Lloyds Banking Group is assessing the skills of thousands of technology staffers in the UK to determine whether they can keep working at the bank once it upgrades its technology [alternative source]. Bloomberg: The British lender, which is carrying out a multiyear overhaul of its systems, put these workers on notice this month that they are at risk of losing their jobs and will be required to reapply for new positions across the bank, according to people familiar with the matter. In a company town hall last week, executives informed those staffers that they were in the process of assessing their technical skills based on a test they took last year to determine where, if anywhere, they can be placed within Lloyds, the people said, asking not to be named discussing non-public information.

Acer will raise laptop prices in the United States by 10% next month due to Trump administration tariffs on Chinese imports, CEO Jason Chen said. "We will have to adjust the end user price to reflect the tariff," Chen said. "We think 10 percent probably will be the default price increase because of the import tax."

The Taiwan-based company, the fifth-largest computer seller in the U.S. market behind HP, Dell, Lenovo and Apple, could add hundreds of dollars to its high-end laptops that cost up to $3,700. Chen said Acer is exploring manufacturing options outside China, including possible U.S. production. The company has already moved desktop computer assembly out of China following earlier 25% tariffs during Trump's first term. The 10% tariff imposed this month affects nearly 80% of U.S. laptop imports from China.

NAND flash prices are expected to slide due to oversupply, forcing memory chipmakers to cut production to match lower-than-expected orders from PC and smartphone manufacturers. From a report: The superabundance of stock is putting a financial strain on suppliers of NAND flash, according to TrendForce, which says growth rate forecasts are being revised down from 30 percent to 10-15 percent for 2025.

"NAND flash manufacturers have adopted more decisive production cuts, scaling back full-year output to curb bit supply growth. These measures are designed to swiftly alleviate market imbalances and lay the groundwork for a price recovery," TrendForce stated.

Shrish Pant, Gartner director analyst and technology product leader, expects NAND flash pricing to remain weak for the first half of 2025, though he projects higher bit shipments for SSDs in the second half due to continuing AI server demand.

"Vendors are currently working tirelessly to discipline supply, which will lead to prices recovering in the second half of 2025. Long term, AI demand will continue to drive the demand for higher-capacity/better-performance SSDs," Pant said. Commenting on the seasonal nature of the memory market, Pant told The Register: "Buying patterns will mean that NAND flash prices will remain cyclical depending on hyperscalers' buying behavior."

Ten years after publishing his influential book on data privacy, security expert Bruce Schneier warns that surveillance has only intensified, with both government agencies and corporations collecting more personal information than ever before. "Nothing has changed since 2015," Schneier told The Register in an interview. "The NSA and their counterparts around the world are still engaging in bulk surveillance to the extent of their abilities."

The widespread adoption of cloud services, Internet-of-Things devices, and smartphones has made it nearly impossible for individuals to protect their privacy, said Schneier. Even Apple, which markets itself as privacy-focused, faces limitations when its Chinese business interests are at stake. While some regulation has emerged, including Europe's General Data Protection Regulation and various U.S. state laws, Schneier argues these measures fail to address the core issue of surveillance capitalism's entrenchment as a business model.

The rise of AI poses new challenges, potentially undermining recent privacy gains like end-to-end encryption. As AI assistants require cloud computing power to process personal data, users may have to surrender more information to tech companies. Despite the grim short-term outlook, Schneier remains cautiously optimistic about privacy's long-term future, predicting that current surveillance practices will eventually be viewed as unethical as sweatshops are today. However, he acknowledges this transformation could take 50 years or more.

"Amazon required employees to work from the office five days a week starting January 2nd," writes the Seattle Times, "a change from the company's three-day in-office mandate that had been in effect since May 2023."

And as Seattle's largest employer (with 50,000 Seattle-based workers), this had an impact, according to data the Times cites from the nonprofit Downtown Seattle Association: In January, downtown Seattle recorded the second-highest daily average for weekday worker foot traffic since March 2020. It also saw 2 million unique visitors on its sidewalks last month. That represents 94% of the visitors downtown Seattle saw in January 2019, the Downtown Seattle Association found...

