An anonymous reader quotes a report from Game Rant: A Discord user has just released various development assets from Valve's repository. It is not an isolated case as Valve is a constant target of hackers and the like. There have been multiple instances wherein concept images or artwork randomly surface on the internet. Valve is a globally recognized company whose games such as Half-Life, Portal, and Team Fortress have grown its large fan base. Its games go through a lengthy development process, which is the reason hundreds to thousands of documents, photos, and such are accumulated during this period. Only a limited number of staff with a Source developer license would have had access to the repository. As such, the files might have been more secure if access was limited.

Twitter user sylvia_braixen stated that one of the biggest Valve data breaches had just occurred. Not long after, they shared screenshots showing the various drops made onto a Discord server. They believe that the files were from the same wave of uploads that users got a taste of as early as 2016. According to the screenshots, the uploads were done by a user named Leakerwanderer, who had access to the Valve repository. Titles such as Half-Life and Team Fortress 2 are no strangers to leaks, and they were among those that had its assets shown this time as well.

Currently, the documents are accessible via a Discord server named Valve Cut Content. However, upon checking, the server is not accepting new members because of the recent flood of users who have tried to check out the files. With the gravity of the leak, people are left wondering if this data breach is a targeted attack, especially since a recent Valve prototype of Left 4 Dead surfaced online just a few days before. It seems that may have served as a precursor to this bigger repository leak.

A Canadian systems security consultant discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. BleepingComputer reports: The malware was discovered by Daniel Milisic, who created a script and instructions to help users nullify the payload and stop its communication with the C2 (command and control) server. The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms. It is unclear if this single device was affected or if all devices from this model or brand include the malicious component.

Milisic believes the malware installed on the device is a strain that resembles 'CopyCat,' a sophisticated Android malware first discovered by Check Point in 2017. This malware was previously seen in an adware campaign where it infected 14 million Android devices to make its operators over $1,500,000 in profits. The analyst tested the stage-1 malware sample on VirusTotal, where it returns only 13 detections out of 61 AV engine scans, classified with the generic term of an Android trojan downloader. [...]

Unfortunately, these inexpensive Android-based TV box devices follow an obscure route from manufacturing in China to global market availability. In many cases, these devices are sold under multiple brands and device names, with no clear indication of where they originate. [...] To avoid such risks, you can pick streaming devices from reputable vendors like Google Chromecast, Apple TV, NVIDIA Shield, Amazon Fire TV, and Roku Stick.

An anonymous reader quotes a report from BleepingComputer: Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms. "Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said. "This username and password combination may potentially also be known to others."

More specifically, the notice explains that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts. The firm detected "an unusually large volume" of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try out credentials in bulk. By December 22, 2022, the company had completed its internal investigation, which revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts: "In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address." For customers utilizing the Norton Password Manager feature, the notice warns that the attackers might have obtained details stored in the private vaults. Depending on what users store in their accounts, this could lead to the compromise of other online accounts, loss of digital assets, exposure of secrets, and more. Norton has reset passwords on impacted accounts and implemented additional measures to counter the malicious attempts. They're recommending customers enable two-factor authentication and take up the offer for a credit monitoring service.

Google warned on Friday that if the Indian antitrust watchdog's ruling is allowed to progress it would result in devices getting expensive in the South Asian market and lead to proliferation of unchecked apps that will pose threats for individual and national security, escalating its concerns over the future of Android in the key overseas region. From a report: "Predatory apps that expose users to financial fraud, data theft and a number of other dangers abound on the internet, both from India and other countries. While Google holds itself accountable for the apps on Play Store and scans for malware as well compliance with local laws, the same checks may not be in place for apps sideloaded from other sources," the company wrote in a blog post, titled "Heart of the Matter." The Competition Commission of India has slapped two fines against Google, alleging the Android-maker abused the Play Store's dominant position in the country and required Android device makers to pre-install its entire Google Mobile Suite.

Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. ArsTechnica reports: "This is an unauthenticated RCE," members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit. "Exploitation is trivial and a PoC published." PoC refers to a proof-of-concept code that exploits the vulnerability. The vulnerability is tracked as CVE-2022-44877. It was discovered by Numan Turle of Gais Cyber Security and patched in October in version 0.9.8.1147. Advisories didn't go public until earlier this month, however, making it likely some users still aren't aware of the threat.

