According to Polyon, players will be required to link a phone number to their Battle.net accounts if they want to play Overwatch 2. "The same two-factor step, called SMS Protect, will also be used on all Call of Duty: Modern Warfare 2 accounts when that game launches, and new Call of Duty: Modern Warfare accounts," the report adds. From the report: Blizzard Entertainment announced SMS Protect and other safety measures ahead of Overwatch 2's release. Blizzard said it implemented these controls because it wanted to "protect the integrity of gameplay and promote positive behavior in Overwatch 2." Overwatch 2 is free to play, unlike its predecessor. Without SMS Protect, Blizzard reasoned that there is no barrier to toxic players or trolls creating a new account if an existing one is sanctioned. SMS Protect, therefore, ties that account to something valuable -- in this case a player's mobile phone.

SMS Protect is a security feature that has two purposes: to keep players accountable for what Blizzard calls "disruptive behavior," and to protect accounts if they're hacked. It requires all Overwatch 2 players to attach a unique phone number to their account. Blizzard said SMS Protect will target cheaters and harassers; if an account is banned, it'll be harder for them to return to Overwatch 2. You can't just enter any old phone number -- you actually have to have access to a phone receiving texts to that number to get into your account.

Overwatch 2 lead software engineer Bill Warnecke told Forbes that, even if accounts are no longer tied to Overwatch's box price -- because the game is now free-to-play -- Blizzard still wants players to make an "investment" in upholding a safe game. "The key idea behind SMS Protect is to have an investment on behalf of the owner of that account and add some limitations or restrictions behind how you might have an account," Warnecke said. "There's no exclusions or kind of loopholes around the system." The report notes that Blizzard has refunded one player after they contacted customer support and said they didn't have a mobile phone, but it's unclear if this policy will apply more broadly.

Most development effort in graphics drivers these days, whether you're talking about Nvidia, Intel, or AMD, is focused on new APIs like DirectX 12 or Vulkan, increasingly advanced upscaling technologies, and specific improvements for new game releases. But this year, AMD has also been focusing on an old problem area for its graphics drivers: OpenGL performance. From a report: Over the summer, AMD released a rewritten OpenGL driver that it said would boost the performance of Minecraft by up to 79 percent (independent testing also found gains in other OpenGL games and benchmarks, though not always to the same degree). Now those same optimizations are coming to AMD's officially validated GPU drivers for its Radeon Pro-series workstation cards, providing big boosts to professional apps like Solidworks and Autodesk Maya. "The AMD Software: PRO Edition 22.Q3 driver has been tested and approved by Dell, HP, and Lenovo for stability and is available through their driver downloads," the company wrote in its blog post. "AMD continues to work with software developers to certify the latest drivers." Using a Radeon Pro W6800 workstation GPU, AMD says that its new drivers can improve Solidworks rendering speeds by up to 52 or 28 percent at 4K and 1080p resolutions, respectively. Autodesk Maya performance goes up by 34 percent at 4K or 72 percent at the default resolution. The size of the improvements varies based on the app and the GPU, but AMD's testing shows significant, consistent improvements across the board on the Radeon Pro W6800, W6600, and W6400 GPUs, improvements that AMD says will help those GPUs outpace analogous Nvidia workstation GPUs like the RTX A5000 and A2000 and the Nvidia T600.

Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company, another example of a "supply chain compromise" made infamous by the hack on U.S. networking company SolarWinds. From a report: U.S. cybersecurity firm CrowdStrike will say in an upcoming blog post seen by Reuters that it had discovered malicious software being distributed by Vancouver-based Comm100, which provides customer service products, such as chat bots and social media management tools, to a range of clients around the globe. The scope and scale of the hack wasn't immediately clear. In a message, Comm100 said it had fixed its software earlier Thursday and that more details would soon be forthcoming. The company did not immediately respond to follow-up requests for information. CrowdStrike researchers believe the malicious software was in circulation for a couple of days but wouldn't say how many companies had been affected, divulging only that "entities across a range of industries" were hit.

