Slash_Account_Dot shares a report from 404 Media: Hackers are targeting accounts on Kodex, a platform that connects law enforcement agencies and tech companies and which is designed to verify emergency requests for customer data, according to multiple online conversations between hackers viewed by 404 Media. Screenshots from one of the compromised accounts shows a panel where a law enforcement officer, or a hacker, can potentially 'create a new request.' The screenshots show a wide range of companies such as tech giants Meta and Microsoft's LinkedIn; cryptocurrency exchanges Binance and Coinbase; social media platforms Pinterest, Discord, and Snapchat; financial service Fidelity, and gaming platform Roblox. The compromised account appears to belong to a national police force, but the screenshots do not include the agency's full name.

There is no evidence that hackers have successfully used compromised Kodex accounts to obtain data from a tech company, and Matt Donahue, the former FBI agent and now CEO of Kodex, said that multiple compromised accounts 404 Media found did not have authorization to make such requests, and that Kodex had shut down those accounts. But the repeated examples of criminal chatter show that Kodex is a target of interest for hackers.

An anonymous reader shares a report: In 2015, researchers reported a surprising discovery that stoked industry-wide security concerns -- an attack called RowHammer that could corrupt, modify, or steal sensitive data when a simple user-level application repeatedly accessed certain regions of DDR memory chips. In the coming years, memory chipmakers scrambled to develop defenses that prevented the attack, mainly by limiting the number of times programs could open and close the targeted chip regions in a given time. Recently, researchers devised a new method for creating the same types of RowHammer-induced bitflips even on a newer generation of chips, known as DDR4, that have the RowHammer mitigations built into them. Known as RowPress, the new attack works not by "hammering" carefully selected regions repeatedly, but instead by leaving them open for longer periods than normal. Bitflips refer to the phenomenon of bits represented as ones change to zeros and vice versa.

Further amplifying the vulnerability of DDR4 chips to read-disturbance attacks -- the generic term for inducing bitflips through abnormal accesses to memory chips -- RowPress bitflips can be enhanced by combining them with RowHammer accesses. Curiously, raising the temperature of the chip also intensifies the effect. "We demonstrate a proof of concept RowPress program that can cause bitflips in a real system that already employs protections against RowHammer," Onur Mutlu, a professor at ETH Zurich and a co-author of a recently published paper titled RowPress: Amplifying Read Disturbance in Modern DRAM Chips [PDF], wrote in an email. "Note that this is not in itself an attack. It simply shows that bitflips are possible and plenty, which can easily form the basis of an attack. As many prior works in security have shown, once you can induce a bitflip, you can use that bitflip for various attacks."

Discord is overhauling the way it moderates its platform with a new warning system and teen safety assist feature. From a report: The new Discord warning system has been totally revamped to be far more transparent, educating Discord users how they've broken rules and are restricted from parts of the service rather than permanently banning them. "The new system gives users more room to learn from their mistakes and correct misjudgments," explains Savannah Badalich, Discord's senior director of policy, in a briefing with The Verge. "We're moving away from permanent bans to one-year temporary bans for many violations, except for violations that are extremely harmful."

In the coming weeks, Discord will start to limit features for rule breakers, instead of banning them outright. If a Discord user violates the rules, then they'll be met with a DM from Discord letting them know about the warning or violation and what action Discord is taking. So, if a Discord user uploads an image that breaks the rules, they might temporarily take away the ability to post images.

Google has been caught hosting a malicious ad so convincing that there's a decent chance it has managed to trick some of the more security-savvy users who encountered it. From a report: Looking at the ad, which masquerades as a pitch for the open source password manager Keepass, there's no way to know that it's fake. It's on Google, after all, which claims to vet the ads it carries. Making the ruse all the more convincing, clicking on it leads to Äeepass[.]info, which, when viewed in an address bar, appears to be the genuine Keepass site. A closer look at the link, however, shows that the site is not the genuine one. In fact, Äeepass[.]info -- at least when it appears in the address bar -- is just an encoded way of denoting xn--eepass-vbb[.]info, which, it turns out, is pushing a malware family tracked as FakeBat. Combining the ad on Google with a website with an almost identical URL creates a near-perfect storm of deception.

