"A ransomware gang once thought to have been crippled by law enforcement has snarled prescription processing for millions of Americans over the past week..." reports the Washington Post.

"The hackers stole data about patients, encrypted company files and demanded money to unlock them, prompting the company to shut down most of its network as it worked to recover." Insurance giant UnitedHealthcare Group said the hackers struck its Change Health business unit, which routes prescription claims from pharmacies to companies that determine whether patients are covered by insurance and what they should pay... Change Health and a rival, CoverMyMeds, are the two biggest players in the so-called switch business, charging pharmacies a small fee for funneling claims to insurers. "When one of them goes down, obviously it's a major problem," said Patrick Berryman, a senior vice president at the National Community Pharmacists Association...

UnitedHealth estimated that more than 90 percent of the nation's 70,000-plus pharmacies have had to alter how they process electronic claims as a result of the Change Health outage. But it said only a small number of patients have been unable to get their prescriptions at some price. At CVS, which operates one of the largest pharmacy networks in the nation, a spokesperson said there are "a small number of cases in which our pharmacies are not able to process insurance claims" as a result of the outage. It said workarounds were allowing it to fill prescriptions, however...

For pharmacies that were not able to quickly route claims to a different company, the Change Health outage left pharmacists to try to manually calculate a patient's co-pay or offer them the cash price. Compounding the impact, thousands of organizations cut off Change Health from their systems to ensure the hackers did not infect their networks as well... The attack on Change Health has left many pharmacies in a cash-flow bind, as they face bills from the companies that deliver the medication without knowing when they will be reimbursed by insurers. Some pharmacies are requiring customers to pay full price for their prescriptions when they cannot tell if they are covered by insurance. In some cases, that means people are paying more than $1,000 out of pocket, according to social media posts.

The situation has been "extremely disruptive," said Erin Fox, associate chief pharmacy officer at University of Utah Health. "At our system, our retail pharmacies were providing three-day gratis emergency supplies for patients who could not afford to pay the cash price," Fox said by email. "In some cases, like for inhalers, we had to send product out at risk, not knowing if we will ever get paid, but we need to take care of the patients." Axis Pharmacy Northwest near Seattle is "going out on a limb and dispensing product with absolutely no inkling if we'll get paid or not," said Richard Molitor, the pharmacist in charge. UPDATE: CNN reports Change Healthcare has now announced "plans for a temporary loan program to get money flowing to health care providers affected by the outage." It's a stop-gap measure meant to give some financial relief to health care providers, which analysts say are losing millions of dollars per day because of the outage. Some US officials and health care executives told CNN it may be weeks before Change Healthcare returns to normal operations.
"Once standard payment operations resume, the funds will simply need to be repaid," the company said in a statement. Change Healthcare has been under pressure from senior US officials to get their systems back online. Officials from the White House and multiple federal agencies, including the department of Health and Human Services, have been concerned by the broad financial and health impact of the hack and have been pressing for ways to get Change Healthcare back online, sources told CNN...

In a message on its website Friday afternoon, Change Healthcare also said that it was launching a new version of its online prescribing service following the cyberattack.
Thanks to Slashdot reader CaptainDork for sharing the news.

Since implementing a remote-first policy in 2021, Yelp says it's experienced a surge in job applications and a more satisfied workforce. Fortune reports: Last year, the total number of job applicants was 43% higher compared to 2021, according to Yelp's 2024 Remote Work Report released earlier this month. The number of applicants for sales roles skyrocketed by 103%, and prospects for its general and administrative (G&A) positions shot up 52% over the same time period. Those increases fall in line with data that shows a tidal wave of applicants clamoring for remote jobs. "It's rewarding to see both the level of interest and the quality of our applicants," Carmen Amara, chief people officer at Yelp, told Fortune. "Remote work has allowed us to attract a number of candidates who previously would not have applied to Yelp due to their location."

