Security

Hackers Drain Bitcoin ATMs of $1.5 Million By Exploiting 0-Day Bug (arstechnica.com) 112

turp182 shares a report from Ars Technica: Hackers drained millions of dollars in digital coins from cryptocurrency ATMs by exploiting a zero-day vulnerability, leaving customers on the hook for losses that can't be reversed, the kiosk manufacturer has revealed. The heist targeted ATMs sold by General Bytes, a company with multiple locations throughout the world. These BATMs, short for bitcoin ATMs, can be set up in convenience stores and other businesses to allow people to exchange bitcoin for other currencies and vice versa. Customers connect the BATMs to a crypto application server (CAS) that they can manage or, until now, that General Bytes could manage for them. For reasons that aren't entirely clear, the BATMs offer an option that allows customers to upload videos from the terminal to the CAS using a mechanism known as the master server interface.

Over the weekend, General Bytes revealed that more than $1.5 million worth of bitcoin had been drained from CASes operated by the company and by customers. To pull off the heist, an unknown threat actor exploited a previously unknown vulnerability that allowed it to use this interface to upload and execute a malicious Java application. The actor then drained various hot wallets of about 56 BTC, worth roughly $1.5 million. General Bytes patched the vulnerability 15 hours after learning of it, but due to the way cryptocurrencies work, the losses were unrecoverable. [...] Once the malicious application executed on a server, the threat actor was able to (1) access the database, (2) read and decrypt encoded API keys needed to access funds in hot wallets and exchanges, (3) transfer funds from hot wallets to a wallet controlled by the threat actor, (4) download user names and password hashes and turn off 2FA, and (5) access terminal event logs and scan for instances where customers scanned private keys at the ATM. The sensitive data in step 5 had been logged by older versions of ATM software.

Going forward, this weekend's post said, General Bytes will no longer manage CASes on behalf of customers. That means terminal holders will have to manage the servers themselves. The company is also in the process of collecting data from customers to validate all losses related to the hack, performing an internal investigation, and cooperating with authorities in an attempt to identify the threat actor. General Bytes said the company has received "multiple security audits since 2021," and that none of them detected the vulnerability exploited. The company is now in the process of seeking further help in securing its BATMs.

Security

Explosives Replace Malware As the Scariest Thing a USB Stick May Hide (arstechnica.com) 45

An anonymous reader quotes a report from Ars Technica: As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated. Upon receiving the drive, Lenin Artieda of the Ecuavisa TV station in Guayaquil inserted it into his computer, at which point it exploded. According to a police official who spoke with AFP, the journalist suffered mild hand and face injuries, and no one else was harmed.

According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US's, use RDX, which "can be used alone as a base charge for detonators or mixed with other explosives, such as TNT." Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm. On Monday, Fundamedios, an Ecuadorian nonprofit focused on media rights, put out a statement on the incidents, which saw letters accompanied by USB-stick bombs sent to two more journalists in Guayaquil and two journalists in Ecuador's capital.

Fundamedios said Alvaro Rosero, who works at the EXA FM radio station, also received an envelope with a flash drive on March 15. He gave it to a producer, who used a cable with an adapter to connect it to a computer. The radio station got lucky, though, as the flash drive didn't explode. Police determined that the drive featured explosives but believe it didn't explode because the adapter the producer used didn't have enough juice to activate it, Fundamedios said. Yet another reporter attempted to access the drive's unknown content. Milton Perez at Teleamazonas' Quito offices might have set off the USB stick's explosives if he had plugged it into the computer properly, according to Fundamedios. Police intercepted a fourth drive sent to Carlos Vera in Guayaquil and performed a "controlled detonation" on one sent to Mauricio Ayora at TC Television, also in Guayaquil, BBC reported.
It's unclear what the motive is behind the exploding drives. Ecuador Interior Minister Juana Zapata confirmed that all five cases used the same type of USB device and said the incidents send "an absolutely clear message to silence journalists," per AFP.

In a statement cited by BBC, the Ecuadorian government said, "Any attempt to intimidate journalism and freedom of expression is a loathsome action that should be punished with all the rigor of justice."
Security

New Victims Come Forward After Mass-Ransomware Attack (techcrunch.com) 13

The number of victims affected by a mass-ransomware attack, caused by a bug in a popular data transfer tool used by businesses around the world, continues to grow as another organization tells TechCrunch that it was also hacked. From the report: Canadian financing giant Investissement Quebec confirmed to TechCrunch that "some employee personal information" was recently stolen by a ransomware group that claimed to have breached dozens of other companies. Spokesperson Isabelle Fontaine said the incident occurred at Fortra, previously known as HelpSystems, which develops the vulnerable GoAnywhere file transfer tool. Hitachi Energy also confirmed this week that some of its employee data had been stolen in a similar incident involving its GoAnywhere system, but saying the incident happened at Fortra.

