Businesses

Amazon Defends Decision to Require Employees in the Office 3 Days a Week (geekwire.com) 173

The Washington Post reports that Amazon has over 1 million workers worldwide — and they want most of them to be back in the office at least three days a week: In a note to employees, chief executive Andy Jassy said that the length of the pandemic had given senior managers time to observe what workplace models work best. They concluded that being in person most of the time had distinct benefits, allowing employees to more easily share ideas, collaborate, train new hires and connect. "Invention is often sloppy. It wanders and meanders and marinates," Jassy wrote. "Serendipitous interactions help it, and there are more of those in-person than virtually."

Amazon is just the latest major company to adopt some version of a return-to-work policy that requires workers to show up at the office for a certain number of days. Walt Disney Co. recently told its staffers to appear in the office four days a week. The Washington Post requires workers based in D.C. to report to headquarters three days a week....

Earlier this month, data tracked by Kastle Systems said 50 percent of workers were now back at their desks — and some experts think that's as high as it will go.

GeekWire notes that Apple has already asked employees to come in three days a week, something Google also expects from most of its staff. GeekWire's article adds that local business organizations applauded Amazon's move, with the Bellevue Chamber, calling it "extraordinary news for the health and vitality in downtown." And the site also reports the various reasons Amazon's senior executives gave for favoring employees-in-the-office at least three days a week: "It's easier to learn, model, practice, and strengthen our culture when we're in the office together most of the time and surrounded by our colleagues."

"Collaborating and inventing is easier and more effective when we're in person. The energy and riffing on one another's ideas happen more freely."

"Learning from one another is easier in-person. Being able to walk a few feet to somebody's space and ask them how to do something or how they've handled a particular situation is much easier than Chiming or Slacking them."

"Teams tend to be better connected to one another when they see each other in person more frequently."

That thinking doubles down on a mindset that Jassy expressed before he took over as CEO in 2021 from Amazon founder Jeff Bezos. Jassy said in March 2021 that "invention" is hard to do virtually compared to people brainstorming together in person. "You just don't riff the same way," he said at the time, "so it's really changed the way that we've had to think about how we drive innovation, and how we solicit information from our builders and the types of meetings that we run."

Jassy said there will be a small minority of exceptions to the new return-to-office requirement and that Amazon plans to implement the change effective May 1.

The move takes effect May 1st.
Security

Atlassian and Envoy Briefly Blame Each Other For Data Breach (techcrunch.com) 6

An anonymous reader quotes a report from TechCrunch: Australian software giant Atlassian and Envoy, a startup that provides workplace management services, were at loggerheads on Thursday over a data breach that exposed the data of thousands of Atlassian employees. As first reported by Cyberscoop, a hacking group known as SiegedSec leaked data on Telegram this week that it claimed to have stolen from Atlassian. This data includes the names, email addresses, work departments and phone numbers of approximately 13,200 Atlassian employees, along with floor plans of Atlassian offices located in San Francisco and Sydney, Australia.

Atlassian was quick to point the finger of blame for the breach at Envoy, which the Sydney-headquartered company uses to organize its office spaces. "On February 15, 2023, we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published," Atlassian spokesperson Megan Sutton said in a statement shared with TechCrunch. "Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk." Envoy, however, was just as quick to rebuff Atlassian's claims. Envoy spokesperson April Marks told TechCrunch that the startup is "not aware of any compromise to our systems," adding that initial research had shown that "a hacker gained access to an Atlassian employee's valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy's app."

Soon after the startup's denial, Atlassian changed its stance to align more closely with Envoy. Atlassian's Sutton told TechCrunch that the company's internal investigation since revealed that attackers had actually compromised Atlassian data from the Envoy app "using an Atlassian employee's credentials that had been mistakenly posted in a public repository by the employee." "As such, the hacking group had access to data visible via the employee account which included the published office floor plans and public Envoy profiles of other Atlassian employees and contractors," Sutton added. "The compromised employee's account was promptly disabled eliminating any further threat to Atlassian's Envoy data. Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk."
In a statement to TechCrunch, Envoy's Marks ruled out a breach on its end: "We found evidence in the logs of requests that confirms the hackers obtained valid user credentials from an Atlassian employee account and used that access to download the affected data from Envoy's app."
Security

