Security reporter Brian Krebs: Twice in the past month KrebsOnSecurity has heard from readers who had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn't theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim's personal information and a different email address.

John Turner is a software engineer based in Salt Lake City. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account. Turner said that in early June 2022 he received an email from Experian saying the email address on his account had been changed. Experian's password reset process was useless at that point because any password reset links would be sent to the new (impostor's) email address. An Experian support person Turner reached via phone after a lengthy hold time asked for his Social Security Number (SSN) and date of birth, as well as his account PIN and answers to his secret questions. But the PIN and secret questions had already been changed by whoever re-signed up as him at Experian.

Microsoft describes "thriving" at work as being "energized and empowered to do meaningful work."

So Microsoft's "people analytics" chief and its "culture measurements" director teamed up for a report in Harvard Business Review exploring "as we enter the hybrid work era... how thriving can be unlocked across different work locations, professions, and ways of working."

ZDNet columnist Chris Matyszczyk took special note of the researchers' observation that "Employees who weren't thriving talked about experiencing siloes, bureaucracy, and a lack of collaboration," asking playfully, "Does that sound like Microsoft to you?" Klinghoffer and McCune were undeterred in their search for the secret of happiness. They examined those who spoke most positively about thriving at work and work-life balance. They reached a startling picture of a happy Microsoft employee. They said: "By combining sentiment data with de-identified calendar and email metadata, we found that those with the best of both worlds had five fewer hours in their workweek span, five fewer collaboration hours, three more focus hours, and 17 fewer employees in their internal network size."

Five fewer collaboration hours? 17 fewer employees in their internal network? Does this suggest that the teamwork mantra isn't working so well? Does it, in fact, intimate that collaboration may have become a buzzword for a collective that is more a bureaucracy than a truly productive organism?

Klinghoffer and McCune say collaboration isn't bad in itself. However, they say: "It is important to be mindful of how intense collaboration can impact work-life balance, and leaders and employees alike should guard against that intensity becoming 24/7."

If you're a leader, you have a way to stop it. If you're an employee, not so much.
The Microsoft researchers' conclusion? "Thriving takes a village" (highlighting the importance of managers), and that "the most common thread among those who were not thriving was a feeling of exclusion — from a lack of collaboration to feeling left out of decisions to struggling with politics and bureaucracy."

Matyszczyk's conclusion? "It's heartening to learn, though, that perhaps the most important element to making an employee happy at work is giving them time to, well, actually work."

An anonymous reader quotes a report from Axios: The Federal Communications Commission on Thursday told carriers to stop delivering those annoying auto warranty robocalls and said it has launched a formal investigation. The scam has resulted in more than 8 billion unwanted and possibly illegal phone calls. It has been the top consumer robocall complaint for the past two years.

The FCC said it is working with a number of other agencies, including the Ohio attorney general, which is suing Roy Cox, Jr., Aaron Michael Jones, their Sumco Panama companies and other international associates said to be a part of the scam. The agency's enforcement bureau said it sent cease-and-desist letters to Call Pipe, Fugle Telecom, Geist Telecom, Global Lynks, Mobi Telecom, South Dakota Telecom, SipKonnect and Virtual Telecom to warn them to stop carrying this suspicious robocall traffic within 48 hours. The FCC said that its inquiry shows that the operation is still generating millions of apparently unlawful calls to consumers on a daily basis.

A new study published by the IMDEA Networks Institute shows just how common it is for government websites to install third-party cookies in visitors' web browsers. HotHardware reports: The study makes a distinction between third-party (TP) cookies and third-party tracking (TPT) cookies, because not all third-party cookies are "set by domains that are known to be tracking users for data collection purposes." The chart [here] shows the percentage of government websites for each country that install at least one third-party cookie, as well as the percentage of said cookies that are associated with domains that are known to be tracking users. Russia tops out the list with over 90% of its government websites installing third-party cookies in visitors' web browsers. Meanwhile, nearly 60% of US government websites install at least one third-party cookie. Germany sits at the bottom of the list with a little under 30% of government websites serving up third-party cookies.

