Google's decision to enable two-factor authentication by default has resulted in a 50 percent decrease in account breaches among those users where the feature was auto-enabled. Engadget reports: The company didn't say how rapidly it expected 2FA to spread, but promised to continue the rollout through 2022. More than 150 million people have been auto-enrolled so far, including more than 2 million YouTube creators. The company also promised more security upgrades to help mark Safer Internet Day. As of March, Google will let you opt-in to an account-level safe browsing option that keeps you from visiting known harmful sites. Google is also expanding Assistant's privacy-minded Guest Mode to nine new languages in the months ahead, and has promised to ramp up safeguards for politicians ahead of the US midterm elections.

An anonymous reader quotes a report from Motherboard: Ukraine's Security Service said it has shut down a troll farm in the city of Lviv. "The SSU cyber specialists uncovered and dismantled two bot farms in Lviv with a total capacity of 18,000 fake accounts," an SSU press release said. "According to preliminary information, organizers from Russia supervised the administrators of the bot farms." According to the press release, three people in two different residences were involved. Two gave over their apartments to the operation while a third took care of maintaining the accounts and equipment. "The bot farms worked mostly in social networks: distributed fakes to spread panic," the press release said. "The bots also published false information about bomb threats at various facilities."

The SSU said it seized two sets of GSM gateways, 3,000 SIM cards, laptops, and accounting records. GSM gateways are equipment that allows people to use SIM cards to connect to networks outside the default network they're meant to be connected to. They're popular tools for hackers and other cyber criminals, who can use them to manage several phone numbers, and to connect to Voice Over IP, or VoIP networks. The photos of the bust show dozens of GSM gateways stuffed with blurred SIM cards.

Drivers of certain vehicles in Seattle and other parts of Western Washington are shouting at their car radios this week. Not because of any particular song or news item that's being broadcast, but because an apparent technical glitch has caused the radios to be stuck on public radio station KUOW. From a report: The impacted drivers appear to all be owners of Mazda vehicles from between 2014 and 2017. In some cases the in-car infotainment systems have stopped working altogether, derailing the ability to listen to the radio at all or use Bluetooth phone connections, GPS, the rear camera and more. According to Mazda drivers who spoke with GeekWire, and others in a Reddit thread discussing the dilemma, everyone who has had an issue was listening to KUOW 94.9 in recent weeks when the car systems went haywire. KUOW sounded unsure of a possible cause; at least one dealership service department blamed 5G; and Mazda told GeekWire in an official statement that it identified the problem and a fix is planned.

Microsoft is in talks to acquire cybersecurity research and incident response company Mandiant, Bloomberg News reported Wednesday, citing people familiar with the discussions, a deal that would bolster efforts to protect customers from hacks and breaches. From the report: The deliberations may not result in an offer, said the people, who asked not to be identified because the talks are private. Mandiant and Microsoft declined to comment. Mandiant shares surged 18% in New York, bringing its market value to almost $4.3 billion. Microsoft stock gained 1.2% to $304.56. Adding Mandiant would build up Microsoft's arsenal of products for protecting clients and responding to cybersecurity threats. The software giant bought two smaller cybersecurity companies last year, and said last month that it had amassed $15 billion in security software sales in 2021, up almost 45% from a year earlier. The company last year named former Amazon.com cloud executive Charlie Bell to oversee its security efforts, and said it had 3,500 employees working to safeguard customers "from the chip to the cloud."

Twitter told a U.S. senator it is cutting ties with a European technology company that helped it send sensitive passcodes to its users via text message. From a report: The social media firm said in a disclosure to U.S. Senator Ron Wyden, a Democrat from Oregon, that it is "transitioning" its service away from working with Mitto AG, according to a Wyden aide. A co-founder of Mitto operated a service that helped governments secretly surveil and track mobile phones, according to former employees and clients, as Bloomberg News and London-based Bureau of Investigative Journalism reported in December. Twitter cited media reports as the motivating factor behind its decision, the Wyden aide said. Several other companies have allegedly already cut ties with Mitto. In recent weeks, messaging companies Kaleyra and MessageBird have both ceased commercial relationships with Mitto, according to three people familiar with the matter.

ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems. Bleeping Computer reports: Today, ExpressVPN announced that they are now offering a $100,000 bug bounty for critical vulnerabilities in their in-house technology, TrustedServer. "This is the highest single bounty offered on the Bugcrowd platform and 10 times higher than the top reward previously offered by ExpressVPN," the company shared in an email to BleepingComputer. The new $100,000 one-time bounty is offered with the following conditions:

- The first person to submit a valid vulnerability, granting unauthorized access or exposing customer data, will receive the $100,000 bounty. This one-time bonus is valid until the prize has been claimed.
- The one-time $100,000 bounty is only eligible for vulnerabilities in ExpressVPN's VPN Server.
- Activities should remain in scope to the TrustedServer platform. If unsure that your testing is considered in-scope, please reach out to support@bugcrowd.com to confirm first.

ExpressVPN also invites security researchers to uncover possible ways to leak the actual IP address of clients and monitor user traffic. The bug bounty program is run through BugCrowd, which offers a safe harbor for researchers who attempt to breach ExpressVPN's servers as part of the program.

The Polish government has announced today the creation of a new cyber component inside its Army Forces that will be tasked with carrying out operations in cyber-space. From a report: Named the Cyberspace Defense Forces (Wojska Obrony Cyberprzestrzeni), the new branch will operate as a command center inside the Polish Army and will have the authority to carry out reconnaissance, defensive, and offensive operations, the Polish Ministry of National Defense said today. Work on establishing this unit began in 2019 and was formalized earlier today in a ceremony at the Club of the Military University of Technology in Warsaw, where Minister of National Defense Mariusz Blaszczak appointed Brig. Gen. Karol Molenda as the unit's inaugural commander. [...] With today's announcement, Poland becomes one of the very few countries in the world to formally create a cyber component for their armed forces after NATO officially declared cyberspace a formal warfare battleground and domain of operations at the 2016 NATO Summit, held in Warsaw, Poland.

An anonymous reader shares a report: Briggs [anecdote in the story] is part of a growing movement of artists and designers who produce alternatives to the stock keycaps sold with most mechanical keyboards. The small plastic blocks are easy to detach from their switches using simple pulling tools, and changing them can give a keyboard a radically different look, feel, and sound -- not to mention turn a generic computer accessory into something much more personal. Swapping out keycaps for aftermarket alternatives has become so commonplace that it's not uncommon to see premium keyboards sold without keycaps in the box. But as designer keycaps have become more popular, so have cheaper knockoffs. These keysets use the same color schemes and often even the same names, in an apparent attempt to piggyback off the popularity of original designs. To a casual observer it's rarely obvious that they're produced by an unrelated company, without any input from the designer, and may be capturing sales that could have supported the original creator.

In one of the most impactful changes made in recent years, Microsoft has announced today that it will block by default the execution of VBA macro scripts inside five Office applications. From a report: Starting with early April 2022, Access, Excel, PowerPoint, Visio, and Word users will not be able to enable macro scripts inside untrusted documents that they downloaded from the internet. The change, which security researchers have been requesting for years, is expected to put a serious roadblock for malware gangs, which have relied on tricking users into enabling the execution of a macro script as a way to install malware on their systems. In these attacks, users typically receive a document via email or which they are instructed to download from an internet website. When they open the file, the attacker typically leaves a message instructing the user to enable the execution of the macro script. While users with some technical and cybersecurity knowledge may be able to recognize this as a lure to get infected with malware, many day-to-day Office users are still unaware of this technique and end up following the provided instructions, effectively infecting themselves with malware.

