Microsoft grappled with a major service outage, leaving users across the world unable to access its cloud computing platforms and causing airlines to cancel flights. From a report: Thousands of users across the world reported problems with Microsoft 365 apps and services to Downdetector.com, a website that tracks service disruptions. "We're investigating an issue impacting users' ability to access various Microsoft 365 apps and services," Microsoft 365 Status said on X early Friday. On its status page for Azure, Microsoft's cloud computing platform, the company said the issue began just before 10 p.m. ET Thursday, affecting systems across the central U.S. In an update, Microsoft said it had determined the cause and was working to restore access to its users.

The FBI was given access to unreleased technology to access the phone of the man identified as the shooter of former President Donald Trump, Bloomberg reported late Thursday, citing people familiar with the investigation. From the report: As the FBI struggled to gain access on Sunday morning to the phone, they appealed directly to Cellebrite, a digital intelligence company founded in Israel that supplies technology to several US federal agencies, according to the people, who requested anonymity to speak freely about the case.

FBI agents wanted to pull data from the device to help decipher his motives for the shooting at a rally in Bethel Park, Pennsylvania, where Trump suffered an injured ear and a spectator was killed. Authorities have identified the deceased shooter as Thomas Matthew Crooks. The local FBI bureau in Pittsburgh held a license for Cellebrite software, which lets law enforcement identify or bypass a phone's passcode. But it didn't work with Crooks' device, according to the people, who said the deceased shooter owned a newer Samsung model that runs Android's operating system. The agents called Cellebrite's federal team, which liaises with law enforcement and government agencies, according to the people. Within hours, Cellebrite transferred to the FBI in Quantico, Virginia, additional technical support and new software that was still being developed. The details about the unsuccessful initial attempt to access the phone, and the unreleased software, haven't been previously reported.

RealPage says it isn't doing anything wrong by suggesting to landlords how much rent they could charge. From a report: In a move to reclaim its own narrative, the property management software company published a microsite and a digital booklet it's calling "The Real Story," as it faces multiple lawsuits and a reported federal criminal probe related to allegations of rental price fixing. RealPage's six-page digital booklet, published on the site in mid-June, addresses what it calls "false and misleading claims about its software" -- the myriad of allegations it faces involving price-fixing and rising rents -- and contends that the software benefits renters and landlords and increases competition. It also said landlords accept RealPage's price recommendations for new leases less than 50 percent of the time and that the software recommends competitive prices to help fill units.

[...] But landlords are left without concrete answers, as questions around the legality of this software are ongoing as they continue renting properties. "I don't think we're seeing this as a RealPage issue but rather as a revenue management software issue," says Alexandra Alvarado, the director of marketing and education at the American Apartment Owners Association, the largest association of landlords in the US. Alvarado says some landlords are taking pause and asking questions before using the tech.

An anonymous reader shares a report: Indian crypto exchange WazirX on Thursday confirmed it had suffered a security breach after about $230 million in assets were "suspiciously transferred" out of the platform earlier in the day. The Mumbai-based firm said one of its multisig wallets had suffered a security breach, and it was temporarily pausing all withdrawals from the platform.

Lookchain, a third-party blockchain explorer, reported that more than 200 cryptocurrencies, including 5.43 billion SHIB tokens, over 15,200 Ethereum tokens, 20.5 million Matic tokens, 640 billion Pepe tokens, 5.79 million USDT, and 135 million Gala tokens were "stolen" from the platform. WazirX reported holdings of about $500 million in its June proof-of-reserves disclosure.

An anonymous reader quotes an excerpt from TechCrunch, written by Zack Whittaker: We're over halfway through 2024, and already this year we have seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can't get any worse, they do. From huge stores of customers' personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 to date have already surpassed at least 1 billion stolen records and rising. These breaches not only affect the individuals whose data was irretrievably exposed, but also embolden the criminals who profit from their malicious cyberattacks. Travel with us to the not-so-distant past to look at how some of the biggest security incidents of 2024 went down, their impact and. in some cases, how they could have been stopped. These are some of the largest breaches highlighted in the report:

AT&T's Data Breaches: AT&T experienced two data breaches in 2024, affecting nearly all its customers and many non-customers. The breaches exposed phone numbers, call records, and personal information, risking account hijacks for 7.6 million customers.
Change Healthcare Hack: A ransomware attack on Change Healthcare resulted in the theft of sensitive medical data, affecting a substantial proportion of Americans. The breach caused widespread outages in healthcare services across the U.S. and compromised personal, medical, and billing information.
Synnovis Ransomware Attack: The cyberattack on U.K. pathology lab Synnovis disrupted patient services in London hospitals for weeks, leading to thousands of postponed operations and the exposure of data related to 300 million patient interactions.
Snowflake Data Theft (Including Ticketmaster): Cybercriminals stole hundreds of millions of records from Snowflake's corporate customers, including 560 million records from Ticketmaster. The breach affected data from multiple companies and institutions, exposing vast amounts of customer and employee information.

Cellebrite, the well-known mobile forensics company, was unable to unlock a sizable chunk of modern iPhones available on the market as of April 2024, 404 Media reported Wednesday, citing leaked documents it obtained. From the report: Mobile forensics companies typically do not release details on what specific models their tools can or cannot penetrate, instead using vague terms in marketing materials. The documents obtained by 404 Media, which are given to customers but not published publicly, show how fluid and fast moving the success, or failure, of mobile forensic tools can be, and highlights the constant cat and mouse game between hardware and operating manufacturers like Apple and Google, and the hacking companies looking for vulnerabilities to exploit.

[...] For all locked iPhones able to run 17.4 or newer, the Cellebrite document says "In Research," meaning they cannot necessarily be unlocked with Cellebrite's tools. For previous iterations of iOS 17, stretching from 17.1 to 17.3.1, Cellebrite says it does support the iPhone XR and iPhone 11 series. Specifically, the document says Cellebrite recently added support to those models for its Supersonic BF [brute force] capability, which claims to gain access to phones quickly. But for the iPhone 12 and up running those operating systems, Cellebrite says support is "Coming soon."

Google Docs is adding Markdown support, finally. The update, rolling out over the next two weeks, allows users to import, export, copy, and paste Markdown-formatted text. This move comes a decade after Google consolidated its document editing tools into Drive.

Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year. From a report: According to Sophos' latest figures, released today, the median ransom payments rose to $2.54 million -- a whopping 41 times last year's sum of $62,500. The mean payment for 2024 is even higher at $3.225 million, although this represents a less dramatic 6x increase. IT, tech, and telecoms were the least likely to pay mega bucks to cybercriminals with an average payment of $330,000, while lower education and federal government orgs reported the highest average payments at $6.6 million.

The numbers are based only on ransomware victims that were willing to disclose the details of their blunders, so do not present the complete picture. On the topic of ransom payments, only 86 CNI organizations of the total 275 involved in the survey offered data. There's a good chance that the numbers would be skewed if 100 percent of the total CNI ransomware victims polled were entirely transparent with their figures. Costs to recover from ransomware attacks are also significantly up compared to the researchers' report last year, with some CNI sectors' costs quadrupling to a median average of $3 million per incident. While the mean cost across oil, gas, energy, and utilities dropped slightly to $3.12 million from $3.17 million last year, the energy and water sectors saw the sharpest increase in recovery costs. The new average for just these two sectors is now four times greater than the global median cross-sector average of $750k, Sophos said.

A bipartisan pair of U.S. senators pressed the leaders of AT&T and data storage company Snowflake on Tuesday for more information about the scope of a recent breach that allowed cybercriminals to steal records on "nearly all" of the phone giant's customers. From a report: "There is no reason to believe that AT&T's sensitive data will not also be auctioned and fall into the hands of criminals and foreign intelligence agencies," Sens. Richard Blumenthal (D-CT) and Josh Hawley (R-MO), the leaders of the Judiciary Committee's privacy subpanel, wrote Tuesday in a letter to AT&T Chief Executive Officer John Stankey.

The duo also sent a missive to Snowflake CEO Sridhar Ramaswamy that said the theft of AT&T subscriber information "appears to be connected with an ongoing series of breaches" of the company's clients, including Ticketmaster, Advance Auto Parts, and Santander Bank. "Disturbingly, the Ticketmaster and AT&T breaches appears [sic] to have been easily preventable," they wrote to Ramaswamy. Blumenthal and Hawley have asked the corporate leaders to answer a series of questions about the lapses by July 29.

Rite Aid, the third-largest U.S. drug store chain, reported it a ransomware attack that compromised the personal data of 2.2 million customers. The data exposed includes names, addresses, dates of birth, and driver's license numbers or other forms of government-issued ID from transactions between June 2017 and July 2018.

"On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems," the company said in a filing. "We detected the incident within 12 hours and immediately launched an internal investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted." Ars Technica's Dan Goodin reports: RansomHub, the name of a relatively new ransomware group, has taken credit for the attack, which it said yielded more than 10GB of customer data. RansomHub emerged earlier this year as a rebranded version of a group known as Knight. According to security firm Check Point, RansomHub became the most prevalent ransomware group following an international operation by law enforcement in May that took down much of the infrastructure used by rival ransomware group Lockbit.

On its dark web site, RansomHub said it was in advanced stages of negotiation with Rite Aid officials when the company suddenly cut off communications. A Rite Aid official didn't respond to questions sent by email. Rite Aid has also declined to say if the employee account compromised in the breach was protected by multifactor authentication.

In its latest State of Application Security Report, Cloudflare says 6.8% of traffic on the internet is malicious, "up a percentage point from last year's study," writes ZDNet's Steven Vaughan-Nichols. "Cloudflare, the content delivery network and security services company, thinks the rise is due to wars and elections. For example, many attacks against Western-interest websites are coming from pro-Russian hacktivist groups such as REvil, KillNet, and Anonymous Sudan." From the report: [...] Distributed Denial of Service (DDoS) attacks continue to be cybercriminals' weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year. But it's not just about the sheer volume of DDoS attacks. The sophistication of these attacks is increasing, too. Last August, Cloudflare mitigated a massive HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (RPS). That number is three times bigger than any previously observed attack.

The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don't have a tight grip on their internet services or website APIs can't possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should -- each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.

Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.

Google is discontinuing its experimental Notes feature in Search Labs, the company confirmed on Wednesday. The feature, launched in November, allowed users to add comments and tips to search results and Discover content. It aimed to create a community-driven platform within Google's ecosystem, similar to social media forums.

A group calling itself "NullBulge" published a 1.1-TB trove of data late last week that it claims is a dump of Disney's internal Slack archive. From a report: The data allegedly includes every message and file from nearly 10,000 channels, including unreleased projects, code, images, login credentials, and links to internal websites and APIs. The hackers claim they got access to the data from a Disney insider and named the alleged collaborator.

Whether the hackers actually had inside help remains unconfirmed; they could also have plausibly used info-stealing malware to compromise an employee's account. Disney did not confirm the breach or return multiple requests for comment about the legitimacy of the stolen data. A Disney spokesperson told the Wall Street Journal that the company "is investigating this matter." The data, which appears to have been first published on Thursday, was posted on BreachForums and later taken down, but it is still live on mirror sites. The hacker said they breached Disney in protest against AI-generated artwork.

UPDATE 7/15/24 3:05 p.m. EDT: In a press release published this afternoon, the FBI said they "successfully gained access to Thomas Matthew Crooks' phone, and they continue to analyze his electronic devices." The bureau added that it has completed its search of the subject's residence and vehicle, and "conducted nearly 100 interviews of law enforcement personnel, event attendees, and other witnesses."

Original Story: July 15, 16:45 UTC: Investigators are working to break into the phone of the man who shot at former President Donald Trump at a Pennsylvania rally on Saturday. The Verge: The FBI said in a statement that it had obtained the shooter's phone "for examination." Officials told reporters in a conference call on Sunday, as reported by The New York Times, that agents in Pennsylvania were unable to break into the phone. It's been shipped to the FBI's lab in Quantico, Virginia, where the FBI hopes to get past the phone's password protection, the Times reported.

Investigators are still looking for insight into the motives of Thomas Matthew Crooks, a 20-year-old from Bethel Park, Pennsylvania, who they identified as the gunman. Kevin Rojek, the FBI special agent in charge in Pittsburgh, told the Times and other outlets that the agency has access to some of Crooks' text messages, but they haven't shed much light on his beliefs.

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Krebs on Security: Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain. The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. In some cases, the attackers were able to redirect the hijacked domains to phishing sites set up to steal visitors' cryptocurrency funds.

New York City-based Squarespace purchased roughly 10 million domain names from Google Domains in June 2023, and it has been gradually migrating those domains to its service ever since. Squarespace has not responded to a request for comment, nor has it issued a statement about the attacks. But an analysis released by security experts at Metamask and Paradigm finds the most likely explanation for what happened is that Squarespace assumed all users migrating from Google Domains would select the social login options -- such "Continue with Google" or "Continue with Apple" -- as opposed to the "Continue with email" choice.

Russian cybersecurity firm, Kaspersky Lab, has told workers in its U.S.-based division that they are being laid off this week and that it is closing its U.S. business, Zero Day reported Monday, citing sources. From a report: The sudden move comes after the U.S. Commerce Department announced last month that it was banning the sale of Kaspersky software in the U.S. beginning July 20. The company has been selling its software here since 2005. Kaspersky confirmed the news to Zero Day, saying that beginning July 20 it will "gradually wind down" its U.S. operations and eliminate U.S.-based positions as a result of the new ban, despite initially vowing to fight the ban in court.

Cybercriminals are using Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. From a report: Trustwave researchers who observed the campaigns said the threat actors also promote fake downloads for pirated games and software, Sora AI, 3D image creator, and One Click Active. While using Facebook advertisements to push information-stealing malware is not new, the social media platform's massive reach makes these campaigns a significant threat.

The threat actors take out advertisements that promote Windows themes, free game downloads, and software activation cracks for popular applications, like Photoshop, Microsoft Office, and Windows. These advertisements are promoted through newly created Facebook business pages or by hijacking existing ones. When using hijacked Facebook pages, the threat actors rename them to suit the theme of their advertisement and to promote the downloads to the existing page members.

Alphabet, Google's parent company, is reportedly in advanced negotiations to acquire cloud security startup Wiz for approximately $23 billion, Wall Street Journal reported on Sunday. The potential deal, which would value Wiz at nearly double its most recent private valuation of $12 billion, underscores the growing importance of cybersecurity in Alphabet's enterprise strategy as it seeks to narrow the gap with cloud computing rivals such as Microsoft, Morgan Stanley said in a note.

Founded in January 2020, Wiz has quickly established itself as a leading player in the Cloud-Native Application Protection Platform (CNAPP) space, utilizing an agentless approach to secure cloud application deployments throughout their lifecycle. The company's platform continuously assesses and prioritizes critical risks across various security domains, providing customers with a comprehensive view of their cloud security posture. Wiz has experienced rapid growth since its inception, with annual recurring revenue (ARR) exceeding $350 million as of January 2024, representing a year-over-year increase of over 75%. The company boasts an impressive client roster, with more than 40% of Fortune 100 companies among its customers, and has raised nearly $2 billion in funding to date.