Despite arguments that remote work weakens workers' connections and growth opportunities, Yelp says it has found the opposite to be true. About 90% of the company's more than 4,700 employees say they have found effective ways to collaborate remotely, and 91% say they are confident in upward career mobility while working out of the office. Flexible schedules have also facilitated a healthy work-life balance -- about 89% of the company's workers say they can manage personal and professional demands, and the same amount say that the remote model has allowed them to make positive changes for their wellbeing.

Notably, Yelp's global tenure has increased to 3.5 years in 2023, compared to 2.8 years the year prior. The company says it's using the money it saved from shutting down its underutilized offices in New York City, Chicago, and Washington D.C., to funnel back into employee benefits, professional development, and wellness reimbursements.

An anonymous reader quotes a report from TechCrunch: A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users' access to their Facebook, Google and TikTok accounts. The Asian technology and internet company YX International manufactures cellular networking equipment and provides SMS text message routing services. SMS routing helps to get time-critical text messages to their proper destination across various regional cell networks and providers, such as a user receiving an SMS security code or link for logging in to online services. YX International claims to send 5 million SMS text messages daily. But the technology company left one of its internal databases exposed to the internet without a password, allowing anyone to access the sensitive data inside using only a web browser, just with knowledge of the database's public IP address.

Anurag Sen, a good-faith security researcher and expert in discovering sensitive but inadvertently exposed datasets leaking to the internet, found the database. Sen said it was not apparent who the database belonged to, nor who to report the leak to, so Sen shared details of the exposed database with TechCrunch to help identify its owner and report the security lapse. Sen told TechCrunch that the exposed database included the contents of text messages sent to users, including one-time passcodes and password reset links for some of the world's largest tech and online companies, including Facebook and WhatsApp, Google, TikTok, and others. The database had monthly logs dating back to July 2023 and was growing in size by the minute. In the exposed database, TechCrunch found sets of internal email addresses and corresponding passwords associated with YX International, and alerted the company to the spilling database. The database went offline a short time later.

Stack Overflow has launched an API that will require all AI models trained on its coding question-and-answer content to attribute sources linking back to its posts. And it will cost money to use the site's content. From a report: "All products based on models that consume public Stack Overflow data are required to provide attribution back to the highest relevance posts that influenced the summary given by the model," it confirmed in a statement. The Overflow API is designed to act as a knowledge database to help developers build more accurate and helpful code-generation models. Google announced it was using the service to access relevant information from Stack Overflow via the API and integrate the data with its latest Gemini models, and for its cloud storage console.

Google is cracking down on rooted Android devices, blocking multiple people from using the RCS message feature in Google Messages. From a report: Users with rooted phones -- a process that unlocks privileged access to the Android operating system, like jailbreaking iPhones -- have made several reports on the Google Messages support page, Reddit, and XDA's web forum over the last few months, finding they're suddenly unable to send or receive RCS messages. One example from Reddit user u/joefuf shows that RCS messages would simply vanish after hitting the send button. Several reports also mention that Google Messages gave no indication that RCS chat was no longer working, and was still showing as connected and working in Google Messages. In a statement sent to the Verge where we asked if Google is blocking rooted devices from using RCS, Google communications manager Ivy Hunt said the company is "ensuring that message-issuing/receiving devices are following the operating measures defined by the RCS standard" in a bid to prevent spam and abuse on Google Messages. In other words, yes, Google is blocking RCS on rooted devices.

An anonymous reader quotes an excerpt from a Wired article: In 2019, a government contractor and technologist named Mike Yeagley began making the rounds in Washington, DC. He had a blunt warning for anyone in the country's national security establishment who would listen: The US government had a Grindr problem. A popular dating and hookup app, Grindr relied on the GPS capabilities of modern smartphones to connect potential partners in the same city, neighborhood, or even building. The app can show how far away a potential partner is in real time, down to the foot. But to Yeagley, Grindr was something else: one of the tens of thousands of carelessly designed mobile phone apps that leaked massive amounts of data into the opaque world of online advertisers. That data, Yeagley knew, was easily accessible by anyone with a little technical know-how. So Yeagley -- a technology consultant then in his late forties who had worked in and around government projects nearly his entire career -- made a PowerPoint presentation and went out to demonstrate precisely how that data was a serious national security risk.