Google has launched today a new security feature for Google Cloud tenants that is meant to detect and block cryptomining operations that may be taking place behind the owners' backs. From a report: Named Virtual Machine Threat Detection (VMTD), Google said this new feature is an agentless system that continually scans the memory of virtual machines deployed in Google Cloud environments for tell-tale signs of increased CPU or GPU usage -- specific to cryptomining operations. To avoid false-positive detections, the feature has been left disabled by default; however, any customer can enable it for their GCP VMs. They can do this by going to the Settings page of their Security Command Center and looking under the Manage Settings section. Google said the feature will only work with non-sensitive memory, and VMTD will not process memory from nodes marked as "Confidential." VMTD has begun rolling out today for public preview, so tenants are recommended to enable it for smaller portions of their nodes and keep a close eye on its impact on performance.

NBC News tells the story of Rich, a Coca-Cola delivery driver who didn't get a paycheck at Christmas because of a ransomware attack on the payroll company serving Coke's largest distributor.

But then "more than a month after hackers crippled Kronos," paychecks to its employees in Indiana, Ohio and West Virginia "have been sporadic, according to union representatives." Rich, who asked not to be identified by his last name for fear of retaliation from his employer, is among hundreds of workers who deliver Coke products in at least three states who say they're still owed wages — fallout from one of the many ransomware attacks that hit U.S. companies practically every day. Rich, a father of three, said he's had to dip into his savings, which have dwindled down in recent weeks. "They went from $1,100, $1,200 a week to $300, $600," he said of his paychecks. "I got one $300 paycheck, and I called and told them exactly what I needed paid, and they sent me a $46 check...."

"We've got 130 people and they've all got problems," said Max Zemla, the president of the Cleveland-area Teamsters Local 293. "Some are telling me they're not as bad off. I have a guy who's off a thousand dollars. Uses his money for his kid's tuition for school, and he's not able to pay it...."

"The timekeeping vendor Kronos that suffered the attack is in the process of coming back online," [said Josh Gelinas, Coca-Cola Consolidated's vice president of communications February 1st] in an emailed statement. "But, until these digital systems are fully restored, we must continue manually recording work hours for thousands of our teammates. This process is taking longer than we would like and may have resulted in some inconsistencies, but our teammates will be paid for every hour they've worked...."

[NBC reports that a spokesperson for Kronos "noted that the company announced on Jan. 22 that it had finally restored all its services."]

Jeff Combs, the secretary treasurer of Teamsters Local 135 in Indianapolis, said the vast majority of the roughly 200 Coca-Cola Consolidated employees he represents are still owed pay. "Some are still owed as high as $4,700," Combs said.
Rich complains to NBC News that "now my savings have dwindled down because a billion-dollar company can't give you an average paycheck." But it shows ransomware's effects ultimately reach farther than we realize. "It's often assumed that ransomware mainly affects governments and major corporations because it's those incidents that make the news," a ransomware analyst at Emsisoft tells NBC News.

"The reality, however, is that more than half of all ransomware victims are small businesses and individuals. And, unfortunately, they are usually not as well prepared to deal with the problem as larger organizations and probably feel more pain as a result."

Long-time Slashdot reader olddoc and his wife have three frequently-used credit cards, stored at many online businesses for easy checkout.

"In the past 6 months we have received fraud notices from the card companies three times." Typically there is a $1 charge in a far away location. Once there was a charge for thousands of dollars at a bar. The card companies seem to pick up the fact that they are fraudulent even though once it was described as "chip present".

What can we do to cut down the number of times we have to update all our ongoing bills with a new card number?
The original submission acknowledges that "We have never lost money to fraud, just time." But is the problem storing the card numbers with online businesses? Long-time Slashdot reader Z00L00K argues "Never ever do this. Never ever have your card stored at an online business even if it's more inconvenient to enter it every time. You NEVER know how your number is stored, it can be stored in a database that's not secure enough or it can be stored in an encrypted cookie on your computer in which case that cookie might be read and decrypted by just about any web site out there if they have figured out how to access cookies for another site. There are a lot of ways that your card details can leak."

