The New York Stock Exchange said Monday it was investigating a "technical issue" that was leading to large fluctuations in the prices of certain stocks including Warren Buffett's Berkshire Hathaway. From a report: According to a notice posted on its website, the issue involved "limit up, limit down bands," which are designed to limit volatility. Some 50 stocks were affected, the website indicated, and trades in those companies was halted. NYSE trading data incorrectly showed so-called Class A shares of Berkshire down 99% from its price above $620,000 a share.

An anonytmous reader shared a recent report from BleepingComputer: Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware — answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware... "We further noticed that a StackOverflow account 'EstAYA G' [was] exploiting the platform's community members seeking debugging help [1, 2, 3] by directing them to install this malicious package as a 'solution' to their issue even though the 'solution' is unrelated to the questions posted by developers," explained Sonatype researcher Ax Sharma in the Sonatype report.
Sonatype's researcher "noticed that line 17 was laden with ...a bit too many whitespaces," according to the report, "in turn hiding code much further to the right which would be easy to miss, unless you notice the scroll bar. The command executes a base64-encoded payload..."

And then, reports BleepingComputer... When deobfuscated, this command will download an executable named 'runtime.exe' from a remote site and execute it. This executable is actually a Python program converted into an .exe that acts as an information-stealing malware to harvest cookies, passwords, browser history, credit cards, and other data from web browsers. It also appears to search through documents for specific phrases and, if found, steal the data as well.

All of this information is then sent back to the attacker, who can sell it on dark web markets or use it to breach further accounts owned by the victim.

An anonymous Slashdot reader shared this report from Computer Weekly: A former student at the Inns of Court College of Advocacy (ICCA) says he was hauled over the coals by the college for having acted responsibly and "with integrity" in reporting a security blunder that left sensitive information about students exposed. Bartek Wytrzyszczewski faced misconduct proceedings after alerting the college to a data breach exposing sensitive information on hundreds of past and present ICCA students...

The ICCA, which offers training to future barristers, informed data protection regulator the Information Commissioner's Office of a breach "experienced" in August 2023 after Wytrzyszczewski alerted the college that sensitive files on nearly 800 students were accessible to other college users via the ICCA's web portal. The breach saw personal data such as email addresses, phone numbers and academic information — including exam marks and previous institutions attended — accessible to students at the college. Students using the ICCA's web portal were also able to access ID photos, as well as student ID numbers and sensitive data, such as health records, visa status and information as to whether they were pregnant or had children... After the college secured a written undertaking from Wytrzyszczewski not to disclose any of the information he had discovered, it launched misconduct proceedings against him. He had stumbled across the files in error, he said, and viewed a significant number to ensure he could report their contents with accuracy.
"The panel cleared Wytrzyszczewski and found it had no jurisdiction to hear the matter," according to the article.

But he "said the experience caused him to unenroll from the ICCA's course and restart his training at another provider."

Slashdot reader storagedude shares a provocative post from the cybersecurity news blog of Cyble Inc. (a Ycombinator-backed company promising "AI-powered actionable threat intelligence").

The post delves into concerns that the new "Recall" feature planned for Windows (on upcoming Copilot+ PCs) is "a security and privacy nightmare." Copilot Recall will be enabled by default and will capture frequent screenshots, or "snapshots," of a user's activity and store them in a local database tied to the user account. The potential for exposure of personal and sensitive data through the new feature has alarmed security and privacy advocates and even sparked a UK inquiry into the issue. In a long Mastodon thread on the new feature, Windows security researcher Kevin Beaumont wrote, "I'm not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC."

In a blog post on Recall security and privacy, Microsoft said that processing and storage are done only on the local device and encrypted, but even Microsoft's own explanations raise concerns: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry." Security and privacy advocates take issue with assertions that the data is stored securely on the local device. If someone has a user's password or if a court orders that data be turned over for legal or law enforcement purposes, the amount of data exposed could be much greater with Recall than would otherwise be exposed... And hackers, malware and infostealers will have access to vastly more data than they would without Recall.

Beaumont said the screenshots are stored in a SQLite database, "and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.... Recall enables threat actors to automate scraping everything you've ever looked at within seconds."
Beaumont's LinkedIn profile and blog say that starting in 2020 he worked at Microsoft for nearly a year as a senior threat intelligence analyst. And now Beaumont's Mastodon post is also raising other concerns (according to Cyble's blog post):

• "Sensitive data deleted by users will still be saved in Recall screenshots... 'If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.'"

