National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS, has confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people. TechCrunch: The private media conglomerate said in a legally required filing with Maine's attorney general that hackers stole personal information on 82,128 people during a December 2022 data breach. Details of the December 2022 breach only came to light a year later, after the company began notifying those affected last week.

According to Maine's notice, the company discovered the breach months later in August 2023, but did not say what specific personal information was taken. The data breach notice filed with Maine said that hackers also stole financial information, such as banking account numbers or credit card numbers in combination with associated security codes, passwords or secrets.

An anonymous reader writes: If you've ever performed a fresh reinstall of Windows 11, you'll know how long it takes and how much effort you need to make to get it started. Fortunately, Microsoft is taking note. As spotted in a recent update to the Windows 11 beta branch, the company is working on a way to reinstall your operating system through Windows Update, and no files are lost in the process.

The newest update to the Windows Insider beta branch has added a new feature titled "Fix Problems using Windows Update." The feature is still a work in progress, so it doesn't work as it should right now. However, if you're on the Windows 11 Insider beta branch, you can see the button for yourself on the Recovery page, among the Windows 11 backup settings.

Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. From a report: Mint is a mobile virtual network operator (MVNO) offering budget, pre-paid mobile plans. T-Mobile has proposed paying $1.3 billion to purchase the company. The company began notifying customers on December 22nd via emails titled "Important information regarding your account," stating that they suffered a security incident and a hacker obtained customer information.

"We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information," warns the Mint Mobile data breach notification. "Our investigation indicates that certain information associated with your account was impacted."

An anonymous reader shared this report from Fast Company: Providers of critical infrastructure in the United States are doing a sloppy job of defending against cyber intrusions, the National Security Council tells Fast Company, pointing to recent Iran-linked attacks on U.S. water utilities that exploited basic security lapses [earlier this month]. The security council tells Fast Company it's also aware of recent intrusions by hackers linked to China's military at American infrastructure entities that include water and energy utilities in multiple states.

Neither the Iran-linked or China-linked attacks affected critical systems or caused disruptions, according to reports.

"We're seeing companies and critical services facing increased cyber threats from malicious criminals and countries," Anne Neuberger, the deputy national security advisor for cyber and emerging tech, tells Fast Company. The White House had been urging infrastructure providers to upgrade their cyber defenses before these recent hacks, but "clearly, by the most recent success of the criminal cyberattacks, more work needs to be done," she says... The attacks hit at least 11 different entities using Unitronics devices across the United States, which included six local water facilities, a pharmacy, an aquatics center, and a brewery...

Some of the compromised devices had been connected to the open internet with a default password of "1111," federal authorities say, making it easy for hackers to find them and gain access. Fixing that "doesn't cost any money," Neuberger says, "and those are the kinds of basic things that we really want companies urgently to do." But cybersecurity experts say these attacks point to a larger issue: the general vulnerability of the technology that powers physical infrastructure. Much of the hardware was developed before the internet and, though they were retrofitted with digital capabilities, still "have insufficient security controls," says Gary Perkins, chief information security officer at cybersecurity firm CISO Global. Additionally, many infrastructure facilities prioritize "operational ease of use rather than security," since many vendors often need to access the same equipment, says Andy Thompson, an offensive cybersecurity expert at CyberArk. But that can make the systems equally easy for attackers to exploit: freely available web tools allow anyone to generate lists of hardware connected to the public internet, like the Unitronics devices used by water companies.

"Not making critical infrastructure easily accessible via the internet should be standard practice," Thompson says.

An anonymous reader shared this report from Reuters: In February, a Canadian cybersecurity firm delivered an ominous forecast to the U.S. Department of Defense. America's secrets — actually, everybody's secrets — are now at risk of exposure, warned the team from Quantum Defen5e (QD5). QD5's executive vice president, Tilo Kunz, told officials from the Defense Information Systems Agency that possibly as soon as 2025, the world would arrive at what has been dubbed "Q-day," the day when quantum computers make current encryption methods useless. Machines vastly more powerful than today's fastest supercomputers would be capable of cracking the codes that protect virtually all modern communication, he told the agency, which is tasked with safeguarding the U.S. military's communications.

