The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminals group is targeting the US defense industry with packages containing malicious USB devices. BleepingComputer reports: The attackers are mailing packages containing 'BadUSB' or 'Bad Beetle USB' devices with the LilyGO logo, commonly available for sale on the Internet. The packages have been mailed via the United States Postal Service (USPS) and United Parcel Service (UPS) to businesses in the transportation and insurance industries since August 2021 and defense firms starting with November 2021. FIN7 operators impersonate Amazon and the US Department of Health & Human Services (HHS) to trick the targets into opening the packages and connecting the USB drives to their systems. Since August, reports received by the FBI say that these malicious packages also contain letters about COVID-19 guidelines or counterfeit gift cards and forged thank you notes, depending on the impersonated entity.

After the targets plug the USB drive into their computers, it automatically registers as a Human Interface Device (HID) Keyboard (allowing it to operate even with removable storage devices toggled off). It then starts injecting keystrokes to install malware payloads on the compromised systems. FIN7's end goal in these attacks is to access the victims' networks and deploy ransomware within a compromised network using various tools, including Metasploit, Cobalt Strike, Carbanak malware, the Griffon backdoor, and PowerShell scripts. [...] Companies can defend against such attacks by allowing their employees to connect only USB devices based on their hardware ID or if they're vetted by their security team.

One compromised admin account led to two projects being scammed in a day. From a report: On Tuesday, December 21st, two NFT projects fell victim to the same attack. Like many projects in the crypto world, the NFT collection Monkey Kingdom and in-game asset marketplace Fractal both engaged heavily with their communities through Discord chat servers. Both projects were about to distribute rewards to their community members: Monkey Kingdom through an NFT presale on the day of the 21st and Fractal through a token airdrop -- essentially a free distribution to early supporters -- a few days later. Then, disaster struck. Posts appeared in the official "announcements" channel of each project claiming that a surprise mint would reward community members with a limited edition NFT. Hundreds jumped at the chance -- but for those who followed the links and connected their crypto wallets, a costly surprise was waiting. Rather than receiving an NFT, wallets were being drained of the Solana cryptocurrency, which both projects used for purchases.

In the space of an hour, a Twitter post, first from Monkey Kingdom and then from Fractal, informed followers that their Discord servers had been hacked; news of the NFT mints was bogus, the links a phishing fraud. In the case of Fractal, the scammers got away with about $150,000 worth of cryptocurrency. For Monkey Kingdom, the estimated total was reported to be $1.3 million. Neither attack targeted the blockchain or the tokens themselves. Instead, the thieves exploited weaknesses in the infrastructure used to sell the tokens -- specifically, the Discord chatrooms where NFT fans gather. It's a reminder of a persistent weakness in the growing NFT economy, where surprise drops have primed buyers to move fast or risk missing out. But the same techniques that hype up a sale can also open the door to hackers -- and in this case, a single compromise can end up spreading to more than one community at once. In this case, the NFTs thieves had targeted a feature known as a webhook. Webhooks are used by many web applications (Discord included) to listen for a message sent to a particular URL and trigger an event in response, like posting content to a certain channel. By gaining access to webhooks belonging to the Fractal and Monkey Kingdom Discord servers, the hackers were able to send messages that were broadcast to all members of certain channels: a feature meant to be used only for official communications from the project teams. This was where the fake "announcement" had come from and why it had pointed to a scam address. In hindsight, the content should have raised some red flags -- but given the distribution method, it looked just legitimate enough that many were fooled.

Honda and Acura owners around the world are reporting that their clocks and calendars are getting stuck at a certain time in the year 2002. "The spread is impressive, impacting Honda and Acura models as old as 2004 and as new as 2012," reports Jalopnik. "There is no fix for the current issue. Honda says it's investigating and if it does not find a fix, the clocks should correct themselves sometime in August." From the report: As a number of Honda and Acura owners have noted on these forums, their clocks read correctly until what appeared to have been the first time update of 2022. Then, their navigation systems turned into time machines, leaving them behind as they went back to 2002. I asked Honda about the cause of the issue and received this back: "American Honda is aware of a potential concern related to the clock display on certain older Acura and Honda models equipped with navigation systems. We are currently investigating this issue to determine possible countermeasures and have no additional details to share at this time." Owners have also reached out and received different responses.

