Longtime Slashdot reader Plugh shares a report from Daily Security Review: A Ukrainian hacker group [...] carried out a destructive attack on the servers of a Moscow-based internet provider to take revenge for Kyivstar cyberattack. The group, known as Blackjack, successfully hacked into the systems of M9com, causing extensive damage by deleting terabytes of data. Numerous residents in Moscow experienced disruptions in their internet and television services. Additionally, the Blackjack hacker group has issued a warning of a potentially larger attack in the near future.

Based on the information provided by Ukrinform, the cyber attack on M9com deleted approximately 20 terabytes of data. The attack targeted various critical services of the company, including its official website, mail server, and cyber protection services. Furthermore, the hackers managed to access and download over 10 gigabytes of data from M9com's mail server and client databases. To make matters worse, they made this stolen information publicly accessible via the Tor browser. [...]

Based on the nature of the attack on M9com, it appears that when the hackers hit Moscow, they were able to gain access to the back-end operations of the company. This allowed them to effectively delete data from the servers, similar to what occurred in the Kyivstar incident. It is worth noting that this type of attack, which involves directly targeting and compromising the servers, is less common compared to the more frequently observed distributed denial-of-service (DDoS) attacks. DDoS attacks overwhelm a system by inundating it with automated requests, causing the service to become inaccessible.

Ubisoft's Prince of Persia: The Lost Crown launches next week, but players are likely to encounter an amusing bug as they make their way through the game. Engadget: One of the game's NPCs is voiced by a text-to-speech program, complete with the slightly robotic tones we've come to associate with these services. It's not quite Siri or Alexa, but it's close and certainly doesn't fit the game's Persian-inspired setting. The NPC-in-question is a tree spirit named Kalux and seems to be voiced by a TTS program that's available online for free and typically used by streamers.

This isn't an "AI is coming for your jobs" type thing, but rather a mistake on Ubisoft's part, as each and every other NPC is attached to a voice actor. IGN notes that Kalux doesn't have a voice actor in the credits. Additionally, Kalux only has a few lines, so it likely won't be a tough fix to assign an actor to deliver that dialogue. Ubisoft has readied a day-one patch, but it won't handle the Kalux issue. Look for another patch in late January or early February that replaces the bot with a human.

An anonymous reader quotes a report from SecurityWeek.com: A Dutch engineer recruited by the country's intelligence services used a water pump to deploy the now-infamous Stuxnet malware in an Iranian nuclear facility, according to a two-year investigation conducted by Dutch newspaper De Volkskrant. Stuxnet, whose existence came to light in 2010, is widely believed to be the work of the United States and Israel, its goal being to sabotage Iran's nuclear program by compromising industrial control systems (ICS) associated with nuclear centrifuges. The malware, which had worm capabilities, is said to have infected hundreds of thousands of devices and caused physical damage to hundreds of machines.

De Volkskrant's investigation, which involved interviews with dozens of people, found that the AIVD, the general intelligence and security service of the Netherlands, the Dutch equivalent of the CIA, recruited Erik van Sabben, a then 36-year-old Dutch national working at a heavy transport company in Dubai. Van Sabben was allegedly recruited in 2005 -- a couple of years before the Stuxnet malware was triggered -- after American and Israeli intelligence agencies asked their Dutch counterpart for help. However, the Dutch agency reportedly did not inform its country's government and it was not aware of the full extent of the operation. Van Sabben was described as perfect for the job as he had a technical background, he was doing business in Iran and was married to an Iranian woman.

It's believed that the Stuxnet malware was planted on a water pump that the Dutch national installed in the nuclear complex in Natanz, which he had infiltrated. It's unclear if Van Sabben knew exactly what he was doing, but his family said he appeared to have panicked at around the time of the Stuxnet attack. [...] Michael Hayden, who at the time was the chief of the CIA, did agree to talk to De Volkskrant, but could not confirm whether Stuxnet was indeed delivered via water pumps due to it still being classified information. One interesting piece of information that has come to light in De Volkskrant's investigation is that Hayden reportedly told one of the newspaper's sources that it cost between $1 and $2 billion to develop Stuxnet.