Figures provided by Security firm GreyNoise show that attacks began on January 7 and have slowly ticked up since then, with the most recent round continuing through Wednesday. The company said the exploits are coming from four separate IP addresses located in the US, Netherlands, and Thailand. Shadowserver shows that there are roughly 38,000 IP addresses running Control Web Panel, with the highest concentration in Europe, followed by North America, and Asia. The severity rating for CVE-2022-44877 is 9.8 out of a possible 10. "Bash commands can be run because double quotes are used to log incorrect entries to the system," the advisory for the vulnerability stated. As a result, unauthenticated hackers can execute malicious commands during the login process.

An anonymous reader quotes a report from The Guardian: A Canadian woman has been ordered by a civil tribunal to compensate her former employer for "time theft" after she was caught misrepresenting hours worked by controversial tracking software. Karlee Besse, who worked remotely as an accountant in British Columbia, initially claimed she was fired from her job without cause last year and sought $3,729 in compensation -- both in unpaid wages and severance. But the company, Reach CPA, told the tribunal Beese had logged more than 50 hours that "did not appear to have spent on work-related tasks."

Reach said it installed employee-tracking software called TimeCampon Besse's work laptop after it found her assigned files were over budget and behind schedule, a strategy companies are increasingly taking in the era of remote work. The software tracks how long a document is open, how the employee uses the document and logs the time as work. Weeks later, the company said an analysis "identified irregularities between her timesheets and the software usage logs." While Besse told the tribunal she found the program "difficult" and worried it didn't differentiate between work and personal use, the company demonstrated how TimeCamp automatically makes those distinctions, separating time logs for work from activities such as using the laptop to stream movies and television shows.

Besse said she had printed documents to work on, but did not tell Reach she was using hard copy because she "knew they wouldn't want to hear that" and she was afraid of repercussions. The company said that the software also tracks printing -- and that few documents had been logged as printed. It also said any work from the printed documents would have needed to be input into the company's software, which never happened. [...] The judge tossed out Besse's claim of wrongful termination and ordered her to pay $1,840.27, both in returned wages and as a part of previous advance she had received from the company.

The US Federal Communications Commission is continuing its battle against illegal robocalls. In its latest move, the agency on Wednesday issued cease-and-desist warnings to two more companies. From a report: The warning letters indicate that voice service providers SIPphony and Vultik must "end their apparent support of illegal robocall traffic or face serious consequences," according to an FCC announcement. The FCC says its investigations show that Vultik and SIPphony have allowed illegal robocalls to originate from their networks. Each provider must take immediate action and inform the FCC of the active steps it's taking to mitigate illegal robocalls. If either fails to comply with steps and rules outlined in the letters, its call traffic may be permanently blocked.

Last month, The Guardian closed its offices after being hit by a "highly sophisticated" ransomware attack. In an update to staff, Guardian group chief Anna Bateson and newspaper editor-in-chief Katharine Viner said intruders were able to access the personal data of UK employees. Engadget reports: They described the incident as a "highly sophisticated cyber-attack involving unauthorised third-party access to parts of our network," most likely triggered by a "phishing" attempt in which the victim is tricked, often via email, into downloading malware. The Guardian said it had no reason to believe the personal data of readers and subscribers had been accessed. It is not believed that the personal data of Guardian US and Guardian Australia staff has been accessed either. However, the message to staff said there had been no evidence of data being exposed online, so the risk of fraud is considered to be low.

The attack was detected on 20 December and affected parts of the company's technology infrastructure. Staff, most of whom have been working from home since the attack, have been able to maintain production of a daily newspaper, while online publishing has been unaffected. The Guardian has been using external experts to gauge the extent of the attack and to recover its systems. Although the Guardian expects some critical systems to be back up and running "within the next two weeks," a return to office working has been postponed until early February in order to allow IT staff to focus on network and system restoration.

