Nvidia Forums and Devzone Compromised


Recommended Posts

Just saw this on their facebook page as well as on their site linked below

Attention NVIDIA Forum and DevZone Users: We recently discovered that unauthorized third parties gained access to some user information. We continue to investigate this matter and are working to restore these sites as soon as possible. Please visit http://forums.nvidia.com/ andhttp://developer.nvidia.com/ for the latest status updates and guidance.

Source: http://www.nvidia.com/content/forums/index.html

Link to comment
Share on other sites

That's why nvidia forum was not opening since many days..

Link to comment
Share on other sites

They use the smae software as this forum as welll which is Invision Power Services IP.Board or IPB.

Link to comment
Share on other sites

They use the smae software as this forum as welll which is Invision Power Services IP.Board or IPB.

They never updated from the 2.x version is probably why.

Link to comment
Share on other sites

the hell??? yah think they'd be on top of that.... and be surely able to afford to upgrade.... wow... not unless some clingy ****** didn't want to upgrade becuase of some changes IPS made.... I hope not!!!!

Link to comment
Share on other sites

Another forum I visit that also uses IPB (overclock3d.net) got hacked a whole bunch of times with code inserted in to their Index.php - They have switched to VBulletin as their board and the attacks have stopped. They were using the latest up to date version of IPB..

Link to comment
Share on other sites

Glad I now use a different password for every online account i have, i probably should change my Nvidia forums pass, however i dont care enough about it to. I signed up to ask something 4/5 years ago and never used the forums again.

Dear NVIDIA Forum User,

We suspended operations of the NVIDIA Forums last week in response to suspicious activity and immediately began an investigation. We apologize that our continuing investigation is taking this long. Know that we are working around the clock to ensure that secure operations can be restored.

Our investigation has identified that unauthorized third parties gained access to some user information, including:

? username

? email address

? hashed passwords with random salt value

? public-facing ?About Me? profile information

NVIDIA did not store any passwords in clear text. ?About Me? optional profiles could include a user?s title, age, birthdate, gender, location, interests, email and website URL ? all of which was already publicly accessible.

NVIDIA is continuing to investigate this matter and is working to restore the Forums as soon as possible. We are employing additional security measures to minimize the impact of future attacks.

All user passwords for our Forums will be reset when the system comes back online. At that time, an email with a temporary password, along with instructions on how to change it, will be sent to your registered email address.

As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere.

NVIDIA does not request sensitive information by email. Do not provide personal, financial or sensitive information (including new passwords) in response to any email purporting to be sent by an NVIDIA employee or representative.

Check back on the NVIDIA Forums for updates.

Link to comment
Share on other sites

By cloud, you mean "internet" correct?

Yep. Internet isn't permanent, it's transient. Like farting clouds :-D

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By News Staff
      Mastering Python for Networking and Security ($27.99 Value) - free download
      by Steven Parker

      It’s now more apparent than ever that security is a critical aspect of IT infrastructure, and that devastating data breaches can occur from simple network line hacks. Claim your complimentary eBook (worth $27.99) for free, before the offer expires on October 27.

      As shown in this book, combining the latest version of Python with an increased focus on network security can help you to level up your defenses against cyber attacks and cyber threats.

      Python is being used for increasingly advanced tasks, with the latest update introducing new libraries and packages featured in the Python 3.7.4 recommended version. Moreover, most scripts are compatible with the latest versions of Python and can also be executed in a virtual environment.

      This book will guide you through using these updated packages to build a secure network with the help of Python scripting. You’ll cover a range of topics, from building a network to the procedures you need to follow to secure it. Starting by exploring different packages and libraries, you’ll learn about various ways to build a network and connect with the Tor network through Python scripting. You will also learn how to assess a network's vulnerabilities using Python security scripting.

      Later, you’ll learn how to achieve endpoint protection by leveraging Python packages, along with writing forensic scripts.

      By the end of this Python book, you’ll be able to use Python to build secure apps using cryptography and steganography techniques.

      This free offer expires on October 27.

      How to get it
      Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!

      Mastering Python for Networking and Security - Second Edition ($27.99 Value) - free download
      Offered by Packt Publishing, view their other free resources. Expires October 27.

      Not for you?
      That's OK, there are other free eBooks on offer you can check out here.

      Ivacy VPN - 5 years at 87% off NordVPN - 2 years at up to 68% off Private Internet Access VPN - subscriptions at up to 79% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Giveaways: Apple Giveaway | Gaming Giveaway | Amazon Giveaway Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.

    • By Abhay V
      Microsoft Weekly: Patch Tuesday, Windows 11 builds, and Xbox Series X "Mini Fridge"
      by Abhay V

      There was a lot that happened in the world of Microsoft this week. There were updates to all supported Windows versions, including the first-ever update to Windows 11 that began rolling out to the public as part of the Patch Tuesday updates. While the updates brought fixes aplenty, not all was well for a few people when it came to performance. There were also disappointments in store for those excited about 3D emojis in Windows 11. This, gaming, and more are in our weekly digest for October 10 – October 16.

