In 2015 the San Francisco Arts Commission surveyed nearly 600 local artists. "More than 70% of them had either already left San Francisco or were about to be displaced from their work, home or both," reports SFGate.com, adding "The pandemic has only intensified these problems. A report by Americans for the Arts found that 53% of artists have no savings whatsoever as a result of the pandemic."

Would it help to give over 100 artists their own Universal Basic Income? In an effort to mitigate what appears to be an existential threat to the arts, in March 2021, the city of San Francisco partnered with the Yerba Buena Center for the Arts [YBCA] to launch a guaranteed income pilot, called the SF Guaranteed Income Pilot for Artists, or SF-GIPA, that gives 130 local low-income artists who have been severely impacted by the COVID-19 pandemic $1,000 a month, no strings attached, for 18 months.... At the time, YBCA was planning to launch its own guaranteed income project for artists, and this allowed it to combine forces and take both projects further. The first six months of funding for the SF-GIPA project came from the Arts Impact Endowment, which is funded by San Francisco's hotel tax and designated for underserved communities. YBCA extended the project by an additional 12 months with private funding from the Start Small Foundation, a philanthropic initiative by former Twitter CEO Jack Dorsey....

Though the additional income from SF-GIPA is a welcome relief, as the project moves past its halfway point, the question remains: Will 18 months be enough time to truly make a difference in these artists' lives? YBCA is currently scrambling to find a way to continue supporting guaranteed income recipients after the project's scheduled end in October 2023.... "It's just so sad; people come to San Francisco because of the art and culture, but the art and culture makers can't afford to live here," says Stephanie Imah, who is leading YBCA's pilot. "This is very much a rental problem. It's really hard for artists living in San Francisco unless they work in tech. It's clear we need long-term solutions." For YBCA, that means advocating for big policy changes down the line.

"Our eyes are on the federal government," YBCA CEO Deborah Cullinan explains in an interview with Berkeley's Aurora Theatre. "We'd like to see guaranteed income programs across the country for all people." For now, the organization is focused on collecting "university standard research" in order to make an irrefutable case for universal basic income as a viable long-term solution to poverty.

"Microsoft's first Patch Tuesday for 2022 was a rocky start to the year, giving admins and users numerous headaches to deal with..." reports ZDNet. "The Windows Update on January 11 was intended to address 96 security flaws but also brought a load of pain for users and admins."

"One of the major issues that came up during the week for IT admins included finding that Windows Server 2012 became stuck in a boot loop," adds the Verge, "while other versions suffered broken Windows VPN clients, and some hard drives appeared as RAW format (and unusable). Many IT Admins were forced to roll back the updates — leaving many servers vulnerable with none of last week's security patches."

And now for some versions of Windows, this week Microsoft "released emergency out-of-band updates to address multiple issues..." reports BleepingComputer: "This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failure," the company said.... According to admin reports, Windows domain controllers were being plagued by spontaneous reboots, Hyper-V was no longer starting on Windows servers, and Windows Resilient File System (ReFS) volumes were no longer accessible after deploying the January 2022 updates. Windows 10 users and administrators also reported problems with L2TP VPN connections after installing the recent Windows 10 and Windows 11 cumulative updates and seeing "Can't connect to VPN." errors....

[S]ince Microsoft also bundles all the security updates with these Windows cumulative updates, removing them will also remove all fixes for vulnerabilities patched during the January 2022 Patch Tuesday.
While all the updates are available for download on the Microsoft Update Catalog, some of them can also be installed directly through Windows Update, notes Bleeping Computer. But "You will have to manually check for updates if you want to install the emergency fixes through Windows Update because they are optional updates and will not install automatically."

ZDNet adds: As Ask Woody's influential IT admin blogger Susan Bradley recently argued in 2020, Microsoft's decision to roll up patches in a big bundle on the second Tuesday of every month requires admins to place a great deal of trust in the company. That trust is eroded if applying the updates results in a lag on productivity from buggy patches.
Thanks to long-time Slashdot reader waspleg for sharing the story.

An anonymous reader quotes a report from Ars Technica: Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on "quite a few" sites running the open source content management system. The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress.com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected.

In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean. "Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites," Ben Martin, a researcher with Web security firm Sucuri, wrote in a separate analysis of the backdoor.