An anonymous reader quotes a report from TechCrunch: A government watchdog has published a scathing rebuke of the Department of the Interior's cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department's security policies allow easily guessable passwords like 'Password1234'. The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight of the U.S. executive agency that manages the country's federal land, national parks and a budget of billions of dollars, said that the department's reliance on passwords as the sole way of protecting some of its most important systems and employees' user accounts has bucked nearly two decades of the government's own cybersecurity guidance of mandating stronger two-factor authentication. It concludes that poor password policies puts the department at risk of a breach that could lead to a "high probability" of massive disruption to its operations.

The inspector general's office said it launched its investigation after a previous test of the agency's cybersecurity defenses found lax password policies and requirements across the Department of the Interior's dozen-plus agencies and bureaus. The aim this time around was to determine if the department's security defenses were enough to block the use of stolen and recovered passwords. [...] To make their point, the watchdog spent less than $15,000 on building a password-cracking rig -- a setup of a high-performance computer or several chained together -- with the computing power designed to take on complex mathematical tasks, like recovering hashed passwords. Within the first 90 minutes, the watchdog was able to recover nearly 14,000 employee passwords, or about 16% of all department accounts, including passwords like 'Polar_bear65' and 'Nationalparks2014!'. The watchdog also recovered hundreds of accounts belonging to senior government employees and other accounts with elevated security privileges for accessing sensitive data and systems. Another 4,200 hashed passwords were cracked over an additional eight weeks of testing. [...]

The watchdog said it curated its own custom wordlist for cracking the department's passwords from dictionaries in multiple languages, as well as U.S. government terminology, pop culture references, and other publicly available lists of hashed passwords collected from past data breaches. By doing so, the watchdog demonstrated that a well-resourced cybercriminal could have cracked the department's passwords at a similar rate, the report said. The watchdog found that close to 5% of all active user account passwords were based on some variation of the word "password" and that the department did not "timely" wind down inactive or unused user accounts, leaving at least 6,000 user accounts vulnerable to compromise. The report also criticized the Department of the Interior for "not consistently" implementing or enforcing two-factor authentication, where users are required to enter a code from a device that they physically own to prevent attackers from logging in using just a stolen password.

Microsoft has revealed that a Premium cut of its Teams cloudy collaborationware suite will debut in early February, and some features that are currently included in Microsoft 365 will move to the new -- more costly -- product. From a report: As Microsoft's licensing guide clarifies: "some Teams features will move from Teams licenses to Teams Premium licenses." Those features are:
Live translated captions;
Timeline markers in Teams meeting recordings for when a user left or joined meetings;
Custom organization Together mode scenes;
Virtual Appointments - SMS notifications;
Virtual Appointments - Organizational analytics in the Teams admin center;
Virtual Appointments - Scheduled queue view.

Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messenger that its Switzerland-based developer says provides a level of security and privacy "no other chat service" can offer. From a report: Despite the unusually strong claims and two independent security audits Threema has received, the researchers said the flaws completely undermine assurances of confidentiality and authentication that are the cornerstone of any program sold as providing end-to-end encryption, typically abbreviated as E2EE. Threema has more than 10 million users, which include the Swiss government, the Swiss army, German Chancellor Olaf Scholz, and other politicians in that country. Threema developers advertise it as a more secure alternative to Meta's WhatsApp messenger. It's among the top Android apps for a fee-based category in Switzerland, Germany, Austria, Canada, and Australia. The app uses a custom-designed encryption protocol in contravention of established cryptographic norms.

Researchers from the Zurich-based ETH research university reported on Monday that they found seven vulnerabilities in Threema that seriously call into question the true level of security the app has offered over the years. Two of the vulnerabilities require no special access to a Threema server or app to cryptographically impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server. The remaining two can be exploited when an attacker gains access to an unlocked phone, such as at a border crossing. "In totality, our attacks seriously undermine Threema's security claims," the researchers wrote. "All the attacks can be mitigated, but in some cases, a major redesign is needed."

Two of the US government's leading security agencies are building a machine learning-based analytics environment to defend against rapidly evolving threats and create more resilient infrastructures for both government entities and private organizations. From a report: The Department of Homeland Security (DHS) -- in particular its Science and Technology Directorate research arm -- and Cybersecurity and Infrastructure Security Agency (CISA) picture a multicloud collaborative sandbox that will become a training ground for government boffins to test analytic methods and technologies that rely heavily on artificial intelligence and machine learning techniques. It also will include an automated machine learning "loop" through which workloads -- think exporting and tuning data -- will flow.

