Police in the UK have arrested a 17-year-old suspected hacker. Reports suggest the arrest is connected to the Rockstar Games hack that led to a major Grand Theft Auto VI leak. The individual may have been involved with an intrusion on Uber as well. From a report: According to journalist Matthew Keys' sources, the arrest is the result of an investigation involving the City of London Police, the UK's National Cyber Crime Unit and the FBI. Keys noted that the police and/or the FBI will reveal more details about the arrest later today. The City of London Police told Engadget it had "no further information to share at this stage."

The GTA VI leak is unquestionably one of the biggest in video game history. Last weekend, the hacker shared a trove of footage from a test build of the game, which is one of the most hotly anticipated titles around. Rockstar, which tends to keep a tight lid on its development process, confirmed on Monday that the leak was legitimate. It said the incident won't impact work on the game and that it will "properly introduce" fans to the next title in the blockbuster series once it's ready.

Australia's second-largest telecommunications company, Optus, has reported a cyber-attack. The breach exposed customers' names, dates of birth, phone numbers and email addresses. From a report: The company - which has more than ten million subscribers - says it has shut down the attack but not before other details such as driver's licences and passport numbers were hacked. Optus says payment data and account passwords were not compromised. The company said it would notify those at "heightened risk" but all customers should check their accounts. Chief executive Kelly Bayer Rosmarin apologised to its customers, on ABC TV. She said names, dates of birth and contact details had been accessed, "in some cases" the driving licence number, and in "a rare number of cases the passport and the mailing address" had also been exposed. The company had notified the Australian Federal Police after noticing "unusual activity." And investigators were trying "to understand who has been accessing the data and for what purpose."

Weeks after Twitter's ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn't close all of a user's active logged-in sessions on Android and iOS after an account's password was reset. From a report: This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance. Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user's Twitter account. In a blog post, Twitter explains that it had learned of the bug that had allowed "some" accounts to stay logged in on multiple devices after a user reset their password voluntarily. Typically, when a password reset occurs, the session token that keeps a user logged into the app is also revoked -- but that didn't take place on mobile devices, Twitter says. Web sessions, however, were not impacted and were closed appropriately, it noted.

A listing on a popular hacker forum offers 350 million Ask.FM user records for sale in what might be one of the biggest breaches of all time. Cybernews reports: The listing allegedly includes 350 million Ask.FM user records, with the threat actor also offering 607 repositories plus their Gitlab, Jira, and Confluence databases. Ask.FM is a question and answer network launched in June 2010, with over 215 million registered users. The posting also includes a list of repositories, sample git, and sample user data, as well as mentions of the fields in the database: user_id, username, mail, hash, salt, fbid, twitterid, vkid, fbuid, iguid. It appears that Ask.FM is using the weak hashing algorithm SHA1 for passwords, putting them at risk of being cracked and exposed to threat actors.

In response to DataBreaches, the user who posted the database -- Data -- explained that initial access was gained via a vulnerability in Safety Center. The server was first accessed in 2019, and the database was obtained on 2020-03-14. Data also suggested that Ask.FM knew about the breach as early as back in 2020. While the breach has not been confirmed, the seller called "Data" says he will "vouch all day and night for" listed user data from Ask.FM (ASKfm), the social networking site. "I'm selling the users database of Ask.fm and ask.com," Data wrote. "For connoisseurs, you can also get 607 repositories plus their Gitlab, Jira, Confluence databases."

An anonymous reader quotes a report from the Washington Post: A new estimate for the total number of ants burrowing and buzzing on Earth comes to a whopping total of nearly 20 quadrillion individuals. That staggering sum -- 20,000,000,000,000,000, or 20,000 trillion -- reveals ants' astonishing ubiquity even as scientists grow concerned a possible mass die off of insects could upend ecosystems. In a paper released Monday by the Proceedings of the National Academy of Sciences, a group of scientists from the University of Hong Kong analyzed 489 studies and concluded that the total mass of ants on Earth weighs in at about 12 megatons of dry carbon. Put another way: If all the ants were plucked from the ground and put on a scale, they would outweigh all the wild birds and mammals put together.