The SuperSpeed USB branding is no more thanks to a new set of guidelines currently being rolled out by the USB Implementers Forum (USB-IF), the body that manages and maintains the USB standard. From a report: It's part of a rebranding initiative that the organization kicked off last year with the introduction of a new series of packaging, port, and cable logos. But with its latest set of branding and logo guidelines it's going even further, simplifying its legacy branding and signaling the end of the decade-old SuperSpeed branding. If the name doesn't ring any bells, then that's probably because you (like most other people) simply referred to it by its USB 3 version number. Alongside it, the USB-IF is also ditching USB4 as a consumer-facing brand name.

AmiMoJo writes: Google announced an extension of the deadline to remove support for Manifest V2 extensions in the company's Chrome browser and the open source Chromium core. The change does not impact the core decision of removing support for Manifest V2 extensions in favor of Manifest V3. Dubbed, the adblocker killer initially, due to limitations imposed on content blocking and other types of browser extensions, Google made concessions that allows content blockers to run on Chrome after the final switch is made. Extensions are still limited in comparison to Manifest V2, especially if multiple that use filtering functionality are run simultaneously, or if lots of filters are activated in a single extension. Google's initial plan was to stop supporting Manifest V2 extensions in Chrome by June 2023. For most users, support would run out in January 2023, but an Enterprise policy would enable users to extend the deadline by six months.

Microsoft has confirmed two unpatched Exchange Server zero-day vulnerabilities are being exploited by cybercriminals in real-world attacks. From a report: Vietnamese cybersecurity company GTSC, which first discovered the flaws part of its response to a customer's cybersecurity incident, in August 2022, said the two zero-days have been used in attacks on their customers' environments dating back to early-August 2022. Microsoft's Security Response Center (MRSC) said in a blog post late on Thursday that the two vulnerabilities were identified as CVE-2022-41040, a server-side request forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution on a vulnerable server when PowerShell is accessible to the attacker. "At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems," the technology giant confirmed. Microsoft noted that an attacker would need authenticated access to the vulnerable Exchange Server, such as stolen credentials, to successfully exploit either of the two vulnerabilities, which impact on-premise Microsoft Exchange Server 2013, 2016 and 2019. Microsoft hasn't shared any further details about the attacks and declined to answer our questions. Security firm Trend Micro gave the two vulnerabilities severity ratings of 8.8 and 6.3 out of 10.

"First they came for factory jobs. Then they showed up in service industries. Now, machines are making inroads into the kind of white-collar office work once thought to be the exclusive preserve of humans," write Alexandre Tanzi and Reade Pickert via Bloomberg. An anonymous reader shares an excerpt from the report: It's not just corporate giants, capable of spending millions of dollars to develop their own technologies, that are getting in on the act. One feature of the new automation wave is that companies like Kizen have popped up to make it affordable even for smaller firms. Based in Austin, Texas, Kizen markets an automated assistant called Zoe, which can perform tasks for sales teams like carrying out initial research and qualifying leads. Launched a year ago, it's already sold more than 400,000 licenses. "Our smallest customer pays us $10 a month and our largest customer pays us $9.5 million a year,'' says John Winner, Kizen's chief executive officer. There are plenty of other ambitious companies cashing in on the trend, and posting steep increases in revenue -- like UiPath Inc., a favorite of star investment manager Cathie Wood, as well as Appian Corp. and EngageSmart Inc. Alongside the growth of AI and what economists call "robotic process automation" -- essentially, when software performs certain tasks previously done by humans -- old-school automation is still going strong too.

The number of robots sold in North America hit a new record in the first quarter of 2022, according to the Association for Advancing Automation. The World Economic Forum predicts that by 2025, machines will be working as many hours as humans. What all of this innovation means for the world's workers is one of the key open questions in economics. The upbeat view says it's tasks that get automated, not entire jobs -- and if the mundane ones can be handled by computers or robots, that should free up employees for more challenging and satisfying work. The downside risk: occupations from sales reps to administrative support, could begin to disappear -- without leaving obvious alternatives for the people who earned a living from them. That adds another employment threat for white-collar workers who may already be vulnerable right now to an economic downturn, largely because so many got hired in the boom of the past couple of years.