Most of the third-party cookies installed by government websites are known tracking cookies, except in the case of Germany, where under 10% of third-party cookies are associated with domains that are known to track users. The researchers also found that, depending on the country, 20% to 60% of the third party cookies installed by government websites remain in visitors' browsers without expiring for a year or more. That's a long time for a tracker installed without your knowledge or consent to remain active. Beyond specifically tracking cookies, the researchers measured the number of trackers of any kind present on government websites. The Russian gov.ru has the most trackers out of any government website analyzed by the researchers, numbering 31 trackers in total. However, Brazil and Canada aren't far behind, with 25 trackers present on both investexportbrasil.gov.br and nac-cna.ca. The US government website with the most trackers is hhs.gov, which has 13.

The researchers point out that both third-party tracking cookies are automatically installed in visitors' web browsers without their consent. However, the researchers guess that web developers and administrators likely include third-party content without intending to add trackers to their websites. A great many websites now rely on third-party resources and include social content that come with trackers built-in.

In the first six months of 2022, Web3 projects have lost more than $2 billion to hacks and exploits -- more than all of 2021 combined. The Verge reports: That's according to research from blockchain auditing and security company CertiK, which on Thursday released its quarterly Web3 security report covering Q2 of this year. The report paints a sobering picture of a cryptocurrency space still plagued by hacks, scams, and phishing schemes while also facing relatively new threats like flash loan attacks. CertiK puts particular focus on this last category of threat, which has been created by the invention of flash loans: a decentralized finance mechanism that lets borrowers access extremely large amounts of cryptocurrency for very short periods of time. If used maliciously, flash loans can be used to manipulate the value of a certain token on exchanges or buy up all of the governance tokens in a project and vote to withdraw all of the funds, as happened to Beanstalk in April.

In total, CertiK's report claims that a total of $308 million was lost across 27 flash loan attacks in Q2 2022 -- an enormous increase compared to just $14 million lost to flash loans in Q1. Phishing attacks also increased in frequency between Q1 and Q2 of this year, with CertiK recording 290 in the most recent quarter compared with 106 in the first three months of the year. Discord was the vector for the vast majority of phishing attempts, a signal of its continuing popularity as the social network of choice for the cryptocurrency and NFT scene, despite ongoing security concerns. CertiK also found that so-called "rug pulls" -- where the founders of a project halt development and abscond with the funds -- were down 16.5 percent from the previous quarter.

Google is testing a method to boost the battery life of Chromebooks by changing how they work with the Chrome web browser. It's shaping up to be a potentially attractive update for users who leave a lot of tabs open on their Chromebooks. From a report: Google Chrome currently cuts the CPU time and throttles the CPU load for any tab you haven't touched or looked at for five minutes. Google calls this "intensive throttling of JavaScript timer wake up," and it's supposed to help conserve system battery life. The feature also makes the page wake up once every 60 seconds to check if you're actively using the tab again. It seems Google is interested in pushing the idea even further, at least for Chromebook users. About Chromebooks this week spotted a new flag in Chrome OS 105, currently being tested in the dev channel, that changes this five-minute period to 10 seconds.

Microsoft is rolling back a planned change to block Visual Basic for Applications (VBA) macros by default in a variety of Office apps. From a report: Announced earlier this year, Microsoft had been planning to prevent Office users from easily enabling certain content in files downloaded from the internet that include macros, in a move to improve security against malicious files. Microsoft had been testing this change ahead of a planned rollout to all Microsoft 365 users in June, but suddenly reverted the block on June 30th. BleepingComputer reports that Microsoft notified IT admins last week that it was rolling back the VBA macro block based on feedback from Office users testing the changes. "We appreciate the feedback we've received so far, and we're working to make improvements in this experience," reads a Microsoft 365 message. The unusual rollback has surprised some Microsoft 365 users, as many had been waiting years for Microsoft to be more aggressive about blocking macros from Office files. Hackers have been regularly targeting Office documents with malicious macros, and Office has typically prompted users to click to enable macros running with a simple button. Microsoft's planned changes meant Office users would only be able to enable the macros by specifically ticking an unblock option on the properties of a file.