"It's unimaginable," said Patrick Schultheiss, a lead author on the study who is now a researcher at the University of Wurzburg in Germany, in a Zoom interview. "We simply cannot imagine 20 quadrillion ants in one pile, for example. It just doesn't work." Counting all those insects -- or at least enough of them to come up with a sound estimate -- involved combining data from "thousands of authors in many different countries" over the span of a century, Schultheiss added. To tally insects as abundant as ants, there are two ways to do it: Get down on the ground to sample leaf litter -- or set tiny pitfall traps (often just a plastic cup) and wait for the ants to slip in. Researchers have gotten their boots dirty with surveys in nearly every corner of the world, though some spots in Africa and Asia lack data. "It's a truly global effort that goes into these numbers," Schultheiss said.

Recent research from the otto-js Research Team has uncovered that data that is being checked by both Microsoft Editor and the enhanced spellcheck setting within Google Chrome is being sent to Microsoft and Google respectively. This data can include usernames, emails, DOB, SSN, and basically anything that is typed into a text box that is checked by these features. Neowin reports: As an additional note, even passwords can be sent by these features, but only when a 'Show Password' button is pressed, which converts the password into visible text, which is then checked. The key issue resolves around sensitive user personally identifiable information (PII), and this is a key concern for enterprise credentials when accessing internal databases and cloud infrastructure.

Some companies are already taking action to prevent this, with both AWS and LastPass security teams confirming that they have mitigated this with an update. The issue has already been dubbed 'spell-jacking'. What's most concerning is that these settings are so easy to enable by users, and could result in data exposure without anyone ever realising it. The team at otto-js ran a test of 30 websites, across a range of sectors, and found that 96.7% of them sent data with PII back to Google and Microsoft. At present, the otto-js Research Team recommends that these extensions and settings are not used until this issue is resolved.

Uber said on Monday a hacker affiliated with the Lapsus$ hacking group was responsible for a cyber attack that forced the ride-hailing company to shut several internal communications temporarily last week. From a report: Uber said the attacker had not accessed any user accounts and the databases that store sensitive user information such as credit card numbers, bank account or trip details. "The attacker accessed several internal systems, and our investigation has focused on determining whether there was any material impact," Uber said, adding that investigation was still ongoing. The company said it was in close coordination with the FBI and the U.S. Department of Justice on the matter. Friday's cybersecurity incident had brought down Uber's internal communication system for a while and employees were restricted to use Salesforce-owned office messaging app Slack. Uber said the attacker logged in to a contractor's Uber account after they accepted a two-factor login approval request following multiple requests, giving the hacker access to several employee accounts and tools such as G-Suite and Slack.

ArsTechnica reports: The head of Kiwi Farms said the site experienced a breach that allowed hackers to access his administrator account and possibly the accounts of all other users. On the site, creator Joshua Moon wrote: "The forum was hacked. You should assume the following. Assume your password for the Kiwi Farms has been stolen. Assume your email has been leaked. Assume any IP you've used on your Kiwi Farms account in the last month has been leaked."

Moon said that the unknown individual or individuals behind the hack gained access to his admin account by using a technique known as session hijacking, in which an attacker obtains the authentication cookies a site sets after an account holder enters valid credentials and successfully completes any two-factor authentication requirements. The session hijacking was made possible after uploading malicious content to XenForo, a site Kiwi Farms uses to power its user forums.

mspohr writes: A major bug in Apple's latest iPhone is causing the camera to physically fail when using apps such as TikTok, Snapchat and Instagram, some owners have reported. The bug in the company's iPhone 14 Pro Max, the most expensive model in the iPhone 14 range, appears to affect the optical image stabilisation (OIS) feature, which uses a motor to eliminate the effects of camera shake when taking pictures. Opening the camera in certain apps causes the OIS motor to go haywire, causing audible grinding sounds and physically vibrating the entire phone. The vibration does not occur when using the built-in camera app, suggesting the problem's roots are in a software fault. However, some have warned affected users to limit their usage of apps that trigger the bug, in case excess vibration causes permanent damage to the OIS system. The company has previously warned users about potential damage to the OIS motor, particularly in situations where their phones are experiencing significant vibration. In January this year, the company published a long warning note for users about the risk of mounting their iPhones near "high-power motorcycle engines."

The world's freight-carrying trucks and ships use GPS-based satellite tracking and navigation systems, reports ZDNet. But "Criminals are turning to cheap GPS jamming devices to ransack the cargo on roads and at sea, a problem that's getting worse...." Jammers work by overpowering GPS signals by emitting a signal at the same frequency, just a bit more powerful than the original. The typical jammers used for cargo hijackings are able to jam frequencies from up to 5 miles away rendering GPS tracking and security apparatuses, such as those used by trucking syndicates, totally useless. In Mexico, jammers are used in some 85% of cargo truck thefts. Statistics are harder to come by in the United States, but there can be little doubt the devices are prevalent and widely used. Russia is currently availing itself of the technology to jam commercial planes in Ukraine.

