The FBI said Tuesday that it has taken down a network of hacked devices responsible for extorting tens of millions of dollars from victims around the world. From a report: US officials described the network known as Qakbot as one of the most notorious "botnets" in the world, referring to computer networks that have been infected with malicious software so that they can be controlled remotely without the owner's knowledge -- often to send phishing emails. These emails can in turn be used to hack into victims' computer systems, which attackers will hold for ransom.

Qakbot was instrumental in enabling cyberattacks against businesses and critical services around the world, according to US officials, including hits on the San Bernardino County Sheriff's Department and hospitals run by Prospect Medical Group. The latter resulted in the closure of emergency rooms and medical facilities across the US. US officials estimated that, since its creation in 2008, Qakbot had infected around 200,000 computers in the US and 700,000 globally.

Flights in and out of Britain will be disrupted for days, the U.K. government said on Tuesday, after a technical issue with the country's air traffic control system left thousands of passengers stranded abroad or facing severe delays. From a report: Around 280 flights were canceled on Tuesday, about 5 percent of the total scheduled to leave or arrive in Britain, according to Cirium, an aviation analytics company, compounding travel woes for British holidaymakers after more than a thousand flights were canceled the day before. The trouble came at a particularly busy time for travelers in Britain, many of whom were returning home from summer vacation or long weekends because Monday was a public holiday in the country.

"The timing was not at all helpful for people," Mark Harper, the government minister responsible for transport policy, told the BBC on Tuesday morning. "It's disrupted thousands of people. Lots of flights were canceled yesterday because of the imperative to keep the system working safely, and it is going to take some days to get completely everybody back to where they should be." He added that the government's technical experts had concluded that the episode was not a cyberattack. Britain's National Air Traffic Service, which runs air traffic control, said on Monday that a failure of the automatic system that processes plane routes meant that, for several hours, flight plans had to be entered manually.

Hosting platform WordPress has announced a new century-long domain registration plan for users who want to ensure a lifelong digital legacy. From a report: Its new 100-year plan is designed to give users "the ultimate security and longevity for their digital presence" at a cost of $38,000 -- working out at $380 per year of the plan. While average domain registrations range from one year to a maximum of 10 years, WordPress's new plan allows users to secure their domain for 100 years.

The plan comes with other features as well, such as multiple backups of content across geographically distributed data centres, unmetered bandwidth and "personalised" 24/7 support. The company also claims the plan comes with "enhanced ownership protocols" and "top-tier" managed hosting. In a statement, the company said the offering could be used by families who wish to preserve their digital assets such as stories, photos, sounds and videos or by founders who want to protect and document their company's history.

When Amazon Linux 2023 was released on March 15, it was supposed to be offered as a virtual machine image that organizations could run on their own servers. From a report: "When Amazon Linux 2023 becomes generally available, it will be provided as a virtual machine image for on-premises use, enabling you to easily develop, test, and certify applications from a local development environment," the web titan's FAQs stated at the time. "This option is not available during the preview." But that commitment has since vanished from the FAQ: it's not there right now nor in this capture of the page on June 2. And it's not clear whether Amazon intends to enable on-premises usage of its Linux distribution.

Those who use Linux in their businesses have been asking Amazon to clarify the situation for eighteen months, starting with a GitHub Issues feature request opened on March 15, 2022, and a similar inquiry posted a year later. In late June, Rotan Hanrahan, a technology consultant based in Dublin, Ireland, chided Amazon for failing to explain what's going on. "I see no evidence of any outreach to the community to explain this, nor any requests for technical assistance (assuming the issue is technical)," he wrote. "If the issue is bureaucratic in nature, we might never see the promised VM image. Some clarification from Amazon is overdue."

Microsoft has made some of its certification exams open book affairs, allowing access to its learning portal while candidates sit tests. From a report: "On August 22, we will begin updating our exams so that you will be able to access Microsoft Learn as you complete your exam," wrote Liberty Munson, director of psychometrics at Microsoft's Worldwide Learning organization. Microsoft Learn is a portal that links to product documentation, tutorials, code fragments, and other technical material.

Much of that content will be available during exams, although a technical Q&A service will remain hidden. The open book exams will be offered to candidates sitting exams for the role-based certifications Microsoft offers for job titles including Azure Administrator, Developer, Solutions Architect, DevOps Engineer; Microsoft 365 Modern Desktop Administrator, and Enterprise Administrator. Exams at Associate, Expert, and Specialty levels of competency will all offer access to the Learn portal. The material will become available for all role-based and specialty exams, in all languages, by mid-September 2023. Looking up material on Learn won't stop the clock during an exam, and the experience of taking the test will remain unchanged -- other than allowing candidates to open a window in which to view the educational portal.

