An anonymous reader shares a report: Microsoft started shifting options from the Control Panel to the Settings app in Windows 8. The company has gradually moved settings away from the Control Panel since then. Quite a few options migrated over with the rollout of Windows 11, but a recent Insider build of Windows 11 moved a small handful of settings to the Settings app. Microsoft outlined the changes in the release notes of Windows 11 build 22509, which came out on December 1, 2021. The moves garnered attention from several outlets over the last week:

1. We have moved the advanced sharing settings (such as Network discovery, File and printer sharing, and public folder sharing) to a new page in Settings app under Advanced Network Settings.
2. We've made some updates to the device specific pages under Printers & Scanners in Settings to show more information about your printer or scanner directly in Settings when available.
3. Some of the entry points for network and devices settings in Control Panel will now redirect to the corresponding pages in Settings.

wiredmikey shares a report from SecurityWeek: Security researchers at Google's Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations. If that makes you scratch your head, that was exactly the reaction from Google's premier security research team after disassembling the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group's Pegasus surveillance tool on iPhones.

"We assess this to be one of the most technically sophisticated exploits we've ever seen," Google's Ian Beer and Samuel Grob wrote in a technical deep-dive into the remote code execution exploit that was captured during an in-the-wild attack on an activist in Saudi Arabia. In its breakdown, Project Zero said the exploit effectively created "a weapon against which there is no defense," noting that zero-click exploits work silently in the background and does not even require the target to click on a link or surf to a malicious website. "Short of not using a device, there is no way to prevent exploitation by a zero-click exploit," the research team said.

The researchers confirmed the initial entry point for Pegasus was Apple's proprietary iMessage that ships by default on iPhones, iPads and macOS devices. By targeting iMessage, the NSO Group hackers needed only a phone number of an AppleID username to take aim and fire eavesdropping implants. Because iMessage has native support for GIF images (especially those that loop endlessly), Project Zero's researchers found that this expanded the attack surface and ended up being abused in an exploit cocktail that targeted a security defect in Apple's CoreGraphics PDF parser. Within Apple's CoreGraphics PDF parser, the NSO exploit writers abused Apple's implementation of the open-source JBIG2, a domain specific image codec designed to compress images where pixels can only be black or white. Describing the exploit as "pretty terrifying," Google said the NSO Group hackers effectively booby-trapped a PDF file, masquerading as a GIF image, with an encoded virtual CPU to start and run the exploit. Apple patched the exploit in September and filed a lawsuit seeking to hold NSO Group accountable.

Mozilla has fixed an issue in its Firefox browser where usernames and passwords were being recorded in the Windows Cloud Clipboard feature, in what the organization categorized as a severe security risk that could have exposed credentials to non-owners whenever users copied or cut a password. From a report: The issue was fixed in Firefox 94, released last month, but was detailed in more depth this week by Mozilla developers. At its core, the bug is related to Windows Cloud Clipboard, a feature added to Windows 10 in September 2018 (v1809 release), a feature that allows users to sync their local clipboard history to their Microsoft accounts. The feature is disabled by default, but once enabled, it allows users to access the cloud clipboard section by pressing the Windows+V shortcut. This grants users access to clipboard data from all devices, but the feature is also used for its clipboard history capabilities, allowing users to go through past items they copied or cut and re-paste the same data in new contexts, making it extremely useful for most IT workers. In a blog post on Wednesday, Mozilla said that they have now modified the Firefox browser so that usernames and passwords copied from the browser's password section (about:logins) won't be stored in the Windows Cloud Clipboard feature, but instead will be stored only locally, in a separate clipboard section.

A group of U.S. lawmakers is asking the Treasury Department and State Department to sanction Israeli spyware firm NSO Group and three other foreign surveillance companies they say helped authoritarian governments commit human rights abuses. From a report: Their letter sent late Tuesday and seen by Reuters also asks for sanctions on top executives at NSO, the United Arab Emirates cybersecurity company DarkMatter, and European online bulk surveillance companies Nexa Technologies and Trovicor. The lawmakers asked for Global Magnitsky sanctions, which punishes those who are accused of enabling human rights abuses by freezing bank accounts and banning travel to the United States. DarkMatter could not be reached for comment. The other three companies did not immediately reply to requests for comment. The letter was signed by the Senate Finance Committee Chairman Ron Wyden, House Intelligence Committee Chairman Adam Schiff and 16 other Democratic lawmakers. Along with other reporting on the industry, they cite a recent Reuters article this month showing that NSO spyware was used against State Department employees in Uganda. The lawmakers said the spyware industry relies on U.S. investment and banks. "To meaningfully punish them and send a clear signal to the surveillance technology industry, the U.S. government should deploy financial sanctions," they wrote.