As we've covered, the proliferating commercial drone sector is also prey to attack.... During a light show in Hong Kong in 2018, a jamming device caused 46 drones to fall out of the sky, raising public awareness of the issue.
While the problem is getting worse, the article also notes that companies are developing anti-jamming solutions for drone receivers, "providing protection and increasing the resiliency of GPS devices against jamming attacks.

"By identifying and preventing instances of jamming, fleet operators are able to prevent cargo theft."

While there is a lot of noise about the hottest programming languages and the evolution of Web3, blockchain and the metaverse, none of this will matter if the industry doesn't have highly skilled software developers to build them," argues ZDNet.

So they spoke to Ori Bendet, VP of product management at CheckMarx, a builder software that tests application security. His prediction? Automatic code generators (ACG) like Github CoPilot, AWS CodeWhisperer and Tab9 will eventually replace "traditional" coding. "Although ACG is not as good as developers may think," Bendet says, "over the next few years, every developer will have their code generated, leaving them more time to focus on their core business." As businesses turn to automation as a means of quickly building and deploying new apps and digital services, low code and no code tools will play a fundamental role in shaping the future of the internet. According to a 2021 Gartner forecast, by 2025, 70% of new applications developed by enterprises will be based on low-code or no-code tools, compared to less than 25% in 2020. A lot of this work will be done by 'citizen developers' — employees who build business apps for themselves and other users using low code tools, but who don't have formal training in computer programming. In order to build a proficient citizen developer workforce, companies will need an equally innovative approach to training.

"Low code and no code tools are democratizing software development and providing opportunities for more people to build technology, prompting more innovation across industries," says Prashanth Chandrasekar, CEO of Stack Overflow....

The rise of low-code and no-code will also help to further democratize tech jobs, creating more opportunities for talented individuals from non-tech or non-academic backgrounds. A 2022 survey by developer recruitment platforms CoderPad and CodinGame found that 81% of tech recruiters now readily hire from 'no-degree' candidate profiles. CodinGame COO Aude Barral believes this trend will only grow as the demand for software professionals intensifies.
Stack Overflow's CEO sees some limitations. "Without taking the time to learn the fundamentals of writing code or the context in which code is used, developers using low-code or code suggestion tools will hit a limit in the quality and functionality of their code."

How is this playing out in the real world of professional IT? I'd like to invite Slashdot's readers to share their own experiences in the comments.

Are you seeing low-code and no-code development replacing traditional coding?

The makers of the secure telnet client PuTTY also sell a service monitoring company security services — and this July Mandiant Managed Defense "identified a novel spear phish methodology," according to a post on the company's blog: [The threat cluster] established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility.... This activity was identified by our Mandiant Intelligence: Staging Directories mission, which searches for anomalous files written to directories commonly used by threat actors....

The amazon_assessment.iso archive held two files: an executable and a text file. The text file named Readme.txt had connection details for use with the second file: PuTTY.exe.... [T]he PuTTY.exe binary in the malicious archive does not have a digital signature. The size of the PuTTY binary downloaded by the victim is also substantially larger than the legitimate version. Upon closer inspection, it has a large, high entropy .data section in comparison to the officially distributed version. Sections like these are typically indicative of packed or encrypted data. The suspicious nature of the PuTTY.exe embedded in the ISO file prompted Managed Defense to perform a deeper investigation on the host and the file itself.

The execution of the malicious PuTTY binary resulted in the deployment of a backdoor to the host.
"The executable embedded in each ISO file is a fully functional PuTTY application compiled using publicly available PuTTY version 0.77 source code," the blog post points out.

Ars Technica notes that Mandiant's researchers believe it's being pushed by groups with ties to North Korea: The executable file installed the latest version of Airdry, a backdoor the US government has attributed to the North Korean government. The US Cybersecurity and Infrastructure Security Agency has a description here. Japan's community emergency response team has this description of the backdoor, which is also tracked as BLINDINGCAN.

An anonymous reader quotes a report from Ars Technica: On Thursday, a few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI. Using a newly discovered technique called a "prompt injection attack," they redirected the bot to repeat embarrassing and ridiculous phrases. The bot is run by Remoteli.io, a site that aggregates remote job opportunities and describes itself as "an OpenAI driven bot which helps you discover remote jobs which allow you to work from anywhere." It would normally respond to tweets directed to it with generic statements about the positives of remote work. After the exploit went viral and hundreds of people tried the exploit for themselves, the bot shut down late yesterday.