In a statement Friday, Amazon said "we're excited by the innovation, collaboration and connection we've seen already with our teams working in person together...." Jon Scholes [the president of the Downtown Seattle Association] said Amazon's return has been a boon for downtown Seattle. As the city's largest employer, its mandate instantly brought more people to shop and dine around South Lake Union, the Denny Triangle and surrounding neighborhoods... "I think we're seeing people get reacquainted with the reasons they liked working downtown prepandemic," Scholes said. He expects to continue seeing an uptick in foot traffic over the course of the year as more companies follow Amazon's lead and the weather warms up.
But Seattle magazine says the statistics show foot traffic in neighborhoods where Amazon's offices are located (South Lake Union and Denny Regrade) "at 74% of that of January 2019. Overall, downtown-area foot traffic was 9% higher than it was a year ago, though only 57% of the pre-pandemic average."

"Security researchers say the Chinese government-linked hacking group, Salt Typhoon, is continuing to compromise telecommunications providers," reports TechCrunch, "despite the recent sanctions imposed by the U.S. government on the group."

TechRadar reports that the Chinese state-sponsored threat actor is "hitting not just American organizations, but also those from the UK, South Africa, and elsewhere around the world." The latest intrusions were spotted by cybersecurity researchers from Recorded Future, which said the group is targeting internet-exposed web interfaces of Cisco's IOS software that powers different routers and switches. These devices have known vulnerabilities that the threat actors are actively exploiting to gain initial access, root privileges, and more. More than 12,000 Cisco devices were found connected to the wider internet, and exposed to risk, Recorded Future further explained. However, Salt Typhoon is focusing on a "smaller subset" of telecoms and university networks.
"The hackers attempted to exploit vulnerabilities in at least 1,000 Cisco devices," reports NextGov, "allowing them to access higher-level privileges of the hardware and change their configuration settings to allow for persistent access to the networks they're connected on... Over half of the Cisco appliances targeted by Salt Typhoon were located in the U.S., South America and India, with the rest spread across more than 100 countries." Between December and January, the unit, widely known as Salt Typhoon, "possibly targeted" — based on devices that were accessed — offices in the University of California, Los Angeles, California State University, Loyola Marymount University and Utah Tech University, according to a report from cyber threat intelligence firm Recorded Future... The Cisco devices were mainly associated with telecommunications firms, but 13 of them were linked to the universities in the U.S. and some in other nations... "Often involved in cutting-edge research, universities are prime targets for Chinese state-sponsored threat activity groups to acquire valuable research data and intellectual property," said the report, led by the company's Insikt Group, which oversees its threat research.

The cyberspies also compromised Cisco platforms at a U.S.-based affiliate of a prominent United Kingdom telecom operator and a South African provider, both unnamed, the findings added. The hackers also "carried out a reconnaissance of multiple IP addresses" owned by Mytel, a telecom operator based in Myanmar...

"In 2023, Cisco published a security advisory disclosing multiple vulnerabilities in the web UI feature in Cisco IOS XE software," a Cisco spokesperson said in a statement. "We continue to strongly urge customers to follow recommendations outlined in the advisory and upgrade to the available fixed software release."

SFGate shares the latest data on America's office-occupancy rates: According to Placer.ai's January 2025 Office Index, office visits nationwide were 40.2% lower in January 2025 compared with pre-pandemic numbers from January 2019.

But San Francisco is dragging down the average, with a staggering 51.8% decline in office visits since January 2019 — the weakest recovery of any major metro. Kastle's 10-City Daily Analysis paints an equally grim picture. From Jan. 23, 2025, to Jan. 28, 2025, even on its busiest day (Tuesday), San Francisco's office occupancy rate was just 53.7%, significantly lower than Houston's (74.8%) and Chicago's (70.4%). And on Friday, Jan. 24, office attendance in [San Francisco] was at a meager 28.5%, the worst of any major metro tracked...

Meanwhile, other cities are seeing much stronger rebounds. New York City is leading the return-to-office trend, with visits in January down just 19% from 2019 levels, while Miami saw a 23.5% decline, per Placer.ai data.
"Placer.ai uses cellphone location data to estimate foot traffic, while Kastle Systems measures badge swipes at office buildings with its security systems..."

