Bill Toulas writes via BleepingComputer: Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware. [...] Malicious ads spotted by Malwarebytes are pretending to be download sites for the popular 'Advanced IP Scanner' utility, which has been previously used by RomCom RAT and Somnia ransomware operators.

The researchers found that when you asked Bing Chat how to download Advanced IP Scanner, it would display a link to download it in the chat. However, when you hover over an underlined link in a chat, Bing Chat may show an advertisement first, followed by the legitimate download link. In this case, the sponsored link was a malvertisements pushing malware. [...] Unfortunately, Malwarebytes could not find the final payload for this malware campaign, so it is unclear what malware is ultimately being installed. However, in similar campaigns, threat actors commonly distribute information-stealing malware or remote access trojans that allow them to breach other accounts or corporate networks.

SonicSpike shares a report: A U.S. security researcher is warning of a chilling effect after he was detained on arrival at a U.S. airport, his phone was searched, and was ordered to testify to a grand jury, only to have prosecutors reverse course and drop the investigation later. On Wednesday, Sam Curry, a security engineer at blockchain technology company Yuga Labs, said in a series of posts on X, formerly Twitter, that he was taken into secondary inspection by U.S. federal agents on September 15 after returning from a trip to Japan. Curry said agents with the Internal Revenue Service's Criminal Investigation (IRS-CI) unit and the Department of Homeland Security questioned him at Dulles International Airport in Washington DC about a "high profile phishing campaign," searched his unlocked phone, and served him with a grand jury subpoena to testify in New York the week after.

According to a photo of the subpoena that Curry posted, the grand jury was investigating wire fraud and money laundering. But Curry said he later received confirmation that the copy of his device data was deleted and the grand jury subpoena was canceled once prosecutors realized that Curry was investigating the theft of crypto, and not involved in it.

An anonymous reader quotes a report from Ars Technica: Hackers backed by the Chinese government are planting malware into routers that provides long-lasting and undetectable backdoor access to the networks of multinational companies in the US and Japan, governments in both countries said Wednesday. The hacking group, tracked under names including BlackTech, Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, has been operating since at least 2010, a joint advisory published by government entities in the US and Japan reported. The group has a history of targeting public organizations and private companies in the US and East Asia. The threat actor is somehow gaining administrator credentials to network devices used by subsidiaries and using that control to install malicious firmware that can be triggered with "magic packets" to perform specific tasks.

The hackers then use control of those devices to infiltrate networks of companies that have trusted relationships with the breached subsidiaries. "Specifically, upon gaining an initial foothold into a target network and gaining administrator access to network edge devices, BlackTech cyber actors often modify the firmware to hide their activity across the edge devices to further maintain persistence in the network," officials wrote in Wednesday's advisory. "To extend their foothold across an organization, BlackTech actors target branch routers -- typically smaller appliances used at remote branch offices to connect to a corporate headquarters -- and then abuse the trusted relationship of the branch routers within the corporate network being targeted. BlackTech actors then use the compromised public-facing branch routers as part of their infrastructure for proxying traffic, blending in with corporate network traffic, and pivoting to other victims on the same corporate network."

Most of Wednesday's advisory referred to routers sold by Cisco. In an advisory of its own, Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there's no indication they are exploiting vulnerabilities. Cisco also said that the hacker's ability to install malicious firmware exists only for older company products. Newer ones are equipped with secure boot capabilities that prevent them from running unauthorized firmware, the company said. "It would be trivial for the BlackTech actors to modify values in their backdoors that would render specific signatures of this router backdoor obsolete," the advisory stated. "For more robust detection, network defenders should monitor network devices for unauthorized downloads of bootloaders and firmware images and reboots. Network defenders should also monitor for unusual traffic destined to the router, including SSH."

To detect and mitigate this threat, the advisory recommends administrators disable outbound connections on virtual teletype (VTY) lines, monitor inbound and outbound connections, block unauthorized outbound connections, restrict administration service access, upgrade to secure boot-capable devices, change compromised passwords, review network device logs, and monitor firmware changes for unauthorized alterations.