The Jetpack post said evidence indicates that the supply chain attack on AccessPress Themes was performed in September. Martin, however, said evidence suggests the backdoor itself is much older than that. Some of the infected websites had spam payloads dating back nearly three years. He said his best guess is that the people behind the backdoor were selling access to infected sites to people pushing web spam and malware. He wrote, "[...] it seems that the malware that we've found associated with this backdoor is more of the same: spam, and redirects to malware and scam sites." The Jetpack post provides full names and versions of the infected AccessPress software. Anyone running a WordPress site with this company's offerings should carefully inspect their systems to ensure they're not running a backdoored instance. Site owners may also want to consider installing a website firewall, many of which would have prevented the backdoor from working.

Twitter shook up the top ranks of its security team this week with the termination of the head of security and the exit of the chief information security officer, the company told employees on Wednesday, as its new chief executive reorganizes the social media service. From a report: Peiter Zatko, the head of security who is better known within the security community as "Mudge," is no longer at the company, Twitter confirmed. Rinki Sethi, the chief information security officer, will depart in the coming weeks. The changes follow "an assessment of how the organization was being led and the impact on top priority work," according to a memo from Parag Agrawal, Twitter's chief executive, that was sent to employees on Wednesday and obtained by The New York Times. Mr. Agrawal said the "nature of this situation" limited what he was allowed to share with employees.

Mr. Agrawal, who was appointed Twitter's chief executive in November, has shuffled the company's executives since taking over from Jack Dorsey, a founder. In December, Mr. Agrawal reorganized the leadership team and dismissed Dantley Davis, the chief design officer, and Michael Montano, the head of engineering. Mr. Zatko and Ms. Sethi joined Twitter in late 2020. He is a well-known hacker and has had a long career in government and private industry. Before taking on his role at Twitter, he held roles at DARPA, Google and Stripe. He began his cybersecurity career in the 1990s, when he was a member of the hacking group Cult of the Dead Cow. He was recruited to Twitter after teenagers compromised the company's systems in July 2020 and took over the accounts of prominent users.

A cyberattack targeting a contractor working for the International Committee of the Red Cross has spilled confidential data on more than 515,000 "highly vulnerable" people, many of whom have been separated from their families due to conflict, migration and disaster. From a report: The Red Cross did not name the contractor, based in Switzerland, which it uses to store data nor say what led to the security incident, but said that the data comes from at least 60 Red Cross and Red Crescent national societies. In a statement, the international organization pleaded with the attackers not to publicly share or leak the information given the sensitivity of the data.

The Red Cross has disclosed that it was the victim of a cyber attack and has asked the hackers who broke into the IT network of one of its contractors not to leak the personal information of more than 515,000 of "highly vulnerable people." The Record reports: The data was stolen from a Red Cross program called Restoring Family Links, which aims to reunite family members separated by conflict, disaster, or migration. "While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," said Robert Mardini, director-general for the International Committee of the Red Cross. "Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data," Mardini said.

"The people affected include missing people and their families, unaccompanied or separated children, detainees and other people receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters or migration," the organization said in an email.

An anonymous reader quotes a report from The Verge: The CEO of cryptocurrency exchange Crypto.com, Kris Marszalek, has finally confirmed that hundreds of user accounts were indeed compromised by hackers and had funds stolen as a result, though details of the exact method of breach remain unclear. Marszalek acknowledged the hack in an online interview with Bloomberg Wednesday, stating that around 400 customer accounts had been compromised. He also told Bloomberg that he had not received any outreach from regulators since the attack was first disclosed but would share information if official inquiries were made.

Previous statements from Marszalek and other communications from Crypto.com have been criticized for being vague and unclear. Official messaging from the company referred to a security "incident," and an early Twitter post mentioned only that a small number of users were "reporting suspicious activity on their accounts." Marszalek followed up by tweeting that "no customer funds were lost" -- a statement some commentators interpreted as meaning that the exchange would take the financial hit rather than passing it on to customers. Shortly afterward, security company PeckShield posted a tweet claiming that, in reality, Crypto.com's losses amounted to around $15 million in ETH and were being sent to Tornado Cash to be "washed."

OpenSubtitles, one of the largest repositories of subtitle files on the internet, has been hacked. TorrentFreak reports: Founded in 2006, the site was reportedly hacked in August 2021 with the attacker obtaining the personal data of nearly seven million subscribers including email and IP addresses, usernames and passwords. The site alerted users yesterday after the hacker leaked the database online.

"In August 2021 we received message on Telegram from a hacker, who showed us proof that he could gain access to the user table of opensubtitles.org, and downloaded a SQL dump from it. He asked for a BTC ransom to not disclose this to public and promise to delete the data," the post reads. "We hardly agreed, because it was not low amount of money. He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data."

