Indonesian President Joko Widodo ordered on Friday an audit of government data centres after officials said the bulk of data affected by a recent ransomware cyberattack was not backed up, exposing the country's vulnerability to such attacks. From a report: Last week's cyberattack, the worst in Indonesia in recent years, has disrupted multiple government services including immigration and operations at major airports. The government has said more than 230 public agencies, including ministries, had been affected, but has refused to pay an $8 million ransom demanded to retrieve the encrypted data.

Responding to the cyberattack, Indonesia's state auditor said the president instructed it to examine the country's data centres. The audit would cover "governance and the financial aspect", said Muhammad Yusuf Ateh, who heads Indonesia's Development and Finance Controller, after attending a cabinet meeting led by Widodo on Friday. Hinsa Siburian, an official who chairs Indonesia's cyber security agency known by its acronym BSSN, has said 98% of the government data stored in one of the two compromised data centres had not been backed up.

TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyberattack on its corporate network. TechCrunch: In a statement Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard). The Germany-based company said its investigation so far points to an initial intrusion on June 26 "tied to credentials of a standard employee account within our corporate IT environment."

TeamViewer said that the cyberattack "was contained" to its corporate network and that the company keeps its internal network and customer systems separate. The company added that it has "no evidence that the threat actor gained access to our product environment or customer data." Martina Dier, a spokesperson for TeamViewer, declined to answer a series of questions from TechCrunch, including whether the company has the technical ability, such as logs, to determine what, if any, data was accessed or exfiltrated from its network.

An anonymous reader quotes a report from Ars Technica: Temu -- the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it -- is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit (PDF) filed Tuesday. Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place." Griffin fears that Temu is capable of accessing virtually all data on a person's phone, exposing both users and non-users to extreme privacy and security risks. It appears that anyone texting or emailing someone with the shopping app installed risks Temu accessing private data, Griffin's suit claimed, which Temu then allegedly monetizes by selling it to third parties, "profiting at the direct expense" of users' privacy rights. "Compounding" risks is the possibility that Temu's Chinese owners, PDD Holdings, are legally obligated to share data with the Chinese government, the lawsuit said, due to Chinese "laws that mandate secret cooperation with China's intelligence apparatus regardless of any data protection guarantees existing in the United States."

Griffin's suit cited an extensive forensic investigation into Temu by Grizzly Research -- which analyzes publicly traded companies to inform investors -- last September. In their report, Grizzly Research alleged that PDD Holdings is a "fraudulent company" and that "Temu is cleverly hidden spyware that poses an urgent security threat to United States national interests." As Griffin sees it, Temu baits users with misleading promises of discounted, quality goods, angling to get access to as much user data as possible by adding addictive features that keep users logged in, like spinning a wheel for deals. Meanwhile hundreds of complaints to the Better Business Bureau showed that Temu's goods are actually low-quality, Griffin alleged, apparently supporting his claim that Temu's end goal isn't to be the world's biggest shopping platform but to steal data. Investigators agreed, the lawsuit said, concluding "we strongly suspect that Temu is already, or intends to, illegally sell stolen data from Western country customers to sustain a business model that is otherwise doomed for failure." Seeking an injunction to stop Temu from allegedly spying on users, Griffin is hoping a jury will find that Temu's alleged practices violated the Arkansas Deceptive Trade Practices Act (ADTPA) and the Arkansas Personal Information Protection Act. If Temu loses, it could be on the hook for $10,000 per violation of the ADTPA and ordered to disgorge profits from data sales and deceptive sales on the app. In a statement to Ars, a Temu spokesperson discredited Grizzly Research's investigation and said that the company was "surprised and disappointed by the Arkansas Attorney General's Office for filing the lawsuit without any independent fact-finding."

"The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded," Temu's spokesperson said. "We categorically deny the allegations and will vigorously defend ourselves."

"We understand that as a new company with an innovative supply chain model, some may misunderstand us at first glance and not welcome us. We are committed to the long-term and believe that scrutiny will ultimately benefit our development. We are confident that our actions and contributions to the community will speak for themselves over time." Last year, Temu was the most downloaded app in the U.S. and has only become more popular as reports of security and privacy risks have come out.