The Verge's Jay Peters reports: Square Enix has shut down the iOS version of Final Fantasy Crystal Chronicles and removed it from the App Store following an unfixable bug that blocked people from accessing content they had paid for. [...] The company says that if you made in-app purchases in January 2024 or later, you're eligible to request a refund by contacting Apple Support. Square Enix says that Final Fantasy Crystal Chronicles will continue to be supported on other platforms. The game is also available on Android, PlayStation, and Nintendo Switch. "The issue is due to changes made to the in-app purchases model," Square Enix says in a post. "Further investigation revealed that we are unable to completely fix the bug and implement the new changes, making it unlikely to resume service for the game." Square Enix says it started receiving reports on January 24th about the issue, which "extends to the full paid version of the game."

Members of key congressional oversight committees wrote to the United States' new top intelligence official Thursday to warn that a British order demanding government access to Apple users' encrypted data imperils Americans. From a report: Ron Wyden, a Democrat on the Senate Intelligence Committee, and Andy Biggs, a Republican on the House Judiciary committee, wrote to just-sworn-in National Intelligence Director Tulsi Gabbard and asked her to demand the United Kingdom retract its order.

If the top U.S. ally does not back off, they said, Gabbard should consider limiting the deep intelligence sharing and cooperation on cybersecurity between the countries. The Post first reported the existence of the confidential British order last week. It directs Apple to create a back door into its Advanced Data Protection offering, which allows users to fully encrypt data from iPhones and Mac computers when putting it in Apple's iCloud storage. Apple cannot retrieve such content even when served with a court order, frustrating authorities looking for evidence of terrorism, child abuse and other serious crimes.

The order was issued under the Investigatory Powers Act, which allows the British Home Office to require technical cooperation from companies and forbids those companies from disclosing anything about the demands. It would apply globally, though the U.K. authorities would have to ask Apple for information stored by specific customers.

An anonymous reader shares a report: Australia's Department of the Treasury has found that Microsoft's Copilot can easily deliver return on investment, but staff exposed to the AI assistant came away from the experience less confident it will help them at work.

The Department conducted a 14-week trial of Microsoft 365 Copilot during 2024 and asked for volunteers to participate. 218 put up their hands and then submitted to surveys about their experiences using Microsoft's AI helpers. Those surveys are the basis of an evaluation report published on Tuesday. The report reveals that after the trial participants rated Copilot less useful than they hoped it would be, as it was applicable to fewer workloads than they hoped would be the case.

Workers' views on Copilot's ability to improve their work also fell. Usage of Copilot was lower than expected, with most participants using it two or three times a week, or less. reported using Copilot 2-3 times per week or less. Treasury thinks it probably set unrealistically high expectations before the trial, and noted that participants often suggested extra training would be valuable.

Longtime Slashdot reader theodp writes: Monday brought chilling news reports of the all-count trial convictions of three individuals for a conspiracy to rob and drug people outside of LGBTQ+ nightclubs in Manhattan's Hell's Kitchen neighborhood, which led to the deaths of two of their victims. The defendants were found guilty on all 24 counts, which included murder, robbery, burglary, and conspiracy. "As proven at trial," explained the Manhattan District Attorney's Office in a press release, "the defendants lurked outside of nightclubs to exploit intoxicated individuals. They would give them drugs, laced with fentanyl, to incapacitate their victims so they could take the victims' phones and drain their online financial accounts [including unauthorized charges and transfers using Cash App, Apple Cash, Apple Pay]." District Attorney Alvin L. Bragg, Jr. added, "My Office will continue to take every measure possible to protect New Yorkers from this type of criminal conduct. That includes ensuring accountability for those who commit this harm, while also working with financial companies to enhance security measures on their phone apps."

In 2024, D.A. Bragg called on financial companies to better protect consumers from fraud, including: adding a second and separate password for accessing the app on a smartphone as a default security option; imposing lower default limits on the monetary amount of total daily transfers; requiring wait times of up to a day and secondary verification for large monetary transactions; better monitoring of accounts for unusual transfer activities; and asking for confirmation when suspicious transactions occur. "No longer is the smartphone itself the most lucrative target for scammers and robbers -- it's the financial apps contained within," said Bragg as he released letters (PDF) sent to the companies that own Venmo, Zelle, and Cash App. "Thousands or even tens of thousands can be drained from financial accounts in a matter of seconds with just a few taps. Without additional protections, customers' financial and physical safety is being put at risk. I hope these companies accept our request to discuss commonsense solutions to deter scammers and protect New Yorkers' hard-earned money."