The CISA Advanced Analytics Platform for Machine Learning (CAP-M) -- previously known as CyLab -- will drive problem solving around cybersecurity that encompasses both on-premises and cloud environments, according to the agencies. "Fully realized, CAP-M will feature a multi-cloud environment and multiple data structures, a logical data warehouse to facilitate access across CISA data sets, and a production-like environment to enable realistic testing of vendor solutions," DHS and CISA wrote in a one-page description of the project. "While initially supporting cyber missions, this environment will be flexible and extensible to support data sets, tools, and collaboration for other infrastructure security missions."

Hackers have disrupted access to the websites of Denmark's central bank and seven private banks in the country this week, according to the central bank and an IT firm that serves the industry. From a report: The websites of the central bank and Bankdata, a company that develops IT solutions for the financial industry, were hit by so-called distributed denials of service (DDoS), which direct traffic towards targeted servers in a bid to knock them offline. A spokesperson for the central bank said its website was working normally on Tuesday afternoon and the attack did not impact the bank's other systems or day-to-day operations. Access to the websites of seven private banks was briefly restricted on Tuesday after the DDoS attack on Bankdata, a company spokesperson said. The banks included two of Denmark's largest, Jyske Bank and Sydbank, he said.

An anonymous reader quotes a report from Motherboard: A team of security researchers managed to gain "super administrative access" into Reviver, the company behind California's new digital license plates which launched last year. That access allowed them to track the physical GPS location of all Reviver customers and change a section of text at the bottom of the license plate designed for personalized messages to whatever they wished, according to a blog post from the researchers. "An actual attacker could remotely update, track, or delete anyone's REVIVER plate," Sam Curry, a bug bounty hunter, wrote in the blog post. Curry wrote that he and a group of friends started finding vulnerabilities across the automotive industry. That included Reviver.

California launched the option to buy digital license plates in October. Reviver is the sole provider of these plates, and says that the plates are legal to drive nationwide, and "legal to purchase in a growing number of states." [...] In the blog post, Curry writes the researchers were interested in Reviver because the license plate's features meant it could be used to track vehicles. After digging around the app and then a Reviver website, the researchers found Reviver assigned different roles to user accounts. Those included "CONSUMER" and "CORPORATE." Eventually, the researchers identified a role called "REVIVER," managed to change their account to it, which in turn granted them access to all sorts of data and capabilities, which included tracking the location of vehicles. "We could take any of the normal API calls (viewing vehicle location, updating vehicle plates, adding new users to accounts) and perform the action using our super administrator account with full authorization," Curry writes. "We could additionally access any dealer (e.g. Mercedes-Benz dealerships will often package REVIVER plates) and update the default image used by the dealer when the newly purchased vehicle still had DEALER tags." Reviver told Motherboard in a statement that it patched the issues identified by the researchers. "We are proud of our team's quick response, which patched our application in under 24 hours and took further measures to prevent this from occurring in the future. Our investigation confirmed that this potential vulnerability has not been misused. Customer information has not been affected, and there is no evidence of ongoing risk related to this report. As part of our commitment to data security and privacy, we also used this opportunity to identify and implement additional safeguards to supplement our existing, significant protections," the statement read.

"Cybersecurity is central to our mission to modernize the driving experience and we will continue to work with industry-leading professionals, tools, and systems to build and monitor our secure platforms for connected vehicles," it added.

Raspberry Pi is launching a new camera module for use with its diminutive DIY computers -- the Camera Module 3. Its upgraded Sony IMX708 sensor is higher resolution, but perhaps more important is that the new module supports high dynamic range photography and autofocus. Alongside it, Raspberry Pi is also releasing a new camera board for use with M12-mount lenses. From a report: Combined, the new features mean the Camera Module 3 should be able to take more detailed photographs (especially in low light), and can focus on objects as little as 5cm away. The autofocus uses a Phase Detection Autofocus (PDAF) system, with Contrast Detection Autofocus used as a backup. In contrast, previous versions of the camera module had fixed-focus lenses, which Raspberry Pi CEO Eben Upton writes were "optimized to focus at infinity" and could only take a "reasonably sharp image" of objects around a meter away.

