year.

The company has long touted its sharp graphics and fast processing for gamers on smartphones. Now it’s working with gaming hardware outfit Razer on a standalone, handheld gaming device. which includes a cooling fan for better performance.

Qualcomm isn’t making any devices. It’s simply providing a design template to enable electronics makers to more easily roll out gaming devices based on Qualcomm’s new Snapdragon G3x Gaming Platform.

“Let’s say you are connected to a 5G network, and you’re doing multi-player gaming,” said Alex Katouzian, senior vice president of mobile, compute and infrastructure at Qualcomm. “That is when immersive audio is very important. The fan is very important because now you can push the envelope of performance to a higher level. You can attach to a TV. Fast charging capability is on there as well.”

5G, cameras, AI and security

For smartphones, Qualcomm’s latest Snapdragon 8 Gen 1 processor can theoretically reach 10-gigabit per second download speeds — though that’s unlikely in real life because of network congestion and other things. Still, it’s faster than Qualcomm’s earlier generations of 5G processors.

Snapdragon 8 Gen 1 also delivers the fastest version of Wi-Fi, which reaches 3.7 gigabits per second.

Its artificial intelligence engines help power natural language processing, the scanning of documents…

Source…

Microsoft Windows 10 security warning viral Razer OMG admin hack tweet

/in


Just when you thought things couldn’t get much worse for Windows 10 users after a miserable few weeks of security issues from PrintNightmare through to SeriousSAM and even a potential Windows Hello facial recognition bypass, they only went and did.

A security researcher was so fed up with being ignored when reporting a shockingly simple hack that could give any user admin rights on a Windows 10 computer that he tweeted the zero-day exploit. A tweet that quickly went viral.

Annoyed security researcher discovers simple Windows 10 zero-day

I spoke with the security researcher, who only wants to be known by the Twitter handle of j0nh4t, who told me how the hack came to light. “I noticed the Razer Synapse installer was bundled with ‘driver’ installs via Windows Update,” while using the mouse, j0hn4t says, “I was annoyed by this behavior and decided to take a deeper look.” Unfortunately, what that look revealed was an issue that’s shockingly trivial to exploit.

All it took for anyone to exploit this vulnerability was to plug in a Razer mouse, or the dongle it uses, and then shift-right from the Explorer window opened by Windows Update to choose a driver location and open a PowerShell with complete SYSTEM, or admin if you prefer, rights. And it got worse as an attacker would also be able to use the hack and save a service binary that could be “hijacked for persistence” and executed before the user even logs on during the boot process.

“I think Microsoft should take a look in the mirror on how they manage ‘driver’ updates,” j0nh4t says, whilst appreciating the fine line of balancing user experience and usability involved. “Should Windows Update solely provide drivers so the device works at a minimum level and the user goes out of their way to download additional software?” the researcher says, adding that “this is a somewhat dangerous and interesting attack vector.”

I reached out to Microsoft regarding the privilege escalation issue, and a spokesperson told me, “We are aware of recent reports, and we are investigating the issue. While this issue requires physical access to a targeted device, we will take any necessary steps to help protect customers.”

The exploit…

Source…

Razer to fix Windows installer that grants admin powers if you plug in a mouse • The Register

/in


In brief Razer is working on an updated installer after it was discovered you can gain admin privileges on Windows by plugging in one of the gaming gear maker’s mice or keyboards.

In fact, inserting any USB device that declares itself a Razer mouse or keyboard will lead to an exploitable situation.

As documented late last week by a Twitter user called j0nh4t, if you plug into a Windows 10 or 11 machine a device identified as a Razer mouse or keyboard, Microsoft’s OS will automatically download and run Razer’s installer for the manufacturer’s Synapse software, which can be used to configure the peripheral.

During the installation process, which runs at the System level, you can spawn a Powershell terminal from an Explorer window that runs with these high-level privileges. Thus, you can gain local admin access on a machine, if you can login in somehow and plug in a gadget – useful for penetration testing, at least. It is also possible to tell the installer to use a user-controlled folder to store an executable that is run on every boot, which can be hijacked by a rogue user.

The bug finder said they had no luck in getting Razer’s attention when trying to report these flaws, and after they put a zero-day exploit for the Powershell hole on Twitter, the manufacturer got in touch and offered a vulnerability bounty. A new version of the installer to address these problems is being prepared for release, we’re told. We wonder how many Windows installers have these same weaknesses.

A spokesperson for Razer told us today: “We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process.

“We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated…

Source…