For a brief moment, their worlds had changed. From a report: On Tuesday afternoon a Coinbase "display issue" changed the balances of an untold number of customers' accounts -- making many of them billionaires in the process. Billionaires on paper, that is, because as Coinbase hastily pointed out in a statement on Twitter, no real trading was affected by the glitch. "We're aware some customers are seeing inflated values for non-tradable crypto assets on Coinbase.com and Coinbase Wallet," read the Coinbase statement acknowledging the error. "This is a display issue only and does not impact trading." But that message came too late for those who saw their inflated accounts and, if even only for a heart-stopping minute, thought they were rich.

Representatives of Mitto have told clients that co-founder and Chief Operating Officer Ilja Gorelik is no longer involved at the company, following allegations that he operated a secret surveillance service that helped governments track mobile phones, Bloomberg News reported, citing three people familiar with the matter. From the report: Mitto, a closely held company with headquarters in Zug, Switzerland, works with telecom operators in more than 100 countries to provide automated text messaging services to some of the world's largest technology companies, including Google, Twitter and WhatsApp, helping them deliver security codes users need to log in to online accounts. But a Bloomberg News investigation, carried out in collaboration with the London-based Bureau of Investigative Journalism, reported last week that Gorelik had sold access to Mitto's networks to secretly locate people via their mobile phones. It's not known whether Gorelik's status at the company has changed on a permanent or temporary basis, nor is it clear if Gorelik left of his own accord. Mitto and Gorelik didn't respond to requests for comment. Gorelik is still listed on Mitto's website as a member of the company's leadership team, and Swiss business records, which name Gorelik as a board member, haven't been updated.

Hackers linked to China and other governments are among a growing assortment of cyberattackers seeking to exploit a widespread and severe vulnerability in computer server software, according to cybersecurity firms and Microsoft. From a report: The involvement of hackers whom analysts have linked to nation-states underscored the increasing gravity of the flaw in Log4j software, a free bit of code that logs activity in computer networks and applications. Cybersecurity researchers say it is one of the most dire cybersecurity threats to emerge in years and could enable devastating attacks, including ransomware, in both the immediate and distant future. Government-sponsored hackers are often among the best-resourced and most capable, analysts say.

"The effects of this vulnerability will reverberate for months to come -- maybe even years -- as we try to close these doors and try to hunt down all the actors who made their way in," said John Hultquist, vice president of intelligence analysis at the U.S.-based cybersecurity firm Mandiant. Both Microsoft and Mandiant said they have observed hacking groups linked to China and Iran launching attacks that exploit the flaw in Log4j. In an update to its website posted late Wednesday, Microsoft said that it had also seen nation-backed hackers from North Korea and Turkey using the attack. Some attackers appear to be experimenting with the attack; others are trying to use it to break into online targets, Microsoft said.

Microsoft is planning to make its Windows Terminal the default command line experience in Windows 11 next year. From a report: While Windows 11 currently supports setting Windows Terminal as default, the default terminal emulator has always been the Windows Console Host. Microsoft hasn't ever officially supported replacing this console host, meaning that command prompt and PowerShell always open in Windows Console Host. "Over the course of 2022, we are planning to make Windows Terminal the default experience on Windows 11 devices," explains Kayla Cinnamon, a program manager for Windows Terminal at Microsoft. "We will start with the Windows Insider Program and start moving through rings until we reach everyone on Windows 11."