Over the past few days, the Russia-linked Clop gang has added several other organizations to its dark web leak site, which it uses to extort companies further by threatening to publish the stolen files unless a financial ransom demand is paid. TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However, while the number of victims of the mass-hack is widening, the known impact is murky at best. Since the attack in late January or early February -- the exact date is not known -- Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization's network that allows companies to securely transfer huge sets of data and other large files.

Technology

Amazon-owned DPReview Shutting Down (dpreview.com) 82

Photography and camera gear review site DPReview, writing in a blog post: After nearly 25 years of operation, DPReview will be closing in the near future. This difficult decision is part of the annual operating plan review that our parent company shared earlier this year. The site will remain active until April 10, and the editorial team is still working on reviews and looking forward to delivering some of our best-ever content. Everyone on our staff was a reader and fan of DPReview before working here, and we're grateful for the communities that formed around the site. Thank you for your support over the years, and we hope you'll join us in the coming weeks as we celebrate this journey.
Microsoft

Microsoft Brings OpenAI's DALL-E Image Creator To the New Bing (techcrunch.com) 28

Microsoft today announced that its new AI-enabled Bing will now allow users to generate images with Bing Chat. From a report: This new feature is powered by DALL-E, OpenAI's generative image generator. The company didn't say which version of DALL-E it is using here, except for saying that it is using the "very latest DALL-E models." Dubbed the "Bing Image Creator," this new capability is now (slowly) rolling out to users in the Bing preview and will only be available through Bing's Creative Mode. It'll come to Bing's Balanced and Precise modes in the future.

The new image generator will also be available in the Edge sidebar. The right prompts will generate the now-familiar square of four high-res DALL-E images. There's one major difference, though: there will be a small Bing logo in the bottom left corner. The early Bing AI release was missing a few guardrails, but Microsoft quickly fixed those. The company is clearly hoping to avoid these issues with this release.

Social Networks

BBC Advises Staff To Delete TikTok From Work Phones (bbc.com) 54

The BBC has advised staff to delete TikTok from corporate phones because of privacy and security fears. From a report: The BBC seems to be the first UK media organisation to issue the guidance - and only the second in the world after Denmark's public service broadcaster. The BBC said it would continue to use the platform for editorial and marketing purposes for now. [...] The big fear is that data harvested by the platform from corporate phones could be shared with the Chinese government by TikTok's parent company ByteDance, because its headquarters are in Beijing.

In an email to staff on Sunday, it said: "The decision is based on concerns raised by government authorities worldwide regarding data privacy and security. If the device is a BBC corporate device, and you do not need TikTok for business reasons, TikTok should be deleted from the BBC corporate mobile device." Staff with the app on a personal phone that they also use for work have been asked to contact the corporation's Information Security team for further discussions, while it reviews concerns around TikTok.
Dominic Ponsford, editor-in-chief of journalism industry trade publication the Press Gazette, said it would be interesting to see what other media organizations decide to do. He told the BBC: "I suspect everyone's chief technical officer will be looking at this very closely. Until now, news organizations have been very keen to use TikTok, because it's been one of the fastest-growing social media platforms for news publishers over the last year, and it's been a good source of audience and traffic. So most of the talk in the news media has been around encouraging TikTok rather than banning it."
Bug

Google Pixel Bug Lets You 'Uncrop' the Last Four Years of Screenshots (arstechnica.com) 29

An anonymous reader quotes a report from Ars Technica: Back in 2018, Pixel phones gained a built-in screenshot editor called "Markup" with the release of Android 9.0 Pie. The tool pops up whenever you take a screenshot, and tapping the app's pen icon gives you access to tools like crop and a few colored drawing pens. That's very handy assuming Google's Markup tool actually does what it says, but a new vulnerability points out the edits made by this tool weren't actually destructive! It's possible to uncrop or unredact Pixel screenshots taken during the past four years.

