SPEAR PHISHING What is device code phishing, and why are Russian spies so successful at it? Overlooked attack method has been used since last August in a rash of account takeovers. Dan Goodin Feb 14, 2025 4:16 pm | 17 Credit: Getty Images Credit: Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreResearchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers warned.The technique is known as device code phishing. It exploits device code flow, a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically dont support browsers, making it difficult to sign in using more standard forms of authentication, such as entering user names, passwords, and two-factor mechanisms.Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account. The user opens the link on a computer or other device thats easier to sign in with and enters the code. The remote server then sends a token to the input-constrained device that logs it into the account.Device authorization relies on two paths: one from an app or code running on the input-constrained device seeking permission to log in and the other from the browser of the device the user normally uses for signing in.A concerted effortAdvisories from both security firm Volexity and Microsoft are warning that threat actors working on behalf of the Russian government have been abusing this flow since at least last August to take over Microsoft 365 accounts. The threat actors masquerade as trusted, high-ranking officials and initiate conversations with a targeted user on a messenger app such as Signal, WhatsApp, and Microsoft Teams. Organizations impersonated include:United States Department of StateUkrainian Ministry of DefenceEuropean Union ParliamentProminent research institutions Messages sent by threat actors impersonating high-profile organizations. Credit: Microsoft After building a rapport, the attackers ask the user to join a Microsoft Teams meeting, give access to applications and data as an external Microsoft 365 user, or join a chatroom on a secure chat application. The request includes a link to and an access code, which the threat actor generated using a device they control. A phishing lure that requests target click a link and enter a device authorization code. Credit: Microsoft When the target visits the link with a browser authorized to access the Microsoft 365 account and enters the code, the attacker device gains access that will last as long as the authentication tokens remain valid. Attack chain of the device authorization phishing campaign. Credit: Microsoft While Device Code Authentication attacks are not new, they appear to have been rarely leveraged by nation-state threat actors, Volexity CEO Steven Adair wrote Thursday afternoon. He said that this particular method has been far more effective than the combined effort of years of other social-engineering and spear-phishing attacks conducted by the same (or similar) threat actors. It appears that these Russian threat actors have made a concerted effort to launch several campaigns against organizations with a goal of simultaneously abusing this method before the targets catch on and implement countermeasures.The effectiveness of the attacks is, in large part, the result of the ambiguity in the user interface of the device code authorization process. That means it's important for people to pay close attention to links and the pages they lead to. Microsoft Azure prompts users to confirm they're signing into the app they expect. People should look for it and be suspicious of messages where this option is missing.Microsoft and Volexity provide various other steps people can take to avoid falling prey to this campaign.Dan GoodinSenior Security EditorDan GoodinSenior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82. 17 Comments