An anonymous reader shares a report: Four years running, we've been jazzed by the potential of HDMI 2.1 -- the relatively new video connector standard that can provide variable refresh rates (VRR), automatic low latency connections (ALLM), and of course, a giant pipe with 48Gbps of bandwidth (and fixed rate signaling) to deliver up to 10K resolution and up to a 120Hz refresh rate depending on your cable and compression. But today, I'm learning that not only are all of those features technically optional, but that the HDMI standards body owner actually encourages TV and monitor manufacturers that have none of those things -- zip, zilch, zero -- to effectively lie and call them "HDMI 2.1" anyhow. That's the word from TFTCentral, which confronted the HDMI Licensing Administrator with the news that Xiaomi was selling an "HDMI 2.1" monitor that supported no HDMI 2.1 features, and was told this was a perfectly reasonable state of affairs. It's infuriating.

It means countless people, some of whom we've encouraged in our reviews to seek out HDMI 2.1 products, may get fooled into fake futureproofing if they don't look at the fine print to see whether features like ALLM, VRR, or even high refresh rates are possible. Worse, they'll get fooled for no particularly good reason: there was a perfectly good version of HDMI without those features called HDMI 2.0, but the HDMI Licensing Administrator decided to kill off that brand when it introduced the new one. Very little of this is actually news, I'm seeing -- we technically should have known that HDMI 2.1's marquee features would be optional for a while now, and here at The Verge we've seen many a TV ship without full support. In one story about shopping for the best gaming TV for PS5 and Xbox Series X, we characterized it as "early growing pains."

Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe. BleepingComputer reports: "As a result of the operation, about 100 databases of personal data relevant for 2020-2021 were seized," the Cyberpolice Department of the National Police of Ukraine said. "The seized databases contained information on more than 300 million citizens of Ukraine, Europe and the United States."

Following this large-scale operation, Ukrainian police also shut down one of the largest sites used to sell personal information stolen from both Ukrainians and foreigners (the site's name was not revealed in the press release). On the now shutdown illegal marketplace, suspects were selling a wide range of stolen personal data, including telephone numbers, surnames, names, addresses, and, in some cases, vehicle registration info. "A total of 117 searches were conducted in different regions of Ukraine. As a result, more than 90,000 gigabytes of information were removed."

In the latest hack targeting cryptocurrency investors, hackers stole around $135 million from users of the blockchain gaming company VulcanForge, according to the company. From a report: The hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, which is VulcanForge's token that can be used across its ecosystem, the company said in a series of tweets on Sunday and Monday. VulcanForge's main business involves creating games such as VulcanVerse, which it describes as an "MMORPG," and a card game called Berserk. Both titles, like pretty much all blockchain games, appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR. In crypto, compromising someone's private key is a definitive "game over," because it gives complete control over the funds held by the corresponding address on a blockchain.

NSO Group, the scandal-plagued spyware company that's in danger of defaulting on its debts, is exploring options that include shutting its controversial Pegasus unit and selling the entire company, Bloomberg News reported Monday, citing people familiar with the matter. From the report: Talks have been held with several investment funds about moves that include a refinancing or outright sale, said the people, who asked not to be identified as the discussions are private. The company has brought in advisers from Moelis & Co. to assist, and lenders are getting advice from lawyers at Willkie Farr & Gallagher, the people said. The prospective new owners include two American funds that have discussed taking control and closing Pegasus, one of the people said. Under that scenario, the funds would then inject about $200 million in fresh capital to turn the know-how behind Pegasus into strictly defensive cyber security services, and perhaps develop the Israeli companys drone technology, one of the people said. Pegasus software can track a user's mobile phone, and its misuse has landed NSO at the center of high-profile privacy abuse cases. The product allegedly was supplied to governments that used it to spy on political dissidents, journalists and human right activists.

Companies and governments around the world rushed over the weekend to fend off cyberattacks looking to exploit a serious flaw in a widely used piece of Internet software that security experts warn could give hackers sweeping access to networks. From a report: Cybersecurity researchers said the bug, hidden in an obscure piece of server software called Log4j, represents one of the biggest risks seen in recent years because the code is so widely used on corporate networks. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued an urgent alert about the vulnerability and urged companies to take action. CISA Director Jen Easterly said on Saturday, "To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector." Germany's cybersecurity organization over the weekend issued a "red alert" about the bug. Australia called the issue "critical."

