The UK government has ordered Apple to create a backdoor allowing access to encrypted cloud backups of users worldwide, Washington Post reported Friday, citing multiple sources familiar with the matter. The unprecedented demand, issued last month through a technical capability notice under the UK Investigatory Powers Act, requires Apple to provide blanket access to fully encrypted material rather than assistance with specific accounts.

Apple is likely to discontinue its encrypted storage service in the UK rather than compromise user security globally, the report said. The company would still face pressure to provide backdoor access for users in other countries, including the United States. The order was issued under Britain's 2016 Investigatory Powers Act, which makes it illegal to disclose such government demands, according to the report. While Apple can appeal to a secret technical panel and judge, the law requires compliance during any appeal process. The company told Parliament in March that the UK government should not have authority to decide whether global users can access end-to-end encryption.

An anonymous reader quotes a report from CyberScoop: Ransomware payments saw a dramatic 35% drop last year compared to 2023, even as the overall frequency of ransomware attacks increased, according to a new report released by blockchain analysis firm Chainalysis. The considerable decline in extortion payments is somewhat surprising, given that other cybersecurity firms have claimed that 2024 saw the most ransomware activity to date. Chainalysis itself warned in its mid-year report that 2024's activity was on pace to reach new heights, but attacks in the second half of the year tailed off. The total amount in payments that Chainalysis tracked in 2024 was $812.55 million, down from 2023's mark of $1.25 billion.

The disruption of major ransomware groups, such as LockBit and ALPHV/BlackCat, were key to the reduction in ransomware payments. Operations spearheaded by agencies like the United Kingdom's National Crime Agency (NCA) and the Federal Bureau of Investigation (FBI) caused significant declines in LockBit activity, while ALPHV/BlackCat essentially rug-pulled its affiliates and disappeared after its attack on Change Healthcare. [...] Additionally, [Chainalysis] says more organizations have become stronger against attacks, with many choosing not to pay a ransom and instead using better cybersecurity practices and backups to recover from these incidents. [...] Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.

You can read the full report here.

An anonymous reader shares a report: The keyboard company Qwertykeys has temporarily halted all shipments to the United States in response to President Trump's tariffs on Chinese goods going into effect. The company says it's working on ways to mitigate shipping costs and that the tariffs have made it so that "all keyboards from China to the U.S. are now subject to 45% tariffs at full value."

"We are closely watching the progress of the situation and really hope that there is something else we can do other than bumping the price up," the company wrote in a comment on Reddit. Qwertykeys says that its delivery partner, DHL, "now requires prepayment of 50% of the declared product value as a tariff deposit, plus a $21 processing fee per package." That would drastically raise prices for customers in the US, something Qwertykeys says is "unsustainable for both our business and customers."

Kaspersky researchers have discovered malware hiding in both Google Play and Apple's App Store that uses optical character recognition to steal cryptocurrency wallet recovery phrases from users' photo galleries. Dubbed "SparkCat" by security firm ESET, the malware was embedded in several messaging and food delivery apps, with the infected Google Play apps accumulating over 242,000 downloads combined.

This marks the first known instance of such OCR-based spyware making it into Apple's App Store. The malware, active since March 2024, masquerades as an analytics SDK called "Spark" and leverages Google's ML Kit library to scan users' photos for wallet recovery phrases in multiple languages. It requests gallery access under the guise of allowing users to attach images to support chat messages. When granted access, it searches for specific keywords related to crypto wallets and uploads matching images to attacker-controlled servers.

The researchers found both Android and iOS variants using similar techniques, with the iOS version being particularly notable as it circumvented Apple's typically stringent app review process. The malware's creators appear to be Chinese-speaking actors based on code comments and server error messages, though definitive attribution remains unclear.

Microsoft will charge commercial customers $61 per device in the first year to continue receiving Windows 10 security updates after support ends, The Register wrote in a PSA note Wednesday, citing text, with costs doubling each subsequent year for up to three years.

Organizations can't skip initial years to save money, as the updates are cumulative. Some users may avoid fees if they connect Windows 10 endpoints to Windows 365 Cloud PCs. The program also covers Windows 10 virtual machines running on Windows 365 or Azure Virtual Desktop for three years with an active Windows 365 subscription.

A developer has successfully run the classic video game Doom on Apple's $50 Lightning to HDMI adapter, exploiting the device's built-in system-on-chip that runs a simplified iOS version.

Microsoft has intensified efforts to block unsupported Windows 11 installations, removing documentation about bypassing system requirements and flagging third-party workaround tools as potential malware. The move comes as Windows 10 approaches end of support in October 2025, when users must either continue without updates, upgrade to Windows 11, or purchase new hardware compatible with Windows 11's TPM 2.0 requirement.