GoDaddy Says Hackers Stole Source Code, Installed Malware in Multi-Year Breach (bleepingcomputer.com) 23

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack. From a report: While GoDaddy discovered the security breach in early December 2022 following customer reports that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years. "Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the hosting firm said in an SEC filing. The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign. The November 2021 incident led to a data breach affecting 1.2 million Managed WordPress customers after attackers breached GoDaddy's WordPress hosting environment using a compromised password. They gained access to the email addresses of all impacted customers, their WordPress Admin passwords, sFTP and database credentials, and SSL private keys of a subset of active clients.
IT

Disney's Top Asian Video Streaming Service Suffered Outage Due To Apparent Domain Renewal Miss (techcrunch.com) 10

Disney+ Hotstar is suffered an outage for some users in India in the middle of a popular cricket match on Friday, drawing flak from customers at a time when the Disney crown jewel is already facing several setbacks in the South Asian market. From a report: It's unclear what prompted the glitch, which Hotstar acknowledged as "unforeseen technical issues" across its apps and web. Domain registrar records show that Hotstar renewed the domain name, Hotstar.com, on February 17. If Disney had briefly lost the ownership of the domain, it would take some time for the new change to reflect to all users.
Security

Researchers Unearth Windows Backdoor That's Unusually Stealthy (arstechnica.com) 33

Researchers have discovered a clever piece of malware that stealthily exfiltrates data and executes malicious code from Windows systems by abusing a feature in Microsoft Internet Information Services (IIS). From a report: IIS is a general-purpose web server that runs on Windows devices. As a web server, it accepts requests from remote clients and returns the appropriate response. In July 2021, network intelligence company Netcraft said there were 51.6 million instances of IIS spread across 13.5 million unique domains. IIS offers a feature called Failed Request Event Buffering that collects metrics and other data about web requests received from remote clients. Client IP addresses and port and HTTP headers with cookies are two examples of the data that can be collected. FREB helps administrators troubleshoot failed web requests by retrieving ones meeting certain criteria from a buffer and writing them to disk. The mechanism can help determine the cause of 401 or 404 errors or isolate the cause of stalled or aborted requests.

Criminal hackers have figured out how to abuse this FREB feature to smuggle and execute malicious code into protected regions of an already compromised network. The hackers can also use FREB to exfiltrate data from the same protected regions. Because the technique blends in with legitimate eeb requests, it provides a stealthy way to further burrow into the compromised network. The post-exploit malware that makes this possible has been dubbed Frebniis by researchers from Symantec, who reported on its use on Thursday. Frebniis first ensures FREB is enabled and then hijacks its execution by injecting malicious code into the IIS process memory and causing it to run. Once the code is in place, Frebniis can inspect all HTTP requests received by the IIS server.

Microsoft

Microsoft Outlines Official Support For Windows 11 on Mac with Apple Silicon (windowscentral.com) 53

Microsoft has outlined how users running Apple Silicon-based Macs can utilize Windows 11 in a new support document published today. The document explains how users running Mac devices with either M1 or M2 chips can use Windows 11, either via the cloud or using a local virtualization such as Parallels Desktop. From a report: Unfortunately, the document makes no mention of installing Windows 11 natively on Apple Silicon hardware. Apple's legacy Bootcamp application, which previously allowed Mac users to install Windows into its own bootable partition on a Mac, was removed when Apple transitioned to ARM processors. As of now, Microsoft points to Windows 365 as a potential solution for running Windows 11 on a Mac, using its enterprise service to stream a Windows 11 PC from the cloud. [...] For those users, Microsoft also mentions Parallels Desktop as a viable alternative. Version 18 of Parallels Desktop is now officially authorized to run Windows 11 on ARM on a Mac with M1 or M2 processors. This is the only way to officially run Windows 11 on ARM locally on a Mac with Apple Silicon.
Businesses

Inside Meta's Push To Solve the Noisy Office (wsj.com) 85

Coming to the campuses of Facebook parent Meta Platforms is a contraption that can block sound, shield workers from their peers and allow for heads-down, uninterrupted work. It's a cubicle. From a report: That is, a noise-canceling cubicle designed using some of the same principles found in soundproof, echo-free anechoic chambers. "The Cube," which the company is beginning to roll out to offices worldwide after months of development, absorbs sound from multiple directions, says John Tenanes, vice president of global real estate and facilities at Meta. "It's like a self-cocoon."

