IT

Lidl Recalls Paw Patrol Snacks After Website on Packaging Displayed Porn (techcrunch.com) 59

Supermarket giant Lidl has issued a recall of Paw Patrol snacks after the website listed on the products' packaging began displaying explicit content unsuitable for children. From a report: Lidl, which operates more than 12,000 stores globally, is urging shoppers in the United Kingdom to return the snacks for a full refund. Affected products include Paw Patrol Yummy Bakes and Paw Patrol Mini Biscotti, snacks recommended for children aged two and above. Lidl's recall notice dated August 22 warns that the product's packaging contains a web address that has been "compromised" to display content "not suitable for child consumption."
Security

LogicMonitor Customers Hit By Hackers, Because of Default Passwords (techcrunch.com) 25

Some customers of the network security company LogicMonitor have been hacked due to the use of default passwords, TechCrunch reports. From the report: A LogicMonitor spokesperson confirmed to TechCrunch that there's "a security incident" affecting some of the company's customers. "We are currently addressing a security incident that has affected a small number of our customers. We are in direct communication and working closely with those customers to take appropriate measures to mitigate impact," LogicMonitor's spokesperson Jesica Church said in a statement.

The incident is due to the fact that, until recently, LogicMonitor was assigning customers default -- and weak -- passwords such as "Welcome@" plus a short number, according to a source at a company that was impacted by the incident, and who asked to remain anonymous as they were not authorized to speak to the press.

Android

Russia Targets Ukraine With New Android Backdoor, Intel Agencies Say (arstechnica.com) 24

An anonymous reader quotes a report from Ars Technica: Russia's military intelligence unit has been targeting Ukrainian Android devices with "Infamous Chisel," the tracking name for new malware that's designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. "Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices," intelligence officials from the UK, US, Canada, Australia, and New Zealand wrote (PDF). "The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military."

Infamous Chisel gains persistence by replacing the legitimate system component known as netd with a malicious version. Besides allowing Infamous Chisel to run each time a device is restarted, the malicious netd is also the main engine for the malware. It uses shell scripts and commands to collate and collect device information and also searches directories for files that have a predefined set of extensions. Depending on where on the infected device a collected file is located, netd sends it to Russian servers either immediately or once a day. When exfiltrating files of interest, Infamous Chisel uses the TLS protocol and a hard-coded IP and port. Use of the local IP address is likely a mechanism to relay the network traffic over a VPN or other secure channel configured on the infected device. This would allow the exfiltration traffic to blend in with expected encrypted network traffic. In the event a connection to the local IP and port fails, the malware falls back to a hard-coded domain that's resolved using a request to dns.google.

Infamous Chisel also installs a version of the Dropbear SSH client that can be used to remotely access a device. The version installed has authentication mechanisms that have been modified from the original version to change the way users log in to an SSH session. [...] The report didn't say how the malware gets installed. In the advisory Ukraine's security service issued earlier this month (PDF), officials said that Russian personnel had "captured Ukrainian tablets on the battlefield, pursuing the aim to spread malware and abuse available access to penetrate the system." It's unclear if this was the vector.

Google

Google Removes 'Pirate' URLs From Users' Privately Saved Links 58

To date, Google has processed more than seven billion copyright takedown requests for its search engine. The majority of the reported links are purged from Google's search index, as required by the DMCA. Recently, however, Google appears to gone a step further, using search takedowns to "moderate" users' privately saved links collections. TorrentFreak: A few hours ago, Eddie Roosenmaallen shared an email from Google, notifying him that a link had been removed from his Google Saved collection because it violates Google's policy. The reason cited for the removal is the "downstream impact," as the URL in question is "blocked by Google Search."