"Our cellphones aren't safe," warned the EFF's Cooper Quintin in a 2018 New York Times op-ed. "So why aren't we fixing them?" Any thoughts on what can and should be done with software, hardware, and procedures to stop "bank jackings"?

An anonymous reader shares a report: Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously.

The flaws were discovered by security researchers Brutecat (brutecat.com) and Nathan (schizo.org), who found that YouTube and Pixel Recorder APIs could be used to obtain user's Google Gaia IDs and convert them into their email addresses. The ability to convert a YouTube channel into an owner's email address is a significant privacy risk to content creators, whistleblowers, and activists relying on being anonymous online.

An anonymous reader quotes a report from Ars Technica: On Monday, researcher Johann Rehberger demonstrated a new way to override prompt injection defenses Google developers have built into Gemini -- specifically, defenses that restrict the invocation of Google Workspace or other sensitive tools when processing untrusted data, such as incoming emails or shared documents. The result of Rehberger's attack is the permanent planting of long-term memories that will be present in all future sessions, opening the potential for the chatbot to act on false information or instructions in perpetuity. [...] The hack Rehberger presented on Monday combines some of these same elements to plant false memories in Gemini Advanced, a premium version of the Google chatbot available through a paid subscription. The researcher described the flow of the new attack as:

1. A user uploads and asks Gemini to summarize a document (this document could come from anywhere and has to be considered untrusted).
2. The document contains hidden instructions that manipulate the summarization process.
3. The summary that Gemini creates includes a covert request to save specific user data if the user responds with certain trigger words (e.g., "yes," "sure," or "no").
4. If the user replies with the trigger word, Gemini is tricked, and it saves the attacker's chosen information to long-term memory.

As the following video shows, Gemini took the bait and now permanently "remembers" the user being a 102-year-old flat earther who believes they inhabit the dystopic simulated world portrayed in The Matrix. Based on lessons learned previously, developers had already trained Gemini to resist indirect prompts instructing it to make changes to an account's long-term memories without explicit directions from the user. By introducing a condition to the instruction that it be performed only after the user says or does some variable X, which they were likely to take anyway, Rehberger easily cleared that safety barrier. Google responded in a statement to Ars: "In this instance, the probability was low because it relied on phishing or otherwise tricking the user into summarizing a malicious document and then invoking the material injected by the attacker. The impact was low because the Gemini memory functionality has limited impact on a user session. As this was not a scalable, specific vector of abuse, we ended up at Low/Low. As always, we appreciate the researcher reaching out to us and reporting this issue."

Rehberger noted that Gemini notifies users of new long-term memory entries, allowing them to detect and remove unauthorized additions. Though, he still questioned Google's assessment, writing: "Memory corruption in computers is pretty bad, and I think the same applies here to LLMs apps. Like the AI might not show a user certain info or not talk about certain things or feed the user misinformation, etc. The good thing is that the memory updates don't happen entirely silently -- the user at least sees a message about it (although many might ignore)."

The US, UK, and Australia (AUKUS) have sanctioned Russian bulletproof hosting provider Zservers, accusing it of supporting LockBit ransomware operations by providing secure infrastructure for cybercriminals. The sanctions target Zservers, its UK front company XHOST Internet Solutions, and six individuals linked to its operations. The Register reports: Headquartered in Barnaul, Russia, Zservers provided BPH services to a number of LockBit affiliates, the three nations said today. On numerous occasions, affiliates purchased servers from the company to support ransomware attacks. The trio said the link between Zservers and LockBit was established as early as 2022, when Canadian law enforcement searched a known LockBit affiliate and found evidence they had purchased infrastructure tooling almost certainly used to host chatrooms with ransomware victims.

"Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on US and international critical infrastructure," said Bradley T Smith, acting under secretary of the Treasury for terrorism and financial intelligence. "Today's trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security." The UK's Foreign, Commonwealth & Development Office (FCDO) said additionally that the UK front company for Zservers, XHOST Internet Solutions, was also included in its sanctions list. According to Companies House, the UK arm was incorporated on January 31, 2022, although the original service was established in 2011 and operated in both Russia and the Netherlands. Anyone found to have business dealings with either entity can face criminal and civil charges under the Sanctions and Anti-Money Laundering Act 2018.

The UK led the way with sanctions, placing six individuals and the two entities on its list, while the US only placed two of the individuals -- both alleged Zservers admins -- on its equivalent. Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, both 30 years old, were named by the US as the operation's heads. Mishin was said to have marketed Zservers to LockBit and other ransomware groups, managing the associated cryptocurrency transactions. Both he and Bolshakov responded to a complaint from a Lebanese company in 2023 and shut down an IP address used in a LockBit attack. The US said, however, it was possible that the pair set up a replacement IP address that LockBit could carry on using, while telling the Lebanese company that they complied with its request. The UK further sanctioned Ilya Vladimirovich Sidorov, Dmitry Konstantinovich Bolshakov (no mention of whether he is any relation to Aleksandr), Igor Vladimirovich Odintsov, and Vladimir Vladimirovich Ananev. Other than that they were Zservers employees and thus were directly or indirectly involved in attempting to inflict economic loss to the country, not much was said about either of their roles.

Google's Chrome browser might soon get a useful security upgrade: detecting passwords used in data breaches and then generating and storing a better replacement. From a report: Google's preliminary copy suggests it's an "AI innovation," though exactly how is unclear.

Noted software digger Leopeva64 on X found a new offering in the AI settings of a very early build of Chrome. The option, "Automated password Change" (so, early stages -- as to not yet get a copyedit), is described as, "When Chrome finds one of your passwords in a data breach, it can offer to change your password for you when you sign in."

Chrome already has a feature that warns users if the passwords they enter have been identified in a breach and will prompt them to change it. As noted by Windows Report, the change is that now Google will offer to change it for you on the spot rather than simply prompting you to handle that elsewhere. The password is automatically saved in Google's Password Manager and "is encrypted and never seen by anyone," the settings page claims.

Leading cybersecurity researchers at DEF CON, the world's largest hacker conference, have warned that current methods for securing AI systems are fundamentally flawed and require a complete rethink, according to the conference's inaugural "Hackers' Almanack" report [PDF].

The report, produced with the University of Chicago's Cyber Policy Initiative, challenges the effectiveness of "red teaming" -- where security experts probe AI systems for vulnerabilities -- saying this approach alone cannot adequately protect against emerging threats. "Public red teaming an AI model is not possible because documentation for what these models are supposed to even do is fragmented and the evaluations we include in the documentation are inadequate," said Sven Cattell, who leads DEF CON's AI Village.

Nearly 500 participants tested AI models at the conference, with even newcomers successfully finding vulnerabilities. The researchers called for adopting frameworks similar to the Common Vulnerabilities and Exposures (CVE) system used in traditional cybersecurity since 1999. This would create standardized ways to document and address AI vulnerabilities, rather than relying on occasional security audits.

According to consultancy firm Janco, the U.S. Bureau of Labor Statistics reclassified several job titles, "leading to a downward adjustment of over 111,000 positions for November and December 2024," The Register reports. This revision contributed to an overall decline of 123,000 IT jobs for the year. However, in reality, IT sector hiring is on the rise, with 11,000 new positions added in January. From the report: "Many CEOs have given CFOs and CIOs the green light to hire IT Pros," Janco CEO Victor Janulaitis said of the first month of 2025. "IT Pros who were unemployed last month found jobs more quickly than was anticipated as CIOs rushed to fill open positions." There's still a 5.7 percent unemployment rate in the IT sector in January, Janco noted, which is greater than the national average of 4 percent - and which could rise further as Elon Musk's Department of Government Efficiency (DOGE) pushes ahead with federal workforce reductions aimed at streamlining operations.

