An anonymous reader quotes a report from Ars Technica: Tech support scammers have devised a method to inject their fake phone numbers into webpages when a target's web browser visits official sites for Apple, PayPal, Netflix, and other companies. The ruse, outlined in a post on Wednesday from security firm Malwarebytes, threatens to trick users into calling the malicious numbers even when they think they're taking measures to prevent falling for such scams. One of the more common pieces of security advice is to carefully scrutinize the address bar of a browser to ensure it's pointing to an organization's official website. The ongoing scam is able to bypass such checks.

The unknown actors behind the scam begin by buying Google ads that appear at the top of search results for Microsoft, Apple, HP, PayPal, Netflix, and other sites. While Google displays only the scheme and host name of the site the ad links to (for instance, https://www.microsoft.com/ the ad appends parameters to the path to the right of that address. When a target clicks on the ad, it opens a page on the official site. The appended parameters then inject fake phone numbers into the page the target sees.

Google requires ads to display the official domain they link to, but the company allows parameters to be added to the right of it that aren't visible. The scammers are taking advantage of this by adding strings to the right of the hostname. The parameters aren't displayed in the Google ad, so a target has no obvious reason to suspect anything is amiss. When clicked on, the ad leads to the correct hostname. The appended parameters, however, inject a fake phone number into the webpage the target sees. The technique works on most browsers and against most websites. Malwarebytes.com was among the sites affected until recently, when the site began filtering out the malicious parameters.

Austria's coalition government has agreed on a plan to enable police to monitor suspects' secure messaging in order to thwart militant attacks, ending what security officials have said is a rare and dangerous blind spot for a European Union country. From a report: Because Austria lacks a legal framework for monitoring messaging services like WhatsApp, its main domestic intelligence service and police rely on allies with far more sweeping powers like Britain and the United States alerting them to chatter about planned attacks and spying.

That kind of tip-off led to police unravelling what they say was a planned attack on a Taylor Swift concert in Vienna, which prompted the cancellation of all three of her planned shows there in August of last year. "The aim is to make people planning terrorist attacks in Austria feel less secure - and increase everyone else's sense of security," Joerg Leichtfried of the Social Democrats, the junior minister in charge of overseeing the Directorate for State Security and Intelligence (DSN), told a news conference.

Facebook now supports passkeys for login, offering users a more secure, phishing-resistant alternative to passwords by using biometrics or a PIN stored on their device. The feature is rolling out to iOS and Android "soon," while Messenger will get the feature "in the coming months." Lifehacker reports: Meta seems pretty excited about the news -- and not just because the company happens to be a member of the FIDO Alliance, the organization that developed passkeys. Aside from logging into your Facebook account, Meta says you'll be able to use passkeys to autofill your payment info when buying things with Meta Pay. You'll also be able to use the same passkey between both Facebook and Messenger, and your passkey will act as a key to lock out your encrypted Messenger chats.

Microsoft is planning to ax thousands of jobs, particularly in sales, as part of the company's latest move to trim its workforce amid heavy spending on AI. From a report: The cuts are expected to be announced early next month [non-paywalled source], following the end of Microsoft's fiscal year, according to people familiar with the matter. The reductions won't exclusively affect sales teams, and the timing could still change, said the people, who requested anonymity to discuss a private matter. The terminations would follow a previous round of layoffs in May that hit 6,000 people and fell hardest on product and engineering positions, largely sparing customer-facing roles like sales and marketing.

An anonymous reader shares a report: Microsoft has a long history of being criticized for coming up with clunky product names, and for changing them so often it's hard for customers to keep up. The company's own employees once joked in a viral video that the iPod would have been called the "Microsoft I-pod Pro 2005 XP Human Ear Professional Edition with Subscription" had it been created by Microsoft. The latest gripe among some employees and customers: The company's tendency to slap "Copilot" on everything AI.

"There is a delusion on our marketing side where literally everything has been renamed to have Copilot it in," one employee told Business Insider late last year. "Everything is Copilot. Nothing else matters. They want a Copilot tie-in for everything." Now, an advertising watchdog is weighing in. The Better Business Bureau's National Advertising Division reviewed Microsoft's advertising for its Copilot AI tools. NAD called out Microsoft's "universal use of the product description as 'Copilot'" and said "consumers would not necessarily understand the difference," according to a recent report from the watchdog.

"Microsoft is using 'Copilot' across all Microsoft Office applications and Business Chat, despite differences in functionality and the manual steps that are required for Business Chat to produce the same results as Copilot in a specific Microsoft Office app," NAD further explained in an email to BI. NAD did not mention any specific recommendations on product names. But it did say Microsoft should modify claims that Copilot works "seamlessly across all your data" because all of the company's tools with the Copilot moniker don't work together continuously in a way consumers might expect.