      Patch Tuesday and Windows 11 preview builds

      The second Tuesday of the month brought a bunch of updates to all supported Windows versions. This time around, Windows 11 joined the group and received its first-ever public update. As usual, other versions included Windows 10, Windows 8.1, and users of Windows 7 that have opted for extended security updates. While these updates did bring a bunch of bug fixes and improvements, what they did not bring were fixes for the issue affecting users running Windows 11 on AMD processors. Instead, performance on Ryzen systems reportedly deteriorated. The issue affected even the latest-generation chips.

      The fix was said to come later in the week, which it actually did in the form of Windows 11 build 22000.282, which rolled out to the Beta and Release Preview channels. The build brought a ton of fixes, which will be eventually rolled out to the production version. Dev channel users, however, received Windows 11 build 22478 that included a few new features, improvements, and the addition of new Fluent emojis. The emojis were a topic of conversation as they were not as “3D” as the firm had been promising.

      For those interested, the firm also detailed how it reduced the size of Windows 11 updates by 40%.

      WSL in the Microsoft Store, security, and more
      Continuing with the firm’s efforts to move more apps to the Microsoft Store, the newest entrant is the Windows Subsystem for Linux in Preview form. This will help the company bring new features to the capability without having to tie them to OS releases. This is also the version that the firm will be promoting as the optimal solution, it added.

      The week also brought a few security-related news, the direst of which was the report by Microsoft that U.S. defense companies are being targeted by a threat actor that is being linked to Iran. The cluster is currently termed DEV-0343. The firm has listed some hunting queries for Microsoft 365 Defender and Azure Sentinel that customers can utilize to detect malicious activity, which you can find here.

      As for Windows 11, the company demoed a hacker attack on systems without TPM, VBS, and other security features, further justifying its decision to adopt those standards as the default. In addition to this, the company also showed off how Azure won against its biggest DDoS attack ever back in August this year.

      In unrelated news, Microsoft also announced this week that Visual Studio 2022 will officially launch on November 8, bringing features such as .NET 6 and C++ 20 support, better performance for the core debugger, and much more.

      Xbox Series X “Mini Fridge”, console giveaways, and games
      We start off the gaming roundup with news of two custom Xbox Series X consoles; one featuring SpongeBob SquarePants and another featuring Leonardo from Teenage Mutant Ninja Turtles, which are a part of a giveaway commemorating the launch of Nickelodeon All-Star Brawl. Talking about new hardware, the company announced that the Xbox Series X “Mini Fridge” would launch in December for $99.99, for those that have been interested in the product.

      Moving on, this week’s list of Deals with Gold included discounts and offers on games from the Batman and Fallout franchises. In terms of what’s new, Xbox Game Pass users on the PC will finally be offered Minecraft on that platform. This includes both the Bedrock version and the original Java Edition. Mojang Studios also announced that the next major update, Minecraft The Wild Update, will be out in 2022, bringing Ancient Cities, frogs, and more. Talking about subscriptions and platforms, Fallout 3 received an update that removed the requirements for Games for Windows Live completely.

      Concluding the gaming section is the news of Halo: The Master Chief Collection updates. The latest inclusion of features comes via Season 8 which is titled Mythic. It comes with enhancements to the Firefight mode, custom games browser support for more titles, PC file share, and much more.

      Dev channel:
      Microsoft launches UK's first British Sign Language billboard campaign Microsoft releases PowerToys 0.47.1 to address stability issues Everything new in Windows Holographic vesion 21H2 Closer Look Series: Taking a look at the new Paint app and the lock screen on Windows 11 Microsoft is deploying HTTP/3 on Exchange Online servers to reduce latency by up to 67%

      Logging off:
      For those disappointed about the absence of a full-fledged clock on secondary displays when running Windows 11, a third-party utility called ElevenClock helps users add a clock on the second display, including with seconds – something that is entirely missing on Windows 11. It must be noted that the tool is an unverified, third-party offering.

      In addition to the tool, be sure to not miss our detailed coverage of Windows 11 as part of our Closer Look series here.

      Missed any of the previous columns? Check them all out at this link.

      If you’d like to get a daily digest of news from Neowin, we have a Newsletter you can sign up to either via the ‘Get our newsletter’ widget in the sidebar, or through this link.

    • By Usama Jawad96
      Your WhatsApp backups on Google Drive and iCloud can now be encrypted end-to-end
      by Usama Jawad

      Although WhatsApp has supported end-to-end encryption of chats for the several years, this capability does not cover cloud backups, which are uploaded in an unencrypted state. The Facebook-owned chat app clearly notes in its backup settings that "Messages and media backed up in Google Drive are not protected by WhatsApp end-to-end encryption" on WhatsApp for Android.