If you have experience coding or troubleshooting software, the possible cause of this time warp probably popped into your head early on. Drive Accord forum user Jacalar went into the navigation system's diagnostic menu on Sunday and discovered that the GPS date was set to May 19, 2002, or exactly 1024 weeks in the past. Global Positioning Systems measure time from an epoch, or a specific starting point used to calculate time. The date is broadcasted including a number representing the week, coded in 10 binary digits. These digits count from 0 to 1023 then roll over on week 1024. GPS weeks first started on January 6, 1980 before first zeroing out on midnight August 21, 1999. It happened again April 6, 2019. The next happens in 2038.

If software isn't coded to account for the rollover, weird stuff can happen, like a calendar going back exactly 1024 weeks. It's impossible to know for sure without being able to look at Honda's programming, but these navigation systems might be programmed so that the start of their week counter is a date 19.6 years in the past, but not in-line with GPS epoch. Owners should be able to turn off the automatic update function and set the date and time manually, but they're finding that the functionality doesn't work right now. Likewise, the clock resets back to the incorrect time every time the car is started.

An anonymous reader quotes a report from BleepingComputer: Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group's rediCASE case management software, both from Australia. Among FlexBooker's customers are owners of any business that needs to schedule appointments, which is everything from accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on.

Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver's licenses, and other IDs. According to Uawrongteam, the database contains a table with 10 million lines of customer information that ranges from payment forms and charges to driver's license photos. The actor notes that some "juicy columns" in the database are names, emails, phone numbers, password salt, and hashed passwords. FlexBooker has sent a data breach notification to customers, confirming the attack and that the intruders "accessed and downloaded" data on the service's Amazon cloud storage system. "On December 23, 2021, starting at 4:05 PM EST our account on Amazon's AWS servers was compromised," reads the notification, adding that the intruders did not access "any credit card or other payment card information."

The CharaChorder is a new kind of typing peripheral that promises to let people type at superhuman speeds. From a report: It's so fast that the website Monkeytype, which lets users participate in typing challenges and maintains its own leaderboard, automatically flagged CharaChorder's CEO as a cheater when he attempted to post his 500 WPM score on the its leaderboards. It's a strange looking device, the kind of thing Keanu Reeves would interface with in Johnny Mnemonic. Your palms rest on two black divots out of which rise nine different finger sized joysticks. These 18 sticks move in every direction and, its website claims, can hit every button you need on a regular keyboard. "CharaChorder switches detect motion in 3 dimensions so users have access to over 300 unique inputs without their fingers breaking contact with the device," it said. Users input words and commands by clicking the switches in different directions. CharaCorder claims that, once a user learns how to type with the machine, they can achieve speeds impossible on a QWERTY keyboard. Most people type around 40 words per minute (WPM) with skilled typists hitting upwards of 100 WPM. Competition typers can break into the 200 WPM. Riley Keen, CharaChorder's CEO, is posting TikToks where he's hitting speeds above 500 WPM.

In November 2020, Microsoft took the wraps off its Pluton security chip, with the goal of bringing it to all Windows 10 PCs. It wasn't until this week, that any of Microsoft's OEMs announced their first Pluton-powered PCs. From a report: At CES, Lenovo unveiled its Ryzen-6000-based ThinkPad Z series laptops running Windows 11, which will integrate the Microsoft Pluton processor. The coming ThinkPad Z series laptops will begin shipping in May 2022. Thanks to Pluton, these devices will be able to receive updated firmware using Windows Update. In the ThinkPad Z13 and Z16, Pluton will help protect Windows Hello credentials, according to Microsoft, by further isolating them from attackers. These new ThinkPads will use Pluton as their TPMs to protect encryption keys from physical attacks, Microsoft officials said. Microsoft pioneered Pluton first in Azure Sphere, its Linux-based microcontroller, and in Xbox. In a January 4 blog post, Microsoft officials noted that Pluton can be configured in three ways: As the Trusted Platform Module (TPM); as a security processor for non-TPM scenarios like platform resiliency; or inside a device where OEMs have opted to ship with the chip turned off.

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely-used Log4j Java logging library, could face legal repercussions, the Federal Trade Commission (FTC) has warned. From a report: In an alert this week, the consumer protection agency warned that the "serious" flaw, first discovered in December, is being exploited by a growing number of attackers and poses a "severe risk" to millions of consumer products. The public letter urges organizations to mitigate the vulnerability in order to reduce the likelihood of harm to consumers and to avoid potential legal action.

"When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss and other irreversible harms," the agency said. "The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action."