Intel has introduced an advanced optical input/output chiplet, marking what it claims to be a significant leap in data center technology. The optical compute interconnect (OCI) chiplet, unveiled at the Optical Fiber Communication Conference 2024, is designed for integration with CPUs and GPUs and boasts 64 PCIe 5.0 channels transmitting 4 Tbps over 100 meters using fiber optics. Tom's Hardware adds: The chiplet uses dense wavelength division multiplexing (DWDM) wavelengths and consumes only five pico-Joules per bit, significantly more energy-efficient than pluggable optical transceiver modules, which consume about 15 pico-Joules per bit, according to Intel. This device is crucial for next-generation data centers and AI/HPC applications. It will enable high-performance connections for CPU and GPU clusters, coherent memory expansion, and resource disaggregation. These features will be handy for operating supercomputers for large-scale AI models and machine learning tasks that require tremendous data bandwidth.

Brandon Vigliarolo reports via The Register: American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen -- and claimed a former employee at a Microsoft subsidiary is the likely culprit. Geisinger on Monday announced the results of a probe into a November computer security breach, placing the blame on Microsoft-owned Nuance Communications for not cutting off one of its employees' access to corporate files after that person was fired. The Pennsylvania-based healthcare giant uses Nuance as an IT provider. We're told that after the Microsoft-owned entity terminated one of its workers, that staffer two days later may have accessed and taken copies of sensitive records on a huge number of Geisinger patients -- for reasons as yet unknown.

Geisinger -- which says it operates 13 hospitals and has more than 600,000 members -- said it discovered the improper access on November 29, informed Nuance, and the IT supplier immediately cut off the former employee from the healthcare group's data before involving police. "Because it could have impeded their investigation, law enforcement investigators asked Nuance to delay notifying patients of this incident until now," Geisinger claimed, explaining why only now this is coming to light. "The former Nuance employee has been arrested and is facing federal charges." It's not immediately clear if or what charges have been laid -- we've asked Geisinger for details.

Speech recognition firm Nuance performed its own probe, according to Geisinger, and determined that the former employee may have stolen information on a million-plus people. That info would include birth dates, addresses, hospital admission and discharge records, demographic information, and other medical data. The ex-employee didn't swipe insurance or other financial information, the multi-billion-dollar healthcare group stated. "We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges," Geisinger chief privacy officer Jonathan Friesen alleged, adding: "I am sorry that this happened."

National Australia Bank seems to think that monitoring the angle customers hold their phones will offer extra protection against scammers. "Speaking during the Australian Banking Association Conference in Melbourne Wednesday (June 26), CEO Andrew Irvine said the lender introduced more 'friction' to payments processes and new predictive protection tools to spot scammers," reports PYMNTS.com, citing a (paywalled) Bloomberg report. From the report: "We've added tooling that looks at biometrics and the way you actually interact with your devices and how you think about keystrokes," said Irvine, per the report. "If these things are different to how you've used your phone in the past, our intelligence will kick in." Irvine, who called fraudsters the "scourge of our times," also noted that Australia is one of the few countries where bank fraud has declined, the report said.

Still, he said that as scammers have embraced new technology like artificial intelligence, banks have had to shift from making payments fast and simple to adding more steps to protect against fraudulent transactions, per the report. "These threat actors go where the money is," Irvine said, according to the report. "You want to be the best alarm system in the street and right now Australia's leading the way."

Security researchers claim to have discovered exposed API keys in the code of Rabbit's R1 AI device, potentially allowing access to all user responses and company services. The group, known as Rabbitude, says they could send emails from internal Rabbit addresses to demonstrate the vulnerability. 404 Media adds: In a statement, Rabbit said, "Today we were made aware of an alleged data breach. Our security team immediately began investigating it. As of right now, we are not aware of any customer data being leaked or any compromise to our systems. If we learn of any other relevant information, we will provide an update once we have more details."

The U.S. government last week announced an unprecedented ban on selling Russian cybersecurity firm Kaspersky's software, citing national security concerns. The move, effective July 20, has left American resellers confused and worried about its impact. Kaspersky can provide updates to existing customers until September 29, after which the software's effectiveness will diminish. From a report: Avi Fleischer, the founder of Technical Difficulties, told TechCrunch that not only does he sell Kaspersky to his customers, he also uses its products on his phone and personal computer. He added that the ban is "annoying, to say the least," because he will now have to find another antivirus company and migrate all his customers to the new product, which will cost him time and money. "It's just a lot of time lost for nothing. And I don't see how I can even really charge end users for this," Fleischer said in a phone call. "It was my suggestion that they use Kaspersky and now Kaspersky is being banned by the United States government. What am I supposed to do?"

An anonymous reader quotes a report from TorrentFreak: Last week, an in-depth investigative report from JBTC revealed that Korean Internet provider KT, formerly known as Korea Telecom, distributed malware onto subscribers' computers to interfere with and block torrent traffic. File-sharing continues to be very popular in South Korea, but operates differently than in most other countries. "Webhard" services, short for Web Hard Drive, are particularly popular. These are paid BitTorrent-assisted services, which also offer dedicated web seeds, to ensure that files remain available.