The Polish Railway's radio system was hacked on Friday and Saturday, bringing 20 freight and passenger trains to an unprecedented standstill. The hack, believed to be carried out by Russia, took advantage of a critical flaw in the railway's radio security system, with the issue reportedly restored within hours. From a report: An investigation into the cyberattack is underway, and the Polish Press Agency (PAP) reported that the radio signals sent to stop the trains were interspersed with a recording of Russia's national anthem and a speech by Russian President Vladimir Putin.

Poland is an important transportation hub that brings much-needed weapons supplied by Western countries and other aid to Ukraine amid the Russian invasion, and Senior Security Official Stanislaw Zaryn told PAP: "For the moment, we are ruling nothing out." He continued: "We know that for some months there have been attempts to destabilize the Polish state. Such attempts have been undertaken by the Russian Federation in conjunction with Belarus." Train services were reportedly restored within hours and the Polish State Railways said in a statement that "there is no threat to rail passengers" and the cyberattack only caused "difficulties in the running of trains."

Slash_Account_Dot writes: Hackers are able to grab a target's IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it. Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.

72-year-old Bjarne Stroustrup invented C++ (first released in 1985). 38 years later, he gave a short interview for Honeypot.io (which calls itself "Europe's largest tech-focused job platform") offering his own advice for life: Don't overspecialize. Don't be too sure that you know the future. Be flexible, and remember that careers and jobs are a long-term thing. Too many young people think they can optimize something, and then they find they've spent a couple of years or more specializing in something that may not have been the right thing. And in the process they burn out, because they haven't spent enough time building up friendships and having a life outside computing.

I meet a lot of sort of — I don't know what you call them, "junior geeks"? — that just think that the only thing that matters is the speciality of computing — programming or AI or graphics or something like that. And — well, it isn't... And if they do nothing else, well — if you don't communicate your ideas, you can just as well do Sudoku... You have to communicate. And a lot of sort of caricature nerds forget that. They think that if they can just write the best code, they'll change the world. But you have to be able to listen. You have to be able to communicate with your would-be users and learn from them. And you have to be able to communicate your ideas to them.

So you can't just do code. You have to do something about culture and how to express ideas. I mean, I never regretted the time I spent on history and on math. Math sharpens your mind, history gives you some idea of your limitations and what's going on in the world. And so don't be too sure. Take time to have a balanced life.

And be ready for the opportunity. I mean, a broad-based education, a broad-based skill set — which is what you build up when you educate, you're basically building a portfolio of skills — means that you can take advantage of an opportunity when it comes along. You can recognize it sometimes. We have lots of opportunities. But a lot of them, we either can't take advantage of, or we don't notice. It was my fairly broad education — I've done standard computer science, I've done compilers, I've done multiple languages... I think I knew two dozen at the time. And I have done machine architecture, I've done operating systems. And that skill set turned out to be useful.
At the beginning of the video, Stroustrup jokes that it's hard to give advice — and that it's at least as difficult as it is to take advice.

Earlier this year, Bjarne also told the same site the story of how he became a programmer by mistake — misreading a word when choosing what to study afer his high school exams. Stroustrup had thought he was signing up for an applied mathematics course, which instead turned to be a class in computer science...

Google Chrome is adding a read-aloud option to its reading mode, allowing users to have articles read to them like an audiobook. Android Police reports: Google is actively working to bring additional features to its reading mode, and a handy read-aloud option is already on the way for the Chrome browser. As the name suggests, read aloud basically reads out the entire article, as if you're listening to an audiobook, with text-to-speech (TTS) capabilities. Again, a few mainstream browsers and apps like Pocket already have the feature, but Google Chrome is only now rolling it out through the Canary channel.

When you open an article in Chrome Canary's reading mode on the desktop, you will see a new option, as spotted by browser expert Leopeva64. You can use this tiny play button to get the browser to read the article aloud for you. In the video sample shared by the user, you can hear what the narration sounds like -- and it isn't very pleasing. The voice output sounds pretty robotic as it used to be in the early days of TTS conversions, which is especially ironic coming from Google, which has some of the most natural-sounding voice models at its disposal. This clearly indicates that the read-aloud feature is in its early stages of development and will take some time before it becomes ready for prime time.