In the meantime, Kunz told the panel, a global effort to plunder data is underway so that intercepted messages can be decoded after Q-day in what he described as "harvest now, decrypt later" attacks, according to a recording of the session the agency later made public. Militaries would see their long-term plans and intelligence gathering exposed to enemies. Businesses could have their intellectual property swiped. People's health records would be laid bare... One challenge for the keepers of digital secrets is that whenever Q-day comes, quantum codebreakers are unlikely to announce their breakthrough. Instead, they're likely to keep quiet, so they can exploit the advantage as long as possible.
The article adds that "a scramble is on to protect critical data. Washington and its allies are working on new encryption standards known as post-quantum cryptography... Beijing is trying to pioneer quantum communications networks, a technology theoretically impossible to hack, according to researchers...

"In a quantum communications network, users exchange a secret key or code on subatomic particles called photons, allowing them to encrypt and decrypt data. This is called quantum key distribution, or QKD."

Google's Safety Check feature for Chrome, which, among other things, checks the internet to see if any of your saved passwords have been compromised, will now "run automatically in the background" on desktop, the company said in a blog post on Thursday. From a report: The constant checks could mean that you're alerted about a password that you should change sooner than you would have before. Safety Check also watches for bad extensions or site permissions you need to look at, and you can act on Safety Check alerts from Chrome's three-dot menu. In addition, Google says that Safety Check can revoke a site's permissions if you haven't visited it in a while. Google also announced an upcoming feature for Chrome's tab groups, also on desktop: Chrome will let you save tab groups so that you can use those groups across devices, which might be handy when moving between a PC at home and a laptop when traveling. Google says this feature will roll out "over the next few weeks."

An anonymous reader quotes a report from The Register: It will take 283 years for female representation in IT to make up an equal share of the tech workforce in the UK, according to a report from the British Computer Society, the chartered institute for IT (BCS). BCS has calculated that based on trends from 2005 to 2022, it would take nearly three centuries for the representation of women in the IT workforce -- currently 20 percent -- to reach the average representation across the whole UK workforce, currently at 48 percent. BCS's annual Diversity Report also found that progress towards the gender norm was stalling in IT jobs. Between 2018 and 2021, the proportion of women tech workers rose from 16 percent to 20 percent. But there was no change in 2022, according to BCS analysis of data from the Office for National Statistics.

Julia Adamson, BCS managing director for education and public benefit, said in a statement: "More women and girls need the opportunity to take up great careers in a tech industry that's shaping the world. A massive pool of talent and creativity is being overlooked when it could benefit employers and the economy. There has to be a radical rethink of how we get more women and girls into tech careers, and a more inclusive tech culture is ethically and morally the right thing to do. Having greater diversity means that what is produced is more relevant to, and representative of, society at large. This is crucial when it comes to, for instance, the use of AI in medicine or finance. The fact that 94 percent of girls and 79 percent of boys drop computing at age 14 is a huge alarm bell we must not ignore; the subject should have a broader digital curriculum that is relevant to all young people."

arXiv blog: arXiv's goal is equitable access to scientific research for all -- and to achieve this, we have been working to make research papers more accessible for arXiv users with disabilities. We are happy to announce that as of Monday, December 18th, arXiv is now generating an HTML formatted version of all papers submitted in TeX/LaTeX (as long as papers were submitted on or after December 1st, 2023 and HTML conversion is successful).

HTML is not replacing PDF but will be an additional format available for arXiv users. Submitters will be invited to preview the HTML version of their papers during submission time, the same way they have always done with PDF. When accessing a paper's abstract page, readers will see a link to view the HTML paper right under the PDF link. The request to offer arXiv-hosted papers in HTML format comes directly from scientists with disabilities who face barriers to accessing the research they need. HTML formatted papers are more easily and accurately read by screen readers and other technologies, which can assist researchers with reading disabilities, including blindness, low vision, dyslexia, and more.