Meta's experiment comes as workplaces are in the midst of a shake-up. Like many other employers, Meta realized early in the pandemic that its open-plan arrangements would need to shift to accommodate a new hybrid era of work. In 2021, it asked 10 groups of architects, design firms and furniture manufacturers-- including MillerKnoll's Herman Miller, KI and others -- to build a new office set-up. They were given guiding principles to follow and eight weeks to do it. [...] The Cube began to take shape, in part, after one of Meta's furniture vendors brought in an early prototype of a movable screen. Engineers quickly gravitated to it, grabbing one or two at a time to essentially barricade themselves at their desks, Dr. Nagy says. Meta and its vendors refined the Cube, and its popularity became even more apparent during testing when workers began personalizing the spaces to effectively reserve them.

Security

Ransomware Gang Uses New Zero-Day To Steal Data On 1 Million Patients (techcrunch.com) 18

Community Health Systems (CHS), one of the largest healthcare providers in the United States with close to 80 hospitals in 16 states, confirmed this week that criminal hackers accessed the personal and protected health information of up to 1 million patients. TechCrunch reports: The Tennessee-based healthcare giant said in a filing with government regulators that the data breach stems from its use of a popular file-transfer software called GoAnywhere MFT, developed by Fortra (previously known as HelpSystems), which is deployed by large businesses to share and send large sets of data securely. Community Health Systems said that Fortra recently notified it of a security incident that resulted in the unauthorized disclosure of patient data. "As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company's affiliates were exposed by Fortra's attacker," according to the filing by Community Health Systems, which was first spotted by DataBreaches.net. The healthcare giant added that it would offer identity theft protection services and notify all affected individuals whose information was exposed, but said there had been no material interruption to its delivery of patient care.

CHS hasn't said what types of data were exposed and a spokesperson has not yet responded to TechCrunch's questions. This is CHS' second-known breach of patient data in recent years. The Russia-linked ransomware gang Clop has reportedly taken responsibility for exploiting the new zero-day in a new hacking campaign and claims to have already breached over a hundred organizations that use Fortra's file-transfer technology -- including CHS. While CHS has been quick to come forward as a victim, Clop's claim suggests there could be dozens more affected organizations out there -- and if you're one of the thousands of GoAnywhere users, your company could be among them. Thankfully, security experts have shared a bunch of information about the zero-day and what you can do to protect against it.
Security researcher Brian Krebs first flagged the zero-day vulnerability in Fortra's GoAnywhere software on February 2.

"A zero-day remote code injection exploit was identified in GoAnywhere MFT," Fortra said in its hidden advisory. "The attack vector of this exploit requires access to the administrative console of the application, which in most cases is accessible only from within a private company network, through VPN, or by allow-listed IP addresses (when running in cloud environments, such as Azure or AWS)."
Security

City of Oakland Declares State of Emergency After Ransomware Attack (bleepingcomputer.com) 20

An anonymous reader quotes a report from BleepingComputer: Oakland has declared a local state of emergency because of the impact of a ransomware attack that forced the City to take all its IT systems offline on February 8th. Interim City Administrator G. Harold Duffey declared (PDF) a state of emergency to allow the City of Oakland to expedite orders, materials and equipment procurement, and activate emergency workers when needed. "Today, Interim City Administrator, G. Harold Duffey issued a local state of emergency due to the ongoing impacts of the network outages resulting from the ransomware attack that began on Wednesday, February 8," a statement issued today reads. The incident did not affect core services, with the 911 dispatch and fire and emergency resources all working as expected.