An anonymous reader quotes a report from Ars Technica: A federal judge yesterday granted Google's motion to dismiss a lawsuit filed by the Republican National Committee (RNC), which claims that Google intentionally used Gmail's spam filter to suppress Republicans' fundraising emails. An order (PDF) dismissing the lawsuit was issued yesterday by US District Judge Daniel Calabretta. The RNC is seeking "recovery for donations it allegedly lost as a result of its emails not being delivered to its supporters' inboxes," Calabretta noted. But Google correctly argued that the lawsuit claims are barred by Section 230 of the Communications Decency Act, the judge wrote. The RNC lawsuit was filed in October 2022 in US District Court for the Eastern District of California.

"While it is a close case, the Court concludes that... the RNC has not sufficiently pled that Google acted in bad faith in filtering the RNC's messages into Gmail users' spam folders, and that doing so was protected by Section 230. On the merits, the Court concludes that each of the RNC's claims fail as a matter of law for the reasons described below," he wrote. Calabretta, a Biden appointee, called it "concerning that Gmail's spam filter has a disparate impact on the emails of one political party, and that Google is aware of and has not yet been able to correct this bias." But he noted that "other large email providers have exhibited some sort of political bias" and that if Google did not filter spam, it would harm its users by subjecting them "to harmful malware or harassing messages. On the whole, Google's spam filter, though in this instance imperfect, is not morally blameworthy."

The RNC was given leave to amend another claim that alleged intentional interference with prospective economic relations under California law. The judge dismissed the claim as follows: "The RNC argues that Google's conduct was independently wrongful because '(1) it is political discrimination against the RNC, (2) it is dishonest to Google's users and the public, and (3) Google repeatedly lied about it.' As established above, political discrimination is not prohibited by California anti-discrimination laws and so Google's alleged discrimination would not be unlawful. The latter two reasons do not provide a 'determinable legal standard' under which the Court could find the conduct wrongful; they rest on a 'nebulous' theory of wrongfulness which other courts have rejected." The RNC "has failed to establish that Defendant's alleged interference constituted a separate, independently 'wrongful act' that would be an appropriate predicate offense" but "will be granted leave to amend this claim to establish that Defendant's conduct was unlawful by some legal measure," Calabretta wrote. Google said in a statement: "We welcome the Court's finding that there are no plausible allegations that Gmail's spam filters discriminate for political purposes. We will continue investing in spam-filtering technologies that protect people from unwanted emails while still allowing senders to reach the inboxes of users who want their messages."

Afghanistan's Taliban-led government is working with Huawei to install a wide-ranging surveillance system across the country in an effort to identify and target insurgents or terrorism activities, Bloomberg News reported Friday, citing a person familiar with the discussions. From the report: Representatives of the Shenzhen-headquartered tech company met with Interior Ministry officials on Aug. 14, the person said, and a verbal agreement was reached regarding the contract. The Interior Ministry initially posted images and details of the meeting on X, the social media platform formerly known as Twitter. In one post, spokesman Mufti Abdul Mateen Qani said the advanced camera system was being considered "in every province of Afghanistan."

The posts, which were later deleted, included comments from Abdullah Mukhtar, the deputy minister of the ministry. "We are willing to accept projects that are better in terms of quality and price," he said. "Reports on this meeting are factually incorrect. No plans or agreements were discussed," Huawei said in an emailed statement.

Citizen is temporarily suspending sales of its second-gen CZ Smart watch due to a "technical issue." From a report: The Wear OS watch, which launched in May, had a feature based on tech from IBM's Watson and NASA to track a person's alertness. It appears the decision stems from negative experiences from reviewers. Michael Fisher -- better known as MrMobile on YouTube -- noted that Citizen said it would suspend sales after he had reached out to the company about the watch's many issues. That was corroborated by a Wired story, in which reviewer Julian Chokkattu also detailed several bugs, like laggy screens, bad battery life, inaccurate tracking, and watchfaces that can't even tell the correct time.

Gmail only asks for your user credentials during the initial login, and that login session can last for weeks at a time. That's not as secure as it could be, so soon Gmail will start posting 2FA challenges if you try to access any "sensitive" settings, even when you're already logged in. From a report: The newly protected settings are for filters, account forwarding, and IMAP. Soon, poking around in any of these options will boot you into a "Verify it's you" 2FA prompt, and you'll have to pass the challenge on your phone (these settings are only available on the web). If this 2FA challenge is failed or not answered, you'll get a bright red "Critical security alert" pop-up alerting you to the attempt on all your trusted devices.