As he would explain in a succession of bland government conference rooms, Yeagley was able to access the geolocation data on Grindr users through a hidden but ubiquitous entry point: the digital advertising exchanges that serve up the little digital banner ads along the top of Grindr and nearly every other ad-supported mobile app and website. This was possible because of the way online ad space is sold, through near-instantaneous auctions in a process called real-time bidding. Those auctions were rife with surveillance potential. You know that ad that seems to follow you around the internet? It's tracking you in more ways than one. In some cases, it's making your precise location available in near-real time to both advertisers and people like Mike Yeagley, who specialized in obtaining unique data sets for government agencies.

Working with Grindr data, Yeagley began drawing geofences -- creating virtual boundaries in geographical data sets -- around buildings belonging to government agencies that do national security work. That allowed Yeagley to see what phones were in certain buildings at certain times, and where they went afterwards. He was looking for phones belonging to Grindr users who spent their daytime hours at government office buildings. If the device spent most workdays at the Pentagon, the FBI headquarters, or the National Geospatial-Intelligence Agency building at Fort Belvoir, for example, there was a good chance its owner worked for one of those agencies. Then he started looking at the movement of those phones through the Grindr data. When they weren't at their offices, where did they go? A small number of them had lingered at highway rest stops in the DC area at the same time and in proximity to other Grindr users -- sometimes during the workday and sometimes while in transit between government facilities. For other Grindr users, he could infer where they lived, see where they traveled, even guess at whom they were dating.

Intelligence agencies have a long and unfortunate history of trying to root out LGBTQ Americans from their workforce, but this wasn't Yeagley's intent. He didn't want anyone to get in trouble. No disciplinary actions were taken against any employee of the federal government based on Yeagley's presentation. His aim was to show that buried in the seemingly innocuous technical data that comes off every cell phone in the world is a rich story -- one that people might prefer to keep quiet. Or at the very least, not broadcast to the whole world. And that each of these intelligence and national security agencies had employees who were recklessly, if obliviously, broadcasting intimate details of their lives to anyone who knew where to look. As Yeagley showed, all that information was available for sale, for cheap. And it wasn't just Grindr, but rather any app that had access to a user's precise location -- other dating apps, weather apps, games. Yeagley chose Grindr because it happened to generate a particularly rich set of data and its user base might be uniquely vulnerable. The report goes into great detail about how intelligence and data analysis techniques, notably through a program called Locomotive developed by PlanetRisk, enabled the tracking of mobile devices associated with Russian President Vladimir Putin's entourage. By analyzing commercial adtech data, including precise geolocation information collected from mobile advertising bid requests, analysts were able to monitor the movements of phones that frequently accompanied Putin, indicating the locations and movements of his security personnel, aides, and support staff.

This capability underscored the surveillance potential of commercially available data, providing insights into the activities and security arrangements of high-profile individuals without directly compromising their personal devices.

In a series of tests using fake data, a U.S. government watchdog was able to steal more than 1GB of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The experiment is detailed in a new report by the Department of the Interior's Office of the Inspector General (OIG), published last week. TechCrunch reports: The goal of the report was to test the security of the Department of the Interior's cloud infrastructure, as well as its "data loss prevention solution," software that is supposed to protect the department's most sensitive data from malicious hackers. The tests were conducted between March 2022 and June 2023, the OIG wrote in the report. The Department of the Interior manages the country's federal land, national parks and a budget of billions of dollars, and hosts a significant amount of data in the cloud. According to the report, in order to test whether the Department of the Interior's cloud infrastructure was secure, the OIG used an online tool called Mockaroo to create fake personal data that "would appear valid to the Department's security tools."