Twitter removes more than 1 million spam accounts each day, executives told reporters in a briefing on Thursday, providing new insight into efforts to reduce harmful automated bots as billionaire Elon Musk has demanded more details from the social media company. Reuters reports: The briefing comes after Musk threatened to halt a $44 billion deal to purchase Twitter unless the company showed proof that spam and bot accounts were fewer than 5% of users who see advertising on the social media service. Musk previously tweeted that one of his biggest priorities after acquiring Twitter is to "defeat the spam bots or die trying."

On a conference call, the company reiterated that spam accounts were well under 5% of users who are served advertising, a figure that has been unchanged in its public filings since 2013. Human reviewers manually examine thousands of Twitter accounts at random and use a combination of public and private data in order to calculate and report to shareholders the proportion of spam and bot accounts on the service, Twitter said. The company said it does not believe a calculation of such accounts could be performed externally because it would require private information, but declined to comment on the type of data it would provide to Musk.

An anonymous reader shares a report: Despite the name change and metaverse hyperbole, Facebook has always been at the center of the Meta suite of software for users engaging with its wider ecosystem. While that may continue to be the case indefinitely, it's clear the company is taking steps to ensure that its next swath of users aren't tied to a network that may still pay the bills but isn't where the company sees its reinvention. Next month, the company will be introducing a new type of login called a Meta account that will allow users to engage with products that previously might have required a Facebook account to use.

At launch, users will be able to use their Meta account to sign up for and log in to the company's Quest hardware, functionality that will come to other Meta devices in the future, the company says. Users can choose to link their Meta account to their Facebook and Instagram accounts as well, or not. Unlike Facebook accounts, users are free to have multiple Meta accounts, the company says. This change addresses the concerns of some VR users who complained about various quirks of relying on a private social media profile login to play video games. While plenty of users were concerned by privacy implications, others were frustrated by more organizational issues related to combining the two accounts with separate friends lists, settings and rules. By the beginning of next year, Meta accounts will be the standard login for VR users.

The U.K. government has tabled an amendment (PDF) to the Online Safety Bill that could put it on a collision course with end-to-end encryption. TechCrunch reports: It's proposing to give the incoming internet regulator, Ofcom, new powers to force messaging platforms and other types of online services to implement content-scanning technologies, even if their platform is strongly encrypted -- meaning the service/company itself does not hold keys to decrypt and access user-generated content in the clear. The home secretary, Priti Patel, said today that the governments wants the bill to have greater powers to tackle child sexual abuse.

"Child sexual abuse is a sickening crime. We must all work to ensure criminals are not allowed to run rampant online and technology companies must play their part and take responsibility for keeping our children safe," she said in a statement -- which also offers the (unsubstantiated) claim that: "Privacy and security are not mutually exclusive -- we need both, and we can have both and that is what this amendment delivers." The proposed amendment is also being targeted at terrorism content -- with the tabled clause referring to: "Notices to deal with terrorism content or CSEA [child sexual exploitation & abuse] content (or both)."

These notices would allow Ofcom to order a regulated service to use "accredited" technology to identify CSEA or terrorism content which is being publicly shared on their platform and "swiftly" remove it. But the proposed amendment goes further -- also allowing Ofcom to mandate that regulated services use accredited technical means to prevent users from encountering these types of (illegal) content -- whether it's being shared publicly or privately via the service, raising questions over what the power might mean for E2E encryption.

An anonymous reader quotes a report from the BBC: The heads of UK and US security services have made an unprecedented joint appearance to warn of the threat from China. FBI director Christopher Wray said China was the "biggest long-term threat to our economic and national security" and had interfered in politics, including recent elections. MI5 head Ken McCallum said his service had more than doubled its work against Chinese activity in the last three years and would be doubling it again. MI5 is now running seven times as many investigations related to activities of the Chinese Communist Party compared to 2018, he added. The FBI's Wray warned that if China was to forcibly take Taiwan it would "represent one of the most horrific business disruptions the world has ever seen."

The first ever joint public appearance by the two directors came at MI5 headquarters in Thames House, London. McCallum also said the challenge posed by the Chinese Communist Party was "game-changing," while Wray called it "immense" and "breath-taking." Wray warned the audience -- which included chief executives of businesses and senior figures from universities -- that the Chinese government was "set on stealing your technology" using a range of tools. He said it posed "an even more serious threat to western businesses than even many sophisticated businesspeople realized." He cited cases in which people linked to Chinese companies out in rural America had been digging up genetically modified seeds which would have cost them billions of dollars and nearly a decade to develop themselves. He also said China deployed cyber espionage to "cheat and steal on a massive scale," with a hacking program larger than that of every other major country combined.

The MI5 head said intelligence about cyber threats had been shared with 37 countries and that in May a sophisticated threat against aerospace had been disrupted. McCallum also pointed to a series of examples linked to China. [...] The MI5 head said new legislation would help to deal with the threat but the UK also needed to become a "harder target" by ensuring that all parts of society were more aware of the risks. He said that reform of the visa system had seen over 50 students linked to the Chinese military leaving the UK. "China has for far too long counted on being everybody's second-highest priority," Wray said, adding: "They are not flying under the radar anymore."

Apple introduced a security tool for iPhone, iPad and Mac devices that is designed to prevent targeted cyberattacks on high-profile users such as activists, journalists and government officials. From a report: The optional feature, called Lockdown Mode, will offer "extreme" protection for a "very small number of users who face grave, targeted attacks," Apple said Wednesday in a statement. The tool vastly reduces the number of physical and digital ways for an attacker to hack a user's device. Apple said the feature is aimed primarily at trying to combat attacks from "spyware" sold by NSO Group and other companies, particularly to state-sponsored groups.

[...] Lockdown Mode will affect the Messages app, FaceTime, Apple online services, configuration profiles, the Safari web browser and wired connections. With the tool in place, the Messages app will block attachments other than images and disable link previews. Those are two common mechanisms that hackers use to infiltrate devices remotely. The web browser, another frequent conduit for hackers, will also be severely limited, with restrictions on certain fonts, web languages and features involving reading PDFs and previewing content. In FaceTime, users won't be able to receive calls from an individual that they haven't previously called within the preceding 30 days.

Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data including guests' credit card information. From a report: The incident, first reported by Databreaches.net Tuesday, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel Maryland into giving them access to their computer. "Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate's computer," Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. "The threat actor did not gain access to Marriott's core network."

The wildly popular series Squid Game drew criticism for its English subtitles. Just how did those happen? CNET News: Subtitlers contend with unrealistic expectations, tight deadlines and competition from clunky machine translation. Often, their work goes underappreciated, under the radar. Sometimes Uludag would be sent a file to translate at 11 p.m. -- "and they would say we need it by 8 a.m." Without skilled subtitlers, movies such as historic Oscar winner Parasite are lost in translation. Yet the art of subtitling is on the decline, all but doomed in an entertainment industry tempted by cheaper emerging artificial intelligence technologies. Subtitlers have become a dying breed.

And this had been the predicament before the world started watching a little show called Squid Game. In 28 days, Squid Game leapfrogged Bridgerton as Netflix's most popular series ever. It also inadvertently started a global conversation about bad subtitles. While critics lauded the South Korean battle royale-themed drama for its polished production values, gripping story and memorable characters, many accused Netflix of skimping on the quality of Squid Game's English subtitles.

A prime example: Ali, the Pakistani laborer, shares a touching moment with Sang Woo, an embezzler who graduated from Korea's top university. Sang Woo suggests Ali call him hyung, instead of sajang-nim or "Mr. Company President." The term hyung literally translates as "older brother," a term used by a man to address an older man with whom he has formed a closer bond. That's Ali and Sang Woo. Yet, the line "Call me hyung" was translated as "Call me Sang Woo." A rare moment of compassion and humanity, amid all the gloom and gore, was lost. [...]

Yet Netflix, which abandoned its in-house subtitling program Hermes one year after its launch in 2017, is interested in a different area of translation: dubbing. It's not hard to see why. For example, 72% of Netflix's American viewers said they prefer dubs when watching Spanish hit Money Heist, Netflix's third most popular show ever. Unfairly criticized, underfunded and facing a lack of support from the entertainment industry, subtitlers are on the brink. At least the Squid Game controversy illuminated an unsung fact: Good subtitles are an exceptionally difficult art.

FedEx is to close its data centers and retire all of its remaining mainframes within the next two years. Speaking during the FedEx investor day, FedEx CIO Rob Carter said the company is aiming for a "zero data center, zero mainframe" environment based in the cloud, which will result in $400 million in savings annually. From a report: "We've been working across this decade to streamline and simplify our technology and systems," he said. "We've shifted to cloud...we've been eliminating monolithic applications one after the other after the other...we're moving to a zero data center, zero mainframe environment that's more flexible, secure, and cost-effective. Within the next two years we'll close the last few remaining data centers that we have, we'll eliminate the final 20 percent of the mainframe footprint, and we'll move the remaining applications to cloud-native structures that allow them to be flexibly deployed and used in the marketplace and business. While we're doing this, we'll achieve $400 million of annual savings."

"Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors," reports BleepingComputer.

The "Raspberry Robin" malware (first spotted in September) spreads through USB devices with a malicious .LNK file Although Microsoft observed the malware connecting to addresses on the Tor network, the threat actors are yet to exploit the access they gained to their victims' networks. This is in spite of the fact that they could easily escalate their attacks given that the malware can bypass User Account Control (UAC) on infected systems using legitimate Windows tools. Microsoft shared this info in a private threat intelligence advisory sent to Microsoft Defender for Endpoint subscribers and seen by BleepingComputer....

Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd .exe to launch a malicious file stored on the infected drive. It infects new Windows devices, communicates with its command and control servers (C2), and executes malicious payloads...

Microsoft has tagged this campaign as high-risk, given that the attackers could download and deploy additional malware within the victims' networks and escalate their privileges at any time.

Bug bounty platform HackerOne has "a steadfast commitment to disclosing security incidents," according to a new blog post, "because we believe that sharing security information far and wide is essential to building a safer internet."

But now they've had an incident of their own: On June 22nd, 2022, a customer asked us to investigate a suspicious vulnerability disclosure made outside of the HackerOne platform. The submitter of this off-platform disclosure reportedly used intimidating language in communication with our customer. Additionally, the submitter's disclosure was similar to an existing disclosure previously submitted through HackerOne... Upon investigation by the HackerOne Security team, we discovered a then-employee had improperly accessed security reports for personal gain. The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties.

This is a clear violation of our values, our culture, our policies, and our employment contracts. In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data. We have since terminated the employee, and further bolstered our defenses to avoid similar situations in the future. Subject to our review with counsel, we will also decide whether criminal referral of this matter is appropriate.
The blog post includes a detailed timeline of HackerOne's investigation. (They remotely locked the laptop, later taking possession of it for analysis, along with reviewing all data accessed "during the entirety of their two and a half months of employment" and notification of seven customers "known or suspected to be in contact with threat actor.")

"We are confident the insider access is now contained," the post concludes — outlining how they'll respond and the lessons learned. "We are happy that our previous investments in logging enabled an expedient investigation and response.... To ensure we can proactively detect and prevent future threats, we are adding additional employees dedicated to insider threats that will bolster detection, alerting, and response for business operations that require human access to disclosure data...."

"We are allocating additional engineering resources to invest further in internal models designed to identify anomalous access to disclosure data and trigger proactive investigative responses.... We are planning additional simulations designed to continuously evaluate and improve our ability to effectively resist insider threats."

Reuters shares the results of its investigation into what it calls "mercenary hackers": Reuters identified 35 legal cases since 2013 in which Indian hackers attempted to obtain documents from one side or another of a courtroom battle by sending them password-stealing emails. The messages were often camouflaged as innocuous communications from clients, colleagues, friends or family. They were aimed at giving the hackers access to targets' inboxes and, ultimately, private or attorney-client privileged information.

At least 75 U.S. and European companies, three dozen advocacy and media groups and numerous Western business executives were the subjects of these hacking attempts, Reuters found.