Dropbox, a provider of online data storage, is ending its unlimited option, saying a small handful of customers were using massive amounts of resources that had the potential to degrade the cloud service for the rest of its clients. From a report: The company's highest-tier "all the space you need" storage plan will be capped at about 5 terabytes per user for new customers, the company said in a blog post.

While the plan was designed for businesses, some clients were instead using it for cryptocurrency mining, pooling storage with strangers, or re-selling the cloud service, Dropbox said. These uses "frequently consume thousands of times more storage than our genuine business customers, which risks creating an unreliable experience for all of our customers," the company said. [...] The change follows Alphabet's Google removing "as much storage as you need" product branding for its highest-tier Workspace plan in May, according to copies of its website hosted on the Wayback Machine.

Fiber-optic cables that were damaged by a rockfall in an undersea canyon, resulting in slow internet connections in some parts of Africa, should be repaired next month by a specialized vessel, according to telecommunication companies. From a report: The West Africa Cable System that runs about 16,000 kilometers (9,950 miles) along the sea floor from Europe to southern Africa was damaged with other lines earlier this month. The 40-year-old cable-layer vessel Leon Thevenin, named after a French telegraph engineer, was moored in Cape Town this week, according to tracking data compiled by Bloomberg. It's capable of working in extreme conditions and in shallow or deep water, according to owner Orange Marine, a submarine telecommunications company. All South African networks are currently experiencing disruptions due to the damaged lines, said Anne-Caroline Tanguy, a spokeswoman at Cloudflare, a company that provides load balancing and analysis. The repairs are expected to be finished in September.

An anonymous reader quotes a report from Ars Technica: A newly discovered zeroday in the widely used WinRAR file-compression program has been under exploit for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives. The vulnerability, residing in the way WinRAR processes the ZIP file format, has been under active exploit since April in securities trading forums, researchers from security firm Group IB reported Wednesday. The attackers have been using the vulnerability to remotely execute code that installs malware from families including DarkMe, GuLoader, and Remcos RAT. From there, the criminals withdraw money from broker accounts. The total amount of financial losses and total number of victims infected is unknown, although Group-IB said it has tracked at least 130 individuals known to have been compromised. WinRAR developers fixed the vulnerability, tracked as CVE-2023-38831, earlier this month. "By exploiting a vulnerability within this program, threat actors were able to craft ZIP archives that serve as carriers for various malware families," Group-IB Malware Analyst Andrey Polovinkin wrote. "Weaponized ZIP archives were distributed on trading forums. Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. This vulnerability has been exploited since April 2023."

It's recommended that you update to version 6.23 before using WinRAR again.

Namecheap, in a blog post: At Namecheap, we've consistently stood up for our users by challenging arbitrary domain price increases. As we approach another price increase for .COM and .XYZ domains this September, we wanted to ensure our customers are informed so you can continue to get the best value for your investments. All .COM domain renewals will see an approximate 9% increase. This price increase will happen across registrars, not just Namecheap. The new prices will take effect on September 1st. .XYZ domains will also experience a price increase.

We recommend our existing domain customers renew .COM domains before September to lock in the current rates for the coming year. Prospective registrants should likewise consider registering before the price increase to lock in existing prices. Alternatively, you might consider alternatives to .COM. Depending on the top-level domain, these options could be more budget-friendly

In a Thursday memo, Meta's "Head of People" told employees "that their managers would receive their badge data and that repeated violations of the new three-day-a-week requirement could cause workers to lose their jobs," writes SFGate (citing a report from Insider): In June, the Menlo Park-based firm announced its plan to require that most employees work from an office at least three days each week — it goes into effect Sept. 5... Meta confirmed the update to SFGATE... Goler's note on the return-to-office requirements, Insider reports, reads, "As with other company policies, repeated violations may result in disciplinary action, up to and including a Performance rating drop and, ultimately, termination if not addressed."

As for employees who are grandfathered into a remote work arrangement (the firm bars managers from opening more of these positions), the note lays down a strict policy: If remote employees consistently come into the office more than four times every two months outside major events, they'll be shifted to the three-day-a-week plan.

"We believe that distributed work will continue to be important in the future, particularly as our technology improves," a Meta spokesperson said in a statement sent to SFGATE. "In the near-term, our in-person focus is designed to support a strong, valuable experience for our people who have chosen to work from the office, and we're being thoughtful and intentional about where we invest in remote work."
The article notes that Mark Zuckerberg told The Verge in 2020 that Meta would become "the most forward-leaning company on remote work at our scale," speculating that half the company could be permanently remote within a decade.