"Users are first deceived via the Google ad that looks entirely legitimate and then again via a lookalike domain," Jerome Segura, head of threat intelligence at security provider Malwarebytes, wrote in a post on Wednesday that revealed the scam. Information from Google's Ad Transparency Center shows that the ads have been running since Saturday and last appeared on Wednesday. The ads were paid for by an outfit called Digital Eagle, which the transparency page says is an advertiser whose identity has been verified by Google.

Ron Amadeo reports via Ars Technica: To help combat the surge of sideloaded malware, Google Play can now pop up a malware scanner at install time if it decides the app you're trying to sideload is interesting. Google Play's malware system, called "Google Play Protect," has always been able to check sideloaded apps for malware, but it used faster techniques like a definition file, and this happened quietly in the background. This new technique will delay your app installation with a full-screen "scanning" interface while Google runs a deep scan of the app code. Google's blog post says this is "real-time scanning at the code-level to combat novel malicious apps" and that Google Play Protect can "recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats."

The scan will involve sending bits and pieces of the app to Google for analysis. Google says: "Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection." [...] Google is first rolling this feature out in India -- a country that topped the malware distribution charts in that 2018 report -- with the company saying the feature "will expand to all regions in the coming months."

An anonymous reader quotes a report from TechCrunch: The same hacker who leaked a trove of user data stolen from the genetic testing company 23andMe two weeks ago has now leaked millions of new user records. On Tuesday, a hacker who goes by Golem published a new dataset of 23andMe user information containing records of four million users on the known cybercrime forum BreachForums. TechCrunch has found that some of the newly leaked stolen data matches known and public 23andMe user and genetic information. Golem claimed the dataset contains information on people who come from Great Britain, including data from "the wealthiest people living in the U.S. and Western Europe on this list."

On October 6, 23andMe announced that hackers had obtained some user data, claiming that to amass the stolen data the hackers used credential stuffing -- a common technique where hackers try combinations of usernames or emails and corresponding passwords that are already public from other data breaches. In response to the incident, 23andMe prompted users to change their passwords and encouraged switching on multi-factor authentication. On its official page addressing the incident, 23andMe said it has launched an investigation with help from "third-party forensic experts." 23andMe blamed the incident on its customers for reusing passwords, and an opt-in feature called DNA Relatives, which allows users to see the data of other opted-in users whose genetic data matches theirs. If a user had this feature turned on, in theory it would allow hackers to scrape data on more than one user by breaking into a single user's account.

Google is making a few changes to the way its search and address bar -- known as the omnibox -- works in the Chrome browser. The changes are individually pretty small, but there's an important and somewhat unexpected trend in them all: Google is making it easier for you to move around the web without having to do so many Google searches. From a report: If you're in Chrome on desktop or mobile, the browser will now try and correct your URL typos, so when you type thevrege.com or ninteendo.com, you'll get autocomplete suggestions based on the right site and not whatever is behind those misspelled domains. The omnibox's autocomplete will now be smarter in general, predicting the site you're looking for based on keywords rather than just guessing what URL you're typing. Chrome can also now search within your bookmarks for sites and files related to what you're typing.

All those features are based on your own browsing history and bookmarks, so it's just Chrome becoming slightly more personalized. But the last change is web-wide and is pretty off-brand for Google: when you start to type in the name of a popular website, the omnibox will show that site's URL in the list of suggestions, and you can select it to go right to that site. (You might have seen this one already: it's been rolling out for a couple of weeks and should be live to everyone now.)