• "Beaumont also questioned Microsoft's assertion that all this is done locally."

The blog post also notes that Leslie Carhart, Director of Incident Response at Dragos, had this reaction to Beaumont's post. "The outrage and disbelief are warranted."

'"As AI programs shake up the office, potentially making millions of jobs obsolete, one group of perpetually stressed workers seems especially vulnerable..." writes the New York Times.

"The chief executive is increasingly imperiled by A.I." These employees analyze new markets and discern trends, both tasks a computer could do more efficiently. They spend much of their time communicating with colleagues, a laborious activity that is being automated with voice and image generators. Sometimes they must make difficult decisions — and who is better at being dispassionate than a machine?

Finally, these jobs are very well paid, which means the cost savings of eliminating them is considerable...

This is not just a prediction. A few successful companies have begun to publicly experiment with the notion of an A.I. leader, even if at the moment it might largely be a branding exercise... [The article gives the example of the Chinese online game company NetDragon Websoft, which has 5,000 employees, and the upscale Polish rum company Dictador.]

Chief executives themselves seem enthusiastic about the prospect — or maybe just fatalistic. EdX, the online learning platform created by administrators at Harvard and M.I.T. that is now a part of publicly traded 2U Inc., surveyed hundreds of chief executives and other executives last summer about the issue. Respondents were invited to take part and given what edX called "a small monetary incentive" to do so. The response was striking. Nearly half — 47 percent — of the executives surveyed said they believed "most" or "all" of the chief executive role should be completely automated or replaced by A.I. Even executives believe executives are superfluous in the late digital age...

The pandemic prepared people for this. Many office workers worked from home in 2020, and quite a few still do, at least several days a week. Communication with colleagues and executives is done through machines. It's just a small step to communicating with a machine that doesn't have a person at the other end of it. "Some people like the social aspects of having a human boss," said Phoebe V. Moore, professor of management and the futures of work at the University of Essex Business School. "But after Covid, many are also fine with not having one."
The article also notes that a 2017 survey of 1,000 British workers found 42% saying they'd be "comfortable" taking orders from a computer.

"The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild," reported Ars Technica on Friday.

"The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges." It's the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation. The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations... It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation.

A deep-dive write-up of the vulnerability reveals that these exploits provide "a very powerful double-free primitive when the correct code paths are hit." Double-free vulnerabilities are a subclass of use-after-free errors...

A new article in the Washington Post argues that a phenomenon called "Quiet vacationing" has "joined 'quiet quitting' and 'quiet firing' as the latest (and least poetic) scourge of the modern workplace.

"Also known as the hush trip, workcation, hush-cation, or bleisure travel — you get the idea — quiet vacationing refers to workers taking time off, even traveling, without notifying their employers." Taking advantage of work-from-anywhere technology, they are logging in from hotels, beaches and campgrounds, sometimes using virtual backgrounds and VPNs to cover their tracks.

Given the difficulty many employers already have trusting remote workers to be productive anywhere outside the office, you can bet they are not keen on the idea of their employees pretending to have their head in the game while their toes are in the sand. But employers also have legitimate legal reasons for keeping tabs on their employees' location when they're on the clock. "Evil HR Lady" Suzanne Lucas, writing in Inc. magazine, recently highlighted the many tax, employment, business-operation and security laws that focus on an employee's location. Workers secretly performing their jobs in other states or countries can trigger compliance headaches for their employers, Lucas notes, giving the hypothetical of an employee seeking workers' compensation after sustaining an injury while on unauthorized travel....

As with declines in birthrates, home purchases and demand for mined diamonds, the quiet-vacationing trend is being attributed primarily, though not exclusively, to millennial workers. But before launching into generational finger-pointing and stereotyping, it's worth taking a look at why they might feel the need to take their PTO on the DL. The U.S. Travel Association in a 2016 report proclaimed millennials to be a generation of "work martyrs," entering the workforce around the time average U.S. vacation usage began declining and mobile technology began enabling round-the-clock attachment to jobs... The work-vacation boundaries most premillennial workers took for granted growing up have gone the way of defined-benefit pensions and good tomatoes.

Inadequate paid leave is another driving force. The United States continues to be the only nation among its industrialized economic peers that does not guarantee paid vacation, sick leave or holidays for all workers, leaving such benefits to the discretion of employers. Workers with limited PTO — whether new to the workforce or stuck in lower-paying, low-benefit industries — generally want to keep as much paid leave banked as possible, especially if they may need it for unpredictable emergencies like illness or caretaking. If you can preserve those precious hours by packing your laptop alongside your flip-flops, why wouldn't you?
The article also mentions employers who begrudge vacation and employees who fear "becoming a target for future cost-cutting..."