"However, in 2023, which Zuckerberg dubbed Meta's 'year of efficiency,' employees have seen a remote-first culture melt away. In March, as the executive announced 10,000 layoffs on top of a huge cut in November, he wrote that early-career engineers do better when they're working in person at least three days a week."

Amazon held an all-hands meeting where Adam Selipsky, head of Amazon's cloud computing business, "wouldn't give employees any data to back up the decision to require workers to come back to the office," reports the Seattle Times.

"But he did have some stories to share, according to an Amazon Web Services employee who attended the all-hands meeting," with one anecdote highlighting "the serendipity" that can happen with a return to the office. For some Amazon employees, "serendipity" isn't enough. Workers who have asked the company to share data have been provided anecdotes and a consistent trope that innovation is more likely to happen in person. That has left some workers feeling demoralized, distracted and undervalued as they struggle to stay focused and motivated, according to interviews and internal communications shared with The Times. An Amazon manager, who is based on the East Coast and asked to speak anonymously to protect their job, said it is "dehumanizing," and feels as if leadership doesn't trust its employees to understand their reasoning. In Slack messages, employees anonymously posted that Amazon's decisions were "dystopian" and creating "just a horrible situation...."

The company declined requests from The Times to share any data points that factored into its decision to change the remote work policy. Amazon workers have been asking the company for more information since it announced the change in February. The mandate went into effect in May... Mike Hopkins, senior vice president at Prime Video and Amazon Studios, told employees at another all-hands meeting that the return to office is working, according to a copy of his remarks Amazon shared with The Times. "I don't have data to back it up, but I know it's better...." The East Coast-based manager said they've been less productive since returning to the office. Without any cubicles or assigned workspaces, there is no privacy, they said. Anyone can overhear your phone call or peek at your monitor...

Amazon contends the return has gone well, both for workers and the communities where it operates. In Seattle, Amazon's return to its South Lake Union campus has led to an 82% increase in foot traffic between May and July and an 86% increase in credit card transactions at restaurants in the neighborhood, according to data shared from Amazon.
"Some employees welcomed the return to office mandate, and told The Times they were looking forward to seeing co-workers in person, solidifying a distinction between work and home, and drumming up business for the shops and restaurants around Amazon's campus."

IBM's business research organization (the IBM Institute for Business Value), released results from a new global study. Its conclusion? "The world of work has changed compared to even six months ago." Executives surveyed estimate that 40% of their workforce will need to reskill as a result of implementing AI and automation over the next three years. That could translate to 1.4 billion of the 3.4 billion people in the global workforce, according to World Bank statistics. Respondents also report that building new skills for existing employees is a top talent issue.

Workers at all levels could feel the effects of generative AI, but entry-level employees are expected to see the biggest shift. Seventy-seven percent of executive respondents say entry-level positions are already seeing the effects of generative AI and that will intensify in the next few years. Only 22% of respondents report the same for executive or senior management roles.

AI can open up more possibilities for employees by enhancing their capabilities. In fact, 87% of executives surveyed believe employees are more likely to be augmented than replaced by generative AI. That varies across functions — 97% of executives think employees in procurement are more likely to be augmented than replaced, compared to 93% for employees in risk and compliance, 93% for finance, 77% for customer service and 73% for marketing...

With AI primed to take on more manual and repetitive tasks, employees surveyed report engaging in impactful work is the top factor they care about beyond compensation and job security — more important than flexible work arrangements, growth opportunities and equity. On top of that, nearly half of employees surveyed believe the work they do is far more important than who they work for or who they work with regularly...
ZDNet explains the report's methodology: To find answers to these questions, IBM pulled data from two prior studies, one survey of 3,000 C-level executives across 28 countries and another of 21,000 workers in 22 nations...

According to IBM IBV research, tech adopters who successfully reskill to adapt "technology-driven job changes report a revenue growth rate premium of 15% on average" and those who focus on AI "see a 36% higher revenue growth rate than their peers." "AI won't replace people — but people who use AI will replace people who don't," said IBM in the report.

The new skill paradigm shifts technical skills that were typically prioritized, such as proficiency in STEM, which was the most critical skill in 2016, to the least priority in 2023. The reason is that now tools like ChatGPT allow workers to do more with less knowledge, as noted by the report. Now there is a bigger emphasis on people skills such as team management, the ability to work effectively in team environments, the ability to communicate effectively, and the willingness to be adaptable to change, which all shifted to top the most critical skills required of the workforce in 2023.
The report ultimately suggests HR leaders redesign work and operating models "to shepherd their organizations into the future."