Netflix has unveiled its plans to prevent password sharing between people in households outside of an account owner's primary location. From a report: As reported by gHacks, the streaming service has detailed how it aims to crackdown on account sharing in an updated FAQ. The information varies between countries, but it looks like the company will be paying careful attention to the devices used to log in to accounts from now on. The FAQ pages for US and UK subscribers currently highlight that devices may require verification if they are not associated with the Netflix household or if they attempt to access an account outside the subscriber's primary location for an extended period of time.

The FAQ pages for countries where Netflix is testing extra membership fees for account sharing have tweaked the rules. The Costa Rican Help Center states that devices must connect to the Wi-Fi at the primary location and watch something on Netflix "at least once every 31 days." The company will use information "such as IP addresses, device IDs, and account activity" to determine whether a device signed into an account is connected to the primary location. A device may be blocked from watching Netflix if it's deemed to fall outside of the household. As further set out in the guidelines, if you are the primary account owner and you find yourself travelling between locations, you can request a temporary code to access Netflix for seven consecutive days. Alternatively, you can update your primary location if it has changed.

Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them. The Register reports: The device isolation capability is in public preview and mirrors what the product already does for Windows systems. "Some attack scenarios may require you to isolate a device from the network," Microsoft wrote in a blog post. "This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature." Intruders won't be able to connect to the device or run operations like assuming unauthorized control of the system or stealing sensitive data, Microsoft claims.

According to the vendor, when the device is isolated, it is limited in the processes and web destinations that are allowed. That means if they're behind a full VPN tunnel, they won't be able to reach Microsoft's Defender for Endpoint cloud services. Microsoft recommends that enterprises use a split-tunneling VPN for cloud-based traffic for both Defender for Endpoint and Defender Antivirus. Once the situation that caused the isolation is cleared up, organizations will be able to reconnect the device to the network. Isolating the system is done via APIs. Users can get to the device page of the Linux systems through the Microsoft 365 Defender portal, where they will see an "Isolate Device" tab in the upper right among other response actions. Microsoft has outlined the APIs for both isolating the device and releasing it from lock down.

Google's cell network provider Google Fi has confirmed a data breach, likely related to the recent security incident at T-Mobile, which allowed hackers to steal millions of customers' information. From a report: In an email sent to customers on Monday, obtained by TechCrunch, Google said that the primary network provider for Google Fi recently informed the company that there had been suspicious activity relating to a third party support system containing a "limited amount" of Google Fi customer data.

The timing of the notice -- and the fact that Google Fi uses a combination of T-Mobile and U.S. Cellular for network connectivity -- suggests the breach is linked to the most recent T-Mobile hack. This breach, disclosed on January 19, allowed intruders access to a trove of personal data belonging to 37 million customers, including billing addresses, dates of birth and T-Mobile account details. The incident marked the eighth time T-Mobile has been hacked since 2018. In the case of the Google Fi's breach, Google says the hackers accessed limited customer information, including phone numbers, account status, SIM card serial numbers, and information related to details about customers' mobile service plan, such as whether they have selected unlimited SMS or international roaming.

Shipments of personal computers and mobile phones are expected to fall for the second straight year in 2023, with phone shipments slumping to a decade low, IT research firm Gartner said on Tuesday. From a report: Mobile phone shipments are projected to fall 4% to 1.34 billion units in 2023, down from 1.40 billion units in 2022, Gartner said. They totaled 1.43 billion in 2021. That was close to the 2009 shipments level when Blackberry and Nokia phones were the market leaders as Apple tried to dent their dominance.

The mobile phone market peaked in 2015 when shipments touched 1.9 billion units. The pandemic led to a fundamental change where people working from home didn't feel the need to change phones frequently, Ranjit Atwal, research director at Gartner, said in an interview.

Hot Hardware reports: When it comes to mechanical hard disk drive (HDDs), you'd be very hard pressed to find any data on failure rates reported by any of the major players, such as Western Digital, Seagate, and the rest. Fortunately for us stat nerds and anyone else who is curious, the folks at cloud backup firm Backblaze frequently issue reliability reports that give insight into the how often various models and capacities give up the ghost. At a glance, Backblaze's latest report highlights that bigger capacity drives -- 12TB, 14TB, and 16TB -- fail less often than smaller capacity models. A closer examination, however, reveals that it's not so cut and dry.