Indeed, searches on data breach site Have I Been Pwned reveals that the database is now in the wild, containing all of the data mentioned by OpenSubtitles and more. [...] OpenSubtitles describes the hack as a "hard lesson" and admits failings in its security. The platform has spent time and money securing the site and is requiring members to reset their passwords. However, for those who have had their data breached, it may already be too late to prevent damage. The hacker has already had access to data for several months and now the breach is in the wild, problems could certainly escalate.

President Biden on Wednesday expanded the National Security Agency's role in protecting the U.S. government's most sensitive computer networks, issuing a directive intended to bolster cybersecurity within the Defense Department and intelligence agencies. From a report: The memorandum signed by Mr. Biden mandates baseline cybersecurity practices and standards, such as two-factor authentication and use of encryption, for so-called national security systems, which include the Defense Department and intelligence agencies and the federal contractors that support them. It effectively aligns the cybersecurity standards imposed on national security agencies with those previously established for civilian agencies under an executive order Mr. Biden signed last May. Affected agencies will soon be expected to implement various cybersecurity protocols, including use of certain cloud technologies and software that can detect security problems on a network. Cybersecurity failures have plagued the U.S. government for decades, including thefts of detailed personnel records and military secrets that have been blamed on Russia, China and other adversaries. While national security agencies are generally seen as more secure than their civilian counterparts, they have endured significant breaches, too.

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. From a report: The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device. McLean, Va.-based ID.me was originally launched in 2010 with the goal of helping e-commerce sites validate the identities of customers who might be eligible for discounts at various retail establishments, such as veterans, teachers, students, nurses and first responders.

These days, ID.me is perhaps better known as the online identity verification service that many states now use to help staunch the loss of billions of dollars in unemployment insurance and pandemic assistance stolen each year by identity thieves. The privately-held company says it has approximately 64 million users, and gains roughly 145,000 new users each day. Some 27 states already use ID.me to screen for identity thieves applying for benefits in someone else's name, and now the IRS is about to join them. The service requires applicants to supply a great deal more information than typically requested for online verification schemes, such as scans of their driver's license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service.

The Biden administration is reviewing e-commerce giant Alibaba's cloud business to determine whether it poses a risk to U.S. national security, Reuters reported Tuesday, citing three people briefed on the matter, as the government ramps up scrutiny of Chinese technology companies' dealings with U.S. firms. From a report: The focus of the probe is on how the company stores U.S. clients' data, including personal information and intellectual property, and whether the Chinese government could gain access to it, the people said. The potential for Beijing to disrupt access by U.S. users to their information stored on Alibaba cloud is also a concern, one of the people said. U.S. regulators could ultimately choose to force the company to take measures to reduce the risks posed by the cloud business or prohibit Americans at home and abroad from using the service altogether. Former President Donald Trump's Commerce Department was concerned about Alibaba's cloud business, but the Biden administration launched the formal review after he took office in January, according to one of the three people and a former Trump administration official. Alibaba's U.S. cloud business is small, with annual revenue of less than an estimated $50 million, according to research firm Gartner Inc. But if regulators ultimately decide to block transactions between American firms and Alibaba Cloud, it would damage the bottom line one of the company's most promisingbusinesses and deal a blow to reputation of the company as a whole.

The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks. BleepingComputer reports: A Crowdstrike report looking into the attack data from 2021 summarizes the following:

- In 2021, there was a 35% rise in malware targeting Linux systems compared to 2020.
- XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all Linux-targeting malware attacks observed in 2021.
- Mozi, in particular, had explosive growth in its activity, with ten times more samples circulating in the wild the year that passed compared to the previous one.
- XorDDoS also had a notable year-over-year increase of 123%.
[...]
The Crowstrike findings aren't surprising as they confirm an ongoing trend that emerged in previous years. For example, an Intezer report analyzing 2020 stats found that Linux malware families increased by 40% in 2020 compared to the previous year. In the first six months of 2020, a steep rise of 500% in Golang malware was recorded, showing that malware authors were looking for ways to make their code run on multiple platforms. This programming, and by extension, targeting trend, has already been confirmed in early 2022 cases and is likely to continue unabated.

The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. From the report: One key objective: mobilizing public opinion against Facebook's decision to encrypt its Messenger app. The Home Office has hired the M&C Saatchi advertising agency -- a spin-off of Saatchi and Saatchi, which made the "Labour Isn't Working" election posters, among the most famous in UK political history -- to plan the campaign, using public funds. According to documents reviewed by Rolling Stone, one the activities considered as part of the publicity offensive is a striking stunt -- placing an adult and child (both actors) in a glass box, with the adult looking "knowingly" at the child as the glass fades to black. Multiple sources confirmed the campaign was due to start this month, with privacy groups already planning a counter-campaign.