An anonymous reader writes: Millions of dollars have gone down the drain right when the Chicago Public Schools face a looming budget deficit -- as a brand-new CPS Inspector General report revealed the district lost thousands of computers and devices in a school year. In all, more than $20 million were lost -- as about students failed to return 77,505 laptops and other electronic devices within a year. This is even though the district spends millions to track such devices. The underlying concern is that taxpayer dollars will be used to replace them.

prisoninmate shares a report: Originally released on November 12th, 2017, the long-term supported (LTS) Linux 4.14 kernel series has now reached its end of supported life after being maintained for more than six years. Renowned kernel developer Greg Kroah-Hartman announced today on the Linux kernel mailing list the release of Linux 4.14.336 as what appears to be the last maintenance update to the long-term supported Linux 4.14 kernel series, which is now marked as EOL (End of Life) on the kernel.org website. "This is the LAST 4.14.y kernel to be released. It is now officially end-of-life. Do NOT use this kernel version anymore, please move to a newer one, as shown on the kernel.org releases page," said Greg Kroah-Hartman. "If you are stuck at this version due to a vendor requiring it, go get support from that vendor for this obsolete kernel tree, as that is what you are paying them for."

Previously unknown self-replicating malware has been infecting Linux devices worldwide, installing cryptomining malware using unusual concealment methods. The worm is a customized version of Mirai botnet malware, which takes control of Linux-based internet-connected devices to infect others. Mirai first emerged in 2016, delivering record-setting distributed denial-of-service attacks by compromising vulnerable devices. Once compromised, the worm self-replicates by scanning for and guessing credentials of additional vulnerable devices. While traditionally used for DDoS attacks, this latest variant focuses on covert cryptomining. ArsTechnica adds: On Wednesday, researchers from network security and reliability firm Akamai revealed that a previously unknown Mirai-based network they dubbed NoaBot has been targeting Linux devices since at least last January. Instead of targeting weak telnet passwords, the NoaBot targets weak passwords connecting SSH connections. Another twist: Rather than performing DDoSes, the new botnet installs cryptocurrency mining software, which allows the attackers to generate digital coins using victims' computing resources, electricity, and bandwidth. The cryptominer is a modified version of XMRig, another piece of open source malware. More recently, NoaBot has been used to also deliver P2PInfect, a separate worm researchers from Palo Alto Networks revealed last July.

Akamai has been monitoring NoaBot for the past 12 months in a honeypot that mimics real Linux devices to track various attacks circulating in the wild. To date, attacks have originated from 849 distinct IP addresses, almost all of which are likely hosting a device that's already infected. The following figure tracks the number of attacks delivered to the honeypot over the past year.

According to Bloomberg, Apple's AirDrop feature has been cracked by a Chinese state-backed institution to identify senders who share "undesirable content". MacRumors reports: AirDrop is Apple's ad-hoc service that lets users discover nearby Macs and iOS devices and securely transfer files between them over Wi-Fi and Bluetooth. Users can send and receive photos, videos, documents, contacts, passwords and anything else that can be transferred from a Share Sheet. Apple advertises the protocol as secure because the wireless connection uses Transport Layer Security (TLS) encryption, but the Beijing Municipal Bureau of Justice (BMBJ) says it has devised a way to bypass the protocol's encryption and reveal identifying information.

According to the BMBJ's website, iPhone device logs were analyzed to create a "rainbow table" which allowed investigators to convert hidden hash values into the original text and correlate the phone numbers and email accounts of AirDrop content senders. The "technological breakthrough" has successfully helped the public security authorities identify a number of criminal suspects, who use the AirDrop function to spread illegal content, the BMBJ added. "It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences," the bureau added.

It is not known if the security flaw in the AirDrop protocol has been exploited by a government agency before now, but it is not the first time a flaw has been discovered. In April 2021, German researchers found that the mutual authentication mechanism that confirms both the receiver and sender are on each other's address book could be used to expose private information. According to the researchers, Apple was informed of the flaw in May of 2019, but did not fix it.

Asus is back with another Zenbook Duo, the latest $2,161 device in its range of dual-screened laptops. But rather than including a small secondary display above this laptop's keyboard like previous Duos, the revamped version for 2024 has two equally sized 14-inch screens. The Verge has more: They're both OLED, with resolutions of up to 2880 x 1800, aspect ratios of 16:10, and a maximum refresh rate of 120Hz. Between them, they offer a total of 19.8 inches of usable screen real estate. It's a similar approach to the one Lenovo took with last year's dual-screen Yoga Book 9i, albeit with a couple of tweaks. Like Lenovo, Asus gives you a choice of typing on the lower touchscreen via a virtual keyboard or by using a detachable physical Bluetooth keyboard. But what's different here is that Asus' keyboard has a trackpad built in, so you don't have to use it in combination with an on-screen trackpad.