Security experts warned that it could take weeks or more to assess the extent of the damage and that hackers exploiting the vulnerability could access sensitive data on networks and install back doors they could use to maintain access to servers even after the flawed software has been patched. "It is one of the most significant vulnerabilities that I've seen in a long time," said Aaron Portnoy, principal scientist with the security firm Randori. Security experts noted that many companies have other processes in place that would prevent a malicious hacker from running software and breaking into these companies, potentially limiting the fallout from the bug. Microsoft, in an alert to customers, said "attackers are probing all endpoints for vulnerability." Amazon.com, Twitter and Cisco were among the companies that have said they were carrying out investigations into the depth of the problem. Amazon, the world's biggest cloud computing company, said in a security alert, "We are actively monitoring this issue, and are working on addressing it."

"Companies large and small, some with longtime roots in their neighborhoods, are on the hunt for new real estate that is less prone to weather and climate extremes," writes Axios: The corporate migration underway indicates vulnerable communities may see an exodus of large employers in the coming decades as oceans encroach. Inland areas prone to flooding or wildfires mare see similar challenges. Within the past three years, tech giant Hewlett Packard Enterprise, a major hospital in South Carolina, and the nation's eighth-largest airline by passengers carried have all decided to move their infrastructure to higher ground...

According to the Charleston Post and Courier newspaper, the hospital has been located downtown for 165 years....

Meanwhile, in Houston, Hewlett Packard Enterprise is working to complete its new global headquarters in Spring, Texas, after experiencing extensive flooding at its former Houston-area campus in 2016 and then in 2017 during Hurricane Harvey.... Separately, in Florida, the discount airline Spirit is making an extreme weather resilience move of its own. Earlier this year, it announced that it would add a second operations center in Orlando to supplement its current headquarters in Miramar, Florida, just southwest of the airline's largest hub of Fort Lauderdale-Hollywood International Airport... The hurricane susceptibility of southeastern Florida helped motivate the decision, according to news reports....

Many more businesses are no doubt contemplating similar protective actions, including at the international level where this would manifest itself in a shift of corporate capital and jobs from less climate secure nations to ones with fewer extreme weather risks.

Google, Apple, CNN, and Ford have all postponed their "Return to Office" date, reports the New York Times. (Alternate URL here.) The Times also cites a Gartner survey of 238 executives in late August which found two-thirds of organizations were delaying returning to offices because of coronavirus variants.

The chief people officer at DocuSign even said "I can't even remember all the dates we've put out there, and I'm the one who put them out there," while Lyft said the earliest that workers would be required to return to the office is 2023. Return-to-office dates used to be like talismans; the chief executives who set them seemed to wield some power over the shape of the months to come. Then the dates were postponed, and postponed again. At some point the spell was broken. For many companies, office reopening plans have lost their fear factor, coming to seem like wishful thinking rather than a sign of futures filled with alarm clocks, commutes and pants that actually button. The R.T.O. date is gone. It's been replaced with "we'll get back to you."

"The only companies being dishonest are the ones giving employees certainty," said Nicholas Bloom, a Stanford professor who advises dozens of chief executives. "As a parent you can hide stuff from your kids, but as a C.E.O. you can't do that to adult employees who read the news."

Some workers have returned to their cubicles in recent months, with office occupancy across the United States rising from 33 percent in August to 40 percent this month, according to data from Kastle Systems, a building security firm. But the visions of full-scale reopenings and mandatory returns, which formed as vaccines rolled out last spring, have remained nebulous...

"Folks have hedged appropriately this time around and they understand that it's a dialogue with their employees, not a mandate," said Zach Dunn, co-founder of the office space management platform Robin.
Thanks to Long-time Slashdot reader theodp for submitting this story!

"Russian hackers have stolen and published the personal data of tens of thousands of employees..." reports the Australian Financial Review.

Government officials have confirmed the breach — part of a ransomware attack — and say the stolen data may even include info on the country's premier, according to an Australian public broadcaster: The government said the records of at least 38,000 employees, but potentially up to 80,000 workers, have been accessed in a cyber-attack on external payroll software provider Frontier Software. The data includes names, dates of birth, tax file numbers, home addresses, bank account details, remuneration and superannuation contributions... Treasurer Rob Lucas said politicians, including Premier Steven Marshall, could be among those affected.
The treasurer added the breach potentially impacted "The highest of the high to the lowest of the low and all of the rest of us in between." Except for schoolteachers, and the Department of Education, who did not use Frontier's software.