Veteran columnist Steven J. Vaughan-Nichols declared that Firefox was "dead" to him in a scathing opinion piece Tuesday that cites Mozilla's strategic missteps and the browser's declining technical performance as evidence of terminal decline. Vaughan-Nichols argues that Mozilla has fundamentally betrayed user trust by removing a longstanding promise never to sell personal data from its privacy policy in February, replacing it with a weaker pledge to "protect your personal information."

The veteran technology writer also criticized Mozilla's decision to discontinue Pocket, a popular article-saving service, and Fakespot, which identified fake online reviews, while pursuing what he called a misguided AI strategy. He cited user reports of Firefox running up to 30% slower than Chrome, consuming excessive memory, and failing to properly load major websites. Mozilla has also become financially more vulnerable, he argued, noting CFO Eric Muhlheim's admission that the company depends on Google for 90% of its revenue. According to federal data he cited, Firefox holds just 1.9% of the browser market, leading him to conclude the browser is "done."

Researchers are cautioning users against clicking unsubscribe links embedded in email bodies, citing new data showing such actions can expose recipients to malicious websites and confirm active email addresses to attackers. DNSFilter found that one in every 644 clicks on unsubscribe links leads users to potentially malicious websites.

"You've left the safe, structured environment of your email client and entered the open web," TK Keanini, DNSFilter's chief technology officer, told WSJ. The risks range from confirming to bad actors that an email address belongs to an active user to redirecting victims to fake websites designed to steal login credentials or install malware. Clicking such links "can make you a bigger target in the future," said Michael Bargury, CTO of security company Zenity.

Microsoft has disabled Windows Hello's ability to authenticate users in low-light environments through a recent security update that now requires both infrared sensors and color cameras to verify faces. The change forces the system to see a visible face through the webcam before completing authentication with IR sensors.

Windows Hello earlier relied solely on infrared sensors to create 3D facial scans, allowing the feature to work in complete darkness similar to iPhone's Face ID. Microsoft pushed the dual-camera requirement to address a spoofing vulnerability in the biometric system.

Microsoft's latest Windows 11 preview builds contain a bug that replaces the operating system's startup sound with Windows Vista's iconic boot chime from 2006. Microsoft acknowledged the bug in its release notes -- describing it as a "delightful blast from the past" -- and said it was working on a fix.

An anonymous reader shared this report from Bloomberg: Amazon's hard-line stance on getting disabled employees to return to the office has sparked a backlash, with workers alleging the company is violating the Americans with Disabilities Act as well as their rights to collectively bargain. At least two Amazon employees have filed complaints with the Equal Employment Opportunity Commission (EEOC) and the National Labor Relations Board, federal agencies that regulate working conditions. One of the workers said they provided the EEOC with a list of 18 "similarly situated" employees to emphasize that their experience isn't isolated and to help federal regulators with a possible investigation.

Disabled workers frustrated with how Amazon is handling their requests for accommodations — including exemptions to a mandate that they report to the office five days a week — are also venting their displeasure on internal chat rooms and have encouraged colleagues to answer surveys about the policies. Amazon has been deleting such posts and warning that they violate rules governing internal communications. One employee said they were terminated and another said they were told to find a different position after advocating for disabled workers on employee message boards. Both filed complaints with the EEOC and NLRB.
Amazon has told employees with disabilities they must now submit to a "multilevel leader review," Bloomberg reported in October, "and could be required to return to the office for monthlong trials to determine if accommodations meet their needs." (They received calls from "accommodation consultants" who also reviewed medical documentation, after which "another Amazon manager must sign off. If they don't, the request goes to a third manager...")

Bloomberg's new article remembers how several employees told them in November. "that they believed the system was designed to deny work-from-home accommodations and prompt employees with disabilities to quit, which some have done. Amazon denied the system was designed to encourage people to resign." Since then, workers have mobilized against the policy. One employee repeatedly posted an online survey seeking colleagues' reactions, defying the company's demands to stop. The survey ultimately generated feedback from more than 200 workers even though Amazon kept deleting it, and the results reflected strong opposition to Amazon's treatment of disabled workers. More than 71% of disabled Amazon employees surveyed said the company had denied or failed to meet most of their accommodation requests, while half indicated they faced "hostile" work environments after disclosing their disabilities and requesting accommodations.

One respondent said they sought permission to work from home after suffering multiple strokes that prevented them from driving. Amazon suggested moving closer to the office and taking mass transit, the person said in the survey. Another respondent said they couldn't drive for longer than 15-minute intervals due to chronic pain. Amazon's recommendation was to pull over and stretch during their commute, which the employee said was unsafe since they drive on a busy freeway... Amazon didn't dispute the accounts and said it considered a range of solutions to disability accommodations, including changes to an employee's commute.
Amazon is also "using AI to parse accommodation requests, read doctors' notes and make recommendations based on keywords," according to the article — another policy that's also generated internal opposition (and formed a "key element" of the complaint to the Equal Employment Opportunity Commission).

"The dispute could affect thousands of Amazon workers. An internal Slack channel for employees with disabilities has 13,000 members, one of the people said..."

The state of New York is "asking companies to disclose whether AI is the reason for their layoffs," reports Entrepreneur: The move applies to New York State's existing Worker Adjustment and Retraining Notification (WARN) system and took effect in March, Bloomberg reported. New York is the first state in the U.S. to add the disclosure, which could help regulators understand AI's effects on the labor market.

The change takes the form of a checkbox added to a form employers fill out at least 90 days before a mass layoff or plant closure through the WARN system. Companies have to select whether "technological innovation or automation" is a reason for job cuts. If they choose that option, they are directed to a second menu where they are asked to name the specific technology responsible for layoffs, like AI or robots.

Last week Anthropic CEO Dario Amodei said AI could eliminate half the entry-level white-collar jobs within five years. CNN called the remarks "part of the AI hype machine."

Asked about the prediction this week at a Paris tech conference, NVIDIA CEO Jensen Huang acknowledged AI may impact some employees, but "dismissed" Amodei's claim, according to Fortune. "Everybody's jobs will be changed. Some jobs will be obsolete, but many jobs are going to be created ... Whenever companies are more productive, they hire more people."

And he also said he "pretty much" disagreed "with almost everything" Anthropic's CEO says. "One, he believes that AI is so scary that only they should do it," Huang said of Amodei at a press briefing at Viva Technology in Paris. "Two, [he believes] that AI is so expensive, nobody else should do it ... And three, AI is so incredibly powerful that everyone will lose their jobs, which explains why they should be the only company building it. I think AI is a very important technology; we should build it and advance it safely and responsibly," Huang continued. "If you want things to be done safely and responsibly, you do it in the open ... Don't do it in a dark room and tell me it's safe."

An Anthropic spokesperson told Fortune in a statement: "Dario has never claimed that 'only Anthropic' can build safe and powerful AI. As the public record will show, Dario has advocated for a national transparency standard for AI developers (including Anthropic) so the public and policymakers are aware of the models' capabilities and risks and can prepare accordingly.
NVIDIA's CEO also touted their hybrid quantum-classical platformCUDA-Q and claimed quantum computing is hitting an "inflection point" and within a few years could start solving real-world problems

Google is rolling out new Gemini AI features for Workspace users that make it easier to find information in PDFs and form responses. From a report: The Gemini-powered file summarization capabilities in Google Drive have now expanded to PDFs and Google Forms, allowing key details and insights to be condensed into a more convenient format that saves users from manually digging through the files.

Gemini will proactively create summary cards when users open a PDF in their drive and present clickable actions based on its contents, such as "draft a sample proposal" or "list interview questions based on this resume." Users can select any of these options to make Gemini perform the desired task in the Drive side panel. The feature is available in more than 20 languages and started rolling out to Google Workspace users on June 12th, though it may take a couple of weeks to appear.

An anonymous reader shares a report: In less than three months' time, almost no civil servant, police officer or judge in Schleswig-Holstein will be using any of Microsoft's ubiquitous programs at work. Instead, the northern state will turn to open-source software to "take back control" over data storage and ensure "digital sovereignty," its digitalisation minister, Dirk Schroedter, told AFP. "We're done with Teams!" he said, referring to Microsoft's messaging and collaboration tool and speaking on a video call -- via an open-source German program, of course.

The radical switch-over affects half of Schleswig-Holstein's 60,000 public servants, with 30,000 or so teachers due to follow suit in coming years. The state's shift towards open-source software began last year. The current first phase involves ending the use of Word and Excel software, which are being replaced by LibreOffice, while Open-Xchange is taking the place of Outlook for emails and calendars.

During this week's Worldwide Developers Conference, Apple unveiled a secure import/export feature for passkeys that addresses one of their biggest limitations: lack of interoperability across platforms and credential managers. The feature, built in collaboration with the FIDO Alliance, enables encrypted, user-initiated passkey transfers between apps and systems. Ars Technica's Dan Goodin says it "provides the strongest indication yet that passkey developers are making meaningful progress in improving usability." From the report: "People own their credentials and should have the flexibility to manage them where they choose," the narrator of the Apple video says. "This gives people more control over their data and the choice of which credential manager they use." The transfer feature, which will also work with passwords and verification codes, provides an industry-standard means for apps and OSes to more securely sync these credentials.

As the video explains: "This new process is fundamentally different and more secure than traditional credential export methods, which often involve exporting an unencrypted CSV or JSON file, then manually importing it into another app. The transfer process is user initiated, occurs directly between participating credential manager apps and is secured by local authentication like Face ID. This transfer uses a data schema that was built in collaboration with the members of the FIDO Alliance. It standardizes the data format for passkeys, passwords, verification codes, and more data types. The system provides a secure mechanism to move the data between apps. No insecure files are created on disk, eliminating the risk of credential leaks from exported files. It's a modern, secure way to move credentials."