Ars Technica notes: "The advisory didn't provide any indicators of compromise that admins can use to determine if they have been targeted or infected."

Volkswagen says it was hit by a major IT outage on Wednesday, halting production at the company's namesake brand in Germany. Reuters reports: Volkswagen said that the whole group, which includes the Porsche AG and Audi brands, was affected. Volkswagen said there had been an unspecified "IT malfunction of network components" at the carmaker's site in Wolfsburg, its global headquarters.

"The fault has been present since 12:30 p.m. (CET) and is currently being analysed. There are implications for vehicle-producing plants," the group said. "According to current analyses, an external attack is unlikely to be the cause of the system malfunction," Volkswagen said, adding that efforts to fix the problem were of the highest priority and well under way.

A company that acquires and sells zero-day exploits -- flaws in software that are unknown to the affected developer -- is now offering to pay researchers $20 million for hacking tools that would allow its customers to hack iPhones and Android devices. From a report: On Wednesday, Operation Zero announced on its Telegram accounts and on its official account on X, formerly Twitter, that it was increasing payments for zero-days in those platforms tenfold, from $200,000 to $20 million. "By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform," the company wrote.

Operation Zero, which is based in Russia and launched in 2021, also added that "as always, the end user is a non-NATO country." On its official website, the company says that "our clients are Russian private and government organizations only." When asked why they only sell to non-NATO countries, Operation Zero CEO Sergey Zelenyuk declined to say. "No reasons other than obvious ones," he said. Zelenyuk also said that the bounties Operation Zero offer right now may be temporary, and a reflection of a particular time in the market, and the difficulty of hacking iOS and Android.

Kyle Orland writes via Ars Technica: The "first official Unity user group in the world" has announced that it is dissolving after 13 years because "the trust we used to have in the company has been completely eroded." The move comes as many developers are saying they will continue to stay away from the company's products even after last week's partial rollback of some of the most controversial parts of its fee structure plans.

Since its founding in 2010, the Boston Unity Group (BUG) has attracted thousands of members to regular gatherings, talks, and networking events, including many technical lectures archived on YouTube. But the group says it will be hosting its last meeting Wednesday evening via Zoom because the Unity of today is very different from the Dave Helgason-led company that BUG says "enthusiastically sanctioned and supported" the group at its founding.

"Over the past few years, Unity has unfortunately shifted its focus away from the games industry and away from supporting developer communities," the group leadership wrote in a departure note. "Following the IPO, the company has seemingly put profit over all else, with several acquisitions and layoffs of core personnel. Many key systems that developers need are still left in a confusing and often incomplete state, with the messaging that advertising and revenue matter more to Unity than the functionality game developers care about."

BUG says the install-fee terms Unity first announced earlier this month were "unthinkably hostile" to users and that even the "new concessions" in an updated pricing model offered late last week "disproportionately affect the success of indie studios in our community." But it's the fact that such "resounding, unequivocal condemnation from the games industry" was necessary to get those changes in the first place that has really shaken the community to its core. "We've seen how easily and flippantly an executive-led business decision can risk bankrupting the studios we've worked so hard to build, threaten our livelihoods as professionals, and challenge the longevity of our industry," BUG wrote. "The Unity of today isn't the same company that it was when the group was founded, and the trust we used to have in the company has been completely eroded."

An anonymous reader quotes a report from Ars Technica: GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper (PDF) published Tuesday. The cross-origin attack allows a malicious website from one domain -- say, example.com -- to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains. [...]

GPU.zip works only when the malicious attacker website is loaded into Chrome or Edge. The reason: For the attack to work, the browser must:

1. allow cross-origin iframes to be loaded with cookies
2. allow rendering SVG filters on iframes and
3. delegate rendering tasks to the GPU

For now, GPU.zip is more of a curiosity than a real threat, but that assumes that Web developers properly restrict sensitive pages from being embedded by cross-origin websites. End users who want to check if a page has such restrictions in place should look for the X-Frame-Options or Content-Security-Policy headers in the source. "This is impactful research on how hardware works," a Google representative said in a statement. "Widely adopted headers can prevent sites from being embedded, which prevents this attack, and sites using the default SameSite=Lax cookie behavior receive significant mitigation against personalized data being leaked. These protections, along with the difficulty and time required to exploit this behavior, significantly mitigate the threat to everyday users. We are in communication and are actively engaging with the reporting researchers. We are always looking to further improve protections for Chrome users."

