An anonymous reader quotes a report from BleepingComputer: The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. FBI Cyber Division Assistant Director Bryan Vorndran announced this on Wednesday at the 2024 Boston Conference on Cyber Security. "From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online," the FBI Cyber Lead said in a keynote. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov."

This call to action comes after law enforcement took down LockBit's infrastructure in February 2024 in an international operation dubbed "Operation Cronos." At the time, police seized 34 servers containing over 2,500 decryption keys, which helped create a free LockBit 3.0 Black Ransomware decryptor. After analyzing the seized data, the U.K.'s National Crime Agency and the U.S. Justice Department estimate the gang and its affiliates have raked in up to $1 billion in ransoms following 7,000 attacks targeting organizations worldwide between June 2022 and February 2024. However, despite law enforcement efforts to shut down its operations, LockBit is still active and has since switched to new servers and dark web domains. After disrupting LockBit in February, the U.S. State Department said it is offering a reward of up to $15 million for information leading to the identification or location of the leaders of the ransomware group.

An anonymous reader shares a report: Intel's fastest processors have included hyperthreading, a technique that lets more than one thread run on a single CPU core, for over 20 years -- and it's used by AMD (which calls it "simultaneous multi-threading") as well. But you won't see a little "HT" on the Intel sticker for any Lunar Lake laptops, because none of them use it. Hyperthreading will be disabled on all Lunar Lake CPU cores, including both performance and efficiency cores. Why? The reason is complicated, but basically it's no longer needed. The performance cores or P-Cores on the new Lunar Lake series are 14 percent faster than the same cores on the previous-gen Meteor Lake CPUs, even with the multi-thread-processing of hyperthreading disabled.

Turning on the feature would come at too high a power cost, and Lunar Lake is all about boosting performance while keeping laptops in this generation thin, light, and long-lasting. That means maximizing single-thread performance -- the most relevant to users who are typically focusing on one task at a time, as is often the case for laptops -- in terms of surface area, to improve overall performance per watt. Getting rid of the physical components necessary for hyperthreading just makes sense in that context.

In a column at Windows Central, a blog that focuses on Microsoft news, senior editor Zac Bowden discusses the backlash against Windows Recall, a new AI feature in Microsoft's Copilot+ PCs. While the feature is impressive, allowing users to search their entire Windows history, many are concerned about privacy and security. Bowden argues that Microsoft's history of questionable practices, such as ads and bloatware, has eroded user trust, making people skeptical of Recall's intentions. Additionally, the reported lack of encryption for Recall's data raises concerns about third-party access. Bowden argues that Microsoft could have averted the situation by testing the feature openly to address these issues early on and build trust with users. He adds: Users are describing the feature as literal spyware or malware, and droves of people are proclaiming they will proudly switch to Linux or Mac in the wake of it. Microsoft simply doesn't enjoy the same benefit of the doubt that other tech giants like Apple may have.

Had Apple announced a feature like Recall, there would have been much less backlash, as Apple has done a great job building loyalty and trust with its users, prioritizing polished software experiences, and positioning privacy as a high-level concern for the company.

An anonymous reader shares a report: A Chinese research team says it has uncovered a significant security flaw in processor design that could have a wide impact on China's booming domestic chip industry. China was relying on the structure of the world's largest open-source CPU architecture to build their own CPUs and bypass the US chip ban, and was paying attention to any weaknesses, they said. The issue was found in RISC-V, an open-source standard used in advanced chips and semiconductors. Compared with mainstream CPU structures -- such as X86 used by Intel and AMD --RISC-V offers free access and can be modified without restriction.

The flaw allows attackers to bypass the security protections of modern processors and operating systems without administrative rights, leading to the potential theft of protected sensitive information and breaches of personal privacy. The vulnerability was confirmed by the team of Professor Hu Wei at Northwestern Polytechnical University (NPU), a major defence research institute in Shaanxi province. The researchers are experienced in hardware design security, vulnerability detection and cryptographic application safety. It was first reported by the National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT) on April 24, and NPU gave further details in an official announcement on May 24.