An anonymous reader quotes a report from Bloomberg: A record 4.5 million Americans quit their jobs in November while openings remained elevated, highlighting persistent churn in the labor market. The increase in departures was broad across industries and pushed the quits rate up to 3%, matching the most in data back to 2000. Meanwhile, the number of available positions fell to 10.6 million from an upwardly revised 11.1 million in October, the Labor Department's Job Openings and Labor Turnover Survey, or JOLTS, showed Tuesday.

The median forecast in a Bloomberg survey of economists called for a rise to 11.1 million job openings. While the drop was the largest since April 2020, vacancies remain well above pre-pandemic levels. The unprecedented level of quits -- including a record 1 million in leisure and hospitality alone -- suggests a lingering struggle for employers to retain talent. Meanwhile, the month's increase in hiring showed companies were able to make at least some headway filling vacancies. The data come ahead of Friday's monthly employment report from the Labor Department, which is currently forecast to show that the U.S. added 420,000 jobs in December. [...] Total hires were little changed in November at 6.7 million. Layoffs and discharges were also steady.

Security researcher Trevor Spiniolas has discovered a vulnerability "capable of locking iOS devices into a spiral of freezing, crashing, and rebooting if a user connects to a sabotaged Apple Home device," reports The Verge. From the report: The vulnerability [...] can be exploited through Apple's HomeKit API, the software interface that allows an iOS app to control compatible smart home devices. If an attacker creates a HomeKit device with an extremely long name -- around 500,000 characters -- then an iOS device that connects to it will become unresponsive once it reads the device name and enter a cycle of freezing and rebooting that can only be ended by wiping and restoring the iOS device. What's more, since HomeKit device names are backed up to iCloud, signing in to the same iCloud account with a restored device will trigger the crash again, with the cycle continuing until the device owner switches off the option to sync Home devices from iCloud.

Though it's possible that an attacker could compromise a user's existing HomeKit-enabled device, the most likely way the exploit would be triggered is if the attacker created a spoof Home network and tricked a user into joining via a phishing email. To guard against the attack, the main precaution for iOS users is to instantly reject any invitations to join an unfamiliar Home network. Additionally, iOS users who currently use smart home devices can protect themselves by entering the Control Center and disabling the setting "Show Home Controls." (This won't prevent Home devices from being used but limits which information is accessible through the Control Center.)

A YouTuber who goes by the name of Buildzoid on the Actually Hardcore Overlocking channel has figured out that a backward capacitor on the Asus ROG Maximus Z690 Hero motherboard is causing it to melt down, according to a report by Tom's Hardware. From a report: Asus has since acknowledged the issue in a post on its site and plans on issuing replacements to customers with affected motherboards. Problems with the Z690 Hero motherboard started turning up on the Asus support forum, as well as on Reddit, and the issues experienced by users are pretty much identical. As noted by Tom's Hardware, users reported that their motherboards started smoking in the same spot: the two MOSFETs (metal-oxide-semiconductor field-effect transistor) next to the DIMM slots and the Q-code reader. In a video on his channel, Buildzoid diagnoses the issue using only the pictures posted to support forums and on Reddit, attributing the Z690 Hero's failure to the backward capacitor installed next to the MOSFETs, not the MOSFETs themselves. Buildzoid looks closely at the images of the motherboard, pointing out that the text on the capacitor is actually upside down, a potential sign that it's installed incorrectly. As Tom's Hardware mentions, a reversed capacitor results in reversed polarity, causing the MOSFETs to malfunction and burn up.

In the days before Christmas, U.S. officials in Boston unveiled insider trading charges against a Russian tech tycoon they had been pursuing for months. They accused Vladislav Klyushin, who'd been extradited from Switzerland on Dec. 18, of illegally making tens of millions of dollars trading on hacked corporate-earnings information. From a report: Yet as authorities laid out their securities fraud case, a striking portrait of the detainee emerged: Klyushin was not only an accused insider trader, but a Kremlin insider. He ran an information technology company that works with the Russian government's top echelons. Just 18 months earlier, Klyushin received a medal of honor from Russian President Vladimir Putin. The U.S. had, in its custody, the highest-level Kremlin insider handed to U.S. law enforcement in recent memory. Klyushin's cybersecurity work and Kremlin ties could make him a useful source of information for U.S. officials, according to several people familiar with Russian intelligence matters. Most critically, these people said, if he chooses to cooperate, he could provide Americans with their closest view yet of 2016 election manipulation.

Morgan Stanley agreed to pay $60 million to settle a class action suit by consumers claiming the firm failed to safeguard their personal information. From a report: The agreement, if approved by a federal judge in Manhattan, would resolve claims over two security breaches that compromised personal information of 15 million current and former clients, according to a group of them that sued in July 2020. The customers claimed the information was stored in data centers that were shut down and on computer servers in branch locations that were replaced. Data stored on the decommissioned data center equipment, including customers' Social Security numbers and birth dates, weren't fully wiped clean and the equipment went missing. A software flaw left data on the old servers in unencrypted form, they claimed.

NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...."

Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message.

There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people.

Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity.
The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so.

"Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."

The CFO of a vacation-rental management company recently told Oregon Public Broadcasting that 20% of people renting a vacation home did so for the first time during the pandemic.

The nonprofit state policy news site Stateline sees a larger trend: Even before the pandemic, the destination towns of the West had a shortage of affordable housing. Limited supply, the remote nature of some of the communities, zoning restrictions and even short construction seasons all contributed.

But the COVID-19 pandemic accelerated everything, including the rise of so-called Zoom towns. Freed from physical offices, suddenly people could live, work and recreate in the vacation communities of the West, with few needs beyond a high-speed internet connection to do jobs that formerly required their presence in major cities. It also in recent years became much easier for owners of second homes to list vacancies with internet-based property firms that promise a steady cash flow in places with seasonal, tourism-based economies. When those homes enter the short-term vacation rental pool, they're no longer available to the local workforce. Brian Chesky, Airbnb's CEO, said recently that about one-fifth of the company's business by room nights is now stays of 30 days or more. People are booking longer stays that combine work and leisure, an area the company sees as full of potential growth...

There are few statewide efforts to address the effects of short-term rentals; some states, such as Idaho, outright prohibit local governments from enacting bans.... In general, the vacation rental industry also fights efforts to enact short-term moratoriums or bans...

[F]ew popular tourist communities in the West have enough affordable options for the staff necessary to run a vacation destination in peak season. In Montana, people who can't afford the rent in some tourist towns have been camping more regularly on public lands in the vicinity, encroaching on grizzly territory. The housing shortage has led directly to more encounters between bears and people, said Bill Avey, a National Forest supervisor in the region. In Whitefish, a gateway to Montana's Glacier National Park, the lack of affordable workforce housing in 2021 forced nearly all food- or beverage-related businesses to curtail hours or close at least one day a week at the height of the summer tourist season, said Lauren Oscilowski, who owns the Spotted Bear Spirits distillery. Over the past year, about half the people on her 11-person team have been forced to move because their landlords decided to turn their housing into more lucrative short-term rentals.

"There's this national thing where hospitality people aren't returning to hospitality because the wages are too low, or they're sick of dealing with the public or whatever it is," Oscilowski said. "But that's just a piece of it. The bigger piece for us is really housing...."

Kalper (Slashdot reader #57,281) shares news from Bleeping Computer: Microsoft Exchange on-premise servers cannot deliver email starting on January 1st, 2022, due to a "Year 2022" bug in the FIP-FS anti-malware scanning engine.

Starting with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious email. According to numerous reports from Microsoft Exchange admins worldwide, a bug in the FIP-FS engine is blocking email delivery with on-premise servers starting at midnight on January 1st, 2022.

Security researcher and Exchange admin Joseph Roosen said that this is caused by Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647. However, dates in 2022 have a minimum value of 2,201,010,001 or larger, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery. When this bug is triggered, an 1106 error will appear in the Exchange Server's Event Log stating, "The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error" or "Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long." Microsoft will need to release an Exchange Server update that uses a larger variable to hold the date to officially fix this bug.

However, for on-premise Exchange Servers currently affected, admins have found that you can disable the FIP-FS scanning engine to allow email to start delivering again... Unfortunately, with this unofficial fix, delivered mail will no longer be scanned by Microsoft's scanning engine, leading to more malicious emails and spam getting through to users.

What could have been a damaging breach in one of Sega's servers appears to have been closed, according to a report by security firm VPN Overview. Engadget reports: The misconfigured Amazon Web Services S3 bucket contained sensitive information which allowed researchers to arbitrarily upload files to a huge swath of Sega-owned domains, as well credentials to abuse a 250,000-user email list. The domains impacted included the official landing pages for major franchises, including Sonic the Hedgehog, Bayonetta and Total War, as well as the Sega.com site itself. VPNO was able to run executable scripts on these sites which, as you can imagine, would have been quite bad if this breach had been discovered by malicious actors instead of researchers.

An improperly stored Mailchimp API key gave VPNO access to the aforementioned email list. The emails themselves were available in plaintext alongside associated IP addresses, and passwords that the researchers were able to un-hash. According to the report, "a malicious user could have distributed ransomware very effectively using SEGA's compromised email and cloud services." So far there's no indication that bad actors made use of this vulnerability before VPNO discovered and helped Sega to fix it.

Ethereum scaling project Polygon was at risk of losing nearly all of its MATIC tokens until it upgraded its network earlier this month. From a report The problem was a "critical" vulnerability in Polygon's proof-of-stake genesis contract, which could have allowed attackers to steal over 9.2 billion MATIC tokens (currently worth over $24 billion). The total supply of MATIC tokens is 10 billion. The vulnerability was reported on the bug bounty platform Immunefi by a whitehat hacker known as Leon Spacewalker. According to details shared Wednesday, the bug essentially could have allowed attackers to arbitrarily mint all of Polygon's more than 9.2 billion MATIC tokens from its MRC20 contract. After Spacewalker found the bug, Immunefi informed the Polygon team the same day. The team then confirmed the vulnerability and moved to update the Polygon network, initially with an update for its Mumbai testnet. According to Polygon, the testnet update was completed on December 4, and the team was preparing for the mainnet upgrade. Yet before the mainnet upgrade was undertaken, a malicious actor exploited the bug and stole 801,601 MATIC tokens (currently worth over $2 million). Polygon has said it will bear the cost of the theft.

Microsoft Defender for Endpoint is currently showing "sensor tampering" alerts linked to the company's newly deployed Microsoft 365 Defender scanner for Log4j processes. BleepingComputer reports: The alerts are reportedly mainly shown on Windows Server 2016 systems and warn of "possible sensor tampering in memory was detected by Microsoft Defender for Endpoint" created by an OpenHandleCollector.exe process. Admins have been dealing with this issue since at least December 23, according to customer reports.

While this Defender process' behavior is tagged as malicious, there's nothing to worry about since these are false positives, as revealed by Tomer Teller, Principal Group PM Manager at Microsoft, Enterprise Security Posture. Microsoft is currently looking into this Microsoft 365 Defender issue and working on a fix that the company should soon deliver to affected systems. "This is part of the work we did to detect Log4J instances on disk. The team is analyzing why it triggers the alert (it shouldn't of course)," Teller explained.

A group of Chinese attackers has been using the massive vulnerability in Log4j, common piece of open-source code, to target a large academic institution, Crowdstrike says. From a report: Experts say hundreds of millions of systems are vulnerable and that attacks based on the flaw are continuing. CrowdStrike said its software observed an attack that exploited the Log4j flaw in software from VMware. The attack came from a China-based group dubbed Aquatic Panda that has been conducting intelligence gathering and industrial espionage, CrowdStrike said. Some security experts, including Cybersecurity and Infrastructure Security Agency (CISA) head Jen Easterly, have called the flaw among the worst they have ever seen.

An anonymous reader shares a report: The HDMI standards are a mess. HDMI 2.1, in particular, is a uniquely frustrating mess, with haphazard support among TV manufacturers, cable makers, and devices that make setting up, say 120Hz gaming on a PS5 or Xbox Series X a uniquely harrowing experience. Fortunately, the HDMI Forum is swooping in ahead of CES with its latest revision to the HDMI specification stack, HDMI 2.1a, which is here to make everything better and simpler... I'm kidding, of course. It's gonna make things more complicated. It's a new HDMI standard, what on earth did you expect?

Let's start with the good: HDMI 2.1a is an upcoming revision to the HDMI 2.1 stack and adds a major new feature, Source-Based Tone Mapping, or SBTM. SBTM is a new HDR feature that offloads some of the HDR tone mapping to the content source (like your computer or set-top box) alongside the tone mapping that your TV or monitor is doing. SBTM isn't a new HDR standard -- it's not here to replace HDR10 or Dolby Vision. Instead, it's intended to help existing HDR setups work better by letting the content source better optimize the content it passes to the display or by removing the need to have the user manually calibrate their screens for HDR by having the source device configure content for the specific display. Other use cases could be for when there's a mix of content types, like for streamers (who could have an HDR game playing alongside a window of black and white text), displaying each area of content.