KC Harvey Environmental, a consultancy based in Bozeman, Montana that works with businesses and governments on environmental issues, is one of Kizen's clients. It uses the software to automate document control -- for example, archiving and delivering new contracts to the right places and people. "A new project probably took our accounting group and project management team a day," says Rio Franzman, KC Harvey's chief operating officer. "This now probably streamlines it down to about an hour." The firm employs about 100 people and "we didn't lose any'' as a result of automation, he says. "What it did allow is for the reallocation of time and resources to more meaningful tasks." KC Harvey is now working with Kizen to bring AI into its marketing, too, with a partly automated newsletter among other projects. Some of the biggest firms at the forefront of automation also say they've been able to do it without cutting jobs.

Engineering giant Siemens AG says it's automated all kinds of production and back-office tasks at its innovative plant in Amberg, Germany, where it makes industrial computers, while keeping staffing steady at around 1,350 employees over several decades. The firm has developed a technology known as "digital twinning," which builds virtual versions of everything from specific products to administrative processes. Managers can then run simulations and stress-tests to see how things can be made better. "We're not going to automate people out of the process," says Barbara Humpton, CEO of Siemens USA. "By optimizing automation systems, and by using digital tools and AI, workers have increased productivity at Amberg by more than 1,000%." [...] Whatever the outcome, it's unlikely to allay the deep unease that the idea of automation triggers among workers who feel their jobs are vulnerable. With the rise of AI, that group increasingly includes white-collar employees.

For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice. From a report: For decades, virtualization software has offered a way to vastly multiply computers' efficiency, hosting entire collections of computers as "virtual machines" on just one physical machine. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical "hyperjacking" and "Blue Pill" attacks, where hackers hijack virtualization to spy on and manipulate virtual machines, with potentially no way for a targeted computer to detect the intrusion. That insidious spying has finally jumped from research papers to reality with warnings that one mysterious team of hackers has carried out a spree of "hyperjacking" attacks in the wild.

Today, Google-owned security firm Mandiant and virtualization firm VMware jointly published warnings that a sophisticated hacker group has been installing backdoors in VMware's virtualization software on multiple targets' networks as part of an apparent espionage campaign. By planting their own code in victims' so-called hypervisors --VMware software that runs on a physical computer to manage all the virtual machines it hosts -- the hackers were able to invisibly watch and run commands on the computers those hypervisors oversee. And because the malicious code targets the hypervisor on the physical machine rather than the victim's virtual machines, the hackers' trick multiplies their access and evades nearly all traditional security measures designed to monitor those target machines for signs of foul play.

"The idea that you can compromise one machine and from there have the ability to control virtual machines en masse is huge," says Mandiant consultant Alex Marvi. And even closely watching the processes of a target virtual machine, he says, an observer would in many cases see only "side effects" of the intrusion, given that the malware carrying out that spying had infected a part of the system entirely outside its operating system. Mandiant discovered the hackers earlier this year and brought their techniques to VMware's attention. Researchers say they've seen the group carry out their virtualization hacking -- a technique historically dubbed hyperjacking in a reference to "hypervisor hijacking" -- in fewer than 10 victims' networks across North America and Asia. Mandiant notes that the hackers, which haven't been identified as any known group, appear to be tied to China.

Hackers infiltrated Fast Company's push notifications to send out racial slurs on Tuesday night. They also stole a database that includes employees' emails, password hashes for some of them and unpublished drafts, among other information. Customer records are safe, though, most likely because they're kept in a separate database. Engadget reports: In a statement, Fast Company has told Engadget that its Apple News account was hacked and was used to send "obscene and racist" push notifications." It added that the breach was related to another hack that happened on Sunday afternoon and that it has gone as far as shutting down the whole FastCompany.com domain for now. [...] Apple has addressed the situation in tweet, confirming that the website has been hacked and that it has suspended Fast Company's account.