This recent hack came just four days after data researcher Riley Goodside discovered the ability to prompt GPT-3 with "malicious inputs" that order the model to ignore its previous directions and do something else instead. AI researcher Simon Willison posted an overview of the exploit on his blog the following day, coining the term "prompt injection" to describe it. "The exploit is present any time anyone writes a piece of software that works by providing a hard-coded set of prompt instructions and then appends input provided by a user," Willison told Ars. "That's because the user can type 'Ignore previous instructions and (do this instead).'"

The concept of an injection attack is not new. Security researchers have known about SQL injection, for example, which can execute a harmful SQL statement when asking for user input if it's not guarded against. But Willison expressed concern about mitigating prompt injection attacks, writing, "I know how to beat XSS, and SQL injection, and so many other exploits. I have no idea how to reliably beat prompt injection!" The difficulty in defending against prompt injection comes from the fact that mitigations for other types of injection attacks come from fixing syntax errors, noted a researcher named Glyph on Twitter. "Correct the syntax and you've corrected the error. Prompt injection isn't an error! There's no formal syntax for AI like this, that's the whole point." GPT-3 is a large language model created by OpenAI, released in 2020, that can compose text in many styles at a level similar to a human. It is available as a commercial product through an API that can be integrated into third-party products like bots, subject to OpenAI's approval. That means there could be lots of GPT-3-infused products out there that might be vulnerable to prompt injection.

LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. BleepingComputer reports: In an update to the security incident notification published last month, Lastpass' CEO Karim Toubba also said that the company's investigation (carried out in partnership with cybersecurity firm Mandiant) found no evidence the threat actor accessed customer data or encrypted password vaults. "Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults," Toubba said.

While method through which the attacker was able to compromise a Lastpass developer's endpoint to access the Development environment, the investigation found that the threat actor was able to impersonate the developer after he "had successfully authenticated using multi-factor authentication." After analyzing source code and production builds, the company has also not found evidence that the attacker tried to inject malicious code. This is likely because only the Build Release team can push code from Development into Production, and even then, Toubba said the process involves code review, testing, and validation stages. Additionally, he added that the LastPass Development environment is "physically separated from, and has no direct connectivity to" Lastpass' Production environment. The company says it has since "deployed enhanced security controls including additional endpoint security controls and monitoring," as well as additional threat intelligence capabilities and enhanced detection and prevention technologies in both Development and Production environments.

Uber says there is "no evidence" that any of its users' private information was compromised in a breach of its internal computer systems discovered Thursday. From a report: All of the company's products, including its ride-hail and Uber Eats food delivery services, are currently "operational," and law enforcement has been notified, Uber said in a statement this afternoon. The hack, which was discovered Thursday, forced the company to take several of its internal systems offline, including Slack, Amazon Web Services, and Google Cloud Platform. Uber is continuing to investigate how a hacker, who claims to be 18 years old, was able to gain administrator access to the company's internal tools. Those internal software tools were taken offline yesterday afternoon as "a precaution" and started to come back online earlier today, the company says.

An anonymous reader shares a report: Here's a fun new feature for Chrome for Android: fingerprint-protected Incognito tabs. 9to5Google discovered the feature in the Chrome 105 stable channel, though you'll have to dig deep into the settings to enable it at the moment. If you want to add a little more protection to your private browsing sessions, type "chrome://flags/#incognito-reauthentication-for-android" into the address bar and hit enter. After enabling the flag and restarting Chrome, you should see an option to "Lock Incognito tabs when you leave Chrome." If you leave your Incognito session and come back, an "unlock Incognito" screen will appear instead of your tabs, and you'll be asked for a fingerprint scan.

Intel is replacing its Pentium and Celeron brands with just Intel Processor. The new branding will replace both existing brands in 2023 notebooks and supposedly make things easier when consumers are looking to purchase budget laptops. From a report: Intel will now focus on its Core, Evo, and vPro brands for its flagship products and use Intel Processor in what it calls "essential" products. "Intel is committed to driving innovation to benefit users, and our entry-level processor families have been crucial for raising the PC standard across all price points," explains Josh Newman, VP and interim general manager of mobile client platforms at Intel. "The new Intel Processor branding will simplify our offerings so users can focus on choosing the right processor for their needs."