      That said, we know that the company has been testing encrypted cloud backups for well over a year, and after making its way to WhatsApp beta a few months ago, the capability has finally started rolling out generally.

      Starting from today, users will have the choice to end-to-end encrypt their backups before they are uploaded to Google Drive or iCloud. WhatsApp has proudly boasted that no other global messaging service of this magnitude provides this capability to its customers.

      Despite offering this feature which ensures that neither WhatsApp nor a cloud service provider can read your messages, encrypted chat backups is still an optional layer of security. This is because there are a couple of caveats to be aware of. Backups can be encrypted end-to-end using a password of your choice or a 64-bit key, however, if you lose access to your chats due to some mishap and forget your encryption key too, there is no way to restore the backup. Even WhatsApp won't be able to initiate this process since it claims that it doesn't get access to your key at all.

      It appears that this capability is rolling out in a staggered manner since we don't have it on our devices yet. You can head over to Settings > Chats > Chat backup > End-to-end Encrypted Backup to check whether you have the feature yet. You can also utilize our brief guide to configure encrypted cloud backups.

    • By Fiza Ali
      The Linux Foundation raises $10 million to expand and support the OpenSSF
      by Fiza Ali

      The Linux Foundation has announced that it has raised $10 million in new investments to expand and support the Open Source Security Foundation (OpenSSF). OpenSSF is a cross-industry alliance that congregates various open-source software initiatives under one umbrella to identify and solve cybersecurity vulnerabilities in open-source software and create enhanced vulnerability disclosure practices, research, training, and tooling. Brian Behlendorf, open-source luminary and the primary developer of the Apache Web server, will serve this collaborative effort as General Manager.

      Commenting on the alliance's response to U.S. President Joe Biden's Cybersecurity Executive Order, Executive Director at the Linux Foundation, Jim Zemlin stated:

      The financial commitments come from a diverse set of companies across different industries, including Premier members, such as VMware, Snyk, Red Hat, Oracle, Morgan Stanley, Microsoft, JPMorgan Chase, Intel, IBM, Google, GitHub, Fidelity, Facebook, Ericsson, and Dell Technologies. Additional commitments come from General members, such as Wind River, TideLift, Nutanix, GitLab, Devgistics, Deepfence, AuriStar, Apiiro, and Anchore.

      Senior Vice President, CTO and, General Manager of Software and Advanced Technology at Intel Corporation, Greg Lavender stated:

      According to the 2020 Open Source Security and Risk Analysis Report by Synopsys, open-source software accounts for at least 70 percent of all software, the OpenSSF provides the "natural, neutral, and pan-industry forum to accelerate the security of the software supply chain". For more information about OpenSSF and The Linux Foundation, head over to the dedicated webpages here and here, respectively.

    • By Usama Jawad96
      Microsoft: U.S. defense sector is being targeted by Iran
      by Usama Jawad

      A few days ago, Microsoft released its annual Digital Defense Report, noting that the greatest digital threats to governments are posed by nation-state actors from Russia, North Korea, Iran, and China. Today, the Redmond tech giant has issued an advisory stating that U.S. defense companies are being targeted by a threat actor that is being linked to Iran.

      The latest cluster of malicious activity spotted by Microsoft is dubbed DEV-0343 for now. The company assigns this naming convention to a developing cluster whose identity is not yet confirmed. Once a sufficiently high level of confidence is reached regarding their identity, this ID is changed to that of a named threat actor.

      As of now, DEV-0343 seems to be targeting U.S. and Israeli defense companies, global maritime transportation firms with a presence in the Middle East, and Persian Gulf ports of entry. Its attack methodology involves password spraying Office 365 tenants, which obviously means that accounts with multi-factor authentication (MFA) are resilient to it. Microsoft says that over 250 tenants were targeted, but less than 20 have been successfully compromised. Affected customers have already been informed. Some of Microsoft's reasons for linking this activity to Iran are as follows:

      Microsoft has highlighted that DEV-0343 has continued to evolve and uses Tor IP addresses to hide its operational infrastructure. The Redmond firm has suggested that organizations keep an eye out for extensive inbound traffic coming from Tor IPs emulating Firefox or Chrome browsers between 04:00:00 and 11:00:00 UTC, enumeration of Exchange ActiveSync or Autodiscover endpoints, the use of the latter to validate accounts and passwords, and the utilization of password spray tools like o365spray, which is hosted on GitHub here.

      Microsoft has recommended that customers also use MFA and passwordless solutions like Microsoft Authenticator, review Exchange Online access policies, and block traffic from anonymizing services where possible. The firm has also listed some hunting queries for Microsoft 365 Defender and Azure Sentinel that customers can utilize to detect malicious activity. You can check them out here.