The new module's sensor has a resolution of 11.9 megapixels (compared to 8.1 megapixels for the last version), and has a higher horizontal resolution that should allow it to film HD video. HDR support means the Camera Module 3 can take several exposures of the same scene, and combine them so that both darker and lighter parts of an image are properly exposed (at the expense of some resolution) -- a trick commonly performed by just about every smartphone. Prices start at $25 for the Camera Module 3 with a standard field-of-view, while the ultra-wide angle version with a 102-degree field of view is $35.

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureausBrian Krebs reported Monday. From the report: Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian's website allowed anyone to bypass these questions and go straight to the consumer's report. All that was needed was the person's name, address, birthday and Social Security number. In December, KrebsOnSecurity heard from Jenya Kushnir, a security researcher living in Ukraine who said he discovered the method being used by identity thieves after spending time on Telegram chat channels dedicated to the cashing out of compromised identities.

"I want to try and help to put a stop to it and make it more difficult for [ID thieves] to access, since [Experian is] not doing shit and regular people struggle," Kushnir wrote in an email to KrebsOnSecurity explaining his motivations for reaching out. "If somehow I can make small change and help to improve this, inside myself I can feel that I did something that actually matters and helped others." Kushnir said the crooks learned they could trick Experian into giving them access to anyone's credit report, just by editing the address displayed in the browser URL bar at a specific point in Experian's identity verification process.

"Envy the lumberjacks, for they perform the happiest, most meaningful work on earth," writes the Washington Post.

"Or at least they think they do. Farmers, too." Agriculture, logging and forestry have the highest levels of self-reported happiness — and lowest levels of self-reported stress — of any major industry category, according to our analysis of more than 13,000 time journals from the Bureau of Labor Statistics' American Time Use Survey. (Additional reporting sharpened our focus on lumberjacks and foresters, but almost everyone who works on farms or in forests stands out.)

The time-use survey typically asks people to record what they were doing at any given time during the day. But in four recent surveys, between 2010 and 2021, they also asked a subset of those people — more than 13,000 of them — how meaningful those activities were, or how happy, sad, stressed, pained and tired they felt on a six-point scale.... [H]appiness and meaning aren't always correlated. Heath-care and social workers rate themselves as doing the most meaningful work of anybody (apart from the laudable lumberjacks), but they rank lower on the happiness scale. They also rank high on stress.

The most stressful sectors are the industry including finance and insurance, followed by education and the broad grouping of professional and technical industries, a sector that includes the single most stressful occupation: lawyers. Together, they paint a simple picture: A white collar appears to come with significantly more stress than a blue one.
The Post credits "adjacency to nature" as boosting the happiness in forestry-related professions (as well as many recreational activities). The Post spoke to one forestry advocate who even argued that "Forestry forces you to work on a slower time scale. It pushes you to have a generational outlook."

"A new Linux malware downloader created using SHC (Shell Script Compiler) has been spotted in the wild," reports the site Bleeping Computer, "infecting systems with Monero cryptocurrency miners and DDoS IRC bots...

"The analysts say the attacks likely rely on brute-forcing weak administrator account credentials over SSH on Linux servers.... " According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.... When the SHC malware downloader is executed, it will fetch multiple other malware payloads and install them on the device. One of the payloads is an XMRig miner that is downloaded as a TAR archive from a remote URL and extracted to "/usr/local/games/" and executed....

The second payload retrieved, dropped, and loaded by the SHC malware downloader is a Perl-based DDoS IRC bot. The malware connects to the designated IRC server using configuration data and goes through a username-based verification process. If successful, the malware awaits commands from the IRC server, including DDoS-related actions such as TCP Flood, UDP Flood, and HTTP Flood, port scanning, Nmap scanning, sendmail commands, process killing, log cleaning, and more.

ASEC warns that attacks like these are typically caused by using weak passwords on exposed Linux servers.

"We are seeing, across the gamut, products that impact our privacy, products that create cybersecurity risks, that have overarchingly long-term environmental impacts, disposable products, and flat-out just things that maybe should not exist."