The end of the Pentium brand comes after nearly 30 years of use. Originally introduced in 1993, flagship Pentium chips were first introduced in high-end desktop machines before making the move to laptops. Intel has largely been using its Core branding for its flagship line of processors ever since its introduction in 2006, and Intel repurposed the Pentium branding for midrange processors instead. Celeron was Intel's brand name for low-cost PCs. Launched around five years after Pentium, Celeron chips have always offered a lot less performance at a lot less cost for laptop makers and, ultimately, consumers. The first Celeron chip in 1998 was based on a Pentium II processor, and the latest Celeron processors are largely used in Chromebooks and low-cost laptops.

Ethereum's big software update on Thursday may have turned the second-largest cryptocurrency into a security in the eyes of a top U.S. regulator. From a report: Securities and Exchange Commission Chairman Gary Gensler said Thursday that cryptocurrencies and intermediaries that allow holders to "stake" their coins might pass a key test used by courts to determine whether an asset is a security. Known as the Howey test, it examines whether investors expect to earn a return from the work of third parties. "From the coin's perspective...that's another indicia that under the Howey test, the investing public is anticipating profits based on the efforts of others," Mr. Gensler told reporters after a congressional hearing. He said he wasn't referring to any specific cryptocurrency.

Issuers of securities -- a category of assets that includes stocks and bonds -- are required to file extensive disclosures with the SEC under laws passed in the 1930s. Exchanges and brokers that facilitate the trading of securities must comply with strict rules designed to protect investors from conflicts of interest. Cryptocurrency issuers and trading platforms face strict liabilities if they sell any assets that are deemed to be securities by the SEC or courts. Staking is one of two ways in which cryptocurrency networks verify transactions. Used by some of the largest cryptocurrencies -- including Solana, Cardano and, as of this week, ether -- it allows investors to lock up their tokens for a specified amount of time to receive a return.

Uber discovered its computer network had been breached on Thursday, leading the company to take several of its internal communications and engineering systems offline as it investigated the extent of the hack. From a report: The breach appeared to have compromised many of Uber's internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. "They pretty much have full access to Uber," said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. "This is a total compromise, from what it looks like."

An Uber spokesman said the company was investigating the breach and contacting law enforcement officials. Uber employees were instructed not to use the company's internal messaging service, Slack, and found that other internal systems were inaccessible, said two employees, who were not authorized to speak publicly. Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, "I announce I am a hacker and Uber has suffered a data breach." The message went on to list several internal databases that the hacker claimed had been compromised. BleepingComputers adds: According Curry, the hacker also had access to the company's HackerOne bug bounty program, where they commented on all of the company's bug bounty tickets. Curry told BleepingComputer that he first learned of the breach after the attacker left the above comment on a vulnerability report he submitted to Uber two years ago. Uber runs a HackerOne bug bounty program that allows security researchers to privately disclose vulnerabilities in their systems and apps in exchange for a monetary bug bounty reward. These vulnerability reports are meant to be kept confidential until a fix can be released to prevent attackers from exploiting them in attacks.

Curry further shared that an Uber employee said the threat actor had access to all of the company's private vulnerability submissions on HackerOne. BleepingComputer was also told by a source that the attacker downloaded all vulnerability reports before they lost access to Uber's bug bounty program. This likely includes vulnerability reports that have not been fixed, presenting a severe security risk to Uber. HackerOne has since disabled the Uber bug bounty program, cutting off access to the disclosed vulnerabilities.

Three Iranian nationals charged with hacking into US-based computer networks sent ransom demands to the printers of at least some of their victims, according to an indictment unsealed today. The ransom demands allegedly sought payments in exchange for BitLocker decryption keys that the victims could use to regain access to their data. The three defendants remain at large and outside the US, the DOJ said. From a report: "The defendants' hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims' computer systems," the US Department of Justice said in a press release. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein, "and others also conducted encryption attacks against victims' computer systems, denying victims access to their systems and data unless a ransom payment was made." The indictment in US District Court for the District of New Jersey describes a few incidents in which ransom demands were sent to printers on hacked networks. In one case, a printed message sent to an accounting firm allegedly said, "We will sell your data if you decide not to pay or try to recover them." In another incident, the indictment said a Pennsylvania-based domestic violence shelter hacked in December 2021 received a message on its printers that said, "Hi. Do not take any action for recovery. Your files may be corrupted and not recoverable. Just contact us."