While last week's ransomware attack only impacted non-emergency services, many systems taken down immediately after the incident to contain the threat are still offline. The ransomware group behind the attack is currently unknown, and the City is yet to share any details regarding ransom demands or data theft from compromised systems. "The City's IT Department is working with a leading forensics firm to perform an extensive incident response and analysis, as well as with additional cybersecurity and technology firms on recovery and remediation efforts," the statement said. "This continues to be an ongoing investigation with multiple local, state, and federal agencies involved."

Security

Latest Attack on PyPI Users Shows Crooks Are Only Getting Better 21

More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of software developers using this form of attack isn't a passing fad. From a report: All 451 packages found recently by security firm Phylum contained almost identical malicious payloads and were uploaded in bursts that came in quick succession. Once installed, the packages create a malicious JavaScript extension that loads each time a browser is opened on the infected device, a trick that gives the malware persistence over reboots. The JavaScript monitors the infected developer's clipboard for any cryptocurrency addresses that may be copied to it. When an address is found, the malware replaces it with an address belonging to the attacker. The objective: intercept payments the developer intended to make to a different party.
IT

Lufthansa Says IT System Issues Are Grounding All Its Flights (bloomberg.com) 53

Deutsche Lufthansa has grounded all of its flights because of company computer issues. From a report: A Lufthansa spokesman said Wednesday the company is urgently investigating the matter. It wasn't immediately clear whether Lufthansa flights that were already airborne were instructed to land. Lufthansa's stable of airlines includes its namesake brand and the national flag-carriers Austrian Airlines, Brussels Airlines and Swiss. The company also operates low-cost carrier Eurowings as well as other smaller airlines. In total, the group operates around 700 aircraft, making it Europe's largest airline by fleet size.
Security

Viral TikTok Challenge Forces Hyundai and Kia To Update Software On Millions of Vehicles (theverge.com) 84

An anonymous reader quotes a report from The Verge: Hyundai and Kia are offering free software updates for millions of their cars in response to a rash of car thefts inspired by a viral social media challenge on TikTok. The so-called "Kia Challenge" on the social media platform has led to hundreds of car thefts nationwide, including at least 14 reported crashes and eight fatalities, according to the National Highway Traffic Safety Administration. Thieves known as "the Kia Boyz" would post instructional videos about how to bypass the vehicles' security system using tools as simple as a USB cable.

The thefts are reportedly easy to pull off because many 2015-2019 Hyundai and Kia vehicles lack electronic immobilizers that prevent thieves from simply breaking in and bypassing the ignition. The feature is standard equipment on nearly all vehicles from the same period made by other manufacturers. Hyundai and its subsidiary Kia are offering to update the "theft alarm software logic" to extend the length of the alarm sound from 30 seconds to one minute. The vehicles will also be updated to require a key in the ignition switch to turn the vehicle on. The software upgrade modifies certain vehicle control modules on Hyundai vehicles equipped with standard "turn-key-to-start" ignition systems. As a result, locking the doors with the key fob will set the factory alarm and activate an "ignition kill" feature so the vehicles cannot be started when subjected to the popularized theft mode. Customers must use the key fob to unlock their vehicles to deactivate the "ignition kill" feature.

There hasn't been a nationwide accounting of how many Hyundai and Kia vehicles have been stolen, but stats from individual cities provide some sense of how viral the trend has become. In Milwaukee, for example, police report that 469 Kias and 426 Hyundais were stolen in 2020. Those numbers spiked the following year to 3,557 Kias and 3,406 Hyundais, according to NPR. Approximately 3.8 million Hyundais and 4.5 million Kias are eligible for the software update free of charge, for a total of 8.3 million cars. Vehicle owners are instructed to take their cars to a local dealership, where technicians will install the upgrades in less than an hour. The upgraded vehicles will also get a window decal indicating they've been equipped with anti-theft technology.