Beeper is giving up on its mission to bring iMessage to Android after implementing a series of fixes that Apple has knocked down one by one over the past month. From a report: Although the company has issued a complex workaround, it says it has no plans to roll out another one if this one is knocked down by Apple. "Each time that Beeper Mini goes 'down' or is made to be unreliable due to interference by Apple, Beeper's credibility takes a hit," the company wrote in a blog post. "It's unsustainable. As much as we want to fight for what we believe is a fantastic product that really should exist, the truth is that we can't win a cat-and-mouse game with the largest company on earth. With our latest software release, we believe we've created something that Apple can tolerate existing. We do not have any current plans to respond if this solution is knocked offline"

New submitter ekimminau writes: On the morning of December 20, 2023, thousands of users turned on their Samsung TV to find that the Samsung TV Plus application was missing. Available for free on 2016-2023 Samsung Smart TVs, Galaxy devices, Smart Monitors, Family Hub refrigerators, and the web, for many it is their primary method of TV viewing. The masses began flocking to the Samsung community forums asking ... what was going on.

From Cord Cutters: At this time, Samsung has not posted any updates about the outage. Customer service has been telling customers they are aware of the outage and are working on fixing it. This news comes as Samsung recently added seven local FOX news channels for community stories, sports updates, weather forecasts and more. The new markets are Austin, Detroit, Milwaukee, Orlando, Phoenix, Seattle and Tampa Bay. Right now, this outage seems to only be affecting the app on Smart TVs as the website is still working letting anyone stream Samsung TV Plus for free streaming online through the website.

A worrying number of UK authorities are still unaware of the impending switch-off of 2G and 3G mobile networks, according to Local Government Association (LGA) figures. From a report: While 38 percent of respondents were fully aware, 27 percent were only partially aware, and 7 percent had no idea at all that the axe would be falling by 2033 at the latest. The numbers worsened when the researchers spoke to respondents in senior management. Almost half (48 percent) were "partially aware" the UK's 2G and 3G mobile networks were due to be switched off and 14 percent were not at all aware.

The actual switch-off will happen over the next few years. UK mobile operators have told government they do not intend to offer 2G and 3G mobile networks past 2033 at the latest, and there is a high likelihood that some networks will be shut down earlier. The UK government said it welcomes plans to end services ahead of time. Vodafone, for example, intends to pull the plug on 3G once and for all from January 2024. Although most consumers, with their 4G and 5G devices, will likely be unaware of the end when it comes, the same cannot be said of local authorities. According to the survey, almost two-thirds of respondents (63 percent) reported that their authority was still using devices or services reliant on 2G and 3G networks.

jd writes: Ars Technica is reporting a newly-discovered man-in-the-middle attack against SSH. This only works if you are using "ChaCha20-Poly1305" or "CBC with Encrypt-then-MAC", so it isn't a universal flaw. The CVE numbers for this vulnerability are CVE-2023-48795, CVE-2023-46445, and CVE-2023-46446.

From TFA:

At its core, Terrapin works by altering or corrupting information transmitted in the SSH data stream during the handshake -- the earliest stage of a connection, when the two parties negotiate the encryption parameters they will use to establish a secure connection. The attack targets the BPP, short for Binary Packet Protocol, which is designed to ensure that adversaries with an active position can't add or drop messages exchanged during the handshake. Terrapin relies on prefix truncation, a class of attack that removes specific messages at the very beginning of a data stream.

The Terrapin attack is a novel cryptographic attack targeting the integrity of the SSH protocol, the first-ever practical attack of its kind, and one of the very few attacks against SSH at all. The attack exploits weaknesses in the specification of SSH paired with widespread algorithms, namely ChaCha20-Poly1305 and CBC-EtM, to remove an arbitrary number of protected messages at the beginning of the secure channel, thus breaking integrity. In practice, the attack can be used to impede the negotiation of certain security-relevant protocol extensions. Moreover, Terrapin enables more advanced exploitation techniques when combined with particular implementation flaws, leading to a total loss of confidentiality and integrity in the worst case.