Google security researchers say they have found evidence that government-backed hackers linked to Russia and China are exploiting a since-patched vulnerability in WinRAR, the popular shareware archiving tool for Windows. From a report: The WinRAR vulnerability, first discovered by cybersecurity company Group-IB earlier this year and tracked as CVE-2023-38831, allows attackers to hide malicious scripts in archive files that masquerade as seemingly innocuous images or text documents. Group-IB said the flaw was exploited as a zero-day -- since the developer had zero time to fix the bug before it was exploited -- as far back as April to compromise the devices of at least 130 traders.

Rarlab, which makes the archiving tool, released an updated version of WinRAR (version 6.23) on August 2 to patch the vulnerability. Despite this, Google's Threat Analysis Group (TAG) said this week that its researchers have observed multiple government-backed hacking groups exploiting the security flaw, noting that "many users" who have not updated the app remain vulnerable. In research shared with TechCrunch ahead of its publication, TAG says it has observed multiple campaigns exploiting the WinRAR zero-day bug, which it has tied to state-backed hacking groups with links to Russia and China.

Last year, Andrew Appel, professor of computer science at Princeton University, wrote a 5-part series about Switzerland's e-voting system, highlighting the inherent security vulnerabilities it faces and the safeguards the country has in place. Now, he's writing about an interesting new vulnerability in the system that can be exploited to manipulate votes without anyone knowing. The vulnerability was discovered by Swiss computer scientist Andreas Kuster. From a blog post written by security technologist Bruce Schneier: "The Swiss Post e-voting system aims to protect your vote against vote manipulation and interference. The goal is to achieve this even if your own computer is infected by undetected malware that manipulates a user vote. This protection is implemented by special return codes (Prufcode), printed on the sheet of paper you receive by physical mail. Your computer doesn't know these codes, so even if it's infected by malware, it can't successfully cheat you as long as, you follow the protocol.

Unfortunately, the protocol isn't explained to you on the piece of paper you get by mail. It's only explained to you online, when you visit the e-voting website. And of course, that's part of the problem! If your computer is infected by malware, then it can already present to you a bogus website that instructs you to follow a different protocol, one that is cheatable. To demonstrate this, I built a proof-of-concept demonstration."

Appel again: "Kuster's fake protocol is not exactly what I imagined; it's better. He explains it all in his blog post. Basically, in his malware-manipulated website, instead of displaying the verification codes for the voter to compare with what's on the paper, the website asks the voter to enter the verification codes into a web form. Since the website doesn't know what's on the paper, that web-form entry is just for show. Of course, Kuster did not employ a botnet virus to distribute his malware to real voters! He keeps it contained on his own system and demonstrates it in a video."

Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo, has been sentenced to five years in prison for wire fraud. From a report: Golestan's sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.

In 2018, ARIN sued Golestan and Micfo, alleging they had obtained hundreds of thousands of IP addresses under false pretenses. ARIN and Micfo settled that dispute in arbitration, with Micfo returning most of the addresses that it hadn't already sold. ARIN's civil case caught the attention of federal prosecutors in South Carolina, who in May 2019 filed criminal wire fraud charges against Golestan, alleging he'd orchestrated a network of shell companies and fake identities to prevent ARIN from knowing the addresses were all going to the same buyer.

Amazon has quietly rolled out support for passkeys as it becomes the latest tech giant to join the passwordless future. But you still might have to hold onto your Amazon password for a little while longer. From a report: The option to set up a passkey is now available on the e-commerce giant's website, allowing users to log in using biometric authentication on their device, such as their fingerprint or face scan. Doing so makes it far more difficult for bad actors to remotely access users' accounts, given that the attacker also needs physical access to the user's device.

But Amazon's implementation of passkeys isn't without issues, as noted by Vincent Delitz, co-founder of German tech startup Corbado, who first documented the arrival of passkey support on Amazon. Delitz noted that there is currently no support for passkeys in Amazon's native apps, such as Amazon's shopping app or Prime Video, which TechCrunch has also checked, meaning you still have to use a password to sign-in (for now). What's more, if you've set up a passkey but previously set up two-factor authentication (2FA), Amazon will still prompt you to enter a one-time verification code when logging in, a move Delitz said was "redundant," since passkeys remove the need for 2FA as they are stored on your device.