[...] In a nutshell, Backblaze noted an overall rise in the annual failure rates (AFRs) for 2022. The cumulative AFR of all drives deployed rose to 1.37 percent, up from 1.01 percent in 2021. By the end of 2022, Backblaze had 236,608 HDDs in service, including 231,309 data drives and 4,299 boot drives. Its latest report focuses on the data drives. [...] Bigger drives are more reliable than smaller drives, case close, right? Not so fast. There's an important caveat to this data -- while the smaller drives failed more often last year, they are also older, as can be seen in the graph above. "The aging of our fleet of hard drives does appear to be the most logical reason for the increased AFR in 2022. We could dig in further, but that is probably moot at this point. You see, we spent 2022 building out our presence in two new data centers, the Nautilus facility in Stockton, California and the CoreSite facility in Reston, Virginia. In 2023, our focus is expected to be on replacing our older drives with 16TB and larger hard drives," Backblaze says.

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. From a report: Code-signing certificates place a cryptographic stamp on code to verify it was developed by the listed organization, which in this case is GitHub. If decrypted, the certificates could allow an attacker to sign unofficial versions of the apps that had been maliciously tampered with and pass them off as legitimate updates from GitHub. Current versions of Desktop and Atom are unaffected by the credential theft.

"A set of encrypted code signing certificates were exfiltrated; however, the certificates were password-protected and we have no evidence of malicious use," the company wrote in an advisory. "As a preventative measure, we will revoke the exposed certificates used for the GitHub Desktop and Atom applications." The revocations, which will be effective on Thursday, will cause certain versions of the apps to stop working.

An anonymous reader quotes a report from TechCrunch: A bug in a new centralized system that Meta created for users to manage their logins for Facebook and Instagram could have allowed malicious hackers to switch off an account's two-factor protections just by knowing their phone number. Gtm Manoz, a security researcher from Nepal, realized that Meta did not set up a limit of attempts when a user entered the two-factor code used to log into their accounts on the new Meta Accounts Center, which helps users link all their Meta accounts, such as Facebook and Instagram.

With a victim's phone number, an attacker would go to the centralized accounts center, enter the phone number of the victim, link that number to their own Facebook account, and then brute force the two-factor SMS code. This was the key step, because there was no upper limit to the amount of attempts someone could make. Once the attacker got the code right, the victim's phone number became linked to the attacker's Facebook account. A successful attack would still result in Meta sending a message to the victim, saying their two-factor was disabled as their phone number got linked to someone else's account.

Manoz found the bug in the Meta Accounts Center last year, and reported it to the company in mid-September. Meta fixed the bug a few days later, and paid Manoz $27,200 for reporting the bug. Meta spokesperson Gabby Curtis told TechCrunch that at the time of the bug the login system was still at the stage of a small public test. Curtis also said that Meta's investigation after the bug was reported found that there was no evidence of exploitation in the wild, and that Meta saw no spike in usage of that particular feature, which would signal the fact that no one was abusing it.

The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text. BleepingComputer reports: KeePass is a very popular open-source password manager that allows you to manage your passwords using a locally stored database, rather than a cloud-hosted one, such as LastPass or Bitwarden. To secure these local databases, users can encrypt them using a master password so that malware or a threat actor can't just steal the database and automatically gain access to the passwords stored within it. The new vulnerability is now tracked as CVE-2023-24055, and it enables threat actors with write access to a target's system to alter the KeePass XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The next time the target launches KeePass and enters the master password to open and decrypt the database, the export rule will be triggered, and the contents of the database will be saved to a file the attackers can later exfiltrate to a system under their control. However, this export process launches in the background without the user being notified or KeePass requesting the master password to be entered as confirmation before exporting, allowing the threat actor to quietly gain access to all of the stored passwords. [...]

While the CERT teams of Netherlands and Belgium have also issued security advisories regarding CVE-2023-24055, the KeePass development team is arguing that this shouldn't be classified as a vulnerability given that attackers with write access to a target's device can also obtain the information contained within the KeePass database through other means. In fact, a "Security Issues" page on the KeePass Help Center has been describing the "Write Access to Configuration File" issue since at least April 2019 as "not really a security vulnerability of KeePass." If the user has installed KeePass as a regular program and the attackers have write access, they can also "perform various kinds of attacks." Threat actors can also replace the KeePass executable with malware if the user runs the portable version.