Microsoft Defender now identifies Flyby11, a popular tool for installing Windows 11 on incompatible devices, as "PUA:Win32/Patcher." Users are also reporting that unsupported Windows 11 installations are already facing restrictions, with some machines unable to receive major updates. Microsoft has also removed text from its "Ways to install Windows 11" page that had provided instructions for bypassing TPM 2.0 requirements through registry key modifications. The removed section included technical details for users who acknowledged and accepted the risks of installing Windows 11 on unsupported hardware.

New submitter mastazi writes: In his latest post, veteran Microsoft developer Raymond Chen reflects on what it means living in a world where you might need to reboot your toothbrush, or perform a firmware update to your shoes!

Cloudflare, a major web infrastructure company, will now track and verify the authenticity of images across its network through Content Credentials, a digital signature system that documents an image's origin and editing history. The technology, developed by Adobe's Content Authenticity Initiative, embeds metadata showing who created an image, when it was taken, and any subsequent modifications - including those made by AI tools.

Major news organizations including the BBC, Wall Street Journal and New York Times have already adopted the system. The feature is available immediately through a single toggle in Cloudflare Images settings. Users can verify an image's authenticity through Adobe's web tool or Chrome extension.

Android and Google Play have billions of users, Google wrote in its security blog this week. "However, like any flourishing ecosystem, it also attracts its share of bad actors... That's why every year, we continue to invest in more ways to protect our community." Google's tactics include industry-wide alliances, stronger privacy policies, and "AI-powered threat detection."

"As a result, we prevented 2.36 million policy-violating apps from being published on Google Play and banned more than 158,000 bad developer accounts that attempted to publish harmful apps. " To keep out bad actors, we have always used a combination of human security experts and the latest threat-detection technology. In 2024, we used Google's advanced AI to improve our systems' ability to proactively identify malware, enabling us to detect and block bad apps more effectively. It also helps us streamline review processes for developers with a proven track record of policy compliance. Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play. That's enabled us to stop more bad apps than ever from reaching users through the Play Store, protecting users from harmful or malicious apps before they can cause any damage.
Starting in 2024 Google also "required apps to be more transparent about how they handle user information by launching new developer requirements and a new 'Data deletion' option for apps that support user accounts and data collection.... We're also constantly working to improve the safety of apps on Play at scale, such as with the Google Play SDK Index. This tool offers insights and data to help developers make more informed decisions about the safety of an SDK."

And once an app is installed, "Google Play Protect, Android's built-in security protection, helps to shield their Android device by continuously scanning for malicious app behavior." Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source. This built-in protection, enabled by default, provides crucial security against malware and unwanted software. Google Play Protect scans more than 200 billion apps daily and performs real-time scanning at the code-level on novel apps to combat emerging and hidden threats, like polymorphic malware. In 2024, Google Play Protect's real-time scanning identified more than 13 million new malicious apps from outside Google Play [based on Google Play Protect 2024 internal data]...

According to our research, more than 95 percent of app installations from major malware families that exploit sensitive permissions highly correlated to financial fraud came from Internet-sideloading sources like web browsers, messaging apps, or file managers. To help users stay protected when browsing the web, Chrome will now display a reminder notification to re-enable Google Play Protect if it has been turned off... Scammers may manipulate users into disabling Play Protect during calls to download malicious Internet-sideloaded apps. To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls...

Google Play Protect's enhanced fraud protection pilot analyzes and automatically blocks the installation of apps that may use sensitive permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps, or file managers). Building on the success of our initial pilot in partnership with the Cyber Security Agency of Singapore (CSA), additional enhanced fraud protection pilots are now active in nine regions — Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam.

In 2024, Google Play Protect's enhanced fraud protection pilots have shielded 10 million devices from over 36 million risky installation attempts, encompassing over 200,000 unique apps.

"Stakeholders must be included" throughout an agile project "to ensure the evolving deliverables meet their expectations," according to an article this week in Communications of the ACM.

But long-time Slashdot reader theodp complains it's a "gushing how-to-make-Agile-even-better opinion piece." Like other pieces by Agile advocates, it's long on accolades for Agile, but short on hard evidence justifying why exactly Agile project management "has emerged as a critical component for firms looking to improve project delivery speed and flexibility" and the use of Agile approaches is being expanded across other departments beyond software development. Indeed, among the three examples of success offered in the piece to "highlight the effectiveness of agile methods in navigating complex stakeholder dynamics and achieving project success" is Atlassian's use of agile practices to market and develop its products, many of which are coincidentally designed to support Agile practices and teams (including Jira). How meta.