Webhard services rely on the BitTorrent-enabled 'Grid System', which became so popular in Korea that ISPs started to notice it. Since these torrent transfers use a lot of bandwidth, which is very costly in the country, providers would rather not have this file-sharing activity on their networks. KT, one of South Korea's largest ISPs with over 16 million subscribers, was previously caught meddling with the Grid System. In 2020, their throttling activities resulted in a court case, where the ISP cited 'network management' costs as the prime reason to interfere. The Court eventually sided with KT, ending the case in its favor, but that wasn't the end of the matter. An investigation launched by the police at the time remains ongoing. New reports now show that the raid on KT's datacenter found that dozens of devices were used in the 'throttling process' and they were doing more than just limiting bandwidth.

When Webhard users started reporting problems four years ago, they didn't simply complain about slow downloads. In fact, the main concern was that several Grid-based Webhard services went offline or reported seemingly unexplainable errors. Since all complaining users were KT subscribers, fingers were pointed in that direction. According to an investigation by Korean news outlet JBTC, the Internet provider actively installed malware on computers of Webhard services. This activity was widespread and effected an estimated 600,000 KT subscribers. The Gyeonggi Southern Police Agency, which carried out the raid and investigation, believes this was an organized hacking attempt. A dedicated KT team allegedly planted malware to eavesdrop on subscribers and interfere with their private file transfers. [...] Why KT allegedly distributed the malware and what it precisely intended to do is unclear. The police believe there were internal KT discussions about network-related costs, suggesting that financial reasons played a role.

Google is switching back to pagination for its search results, abandoning the continuous scroll feature introduced in 2022 for desktop and 2021 for mobile. The change, effective immediately for desktop users, aims to improve search result loading speeds, Google said, adding that infinite scrolling did not significantly enhance user satisfaction. Mobile users will see the change in coming months.

An anonymous reader shares a report: Over the weekend, a clip from a recent interview with Telegram's founder Pavel Durov went semi-viral on X (previously Twitter). In the video, Durov tells right-wing personality Tucker Carlson that he is the only product manager at the company, and that he only employs "about 30 engineers." Security experts say that while Durov was bragging about his Dubai-based company being "super efficient," what he said was actually a red flag for users.

"Without end-to-end encryption, huge numbers of vulnerable targets, and servers located in the UAE? Seems like that would be a security nightmare," Matthew Green, a cryptography expert at Johns Hopkins University, told TechCrunch. (Telegram spokesperson Remi Vaughn disputed this, saying it has no data centers in the UAE.) Green was referring to the fact that -- by default -- chats on Telegram are not end-to-end encrypted like they are on Signal or WhatsApp. A Telegram user has to start a "Secret Chat" to switch on end-to-end encryption, making the messages unreadable to Telegram or anyone other than the intended recipient.

Also, over the years, many people have cast doubt over the quality of Telegram's encryption, given that the company uses its own proprietary encryption algorithm, created by Durov's brother, as he said in an extended version of the Carlson interview. Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation and a longtime expert in the security of at-risk users, said that it's important to remember that Telegram, unlike Signal, is a lot more than just a messaging app.

The Biden administration is investigating China Mobile, China Telecom and China Unicom over concerns the firms could exploit access to American data through their U.S. cloud and internet businesses by providing it to Beijing, Reuters reported Tuesday, citing sources familiar with the matter. From the report: The companies still have a small presence in the United States, for example, providing cloud services and routing wholesale U.S. internet traffic. That gives them access to Americans' data even after telecom regulators barred them from providing telephone and retail internet services in the United States.

Reuters found no evidence the companies intentionally provided sensitive U.S. data to the Chinese government or committed any other type of wrongdoing. The investigation is the latest effort by Washington to prevent Beijing from exploiting Chinese firms' access to U.S. data to harm companies, Americans or national security, as part of a deepening tech war between the geopolitical rivals. It shows the administration is trying to shut down all remaining avenues for Chinese companies already targeted by Washington to obtain U.S. data.

An anonymous reader shares a report: Microsoft has made OneDrive slightly more annoying for Windows 11 users. Quietly and without any announcement, the company changed Windows 11's initial setup so that it could turn on the automatic folder backup without asking for it. Now, those setting up a new Windows computer the way Microsoft wants them to (in other words, connected to the internet and signed into a Microsoft account) will get to their desktops with OneDrive already syncing stuff from folders like Desktop Pictures, Documents, Music, and Videos.