"In both cases, having write access to the KeePass configuration file typically implies that an attacker can actually perform much more powerful attacks than modifying the configuration file (and these attacks in the end can also affect KeePass, independent of a configuration file protection)," the KeePass developers explain. "These attacks can only be prevented by keeping the environment secure (by using an anti-virus software, a firewall, not opening unknown e-mail attachments, etc.). KeePass cannot magically run securely in an insecure environment." If the KeePass devs don't release a version of the app that addresses this issue, BleepingComputer notes "you could still secure your database by logging in as a system admin and creating an enforced configuration file."

"This type of config file takes precedence over settings described in global and local configuration files, including new triggers added by malicious actors, thus mitigating the CVE-2023-24055 issue."

An anonymous reader quotes a report from Ars Technica: Nearly 45GB of source code files, allegedly stolen by a former employee, have revealed the underpinnings of Russian tech giant Yandex's many apps and services. It also revealed key ranking factors for Yandex's search engine, the kind almost never revealed in public. [...] While it's not clear whether there are security or structural implications of Yandex's source code revelation, the leak of 1,922 ranking factors in Yandex's search algorithm is certainly making waves. SEO consultant Martin MacDonald described the hack on Twitter as "probably the most interesting thing to have happened in SEO in years" (as noted by Search Engine Land). In a thread detailing some of the more notable factors, researcher Alex Buraks suggests that "there is a lot of useful information for Google SEO as well."

Yandex, the fourth-ranked search engine by volume, purportedly employs several ex-Google employees. Yandex tracks many of Google's ranking factors, identifiable in its code, and competes heavily with Google. Google's Russian division recently filed for bankruptcy after losing its bank accounts and payment services. Buraks notes that the first factor in Yandex's list of ranking factors is "PAGE_RANK," which is seemingly tied to the foundational algorithm created by Google's co-founders.

As detailed by Buraks (in two threads), Yandex's engine favors pages that: - Aren't too old
- Have a lot of organic traffic (unique visitors) and less search-driven traffic
- Have fewer numbers and slashes in their URL
- Have optimized code rather than "hard pessimization," with a "PR=0"
- Are hosted on reliable servers
- Happen to be Wikipedia pages or are linked from Wikipedia
- Are hosted or linked from higher-level pages on a domain
- Have keywords in their URL (up to three)

Sports fashion retailer JD Sports has confirmed miscreants broke into a system that contained data on a whopping 10 million customers, but no payment information was among the mix. The Register reports: In a post to investors this morning, the London Stock Exchange-listed business said the intrusion related to infrastructure that housed data for online orders from sub-brands including JD, Size? Millets, Blacks, Scotts and MilletSport between November 2018 and October 2020. The data accessed consisted of customer name, billing address, delivery address, phone number, order details and the final four digits of payment cards "of approximately 10 million unique customers." The company does "not hold full payment card details" and said that it has "no reason to believe that account passwords were accessed."

As is customary in such incidents, JD Sports has contacted the relevant authorities such as the Information Commissioner's Office and says it has enlisted the help of "leading cyber security experts." The chain has stores across Europe, with some operating in North America and Canada. It also operates some footwear brands including Go Outdoors and Shoe Palace. "We want to apologize to those customers who may have been affected by this incident," said Neil Greenhalgh, chief financial officer at JD Sports. "We are advising them to be vigilant about potential scam emails, calls and texts and providing details on now to report these."

He added: "We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting that data of our customers is an absolute priority for JS."

Amazon is "selling a vacant Bay Area office complex purchased about 16 months ago," reports Bloomberg, "the company's latest effort to unwind a pandemic-era expansion that left it with a surfeit of warehouses and employees." Amazon in October 2021 paid $123 million for the 29-acre property in Milpitas, California, part of a strategy to lock up real estate near big cities that could be used for new warehouses and facilitate future growth.... Amazon is expected to take a loss on the sale of the Metro Corporate Center, according to one person familiar with the terms of the deal, who spoke on condition of anonymity....

Amazon last year began its biggest-ever round of job cuts that will ultimately affect 18,000 workers around the globe. The world's largest e-commerce company, which is scheduled to report earnings on Feb. 2, warned investors that fourth-quarter sales growth would be the slowest in its history.
SFGate writes that the possible sale "is indicative of broader trends in Bay Area corporate real estate, which has struggled with remote work, tech layoffs and broader economic shifts."

"According to a report by commercial real estate firm Kidder Mathews, direct office vacancies in San Francisco rose to more than 18.4% in the fourth quarter of 2022, while a Kastle Systems report found that office occupancy rates rose to 41.8%, just 1% higher than the rates in September 2022."