New submitter bolind writes: A data center migration from eNom web hosting provider caused unexpected domain resolution problems that are expected to last for a few hours. Customers started to complain that they could no longer access their websites and emails due to Domain Name System (DNS) issues. My google apps gmail is not getting email, turns out DNS is not working because @enom is doing "a datacenter move" that ran into problems. What medieval times are these when a datacenter move brings down DNS for organizations? Advance warning would have been nice @enomsupport.

A serious Safari bug disclosed in this blog post from FingerprintJS can disclose information about your recent browsing history and even some info of the logged-in Google account. From a report: A bug in Safari's IndexedDB implementation on Mac and iOS means that a website can see the names of databases for any domain, not just its own. The database names can then be used to extract identifying information from a lookup table. For instance, Google services store an IndexedDB instance for each of your logged in accounts, with the name of the database corresponding to your Google User ID. Using the exploit described in the blog post, a nefarious site could scrape your Google User ID and then use that ID to find out other personal information about you, as the ID is used to make API requests to Google services. In the proof-of-concept demo, the user's profile picture is revealed. FingerprintJS says they reported the bug to Apple on November 28, but it has not yet been resolved.

"The San Diego County Sheriff's Department last week encrypted its radio communications, blocking the public from listening to information about public safety matters in real time," reports the San Diego Union Tribune: The department is the latest law enforcement agency in the county and state to cut off access to radio communications in response to a California Department of Justice mandate that required agencies to protect certain personal information that law enforcement personnel obtain from state databases. Such information — names, drivers license numbers, dates of birth and other information from the California Law Enforcement Telecommunications System, or CLETS — sometimes is broadcast over police radios.

The October 2020 mandate gave agencies two options: to limit the transmission of database-obtained personal information on public channels or to encrypt their radio traffic. Police reform advocates say the switch to encrypted channels is problematic. The radio silence, they say, will force members of the public, including the news media, to rely on law enforcement agencies' discretion in releasing information about public safety matters....

A sheriff's spokesperson has said the department is exploring ways to disseminate information about incidents as they unfold. One idea is an online page that would show information about calls to which deputies respond.

"Microsoft warned on Saturday evening that it had detected a highly destructive form of malware in dozens of government and private computer networks in Ukraine," reports the New York Times, "that appeared to be waiting to be triggered by an unknown actor...."

The Times reports that the malware "bears some resemblance" to NotPetya, the widespreading 2017 malware which "American intelligence officials later traced to Russian actors."

The discovery comes in the midst of what the Times earlier called "the security crisis Russia has ignited in Eastern Europe by surrounding Ukraine on three sides with 100,000 troops and then, by the White House's accounting, sending in saboteurs to create a pretext for invasion."

Long-time Slashdot reader 14erCleaner shares the Times' latest report: In a blog post, [Microsoft] said that on Thursday — around the same time government agencies in Ukraine found that their websites had been defaced — investigators who watch over Microsoft's global networks detected the code. "These systems span multiple government, nonprofit and information technology organizations, all based in Ukraine," Microsoft said.... The code appears to have been deployed around the time that Russian diplomats, after three days of meetings with the United States and NATO over the massing of Russian troops at the Ukrainian border, declared that the talks had essentially hit a dead end....

Microsoft said that it could not yet identify the group behind the intrusion, but that it did not appear to be an attacker that its investigators had seen before. The code, as described by the company's investigators, is meant to look like ransomware — it freezes up all computer functions and data, and demands a payment in return. But there is no infrastructure to accept money, leading investigators to conclude that the goal is to inflict maximum damage, not raise cash.

It is possible that the destructive software has not spread too widely and that Microsoft's disclosure will make it harder for the attack to metastasize. But it is also possible that the attackers will now launch the malware and try to destroy as many computers and networks as possible.... Warnings like the one from Microsoft can help abort an attack before it happens, if computer users look to root out the malware before it is activated. But it can also be risky. Exposure changes the calculus for the perpetrator, who, once discovered, may have nothing to lose in launching the attack, to see what destruction it wreaks.

So far there is no evidence that the destructive malware has been unleashed by the hackers who placed it in the Ukrainian systems....

The new attack would wipe hard drives clean and destroy files. Some defense experts have said such an attack could be a prelude to a ground invasion by Russia. Others think it could substitute for an invasion, if the attackers believed a cyberstrike would not prompt the kind of financial and technological sanctions that [U.S. President] Biden has vowed to impose in response.
Ukraine's Ministry of Digital Development issued a statement that "All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces." While the Associated Press reported the statement, the Times notes that the ministry provided no evidence, "and early attribution of attacks is frequently wrong or incomplete."