IT

Arkansas Proposes Requiring ID To Watch Porn Online (vice.com) 210

A new bill advancing through the Arkansas legislature aims to make it harder for people to access porn sites. From a report: Senate Bill 66, the Protection of Minors from Distribution of Harmful Material Act, would require anyone in Arkansas to provide a "digitized identification card" before viewing a site that contains more than 33.33 percent of "harmful material." That arbitrarily-defined number, and the language of the bill itself, is a copycat of a recently-enacted law in Louisiana that blocks people from seeing porn if they don't hand over official identification. SB66 was filed in the Arkansas Senate in January, and passed to the House on February 1.
Businesses

Microsoft Ditches Yammer Brand and Goes All-in on Viva Engage (techcrunch.com) 28

Microsoft has confirmed that it's finally killing off Yammer, the enterprise social network it procured more than a decade ago for $1.2 billion. From a report: Yammer was initially created out of San Francisco back in 2008, with cofounder David Sacks formally launching the startup at a TechCrunch startup event. The company went on to raise north of $140 million in funding before Microsoft swooped in with its billion-dollar bid four years after its launch. In many ways, it's surprising that the Yammer brand has lasted this long.

Despite Microsoft's best efforts to bring Yammer to the masses by integrating it into its core Office suite of products, Microsoft has set about developing tangential communication tools such as Microsoft Teams, which the company integrated with Yammer in 2019. And then two years ago, Microsoft launched Viva, pitched as an "employee experience platform" that was something akin to the corporate intranet of yore. In the intervening months, Microsoft has been turbo-charging Viva, and last year it launched Viva Engage, which it said at the time was an "evolution of the Yammer Communities app."

Cloud

Arlo's Security Cameras Will Keep Free Cloud Storage For Existing Customers After All (theverge.com) 21

Security camera company Arlo is reversing course on its controversial decision to apply a retroactive end-of-life policy to many of its popular home security cameras. The Verge reports: On Friday, Arlo CEO Matthew McRae posted a thread on Twitter, announcing that the company will not remove free storage of videos for existing customers and that it is extending the EOL dates for older cameras a further year to 2025. He also committed to sending security updates to these cameras until 2026. The end-of-life policy was due to go into effect January 1st, 2023, and removed a big selling point -- seven-day free cloud storage -- for many Arlo cams. McRae now says all users with the seven-day storage service will "continue to receive that service uninterrupted." But he did note that "any future migrations will be handled in a seamless manner," indicating there are changes coming still.

The thread did not provide details on specific models other than using the Arlo Pro 2 as an example of a camera that will now EOL in 2025 instead of 2024, as previously announced, with security updates continuing until 2026. There was also no update on the plans to remove other features, such as email notifications and E911 emergency calling, or whether "legacy video storage" will remain. The EOL policy applied to the following devices: Arlo Gen 3, Arlo Pro, Arlo Baby, Arlo Pro 2, Arlo Q, Arlo Q Plus, Arlo Lights, and Arlo Audio Doorbell.

Security

NameCheap's Email Hacked To Send Metamask, DHL Phishing Emails (bleepingcomputer.com) 11

An anonymous reader quotes a report from BleepingComputer: Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets. The phishing campaigns started around 4:30 PM ET and originated from SendGrid, an email platform used historically by Namecheap to send renewal notices and marketing emails. After recipients began complaining on Twitter, Namecheap CEO Richard Kirkendall confirmed that the account was compromised and that they disabled email through SendGrid while they investigated the issue.

Namecheap published a statement Sunday night stating that their systems were not breached but rather it was an issue at an upstream system that they use for email. "We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorized emails might have been received by you," reads a statement issued by Namecheap. "We would like to assure you that Namecheap's own systems were not breached, and your products, accounts, and personal information remain secure." After the phishing incident, Namecheap says they stopped all emails, including two-factor authentication code delivery, trusted devices' verification, and password reset emails, and began investigating the attack with their upstream provider. Services were restored later that night at 7:08 PM EST.

While Namecheap did not state the name of this upstream system, the CEO of Namecheap previously tweeted that they were using SendGrid, which is also confirmed in the phishing emails' mail headers. However, Twilio SendGrid told BleepingComputer that Namecheap's incident was not the result of a hack or compromise of the email service provider's systems, adding more confusion as to what happened: "Twilio SendGrid takes fraud and abuse very seriously and invests heavily in technology and people focused on combating fraudulent and illegal communications. We are aware of the situation regarding the use of our platform to launch phishing email and our fraud, compliance and cyber security teams are engaged in the matter. This situation is not the result of a hack or compromise of Twilio's network. We encourage all end users and entities to take a multi-pronged approach to combat phishing attacks, deploying security precautions such as two factor authentication, IP access management, and using domain-based messaging. We are still investigating the situation and have no additional information to provide at this time."