The bug was discovered by Simon Aarons and is dubbed "Acropalypse," or more formally CVE-2023-21036. There's a proof-of-concept app that can unredact Pixel screenshots at acropalypse.app, and it works! There's also a good technical write-up here by Aarons' collaborator, David Buchanan. The basic gist of the problem is that Google's screenshot editor overwrites the original screenshot file with your new edited screenshot, but it does not truncate or recompress that file in any way. If your edited screenshot has a smaller file size than the original -- that's very easy to do with the crop tool -- you end up with a PNG with a bunch of hidden junk data at the end of it. That junk data is made up of the end bits of your original screenshot, and it's actually possible to recover that data.
While the bug was fixed in the March 2023 security update for Pixel devices, it doesn't solve the problem, notes Ars. "There's still the matter of the last four years of Pixel screenshots that are out there and possibly full of hidden data that people didn't realize they were sharing."
IT

What's Different About These Tech Industry Layoffs? (stackoverflow.blog) 160

"According to one count, more than 280,000 people were laid off from tech jobs in 2022 and the first two months of 2023," notes a new blog post at Stack Overflow.

But then it asks the question: "What's different about these layoffs?" [T]he current economy has less in common than you might think with the wreckage of the dot-com bubble or the Great Recession. Overall, it's still a good time to work in tech, and the hiring market remains robust: One survey found that almost 80% of people laid off in tech found new roles within three months of launching their job search. There are more open tech positions than people to fill them (about 375,000, according to one estimate), and job listings between January and October 2022 were up 25% over the same period in 2021.

If the job market isn't as dire as we think, why does this round of layoffs feel so widespread, affecting companies often perceived as more recession-proof than their peers? Part of the answer may be what organizational behavior experts have termed "copycat layoffs." "Laying off employees turns out to be infectious," writes Annie Lowrey in The Atlantic. "When executives see their corporate competitors letting go of workers, they seize what they see as an opportunity to reduce their workforce, rather than having no choice but to do so...."

In many cases, workers laid off by household-name tech companies have found new jobs outside the traditional parameters of the tech industry, where their skill sets are in high demand. As Matt McLarty, global field chief technology officer for MuleSoft, told CNBC, businesses that have long needed tech professionals to upgrade their stack or guide a long-delayed cloud migration can now scoop up freshly laid-off tech workers (and those for whom Silicon Valley has lost its luster). Companies in energy and climate technology, healthcare, retail, finance, agriculture, and more are hiring tech pros at a steady clip, even if FAANG companies are less bullish. It's been said before that every company is a tech company, but in 2023, that's truer than ever. In fact, the biggest difference for tech workers this year, reports The New Stack, is that "the greatest opportunities may not lie exclusively in the FAANG companies anymore, but in more traditional industries that are upgrading their legacy stacks and embracing cloud native." Some of those opportunities also lie with startups, including ones helmed by Big Tech veterans ready to turn their layoffs into lemonade....

So whether you've been affected by the recent spate of layoffs or not, it's worth expanding your list of potential employers to include companies — even industries — you've never considered. You might find that they're thrilled to have you.

Hardware

Ask Slashdot: When Should You Call Hardware a 'SoC'? (wikipedia.org) 140

Slashdot reader Prahjister knows what a system on a chip is. But that's part of the problem: I recently started hearing the term SoC at work when referring to digital signage hardware. This has really triggered me.... It is like when I heard people refer to a PC as a CPU.

I tried to speak to my colleagues and dissuade them from using this term in this manner with no luck. Am I wrong trying to dissuade them for this?

Maybe another question would be: Are there technical malapropisms that drive you crazy? Share your own thoughts and experiences in the comments.

And when should you call hardware a 'SoC'?
IT

SVB Employees Blame Remote Work For Bank Failure (axios.com) 233

Long-time Slashdot reader BonThomme shared this article from Axios: In a story in the Financial Times out Thursday, current and former Silicon Valley Bank employees cited the bank's commitment to remote work as one reason for its failure....

The banking industry has led the return to office charge for a while, and SVB was an outlier in its commitment to something different. The company's career site touted its flexible culture. "If our time working remotely has taught us anything, it's that we can trust our employees to be productive from wherever they work," the site says. The executive team at SVB was spread out around the country, with CEO Greg Becker at times working from Hawaii, according to the FT.

Yet, SVB included remote work as a risk to its business in its 2022 annual report — in part because of the IT issues posed when employees are dispersed around the country, but also for productivity reasons.

The FDIC, which now runs the bank, told staff they could continue working remotely — except essential workers and branch employees, per Reuters.

Axios ultimately blames SVB's run 11 days ago on its panic-inciting public communications about needing to raise capital, combined with its oddly high concentration of tech clients and a portfolio of long-term U.S. treasuries as interest rates rose. "It's certainly possible that if more executives were working in closer proximity those missteps would've been avoided. But it's hard to really know." Yet they warn workplace policies could change simply because the Financial Times ran a piece blaming remote work.