That's the CEO of the how-to repair site iFixit, introducing their third annual "Worst in Show" ceremony for the products displayed at this year's CES. But the show's slogan promises it's also "calling out the most troubling trends in tech." For example, the EFF's executive director started with two warnings. First, "If it's communicating with your phone, it's generally communicating to the cloud too." But more importantly, if a product is gathering data about you and communicating with the cloud, "you have to ask yourself: is this company selling something to me, or are they selling me to other people? And this year, as in many past years at CES, it's almost impossible to tell from the products and the advertising copy around them! They're just not telling you what their actual business model is, and because of that — you don't know what's going on with your privacy."

After warning about the specific privacy implications of a urine-analyzing add-on for smart toilets, they noted there was a close runner-up for the worst privacy: the increasing number of scam products that "are basically based on the digital version of phrenology, like trying to predict your emotions based upon reading your face or other things like that. There's a whole other category of things that claim to do things that they cannot remotely do."

To judge the worst in show by environmental impact, Consumer Reports sent the Associate Director for their Product Sustainability, Research and Testing team, who chose the 55-inch portable "Displace TV" for being powered only by four lithium-ion batteries (rather than, say, a traditional power cord).

And the "worst in show" award for repairability went to the Ember Mug 2+ — a $200 travel mug "with electronics and a battery inside...designed to keep your coffee hot." Kyle Wiens, iFixit's CEO, first noted it was a product which "does not need to exist" in a world which already has equally effective double-insulated, vaccuum-insulated mugs and Thermoses. But even worse: it's battery powered, and (at least in earlier versions) that battery can't be easily removed! (If you email the company asking for support on replacing the battery, Wiens claims that "they will give you a coupon on a new, disposable coffee mug. So this is the kind of product that should not exist, doesn't need to exist, and is doing active harm to the world.

"The interesting thing is people care so much about their $200 coffee mug, the new feature is 'Find My iPhone' support. So not only is it harming the environment, it's also spying on where you're located!"

The founder of SecuRepairs.org first warned about "the vast ecosystem of smart, connected products that are running really low-quality, vulnerable software that make our persons and our homes and businesses easy targets for hackers." But for the worst in show for cybersecurity award, they then chose Roku's new Smart TV, partly because smart TVs in general "are a problematic category when it comes to cybersecurity, because they're basically surveillance devices, and they're not created with security in mind." And partly because to this day it's hard to tell if Roku has fixed or even acknowledged its past vulnerabilities — and hasn't implemented a prominent bug bounty program. "They're not alone in this. This is a problem that affects electronics makers of all different shapes and sizes at CES, and it's something that as a society, we just need to start paying a lot more attention to."

And US Pirg's "Right to Repair" campaign director gave the "Who Asked For This" award to Neutrogena's "SkinStacks" 3D printer for edible skin-nutrient gummies — which are personalized after phone-based face scans. ("Why just sell vitamins when you could also add in proprietary refills and biometic data harvesting.")

America's Federal Trade Commission "took an a bold move on Thursday aimed at shifting the balance of power from companies to workers," reports NPR: The agency proposed a new rule that would prohibit employers from imposing noncompete agreements on their workers, a practice it called exploitative and widespread, affecting some 30 million American workers. "The freedom to change jobs is core to economic liberty and to a competitive, thriving economy," said FTC Chair Lina M. Khan in a statement. "Noncompetes block workers from freely switching jobs, depriving them of higher wages and better working conditions, and depriving businesses of a talent pool that they need to build and expand."

Noncompete agreements restrict workers from quitting their jobs and taking new jobs at rival companies or starting up similar businesses of their own within a certain time period — typically between six months and two years. They're used across a broad array of industries, including in high-paying white-collar fields such as banking and tech, but also in many low-wage sectors as well, as President Biden has pointed out.

"These aren't just high-paid executives or scientists who hold secret formulas for Coca-Cola so Pepsi can't get their hands on it," Biden said in a speech about competition in 2021. "A recent study found one in five workers without a college education is subject to non-compete agreements...." The FTC estimates that a ban on noncompete agreements could increase wages by nearly $300 billion a year by allowing workers to pursue better opportunities.

The rule does not take effect immediately. The public has 60 days to offer comment on the proposed rule, after which a final rule could be published and then enforced some months after that.
Thanks to Slashdot reader couchslug for submitting the story.