That comment also concedes it's possible someone's using a card-number generator to target the same range of credit card numbers. But is there a better solution?

Share your own thoughts in the comments. How can you keep your credit card numbers from being stolen?

The Associated Press reports: News Corp., publisher of The Wall Street Journal, said Friday that it had been hacked and had data stolen from journalists and other employees, and a cybersecurity firm investigating the intrusion said Chinese intelligence-gathering was believed behind the operation.

The Journal, citing people briefed on the intrusion, reported that it appeared to date back to February 2020 and that scores of employees were impacted. It quoted them as saying the hackers were able to access reporters' emails and Google Docs, including drafts of articles. News Corp., whose publications and businesses include the New York Post and Journal parent Dow Jones, said it discovered the breach on Jan. 20. It said customer and financial data were so far not affected and company operations were not interrupted. But the potential impact on news reporting and sources was a serious concern.

News organizations are prime targets for the world's intelligence agencies because their reporters are in constant contact with sources of sensitive information. Journalists and newsrooms from Mexico and El Salvador to Qatar, where Al-Jazeera is based, have been hacked with powerful spyware.

Mandiant, the cybersecurity firm examining the hack, said in a statement that it "assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China's interests...." FBI Director Christopher Wray said in a speech this week that the bureau opens investigations tied to suspected Chinese espionage operations about every 12 hours, and has more than 2,000 such probes. He said Chinese government hackers have been pilfering more personal and corporate data than all other countries combined. While state-backed Russian hacking tends to get more headlines, U.S. officials say China has been stealthily stealing far more valuable commercial and personal data over the past few decades as digital technology took hold.
CBS News reports that "preliminary findings point to a supply chain hack," since News Corp wrote in its report that they'd discovered one of the third-party providers supporting their technology and "cloud-based" systems "was the target of persistent cyberattack activity."

The Associated Press adds that major newsrooms have also been compromised previously, including a 2013 cyberespionage attack against the New York Times in 2013. A former information security executive at the paper explaining "that while major newsrooms have shown a lot of progress in the last few years in helping their journalists navigate an increasingly hostile digital world, those efforts are not adequate to defend against a skilled and determined adversary like China."

An anonymous reader quotes a report from Gizmodo: Clearview AI, the shady face recognition firm which claims to have landed contracts with federal, state, and local cops across the country, has landed a roughly $50,000 deal with the U.S. military for augmented reality glasses. First flagged by Tech Inquiry's Jack Poulson, Air Force procurement documents show that it awarded a $49,847 contract to Clearview AI for the purposes of "protecting airfields with augmented reality facial recognition; glasses." The contract is designated as part of the Small Business Innovation Research (SBIR) program, meaning that Clearview's contract is to determine for the Air Force whether such applications are feasible.

Bryan Ripple, a media lead at the Air Force Research Laboratory Public Affairs, told Gizmodo via email that Clearview will conduct a three-month study under which "no glasses or units are being delivered under contract," nor are any prototypes. Clearview, he wrote, stipulated "that security personnel are vulnerable while their hands are occupied with scanners and ID cards" and AR goggles would allow them to "remain hands-free and ready during this timeframe." "Clearview AI's Augmented Reality (AR) Glasses perform facial recognition scanning to vet backgrounds and restrict unauthorized individuals from entering bases and flightlines," Ripple wrote. "This 100% hands-free identity verification wearable device allows Defenders to keep their weapons at the ready, increase standoff and social distance, and confirm authorized base access using rapid and accurate facial biometrics while keeping threats distant. The results are improved safety at entry control points and for bases, faster identity verification without manual ID card checks, and cost savings by replacing the need for large permanent camera installations."

In a promotional document shared by the Air Force, Clearview argued that in the time it takes to scan an ID card at the entry point to a military facility, "A criminal or terrorist can pull a gun, knife, or weapon during this brief but critical moment, kill the Defender, and access the base." They argued the AR glasses would increase "standoff distance," save guards time while vetting high volumes of traffic and allow them to maintain distance from anyone contagious with diseases.