"Companies looking for a reason to bring workers back to the office may find it in this piece."
Crime

Dark Web 'BreachForums' Operator Charged With Computer Crime (bloomberg.com) 16

An anonymous reader quotes a report from Bloomberg: Federal agents have arrested a Peekskill, New York, man they say ran the notorious dark web data-breach site "BreachForums" under the name "Pompompurin." Conor Brian Fitzpatrick was arrested by a team of investigators at his home around 4:30 p.m. Wednesday, an FBI agent said in a sworn statement filed in court the next day. Fitzpatrick is charged with a single count of conspiracy to commit access device fraud.

BreachForums hosted the stolen databases of almost 1,000 companies and websites. The databases often includes personal information, such as names, emails and passwords. The information is offered for sale by users of the site and can be used for fraud. Pompompurin's profile on BreachForums describes him as "Bossman" and pictures the Sanrio Co. cartoon dog whose name he used as an online alias. The profile shows Fitzpatrick's most recent visit to the site was Wednesday at 3:53 p.m., shortly before his arrest. The FBI agent, who led the other agents in the arrest, said Fitzpatrick admitted he had used the alias "Pompompurin" and was the owner and operator of BreachForums.

In November 2021, Pompompurin claimed responsibility for sending out fake emails that originated from an "fbi.gov" email address. Pompompurin claimed responsibility for the breach in an interview with Brian Krebs. Details of the charges, filed in federal court in Alexandria, Virginia, have not been made public. A spokeswoman for the US Attorney in Alexandria didn't return phone and email messages seeking comment. Fitzpatrick was presented in federal court in White Plains, New York, and released on a $300,000 unsecured bond, signed by his parents. Fitzpatrick is required to avoid any contact with co-defendant, co-conspirators and witnesses in the case. He's due to appear in court in Alexandria on March 24.

AI

AI Fools Voice Recognition Used To Verify Identity By Australian Tax Office (theguardian.com) 14

A voiceprint program used by millions of Australians to access data held by government agencies can be fooled by an AI-generated voice, reports the Guardian. From the report: Centrelink and the Australian Taxation Office (ATO) both give people the option of using a "voiceprint", along with other information, to verify their identity over the phone, allowing them to then access sensitive information from their accounts. Using just four minutes of audio, a Guardian Australia journalist was able to generate a clone of their own voice and was then able to use this, combined with their customer reference number, to gain access to their own Centrelink self-service account.

Anyone trying to use voiceprint also needs to know the account-holder's customer reference number, which is not normally publicly available, but the number is not treated as securely as a password and is included in correspondence from Centrelink and other service providers, such as childcare centers. The self-service phone system allows people to access sensitive material such as information on their payment of benefits and to request documents to be sent by mail, including replacement concession or healthcare cards.
Services Australia declined to say if the voiceprint technology would be changed or removed from Centrelink.
The Courts

Cancer Patient Sues Hospital After Ransomware Gang Leaks Her Nude Medical Photos (theregister.com) 85

An anonymous reader quotes a report from The Register: A cancer patient whose nude medical photos and records were posted online after they were stolen by a ransomware gang, has sued her healthcare provider for allowing the "preventable" and "seriously damaging" leak. The proposed class-action lawsuit stems from a February intrusion during which malware crew BlackCat (also known as ALPHV) broke into one of the Lehigh Valley Health Network (LVHN) physician's networks, stole images of patients undergoing radiation oncology treatment along with other sensitive health records belonging to more than 75,000 people, and then demanded a ransom payment to decrypt the files and prevent it from posting the health data online. The Pennsylvania health care group, one of the largest in the US state, oversees 13 hospitals, 28 health centers, and dozens of other physicians' clinics, pharmacies, rehab centers, imaging and lab services. LVHN refused to pay the ransom, and earlier this month BlackCat started leaking patient info, including images of at least two breast cancer patients, naked from the waist up.

According to the lawsuit [PDF] filed this week, here's how one of the patients, identified as "Jane Doe" found out about the data breach -- and that LVHN had stored nude images of her on its network in the first place. On March 6, LVHN VP of Compliance Mary Ann LaRock, called Doe and told her that her nude photos had been posted on the hackers' leak site. "Ms. LaRock offered plaintiff an apology, and with a chuckle, two years of credit monitoring," the court documents say. In addition to swiping the very sensitive photos, the crooks also made off with everything needed for identity fraud.