If confirmed, the acquisition would mark Alphabet's largest to date, significantly expanding its footprint in the burgeoning cloud security market. The move follows previous security-focused acquisitions by the tech giant, including the $5.4 billion purchase of Mandiant in 2022 and the $500 million acquisition of Siemplify. Morgan Stanley adds that the potential acquisition could raise questions about Wiz's ability to maintain neutrality across multiple cloud platforms, potentially benefiting competitors such as Palo Alto Networks and CrowdStrike in the near term.

An anonymous reader shared this report from the Guardian: In March, after analysing 22,000 tasks in the UK economy, covering every type of job, a model created by the Institute for Public Policy Research predicted that 59% of tasks currently done by humans — particularly women and young people — could be affected by AI in the next three to five years. In the worst-case scenario, this would trigger a "jobs apocalypse" where eight million people lose their jobs in the UK alone.... Darrell West, author of The Future of Work: AI, Robots and Automation, says that just as policy innovations were needed in Thomas Paine's time to help people transition from an agrarian to an industrial economy, they are needed today, as we transition to an AI economy. "There's a risk that AI is going to take a lot of jobs," he says. "A basic income could help navigate that situation."

AI's impact will be far-reaching, he predicts, affecting blue- and white-collar jobs. "It's not just going to be entry-level people who are affected. And so we need to think about what this means for the economy, what it means for society as a whole. What are people going to do if robots and AI take a lot of the jobs?"

Nell Watson, a futurist who focuses on AI ethics, has a more pessimistic view. She believes we are witnessing the dawn of an age of "AI companies": corporate environments where very few — if any — humans are employed at all. Instead, at these companies, lots of different AI sub-personalities will work independently on different tasks, occasionally hiring humans for "bits and pieces of work". These AI companies have the potential to be "enormously more efficient than human businesses", driving almost everyone else out of business, "apart from a small selection of traditional old businesses that somehow stick in there because their traditional methods are appreciated"... As a result, she thinks it could be AI companies, not governments, that end up paying people a basic income.

AI companies, meanwhile, will have no salaries to pay. "Because there are no human beings in the loop, the profits and dividends of this company could be given to the needy. This could be a way of generating support income in a way that doesn't need the state welfare. It's fully compatible with capitalism. It's just that the AI is doing it."

As the number of autism diagnoses rises in America, a number of large employers "are taking steps to make workplaces more accessible and welcoming for neurodivergent employees," reports the New York Times — including Microsoft, Dell and Ford. [Alternate URL here.] The Centers for Disease Control and Prevention estimates that 1 in 36 8-year-olds in the United States has autism. That's up from 1 in 44 in 2018 and 1 in 150 in 2000, an increase that experts attribute, in part, to better screening. In addition, 2.2% of adults in the country, or 5.4 million people, are autistic, according to the CDC...

Autism activists have praised companies that have become more accepting of remote work since the coronavirus pandemic. Workplaces with too much light and noise can overwhelm those who are autistic, leading to burnout, said Jessica Myszak, a clinical psychologist in Chicago who specializes in testing and evaluations for autism. Remote work "reduces the social demands and some of the environmental sensitivities" that autistic people struggle with, Myszak added.
The article notes Microsoft's neurodiversity hiring program, which was established in 2015. The company's program was modeled after a venture created by the German software firm SAP, and has since been adopted in some form by companies including Dell and Ford. The initiative has brought in about 300 full-time neurodivergent employees to Microsoft, said Neil Barnett, the company's director for inclusive hiring and accessibility. "All they needed was this different, more inclusive process," Barnett said, "and once they got into the company, they flourished."

[One job applicant] was given a job coach to help her with time management and prioritization. Microsoft also paired her with a mentor who showed her around the company's campus in Redmond. Perhaps more important, she works with managers who have received neurodiversity training. The Microsoft campus also has "focus rooms," where lights can be dimmed and the heights of desks can be changed to fit sensory preferences. Employees seated in the open office may also request to sit away from busy aisles or receive noise-canceling headphones.