An anonymous reader quotes a report from the BBC: Hackers are attempting to sell what they say is confidential information belonging to millions of Santander staff and customers. They belong to the same gang which this week claimed to have hacked Ticketmaster. The bank -- which employs 200,000 people worldwide, including around 20,000 in the UK -- has confirmed data has been stolen. Santander has apologized for what it says is "the concern this will understandably cause" adding it is "proactively contacting affected customers and employees directly."

"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said in a statement posted earlier this month. "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords." It said its banking systems were unaffected so customers could continue to "transact securely."

In a post on a hacking forum -- first spotted by researchers at Dark Web Informer- the group calling themselves ShinyHunters posted an advert saying they had data including: 30 million people's bank account details, 6 million account numbers and balances, 28 million credit card numbers, and HR information for staff. Santander has not commented on the accuracy of those claims.

Japanese crypto exchange DMM Bitcoin confirmed on Friday that it had been the victim of a hack resulting in the theft of 4,502.9 bitcoin, or about $305 million. From a report: According to crypto security firm Elliptic, this is the eighth largest crypto theft in history. DMM Bitcoin said it detected "an unauthorized leak of Bitcoin (BTC) from our wallet" on Friday and that it was still investigating and had taken measures to stop further thefts. The crypto exchange said it also "implemented restrictions on the use of some services to ensure additional safety," according to a machine translation of the company's official blog post (written in Japanese).

An anonymous reader shares a report: The sound of the 1990s still resonates in the German capital. Like techno music, the fax machine remains on trend. According to the latest figures from Germany's digital industry association, four out of five companies in Europe's largest economy continue to use fax machines and a third do so frequently or very frequently. Much as Germany's reputation for efficiency is regularly undermined by slow internet connections and a reliance on paper and rubber stamps, fax machines are at odds with a world embracing artificial intelligence.

But progress is on the horizon in the Bundestag -- the lower house of parliament -- where lawmakers have been instructed by the parliamentary budget committee to ditch their trusty fax machines by the end of June, and rely on email instead for official communication. Torsten Herbst, parliamentary whip of the pro-business Free Democrats, points out one fax machine after the other as he walks through the Bundestag. He says the public sector is particularly fond of faxing and that joining parliament was like going back in time.

Google has published an update on the deprecation timeline of so-called Manifest V2 extensions in the Chrome web browser. Starting this June, Chrome will inform users with classic extensions about the deprecation. From a report: Manifests are rulesets for extensions. They define the capabilities of extensions. When Google published the initial Manifest V3 draft, it was criticized heavily for it. This initial draft had significant impact on content blockers, privacy extensions, and many other extension types. Many called it the end of adblockers in Chrome because of that. In the years that followed, Google postponed the introduction and updated the draft several times to address some of these concerns.

Despite all the changes, Manifest V3 is still limiting certain capabilities. The developer of uBlock Origin listed some of these on GitHub. According to the information, current uBlock Origin capabilities such as dynamic filtering, certain per-site switches, or regex-based filters are not supported by Manifest V3. The release of uBlock Origin Minus highlights this. It is a Manifest V3 extension, but limited in comparison to the Manifest V2-based uBlock Origin.

Vista Equity Partners has written off the entire equity value of its investment in tech learning platform Pluralsight, three years after taking it private for $3.5 billion, Axios reported Friday. From the report: One source says that the Utah-based company's financials have improved, with around 26% EBITDA growth in 2023, but not enough to service nearly $1.3 billion of debt that was issued when interest rates were lower. It's also a company whose future could be dimmed by advances in artificial intelligence, since some of the developer skills it teaches are becoming automated. Vista agreed to buy the company in late 2020 for $20.26 per share, representing a 25% premium to its 30-day trading average, despite a lack of profits.

Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19 after a threat actor breached the company's website, stealing the Fanzone member information of 500,000 customers. BleepingComputer reports: [A] threat actor known as 'Ghostr' told us they hacked the company's Fanzone website on May 18 and downloaded its linked databases. Cooler Master's Fanzone site is used to register a product's warranty, request an RMA, or open support tickets, requiring customers to fill in personal data, such as names, email addresses, addresses, phone numbers, birth dates, and physical addresses. Ghostr said they were able to download 103 GB of data during the Fanzone breach, including the customer information of over 500,000 customers.