An Intel representative, meanwhile, said that the chipmaker has "assessed the researcher findings that were provided and determined the root cause is not in our GPUs but in third-party software." A Qualcomm representative said "the issue isn't in our threat model as it more directly affects the browser and can be resolved by the browser application if warranted, so no changes are currently planned." Apple, Nvidia, AMD, and ARM didn't comment on the findings.

An informational write-up of the findings can be found here.

Microsoft is releasing one of its biggest updates to Windows 11 today. It includes access to the new Windows Copilot, AI-powered updates to Paint, Snipping Tool, and Photos, RGB lighting support, a modernized File Explorer, and much more. From a report: Windows Copilot is the big new feature for this Windows 11 update, bringing the same Bing Chat feature straight to the Windows 11 desktop. It appears as a sidebar in Windows 11, allowing you to control settings on a PC, launch apps, or simply answer queries. Microsoft is integrating Copilot into many parts of Windows, too. Copilot will essentially exist as an AI-powered digital assistant, much like Microsoft's vision for Cortana. While Microsoft shut down the Cortana app inside Windows 11 last month, Copilot looks like it's very much Microsoft's big push into AI.

Microsoft is also adding AI-powered features to Paint, Snipping Tool, and Windows 11's Photos app. Microsoft Paint is getting Photoshop-like features, with support for transparency and layers. [...] File Explorer is getting a more modern look with this Windows 11 update. The updated File Explorer UI includes a modern home interface with large file thumbnails and a carousel interface that can surface recent files and favorited ones. These changes make File Explorer blend in better with the overall Windows 11 design.

Bill Toulas writes via Bleeping Computer reports: Google is notifying Gmail users that the webmail's Basic HTML view will be deprecated in January 2024, and users will require modern browsers to continue using the service. After that date, all users of the popular webmail service will automatically be redirected to the more modern Standard view, which supports all the latest usability and security features.

The basic HTML view is a stripped-down version of Gmail that does not offer users chat, spell checking, keyboard shortcuts, adding or importing contacts, setting custom "from" addresses, or using rich text formatting. This feature is designed for people living in areas with internet access, using older hardware with limited memory, or using legacy web browsers that do not support current HTML features.

However, one of the biggest reasons users use HTML view is that text-to-speech tools used by users with visual impairment are more reliable, as the Standard view introduces technical complexities that are harder for these tools to manage. Nonetheless, Google has decided to retire Gmail's HTML view without providing specific reasons.

Lenovo launched the first foldable laptop in 2020, but the first real era of foldable PCs is only starting to unfold now. From a report: Today, LG became the latest OEM to announce a foldable-screen laptop, right after HP announced its first attempt, the Spectre Foldable PC, earlier this month. LG only announced the Gram Fold in South Korea thus far. A Google translation of LG's Korean announcement said the laptop is 9.4-mm (0.37-inches) thick when unfolded and used like a 17-inch tablet. Alternatively, the OLED PC can be folded in half to use like an approximately 12.2-inch laptop. In the latter form, a virtual keyboard can appear on the bottom screen, and you can dock a Bluetooth keyboard to the bottom screen or pair a keyboard with the system wirelessly. The screen has 1920Ã--2560 pixels for a pixel density of 188.2 pixels per inch.

One draw of foldable PCs is supposed to be portability. The Gram Fold weighs 2.76 pounds (1,250g), which is even lighter than LG's latest Gram clamshell laptop (2.9 pounds). According to Android Authority, LG's laptop will have an Intel Core i5-1335U, which has 8 Efficient cores (E-cores) at up to 3.4 GHz, two Performance cores (P-cores) at up to 4.6 GHz, 12 threads, and 12MB of cache. The PC is also supposed to have 16GB of RAM, a 512GB NVMe SSD, a 72 Wh battery, Wi-Fi 6E, and two USB-C ports. LG is claiming 99.5 percent DCI-P3 color coverage with the laptop.