According to the lawsuit, LaRock also told Doe that her physical and email addresses, along with date of birth, social security number, health insurance provider, medical diagnosis and treatment information, and lab results were also likely stolen in the breach. "Given that LVHN is and was storing the sensitive information of plaintiff and the class, including nude photographs of plaintiff receiving sensitive cancer treatment, LVHN knew or should have known of the serious risk and harm that could occur from a data breach," the lawsuit says. It claims LVHN was negligent in its duty to safeguard patients' sensitive information, and seeks class action status for everyone whose data was exposed with monetary damages to be determined. Pennsylvania attorney Patrick Howard, who is representing Doe and the rest of the plaintiffs in the proposed class action, said he expects the number of patients affected by the breach to be in the "hundreds, if not thousands."

Social Networks

New Zealand To Ban TikTok On Devices Linked To Parliament (cnbc.com) 14

New Zealand will ban TikTok on devices with access to the parliamentary network because of cybersecurity concerns, a government official said on Friday. CNBC reports: TikTok will be banned on all devices with access to New Zealand's parliamentary network by the end of March, said Parliamentary Service Chief Executive Rafael Gonzalez-Montero. Gonzalez-Montero, in an email to Reuters, said the decision was taken after advice from cybersecurity experts and discussions within government and with other countries.

"Based on this information the Service has determined that the risks are not acceptable in the current New Zealand Parliamentary environment," he said. Special arrangements can be made for those who require the app to do their jobs, he added.

Microsoft

Microsoft Pauses Delayed Partner Ecosystem Security Update To Count Its Money (theregister.com) 3

Microsoft's delayed effort to ensure its partners don't enjoy unduly privileged access to their clients' systems will run for just nine days before pausing for a month. From a report: Partners of the Redmond-based software colossus have historically relied on "delegated admin privileges" (DAP) to manage and monitor clients' systems and software purchases. In the wake of criminal attacks on managed services providers and the software they use to tend their clients, Microsoft decided DAP privileges offered dangerously extensive access.

The company therefore created granular delegated admin privileges (GDAP). As the name implies, GDAP limits the resources and permissions partners enjoy when driving their customers' systems. It also adds zero-trust principles to further reduce the likelihood that an attack on a partner will mean pain for end customers. Partners and Microsoft customers alike were told they would need to stop using DAPs and instead move to GDAPs. So far, so sensible. But also a little controversial, because partners can create GDAP profiles in customers' Active Directory implementations -- customers don't need to give permission for the creation of GDAP profiles, but do need to sign them off. The move from DAP to GDAP has been slow. Microsoft set October 31, 2022, as the date on which it would discontinue the software that automates DAP to GDAP migrations, then moved that date to March 1, 2023. Those delays came after Redmondt's initial ambition was for DAP to die by the end of 2022.

Android

Google Warns Users To Take Action To Protect Against Remotely Exploitable Flaws in Popular Android Phones (techcrunch.com) 55

Google's security research unit is sounding the alarm on a set of vulnerabilities it found in certain Samsung chips included in dozens of Android models, wearables and vehicles, fearing the flaws could be soon discovered and exploited. From a report: Google's Project Zero head Tim Willis said the in-house security researchers found and reported 18 zero-day vulnerabilities in Exynos modems produced by Samsung over the past few months, including four top-severity flaws that could compromise affected devices "silently and remotely" over the cellular network.

"Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number," Willis said. By gaining the ability to remotely run code at a device's baseband level -- essentially the Exynos modems that convert cell signals to digital data -- an attacker would be able to gain near-unfettered access to the data flowing in and out of an affected device, including cellular calls, text messages, and cell data, without alerting the victim.
The list of affected devices includes (but is not limited to): Samsung mobile devices, including the S22, M and A series handsets; Vivo mobile devices, including those in the S16, S15, S6, X70, X60 and X30 series; Google Pixel 6 and Pixel 7 series; and connected vehicles that use the Exynos Auto T5123 chipset.
Microsoft

Microsoft Warns Russia May Plan More Ransomware Attacks Beyond Ukraine (bloomberg.com) 27