The US is pushing a group of governments to publicly commit to not make ransom payments to hackers ahead of an annual meeting of more than 45 nations in Washington later this month. From a report: Anne Neuberger, deputy national security adviser, told Bloomberg News that she is "incredibly hopeful" about enlisting support for such a statement but acknowledged it's a "hard policy decision." If members can't agree to the statement in advance of the meeting, then it will be included as a discussion point, she said. [...] The aim of the statement is to change that calculus, Neuberger said. "Ransom payments are what's driving ransomware," she said. "That's the reason we think it's so needed."

AMD has taken down the latest version of its AMD Adrenalin Edition graphics driver after Counter-Strike 2-maker Valve warned that players using its Anti-Lag+ technology would result in a ban under Valve's anti-cheat rules. From a report: AMD first introduced regular Anti-Lag mitigation in its drivers back in 2019, limiting input lag by reducing the amount of queued CPU work when the processor was getting too far ahead of the GPU frame processing. But the newer Anti-Lag+ system -- which was first rolled out for a handful of games last month -- updates this system by "applying frame alignment within the game code itself," according to AMD. That method leads to additional lag reduction of up to 10 ms, according to AMD's data. That additional lag reduction could offer players a bit of a competitive advantage in these games (with the usual arguments about whether that advantage is "unfair" or not). But it's Anti-Lag+'s particular method of altering the "game code itself" that sets off warning bells for the Valve Anti-Cheat (VAC) system. After AMD added Anti-Lag+ support for Counter-Strike 2 in a version 23.10.1 update last week, VAC started issuing bans to unsuspecting AMD users that activated the feature.

"AMD's latest driver has made their 'Anti-Lag/+' feature available for CS2, which is implemented by detouring engine dll functions," Valve wrote on social media Friday. "If you are an AMD customer and play CS2, DO NOT ENABLE ANTI-LAG/+; any tampering with CS code will result in a VAC ban." Beyond Valve, there are also widespread reports of Anti-Lag+ triggering crashes or account bans in competitive online games like Modern Warfare 2 and Apex Legends. But Nvidia users haven't reported any similar problems with the company's Reflex system, which uses SDK-level code adjustments to further reduce input lag in games including Counter-Strike 2.

An anonymous Slashdot reader shared this report from Fortune: What would Drew Houston, CEO of Silicon Valley software giant Dropbox, say to fellow CEOs — like Google's Sundar Pichai or Meta's Mark Zuckerberg — who seem to believe that three days a week in-person is crucial for company culture?

"I'd say, 'your employees have options,'" Houston told Fortune this past week. "They're not resources to control."

While Dropbox used to work near-entirely at its Bay Area headquarters, Houston has completely warmed to a distributed model since the pandemic — and is mystified as to why other leaders haven't joined him. (Houston founded Dropbox in 2007, the year after he graduated from MIT, and has been its CEO ever since.) "From a product design perspective, customers are our employees. We've stitched together this working model based on primary research," he told Fortune at Dropbox's WIP Conference — its first in-person event since 2019 — in New York on Tuesday. "We've just been handed the keys that unlock this whole future of work, which is actually here."

In April 2021, right when most of the country became eligible for vaccines and people began reconvening again across the globe, Dropbox encouraged the opposite. It officially announced its intent to go Virtual First, which meant employees were free to work remotely 90% of the time, only commuting in for the occasional meeting or happy hour... Granted, not everyone got to appreciate the perks. In April, Dropbox laid off 500 employees — 16% of its staff — due to "slowing growth" and "the A.I. era" requiring a reallocation of resources....

Houston and his team have found, in practice, a handful of two- or three-day offsites per quarter — 10% of the year — works best for their people. Crucially, it provides that oft-referenced cultural connect and brainstorming time that pro-office zealots insist upon, without exhausting workers out with a commute grind or needless hours in drab conference rooms.