The OIG team then used a virtual machine inside the Department's cloud environment to imitate "a sophisticated threat actor" inside of its network, and subsequently used "well-known and widely documented techniques to exfiltrate data." "We used the virtual machine as-is and did not install any tools, software, or malware that would make it easier to exfiltrate data from the subject system," the report read. The OIG said it conducted more than 100 tests in a week, monitoring the government department's "computer logs and incident tracking systems in real time," and none of its tests were detected nor prevented by the department's cybersecurity defenses.

"Our tests succeeded because the Department failed to implement security measures capable of either preventing or detecting well-known and widely used techniques employed by malicious actors to steal sensitive data," said the OIG's report. "In the years that the system has been hosted in a cloud, the Department has never conducted regular required tests of the system's controls for protecting sensitive data from unauthorized access." That's the bad news: The weaknesses in the Department's systems and practices "put sensitive [personal information] for tens of thousands of Federal employees at risk of unauthorized access," read the report. The OIG also admitted that it may be impossible to stop "a well-resourced adversary" from breaking in, but with some improvements, it may be possible to stop that adversary from exfiltrating the sensitive data.

Hackers targeting individuals in the cryptocurrency sector are using a sophisticated phishing scheme that begins with a malicious link on Calendly. "The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call," reports Krebs on Security. "But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems." From the report: A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. "When the project team clicks the link, they encounter a region access restriction," SlowMist wrote. "At this point, the North Korean hackers coax the team into downloading and running a 'location-modifying' malicious script. Once the project team complies, their computer comes under the control of the hackers, leading to the theft of funds."

SlowMist says the North Korean phishing scams used the "Add Custom Link" feature of the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks. "Since Calendly integrates well with the daily work routines of most project teams, these malicious links do not easily raise suspicion," the blog post explains. "Consequently, the project teams may inadvertently click on these malicious links, download, and execute malicious code."

SlowMist said the malware downloaded by the malicious link in their case comes from a North Korean hacking group dubbed BlueNoroff, which Kaspersky Labs says is a subgroup of the Lazarus hacking group. "A financially motivated threat actor closely connected with Lazarus that targets banks, casinos, fin-tech companies, POST software and cryptocurrency businesses, and ATMs," Kaspersky wrote of BlueNoroff in Dec. 2023.

An anonymous reader quotes a report from Ars Technica: Video doorbell cameras have been commoditized to the point where they're available for $30-$40 on marketplaces like Amazon, Walmart, Temu, and Shein. The true cost of owning one might be much greater, however. Consumer Reports (CR) has released the findings of a security investigation into two budget-minded doorbell brands, Eken and Tuck, which are largely the same hardware produced by the Eken Group in China, according to CR. The cameras are further resold under at least 10 more brands. The cameras are set up through a common mobile app, Aiwit. And the cameras share something else, CR claims: "troubling security vulnerabilities."

Among the camera's vulnerabilities cited by CR:
- Sending public IP addresses and Wi-Fi SSIDs (names) over the Internet without encryption
- Takeover of the cameras by putting them into pairing mode (which you can do from a front-facing button on some models) and connecting through the Aiwit app
- Access to still images from the video feed and other information by knowing the camera's serial number.

CR also noted that Eken cameras lacked an FCC registration code. More than 4,200 were sold in January 2024, according to CR, and often held an Amazon "Overall Pick" label (as one model did when an Ars writer looked on Wednesday). CR issued vulnerability disclosures to Eken and Tuck regarding its findings. The disclosures note the amount of data that is sent over the network without authentication, including JPEG files, the local SSID, and external IP address. It notes that after a malicious user has re-paired a doorbell with a QR code generated by the Aiwit app, they have complete control over the device until a user sees an email from Eken and reclaims the doorbell. "These video doorbells from little known manufacturers have serious security and privacy vulnerabilities, and now they've found their way onto major digital marketplaces such as Amazon and Walmart," said Justin Brookman, director of tech policy at Consumer Reports, in a statement. "Both the manufacturers and platforms that sell the doorbells have a responsibility to ensure that these products are not putting consumers in harm's way."

An anonymous reader shares a report: Google is introducing improvements to search suggestions in Chrome, the company announced today. As part of the changes, users will start to get more helpful search suggestions in Chrome based on what others are searching for, see more images for suggested searches and find search suggestions even with a poor connection.