An anonymous reader shares a report: Popular app Bartender was quietly bought, and a shady certificate replacement, insertion of invasive telemetry, and a lack of transparent responses by the new owners has shaken confidence in the Mac community. Menu bar organization tool Bartender has been around for a long time. For most of its life, it had an excellent reputation, and a responsive developer who communicated clearly with users. That appears to have changed, recently. It all started with a quiet pair of app certificate shifts which went mostly unnoticed.

That is, until app monitoring service MacUpdater found out, and started asking questions. They posted a warning about the app, saying that "The company and developer behind Bartender was replaced in a silent and dubious matter." But, there's a lot more to the story than just that warning. CoreCode, the developer of MacUpdater, did a great deal of research on the new owners and the app situation prior to posting the warning. They detailed their discoveries in a Reddit thread on the matter. Research performed before the warning pointed out that blog entries on the Bartender website shifted to heavily search engine optimized content. This is in contrast to the prior informational entries previously posted by original developer Ben Surtees.

Microsoft is ending support for Windows 10 in October 2025, but the company is now taking the unusual step of reopening its beta program for Windows 10 to test new features and improvements. From a report: Windows 10 already got the AI Copilot feature that was originally exclusive to Windows 11, and it may well get other features soon. "To bring new features and more improvements to Windows 10 as needed, we need a place to do active feature development with Windows Insiders," explains Microsoft's Windows Insider team in a blog post. "So today, we are opening the Beta Channel for Windows Insiders who are currently on Windows 10."

Microsoft hasn't revealed what additional Windows 10 features it plans to test next, but Windows Insiders can opt into the beta channel to get them early. Crucially, the Windows 10 end of support date of October 14th, 2025 is still unchanged. "Joining the Beta Channel on your Windows 10 PC does not change that," says Microsoft.

A Google contractor used admin privileges to access private information from Nintendo's YouTube account about an upcoming Yoshi game in 2017, which later made its way to Reddit before Nintendo announced the game, according to a copy of an internal Google database detailing potential privacy and security incidents obtained by 404 Media. From the report: The news provides more clarity on how exactly a Redditor, who teased news of the new Yoshi game, which was later released as Yoshi's Crafted World in 2019, originally obtained their information. A screenshot in the Reddit post shows a URL that starts with www.admin.youtube.com, which is a Google corporate login page. "Google employee deliberately leaked private Nintendo information," the entry in the database reads. The database obtained by 404 Media includes privacy and security issues that Google's own employees reported internally.

jd writes: There aren't many details yet, but a private company used by the National Health Service in London was hit by a ransomware attack today, leading to cancelled operations and cancelled tests. The provider has been hit multiple times this year and is obviously not bothering with making any improvements in cybersecurity. There really should be legal requirements when it comes to maintaining what is de-facto critical infrastructure.

From the article:

"Major NHS hospitals in London have been hit by a cyber-attack, which is seriously disrupting their services, including blood tests and transfusions. The ransomware attack is having a "major impact" on the care provided by Guy's and St Thomas' NHS trust, its chief executive has told staff in a letter. The attack is understood to affect other hospitals, including King's College hospital, and has left them unable to connect to the servers of the private firm that provides their pathology services.

Synnovis, an outsourced provider of lab services to NHS trusts across south-east London, was the target of the attack, believed to be a form of ransomware, a piece of software which locks up a computer system to extort a payment for restoring access. According to one healthcare worker, the labs were still functional, but communication with them was limited to paper only, imposing a huge bottleneck and forcing cancellation or reassignment of all but the most urgent bloodwork. Direct connections with Synnovis' servers were cut to limit the risk of the infection spreading. ...
This is the third attack in the last year to hit part of the Synlab group, a German medical services provider with subsidiaries across Europe. In June 2023, ransomware gang Clop hacked and stole data from the French branch of the company just days after it hit headlines for bringing down a payroll provider for companies including BA, Boots and the BBC. Clop published the stolen data later that summer."