"Over the past several quarters much of the overall job growth was in the government sectors of the economy," Janulaitis said. "With the new administration that will in all probability not be the case in the future. "The impact of the DOGE initiatives has not been felt as of yet," Janulaitis added. "Economic uncertainty continues to hurt overall IT hiring." Despite this, Janco reported an addition of 11,000 new IT roles in January. Unfortunately, there's also been a surge in IT unemployment over the same period, with the number of jobless IT pros rising to 152,000 in January - an increase of 54,000 in a single month. [...]

Closing out the report, Janco offered a mixed outlook: While IT jobs are expected to grow over the next few years, many white-collar roles could be eliminated. "Over the next five years, the number of individuals employed as IT professionals will increase while many white-collar jobs in the function will be eliminated with the application of AI and LLM to IT," Janco predicted.

Apple has released emergency security updates for iOS 18.3.1 and iPadOS 18.3.1 to patch a zero-day vulnerability (CVE-2025-24200) that was exploited in "extremely sophisticated," targeted attacks. The flaw, which allowed a physical attack to disable USB Restricted Mode on locked devices, was discovered by Citizen Lab and may have been used in spyware campaigns; users are strongly advised to install the update immediately. BleepingComputer reports: USB Restricted Mode is a security feature (introduced almost seven years ago in iOS 11.4.1) that blocks USB accessories from creating a data connection if the device has been locked for over an hour. This feature is designed to block forensic software like Graykey and Cellebrite (commonly used by law enforcement) from extracting data from locked iOS devices.

In November, Apple introduced another security feature (dubbed "inactivity reboot") that automatically restarts iPhones after long idle times to re-encrypt data and make it harder to extract by forensic software. The zero-day vulnerability (tracked as CVE-2025-24200 and reported by Citizen Lab's Bill Marczak) patched today by Apple is an authorization issue addressed in iOS 18.3.1 and iPadOS 18.3.1 with improved state management.

The list of devices this zero-day impacts includes: - iPhone XS and later,
- iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

An anonymous reader shared this report from Fortune: More than 14 million job seekers' applications went completely ignored in a single quarter last year, according to one hiring platform. Now, sites like Greenhouse and LinkedIn are experimenting with new ways to hold companies accountable for making the hiring process so miserable for applicants. Three of the biggest job search sites — LinkedIn, Indeed and Greenhouse — have put tools in place to highlight which companies frequently respond to applicants in a timely manner... According to Greenhouse, half of applicants say they've been ghosted after an interview.

Meanwhile, new artificial intelligence tools have made it easier for candidates to play a numbers game, generating tailored resumes for hundreds of roles. But that's led to an increasingly overwhelming flood of applications for companies, making it nearly impossible to process the deluge and respond to every hopeful in a timely manner — let alone find their perfect match... [LinkedIn is] refining its "job match" feature that uses AI to see how well qualified a candidate is for a given listing. The feature is designed to help cut down on the flood of applications companies are receiving by nudging users to focus their efforts on jobs where they actually have a good shot at hearing back. That, in theory, should make the hiring process more efficient for both parties...

Indeed chose to focus on encouraging employer responsiveness after the issue showed up as the biggest pain point for job seekers in a recent survey. While the platform has issued "responsive employer" badges since 2018 to recognize companies that consistently reply to more than half of all messages, it started releasing even more detail in 2023, including labels that share the employer's median response time with candidates... Greenhouse, meanwhile, is testing a set of four badges that would verify an employer meets the platform's respectful, communicative, prepared and fair hiring process standards for a given job posting... For "communicative," they're expected to clear out active candidates on closed jobs and send out rejection emails.
LinkedIn is also adding "responsiveness insights," according to the article, which "show applicants which listings are being actively reviewed by employers.

"It's testing the insights on a small number of job postings before rolling them out sitewide in the coming months."

Slashdot reader headlessbrick writes: Google security researchers have discovered a way to bypass AMD's security, enabling them to load unofficial microcode into its processors and modify the silicon's behaviour at will. To demonstrate this, they created a microcode patch that forces the chips to always return 4 when asked for a random number.

Beyond simply allowing Google and others to customize AMD chips for both beneficial and potentially malicious purposes, this capability also undermines AMD's secure encrypted virtualization and root-of-trust security mechanisms.
Obligatory XKCD.