Search suggestions are the drop-down list of suggested completions that appear before you finish typing out your query in Google. The feature generates predictions to help users save time and speed up their search. With these new updates, Google is expanding the availability of search suggestions and using them to boost inspiration. When users are signed into Chrome on desktop and open a new tab, they will now start to see suggestions in the search box related to their previous searches based on what other people are searching for.

Several internet-connected doorbell cameras have a security flaw that allows hackers to take over the camera by just holding down a button, among other issues, according to research by Consumer Reports. From a report: On Thursday, the non-profit Consumer Reports published research that detailed four security and privacy flaws in cameras made by EKEN, a company based in Shenzhen, China, which makes cameras branded as EKEN, but also, apparently, Tuck and other brands. These relatively cheap doorbell cameras were available on online marketplaces like Walmart and Temu, which removed them from sale after Consumer Reports reached out to the companies to flag the problems. These doorbell cameras are, however, still available elsewhere.

According to Consumer Reports, the most impactful issue is that if someone is in close proximity to a EKEN doorbell camera, they can take "full control" of it by simply downloading its official app -- called Aiwit -- and putting the camera in pairing mode by simply holding down the doorbell's button for eight seconds. Aiwit's app has more than a million downloads on Google Play, suggesting it is widely used. At that point, the malicious user can create their own account on the app, scan the QR code generated by the app by putting it in front of the doorbell's camera.

Michael Larabel, reporting at Phoronix: One of the limitations of AMD's open-source Linux graphics driver has been the inability to implement HDMI 2.1+ functionality on the basis of legal requirements by the HDMI Forum. AMD engineers had been working to come up with a solution in conjunction with the HDMI Forum for being able to provide HDMI 2.1+ capabilities with their open-source Linux kernel driver, but it looks like those efforts for now have concluded and failed. For three years there has been a bug report around 4K@120Hz being unavailable via HDMI 2.1 on the AMD Linux driver. Similarly, there have been bug reports like 5K @ 240Hz not possible either with the AMD graphics driver on Linux.

As covered back in 2021, the HDMI Forum closing public specification access is hurting open-source support. AMD as well as the X.Org Foundation have been engaged with the HDMI Forum to try to come up with a solution to be able to provide open-source implementations of the now-private HDMI specs. AMD Linux engineers have spent months working with their legal team and evaluating all HDMI features to determine if/how they can be exposed in their open-source driver. AMD had code working internally and then the past few months were waiting on approval from the HDMI Forum. Sadly, the HDMI Forum has turned down AMD's request for open-source driver support.

An anonymous reader quotes a report from Ars Technica: GitHub is struggling to contain an ongoing attack that's flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency from developer devices, researchers said. The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories, meaning the source code is copied so developers can use it in an independent project that builds on the original one. The result is millions of forks with names identical to the original one that add a payload that's wrapped under seven layers of obfuscation. To make matters worse, some people, unaware of the malice of these imitators, are forking the forks, which adds to the flood.

"Most of the forked repos are quickly removed by GitHub, which identifies the automation," Matan Giladi and Gil David, researchers at security firm Apiiro, wrote Wednesday. "However, the automation detection seems to miss many repos, and the ones that were uploaded manually survive. Because the whole attack chain seems to be mostly automated on a large scale, the 1% that survive still amount to thousands of malicious repos." Given the constant churn of new repos being uploaded and GitHub's removal, it's hard to estimate precisely how many of each there are. The researchers said the number of repos uploaded or forked before GitHub removes them is likely in the millions. They said the attack "impacts more than 100,000 GitHub repositories." GitHub issued the following statement: "GitHub hosts over 100M developers building across over 420M repositories, and is committed to providing a safe and secure platform for developers. We have teams dedicated to detecting, analyzing, and removing content and accounts that violate our Acceptable Use Policies. We employ manual reviews and at-scale detections that use machine learning and constantly evolve and adapt to adversarial tactics. We also encourage customers and community members to report abuse and spam."