Citing "recent studies," the piece concludes its call for stakeholder engagement by noting that "59% of organizations measure Agile success by customer or user satisfaction." But that is one of those metrics that can create perverse incentives. Empirical studies of user satisfaction and engagement have been published since the 1970's, and sadly one of the cruel lessons learned from them is that the easiest path to having satisfied users is to avoid working on difficult problems. Keep that in mind when you ponder why difficult user stories seem to languish forever in the Kanban and Scrum Board "Ice Box" column, while the "Complete" column is filled with low-hanging fruit. Sometimes success does come easy!

So, are you in the Agile-is-Heaven or Agile-is-Hell camp?

Thursday America's FDA "raised concerns about cybersecurity vulnerabilities" in patient monitors from China-based medical device company Contec "that could allow unauthorized individuals to access and potentially manipulate those devices," reports Reuters. The patient monitors could be remotely controlled by unauthorized users or may not function as intended, and the network to which these devices are connected could be compromised, the agency warned. The FDA also said that once these devices are connected to the internet, they can collect patient data, including personally identifiable information and protected health information, and can export this data out of the healthcare delivery environment.

The agency, however, added that it is currently unaware of any cybersecurity incidents, injuries, or deaths related to these identified cybersecurity vulnerabilities.
The FDA's announcement says "The software on the patient monitors includes a backdoor, which may mean that the device or the network to which the device has been connected may have been or could be compromised." And it offers this advice to caregivers and patients: If your health care provider confirms that your device relies on remote monitoring features, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.

If your device does not rely on remote monitoring features, use only the local monitoring features of the patient monitor. This means unplugging the device's ethernet cable and disabling wireless (that is, WiFi or cellular) capabilities, so that patient vital signs are only observed by a caregiver or health care provider in the physical presence of a patient. If you cannot disable the wireless capabilities, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.
A detailed report from CISA describes how a research team "created a simulated network, created a fake patient profile, and connected a blood pressure cuff, SpO2 monitor, and ECG monitor peripherals to the patient monitor. Upon startup, the patient monitor successfully connected to the simulated IP address and immediately began streaming patient data..." to an IP address that hard-coded into the backdoor function. "Sensor data from the patient monitor is also transmitted to the IP address in the same manner. If the routine to connect to the hard-coded IP address and begin transmitting patient data is called, it will automatically initialize the eth0 interface in the same manner as the backdoor. This means that even if networking is not enabled on startup, running this routine will enable networking and thereby enable this functionality

An anonymous reader shared this report from Reuters: New York-based cybersecurity firm Wiz says it has found a trove of sensitive data from the Chinese artificial intelligence startup DeepSeek inadvertently exposed to the open internet. In a blog post published Wednesday, Wiz said that scans of DeepSeek's infrastructure showed that the company had accidentally left more than a million lines of data available unsecured.

Those included digital software keys and chat logs that appeared to capture prompts being sent from users to the company's free AI assistant.
Wiz's chief technology officer tells Reuters that DeepSeek "took it down in less than an hour" after Wiz alerted them.

"But this was so simple to find we believe we're not the only ones who found it."

SC World reports: A new phishing scam targeting mobile devices was observed using a "never-before-seen" obfuscation method to hide links to spoofed United States Postal Service (USPS) pages inside PDF files, [mobile security company] Zimperium reported Monday.

The method manipulates elements of the Portable Document Format (PDF) to make clickable URLs appear invisible to both the user and mobile security systems, which would normally extract links from PDFs by searching for the "/URI" tag. "Our researchers verified that this method enabled known malicious URLs within PDF files to bypass detection by several endpoint security solutions. In contrast, the same URLs were detected when the standard /URI tag was used," Zimperium Malware Researcher Fernando Ortega wrote in a blog post.

The attackers send the malicious PDFs via SMS text messages under the guise of providing instructions to retrieve a USPS package that failed to deliver... The phishing websites first displays a form for the victim provide their mailing address, email address and telephone number, and then asks for credit card information to pay a $0.30 "service fee" for redelivery of the supposed package... Zimperium identified more than 20 versions of the malicious PDF files and 630 phishing pages associated with the scam operation. The phishing pages were also found to support 50 languages, suggestion international targeting and possible use of a phishing kit.
"Users' trust in the PDF file format and the limited ability of mobile users to view information about a file prior to opening it increase the risk of such phishing campaigns, Zimperium noted."

Thanks to Slashdot reader spatwei for sharing the news.

Microsoft is charging business customers a $400 premium for Surface devices equipped with Intel's latest Core Ultra processors compared to models using Qualcomm's Arm-based chips, the company has disclosed. The Intel-powered Surface Pro tablet and Surface Laptop, starting at $1,499, come with a second-generation Core Ultra 5 processor featuring eight cores, 16GB of memory and 256GB storage.