Encryption

Will Quantum Computing Bring a Cryptopocalypse? (securityweek.com) 71

"The waiting time for general purpose quantum computers is getting shorter, but they are still probably decades away," notes Security Week.

But "The arrival of cryptanalytically-relevant quantum computers that will herald the cryptopocalypse will be much sooner — possibly less than a decade." It is important to note that all PKI-encrypted data that has already been harvested by adversaries is already lost. We can do nothing about the past; we can only attempt to protect the future.... [T]his is not a threat for the future — the threat exists today. Adversaries are known to be stealing and storing encrypted data with the knowledge that within a few years they will be able to access the raw data. This is known as the 'harvest now, decrypt later' threat. Intellectual property and commercial plans — not to mention military secrets — will still be valuable to adversaries when the cryptopocalypse happens.

The one thing we can say with certainty is that it definitely won't happen in 2023 — probably. That probably comes from not knowing for certain what stage in the journey to quantum computing has been achieved by foreign nations or their intelligence agencies — and they're not likely to tell us. Nevertheless, it is assumed that nobody yet has a quantum computer powerful enough to run Shor's algorithm and crack PKI encryption in a meaningful timeframe. It is likely that such computers may become available as soon as three to five years. Most predictions suggest ten years.

Note that a specialized quantum computer designed specifically for Shor does not need to be as powerful as a general-purpose quantum computer — which is more likely to be 20 to 30 years away.... "Quantum computing is not, yet, to the point of rendering conventional encryption useless, at least that we know of, but it is heading that way," comments Mike Parkin, senior technical engineer at Vulcan Cyber. Skip Sanzeri, co-founder and COO at QuSecure, warns that the threat to current encryption is not limited to quantum decryption. "New approaches are being developed promising the same post-quantum cybersecurity threats as a cryptographically relevant quantum computer, only much sooner," he said. "It is also believed that quantum advancements don't have to directly decrypt today's encryption. If they weaken it by suggesting or probabilistically finding some better seeds for a classical algorithm (like the sieve) and make that more efficient, that can result in a successful attack. And it's no stretch to predict, speaking of predictions, that people are going to find ways to hack our encryption that we don't even know about yet."

Steve Weston, co-founder and CTO at Incrypteon, offers a possible illustration. "Where is the threat in 2023 and beyond?" he asks. "Is it the threat from quantum computers, or is the bigger threat from AI? An analysis of cryptoanalysis and code breaking over the last 40 years shows how AI is used now, and will be more so in the future."

The article warns that "the coming cryptopocalypse requires organizations to transition from known quantum-vulnerable encryption (such as current PKI standards) to something that is at least quantum safe if not quantum secure." (The chief revenue officer at Quintessence Labs tells the site that symmetric encryption like AES-256 "is theorized to be quantum safe, but one can speculate that key sizes will soon double.")

"The only quantum secure cryptography known is the one-time pad."

Thanks to Slashdot reader wiredmikey for sharing the article.
Security

Reddit Says Hackers Accessed Employee Data Following Phishing Attack (techcrunch.com) 17

Reddit has confirmed hackers accessed internal documents and source code following a "highly-targeted" phishing attack. From a report: A post by Reddit CTO Christopher Slowe, or KeyserSosa, explained that the company became aware of the "sophisticated" attack targeting Reddit employees on February 5. He says that an as-yet-unidentified attacker sent "plausible-sounding prompts," which redirected employees to a website masquerading as Reddit's intranet portal in an attempt to steal credentials and two-factor authentication tokens.

Slowe said that "similar phishing attempts" have been reported recently, without naming specific examples, but likened the breach to the recent Riot Games hack, which saw attackers use social engineering tactics to access source code for the company's legacy anti-cheat system. Reddit said that hackers successfully obtained an employee's credentials, allowing them to gain access to internal documents and source code, as well as some internal dashboards and business systems. Slowe said the company learned of the breach after the phished employee self-reported the incident to Reddit's security team. Reddit quickly cut off the infiltrators' access and began an internal investigation.

Government

Larry Magid: Utah Bill Threatens Internet Security For Everyone (mercurynews.com) 89

"Wherever you live, you should be paying attention to Utah Senate Bill 152 and the somewhat similar House Bill 311," writes tech journalist and long-time child safety advocate Larry Magid in an op-ed via the Mercury News. "Even though it's legislation for a single state, it could set a dangerous precedent and make it harder to pass and enforce sensible federal legislation that truly would protect children and other users of connected technology." From the report: SB 152 would require parents to provide their government-issued ID and physical address in order for their child or teenager to access social media. But even if you like those provisions, this bill would require everyone -- including adults -- to submit government-issued ID to sign up for a social media account, including not just sites like Facebook, Instagram, Snapchat and TikTok, but also video sharing sites like YouTube, which is commonly used by schools. The bill even bans minors from being online between 10:30 p.m. and 6:30 a.m., empowering the government to usurp the rights of parents to supervise and manage teens' screen time. Should it be illegal for teens to get up early to finish their homework (often requiring access to YouTube or other social media) or perhaps access information that would help them do early morning chores? Parents -- not the state -- should be making and enforcing their family's schedule.

I oppose these bills from my perch as a long-time child safety advocate (I wrote "Child Safety on the Information Highway" in 1994 for the National Center for Missing & Exploited Children and am currently CEO of ConnectSafely.org). However well-intentioned, they could increase risk and deny basic rights to children and adults. SB 152 would require companies to keep a "record of any submissions provided under the requirements," which means there would not only be databases of all social media users, but also of users under 18, which could be hacked by criminals or foreign governments seeking information on Utah children and adults. And, in case you think that's impossible, there was a breach in 2006 of a database of children that was mandated by the State of Utah to protect them from sites that displayed or promoted pornography, alcohol, tobacco and gambling. No one expects a data breach, but they happen on a regular basis. There is also the issue of privacy. Social media is both media and speech, and some social media are frequented by people who might not want employers, family members, law enforcement or the government to know what information they're consuming. Whatever their interests, people should have the right to at least anonymously consume information or express their opinions. This should apply to everyone, regardless of who they are, what they believe or what they're interested in. [...]

It's important to always look at the potential unintended consequences of legislation. I'm sure the lawmakers in Utah who are backing this bill have the best interests of children in mind. But this wouldn't be the first law designed to protect children that actually puts them at risk or violates adult rights in the name of child protection. I applaud any policymaker who wants to find ways to protect kids and hold technology companies accountable for doing their part to protect privacy and security as well as employing best-practices when it comes to the mental health and well being of children. But the legislation, whether coming from Utah, another state or Washington, D.C., must be sensible, workable, constitutional and balanced, so it at the very least, does more good than harm.

Crime

US, UK Sanction 7 Men Tied To Trickbot Hacking Group (krebsonsecurity.com) 5

An anonymous reader quotes a report from KrebsOnSecurity: Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating "Trickbot," a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into "a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks," the Treasury Department said.

"During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States," the sanctions notice continued. "In one of these attacks, the Trickbot Group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances. Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group."

Only one of the men sanctioned today is known to have been criminally charged in connection with hacking activity. According to the Treasury Department, the alleged senior leader of the Trickbot group is 34-year-old Russian national Vitaly "Bentley" Kovalev. A New Jersey grand jury indicted Kovalev in 2012 after an investigation by the U.S. Secret Service determined that he ran a massive "money mule" scheme, which used phony job offers to trick people into laundering money stolen from hacked small to mid-sized businesses in the United States. The 2012 indictment against Kovalev relates to cybercrimes he allegedly perpetrated prior to the creation of Trickbot.
A copy of the now-unsealed 2012 indictment of Kovalev is here (PDF).

Slashdot Top Deals