A group of lawmakers have re-introduced the EARN IT Act, an incredibly unpopular bill from 2020 that "would pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe," writes Joe Mullin via the Electronic Frontier Foundation. "It's a framework for private actors to scan every message sent online and report violations to law enforcement. And it might not stop there. The EARN IT Act could ensure that anything hosted online -- backups, websites, cloud photos, and more -- is scanned." From the report: The bill empowers every U.S. state or territory to create sweeping new Internet regulations, by stripping away the critical legal protections for websites and apps that currently prevent such a free-for-all -- specifically, Section 230. The states will be allowed to pass whatever type of law they want to hold private companies liable, as long as they somehow relate their new rules to online child abuse. The goal is to get states to pass laws that will punish companies when they deploy end-to-end encryption, or offer other encrypted services. This includes messaging services like WhatsApp, Signal, and iMessage, as well as web hosts like Amazon Web Services. [...]

Separately, the bill creates a 19-person federal commission, dominated by law enforcement agencies, which will lay out voluntary "best practices" for attacking the problem of online child abuse. Regardless of whether state legislatures take their lead from that commission, or from the bill's sponsors themselves, we know where the road will end. Online service providers, even the smallest ones, will be compelled to scan user content, with government-approved software like PhotoDNA. If EARN IT supporters succeed in getting large platforms like Cloudflare and Amazon Web Services to scan, they might not even need to compel smaller websites -- the government will already have access to the user data, through the platform. [...] Senators supporting the EARN IT Act say they need new tools to prosecute cases over child sexual abuse material, or CSAM. But the methods proposed by EARN IT take aim at the security and privacy of everything hosted on the Internet.

The Senators supporting the bill have said that their mass surveillance plans are somehow magically compatible with end-to-end encryption. That's completely false, no matter whether it's called "client side scanning" or another misleading new phrase. The EARN IT Act doesn't target Big Tech. It targets every individual internet user, treating us all as potential criminals who deserve to have every single message, photograph, and document scanned and checked against a government database. Since direct government surveillance would be blatantly unconstitutional and provoke public outrage, EARN IT uses tech companies -- from the largest ones to the very smallest ones -- as its tools. The strategy is to get private companies to do the dirty work of mass surveillance.

The Biden administration has formed a panel of senior administration officials and private-sector experts to investigate major national cybersecurity failures, and it will probe as its first case the recently discovered Log4j internet bug, officials said. From a report: The new Cyber Safety Review Board is tasked with examining significant cybersecurity events that affect government, business and critical infrastructure. It will publish reports on security findings and recommendations, officials said. Details of the board will be announced Thursday. The board, officials have said, is modeled loosely on the National Transportation Safety Board, which investigates and issues public reports on airplane crashes, train derailments and other transportation accidents. The new panel's authority derives from an executive order that President Biden signed in May to improve federal cybersecurity defenses.

The cyber board isn't an independent agency like the transportation board and will instead reside within the Department of Homeland Security. It will have 15 members -- three times as many as the full complement of the transportation board -- from government and the public sector who don't need to be confirmed by the Senate. It lacks subpoena power, unlike the transportation board. Homeland Security Secretary Alejandro Mayorkas said in an interview that the cyber board was intended to draw solutions to future problems from past cybersecurity crises, rather than casting blame where shortcomings are identified.

A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, Reuters reported Thursday, citing five people familiar with the matter. From the report: QuaDream, the sources said, is a smaller and lower profile Israeli firm that also develops smartphone hacking tools intended for government clients. The two rival businesses gained the same ability last year to remotely break into iPhones, according to the five sources, meaning that both firms could compromise Apple phones without an owner needing to open a malicious link. That two firms employed the same sophisticated hacking technique -- known as a "zero-click" -- shows that phones are more vulnerable to powerful digital spying tools than the industry will admit, one expert said. "People want to believe they're secure, and phone companies want you to believe they're secure. What we've learned is, they're not," said Dave Aitel, a partner at Cordyceps Systems, a cybersecurity firm. Experts analyzing intrusions engineered by NSO Group and QuaDream since last year believe the two companies used very similar software exploits, known as ForcedEntry, to hijack iPhones.