Comparable Qualcomm-based models begin at $1,099. The new Intel devices will be available to business customers from February 18, though versions with cellular connectivity will launch later. Consumer Surface devices will only be offered with Qualcomm processors. Microsoft also unveiled a USB 4 Dock supporting dual 4K displays and the Surface Hub 3, a conference room computer available in 50-inch or 85-inch touchscreen versions.

Nearly 90% of Oracle Java customers are looking to abandon the software maker's products following controversial licensing changes made in 2023, according to research firm Dimensional Research.

The exodus reflects growing frustration with Oracle's shift to per-employee pricing for its Java platform, which critics called "predatory" and could increase costs up to five times for the same software, Gartner found. The dissatisfaction runs deepest in Europe, where 92% of French and 95% of German users want to switch to alternative providers like Bellsoft Liberica, IBM Semeru, or Azul Platform Core.

Zyxel customers are facing reboot loops, high CPU usage, and login issues after an update on Friday went awry. The only fix requires physical access and a Console/RS232 cable, as no remote recovery options are available. The Register reports: "We've found an issue affecting a few devices that may cause reboot loops, ZySH daemon failures, or login access problems," Zyxel's advisory reads. "The system LED may also flash. Please note this is not related to a CVE or security issue." "The issue stems from a failure in the Application Signature Update, not a firmware upgrade. To address this, we've disabled the application signature on our servers, preventing further impact on firewalls that haven't loaded the new signature versions."

The firewalls affected include USG Flex boxes and ATP Series devices running ZLD firmware versions -- installations that have active security licenses and dedicated signature updates enabled in on-premises/standalone mode. Those running on the Nebula platform, on USG Flex H (uOS), and those without valid security licenses are not affected.

Comcast is deploying "Low Latency, Low Loss, Scalable Throughput" (L4S) technology across its Xfinity internet network in six U.S. cities, a system that reduces the time data packets take to travel between users and servers. Initial trials showed a 78% reduction in working latency under normal home conditions. The technology will first support FaceTime calls, Nvidia's GeForce Now cloud gaming, and Steam games, with planned expansion to Meta's mixed reality applications.

Hackers linked to China, Iran and other foreign governments are using new AI technology to bolster their cyberattacks against U.S. and global targets, according to U.S. officials and new security research. WSJ: In the past year, dozens of hacking groups in more than 20 countries turned to Google's Gemini chatbot to assist with malicious code writing, hunts for publicly known cyber vulnerabilities and research into organizations to target for attack, among other tasks, Google's cyber-threat experts said. While Western officials and security experts have warned for years about the potential malicious uses of AI, the findings released Wednesday from Google are some of the first to shed light on how exactly foreign adversaries are leveraging generative AI to boost their hacking prowess.

This week, the China-built AI platform DeepSeek upended international assumptions about how far along Beijing might be the AI arms race, creating global uncertainty about a technology that could revolutionize work, diplomacy and warfare. Expand article logo Continue reading Groups with known ties to China, Iran, Russia and North Korea all used Gemini to support hacking activity, the Google report said. They appeared to treat the platform more as a research assistant than a strategic asset, relying on it for tasks intended to boost productivity rather than to develop fearsome new hacking techniques. All four countries have generally denied U.S. hacking allegations.

An anonymous reader quotes a report from Ars Technica: Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips' use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program. [...]

The researchers published a list of mitigations they believe will address the vulnerabilities allowing both the FLOP and SLAP attacks. They said that Apple officials have indicated privately to them that they plan to release patches. In an email, an Apple representative declined to say if any such plans exist. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," the spokesperson wrote. "Based on our analysis, we do not believe this issue poses an immediate risk to our users." FLOP, short for Faulty Load Operation Predictor, exploits a vulnerability in the Load Value Predictor (LVP) found in Apple's A- and M-series chipsets. By inducing the LVP to predict incorrect memory values during speculative execution, attackers can access sensitive information such as location history, email content, calendar events, and credit card details. This attack works on both Safari and Chrome browsers and affects devices including Macs (2022 onward), iPads, and iPhones (September 2021 onward). FLOP requires the victim to interact with an attacker's page while logged into sensitive websites, making it highly dangerous due to its broad data access capabilities.

SLAP, on the other hand, stands for Speculative Load Address Predictor and targets the Load Address Predictor (LAP) in Apple silicon, exploiting its ability to predict memory locations. By forcing LAP to mispredict, attackers can access sensitive data from other browser tabs, such as Gmail content, Amazon purchase details, and Reddit comments. Unlike FLOP, SLAP is limited to Safari and can only read memory strings adjacent to the attacker's own data. It affects the same range of devices as FLOP but is less severe due to its narrower scope and browser-specific nature. SLAP demonstrates how speculative execution can compromise browser process isolation.