The Reuters report is based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It also draws on a unique database of more than 80,000 emails sent by Indian hackers to 13,000 targets over a seven-year period. The database is effectively the hackers' hit list, and it reveals a down-to-the-second look at who the cyber mercenaries sent phishing emails to between 2013 and 2020.... The targets' lawyers were often hit, too. The Indian hackers tried to break into the inboxes of some 1,000 attorneys at 108 different law firms, Reuters found....

"It is an open secret that there are some private investigators who use Indian hacker groups to target opposition in litigation battles," said Anthony Upward, managing director of Cognition Intelligence, a UK-based countersurveillance firm.

The legal cases identified by Reuters varied in profile and importance. Some involved obscure personal disputes. Others featured multinational companies with fortunes at stake. From London to Lagos, at least 11 separate groups of victims had their emails leaked publicly or suddenly entered into evidence in the middle of their trials. In several cases, stolen documents shaped the verdict, court records show.
Reuters spoke to email experts including Linkedin, Microsoft and Google to help confirm the authenticity of the data they'd received, and reports that one high-profile victim was WeWork co-founder Adam Neumann. (After Reuters told him he'd been targetted starting in 2017, Neumann hired a law firm.) "Reuters reached out to every person in the database — sending requests for comment to each email address — and spoke to more than 250 individuals. Most of the respondents said the attempted hacks revealed in the email database occurred either ahead of anticipated lawsuits or as litigation was under way."

America's FBI has been investigating the breachers since at least early 2018, Reuters reports, adding that pressure is now increasing on private eyes who acted as go-betweens for interested clients.

Meanwhile, Reuters found former employees of the mercenary firms, who told them that the firms employed dozens of workers — though "a month's salary could be as low as 25,000 rupees (then worth about $370), according to two former workers and company salary records...

"Asked about the hacker-for-hire industry, an official with India's Ministry of Justice referred Reuters to a cybercrime hotline, which did not respond to a request for comment."

Google today announced a preview of Advanced API Security, a new product headed to Google Cloud that's designed to detect security threats as they relate to APIs. TechCrunch reports: Built on Apigee, Google's platform for API management, the company says that customers can request access starting today. Short for "application programming interface," APIs are documented connections between computers or between computer programs. API usage is on the rise, with one survey finding that more than 61.6% of developers relied on APIs more in 2021 than in 2020. But they're also increasingly becoming the target of attacks. According to a 2018 report commissioned by cybersecurity vendor Imperva, two-thirds of organizations are exposing unsecured APIs to the public and partners.

Advanced API Security specializes in two tasks: identifying API misconfigurations and detecting bots. The service regularly assesses managed APIs and provides recommended actions when it detects configuration issues, and it uses preconfigured rules to provide a way to identify malicious bots within API traffic. Each rule represents a different type of unusual traffic from a single IP address; if an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot. [...] With the launch of Advanced API Security, Google is evidently seeking to bolster its security offerings under Apigee, which it acquired in 2016 for over half a billion dollars. But the company is also responding to increased competition in the API security segment. "Misconfigured APIs are one of the leading reasons for API security incidents. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process is time consuming and requires considerable resources," Vikas Ananda, head of product at Google Cloud, said in a blog post shared with TechCrunch ahead of the announcement. "Advanced API Security makes it easier for API teams to identify API proxies that do not conform to security standards... Additionally, Advanced API Security speeds up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code."

Nkwe writes: Russians are searching for pirated Microsoft software online after the US tech giant halted sales in the country over its invasion of Ukraine, the Kommersant newspaper reported earlier this week. Russia-based web searches for pirated Microsoft software have surged by as much as 250% after the company suspended new sales on March 4, according to Kommersant. In June so far, there's been a 650% surge in searches for Excel downloads, the media outlet added. Microsoft said earlier this month it's significantly scaling down business in Russia, joining a long list of companies winding down businesses in the country amid sweeping sanctions over the war in Ukraine. The move hits Russia hard because the country relies on foreign software to power many of its manufacturing and engineering tech systems, Bloomberg reported on Tuesday. Russian government agencies, too, are switching from Microsoft's Windows to the Linux operating system, the Moscow Times reported last Friday. Developers of Russian systems based on the Linux open source operating system are also seeing more demand, Kommersant reported. Not all sectors are able to swap out their systems easily.