Asus envisages you using the new Zenbook Duo in a few different configurations. There's a standard laptop mode, where the bottom screen is entirely covered by a traditional keyboard and trackpad. Or you can rest the keyboard on your desk and have the two screens arranged vertically for "Dual Screen" mode or horizontally for "Desktop" mode. Finally, there's "Sharing" mode, which has you ditch the keyboard entirely and lay the laptop down on a flat surface with both its screens facing up and away from each other, presumably so you can share your work with a colleague sitting across the desk from you. Naturally, having launched a year later than its competitor, the Asus Zenbook Duo is also packed with more modern hardware. It can be specced with up to an Intel Core Ultra 9 185H processor and 32GB of RAM, up to 2TB of storage, and a 75Wh battery. Connectivity includes two Thunderbolt 4 ports, a USB-A port, HDMI out, and a 3.5mm jack, and the laptop can be used with Asus' stylus.

Amazon introduced a new feature that mimics Apple's AirPlay while working across different platforms, setting the stage for iPhone and Android users to wirelessly stream video to its TV hardware. From a report: The feature, called Matter Casting, is part of a push by Amazon to create interoperable services -- an alternative to the propriety technology developed by Apple and Google. It will make it easier for iOS and Android phones to send video to Amazon devices, such as its Fire TV boxes and sticks, as well as the Echo Show 15 smart display. [...] The feature will work with a range of other video services, including Plex, Pluto TV, Sling TV, Starz and ZDF, Amazon said.

With Apple's Vision Pro VR/AR headset set to go on sale on February 2, we're starting to see more details about the app requirements. From a report: The company has released guidelines for visionOS developers planning to release apps and there's one strange caveat. It would rather developers don't use the terms AR and VR when referring to Vision Pro apps, but rather call them "spatial computing apps," according to the developer page.

"Spatial computing: Refer to your app as a spatial computing app. Don't describe your app experience as augmented reality (AR), virtual reality (VR), extended reality (XR), or mixed reality (MR)," the company states. The headset itself should be called "Apple Vision Pro" with three uppercase words, while "visionOS begins with a lowercase v, even when it's the first word in a sentence." The terms should never be translated or transliterated, Apple added.

According to an analysis of U.S. Bureau of Labor Statistics data, the U.S. added a mere 700 IT jobs compared to 267,000 the year prior. The Register reports: Yet while layoffs have generally kept IT job growth flat for the past year (2023's net 700 comes despite more than 21,000 IT jobs being created in Q4), there's still a surplus of vacant roles, with [tech consultancy Janco Associates] finding some 88,000 remain open. "Based on our analysis, the IT job market and opportunities for IT professionals are poor at best," said Janco CEO M Victor Janulaitis. "Currently, there are almost 100K unfilled jobs with over 101K unemployed IT Pros -- a skills mismatch."

In other words, while we're definitely dealing with correction from pandemic overhiring, we're also wading into a new paradigm where a lot of tech talent is going to have to retrain because AI is being crammed wherever C-level employees can stick it. Much of the layoff debt to hit IT jobs have come to entry-level positions, especially those in the customer service telecommunications and hosting automation areas. In turn, some of the responsibilities of those jobs are being reassigned to the latest and greatest AIs, says Janco.

According to the tech consultancy, entry-level IT demand is shrinking, though demand for those with AI, security, development, and blockchain skills remain desired. "Artificial Intelligence and Machine Learning IT Professionals remain in high demand," said Janulaitis. Still, plans to further replace humans with AI workers at the entry level are hardly far-fetched, with multiple reports finding much the same. [...] Those caught up by this year's tech layoffs seem to have a simple solution on their hands, as far as Janco's data suggests: Retrain for AI. Problem solved ... until the next big thing comes along.

An anonymous reader quotes a report from Reuters: Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters. The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12. In an interview, Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence. "This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," he said. He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity.

The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator." During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27. "For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November." The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed."

Investigating the attack is harder because of the wiping of Kyivstar's infrastructure. Vitiuk said he was "pretty sure" it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyberattacks in Ukraine and elsewhere. A year ago, Sandworm penetrated a Ukrainian telecoms operator, but was detected by Kyiv because the SBU had itself been inside Russian systems, Vitiuk said, declining to identify the company. The earlier hack has not been previously reported. Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else. If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords, he said. Samples of that malware have been recovered and are being analysed, he added.