Microsoft warned an infamous hacking group that is tied to Russia's military intelligence agency GRU could be gearing up for more ransomware attacks both inside and outside of Ukraine. From a report: Microsoft calls the group Iridium, but it is perhaps best known as Sandworm. It has been accused of attacks on Ukraine's electric power grid and government agencies, the 2018 Winter Olympics and businesses across the globe. Now, it appears to be preparing for a renewed destructive campaign, the software company said in a threat intelligence report on Wednesday. Russian hackers have been accused of bombarding Ukrainian institutions with "wiper malware" and DDoS attacks, a campaign that began even before President Vladimir Putin ordered troops to invade more than a year ago. However, Ukraine's defenses have largely fended off a major cyberwar with the help of foreign tech companies including Microsoft. The ransomware attack on Polish and Ukrainian transport services in October, attributed to Sandworm, may have been "a trial balloon" for further attacks, the report said. Microsoft warned it was a potential precursor to further Russian hacks beyond Ukrainian soil.
Security

Ransomware Attacks Have Entered a Heinous New Phase (arstechnica.com) 66

Cybercriminal gangs now releasing stolen photos of cancer patients, student records. From a report: In February, attackers from the Russia-based BlackCat ransomware group hit a physician practice in Lackawanna County, Pennsylvania, that's part of the Lehigh Valley Health Network (LVHN). At the time, LVHN said that the attack "involved" a patient photo system related to radiation oncology treatment. The health care group said that BlackCat had issued a ransom demand, "but LVHN refused to pay this criminal enterprise." After a couple of weeks, BlackCat threatened to publish data stolen from the system. "Our blog is followed by a lot of world media, the case will be widely publicized and will cause significant damage to your business," BlackCat wrote on their dark-web extortion site. "Your time is running out. We are ready to unleash our full power on you!" The attackers then released three screenshots of cancer patients receiving radiation treatment and seven documents that included patient information.

The medical photos are graphic and intimate, depicting patients' naked breasts in various angles and positions. And while hospitals and health care facilities have long been a favorite target of ransomware gangs, researchers say the situation at LVHN may indicate a shift in attackers' desperation and willingness to go to ruthless extremes as ransomware targets increasingly refuse to pay. "As fewer victims pay the ransom, ransomware actors are getting more aggressive in their extortion techniques," says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware. "I think we'll see more of that. It follows closely patterns in kidnapping cases, where when victims' families refused to pay, the kidnappers might send an ear or other body part of the victim." Researchers say that another example of these brutal escalations came on Tuesday when the emerging ransomware gang Medusa published sample data stolen from Minneapolis Public Schools in a February attack that came with a $1 million ransom demand. The leaked screenshots include scans of handwritten notes that describe allegations of a sexual assault and the names of a male student and two female students involved in the incident.

Security

India Plans New Security Testing For Smartphones, Crackdown on Pre-Installed Apps (reuters.com) 21

India plans to force smartphone makers to allow removal of pre-installed apps and mandate screening of major operating system updates under proposed new security rules, according to two people and a government document seen by Reuters. From a report: The new rules, details of which have not been previously reported, could extend launch timelines in the world's No.2 smartphone market and lead to losses in business from pre-installed apps for players including Samsung, Xiaomi, Vivo, and Apple. India's IT ministry is considering these new rules amid concerns about spying and abuse of user data, said a senior government official, one of the two people, declining to be named as the information is not yet public. "Pre-installed apps can be a weak security point and we want to ensure no foreign nations, including China, are exploiting it. It's a matter of national security," the official added. India has ramped up scrutiny of Chinese businesses since a 2020 border clash between the neighbours, banning more than 300 Chinese apps, including TikTok. It has also intensified scrutiny of investments by Chinese firms.
Security

DeFi Lender Euler Finance Hit By $197 Million Hack, Experts Say (bloomberg.com) 13

Decentralized lending protocol Euler Finance was hit by an attack that drained $197 million in cryptocurrencies from its platform on Monday, making it the largest hack in its corner of the digital-assets market this year. From a report: The bulk of the hacker's loot -- worth roughly $135 million -- was denominated in staked Ether tokens (stETH), while the remainder was held in wrapped Bitcoin and stablecoins DAI and USDC, according to security firm BlockSec. Some of the proceeds from the attack are already being laundered through Tornado Cash, a US-sanctioned platform which enables users to obfuscate their transaction history, security companies PeckShield Inc and Elliptic said.

The incident on Monday morning in London has almost wiped out Euler's on-chain value, leaving only around $9.7 million locked on the platform, data from DeFiLlama show. Euler Finance allows users to lend and borrow large amounts of cryptoassets through an automated service that does not require human intervention. The protocol's EUL token fell more than 50% to a low of $2.88 after the attack was disclosed, according to pricing data from CoinGecko. Details of the hack weren't immediately provided by the platform's developer Euler Labs.

Slashdot Top Deals