An anonymous reader quotes a report from Ars Technica: The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they've been hacked and are being used to conceal ongoing malicious operations by Russian state hackers. The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses.

"In summary, with root access to compromised Ubiquiti EdgeRouters, APT28 actors have unfettered access to Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns," FBI officials wrote in an advisory Tuesday. APT28 -- one of the names used to track a group backed by the Russian General Staff Main Intelligence Directorate known as GRU -- has been doing just for at least the past four years, the FBI has alleged. Earlier this month, the FBI revealed that it had quietly removed Russian malware from routers in US homes and businesses. The operation, which received prior court authorization, went on to add firewall rules that would prevent APT28 -- also tracked under names including Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit -- from being able to regain control of the devices.

On Tuesday, FBI officials noted that the operation only removed the malware used by APT28 and temporarily blocked the group using its infrastructure from reinfecting them. The move did nothing to patch any vulnerabilities in the routers or to remove weak or default credentials hackers could exploit to once again use the devices to surreptitiously host their malware. "The US Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers," they warned. "However, owners of relevant devices should take the remedial actions described below to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises."

Those actions include:

- Perform a hardware factory reset to remove all malicious files
- Upgrade to the latest firmware version
- Change any default usernames and passwords
- Implement firewall rules to restrict outside access to remote management services

Amazon has issued an update to Fire TV streaming devices and televisions that has broken apps that let users bypass the Fire OS home screen. From a report: The tech giant claims that its latest Fire OS update is about security but has refused to detail any potential security concerns. Users and app developers have reported that numerous apps that used to work with Fire TV devices for years have suddenly stopped working. As first reported by AFTVnews, the update has made apps unable to establish local Android Debug Bridge (ADB) connections and execute ADB commands with Fire TV devices.

The update, Fire OS 7.6.6.9, affects several Fire OS-based TVs, including models from TCL, Toshiba, Hisense, and Amazon's Fire TV Omni QLED Series. Other devices running the update include Amazon's first Fire TV Stick 4K Max, the third-generation Fire TV Stick, as well as the third and second-generation Fire TV Cubes and the Fire TV Stick Lite. A code excerpt shared with AFTVnews by what the publication described as an "affected app developer," which you can view here, shows a line of code indicating that Fire TVs would not be allowed to make ADB connections with a local device or app. As pointed out by AFTVnews, such apps have been used by Fire TV modders for abilities like clearing installed apps' cache and using a different home screen than the Fire OS default.

An anonymous reader quotes a report from The Register: A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order (TRO) denying minors access to encrypted communication in Meta's Messenger application. The motion for a TRO follows AG's Ford announcement of civil lawsuits on January 30, 2024 against five social media companies, including Meta [PDF], alleging the companies deceptively marketed their services to young people through algorithms that were designed to promote addiction. Nevada was not a party to the two multi-district lawsuits filed against Meta last October by 42 State Attorney General over claims that the social media company knowingly ignored evidence that its Facebook and Instagram services contribute to the mental harm of children and teens. Meta, which lately has been investing in virtual reality and large language models, is also being sued by hundreds of school districts around the US.

The Nevada court filing to obtain a TRO follows from AG Ford's initial complaint. The legal claim cites a statement from the National Center for Missing and Exploited Children that argues Meta's provision of end-to-end encryption in Messenger "without exceptions for child sexual abuse material placed millions of children in grave danger." The initial complaint's presumably supporting claims, however, have been redacted in the publicly viewable copy of the document. The motion for a TRO, which also contains redactions, contends that Meta -- by encrypting Messenger -- has thwarted state officials from enforcing the Nevada Unfair and Deceptive Trade Practices Act. "With this Motion, the State seeks to enjoin Meta from using end-to-end encryption (also called 'E2EE') on Young Users' Messenger communications within the State of Nevada," the court filing says. "This conduct -- which renders it impossible for anyone other than a private message's sender and recipient to know what information the message contains -- serves as an essential tool of child predators and drastically impedes law enforcement efforts to protect children from heinous online crimes, including human trafficking, predation, and other forms of dangerous exploitation."