When Google laid off 6% of its workforce — some of whom had worked for the company for decades — employees "got the news in their inbox," writes Gawker's founding editor in a scathing opinion piece in the New York Times: That sting is becoming an all-too-common sensation. In the last few years, tens of thousands of people have been laid off by email at tech and digital media companies including Twitter, Amazon, Meta and Vox. The backlash from affected employees has been swift.... It's not just tech and media. Companies in a range of industries claim this is the only efficient way to do a lot of layoffs. Informing workers personally is too complicated, they say — and too risky, as people might use their access to internal systems to perform acts of sabotage. (These layoff emails are often sent to employees' personal email; by the time they check it, they've been locked out of all their employer's own platforms.)

As someone who's managed people in newsrooms and digital start-ups and has hired and fired people in various capacities for the last 21 years, I think this approach is not just cruel but unnecessary. It's reasonable to terminate access to company systems, but delivering the news with no personal human contact serves only one purpose: letting managers off the hook. It ensures they will not have to face the shock and devastation that people feel when they lose their livelihoods. It also ensures the managers won't have to weather any direct criticism about the poor leadership that brought everyone to that point.... Future hiring prospects will be reading all about it on Twitter or Glassdoor. In a tight labor market, a company's cruelty can leave a lasting stain on its reputation....

The expectation that an employee give at least two weeks notice and help with transition is rooted in a sense that workers owe their employers something more than just their labor: stability, continuity, maybe even gratitude for the compensation they've earned. But when it's the company that chooses to end the relationship, there is often no such requirement. The same people whose labor helped build the company get suddenly recoded as potential criminals who might steal anything that's not nailed down....

Approval of unions is already at 71 percent. Dehumanizing workers like this is accelerating the trend. Once unthinkable, unionization at large tech companies now seems all but inevitable. Treating employees as if they're disposable units who can simply be unsubscribed to ultimately endangers a company's own interests. It seems mistreated workers know their value, even if employers — as they are increasingly prone to demonstrate — do not.

Fortune reports on what happened next: As questions piled up over the weekend, Google CEO Sundar Pichai addressed the entire company in a meeting on Monday to answer questions, and announced then that top executives would take a pay cut this year as part of the company's cost reduction measures, Business Insider reported. Pichai said that all roles above the senior vice president level will witness "very significant reduction in their annual bonus," adding that for senior roles the compensation was linked to company performance. It was not immediately clear how big Pichai's own pay cut would be.
Reuters also points out that Pichai "received a massive hike in salary a few weeks before Google announced layoffs." But Fortune makes an interesting comparison: Pichai's move to cut the pay for senior executives comes only weeks after Apple's Tim Cook announced his compensation would be 40% lower amid shareholder pressure. The iPhone maker had a strong 2022 and remains one of the few tech behemoths that hasn't announced layoffs yet.
Last year Apple's share price still dropped 27%, reports Forbes, and "According to the Wall Street Journal, Apple is expected next month to report its first quarterly sales decline in over three years."

Yet Apple seems to have avoided layoffs — which Forbes argues is because Apple didn't hire aggressively during the pandemic. Compared to the other Big Tech companies, Apple scaled its workforce at a relatively slow pace and has generally followed the same hiring rate since 2016. While there was a hiring surge in Silicon Valley during the pandemic, Apple added less than 7,000 jobs in 2020....

The tech companies undergoing layoffs right now hired fervently during their pandemic — and even before. Alphabet has consecutively expanded its workforce at least 10% annually since 2013, according to CNBC....

Since 2012, Meta has expanded its workforce by thousands each year. In 2020, Zuckerberg increased headcount by 30% — 13,000 workers. The following year, the social media platform added another 13,000 employees to its payroll. Those two years marked the biggest growth in the company's history.

Amazon has initiated its plan to separate more than 18,000 white-collar professionals from its payroll. In 2021, the online retailer hired an estimated 500,000 employees, according to GeekWire, becoming the second-largest employer in the United States after Walmart. A year later, the company expanded its workforce by 310,000.
Entrepeneur supplies some context about those layoffs at Google: Reports indicate qualifying staff who were let go will receive their full notification period salary plus a severance package beginning at 16 weeks' pay and two additional weeks for every year of employment. Also part of the package: bonuses, vacation time, and health care coverage for up to six months will be paid for, along with job placement and immigration support.
Entrepreneur also notes reports that Google's latest round of layoffs "affected 27 massage therapists across Los Angeles and Irvine."

Long-time Slashdot reader Beave writes: Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as "Black Basta"... Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Once a victim's data is fully exfiltrated the gang then encrypts workstations and servers, and demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.