The website publishing the 3.75 gigabytes of data claimed it was just 10% of the total amount, according to the Australian Financial Review, which "understands Russian organised crime group Conti, which claimed credit for launching the cyberattack on Queensland's energy network CS Energy, published the information." Australian Payroll Association chief executive Tracy Angwin said the hack was a wake-up call to employers using remotely accessed payroll systems to ensure they were secure...

Frontier Software said the hacker responsible for the incident was known to employ a "double extortion" strategy, which included encrypting systems and stealing the data.
In another report, Bleeping Computer describes Conti as "a long-lived Ransomware as a Service operation" that "still manages to evade prosecution even after high-profile incidents against vital national resources such as Ireland's Department of Health." The gang is believed to be behind the recent revival of the notorious Emotet botnet, which could lead to a massive new wave of ransomware infections. This week, Conti took responsibility for the attack against Nordic Choice Hotels, a Scandinavian hotel chain with 200 properties.
Thanks to Macfox (Slashdot reader #50,100) for tipping us off to the news.

New submitter Unpopular Opinions writes: Brazil's health ministry reports that in the early hours of Friday it suffered an incident that temporarily compromised some of its systems, which are currently unavailable and/or being directed to other domains. The alleged hackers posted a message on the website saying that internal data had been copied and deleted. "Contact us if you want the data back," it said, including e-mail and Telegram contact info. Some of the systems affected by the hack included information about the national immunization program and another used to issue digital vaccination certificates. "The government put off for a week implementing new health requirements for travelers arriving in Brazil due to the attack," reports Reuters.

An anonymous reader quotes a report from BleepingComputer: Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers. "Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party," the company disclosed today. "Investigations so far confirm that a limited amount of the company's R&D property has been stolen during the intrusion. Volvo Cars has earlier today concluded, based on information available, that there may be an impact on the company's operation."

Volvo said it notified relevant authorities after discovering the incident and is now investigating the data theft together with third-party experts. "The company does not see, with currently available information, that this has an impact on the safety or security of its customers' cars or their personal data," Volvo added. While the company did not disclose any other details on the breach, the Snatch ransomware gang has already claimed the attack.

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. ZDNet reports: Tracked as CVE-2021-44228, the vulnerability is classed as severe and allows unauthenticated remote code execution as the user running the application utilizes the Java logging library. CERT New Zealand warns that it's already being exploited in the wild. CISA has urged users and administrators to apply the recommended mitigations "immediately" in order to address the critical vulnerabilities. Systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 are all affected, including many services and applications written in Java. The vulnerability was first discovered in Minecraft but researchers warn that cloud applications are also vulnerable. It's also used in enterprise applications and it's likely that many products will be found to be vulnerable as more is learned about the flaw. Slashdot reader alfabravoteam shares an excerpt from a blog post by researchers a LunaSec, warning that "anybody using Apache Struts is likely vulnerable." From the report: Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short (CVE-2021-44228 just isn't as memorable). The 0-day was tweeted along with a POC posted on GitHub. [...] This has been published as CVE-2021-44228 now.

Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable. Anybody using Apache Struts is likely vulnerable. We've seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach. Many Open Source projects like the Minecraft server, Paper, have already begun patching their usage of log4j [to log4j-2.15.0-rc1].

Microsoft has launched this week a special web portal where users and researchers can report malicious drivers to the company's security team. From a report: The new Vulnerable and Malicious Driver Reporting Center is basically a web form that allows users to upload a copy of a malicious driver, which gets uploaded and analyzed by a Microsoft automated scanner. At a technical level, Microsoft says this automated scanner can identify techniques that are commonly abused by malicious drivers, such as:
Drivers with the ability to map arbitrary kernel, physical, or device memory to user mode.
Drivers with the ability to read or write arbitrary kernel, physical, or device memory, including Port I/O and central processing unit (CPU) registers from user mode.
Drivers that provide access to storage that bypass Windows access control.