An anonymous reader shares a report: A Ticketmaster data breach that allegedly includes details for 560 million accounts and another one affecting Santander have been linked to their accounts at Snowflake, a cloud storage provider. However, Snowflake says there's no evidence its platform is at fault. A joint statement to that effect made last night with CrowdStrike and Mandiant, two third-party security companies investigating the incident, lends additional credibility to the claim.

Also, an earlier third-party report saying bad actors generated session tokens and may have compromised "hundreds" of Snowflake accounts has now been removed. Hudson Rock, the security firm behind that report, posted a statement of its own today on LinkedIn: "In accordance to a letter we received from Snowflake's legal counsel, we have decided to take down all content related to our report." A post from Snowflake says, "To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted."

An anonymous reader quotes a report from The Register: Billions of records detailing people's personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks' private info. A criminal gang that goes by the handle USDoD put the database up for sale for $3.5 million on an underworld forum in April, and rather incredibly claimed the trove included 2.9 billion records on all US, Canadian, and British citizens. It's believed one or more miscreants using the handle SXUL was responsible for the alleged exfiltration, who passed it onto USDoD, which is acting as a broker. The pilfered information is said to include individuals' full names, addresses, and address history going back at least three decades, social security numbers, and people's parents, siblings, and relatives, some of whom have been dead for nearly 20 years. According to USDoD, this info was not scraped from public sources, though there may be duplicate entries for people in the database.

Fast forward to this month, and the infosec watchers at VX-Underground say they've not only been able to view the database and verify that at least some of its contents are real and accurate, but that USDoD plans to leak the trove. Judging by VX-Underground's assessment, the 277.1GB file contains nearly three billion records on people who've at least lived in the United States -- so US citizens as well as, say, Canadians and Brits. This info was allegedly stolen or otherwise obtained from National Public Data, a small information broker based in Coral Springs that offers API lookups to other companies for things like background checks. There is a small silver lining, according to the VX team: "The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present." So, we guess this is a good lesson in opting out.

The New York Stock Exchange said Monday it was investigating a "technical issue" that was leading to large fluctuations in the prices of certain stocks including Warren Buffett's Berkshire Hathaway. From a report: According to a notice posted on its website, the issue involved "limit up, limit down bands," which are designed to limit volatility. Some 50 stocks were affected, the website indicated, and trades in those companies was halted. NYSE trading data incorrectly showed so-called Class A shares of Berkshire down 99% from its price above $620,000 a share.

An anonytmous reader shared a recent report from BleepingComputer: Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware — answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware... "We further noticed that a StackOverflow account 'EstAYA G' [was] exploiting the platform's community members seeking debugging help [1, 2, 3] by directing them to install this malicious package as a 'solution' to their issue even though the 'solution' is unrelated to the questions posted by developers," explained Sonatype researcher Ax Sharma in the Sonatype report.
Sonatype's researcher "noticed that line 17 was laden with ...a bit too many whitespaces," according to the report, "in turn hiding code much further to the right which would be easy to miss, unless you notice the scroll bar. The command executes a base64-encoded payload..."

And then, reports BleepingComputer... When deobfuscated, this command will download an executable named 'runtime.exe' from a remote site and execute it. This executable is actually a Python program converted into an .exe that acts as an information-stealing malware to harvest cookies, passwords, browser history, credit cards, and other data from web browsers. It also appears to search through documents for specific phrases and, if found, steal the data as well.

All of this information is then sent back to the attacker, who can sell it on dark web markets or use it to breach further accounts owned by the victim.