"The following saved item in one of your collections was determined to violate Google's policy. As a result, the item will be moderated..," Google writes, pointing out a defunct KickassTorrents domain as the problem. Initially, it was suggested that this removal impacted Google's synched Chrome bookmarks but further research reveals that's not the case. Instead, the removals apply to Google's saved feature. This Google service allows users to save and organize links, similar to what Pinterest does. These link collections can be private or shared with third parties.
Google

Google Removes Fake Signal and Telegram Apps Hosted on Play (arstechnica.com) 12

Researchers say they have found fake apps in Google Play that masqueraded as legitimate ones for the Signal and Telegram messaging platforms. The malicious apps could pull messages or other sensitive information from legitimate accounts when users took certain actions. ArsTechnica: An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org. An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels. Google removed it from Play in 2021. Both apps remain available in the Samsung store.

Both apps were built on open source code available from Signal and Telegram. Interwoven into that code was an espionage tool tracked as BadBazaar. The Trojan has been linked to a China-aligned hacking group tracked as GREF. BadBazaar has been used previously to target Uyghurs and other Turkic ethnic minorities. The FlyGram malware was also shared in a Uyghur Telegram group, further aligning it to previous targeting by the BadBazaar malware family. Signal Plus could monitor sent and received messages and contacts if people connected their infected device to their legitimate Signal number, as is normal when someone first installs Signal on their device. Doing so caused the malicious app to send a host of private information to the attacker, including the device IMEI number, phone number, MAC address, operator details, location data, Wi-Fi information, emails for Google accounts, contact list, and a PIN used to transfer texts in the event one was set up by the user.

IT

The Tropical Island With the Hot Domain Name (bloomberg.com) 22

A tiny island in the Caribbean is now sitting on a digital treasure. From a report: Anguilla, a tropical British territory, is known for its coral reefs and white sand beaches. Since the 1990s, however, it's also been in charge of assigning internet addresses that end in .ai to residents and businesses looking to register websites. It was one of hundreds of country-specific domain names and easy to overlook -- until recently. Stability.ai, Elon Musk's X.ai and Character.ai are just a few of the hot artificial intelligence startups that have snapped up the .ai domain assigned to the islands and cays that comprise Anguilla. Plenty of tech giants have their own web addresses ending in .ai as well: Google.ai and Facebook.ai route visitors to their company's AI-focused webpages and Microsoft.ai shows off the company's Azure AI services.

The total number of registrations of sites ending with these two letters has effectively doubled in the past year to 287,432, according to Vince Cate, who for decades has managed the .ai domain for Anguilla. Cate estimates Anguilla will bring in as much as $30 million in domain-registration fees for 2023. Once one of the many obscure top-level domains assigned to countries and territories, .ai websites experienced a slow but steady increase in demand in recent years. But the sudden spike in .ai domains nine months ago highlights the broader frenzy around artificial intelligence and its ripple effects throughout the global economy. Since ChatGPT launched, a growing number of tech companies have raced to raise billions in capital, scoop up engineering talent and secure powerful but increasingly scarce chips. A domain may sound less essential, but for an industry obsessed with clever branding, the right name can be everything. "Since November 30, things are very different here," Cate said, referring to the date when ChatGPT launched publicly.

Security

Hackers Shut Down 2 of the World's Most Advanced Telescopes (space.com) 36

Some of the world's leading astronomical observatories have reported cyberattacks that have resulted in temporary shutdowns. Space.com reports: The National Science Foundation's National Optical-Infrared Astronomy Research Laboratory, or NOIRLab, reported that a cybersecurity incident that occurred on Aug. 1 has prompted the lab to temporarily halt operations at its Gemini North Telescope in Hawaii and Gemini South Telescope in Chile. Other, smaller telescopes on Cerro Tololo in Chile were also affected. "Our staff are working with cybersecurity experts to get all the impacted telescopes and our website back online as soon as possible and are encouraged by the progress made thus far," NOIRLab wrote in a statement on its website on Aug. 24.

It's unclear exactly what the nature of the cyberattacks were or from where they originated. NOIRLab points out that because the investigation is still ongoing, the organization will be cautious about what information it shares about the intrusions. The cyberattacks on NOIRLab's facilities occurred just days before the United States National Counterintelligence and Security Center (NCSC) issued a bulletin (PDF) advising American space companies and research organizations about the threat of cyberattacks and espionage.

Foreign spies and hackers "recognize the importance of the commercial space industry to the U.S. economy and national security, including the growing dependence of critical infrastructure on space-based assets," the bulletin stated. "They see US space-related innovation and assets as potential threats as well as valuable opportunities to acquire vital technologies and expertise."

Privacy

MTA Website 'Feature' Lets You Track Subway Riders' Locations (404media.co) 23

Slash_Account_Dot shares a report from 404 Media, written by cybersecurity journalist Joseph Cox: In the mid-afternoon one Saturday earlier this month, the target got on the New York subway. I knew what station they entered the subway at and at what specific time. They then entered another station a few hours later. If I had kept monitoring this person, I would have figured out the subway station they often start a journey at, which is near where they live. I would also know what specific time this person may go to the subway each day. During all this monitoring, I wasn't anywhere near the rider. I didn't even need to see them with my own eyes. Instead, I was sitting inside an apartment, following their movements through a feature on a Metropolitan Transportation Authority (MTA) website, which runs the New York City subway system. With their consent, I had entered the rider's credit card information -- data that is often easy to buy from criminal marketplaces, or which might be trivial for an abusive partner to obtain -- and punched that into the MTA site for OMNY, the subway's contactless payments system. After a few seconds, the site churned out the rider's travel history for the past 7 days, no other verification required.

On the OMNY website, the MTA offers the ability for riders to "Check trip history." This feature works for people who use contactless bank cards when entering the subway, or other solutions like Apple Pay and Google Pay. The issue is that the feature requires no other authentication -- no account linked to an email, for example -- meaning that anyone with a target's details can enter it and snoop on their movements. The MTA does offer the option of an OMNY account, which requires a password. The website says having an account lets riders "Securely access your trip history." But the first option that appears on the trip history website is the unauthenticated version.
After 404 Media raised the concerns to the MTA, a spokesperson said the agency will look into improving the system. "But at the moment, the tracking feature is still accessible without any authentication," notes Cox.

UPDATE 8/31/23: The MTA says it will disable the feature that leaked trip history.
Microsoft

Leaked Microsoft Memo Tells Managers Not To Use Budget Cuts as Explainer for Lack of Pay Rises (yahoo.com) 73

An anonymous reader shares a report: Microsoft employees were already expecting lackluster pay rises. In a company-wide email sent earlier this year, the tech company's CEO Satya Nadella warned staff of salary freezes and cuts to the bonusbudget. But despite previous transparency around the cost-cutting measures, employees enquiring about how the budget cuts have impacted their performance review will now be fobbed off. According to leaked guidance, managers are being ordered to dodge such questions in the name of company culture. "It's natural for employees to ask questions about budget given the decisions shared in Satya's email," the guidance reportedly states. "However, it's most important to focus discussions with direct reports on their impact for the past fiscal year and directly tie it to their rewards."

Managers should not use the budget cuts as an "explanation" for compensation decisions for individual employees and instead should emphasize that the employee's own "impact" determines "rewards." "Using budgets or factors besides the employee's impact as an explanation for an employee's rewards will erode trust and confidence within your team," the guide cautions. "Reinforce that every year offers unique opportunity for impact, and we increase our high expectations, regardless of our budget."

Chrome

Microsoft is Using Malware-like Pop-Ups in Windows 11 To Get People To Ditch Google (theverge.com) 106

An anonymous reader writes: I thought I had malware on my main Windows 11 machine this weekend. There I was minding my own business in Chrome before tabbing back to a game and wham a pop-up appeared asking me to switch my default search engine to Microsoft Bing in Chrome. Stunningly, Microsoft now thinks it's ok to shove a pop-up in my face above my apps and games just because I dare to use Chrome instead of Microsoft Edge. This isn't a normal notification, either. It didn't appear in the notification center in Windows 11, nor is it connected to the part of Windows 11 that suggests new features to you. It's quite literally a rogue executable file that has somehow appeared in c:\windows\temp\mubstemp and is digitally signed by Microsoft.

"We are aware of these reports and have paused this notification while we investigate and take appropriate action to address this unintended behavior," says Caitlin Roulston, director of communications, in a statement to The Verge. [...] This isn't Microsoft's first rodeo, either. I'm growing increasingly frustrated by the company's methods of getting people to switch from Google and Chrome to Bing and Edge. Microsoft has been using a variety of prompts for years now, with pop-ups appearing inside Chrome, on the Windows taskbar, and elsewhere. Microsoft has even forced people into Edge after a Windows Update, and regularly presents a full-screen message to switch to Bing and Edge after updates.

Operating Systems

FreeBSD Can Now Boot in 25 Milliseconds (theregister.com) 77

Replacing a sort algorithm in the FreeBSD kernel has improved its boot speed by a factor of 100 or more... and although it's aimed at a micro-VM, the gains should benefit everyone. From a report: MicroVMs are a hot area of technology R&D in the last half decade or so. The core idea is a re-invention of some of concepts and technology that IBM invented along with the hypervisor in the 1960s: designing OSes specifically to run as guests under another OS. This means building the OS specifically to run inside a VM, and to talk to resources provided by a specific hypervisor rather than to fake hardware.

This means that the guest OS needs next to no support for real hardware, just VirtIO drivers which talk directly to facilities provided by the host hypervisor. In turn, the hypervisor doesn't have to provide an emulated PCI bus, emulated power management, emulated graphics card, emulated network interface cards, and so on. The result is that the hypervisor itself can be much smaller and simpler. The result of ruthlessly chopping down both the hypervisor, and the OS that runs inside it, is that both ends can be much smaller and simpler. That means that VMs can use much fewer resources, and start up much quicker.

Medicine

Woman's Mystery Illness Turns Out To Be 3-Inch Snake Parasite In Her Brain 103

An anonymous reader quotes a report from Ars Technica: A neurosurgeon in Australia pulled a wriggling 3-inch roundworm from the brain of a 64-year-old woman last year -- which was quite the surprise to the woman's team of doctors and infectious disease experts, who had spent over a year trying to identify the cause of her recurring and varied symptoms. A close study of the extracted worm made clear why the diagnosis was so hard to pin down: the roundworm was one known to infect snakes -- specifically carpet pythons endemic to the area where the woman lived -- as well as the pythons' mammalian prey. The woman is thought to be the first reported human to ever have an infection with this snake-adapted worm, and it is the first time the worm has been found burrowing through a mammalian brain. [...]

Subsequent examination determined the roundworm was Ophidascaris robertsi based on its red color and morphological features. Genetic testing confirmed the identification. The woman went on ivermectin again and another anti-parasitic drug, albendazole. Months later, her lung and liver lesions improved, and her neuropsychiatric symptoms persisted but were improved. The doctors believe the woman became infected after foraging for warrigal greens (aka New Zealand spinach) around a lake near her home that was inhabited by carpet pythons. Usually, O. robertsi adults inhabit the snakes' esophagus and stomach and release their eggs in the snakes' feces. From there, the eggs are picked up by small mammals that the snakes feed upon. The larvae develop and establish in the small mammals, growing quite long despite the small size of the animals, and the worm's life cycle is complete when the snake eats the infected prey.

Doctors hypothesize the woman picked up the eggs meant for small mammals as she foraged, ingesting them either by not fully washing or cooking the greens or by not properly washing her hands or kitchen equipment. In retrospect, the progression of her symptoms suggests an initial foodborne infection, followed by worm larva migrating from her gastrointestinal tract to multiple organs. The prednisolone, an immunosuppressive drug, may have inadvertently helped the worm migrate and get into the central nervous system. Kennedy, a co-author of the report on the woman's case, stressed the importance of washing any foods foraged or taken from a garden. She also emphasized proper kitchen safety and hand washing.
Security

Benevolent Hackers Clear Stalking Spyware From 75,000 Phones (engadget.com) 21

According to TechCrunch, unnamed hackers reportedly breached the spyware firm WebDetetive, deleting device information to protect surveillance victims and denying spyware users new data. Engadget reports: Users of the spyware won't get any new data from their targets. "Because #fuckstalkerware," the hackers wrote in a note obtained by TechCrunch. The WebDetetive breach compromised more than 76,000 devices belonging to customers of the stalkerware, and more than 1.5 gigabytes of data freed from app's servers, according to the hackers.

While TechCrunch did not independently confirm the deletion of victim's data from the WebDetetive server, a cache of data shared by the hackers provided a look at what they were able to accomplish. TechCrunch also worked with a nonprofit that logs exposed datasets, DDoSecrets, to verify and analyze the information. Hackers obtained information on customers like IP addresses and devices that they targeted.

Security

FBI Dismantles a Malware System That Took Millions in Ransom (bloomberg.com) 19

The FBI said Tuesday that it has taken down a network of hacked devices responsible for extorting tens of millions of dollars from victims around the world. From a report: US officials described the network known as Qakbot as one of the most notorious "botnets" in the world, referring to computer networks that have been infected with malicious software so that they can be controlled remotely without the owner's knowledge -- often to send phishing emails. These emails can in turn be used to hack into victims' computer systems, which attackers will hold for ransom.

Qakbot was instrumental in enabling cyberattacks against businesses and critical services around the world, according to US officials, including hits on the San Bernardino County Sheriff's Department and hospitals run by Prospect Medical Group. The latter resulted in the closure of emergency rooms and medical facilities across the US. US officials estimated that, since its creation in 2008, Qakbot had infected around 200,000 computers in the US and 700,000 globally.

United Kingdom

UK Air Travel Will Be Disrupted for 'Some Days' After Traffic Control Glitch (nytimes.com) 16

Flights in and out of Britain will be disrupted for days, the U.K. government said on Tuesday, after a technical issue with the country's air traffic control system left thousands of passengers stranded abroad or facing severe delays. From a report: Around 280 flights were canceled on Tuesday, about 5 percent of the total scheduled to leave or arrive in Britain, according to Cirium, an aviation analytics company, compounding travel woes for British holidaymakers after more than a thousand flights were canceled the day before. The trouble came at a particularly busy time for travelers in Britain, many of whom were returning home from summer vacation or long weekends because Monday was a public holiday in the country.

"The timing was not at all helpful for people," Mark Harper, the government minister responsible for transport policy, told the BBC on Tuesday morning. "It's disrupted thousands of people. Lots of flights were canceled yesterday because of the imperative to keep the system working safely, and it is going to take some days to get completely everybody back to where they should be." He added that the government's technical experts had concluded that the episode was not a cyberattack. Britain's National Air Traffic Service, which runs air traffic control, said on Monday that a failure of the automatic system that processes plane routes meant that, for several hours, flight plans had to be entered manually.

The Internet

WordPress Now Has a 100-Year Domain Registration Option (siliconrepublic.com) 69

Hosting platform WordPress has announced a new century-long domain registration plan for users who want to ensure a lifelong digital legacy. From a report: Its new 100-year plan is designed to give users "the ultimate security and longevity for their digital presence" at a cost of $38,000 -- working out at $380 per year of the plan. While average domain registrations range from one year to a maximum of 10 years, WordPress's new plan allows users to secure their domain for 100 years.

The plan comes with other features as well, such as multiple backups of content across geographically distributed data centres, unmetered bandwidth and "personalised" 24/7 support. The company also claims the plan comes with "enhanced ownership protocols" and "top-tier" managed hosting. In a statement, the company said the offering could be used by families who wish to preserve their digital assets such as stories, photos, sounds and videos or by founders who want to protect and document their company's history.

IT

Amazon Linux 2023 Virtual Machine Images Still MIA (theregister.com) 24

When Amazon Linux 2023 was released on March 15, it was supposed to be offered as a virtual machine image that organizations could run on their own servers. From a report: "When Amazon Linux 2023 becomes generally available, it will be provided as a virtual machine image for on-premises use, enabling you to easily develop, test, and certify applications from a local development environment," the web titan's FAQs stated at the time. "This option is not available during the preview." But that commitment has since vanished from the FAQ: it's not there right now nor in this capture of the page on June 2. And it's not clear whether Amazon intends to enable on-premises usage of its Linux distribution.

Those who use Linux in their businesses have been asking Amazon to clarify the situation for eighteen months, starting with a GitHub Issues feature request opened on March 15, 2022, and a similar inquiry posted a year later. In late June, Rotan Hanrahan, a technology consultant based in Dublin, Ireland, chided Amazon for failing to explain what's going on. "I see no evidence of any outreach to the community to explain this, nor any requests for technical assistance (assuming the issue is technical)," he wrote. "If the issue is bureaucratic in nature, we might never see the promised VM image. Some clarification from Amazon is overdue."

Microsoft

Microsoft Makes Some Certification Exams Open Book (theregister.com) 37

Microsoft has made some of its certification exams open book affairs, allowing access to its learning portal while candidates sit tests. From a report: "On August 22, we will begin updating our exams so that you will be able to access Microsoft Learn as you complete your exam," wrote Liberty Munson, director of psychometrics at Microsoft's Worldwide Learning organization. Microsoft Learn is a portal that links to product documentation, tutorials, code fragments, and other technical material.

Much of that content will be available during exams, although a technical Q&A service will remain hidden. The open book exams will be offered to candidates sitting exams for the role-based certifications Microsoft offers for job titles including Azure Administrator, Developer, Solutions Architect, DevOps Engineer; Microsoft 365 Modern Desktop Administrator, and Enterprise Administrator. Exams at Associate, Expert, and Specialty levels of competency will all offer access to the Learn portal. The material will become available for all role-based and specialty exams, in all languages, by mid-September 2023. Looking up material on Learn won't stop the clock during an exam, and the experience of taking the test will remain unchanged -- other than allowing candidates to open a window in which to view the educational portal.

Security

Poland's Railways Halted by Radio Hack (gizmodo.com) 58

The Polish Railway's radio system was hacked on Friday and Saturday, bringing 20 freight and passenger trains to an unprecedented standstill. The hack, believed to be carried out by Russia, took advantage of a critical flaw in the railway's radio security system, with the issue reportedly restored within hours. From a report: An investigation into the cyberattack is underway, and the Polish Press Agency (PAP) reported that the radio signals sent to stop the trains were interspersed with a recording of Russia's national anthem and a speech by Russian President Vladimir Putin.

Poland is an important transportation hub that brings much-needed weapons supplied by Western countries and other aid to Ukraine amid the Russian invasion, and Senior Security Official Stanislaw Zaryn told PAP: "For the moment, we are ruling nothing out." He continued: "We know that for some months there have been attempts to destabilize the Polish state. Such attempts have been undertaken by the Russian Federation in conjunction with Belarus." Train services were reportedly restored within hours and the Polish State Railways said in a statement that "there is no threat to rail passengers" and the cyberattack only caused "difficulties in the running of trains."

Privacy

Hackers Can Silently Grab Your IP Through Skype (404media.co) 56

Slash_Account_Dot writes: Hackers are able to grab a target's IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it. Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.

Slashdot Top Deals