Dan Goodin reports via Ars Technica: Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known as the Ivanti EPM, the software runs on a variety of platforms, including Windows, macOS, Linux, Chrome OS, and Internet of Things devices such as routers. SQL injection vulnerabilities stem from faulty code that interprets user input as database commands or, in more technical terms, from concatenating data with SQL code without quoting the data in accordance with the SQL syntax. CVE-2023-39336, as the Ivanti vulnerability is tracked, carries a severity rating of 9.6 out of a possible 10.

"If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication," Ivanti officials wrote Friday in a post announcing the patch availability. "This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server." RCE is short for remote code execution, or the ability for off-premises attackers to run code of their choice. Currently, there's no known evidence the vulnerability is under active exploitation. Ivanti has also published a disclosure that is restricted only to registered users. A copy obtained by Ars said Ivanti learned of the vulnerability in October. [...]

Putting devices running Ivanti EDM behind a firewall is a best practice and will go a long way to mitigating the severity of CVE-2023-39336, but it would likely do nothing to prevent an attacker who has gained limited access to an employee workstation from exploiting the critical vulnerability. It's unclear if the vulnerability will come under active exploitation, but the best course of action is for all Ivanti EDM users to install the patch as soon as possible.

Microsoft has begun ditching WordPad from Windows and removed the editor from the first Canary Channel build of 2024. From a report: We knew it was coming, but the reality has arrived in the Canary Channel. A clean install will omit WordPad as of build 26020 of Windows 11. At an undisclosed point, the application will be removed on upgrade.

The People app is also being axed, as expected, and the Steps Recorder won't be getting any more updates and will instead show a banner encouraging users to try something else. Perhaps ClipChamp? WordPad was always an odd tool. Certainly not something one would want to edit text with, but not much of a word processor either. It feels like a throwback to a previous era. However, it was also free, came with Windows, and didn't insist on having a connection to the internet for it to work.

Orange Espana, Spain's second-biggest mobile operator, suffered a major outage on Wednesday after an unknown party obtained a "ridiculously weak" password and used it to access an account for managing the global routing table that controls which networks deliver the company's Internet traffic, researchers said. From a report: The hijacking began around 9:28 Coordinated Universal Time (about 2:28 Pacific time) when the party logged into Orange's RIPE NCC account using the password "ripeadmin" (minus the quotation marks). The RIPE Network Coordination Center is one of five Regional Internet Registries, which are responsible for managing and allocating IP addresses to Internet service providers, telecommunication organizations, and companies that manage their own network infrastructure. RIPE serves 75 countries in Europe, the Middle East, and Central Asia.

The password came to light after the party, using the moniker Snow, posted an image to social media that showed the orange.es email address associated with the RIPE account. RIPE said it's working on ways to beef up account security. Security firm Hudson Rock plugged the email address into a database it maintains to track credentials for sale in online bazaars. In a post, the security firm said the username and "ridiculously weak" password were harvested by information-stealing malware that had been installed on an Orange computer since September. The password was then made available for sale on an infostealer marketplace.

Generative AI models like Google Bard and GitHub Copilot are increasingly being used in various industries, but users often overlook their limitations, leading to serious errors and inefficiencies. Daniel Stenberg of curl and libcurl highlights a specific problem of AI-generated security reports: when reports are made to look better and to appear to have a point, it takes a longer time to research and eventually discard it. "Every security report has to have a human spend time to look at it and assess what it means," adds Stenberg. "The better the crap, the longer time and the more energy we have to spend on the report until we close it." The Register reports: The curl project offers a bug bounty to security researchers who find and report legitimate vulnerabilities. According to Stenberg, the program has paid out over $70,000 in rewards to date. Of 415 vulnerability reports received, 64 have been confirmed as security flaws and 77 have been deemed informative -- bugs without obvious security implications. So about 66 percent of the reports have been invalid. The issue for Stenberg is that these reports still need to be investigated and that takes developer time. And while those submitting bug reports have begun using AI tools to accelerate the process of finding supposed bugs and writing up reports, those reviewing bug reports still rely on human review. The result of this asymmetry is more plausible-sounding reports, because chatbot models can produce detailed, readable text without regard to accuracy.

As Stenberg puts it, AI produces better crap. "A crap report does not help the project at all. It instead takes away developer time and energy from something productive. Partly because security work is considered one of the most important areas so it tends to trump almost everything else." As examples, he cites two reports submitted to HackerOne, a vulnerability reporting community. One claimed to describe Curl CVE-2023-38545 prior to actual disclosure. But Stenberg had to post to the forum to make clear that the bug report was bogus. He said that the report, produced with the help of Google Bard, "reeks of typical AI style hallucinations: it mixes and matches facts and details from old security issues, creating and making up something new that has no connection with reality." [...]