An anonymous Slashdot reader shared this report from Computer Weekly: A former student at the Inns of Court College of Advocacy (ICCA) says he was hauled over the coals by the college for having acted responsibly and "with integrity" in reporting a security blunder that left sensitive information about students exposed. Bartek Wytrzyszczewski faced misconduct proceedings after alerting the college to a data breach exposing sensitive information on hundreds of past and present ICCA students...

The ICCA, which offers training to future barristers, informed data protection regulator the Information Commissioner's Office of a breach "experienced" in August 2023 after Wytrzyszczewski alerted the college that sensitive files on nearly 800 students were accessible to other college users via the ICCA's web portal. The breach saw personal data such as email addresses, phone numbers and academic information — including exam marks and previous institutions attended — accessible to students at the college. Students using the ICCA's web portal were also able to access ID photos, as well as student ID numbers and sensitive data, such as health records, visa status and information as to whether they were pregnant or had children... After the college secured a written undertaking from Wytrzyszczewski not to disclose any of the information he had discovered, it launched misconduct proceedings against him. He had stumbled across the files in error, he said, and viewed a significant number to ensure he could report their contents with accuracy.
"The panel cleared Wytrzyszczewski and found it had no jurisdiction to hear the matter," according to the article.

But he "said the experience caused him to unenroll from the ICCA's course and restart his training at another provider."

Slashdot reader storagedude shares a provocative post from the cybersecurity news blog of Cyble Inc. (a Ycombinator-backed company promising "AI-powered actionable threat intelligence").

The post delves into concerns that the new "Recall" feature planned for Windows (on upcoming Copilot+ PCs) is "a security and privacy nightmare." Copilot Recall will be enabled by default and will capture frequent screenshots, or "snapshots," of a user's activity and store them in a local database tied to the user account. The potential for exposure of personal and sensitive data through the new feature has alarmed security and privacy advocates and even sparked a UK inquiry into the issue. In a long Mastodon thread on the new feature, Windows security researcher Kevin Beaumont wrote, "I'm not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC."

In a blog post on Recall security and privacy, Microsoft said that processing and storage are done only on the local device and encrypted, but even Microsoft's own explanations raise concerns: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry." Security and privacy advocates take issue with assertions that the data is stored securely on the local device. If someone has a user's password or if a court orders that data be turned over for legal or law enforcement purposes, the amount of data exposed could be much greater with Recall than would otherwise be exposed... And hackers, malware and infostealers will have access to vastly more data than they would without Recall.

Beaumont said the screenshots are stored in a SQLite database, "and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.... Recall enables threat actors to automate scraping everything you've ever looked at within seconds."
Beaumont's LinkedIn profile and blog say that starting in 2020 he worked at Microsoft for nearly a year as a senior threat intelligence analyst. And now Beaumont's Mastodon post is also raising other concerns (according to Cyble's blog post):

• "Sensitive data deleted by users will still be saved in Recall screenshots... 'If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.'"

• "Beaumont also questioned Microsoft's assertion that all this is done locally."

The blog post also notes that Leslie Carhart, Director of Incident Response at Dragos, had this reaction to Beaumont's post. "The outrage and disbelief are warranted."

'"As AI programs shake up the office, potentially making millions of jobs obsolete, one group of perpetually stressed workers seems especially vulnerable..." writes the New York Times.

"The chief executive is increasingly imperiled by A.I." These employees analyze new markets and discern trends, both tasks a computer could do more efficiently. They spend much of their time communicating with colleagues, a laborious activity that is being automated with voice and image generators. Sometimes they must make difficult decisions — and who is better at being dispassionate than a machine?

Finally, these jobs are very well paid, which means the cost savings of eliminating them is considerable...

This is not just a prediction. A few successful companies have begun to publicly experiment with the notion of an A.I. leader, even if at the moment it might largely be a branding exercise... [The article gives the example of the Chinese online game company NetDragon Websoft, which has 5,000 employees, and the upscale Polish rum company Dictador.]