[...] It's also possible we'll see similar designs from other laptop brands, as panel supplier LG Display announced today that it will start mass production of 17-inch foldable OLED laptop panels. The foldable OLED is made with what LG Display calls a Tandem OLED structure, using two-stack OLED technology, "which adds an extra organic emitting layer to deliver brighter screens while effectively dispersing energy across OLED components for optimal stability and longer lifespans," LG Display's announcement said. LG Display first entered mass production of foldable (13.3-inch) laptop panels in 2020. However, foldable PCs didn't immediately take off then, despite the panel being used in Lenovo's 2020 ThinkPad X1 Fold. Foldable PCs lacked the software support that Windows 11 now affords with its Snap windows layouts that make organizing windows across dual or folded screens more intuitive.

Tom Ivan, reporting for VGC: Ransomware group Ransomed[dot]vc claims to have successfully breached Sony Group and is threatening to sell a cache of data stolen from the Japanese company. While its claims remain unverified, Cyber Security Connect reports that the relative ransomware newcomer "has racked up an impressive amount of victims" since bursting onto the scene last month. "We have successfully compromissed [sic] all of sony systems," the group claimed on both the clear and dark nets. "We won't ransom them! We will sell the data. Due to Sony not wanting to pay. DATA IS FOR SALE."

According to Cyber Security Connect, the group has posted some proof-of-hack data, although it says this is "not particularly compelling information on the face of things." It includes what appear to be screenshots of an internal log-in page, an internal PowerPoint presentation, several Java files, and a file tree of the leak which seemingly includes fewer than 6,000 files. Most of the Ransomed[dot]vc's members reportedly operate out of Ukraine and Russia.

The founder of the data-breach notification site Have I Been Pwned manages "the largest known repository of stolen data on the planet," reports Australia's public broadcaster ABC, including over 6 billion email address. Yet with no employees, Troy Hunt manages all of the technical and operational aspects single-handedly, and "has ended up playing an oddly central role in global cybersecurity." Troy is very careful with how he handles what he finds. He only collects (and encrypts) the mobile numbers, emails and passwords that he finds in the breaches, discarding the victims' names, physical addresses, bank details and other sensitive information. The idea is to let users find out where their data has been leaked from, but without exposing them to further risk. Once he identifies where a data breach has occurred, Troy also contacts the organisation responsible to allow it to inform its users before he does. This, he says, is often the hardest step of the process because he has to convince them it's legitimate and not some kind of scam itself.

He's not required to give organisations this opportunity, much less persist when they ignore his messages or accuse him of trying to shake them down for money. But there's evidence that this approach is working. Despite the legal grey area he has operated in for a decade now, he's avoided being sued by any of the organisations responsible for the 705 breaches that are now searchable on Have I Been Pwned. These days, major tech companies like Mozilla and 1Password use Have I Been Pwned, and Troy likes to point out that dozens of national governments and law enforcement agencies also partner with his service...

"He's not a company that's audited. He's just a dude on the web," says Jane Andrew, an expert on data breaches at the University of Sydney. "I think it's so shocking that this is where we find out information about ourselves. She says governments and law enforcement have, in general, left it to individuals to deal with the fallout from data breaches... Without an effective global regulator, Professor Andrew says, a crucial part of the world's cybersecurity infrastructure is left to rely on the goodwill of this one man on the Gold Coast.
Thanks to long-time Slashdot reader slincolne for sharing the article.