The threat actor also shared data samples, allowing BleepingComputer to confirm with numerous customers listed in the breach that their data was accurate and that they recently requested support or an RMA from Cooler Master. Other data in the samples included product information, employee information, and information regarding emails with vendors. The threat actor claimed to have partial credit card information, but BleepingComputer could not find this data in the data samples. The threat actor now says they will sell the leaked data on hacking forums but has not disclosed the price. Cooler Master said in a statement to BleepingComputer: "We can confirm on May 19, Cooler Master experienced a data breach involving unauthorized access to customer data. We immediately alerted the authorities, who are actively investigating the breach. Additionally, we have engaged top security experts to address the breach and implement new measures to prevent future incidents. These experts have successfully secured our systems and enhanced our overall security protocols. We are in the process of notifying affected customers directly and advising them on next steps. We are committed to providing timely updates and support to our customers throughout this process."

Framework, a company known for its modular laptops, has announced a fourth round of iterative updates and upgrade options for its Framework Laptop 13. The upgrades include motherboards and pre-built laptops featuring new Intel Meteor Lake Core Ultra processors with Intel Arc dedicated GPUs, lower prices for AMD Ryzen 7000 and 13th-gen Intel editions, and a new display with a higher resolution and refresh rate.

The Core Ultra boards come with three CPU options, with prices starting at $899 for a pre-built or DIY model. Upgrading from an older Intel Framework board requires an upgrade to DDR5 RAM, and Framework charges $40 for every 8GB of DDR5-5600, which is above market rates. The new 13.5-inch display has a resolution of 2880x1920, a 120 Hz refresh rate, and costs $130 more than the standard display.

Google Cloud faced a major setback earlier this month when it accidentally deleted the account of UniSuper, an Australian pension fund managing $135 billion in assets, causing a two-week outage for its 647,000 members. Google Cloud has since completed an internal review of the incident and published a blog post detailing the findings. ArsTechnica: Google has a "TL;DR" at the top of the post, and it sounds like a Google employee got an input wrong.

"During the initial deployment of a Google Cloud VMware Engine (GCVE) Private Cloud for the customer using an internal tool, there was an inadvertent misconfiguration of the GCVE service by Google operators due to leaving a parameter blank. This had the unintended and then unknown consequence of defaulting the customer's GCVE Private Cloud to a fixed term, with automatic deletion at the end of that period. The incident trigger and the downstream system behavior have both been corrected to ensure that this cannot happen again."

A widespread outage affecting over 600,000 routers connected to Windstream's Kinetic broadband service left customers without internet access for several days last October, according to a report by security firm Lumen Technologies' Black Lotus Labs. The incident, dubbed "Pumpkin Eclipse," is believed to be the result of a deliberate attack using commodity malware known as Chalubo to overwrite router firmware. Windstream, which has about 1.6 million subscribers in 18 states, has not provided an explanation for the outage. The company sent replacement routers to affected customers, many of whom reported significant financial losses due to the disruption. ArsTechnica adds: After learning of the mass router outage, Black Lotus began querying the Censys search engine for the affected router models. A one-week snapshot soon revealed that one specific ASN experienced a 49 percent drop in those models just as the reports began. This amounted to the disconnection of at least 179,000 ActionTec routers and more than 480,000 routers sold by Sagemcom. The constant connecting and disconnecting of routers to any ISP complicates the tracking process, because it's impossible to know if a disappearance is the result of the normal churn or something more complicated. Black Lotus said that a conservative estimate is that at least 600,000 of the disconnections it tracked were the result of Chaluba infecting the devices and, from there, permanently wiping the firmware they ran on. After identifying the ASN, Black Lotus discovered a complex multi-path infection mechanism for installing Chaluba on the routers.

Google has confirmed the authenticity of 2,500 leaked internal documents detailing the company's data collection practices. The documents offer insights into Google's closely guarded search ranking algorithm. However, Google cautioned against making inaccurate assumptions based on incomplete information. The Verge adds: The leaked material suggests that Google collects and potentially uses data that company representatives have said does not contribute to ranking webpages in Google Search, like clicks, Chrome user data, and more. The thousands of pages of documents act as a repository of information for Google employees, but it's not clear what pieces of data detailed are actually used to rank search content -- the information could be out of date, used strictly for training purposes, or collected but not used for Search specifically. The documents also do not reveal how different elements are weighted in search, if at all.