My parents have been married for 52 years. I'm not following their example in my own relationship. They mostly followed traditional roles, but my husband and I are aiming for a balanced partnership.A fair division of labor and open communication are important to me. I first met my husband on spring break when I was 17. I fell hard and fast despite him living in another state, quickly declaring I wanted to marry him. It was easy to imagine marriage at such a young age since my parents were married when they were both 20. When we finally said "I do," I was 24. I'll admit, I didn't know a lot about marriage except for what I'd witnessed through my own parents' relationship. They're now in their early 70s and going on 52 years of marriage. While they are very much in love, they haven't always demonstrated a union I'd like to emulate. From dinnertime to communication to division of labor, I intentionally follow different guidelines in my own day-to-day life. Is it wrong to say I don't want my marriage to be like my parents' marriage?It starts with dinnerMy mom has stressed about cooking dinner for my dad for more than 50 years. We can even be away on vacation without my dad and she still makes sure his 5 p.m. meal is all planned out every single day. For quite some time I thought this was normal a wife ensuring her husband never missed dinner. I even tried to be just like my mom early on in my own marriage, until one day when I had an infant on my hip and a toddler on my leg I declared the inconvenience of it all. My husband could cook too. He could reheat leftovers. He could pick up takeout. I didn't have to do it all.It's not to say one day I just stopped making dinner for my husband, there was a conversation first. In our marriage we prefer to talk about stuff because there is nothing more unsettling than an elephant in the room. I know because I grew up with one in my house. My parents rarely communicated what felt uncomfortable. They would rather not speak for weeks than peacefully admit why they're mad about something or someone.I have always known I didn't want that level of silence in my marriage because I can't ignore bad feelings. There is nothing like a good argument to clear the air, but it's not to say in the twenty years my husband and I have been together we have never gone to bed angry. When you have three children in the home, communication and transparency is extremely important.A fair division of labor is important to meI was raised in a home in which both parents worked two jobs each, yet only one parent truly did it all. School conferences and dentist appointments, laundry and cleaning, there was no equal division of household responsibilities. As a child I did not realize my mother never stopped working, even when her office hours were over.It's important in my marriage for my spouse and I to be teammates, sharing the workload for parenting and household. However it was not until the pandemic that our team was tested. When I was very sick for months, my husband had to do it all. He will say the forced responsibilities gave him purpose and power. Now he actively takes a part in everything our daughters do not only because equality is important, but also because he wants to.There are some things I'd like to emulateNow that I have torn apart my parents' marriage, I'd like to piece it back together by celebrating the good stuff. Fifty years is a long time to stay with one person and their loyalty is admirable. The number of hardships and the tragedies they've faced, all while taking care of me and my siblings, could have been reason enough to tear them apart. Instead, it bonded my parents so tightly. To this day my parents work together to give their children and grandchildren everything we could want and need. The love and pride they have for the family they built is a remarkable and aspirational aspect of their marriage. My husband and I would be so lucky to have our own children describe our marriage in such a way someday, even if we are doing it our own way.

Elon Musk said xAI's Grok 3 chatbot will be unveiled with a live demo on Monday.In a post on X, Musk called the chatbot the "smartest AI on Earth."It comes after China's DeepSeek sent shockwaves through markets in January.Elon Musk has said that xAI's Grok 3 chatbot, which he called the "smartest AI on Earth," will be unveiled on Monday.The billionaire made the announcement in a post on X, saying the bot would be released with a live demo at 8 p.m. PT.Speaking by video link at the World Government Summit in Dubai earlier this week, Musk suggested they were still "a week or two" away from releasing the product and that he didn't want to be "hasty" in order to provide the best user experience possible.But it seems he has decided to press ahead with an earlier release, writing on X that he would be "honing product with the team all weekend" and that he would be "offline until then."Teasing Grok 3 to the crowd in Dubai, Musk said it had been "outperforming anything that's been released" in tests, adding that he thought the technology was "scary smart."The bot was trained on synthetic data and could review this to achieve logical consistency, he said."So if it's got data that is wrong, it'll actually reflect upon that and remove the data that is wrong," he said. "Its base reasoning is very good."It comes after Chinese AI startup DeepSeek sent shockwaves through markets in January after the release of its new flagship AI model, R1, which it says matches the reasoning capabilities of US models such as OpenAI's o1 but at a fraction of the cost.Musk's AI startup, xAI, was founded in 2023 and released its Grok 2 language model in August 2024.Three xAI employees recently told Business Insider that the company planned to hire thousands of people this year to help train its chatbot.

After leaks about the console's release date and price, one report has resurfaced suggesting Rockstar will support the Switch 2 with a port of one of its biggest gamesTech10:00, 16 Feb 2025Arthur Morgan could make his Switch debut(Image: Rockstar Games)It's been a big week for the Switch 2, despite Nintendo being sworn to secrecy until April 2. The company has promised that's when it'll reveal more about the system, but that hasn't stopped retailers seemingly leaking the price and the console's release date.Still, we're still waiting to hear more about what we'll actually play on the Switch 2, with plenty of rumours swirling that its launch games could include Mario, Zelda, and much, much more.But could a Rockstar Games title be among them? While the studio is still working hard on GTA 6, one rumour doing the rounds again is the suggestion that the team's cowboy epic, Red Dead Redemption 2, could come to Switch 2 as a launch title.Red Dead Redemption 2 would be amazing on a Switch(Image: Rockstar Games)One leaker posted in a now-removed Discord that Rockstar Games will launch Red Dead Redemption 2 on Switch 2, and it could end up as a launch title.As with anything, fistful of salt is required, but the leaker had correctly revealed the PS5 Pro and Nintendo Alarmo before, so it's not outside of the realms of possibility.Red Dead Redemption 1, which launched in 2010, finally came to the Switch 13 years later in 2023. And, while its sequel launched in 2018, it's still not come to a Nintendo system despite hitting PlayStation, Xbox, PC, and even Google Stadia.For what it's worth, Take-Two's CEO (the company that owns Rockstar Games) has recently commented on the Nintendo Switch 2."We've had obviously a long-standing relationship with Nintendo," Strauss Zelnick said, "and we've supported the platform when it made sense for the individual release."There was a time when Nintendo platforms are really geared at younger audiences and that was reflected in our release schedule. And now today with Switch and potentially with Switch 2, the Switch device can support any audience."Article continues belowWhile we admit a GTA 6 port for Switch 2 is unlikely due to the scope of the game, Rockstar has had a few years to optimise Red Dead Redemption 2 for a handheld.In fact, despite the game setting a high watermark for graphics settings on PC, it runs very, very well on Steam Deck, which suggests it could be shrunk down to play nicely on Switch, too.For the latest breaking news and stories from across the globe from the Daily Star, sign up for our newsletters.