"As more companies enforce their office mandates, some workers are choosing to quit instead of complying and returning to the office," reports the Washington Post. Workers say their reasons for quitting include everything from family to commuting expenses to being required to relocate. And many workers worry that people like those with disabilities or who are primary caregivers may be left behind due to their inability to successfully work from the office... Workers are pushing back, penning letters to executives, staging walkouts and quitting despite the tight labor market. "I'm not surprised at all," Prithwiraj Choudhury, a Harvard Business School professor who studies the future of work, said about workers quitting. "By mandating these rigid policies, you're risking your top performers and diversity. It just doesn't make economic sense."

Choudhury said companies should provide overall guidance that allows each to determine how they best work after analysis and feedback from workers. That's especially important for women, whom Choudhury said are resigning in large numbers — a notion multiple surveys support... For some workers who moved or were hired remotely during the pandemic, commuting is a nearly impossible task, they say.
In a related note, Grindr tells the Post they're still requiring two-days-per-week in the office starting in October. Grindr they're looking forward to "further improving productivity and collaboration."

Recent breaches of MGM's casino systems "were probably carried out by teens and young adults who have allied themselves with one of the world's most notorious ransomware gangs," writes the Washington Post's technology reporter.

Their alliance with the "Scattered Spider" group is described as "part of a trend that has alarmed security experts and defenders of corporate computer networks." The group is said to be "very active in the past two years, targeting large companies via stolen employee credentials and tricks such as convincing tech support employees that they have been accidentally locked out of their computers and need a new password." They moved from cryptocurrency thefts to targeting businesses that provide third-party business functions such as help desks and call center staffing, allowing them to infiltrate networks of many customers. And they extorted Western Digital and other technology firms after stealing internal data before heading for the jackpots in Las Vegas. But their willingness to deploy crippling ransomware while demanding money is a major escalation, as is their choice of a business partner: ALPHV, a hacking group whose affiliates include members of the former Russian powerhouses BlackMatter and DarkSide, the groups responsible for the Colonial Pipeline hack that awoke Washington to the national security risk of ransomware. ALPHV provided the BlackCat ransomware that the young hackers installed in the casinos' systems...

[According to new research presented Friday at the LABScon security conference] they came together through crimes enabled by SIM-swapping, which usually involves convincing phone company employees to hand over control of someone else's phone number. Because of poor security controls around those numbers, such gambits have allowed criminals to amass millions of dollars by beating SMS text-based two-factor authentication on cryptocurrency accounts. The extra money has made alliances possible with criminals who have different skills to bring to the table, including some who had hacked police servers and could send emails from purported officers demanding emergency disclosures of information on phone and internet customers. Worse, the researchers said, they have now attracted recruiters for the Russian gangs who want to combine their business savvy with the techniques and local knowledge of the native English speakers.

Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country's recently passed Online Safety Bill forced Signal to build "backdoors" into its end-to-end encryption. From a report: "We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betraying the people who count on us for privacy, or leaving," Whittaker said. "And that's never not true." The Online Safety Bill, which was passed into law in September, includes a clause -- clause 122 -- that, depending on how it's interpreted, could allow the U.K.'s communications regulator, Ofcom, to break the encryption of apps and services under the guise of making sure illegal material such as child sexual exploitation and abuse content is removed.

Ofcom could fine companies not in compliance up to $22.28 million, or 10% of their global annual revenue, under the bill -- whichever is greater. Whittaker didn't mince words in airing her fears about the Online Safety Bill's implications. "We're not about political stunts, so we're not going to just pick up our toys and go home to, like, show the bad U.K. they're being mean," she said. "We're really worried about people in the U.K. who would live under a surveillance regime like the one that seems to be teased by the Home Office and others in the U.K."

Esper: Starting in Android 14, it may not be necessary to use a third-party app to turn your smartphone into a webcam for your PC, as that functionality is getting baked into the Android OS itself -- though there's a catch.

When you plug an Android phone into a PC, you have the option to change the USB mode between file transfer/Android Auto (MTP), USB tethering (NCM), MIDI, or PTP. In Android 14, however, a new option can appear in USB Preferences: USB webcam. Selecting this option switches the USB mode to UVC (USB Video Class), provided the device supports it, turning your Android device into a standard USB webcam that other devices will recognize, including Windows, macOS, and Linux PCs, and possibly even other Android devices.