T2 SDE is not just a Linux distribution, but "a flexible Open Source System Development Environment or Distribution Build Kit," according to a 2022 announcement of its support for 25 CPU architectures, variants, and C libraries. ("Others might even name it Meta Distribution. T2 allows the creation of custom distributions with state of the art technology, up-to-date packages and integrated support for cross compilation.")

And while working on it, Berlin-based T2 Linux developer René Rebe (long-time Slashdot reader ReneR) discovered random illegal instruction speculation on AMD Ryzen 7000-Series and Epyc Zen 4 CPU.

ReneR writes: Merged to Linux 6.6 Git is a fix for the bug now known at AMD as Erratum 1485.

The discovery was possible through continued high CPU load cross-compiling the T2 Linux distribution with support for all CPU architectures from ARM, MIPS, PowerPC, RISC-V to x86 (and more) for 33 build variants. With sustained high CPU load and various instruction sequences being compiled, pseudo random illegal instruction errors were observed and subsequently analyzed.

ExactCODE Research GmbH CTO René Rebe is thrilled that working with AMD engineers lead to a timely mitigation to increase system stability of the still new and highest performance Zen4 platform.
"I found real-world code that might be similar or actually trigger the same bugs in the CPU that are also used for all the Spectre Meltdown and other side-channel security vulnerability mitigations," Rebe says in a video announcement on YouTube.

It took Rebe a tremendous amount of research, and he says now that "all the excessive work changed my mind. Mitigations equals considered harmful... If you want stable, reliable computational results — no, you can't do this. Because as Spectre Meltdown and all the other security issues have proven, the CPUs are nowadays as complex as complex software systems..."

An anonymous reader shared this report from Neowin: The various versions of Windows have used Kerberos as its main authentication protocol for over 20 years. However, in certain circumstances, the OS has to use another method, NTLM (NT LAN Manager). Today, Microsoft announced that it is expanding the use of Kerberos, with the plan to eventually ditch the use of NTLM altogether.

In a blog post, Microsoft stated that NTLM continues to be used by some businesses and organizations for Windows authentication because it "doesn't require local network connection to a Domain Controller." It also is "the only protocol supported when using local accounts" and it "works when you don't know who the target server is." Microsoft states:

These benefits have led to some applications and services hardcoding the use of NTLM instead of trying to use other, more modern authentication protocols like Kerberos. Kerberos provides better security guarantees and is more extensible than NTLM, which is why it is now a preferred default protocol in Windows. The problem is that while businesses can turn off NTLM for authentication, those hardwired apps and services could experience issues. That's why Microsoft has added two new authentication features to Kerberos.
Microsoft's blog post calls it "the evolution of Windows authentication," arguing that "As Windows evolves to meet the needs of our ever-changing world, the way we protect users must also evolve to address modern security challenges..." So, "our team is building new features for Windows 11."

• Initial and Pass Through Authentication Using Kerberos, or IAKerb, "a public extension to the industry standard Kerberos protocol that allows a client without line-of-sight to a Domain Controller to authenticate through a server that does have line-of-sight."

• A local Key Distribution Center (KDC) for Kerberos, "built on top of the local machine's Security Account Manager so remote authentication of local user accounts can be done using Kerberos."

• "We are also fixing hard-coded instances of NTLM built into existing Windows components... shifting these components to use the Negotiate protocol so that Kerberos can be used instead of NTLM... NTLM will continue to be available as a fallback to maintain existing compatibility."

• "We are also introducing improved NTLM auditing and management functionality to give your organization more insight into your NTLM usage and better control for removing it."

"Reducing the use of NTLM will ultimately culminate in it being disabled in Windows 11. We are taking a data-driven approach and monitoring reductions in NTLM usage to determine when it will be safe to disable."

Matthew Sparkes reports via NewScientist: A prominent cryptography expert has told New Scientist that a US spy agency could be weakening a new generation of algorithms designed to protect against hackers equipped with quantum computers. Daniel Bernstein at the University of Illinois Chicago says that the US National Institute of Standards and Technology (NIST) is deliberately obscuring the level of involvement the US National Security Agency (NSA) has in developing new encryption standards for "post-quantum cryptography" (PQC). He also believes that NIST has made errors -- either accidental or deliberate -- in calculations describing the security of the new standards. NIST denies the claims.

Bernstein alleges that NIST's calculations for one of the upcoming PQC standards, Kyber512, are "glaringly wrong," making it appear more secure than it really is. He says that NIST multiplied two numbers together when it would have been more correct to add them, resulting in an artificially high assessment of Kyber512's robustness to attack. "We disagree with his analysis," says Dustin Moody at NIST. "It's a question for which there isn't scientific certainty and intelligent people can have different views. We respect Dan's opinion, but don't agree with what he says." Moody says that Kyber512 meets NIST's "level one" security criteria, which makes it at least as hard to break as a commonly used existing algorithm, AES-128. That said, NIST recommends that, in practice, people should use a stronger version, Kyber768, which Moody says was a suggestion from the algorithm's developers.

NIST is currently in a period of public consultation and hopes to reveal the final standards for PQC algorithms next year so that organizations can begin to adopt them. The Kyber algorithm seems likely to make the cut as it has already progressed through several layers of selection. Given its secretive nature, it is difficult to say for sure whether or not the NSA has influenced the PQC standards, but there have long been suggestions and rumors that the agency deliberately weakens encryption algorithms. In 2013, The New York Times reported that the agency had a budget of $250 million for the task, and intelligence agency documents leaked by Edward Snowden in the same year contained references to the NSA deliberately placing a backdoor in a cryptography algorithm, although that algorithm was later dropped from official standards.

According to the New York Times, Chinese-owned bitcoin mining operations in the United States are causing security concerns due to their proximity to important sites and the potential for cyber threats. The Crypto Times reports: There are some mining facilities close to critical sites such as Microsoft data center for Pentagon's Air Force nuclear's missile base in Wyoming USA. Officials in U.S. fear Chinese espionage activities at these places. These mining operations began after China banned bitcoin mining in 2021. These individuals sometimes maintain connections with the Chinese Communist Party or state-owned companies which may be kept concealed through multiple layers of companies.

Texas has turned out to be a haven for Chinese-linked Bitcoin mining, with some US states having restrictions but Texas offers incentives. This might pose a threat to the power grid or essential infrastructure. A new concern has recently been raised in a report related to a potential cyber strike on the US infrastructure by China in case a major conflict arose.

Computer networking company Sandvine has scrapped an effort to sell US law enforcement agencies a controversial internet surveillance technology that tracks encrypted messages and laid off most of the employees involved in the initiative, Bloomberg News reported Friday, citing four people with knowledge of the matter. From the report: Sandvine had pitched the new product, called "Digital Witness," to governments and law enforcement agencies in Europe, the Middle East, Asia and North America. It was marketed as a tool to covertly monitor people's internet use and encrypted messages sent using popular applications such as Meta Platform's WhatsApp and Signal, according to the people, who asked not to be identified to discuss confidential matters.

Sandvine had already provided trial versions of the technology in the US, these people said. But a combination of broader economic woes and lingering concern over the company's previous work with authoritarian governments hindered the product's success, the people said. Sandvine declined to comment when asked about Digital Witness. The company's marketing materials indicate the product is sold only to law enforcement and government agencies, and it is still listed on Sandvine's website.

India is rolling back its earlier plan to impose restrictions on laptop imports, months after abruptly announcing such plans which came under criticism from industry and Washington. From a report: "India will not impose restrictions on laptop imports," Trade Secretary Sunil Barthwal told a press conference on Friday. He said the government "only wants importers to be on close watch." The import licensing regime, announced on Aug. 3, aimed to "ensure trusted hardware and systems" enter India, but it was delayed by three months after objections from industry and criticism by Washington.