Meta enabled E2EE by default for all users of Messenger in December 2023. But according to the motion for a TRO, "Meta's end-to-end-encryption stymies efforts by Nevada law enforcement, causing needless delay and even risking the spoliation of critical pieces of necessary evidence in criminal prosecutions." The injunction, if granted, would require Meta to disable E2EE for all Messenger users under 18 in Nevada. Presumably that would also affect minors using Messenger who are visiting the Silver State.

wiredmikey writes: The LockBit ransomware operators launched a new leak site over the weekend, claiming they restored their infrastructure following a law enforcement takedown and invited affiliates to re-join the operation.



Over the weekend, an individual involved with the RaaS, who uses the moniker of "LockBitSupp", launched a new leak site that lists hundreds of victim organizations and which contains a long message providing his view on the takedown.

Apple could soon face an investigation over its decision to discontinue iPhone web apps in the European Union, according to a report from the Financial Times. The Verge: The European Commission has reportedly sent Apple and app developers requests for more information to assist in its evaluation. "We are indeed looking at the compliance packages of all gatekeepers, including Apple," the European Commission said in a statement to the Financial Times. "In that context, we're in particular looking into the issue of progressive web apps, and can confirm sending the requests for information to Apple and to app developers, who can provide useful information for our assessment."

An anonymous reader shares a report from the ongoing Mobile World Congress trade show: This year's big scrum gatherer was Lenovo's long-rumored transparent laptop. It's real. It functions surprisingly well and -- nearest anyone can tell -- its existence is a testament to form over function. That's a perfectly fine thing to be when you're a concept device. When it comes to actually shipping a product, however, that's another conversation entirely. [...] Broadly speaking, it looks like a laptop, with a transparent pane where the screen should be. It's perhaps best understood as a kind of augmented reality device, in the sense that its graphics are overlaid on whatever happens to be behind it.

It's a crowd pleaser, with a futuristic air to it that embodies all manner of sci-fi tech tropes. The transparent display has become a kind of shorthand for future tech in stock art, and it's undeniably neat to see the thing in action. [...] The bottom of the device is covered in a large capacitive touch surface. This area serves as both a keyboard and a large stylus-compatible drawing surface. The flat surface can't compete with real, tactile keyboards, of course. Typing isn't the greatest experience here, as evidenced by previous dual-screen Lenovo laptops. But that's the tradeoff for the versatility of the virtual version.

Julia 1.0 was released in 2018 — after a six-year wait.

And there's now another update. LWN.net gets you up to speed, calling Julia "a general-purpose, open-source programming language with a focus on high-performance scientific computing." Some of Julia's unusual features:

- Lisp-inspired metaprogramming
- The ability to examine compiled representations of code in the REPL or in a "reactive notebook"
- An advanced type and dispatch system
- A sophisticated, built-in package manager.

Version 1.10 brings big increases in speed and developer convenience, especially improvements in code precompilation and loading times. It also features a new parser written in Julia... [I]t is faster, it produces more useful syntax-error messages, and it provides better source-code mapping, which associates locations in compiled code to their corresponding lines in the source. That last improvement also leads to better error messages and makes it possible to write more sophisticated debuggers and linters...

Between the improvements in precompilation and loading times, and the progress in making small binaries, two major and perennial complaints, of beginners and seasoned Julia users alike, have been addressed... StaticCompiler and related WebAssembly tools will make it easier to write web applications in Julia for direct execution in the browser; it is already possible, but may become more convenient over the next few years.
Thanks for sharing the article to long-time Slashdot reader lee1 — who also wrote No Starch Press's Practical Julia: A Hands-On Introduction for Scientific Minds .

lee1 also reminds us that Gnuplot 6.0 was released in December: lee1 writes: This article surveys the new features, including filled contours in 3D, adaptive plotting resolution, watchpoints, clipping of surfaces, pie charts, and new syntax for conditionals.