Longtime Slashdot reader UnknowingFool writes: Microsoft has released a new software tool to remove printer software from HP that was installed without user permission or system need. A few weeks ago, users noticed that Windows Update installed HP printer software even if they did not have HP printers or printers at all. Affecting Windows 10 and 11, consumers reported that this update sometimes caused problems as it could rename their non-HP printers as HP printers causing some printing features to be inaccessible. Microsoft has not disclosed the root cause of the issue. The fix released by Microsoft requires users to download and run a dedicated troubleshooting tool available from Microsoft's support site. "There are four different versions of the troubleshooter, depending on whether you have the 32- or 64-bit version of an Arm or x86 version of Windows," notes Ars Technica. "Microsoft will also release an additional recommended troubleshooting tool 'in the coming weeks' that will fix the problem in Windows 11 upon a user's request without requiring the download of a separate tool."

In a notice on Monday, Xfinity notified customers of a "data security incident" that resulted in the theft of customer information, including usernames, passwords, contact information, and more. The Verge reports: Xfinity traces the breach to a security vulnerability disclosed by cloud computing company Citrix, which began alerting customers of a flaw in software Xfinity and other companies use on October 10th. While Xfinity says it patched the security hole, it later uncovered suspicious activity on its internal systems "that was concluded to be a result of this vulnerability."

The hack resulted in the theft of customer usernames and hashed passwords, according to Xfinity's notice. Meanwhile, "some customers" may have had their names, contact information, last four digits of their social security numbers, dates of birth, and / or secret questions and answers exposed. Xfinity has notified federal law enforcement about the incident and says "data analysis is continuing."

We still don't know how many users were affected by the breach. Xfinity will automatically ask customers to change their passwords the next time they log in to their accounts, and it's also encouraging users to turn on two-factor authentication. You can find the full notice, including contact information for the company's incident response team, on Xfinity's website (PDF). UPDATE 12/19/23: According to TechCrunch, almost 36 million Xfinity customers had their sensitive information accessed by hackers via a vulnerability known as "CitrixBleed." The vulnerability is "found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August," the report says. "Citrix made patches available in early October, but many organizations did not patch in time. Hackers have used the CitrixBleed vulnerability to hack into big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China and international law firm Allen & Overy."

"In a filing with Maine's attorney general, Comcast confirmed that almost 35.8 million customers are affected by the breach. Comcast's latest earnings report shows the company has more than 32 million broadband customers, suggesting this breach has impacted most, if not all Xfinity customers."

A ransomware group that claimed to have successfully hacked Insomniac Games has now leaked the vast majority of its stolen files. From a report: Last week ransomware group Rhysida threatened to expose sensitive data about the company, its employees and its upcoming games, if it wasn't paid for the data. It then published data online which appeared to corroborate its claim that it had successfully hacked the Sony-owned studio, including an annotated screenshot from Insomniac's upcoming Wolverine game.

The group then threatened to publish the stolen data within seven days, but first offered it for auction with a starting price of 50 Bitcoins (approximately $2 million). Now, according to Cyber Daily, Rhysida has followed through with its threat and posted more than 1.3 million files totalling 1.67 terabytes to its darknet leak site. Around 98% of the hacked data has been leaked, with Rhysida stating that "not sold data was uploaded," implying that the remaining 2% may have been sold to someone.

An international group of law enforcement agencies have seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat. From a report: "The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware," a message on the gang's dark web leak site now reads, seen by TechCrunch. According to the splash, the takedown operation also involved law enforcement agencies from the United Kingdom, Denmark, Germany, Spain and Australia.

In a later announcement confirming the disruption, the U.S. Department of Justice said that the international takedown effort, led by the FBI, enabled U.S. authorities to gain visibility into the ransomware group's computer to seize "several websites" that ALPHV operated. The FBI also released a decryption tool that has already enabled more than 500 ALPHV ransomware victims to restore their systems. (The government's search warrant puts the number at 400 victims.) The FBI said it worked with dozens of victims in the United States, saving them from paying ransom demands totaling approximately $68 million.

Hackers stole the sensitive personal information of more than 14.6 million Mr. Cooper customers, the mortgage and loan giant has confirmed. From a report: In a filing with Maine's attorney general's office, Mr. Cooper said the hackers stole customer names, addresses, dates of birth and phone numbers, as well as customer Social Security numbers and bank account numbers. Mr. Cooper previously said that customer banking information was stored by a third-party company and believed to be unaffected. Mr. Cooper said in a separate filing with federal regulators on Friday that hackers obtained personal data on "substantially all of our current and former customers."

The number of affected victims is significantly higher than the four million existing customers that Mr. Cooper claims on its website, likely because of the historical data that the company stores on mortgage holders. Mr. Cooper said in its data breach notification letter to affected victims that the stolen data includes personal information on those whose mortgage was previously acquired or serviced by the company when it was known as Nationstar Mortgage, prior to its rebranding as Mr. Cooper. The company said affected customers may include those whose mortgages were serviced by a sister brand.

Delta Dental of California announced that they've suffered a data breach that exposed the personal data of almost seven million patients. BleepingComputer reports: Delta Dental of California is a dental insurance provider that covers 45 million people across 15 states and is part of the Delta Dental Plans Association. According to a Delta Dental of California data breach notification (PDF), the company suffered unauthorized access by threat actors through the MOVEit file transfer software application.

The software was vulnerable to a zero-day SQL injection flaw leading to remote code execution, tracked as CVE-2023-34362, which the Clop ransomware gang leveraged to breach thousands of organizations worldwide. Delta Dental of California learned about the compromise on June 1, 2023, and five days later, following an internal investigation, it confirmed that unauthorized actors had accessed and stolen data from its systems between May 27 and May 30, 2023. The second, more lengthy investigation to determine the exact impact of the security incident was completed on November 27, 2023.

Based on this, the data breach has so far impacted 6,928,932 customers of Delta Dental of California, who had their names, financial account numbers, and credit/debit card numbers, including security codes, exposed. Delta Dental of California provides 24 months of free credit monitoring and identity theft protection services to impacted patients to mitigate the risk of their exposed data. Details on enrolling in the program are enclosed in the personal notices.

A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a pitch given to an outside marketing professional. From a report: Called "Active Listening," CMG claims the capability can identify potential customers "based on casual conversations in real time." The news signals that what a huge swath of the public has believed for years -- that smartphones are listening to people in order to deliver ads -- may finally be a reality in certain situations. Until now, there was no evidence that such a capability actually existed, but its myth permeated due to how sophisticated other ad tracking methods have become.

It is not immediately clear if the capability CMG is advertising and claims works is being used on devices in the market today, but the company notes it is "a marketing technique fit for the future. Available today." 404 Media also found a representative of the company on LinkedIn explicitly asking interested parties to contact them about the product. One marketing professional pitched by CMG on the tech said a CMG representative explained the prices of the service to them. "What would it mean for your business if you could target potential clients who are actively discussing their need for your services in their day-to-day conversations? No, it's not a Black Mirror episode -- it's Voice Data, and CMG has the capabilities to use it to your business advantage," CMG's website reads.

China on Friday proposed a four-tier classification to help it respond to data security incidents, highlighting Beijing's concern with large-scale data leaks and hacking within its borders. From a report: The plan, which is currently soliciting opinions from the public, proposes a four-tier, colour-coded system depending on the degree of harm inflicted upon national security, a company's online and information network, or the running of the economy.

According to the plan, incidents that involve losses surpassing 1 billion yuan ($141 million) and affect the personal information of over 100 million people, or the "sensitive" information of over 10 million people, will be classed as "especially grave," to which a red warning must be issued. The plan demands that in response to red and orange warnings, the involved companies and relevant local regulatory authorities must establish a 24-hour work rota to address the incident and MIIT must be notified of the data breach within ten minutes of the incident happening, among other measures.