Researchers at the University of Cambridge have built a solar-powered reactor that converts atmospheric carbon dioxide (CO2) into a gas that could one day fuel vehicles, power off-the-grid dwellings, and even produce pharmaceutical products. The researchers say were inspired by photosynthesis and claim that their technology can be scaled up more easily than earlier solar-powered devices. The teams research was published todayin the journal Nature Energy. Carbon capture and storage (which is exactly what it sounds like) is a possible means of reducing greenhouse gas emissions. The problem is that most carbon capture technologies are themselves powered by burning fossil fuelsnot to mention the fact that the CO2 captured in the process needs to be stored somewhere, such as deep underground. But a new reactor could solve all of that. What if instead of pumping the carbon dioxide underground, we made something useful from it? Sayan Kar, a chemist at the University of Cambridge and first author on the study, said in a university statement. CO2 is a harmful greenhouse gas, but it can also be turned into useful chemicals without contributing to global warming. Kar and his colleagues new reactor is completely solar-powered, meaning it requires no cables or batteries. At night, it filters CO2 from the airsimilar to how a sponge soaks up water, according to the researchers. During the day, sunlight heats up the collected CO2, which absorbs the Suns infrared radiation while a semiconductor powder absorbs the ultraviolet radiation. A mirror on the reactor concentrates the sunlight for greater efficiency in the system.The absorption initiates a chemical reaction in the reactor that converts the CO2 into synthesis gas, or syngas, a mixture of carbon monoxide (CO) and hydrogen (H2) that is an important ingredient in the production of many fuels and chemicals. The team is currently researching how to convert this solar syngas into liquid fuels that could one day sustainably power vehicles like cars and planes. If we made these devices at scale, they could solve two problems at once: removing CO2 from the atmosphere and creating a clean alternative to fossil fuels, said Kar. CO2 is seen as a harmful waste product, but it is also an opportunity.The researchers claim that a solar reactor of this kind could even be used by individuals (as opposed to powering an entire neighborhood or town) to provide energy for remote locations. Furthermore, because of syngas prevalence in the production of chemicals, solar syngas could also lessen the carbon footprint of the chemical sector. Instead of continuing to dig up and burn fossil fuels to produce the products we have come to rely on, we can get all the CO2 we need directly from the air and reuse it, said Erwin Reisner, a chemist at the University of Cambridge who led the study. We can build a circular, sustainable economyif we have the political will to do it. Heres hoping that well be seeing solar-carbon-capture-reactor-powered cars on the market sooner than we think.

The James Webb Space Telescope has zoomed in on Leo P, a tiny galaxy with some big things to say about star formation.

Animals hear other species communicate around them every day. Do they understand what they're saying?

RTRetro AnimeGhost in The Shell (1995)

RTAmerica First LegalNEW: The U.S. Department of Education just notified the education departments in all 50 states that they have 14 days to remove ALL DEI programming from ALL public schools, warning that institutions that fail to comply face losing federal funding.

UnsustainableLibs of TikTok:BREAKING: California is spending $9.5 BILLION on healthcare for illegal immigrantswhile facing a $30 BILLION deficit.