Depending on how much is stored there, you might end up with a desktop and other folders filled to the brim with shortcuts to various stuff right after finishing a clean Windows installation. Automatic folder backup in OneDrive is a very useful feature when used properly and when the user deliberately enables it. However, Microsoft decided that sending a few notification prompts to enable folder backup was not enough, so it just turned the feature on without asking anybody or even letting users know about it, resulting in a flood of Reddit posts about users complaining about what the hell are those green checkmarks next to files and shortcuts on their desktops.

An anonymous reader quotes a report from the Associated Press: Car dealerships in North America continue to wrestle with major disruptions that started last week with cyberattacks on a software company used widely in the auto retail sales sector. CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations. For prospective car buyers, that's meant delays at dealerships or vehicle orders written up by hand. There's no immediate end in sight, with CDK saying it expects the restoration process to take "several days" to complete. On Monday, Group 1 Automotive Inc., a $4 billion automotive retailer, said that it continued to use "alternative processes" to sell cars to its customers. Lithia Motors and AutoNation, two other dealership chains, also disclosed that they implemented workarounds to keep their operations going. [...]

Several major auto companies -- including Stellantis, Ford and BMW -- confirmed to The Associated Press last week that the CDK outage had impacted some of their dealers, but that sales operations continue. In light of the ongoing situation, a spokesperson for Stellantis said Friday that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand. A Ford spokesperson added that the outage may cause "some delays and inconveniences at some dealers and for some customers." However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.

Group 1 Automotive Inc., which owns 202 automotive dealerships, 264 franchises, and 42 collision centers in the U.S. and the United Kingdom, said Monday that the incident has disrupted its business applications and processes in its U.S. operations that rely on CDK's dealers' systems. The company said that it took measures to protect and isolate its systems from CDK's platform. All Group 1 U.S. dealerships will continue to conduct business using alternative processes until CDK's dealers' systems are available, the company said Monday. Group 1's dealerships in the U.K. don't use CDK's dealers' systems and are not impacted by the incident. In regulatory filings, Lithia Motors and AutoNation disclosed that last week's incident at CDK had disrupted their operations as well. Lithia said it activated cyber incident response procedures, which included "severing business service connections between the company's systems and CDK's." AutoNation said it also took steps to protect its systems and data -- adding that all of its locations remain open "albeit with lower productivity," as many are served manually or through alternative processes.

Microsoft has received a thumbs-up from iFixit, with a provisional 8 out of 10 for repairability on its latest Surface Pro and Laptop devices. From a report: Despite some issues with software recovery, the devices have been built for hardware repairability. It is quite the turnaround from the days of the first iteration of the Surface Laptop, in which the iFixit team was forced to use a scalpel to get into the device. "This is definitely not going back together without a roll of duct tape," the team observed during the 2017 teardown. In comparison, the team described Microsoft's latest laptop as "an astonishingly repair friendly device."

Where once there might have been glue or fragile clips, there are now screws and even QR codes linking to the service manuals (made available on release day, according to iFixit). Stripping the device is a breeze, assuming the correct tools are used. Microsoft has helpfully provided "Wayfinders" to indicate the type and quantity of screws being used to secure components, meaning that a repairer could even do without the online guides when pulling the hardware apart.

Microsoft has quietly erased instructions for switching to a local account on Windows 11 from its official support website. The move took place between June 12 and June 17, 2024, according to Tom's Hardware. The tech giant has been increasingly pushing users towards Microsoft Account logins, citing benefits like enhanced security and cross-device syncing. While the option to use a local account still exists, this latest development suggests Microsoft is steering users away from it.

America's National Labor Relations Board "has filed a complaint against Amazon..." reports the Verge, "that alleges the company 'unlawfully disciplined and terminated an employee' after they assisted in organizing walkouts last May in protest of Amazon's new return-to-work [three days per week] directives, issued early last year." [T]housands of Amazon employees signed petitions against the new mandate and staged a walkout several months later. Despite the protests and pushback, according to a report by Insider, in a meeting in early August 2023, Jassy reaffirmed the company's commitment to employees returning to the office for the majority of the week.

The NLRB complaint alleges Amazon "interrogated" employees about the walkout using its internal Chime system. The employee was first put on a performance improvement plan by Amazon following their organizing efforts for the walkout and later "offered a severance payment of nine weeks' salary if the employee signed a severance agreement and global release in exchange for their resignation." According to the NLRB's lawyers, all of that was because the employee engaged in organizing, and the retaliation was intended to discourage "...protected, concerted activities...."

The NLRB's general counsel is seeking several different forms of remediation from Amazon, including reimbursement for the employee's "financial harms and search-for-work and work related expenses," a letter of apology, and a "Notice to Employees" that must be physically posted at the company's facilities across the country, distributed electronically, and read by an Amazon rep at a recorded videoconference.
Amazon says their actions were entirely unrelated to the workers activism against their return-to-work policies. An Amazon spokesperson told the Verge that instead, the employee "consistently underperformed over a period of nearly a year and repeatedly failed to deliver on projects she was assigned. Despite extensive support and coaching, the former employee was unable to improve her performance and chose to leave the company."

An anonymous reader shared this report from the Associated Press: An investigation into a ransomware attack earlier this month on London hospitals by the Russian group Qilin could take weeks to complete, the country's state-run National Health Service said Friday, as concerns grow over a reported data dump of patient records. Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 attack on NHS provider Synnovis, which provides pathology services primarily in southeast London...

NHS England said Friday that it has been "made aware" that data connected to the attack have been published online. According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth and descriptions of blood tests, on their darknet site and Telegram channel... According to Saturday's edition of the Guardian newspaper, records covering 300 million patient interactions, including the results of blood tests for HIV and cancer, were stolen during the attack.

A website and helpline has been set up for patients affected.

The Linux Foundation's "Open Source Security Foundation" (or OpenSSF) is a cross-industry forum to "secure the development, maintenance, and consumption of the open source software". And now the OpenSSF has launched a new mailing list "which aims to monitor the threat landscape of open-source project vulnerabilities," reports I Programmer, "in order to provide real time alerts to anyone subscribed."

The Record explains its origins: OpenSSF General Manager Omkhar Arasaratnam said that at a recent open source event, members of the community ran a tabletop exercise where they simulated a security incident involving the discovery of a zero-day vulnerability. They worked their way through the open source ecosystem — from cloud providers to maintainers to end users — clearly defining how the discovery of a vulnerability would be dealt with from top to bottom. But one of the places where they found a gap is in the dissemination of information widely.

"What we lack within the open source community is a place in which we can convene to distribute indicators of compromise (IOCs) and threats, tactics and procedures (TTPs) in a way that will allow the community to identify threats when our packages are under attack," Arasaratnam said... "[W]e're going to be standing up a mailing list for which we can share this information throughout the community and there can be discussion of things that are being seen. And that's one of the ways that we're responding to this gap that we saw...." The Siren mailing list will encourage public discussions on security flaws, concepts, and practices in the open source community with individuals who are not typically engaged in traditional upstream communication channels...

Members of the Siren email list will get real-time updates about emerging threats that may be relevant to their projects... OpenSSF has created a signup page for those interested and urged others to share the email list to other open source community members...
OpenSSF ecyosystem strategist Christopher Robinson (also security communications director for Intel) told the site he expects government agencies and security researchers to be involved in the effort. And he issued this joint statement with OpenSSF ecosystem strategist Bennett Pursell: By leveraging the collective knowledge and expertise of the open source community and other security experts, the OpenSSF Siren empowers projects of all sizes to bolster their cybersecurity defenses and increase their overall awareness of malicious activities. Whether you're a developer, maintainer, or security enthusiast, your participation is vital in safeguarding the integrity of open source software.
In less than a month, the mailing list has already grown to over 800 members...

An anonymous reader quotes a report from TechCrunch: A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum. On Thursday, a hacker put up for sale the alleged stolen data from TEG, claiming to have information of 30 million users, including the full name, gender, date of birth, username, hashed passwords, and email addresses. In late May, TEG-owned ticketing company Ticketek disclosed a data breach affecting Australian customers' data, "which is stored in a cloud-based platform, hosted by a reputable, global third party supplier."

The company said that "no Ticketek customer account has been compromised," thanks to the encryption methods used to store their passwords. TEG conceded, however, that "customer names, dates of birth and email addresses may have been impacted" -- data that would line up with that advertised on the hacking forum. The hacker included a sample of the alleged stolen data in their post. TechCrunch confirmed that at least some of the data published on the forum appears legitimate by attempting to sign up for new accounts using the published email addresses. In a number of cases, Ticketek's website gave an error, suggesting the email addresses are already in use. There's evidence that the company's "cloud-based platform" provider is Snowflake, "which has been at the center of a recent series of data thefts affecting several of its customers, including Ticketmaster, Santander Bank, and others," notes TechCrunch.

"A now-deleted post on Snowflake's website from January 2023 was titled: 'TEG Personalizes Live Entertainment Experiences with Snowflake.' In 2022, consulting company Altis published a case study (PDF) detailing how the company, working with TEG, 'built a modern data platform for ingesting streaming data into Snowflake.'"