Fortunately, in this case, Black Basta didn't make it that far. Instead, the security researchers used the opportunity to better understand Black Basta's "backend servers", tools, and methods. Black Basta will sometimes use a victim's network to log into their own servers, which leads to interesting opportunities to observe the gang's operations...

The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta's "backend" servers and how they manage them.

TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.
The articles go into great detail - even asking whether deleting their own exfiltrated data from the gang's server "would technically constitute a federal offense per the 'The Computer Fraud and Abuse Act' of 1986."

The FBI revealed today that it had shut down the prolific ransomware gang called Hive, "a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims," reports Reuters. Slashdot readers wiredmikey and unimind shared the news. From the report: At a news conference, U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco said government hackers broke into Hive's network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organizations' data. They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments. "Using lawful means, we hacked the hackers," Monaco told reporters. "We turned the tables on Hive."

News of the takedown first leaked on Thursday morning when Hive's website was replaced with a flashing message that said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware." Hive's servers were also seized by the German Federal Criminal Police and the Dutch National High Tech Crime Unit. The undercover infiltration, which started in July 2022, went undetected by the gang until now.

The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 different countries, and has collected more than $100 million in ransomware payments. Although there were no arrests announced on Wednesday, Garland said the investigation was ongoing and one department official told reporters to "stay tuned."

A Dutch hacker arrested in November obtained and offered for sale the full name, address and date of birth of virtually everyone in Austria, the Alpine nation's police said on Wednesday. From a report: A user believed to be the hacker offered the data for sale in an online forum in May 2020, presenting it as "the full name, gender, complete address and date of birth of presumably every citizen" in Austria, police said in a statement, adding that investigators had confirmed its authenticity.

The trove comprised close to nine million sets of data, police said. Austria's population is roughly 9.1 million. The hacker had also put "similar data sets" from Italy, the Netherlands and Colombia up for sale, Austrian police said, adding that they did not have further details.

The U.S. government's cybersecurity agency has warned that criminal financially motivated hackers compromised federal agencies using legitimate remote desktop software. From a report: CISA said in a joint advisory with the National Security Agency on Wednesday that it had identified a "widespread cyber campaign involving the malicious use of legitimate remote monitoring and management (RMM) software" that had targeted multiple federal civilian executive branch agencies -- known as FCEBs -- a list that includes Homeland Security, the Treasury, and the Justice Department.

CISA said it first identified suspected malicious activity on two FCEB systems in October while conducting a retrospective analysis using Einstein, a government-operated intrusion detection system used for protecting federal civilian agency networks. Further analysis led to the conclusion that many other government networks were also affected.

A Yandex source code repository allegedly stolen by a former employee of the Russian technology company has been leaked as a Torrent on a popular hacking forum. From a report: Yesterday, the leaker posted a magnet link that they claim are 'Yandex git sources' consisting of 44.7 GB of files stolen from the company in July 2022. These code repositories allegedly contain all of the company's source code besides anti-spam rules.

An anonymous reader shares a report: More than 700 miles from Wall Street, the New York Stock Exchange's backup data center on Cermak Road in Chicago is supposed to safeguard US markets, standing by at all hours in case disaster ever strikes the world's largest venue for trading shares. When markets are closed, it participates in a well-worn routine, with NYSE staffers turning on and off systems to ensure everything works. But heading into Tuesday, an NYSE employee failed to properly shut down Cermak's disaster-recovery system -- leading to a disaster.

That human error, described by people with direct knowledge of NYSE's internal operations, is what triggered wild market swings when trading opened Tuesday morning in Manhattan. The chaos affected more than 250 companies including Wells Fargo, McDonald's, Walmart and Morgan Stanley, in some cases sending stock prices swinging by 25 percentage points in a matter of minutes. The episode has prompted the exchange to cancel thousands of trades at a cost that's still being determined. Meanwhile, market professionals and day traders are rattled and waiting for the exchange to elaborate on what it publicly called a "manual error" involving its "disaster recovery configuration."

British cybersecurity officials are warning that hacking groups linked to Russia and Iran are duping people into clicking malicious links by impersonating journalists and experts. From a report: The hackers, who have similar goals but are said to be working separately, have sought to steal emails from people working in academia, defense, the media and government, as well as from activists and non-governmental organizations, according to an advisory released on Thursday by the UK's National Cyber Security Centre. "These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems," said Paul Chichester, the center's director of operations. "We strongly encourage organizations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online."