At the moment, Fast Company's website loads a "404 Not Found" page. Before it was taken down, though, the bad actors managed to post a message detailing how they were able to infiltrate the publication, along with a link to a forum where stolen databases are made available for other users. They said that Fast Company had a default password for WordPress that was much too easy to crack and used it for a bunch of accounts, including one for an administrator. From there, they were able to grab authentication tokens, Apple News API keys, among other access information. The authentication keys, in turn, gave them the power to grab the names, email addresses and IPs of a bunch of employees. In a statement, Fast Company said: "Fast Company's content management system account was hacked on Tuesday evening. As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart. The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved. Tuesday's hack follows an apparently related hack of FastCompany.com that occurred on Sunday afternoon, when similar language appeared on the site's home page and other pages. We shut down the site that afternoon and restored it about two hours later. Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down."

The head of WhatsApp has warned UK ministers that moves to undermine encryption in a relaunched online safety bill would threaten the security of the government's own communications and embolden authoritarian regimes. From a report: In an interview with the Financial Times, Will Cathcart, who runs the Meta-owned messaging app, insisted that alternative techniques were available to protect children using WhatsApp, without having to abandon the underlying security technology that safeguards its more than 2bn users. The UK's bill, which the government argues will make the internet safer, has become a focus of global debate over whether companies such as Google, Meta and Twitter should be forced to proactively scan and remove harmful content on their networks.

Tech companies claim it is not technically possible for encrypted messaging apps to scan for material such as child pornography without undermining the security of the entire network, which prevents anyone -- including platform operators -- from reading users' messages. Cathcart said the UK's ultimate position on the issue would have a global impact. "If the UK decides that it is OK for a government to get rid of encryption, there are governments all around the world that will do exactly the same thing, where liberal democracy is not as strong, where there are different concerns that really implicate deep-seated human rights," he said, citing Hong Kong as a potential example.

Ahead of its Connect conference in October, Cloudflare this week announced an ambitious new project called Turnstile, which seeks to do away with the CAPTCHAs used throughout the web to verify people are who they say they are. From a report: Available to site owners at no charge, Cloudflare customers or no, Turnstile chooses from a rotating suite of "browser challenges" to check that visitors to a webpage aren't, in fact, bots. CAPTCHAs, the challenge-response tests most of us have encountered when filling out forms, have been around for decades, and they've been relatively successfully at keeping bot traffic at bay. But the rise of cheap labor, bugs in various CAPTCHA flavors and automated solvers have begun to poke holes in the system. Several websites offer human- and AI-backed CAPTCHA-solving services for as low as $0.50 per thousand solved CAPTCHAs, and some researchers claim AI-based attacks can successfully solve CAPTCHAs used by the world's most popular websites.

Cloudflare itself was once a CAPTCHA user. But according to CTO John Graham-Cumming, the company was never quite satisfied with it -- if Cloudflare's public rallying cries hadn't made that clear. In a conversation with TechCrunch, Graham-Cumming listed what he sees as the many downsides of CAPTCHA technology, including poor accessibility (visual disabilities can make it impossible to solve a CAPTCHA), cultural bias (CAPTCHAs assume familiarity with objects like U.S. taxis) and the strains that CAPTCHAs place on mobile data plans. [...] Turnstile automatically chooses a browser challenge based on "telemetry and client behavior exhibited during a session," Cloudflare says, rather than factors like login cookies. After running non-interactive JavaScript challenges to gather signals about the visitor and browser environment and using AI models to detect features and visitors who've passed a challenge before, Turnstile fine-tunes the difficulty of the challenge to the specific request -- avoiding having users solve a puzzle.

Microsoft is about to eliminate a method for logging into its Exchange Online email service that is widely considered vulnerable and outdated, but that some businesses still rely upon. From a report: The company has said that as of Oct. 1, it will begin to disable what's known as "basic authentication" for customers that continue to use the system. Basic authentication typically requires only a username and password for login; the system does not play well with multifactor authentication and is prone to a host of other heightened security risks. Microsoft has said that for several types of common password-based threats, attackers almost exclusively target accounts that use basic authentication. At identity platform Okta, which manages logins for a large number of Microsoft Office 365 accounts, "we've seen these problems for years," said Todd McKinnon, co-founder and CEO of Okta. "When we block a threat, nine times out of 10 it's against a Microsoft account that has basic authentication. So we think this is a great thing." Microsoft has been seeking to prod businesses to move off basic authentication for the past three years, but "unfortunately usage isn't yet at zero," it said in a post earlier this month.

The PC beta for Modern Warfare 2 was only online for just over a weekend, but cheat developers quickly managed to create wallhacks anyway, according to videos created by multiple cheat developers. From a report: The news highlights the constant cat and mouse game between cheat developers and the companies that make competitive video games, and shows that Modern Warfare 2 will be no different. Warzone, the massively popular free-to-play battle royale game built on top of Call of Duty's mainline games, was notoriously overrun by cheaters before publisher Activision and the development studios working on the game introduced a new anti-cheat mechanism called Ricochet. "I started developing a MW2 beta cheat right away. I was done the same day, the first day of the beta. My users got access once the cheat was complete & tested," Zebleer, the pseudonymous administrator of Phantom Overlay, a cheat provider that has a long history of selling cheats for Warzone, told Motherboard in an email.

[...] EngineOwning, another cheat developer, published a video to their Twitter account over the weekend appearing to show their own product in action, although it didn't seem to be ready for the beta. "Our MW2 cheat is now done and we're currently in close testing," the tweet read. "This means our cheat will be ready when the game launches, with all the features you'd expect." The Anti-Cheat Police Department, a researcher who has tracked the cheating ecosystem and who reports offending players, claimed in their own tweet that "Ricochet has this shitty cheat detected they are just a scam operation at this point."

Intel has announced an intriguing new app called Unison, which aims to "seamlessly" connect Intel-powered computers to smartphones -- not just Android phones but iOS devices as well. From a report: Following what Intel says is a "simple pairing process," the Unison app will allow PCs to replicate four key features of the connected phone. They can answer and make calls; they can share photos and files (pictures taken with the phone will show up in a specific Unison gallery on the PC); they can send and receive texts; and they can receive (and, in some cases, respond to) notifications that the phone receives -- though if Unison is closed, they'll go to the Windows notification center. "The advantage we can bring to a PC user that's got a well-designed Windows PC is not having to choose their device based on the PC they have. They have an iPhone, they have an Android phone, any device they want to use will be able to connect with this capability," Josh Newman, Intel's VP of mobile innovation, told The Verge. "When you're ... on your laptop, and you get notifications or texts on your phone, you can keep it in your bag and get right back into the flow of your work."

An anonymous reader quotes a report from Ars Technica: The Ukrainian government on Monday warned that the Kremlin is planning to carry out "massive cyberattacks" targeting power grids and other critical infrastructure in Ukraine and in the territories of its allies. "By the cyberattacks, the enemy will try to increase the effect of missile strikes on electricity supply facilities, primarily in the eastern and southern regions of Ukraine," an advisory warned. "The occupying command is convinced that this will slow down the offensive operations of the Ukrainian Defence Forces."

Monday's advisory alluded to two cyberattacks the Russian government carried out -- first in 2015 and then almost exactly one year later -- that deliberately left Ukrainians without power during one of the coldest months of the year. The attacks were seen as a proof-of-concept and test ground of sorts for disrupting Ukraine's power supply. "The experience of cyberattacks on Ukraine's energy systems in 2015 and 2016 will be used when conducting operations," the Ukrainian government said on Monday.

It's hard to assess the chances of a successful hacking campaign against Ukraine's power grids. Earlier this year, Ukraine's CERT-UA said it successfully detected a new strain of Industroyer inside the network of a regional Ukrainian energy firm. Industroyer2 reportedly was able to temporarily switch off power to nine electrical substations but was stopped before a major blackout could be triggered. [...] But researchers from Mandiant and elsewhere also note that Sandworm, the name for the Kremlin-backed group behind the power grid hacks, is among the most elite hacking groups in the world. They are known for stealth, persistence, and remaining hidden inside targeted organizations for months or even years before surfacing. Besides an attack on electrical grids, Monday's advisory also warned of other forms of disruptions the country expected Russia to ramp up. "The Kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine's closest allies, primarily Poland and the Baltic states," the advisory stated. "We don't have any direct knowledge or data to make an assessment on Ukraine's capability to defend its grid, but we do know that CERT-UA stopped the deployment of INDUSTROYER.V2 malware that targeted Ukraine's electric substations earlier this year," Chris Sistrunk, technical manager of Mandiant Industrial Control Systems Consulting, wrote in an email. "Based on that, and what we know about the Ukrainian people's overall resolve, it's increasingly clear that one of the reasons cyberattacks in Ukraine have been dampened is because its defenders are very aggressive and very good at confronting Russian actors."

An anonymous reader quotes a report from Bloomberg: In the heart of midtown Manhattan lies a multibillion-dollar problem for building owners, the city and thousands of workers. Blocks of decades-old office towers sit partially empty, in an awkward position: too outdated to attract tenants seeking the latest amenities, too new to be demolished or converted for another purpose. It's a situation playing out around the globe as employers adapt to flexible work after the Covid-19 pandemic and rethink how much space they need. Even as people are increasingly called back to offices for at least some of the week, vacancy rates have soared in cities from Hong Kong to London and Toronto.

"There's no part of the world that is untouched by the growth of hybrid working," said Richard Barkham, global chief economist for commercial real estate firm CBRE Group Inc. In some cases, companies are simply cutting back on space to reduce their real estate costs. Others are relocating to shiny new towers with top-of-the-line amenities to attract talent and employees who may be reluctant to leave the comforts of working from home. Left behind are older buildings outside of prime locations. The US is likely to have a slower office-market recovery than Asia and Europe because it began the pandemic with a higher vacancy rate, and long-term demand is expected to drop around 10% or more, Barkham said. New York, America's biggest office real estate market, is at the center of the issue.

A study this year by professors at Columbia University and New York University estimated that lower tenant demand because of remote work may cut 28%, or $456 billion, off the value of offices across the US. About 10% of that would be in New York City alone. The implications of obsolete buildings stretch across the local economy. Empty offices have led to a cascade of shuttered restaurants and other street-level businesses that depended on daytime worker traffic. And falling building values mean less property-tax revenue for city coffers. A strip on Manhattan's Third Avenue, from 42nd to 59th streets, shows the problem of older properties in stark terms. While New York leasing demand has bounced back toward pre-pandemic levels, the corridor has 29% of office space available for tenants, nearly double the amount four years ago and above the city's overall rate of 19%, according to research from brokerage firm Savills. "There's no easy fix for landlords, who rely on rental income to pay down debt," notes the report. "Some cities are exploring options to turn downtown offices to residential buildings: Calgary, for instance, has an incentive program for such redevelopments. While New York has had some conversions, the hefty costs and zoning and architectural restrictions make it a difficult proposition."

An anonymous reader shares a report: Are smartphones ever entirely secure? It depends on one's definition of "secure," particularly when dealing with corporate environments. Most companies with bring-your-own-device policies install apps or agents on workers' smartphones to help secure them, leveraging the management capabilities built into operating systems like Android and iOS. But those might not be sufficient. That's what Cloudflare argues, anyway, in the pitch for the new services it's launching this week. Today, the company announced Zero Trust SIM and Zero Trust for Mobile Operators, two product offerings targeting smartphone users, the companies securing corporate phones and the carriers selling data services. Let's start with Zero Trust SIM. Designed to secure all data packets leaving a smartphone, Zero Trust SIM -- once launched in the U.S. (to start) -- will be available as an eSIM deployable via existing mobile device management platforms to both iOS and Android devices. It'll be locked to a specific device, mitigating the risk of SIM-swapping attacks, and usable either in a standalone configuration or in tandem with Cloudflare's mobile agent, WARP.

In a recent email interview, Cloudflare CTO John Graham-Cumming made the case that Zero Trust SIM can accomplish what VPNs and other secure layers can't: cell-level protection. A SIM card can act as another security factor, and -- in combination with hardware keys -- make it nearly impossible to impersonate an employee, he argued. "Zero Trust SIM provides defense in depth. A VPN layer is one of those components, but doesn't remove the need to still deploy cellular connectivity across all of your mobile devices today, and traditional 'AnyConnect-style' VPNs do nothing to stop attackers moving laterally once they're inside the VPN," Graham-Cumming said. "We continue to see organizations breached due to challenges securing their applications and networks, and what was once a real-estate budget is quickly becoming a 'secure my remote and distributed workforce' budget from an IT security perspective." Specifically, Graham-Cumming said that Zero Trust SIM will enable Cloudflare to rewrite DNS requests leaving a device to instead use Cloudflare Gateway for DNS filtering.

New submitter cj9er writes: Considering all the privacy issues in today's online climate (all the issues with Meta right now), what is the best high-end smartphone to select?

Apple: No way they don't sell your data... Sure, they have privacy for third-party apps, but what about the data they collect from the phone itself? Consider what the revenue is on a single smartphone (say $150), how do you think they have all that cash on hand?

Google: Yeah right, Pixel is probably collecting [data] 24/7 considering their main business is selling ads on Search. They have developed the Pixel line because they probably realized they were missing out on the direct collection of data from their own hardware (cut out the middle players using Android).

Samsung: Their TVs even collect and sell data on you. I don't really understand the price premium on Galaxy phones anyways.

I have kept my data and Wi-Fi turned off on my phones for years. Initially it was for battery reasons but now add in data collection. Ultimately, if we could turn off the GPS feature at will on our phones, maybe we could prevent all tracking (except for cellular triangulation). If we then think about safety, GPS is great and now with satellite-tracking on Apple phones, even better. But then what is going on behind the scenes 99.99% of the rest of the time when you don't require those options for safety reasons?

What phone manufacturer can be trusted?

AmiMoJo shares a report from Neowin: Anti-malware solutions maker Malwarebytes has recently uncovered a campaign which is serving tech support scams via malicious ads in Microsoft Edge's 'My Feed' section. They provided an image that shows a screenshot of a malvertising campaign where a fake browser locker page is displayed to dupe potential victims. The adware is smart in the way it operates as Malwarebytes has found that the malicious ad banner redirects only potential targets to the tech support scam page. Meanwhile bots, VPNs and geo-locations are shown the actual ad page powered by the Taboola ad network. The firm notes that the differentiation is made with a help of a base64-encoded JavaScript string.

In the span of just 24 hours, Malwarebytes managed to collect over 200 different hostnames. Somewhat unsurprisingly perhaps, one of the associated domains is linked to an individual who appears to be the director of a software company operating in Delhi, India. You can find more details about this malvertising campaign on Malwarebytes' blog post about the topic.

Corporate employees at Amazon got emails about promotions and raises. Then they got emails saying the raises weren't quite what they thought. From a report: A one-time bonus that was part of their compensation package had been miscalculated due to a software error and would be lower than what they had been told, according to an email sent on Thursday and viewed by Insider. The bonuses had initially been calculated using older, higher stock prices, according to Insider, and about 40% of promoted employees this quarter were affected by the error.

"We identified and immediately corrected an issue with some newly promoted employees' compensation communications," an Amazon spokesperson told Fortune. We are working with employees to ensure they understand their updated compensation." Compensation has been a major issue across the tech sector this year as a strong labor market heats up competition for workers. Earlier this year, Amazon announced its plan to double its maximum base salary to $350,000 to attract talent, something that workers at Google cited after the company's annual internal survey revealed their dissatisfaction with pay.