But the Times also cites U.S. national security adviser Jake Sullivan as saying "If it turns out that Russia is pummeling Ukraine with cyberattacks, and if that continues over the period ahead, we will work with our allies on the appropriate response."

"A California judge ruled this week that the confidentiality agreements Google requires its employees to sign are too broad and break the state's labor laws," reports the Washington Post, calling it "a decision that could make it easier for workers at famously secret Big Tech firms to speak openly about their companies." A Google employee identified as John Doe argued that the broad nondisclosure agreement the company asked him to sign barred him from speaking about his job to other potential employers, amounting to a non-compete clause, which are illegal in California. In a Thursday ruling in California Superior Court, a judge agreed with the employee, while declining to make a judgment on other allegations that Google's agreements blocked whistleblowing and sharing information about wages with other workers.

The ruling marks the latest victory for labor advocates who have sought to force Big Tech companies to relax the stringent confidentiality policies that compel employees to stay quiet about every aspect of their jobs, even after they quit....

The decision isn't final and could still be appealed by Google.... If Google doesn't appeal, or loses the appeal, it could have a real impact on how much power companies hold over employees, said Ramsey Hanafi, a partner with QH Law in San Francisco. "It would mean most of these Big Tech companies would have to rewrite their agreements," Hanafi said. "They all have this broad language that employees can't say anything about anything about their old companies...."

In its opinion, the California Courts of Appeal affirmed the importance of the state's labor laws that go further than federal laws in protecting employees' rights to free speech. Those laws give workers in California the right to "speak as they choose about their work lives," the court wrote. "In sum, these statutes establish as a minimum employment standard an employee anti-gag rule...."
The lawsuit was originally filed in 2016, the article points out, and has been responsible for exposing several internal Google documents (including one detailing a program where employees can report suspected leakers of Google information).

CityDAO -- the group that bought 40 acres of Wyoming in hopes of "building a city on the Ethereum blockchain" -- announced this week that its Discord server was hacked and members' funds were successfully stolen as a result. From a report: "EMERGENCY NOTICE. A CityDAO Discord admin account has been hacked. THERE IS NO LAND DROP. DO NOT CONNECT YOUR WALLET," the project's Twitter account declared. CityDAO is a "decentralized autonomous organization" that hopes to collectively govern a blockchain city, offering citizenship and governance tokens in exchange for the purchase of a "land NFT" bestowing ownership rights to a plot of land. Like many other cryptocurrency, NFT, and DAO projects, CityDAO's community lives on Discord, a popular service chiefly designed for gamers but which has become an indispensable part of the crypto ecosystem. On Discord, CityDAO issues announcements, updates, answers questions, hosts a community, and issues alerts for "land drops," or opportunities to buy NFTs that represent parcels of land.

The attack worked by compromising the Discord account of a moderator, a core-team member and early investor who goes by Lyons800. They detailed the angle of attack in a Twitter thread the following day. First, the attacker posted a doctored screenshot showing a conversation with Lyons800 in another Discord server, claiming that he was scamming people there. Lyons800 offered to prove it wasn't him and got on a voice call with the scammer, who convinced the moderator to let them inspect their console. From there, the scammer obtained Lyons800's Discord authentication token that let them hijack the account. In a tweet, Lyons800 described this as "a ridiculous security breach from Discord." From here, the scammer launched a webhook attack to exploit CityDAO and BaconDAO -- a group that describes itself as an "investors guild" that educates its members -- where Lyons800 is a co-founder. Webhooks are best thought of as tools that connect Discord servers to other websites, and are often used to send automated messages and updates.

Intel removed the security feature SGX from processors of the 11th and newer generations. Problem is, the feature is one of the requirements to play Ultra HD Blu-Ray discs on computer systems. From a report: The Ultra HD Blu-Ray format, often referred to as 4K Ultra HD or 4K Blu-Ray, supports 4K UHD playback with a pixel resolution of 3840x2160. One of the requirements for playback of Ultra HD Blu-Ray discs on PCs is that SGX is supported by the installed processor and by the motherboard firmware. The Blu-Ray Disc Association defined DRM requirements for Ultra HD Blu-Ray disc playback. Besides SGX, playback is protected by HDCP 2.2 and AACS 2.0, with some discs using AACS 2.1. Intel Software Guard Extensions (SGX) "allow user-level as well as operating system code to define private regions of memory, called enclaves, whose contents are protected and unable to be either read or saved by any process outside the enclave itself, including processes running at higher privilege levels" according to Wikipedia.