Stenberg readily acknowledges that AI assistance can be genuinely helpful. But he argues that having a human in the loop makes the use and outcome of AI tools much better. Even so, he expects the ease and utility of these tools, coupled with the financial incentive of bug bounties, will lead to more shoddy LLM-generated security reports, to the detriment of those on the receiving end.

An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims. From a report: San Francisco-based Orrick, Herrington & Sutcliffe said last week that hackers stole the personal information and sensitive health data of more than 637,000 data breach victims from a file share on its network during an intrusion in March 2023. Orrick works with companies that are hit by security incidents, including data breaches, to handle regulatory requirements, such as obtaining victims' information in order to notify state authorities and the individuals affected. In a series of data breach notification letters sent to affected individuals, Orrick said the hackers stole reams of data from its systems that pertain to security incidents at other companies, during which Orrick served as legal counsel.

A consumer action group is accusing Starbucks of exploiting customers via its gift card and app payments, forcing them to enter a spending cycle where they will never be able to fully spend the remaining balance of prepaid amounts. From a report: The Washington Consumer Protection Coalition, a self-described "movement of everyday consumers advocating for corporate accountability," is calling on the state attorney general to investigate whether the company's policies violate consumer protection laws.

"Starbucks rigs its payment platform so consumers are encouraged to leave unspent money on their cards and apps," said Chris Carter, campaign manager for the group, in a statement. "A few dollars here and there left on a payment platform may not sound like a lot but it adds up. Over the last five years Starbucks has claimed nearly $900 million in unspent gift card and app money as corporate revenue, boosting corporate profits and inflating executive bonuses."

[...] The group, in a 15-page complaint, alleges the platforms for Starbucks' mobile app and digital payment cards are akin to an "involuntary subscription." Customers can only reload money in $5 increments, with a $10 minimum purchase. That, the group says, prevents customers from ever reaching a zero balance, meaning Starbucks pockets more of the customer's money. The Coalition does concede that customers can reload their accounts in stores for a custom amount of $5 or more, making it easier to hit a zero balance.

LG says it developed a 27-inch OLED gaming monitor that can reach an incredibly high 480Hz refresh rate, promising to usher in an "era of OLEDs featuring ultra-high refresh rates," LG says. From a report: LG says it achieved the 480Hz rate on a QHD 2,560-by-1,440-resolution display. Other vendors, including Alienware and Asus, have also introduced PC monitors that can hit 500Hz. But they did so using IPS or TN panels at a lower 1920-by-1080 resolution. OLED panels, on the other hand, are known for offering stunning color contrasts, and true blacks, resulting in top-notch picture quality.

The 480Hz refresh rate will be overkill for the average gamer. But the ultra-high refresh rate could appeal to competitive players, where latency and smooth gameplay matters. LG adds that the 27-inch OLED monitor features a 0.03-millisecond response time. The OLED panel should also be easier on the eyes during long playthroughs. "The company's Gaming OLEDs emit the lowest level of blue light in the industry and approximately half the amount emitted by premium LCDs," LG says. "This reduction in blue light not only minimizes eye fatigue but also eliminates flickers, providing gamers with more comfortable and enjoyable gaming sessions."

Several prominent museums have been unable to display their collections online since a cyberattack hit a prominent technological service provider that helps hundreds of cultural organizations show their works digitally and manage internal documents. From a report: The Museum of Fine Arts Boston, the Rubin Museum of Art in New York and the Crystal Bridges Museum of American Art in Arkansas were among the institutions confirming that their systems have experienced outages in recent days. The service provider, Gallery Systems, said in a recent message to clients, which was obtained by The New York Times, that it had noticed a problem on Dec. 28, when computers running its software became encrypted and could no longer operate.

"We immediately took steps to isolate those systems and implemented measures to prevent additional systems from being affected, including taking systems offline as a precaution," the company said in the message. "We also launched an investigation and third-party cybersecurity experts were engaged to assist. In addition, we notified law enforcement." Signs of disruption were evident on several museum websites because eMuseum, a tool that usually lets visitors search online collections, was down. There was also disruption behind the scenes: Some curators said that they had returned from their winter vacations to find themselves unable to access sensitive information from another Gallery Systems program called TMS. That system can include the names of donors, loan agreements, provenance records, shipping information and storage locations of priceless artworks.