Webcam support in Android 14 is not enabled out of the box, however. In order to enable it, four things are required: a Linux kernel config needs to be enabled, the UVC device needs to be configured, the USB HAL needs to be updated, and a new system app needs to be preloaded.

An anonymous reader shares a report: DuckDuckGo, a privacy-centric search engine founded about 15 years ago, has languished with a small market share as consumers face difficulties switching from Google when the behemoth is the default option on computer screens, the upstart's founder said in an antitrust trial. Founded in 2008, DuckDuckGo currently has about a 2.5% share of the market for search in the US, said CEO Gabriel Weinberg, and conducts about 100 million searches a day globally. In comparison, Google conducts several billion searches daily.

Weinberg said about 30% to 40% of DuckDuckGo's users have a "strong preferenceâ for privacy and that most of the company's users switch over from Google." The company considers Google to be "far and away" its biggest competitor. "Switching is way harder than it needs to be," Chief Executive Officer Gabriel Weinberg said in federal court on Thursday. "There's just too many steps."

At an event today focused on AI and security tools and new Surface devices, Microsoft announced that Windows 11 users will soon be able to take better advantage of passkeys, the digital credentials that can be used as an authentication method for websites and apps. From a report: Once the expanded passkeys support rolls out, Windows 11 users will be able to create a passkey using Windows Hello, Windows' biometric identity and access control feature. They'll then be able to use that passkey to access supported webs or apps using their face, fingerprint or PIN. Windows 11 passkeys can be managed on the devices on which they're stored, or saved to a mobile phone for added convenience.

"For the past several years, we've been committed to working with our industry partners and the FIDO Alliance to further the passwordless future with passkeys," Microsoft wrote in a blog post this morning. "Passkeys are the cross-platform, cross-ecosystem future of accessing websites and applications." Microsoft began rolling out support for passkey management several months ago in the Windows Insider dev channel, but this marks the capability's general availability.

MGM Resorts brought to an end a 10-day computer shutdown prompted by efforts to shield from a cyberattack data including hotel reservations and credit card processing, the casino giant said Wednesday, as analysts and academics measured the effects of the event. From a report: "We are pleased that all of our hotels and casinos are operating normally," the Las Vegas-based company posted on X, the platform formerly known as Twitter. It reported last week that the attack was detected Sept. 10. Rival casino owner Caesars Entertainment also disclosed last week to federal regulators that it was hit by a cyberattack Sept. 7. It said that its casino and online operations were not disrupted but it could not guarantee that personal information about tens of millions of customers, including driver's licenses and Social Security numbers of loyalty rewards members, had not been compromised. Caesars, based in Reno, is widely reported to have paid $15 million of a $30 million ransom sought by a group called Scattered Spider for a promise to secure the data.

Microsoft will release its next big Windows 11 update, 23H2, on September 26th. The update will include the new AI-powered Windows Copilot feature, a redesigned File Explorer, a new Ink Anywhere feature for pen users, big improvements to the Paint app, native RAR and 7-zip file support, a new volume mixer, and much more. From a report: Windows Copilot is the headline feature for the Windows 11 23H2 update, bringing the same Bing Chat feature straight to the Windows 11 desktop. It appears as a sidebar in Windows 11, allowing you to control settings on a PC, launch apps, or simply answer queries. It's integrated all over the operating system, too: Microsoft executives demoed using Copilot to write text messages using data from your calendar, navigation options in Outlook, and more. This is also Microsoft's latest attempt to deliver a digital assistant inside Windows after the company shut down the Cortana app inside Windows 11 last month.

It might be more successful this time, particularly as it's powered by the same technologies behind Bing Chat, so you can ask real questions and get answers (that might not always be accurate) in return. [...] Microsoft is also adding native RAR and 7-zip support to Windows 11 with this update. That means you'll be able to easily open files like tar, 7-zip, rar, gz, and many others using the libarchive open-source project that's now built into Windows 11. Microsoft is also planning to provide support for creating these file formats in 2024.