The administrators of the Node Package Manager (npm), the largest package repository of the JavaScript ecosystem, said they enrolled the maintainers of the top 100 most popular libraries (based on the number of dependencies) into their mandatory two-factor authentication (2FA) procedure. From a report: npm, which is owned by GitHub, enforced this new security requirement starting yesterday, February 1, 2022. "Maintainers who do not currently have 2FA enabled will have their web sessions revoked and will need to set up 2FA before they can take specific actions with their accounts, such as changing their email address or adding new maintainers to projects," the GitHub security team said in a blog post. The move represents the second phase of a major push from the npm team to secure developer accounts, which have been getting hijacked in recent years and used to push malware inside legitimate JavaScript libraries. In many cases, the accounts are hacked because project maintainers use simple-to-guess passwords or reused passwords that were previously leaked via breaches at other companies. The first phase of this process took place between December 7, 2021, and January 4, 2022, when the npm team rolled out a new feature called "enhanced login verification" for all npm package maintainers.

Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands. From a report For the past two weeks, observers of North Korea's strange and tightly restricted corner of the internet began to notice that the country seemed to be dealing with some serious connectivity problems. On several different days, practically all of its websites -- the notoriously isolated nation only has a few dozen -- intermittently dropped offline en masse, from the booking site for its Air Koryo airline to Naenara, a page that serves as the official portal for dictator Kim Jong-un's government. At least one of the central routers that allow access to the country's networks appeared at one point to be paralyzed, crippling the Hermit Kingdom's digital connections to the outside world.

Some North Korea watchers pointed out that the country had just carried out a series of missile tests, implying that a foreign government's hackers might have launched a cyberattack against the rogue state to tell it to stop saber-rattling. But responsibility for North Korea's ongoing internet outages doesn't lie with US Cyber Command or any other state-sponsored hacking agency. In fact, it was the work of one American man in a T-shirt, pajama pants, and slippers, sitting in his living room night after night, watching Alien movies and eating spicy corn snacks -- and periodically walking over to his home office to check on the progress of the programs he was running to disrupt the internet of an entire country.

Just over a year ago, an independent hacker who goes by the handle P4x was himself hacked by North Korean spies. P4x was just one victim of a hacking campaign that targeted Western security researchers with the apparent aim of stealing their hacking tools and details about software vulnerabilities. He says he managed to prevent those hackers from swiping anything of value from him. But he nonetheless felt deeply unnerved by state-sponsored hackers targeting him personally -- and by the lack of any visible response from the US government. So after a year of letting his resentment simmer, P4x has taken matters into his own hands.

t0qer writes: So, I recently got an email that my [free edition G Suite subscription] will be going away soon (July 2022) and I'll have to subscribe for $6 per user per month. My domain is just my family last name and I have a few accounts for my immediate wife and kids. I'm not really sure if that's worth spending the money on for hosted email. I do use other parts of the suite (Drive, Sheets, and Docs) but I can happily use other products for that.

Just wondering if any /.'ers are in the same boat and what they're thinking of moving to? As a recap, Google announced in mid-January that all "G Suite Legacy Free Edition" (now formally called Google Workspace) users will be required to start paying for Workspace this year. This decision generated a ton of backlash, even prompting a potential class-action lawsuit. Now, the company appears to be backing down from most of the harsher terms of the initial announcement by allowing legacy G Suite users the ability to migrate to free accounts. They're also "promising a data-migration option (including your content purchases) to a consumer account before the shutdown hits," reports Ars Technica.

Still, it may be time to switch to a different service... Some alternatives include Office 365 Business, Zoho Workplace, Bitrix24, and Rackspace. Do you have a favorite?