An anonymous reader quotes an op-ed from The Globe and Mail, written by Kate Robertson and Ron Deibert. Robertson is a senior research associate and Deibert is director at the University of Toronto's Citizen Lab. From the piece: A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about. And they threaten the online security of everyone in Canada. Bill C-26 empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada's networks. This could include requiring telcos to alter the 5G encryption standards that protect mobile communications to facilitate government surveillance. The government's decision to push the proposed law forward without amending it to remove this encryption-breaking capability has set off alarm bells that these new powers are a feature, not a bug.

There are already many insecurities in today's networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP's cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world's mobile networks. So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.

It's not as if the government wasn't warned. Citizen Lab researchers presented the 2023 report's findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada's telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the "confidentiality, integrity, or availability" of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications -- personal, business, religious, or otherwise. The new powers would only make people in Canada more vulnerable to malicious threats to the privacy and security of all network users, including Canada's most senior officials. [...] "Now, more than ever, there is no such thing as a safe backdoor," the authors write in closing. "A shortcut that provides a narrow advantage for the few at the expense of us all is no way to secure our complex digital ecosystem."

"Against this threat landscape, a pivot is crucial. Canada needs cybersecurity laws that explicitly recognize that uncompromised encryption is the backbone of cybersecurity, and it must be mandated and protected by all means possible."

The notorious hacker group ShinyHunters has claimed to have breached the security of Ticketmaster-Live Nation, compromising the personal data more than half a billion users. "This massive 1.3 terabytes of data, is now being offered for sale on Breach Forums for a one-time sale for $500,000," reports Hackread. From the report: ShinyHunters has allegedly accessed a treasure trove of sensitive user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data. Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details. The data breach, if confirmed, could have severe implications for the affected users, leading to potential identity theft, financial fraud, and further cyber attacks. The hacker group's bold move to put this data on sale goes on to show the growing menace of cybercrime and the increasing sophistication of these cyber adversaries.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

From 2015 to July 2022, 911 S5 sold access to hundreds of thousands of Microsoft Windows computers daily, as "proxies" that allowed customers to route their Internet traffic through PCs in virtually any country or city around the globe -- but predominantly in the United States. 911 built its proxy network mainly by offering "free" virtual private networking (VPN) services. 911's VPN performed largely as advertised for the user -- allowing them to surf the web anonymously -- but it also quietly turned the user's computer into a traffic relay for paying 911 S5 customers. 911 S5's reliability and extremely low prices quickly made it one of the most popular services among denizens of the cybercrime underground, and the service became almost shorthand for connecting to that "last mile" of cybercrime. Namely, the ability to route one's malicious traffic through a computer that is geographically close to the consumer whose stolen credit card is about to be used, or whose bank account is about to be emptied.

In July 2022, KrebsOnSecurity published a deep dive into 911 S5, which found the people operating this business had a history of encouraging the installation of their proxy malware by any means available. That included paying affiliates to distribute their proxy software by secretly bundling it with other software. That story named Yunhe Wang from Beijing as the apparent owner or manager of the 911 S5 proxy service. In today's Treasury action, Mr. Wang was named as the primary administrator of the botnet that powered 911 S5. Update, May 29, 12:26 p.m. ET: The U.S. Department of Justice (DOJ) just announced they have arrested Wang in connection with the 911 S5 botnet. The DOJ says 911 S5 customers have stolen billions of dollars from financial institutions, credit card issuers, and federal lending programs. [...] The third man sanctioned is Yanni Zheng, a Chinese national the U.S. Treasury says acted as an attorney for Wang and his firm -- Spicy Code Company Limited -- and helped to launder proceeds from the business into real estate holdings. Spicy Code Company was also sanctioned, as well as Wang-controlled properties Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited. "911 S5 customers allegedly targeted certain pandemic relief programs," a DOJ statement on the arrest reads. "For example, the United States estimates that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion. Additionally, in evaluating suspected fraud loss to the Economic Injury Disaster Loan (EIDL) program, the United States estimates that more than 47,000 EIDL applications originated from IP addresses compromised by 911 S5. Millions of dollars more were similarly identified by financial institutions in the United States as loss originating from IP addresses compromised by 911 S5."

"Jingping Liu assisted Yunhe Wang by laundering criminally derived proceeds through bank accounts held in her name that were then utilized to purchase luxury real estate properties for Yunhe Wang," the document continues. "These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats."