An anonymous reader quotes a report from InterestingEngineering: The U.S. Air Force's Global Strike Command awarded a new $75.5 million contract to New York-based firm Persistent Systems. The aim is to build a unified security system for 400 operational Minuteman III intercontinental-range nuclear missile silos secured in remote areas throughout the U.S. It will be the world's largest wireless ad-hoc network, helping secure the U.S.'s nuclear arsenal amid growing concerns over global nuclear security.

Persistent Systems will roll out its Infrastructure-based Regional Operation Network (IRON) offering across three Air Force bases as part of the Regional Operating Picture (ROP) program. According to the company, the new security network will cover an area of 25,000 square miles (64,750 sq km), making it the world's largest wireless ad-hoc network. The IRON offering is an easy-to-deploy Integrated MANET Antenna System on fixed towers and poles. It will allow the U.S. Air Force to connect 75 operation centers and more than 1,000 Security Force vehicles. The ROP program will allow constant communication to an Operations Center via the towers. Meanwhile, the personnel at that Operations Center will know the exact location of any Security Forces on a digital map. Both will be able to share critical data seamlessly.

German police said Monday they have disrupted a ransomware cybercrime gang tied to Russia that has been blackmailing large companies and institutions for years, raking in millions of euros. From a report: Working with law enforcement partners including Europol, the FBI and authorities in Ukraine, police in Duesseldorf said they were able to identify 11 individuals linked to a group that has operated in various guises since at least 2010. The gang allegedly behind the ransomware, known as DoppelPaymer, appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft well before ransomware became a global scourge. Among its most prominent victims were Britain's National Health Service and Duesseldorf University Hospital, whose computers were infected with DoppelPaymer in 2020. A woman who needed urgent treatment died after she had to be taken to another city for treatment.

Ransomware is the world's most disruptive cybercrime. Gangs mostly based in Russia break into networks and steal sensitive information before activating malware that scrambles data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. In a 2020 alert, the FBI said DoppelPaymer had been used since late 2019 to target critical industries worldwide including healthcare, emergency services and education, with six- and seven-figure ransoms routinely demanded.

Researchers have announced a major cybersecurity find -- the world's first-known instance of real-world malware that can hijack a computer's boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows. From a report: Dubbed BlackLotus, the malware is what's known as a UEFI bootkit. These sophisticated pieces of malware hijack the UEFI -- short for Unified Extensible Firmware Interface -- the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC's device firmware with its operating system, the UEFI is an OS in its own right. It's located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch. Because the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. These traits make the UEFI the perfect place to run malware. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced.

As appealing as it is to threat actors to install nearly invisible and unremovable malware that has kernel-level access, there are a few formidable hurdles standing in their way. One is the requirement that they first hack the device and gain administrator system rights, either by exploiting one or more vulnerabilities in the OS or apps or by tricking a user into installing trojanized software. Only after this high bar is cleared can the threat actor attempt an installation of the bootkit. The second thing standing in the way of UEFI attacks is UEFI Secure Boot, an industry-wide standard that uses cryptographic signatures to ensure that each piece of software used during startup is trusted by a computer's manufacturer. Secure Boot is designed to create a chain of trust that will prevent attackers from replacing the intended bootup firmware with malicious firmware. If a single firmware link in that chain isn't recognized, Secure Boot will prevent the device from starting.

Microsoft is making Outlook for Mac free to use today. From a report: Outlook is now available free in Apple's App Store, and you no longer need a Microsoft 365 subscription or Office license to use it. It's a surprise move that coincides with Microsoft's push to make its Windows desktop Outlook email client more web-powered. Outlook for Mac includes support for Outlook.com accounts, Gmail, iCloud, Yahoo, and any email provider that has IMAP support. Microsoft redesigned its Mac email client in 2020, with a user interface that's optimized for Apple's latest macOS design changes.

An anonymous reader shares a report: Cheaters are an annoying part of almost every online video game. And banning them has become an important routine for game developers and publishers to keep their users happy. The publisher of Escape from Tarkov, a game developed by the Russian company Battlestate Games, has added an unusual twist to the routine: naming and shaming the cheaters. In the last week, Battlestate Games said it banned 6,700 cheaters, and it published all their nicknames on publicly available spreadsheets. "We want honest players to see the nicknames of cheaters to know that justice has been served and the cheater who killed them in a raid has been punished and banned," Battlestate Games' spokesperson Dmitri Ogorodnikov told TechCrunch.

Microsoft has unveiled Video Super Resolution (VSR) -- an "experimental" video upscaling feature for its Edge web browser that uses machine learning to increase the resolution of low-quality video. From a report: Announced on the Edge Insiders blog, Microsoft's VSR technology can "remove blocky compression artifacts" and improve text clarity for videos on platforms such as YouTube. The feature is still in testing and availability is currently restricted to half of the users running the Canary channel of Edge in Microsoft's Insider program. If you want to try it for yourself, there are a few stipulations: Microsoft VSR will only work on video resolutions of 720p or lower (provided both the height and width of the video exceeds 192 pixels), and the video itself can't be protected with digital rights management (DRM) technology like PlayReady or Widevine, which makes frames inaccessible to the browser for processing. That particular restriction could impact what content you can upscale with the feature, as most popular streaming platforms like Netflix, Hulu, and HBO Max all leverage DRM tech for copyright protection. Unlike Nvidia's RTX Super Resolution, Microsoft's Video Super Resolution feature supports both Nvidia and AMD GPUs.

A Federal Reserve Zoom event with more than 220 people was canceled after a user hijacked proceedings and displayed pornographic content, Reuters reports. From a report: The hijack left Fed Governor Christopher Waller unable to deliver his opening remarks because graphic images from a call participant named "Dan" began to pop up on the screen. In a statement to Reuters, Brent Tjarks, executive director of the Mid-Size Bank Coalition of America (MBCA), which hosted the Zoom event, said: "We were a victim of a teleconference or Zoom hijacking and we are trying to understand what we need to do going forward to prevent this from ever happening again. It is an incident we deeply regret. We have had various programs and this is something that we have never had happen to us." Tjarks adds that he suspects a security switch for the Zoom event that would have muted users and prevented them from sharing their screens was incorrectly set, though he could not confirm. The MBCA, whose roughly 100 members include banks with between $10 billion and $100 billion in assets, made the decision to cancel the event minutes after it was scheduled to commence, citing "technical difficulties."

"Cities across the nation face a dilemma," writes the Washington Post's editoral board," warning local leaders to respond to "the urgency and scale of the downtown crisis in many major metro areas..."

"Downtown office buildings are empty as workers prefer to stay home." Nearly all local leaders agree part of the solution is an office-to-apartment conversion boom. Cities have started rolling out tax incentives to encourage developers to begin this transformation. This strategy is straight out of the playbook that revived center city Philadelphia and Lower Manhattan in the past quarter century. But there's a problem: City leaders aren't doing enough...

Consider the nation's capital city. Downtown D.C. is more than 90 percent commercial buildings. The vibrancy and workers are largely gone. Crime and grime are increasing, while property tax revenue is quickly decreasing as building values plummet. Mayor Muriel E. Bowser (D) has put out an ambitious "Comeback Plan" that calls for 15,000 new residents living downtown by 2028. To make that a reality, the city needs developers to convert roughly 7 million square feet of office space to apartments and condos. Her team estimates about 1 million square feet is on track for conversion so far. There's a long way to go. The situation is similar in Chicago, San Francisco, New York and Atlanta, among other cities....

The longer cities wait to get conversions underway, the more tax values drop and crime goes up, and the more people see no value in living in the heart of the city — or even visiting. One way or another, cities are going to pay. D.C. is already staring at $464 million in lower revenue for 2024 to 2026 mainly due to lower commercial property taxes downtown. San Francisco is facing a $728 million shortfall over the next two fiscal years for similar reasons. Buildings constructed in the 1980s, 1990s and early 2000s are quickly becoming distressed. It's far better to invest now than to spend years overseeing stagnation and decline. As D.C.'s Chief Financial Officer Glen Lee warned, this is "a serious long-term risk to the District's economy and its tax base."

The sooner these buildings can convert to residential, the sooner the city can generate some tax revenue again from an area that once brought in hefty commercial property revenue. Cities will have to rely much more on residential income tax revenue from downtowns.

"I think the answer is no, but there are some clever people around here," writes long-time Slashdot reader shanen, "so...

"Is there any firewall or router or some other device that can adequately protect an old and no longer supported computer?" I have at least two of those that come to mind, and I might use them more often if there was a safe way to connect them to the Internet.

The specifics probably matter, though that's like opening a can of worms, but... One is a little old machine running an old and no longer supported version of Linux. Another is a Windows XP box that's too customized at a low level to run Linux.

But the big concern involves a couple of old boxes that are only alive now because Windows 10 saved them from the end-of-service of Windows 7. Right now it looks like they might outlive Windows 10, too, but two of them are not suitable for Windows 11. Plus my spouse has an old Windows 8 box now running under 10...
What happens when you combine missed security updates with internet connectivity? Share your best thoughts in the comments.

Can you use an unsafe computer safely?

An anonymous reader shares this report from Entrepreneur: Amazon employees are fighting it out about the company's planned return to the office in Slack channels, according to Insider. First, employees created a Slack channel to fight against the policy. Then, a pro-office return group was formed, the outlet reported....

Per CNBC, "remote advocacy" became a common Slack channel status. However, some people who welcomed a return to office life fought back, Insider reported. Over 700 people joined a pro-return-to-office group. Its description says employees need to "Think Big" about the return to office policy. (By comparison, the pro-working remotely channel has around 28,000 members.)

"I look forward to the prospect of seeing more of my coworkers in the office," one person reportedly wrote in the channel. Another said that the company should try out the four-day workweek and swap out the remote-flexible schedule. Another message links to a 2021 article in the Harvard Business Review called: "Why You May Actually Want to Go Back to the Office."

An anonymous reader quotes a report from Ars Technica: Netflix co-CEO Greg Peters spoke out against a European proposal to make streaming providers and other online firms pay for ISPs' network upgrades. "Some of our ISP partners have proposed taxing entertainment companies to subsidize their network infrastructure," Peters said in a speech Tuesday at Mobile World Congress in Barcelona (transcript). The "tax would have an adverse effect, reducing investment in content -- hurting the creative community, hurting the attractiveness of higher-priced broadband packages, and ultimately hurting consumers," he argued. [...] "ISPs claim that these taxes would only apply to Netflix. But this will inevitably change over time as broadcasters shift from linear to streaming," Peters said at MWC. Sandvine data suggests that nearly half of global Internet traffic is sent by Facebook, Amazon, Google, Apple, Netflix, and Microsoft. Online video accounts for 65 percent of all traffic, and Netflix recently passed YouTube as the top video-traffic generator.

Peters cited Nielsen data showing that "Netflix accounts for under 10 percent of total TV time" in the US and UK while "traditional local broadcasters account for over half of all TV time." Live sports account for much of that. "As broadcasters continue the shift away from linear to streaming, they will start to generate significant amounts of Internet traffic too -- even more than streamers today based on the current scope and scale of their audiences," Peters said. "Broadband customers, who drive this increased usage, already pay for the development of the network through their subscription fees. Requiring entertainment companies -- both streamers and broadcasters -- to pay more on top would mean ISPs effectively charging twice for the same infrastructure." Telcos that receive new payments wouldn't be expected to lower the prices charged to home Internet users, Peters said. "As the consumer group BEUC has pointed out, there is no suggestion these levies would be passed onto consumers in the form of 'lower prices or better infrastructure,'" he said.

Peters said Netflix's "operating margins are significantly lower than either British Telecom or Deutsche Telekom. So we could just as easily argue that network operators should compensate entertainment companies for the cost of our content -- exactly as happened under the old pay-TV model." While telcos claim companies like Netflix don't pay their "fair share," Peters pointed out that Netflix has spent a lot building its own network that reduces the amount of data sent over traditional telecom networks. "We've spent over $1 billion on Open Connect, our own content delivery network, which we offer for free to ISPs," he said. "This includes 18,000 servers with Netflix content distributed across 6,000 locations and 175 countries. So when our members press play, instead of the film or TV show being streamed from halfway around the world, it's streamed from around the corner -- increasing efficiency for operators while also ensuring a high-quality, no-lag experience for consumers." Peters also touted Netflix's encoding technology that cut bit rates in half between 2015 and 2020. While Internet traffic has increased about 30 percent a year, "ISPs have managed this increased consumer usage efficiently while their costs have remained stable," Peters said. "Regulators have highlighted this, too, calling out that infrastructure costs are not sensitive to traffic and that growing consumption will be offset by efficiency gains."

The Biden administration announced on Friday a new plan to improve the digital defenses of public water systems. From a report: The move comes one day after the announcement of a national cybersecurity strategy by the White House, which seeks to broadly improve industry accountability over the cybersecurity of American critical infrastructure, such as hospitals and dams. The water system plan, which recommends a series of novel rules placing more responsibility for securing water facilities at the state-level, follows several high-profile hacking incidents in recent years.

In February 2021, a cyberattack on a water treatment plant in Florida briefly increased lye levels in the water, an incident that could have been deadly if an alert worker had not detected the hack quickly. And in March 2019, a terminated employee at a Kansas-based water facility used his old computer credentials to remotely take systems offline, according to an administration official. The government is acting now because of the urgency of the threat, according to a senior U.S. Environmental Protection Agency (EPA) official. Radhika Fox, the assistant administrator in the EPA's Office of Water, said hackers had "shut down critical treatment processes" and "locked control system networks behind ransomware," underscoring the current danger. However, some experts say the new plan will not do enough to help make systems more secure.

Longtime Slashdot reader theshowmecanuck shares a report from CBS News: A 2012 trip to a Fayetteville, Arkansas, Walmart to pick up some milk turned out to be one for the history books. A giant bug that stopped a scientist in his tracks as he walked into the store and he ended up taking home turned out to be a rare Jurassic-era flying insect. Michael Skvarla, director of Penn State University's Insect Identification Lab, found the mysterious bug -- an experience that he says he remembers "vividly."

"I was walking into Walmart to get milk and I saw this huge insect on the side of the building," he said in a press release from Penn State. "I thought it looked interesting, so I put it in my hand and did the rest of my shopping with it between my fingers. I got home, mounted it, and promptly forgot about it for almost a decade."

[I]n the fall of 2020 when he was teaching an online course on insect biodiversity and evolution, Skvarla was showing students the bug and suddenly realized it wasn't what he originally thought. He and his students then figured out what it might be -- live on a Zoom call. "We were watching what Dr. Skvarla saw under his microscope and he's talking about the features and then just kinda stops," one of his students Codey Mathis said. "We all realized together that the insect was not what it was labeled and was in fact a super-rare giant lacewing." A clear indicator of this identification was the bug's wingspan. It was about 50 millimeters -- nearly 2 inches -- a span that the team said made it clear the insect was not an antlion. His team's molecular analysis on the bug has been published in the Proceedings of the Entomological Society of Washington.

theshowmecanuck captioned: "To be fair, he said he didn't know what it was so [he] just collected it and took it home, and then figured it out later. My thought that I added to the title was because of this quote in the story (which tickled my cynicism in humanity): "It could have been 100 years since it was even in this area -- and it's been years since it's been spotted anywhere near it..."

dcblogs writes: Despite the demand of employers like Apple, Amazon, Microsoft, AT&T and others, nearly 40% of software engineers preferred only remote roles, and if their employers mandated a return to the office, 21% indicated they would quit immediately, while another 49% said they would start looking for another job, according to Hired's 2023 State of Software Engineers. This report gathered its data from 68,500 software engineering candidates and a survey of more than 1,300 software engineers and 120 talent professionals. Employers open to remote workers "are able to get better-quality talent that's a better fit for the organization," said Josh Brenner, CEO of Hired, a job-matching platform for technology jobs.

Gmail client-side encryption (CSE) is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. BleepingComputer reports: The feature was first introduced in Gmail on the web as a beta test in December 2022, after being available in Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (in beta) since last year. Once enabled, Gmail CSE ensures that any sensitive data sent as part of the email's body and attachments (including inline images) will be unreadable and encrypted before reaching Google's servers. It's also important to note that the email header (including subject, timestamps, and recipients lists) will not be encrypted. "Client-side encryption takes this encryption capability to the next level by ensuring that customers have sole control over their encryption keys -- and thus complete control over all access to their data," Googled explained.

"Starting today, users can send and receive emails or create meeting events with internal colleagues and external parties, knowing that their sensitive data (including inline images and attachments) has been encrypted before it reaches Google servers. As customers retain control over the encryption keys and the identity management service to access those keys, sensitive data is indecipherable to Google and other external entities."

Dish Network, one of the largest television providers in the United States, confirmed on Tuesday that a previously disclosed "network outage" was the result of a cybersecurity breach that affected the company's internal communications systems and customer-facing support sites. CNBC reports: "Certain data was extracted," the company said in a statement Tuesday. The acknowledgment is an evolution from last week's earnings call, where it was described as an "internal outage." Dish Networks' website was down for multiple days beginning last week, but the company has now disclosed that "internal communications [and] customer call centers" remain affected by the breach. Dish said it had retained outside experts to assist in evaluating the problem.

The intrusion took place on the morning of Feb. 23, the same day the company reported its fourth-quarter earnings. "This morning, we experienced an internal outage that's continuing to affect our internal servers and IT telephony," Dish CEO W. Erik Carlson said at that time. "We're analyzing the root causes and any consequences of the outage, while we work to restore the affected systems as quickly as possible." According to Bleeping Computer, the Black Basta ransomware gang is behind the attack, first breaching Boost Mobile and then the Dish corporate network.

An anonymous reader writes quotes a report from Ars Technica: Did you ever see that movie The Ring? People who watched a cursed, creepy video would all mysteriously die in seven days. Somehow Google seems to have re-created the tech version of that, where the creepy video is this clip of the 1979 movie Alien, and the thing that dies after watching it is a Google Pixel phone. As noted by the user 'OGPixel5" on the Google Pixel subreddit, watching this specific clip on a Google Pixel 6, 6a, or Pixel 7 will cause the phone to instantly reboot. Something about the clip is disagreeable to the phone, and it hard-crashes before it can even load a frame. Some users in the thread say cell service wouldn't work after the reboot, requiring another reboot to get it back up and running.

The leading theory floating around is that something about the format of the video (it's 4K HDR) is causing the phone to crash. It wouldn't be the first time something like this happened to an Android phone. In 2020, there was a cursed wallpaper that would crash a phone when set as the background due to a color space bug. The affected phones all use Google's Exynos-derived Tensor SoC, so don't expect non-Google phones to be affected by this. Samsung Exynos phones would be the next most-likely candidates, but we haven't seen any reports of that. According to CNET, the issue has been addressed and a full fix will be deployed in March.

An anonymous reader quotes a report from KrebsOnSecurity: Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user's text messages and phone calls to another device. The conclusions above are based on an extensive analysis of Telegram chat logs from three distinct cybercrime groups or actors that have been identified by security researchers as particularly active in and effective at "SIM-swapping," which involves temporarily seizing control over a target's mobile phone number.

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. This means that stealing someone's phone number often can let cybercriminals hijack the target's entire digital life in short order -- including access to any financial, email and social media accounts tied to that phone number. All three SIM-swapping entities that were tracked for this story remain active in 2023, and they all conduct business in open channels on the instant messaging platform Telegram. KrebsOnSecurity is not naming those channels or groups here because they will simply migrate to more private servers if exposed publicly, and for now those servers remain a useful source of intelligence about their activities.

Each advertises their claimed access to T-Mobile systems in a similar way. At a minimum, every SIM-swapping opportunity is announced with a brief "Tmobile up!" or "Tmo up!" message to channel participants. Other information in the announcements includes the price for a single SIM-swap request, and the handle of the person who takes the payment and information about the targeted subscriber. The information required from the customer of the SIM-swapping service includes the target's phone number, and the serial number tied to the new SIM card that will be used to receive text messages and phone calls from the hijacked phone number. Initially, the goal of this project was to count how many times each entity claimed access to T-Mobile throughout 2022, by cataloging the various "Tmo up!" posts from each day and working backwards from Dec. 31, 2022. But by the time we got to claims made in the middle of May 2022, completing the rest of the year's timeline seemed unnecessary. The tally shows that in the last seven-and-a-half months of 2022, these groups collectively made SIM-swapping claims against T-Mobile on 104 separate days -- often with multiple groups claiming access on the same days. In a written statement to KrebsOnSecurity, T-Mobile said this type of activity affects the entire wireless industry.

"And we are constantly working to fight against it," the statement reads. "We have continued to drive enhancements that further protect against unauthorized access, including enhancing multi-factor authentication controls, hardening environments, limiting access to data, apps or services, and more. We are also focused on gathering threat intelligence data, like what you have shared, to help further strengthen these ongoing efforts."

According to a spokesperson for the United States Marshals Service (USMS), the agency was hit with a ransomware attack last week that compromises sensitive information. NBC News reports: In a statement Monday, U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, telling NBC News: "The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees."

Wade said the incident occurred Feb. 17, when the Marshals Service "discovered a ransomware and data exfiltration event affecting a stand-alone USMS system." The system was disconnected from the network, and the Justice Department began a forensic investigation, Wade said. He added that on Wednesday, after the agency briefed senior department officials, "those officials determined that it constitutes a major incident." The investigation is ongoing, Wade said.

A senior law enforcement official familiar with the incident said the breach did not involve the database involving the Witness Security Program, commonly known as the witness protection program. The official said no one in the witness protection program is in danger because of the breach. Nevertheless, the official said, the incident is significant, affecting law enforcement sensitive information pertaining to the subjects of Marshals Service investigations. The official said the agency has been able to develop a workaround so it is able to continue operations and efforts to track down fugitives.

wiredmikey shares a report from SecurityWeek: Password management software firm LastPass says one of its DevOps engineers had a personal home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. LastPass on Monday fessed up a "second attack" where an unnamed threat actor combined data stolen from an August breach with information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated attack. [...]

LastPass worked with incident response experts at Mandiant to perform forensics and found that a DevOps engineer's home computer was targeted to get around security mitigations. The attackers exploited a remote code execution vulnerability in a third-party media software package and planted keylogger malware on the employee's personal computer. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," the company said. "The threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups," LastPass confirmed. LastPass originally disclosed the breach in August 2022 and warned that "some source code and technical information were stolen."

SecurityWeek adds: "In January 2023, the company said the breach was far worse than originally reported and included the theft of account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information."