Chief executives themselves seem enthusiastic about the prospect — or maybe just fatalistic. EdX, the online learning platform created by administrators at Harvard and M.I.T. that is now a part of publicly traded 2U Inc., surveyed hundreds of chief executives and other executives last summer about the issue. Respondents were invited to take part and given what edX called "a small monetary incentive" to do so. The response was striking. Nearly half — 47 percent — of the executives surveyed said they believed "most" or "all" of the chief executive role should be completely automated or replaced by A.I. Even executives believe executives are superfluous in the late digital age...

The pandemic prepared people for this. Many office workers worked from home in 2020, and quite a few still do, at least several days a week. Communication with colleagues and executives is done through machines. It's just a small step to communicating with a machine that doesn't have a person at the other end of it. "Some people like the social aspects of having a human boss," said Phoebe V. Moore, professor of management and the futures of work at the University of Essex Business School. "But after Covid, many are also fine with not having one."
The article also notes that a 2017 survey of 1,000 British workers found 42% saying they'd be "comfortable" taking orders from a computer.

"The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild," reported Ars Technica on Friday.

"The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges." It's the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation. The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations... It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation.

A deep-dive write-up of the vulnerability reveals that these exploits provide "a very powerful double-free primitive when the correct code paths are hit." Double-free vulnerabilities are a subclass of use-after-free errors...

A new article in the Washington Post argues that a phenomenon called "Quiet vacationing" has "joined 'quiet quitting' and 'quiet firing' as the latest (and least poetic) scourge of the modern workplace.

"Also known as the hush trip, workcation, hush-cation, or bleisure travel — you get the idea — quiet vacationing refers to workers taking time off, even traveling, without notifying their employers." Taking advantage of work-from-anywhere technology, they are logging in from hotels, beaches and campgrounds, sometimes using virtual backgrounds and VPNs to cover their tracks.

Given the difficulty many employers already have trusting remote workers to be productive anywhere outside the office, you can bet they are not keen on the idea of their employees pretending to have their head in the game while their toes are in the sand. But employers also have legitimate legal reasons for keeping tabs on their employees' location when they're on the clock. "Evil HR Lady" Suzanne Lucas, writing in Inc. magazine, recently highlighted the many tax, employment, business-operation and security laws that focus on an employee's location. Workers secretly performing their jobs in other states or countries can trigger compliance headaches for their employers, Lucas notes, giving the hypothetical of an employee seeking workers' compensation after sustaining an injury while on unauthorized travel....

As with declines in birthrates, home purchases and demand for mined diamonds, the quiet-vacationing trend is being attributed primarily, though not exclusively, to millennial workers. But before launching into generational finger-pointing and stereotyping, it's worth taking a look at why they might feel the need to take their PTO on the DL. The U.S. Travel Association in a 2016 report proclaimed millennials to be a generation of "work martyrs," entering the workforce around the time average U.S. vacation usage began declining and mobile technology began enabling round-the-clock attachment to jobs... The work-vacation boundaries most premillennial workers took for granted growing up have gone the way of defined-benefit pensions and good tomatoes.

Inadequate paid leave is another driving force. The United States continues to be the only nation among its industrialized economic peers that does not guarantee paid vacation, sick leave or holidays for all workers, leaving such benefits to the discretion of employers. Workers with limited PTO — whether new to the workforce or stuck in lower-paying, low-benefit industries — generally want to keep as much paid leave banked as possible, especially if they may need it for unpredictable emergencies like illness or caretaking. If you can preserve those precious hours by packing your laptop alongside your flip-flops, why wouldn't you?
The article also mentions employers who begrudge vacation and employees who fear "becoming a target for future cost-cutting..."

An anonymous reader quotes a report from the BBC: Hackers are attempting to sell what they say is confidential information belonging to millions of Santander staff and customers. They belong to the same gang which this week claimed to have hacked Ticketmaster. The bank -- which employs 200,000 people worldwide, including around 20,000 in the UK -- has confirmed data has been stolen. Santander has apologized for what it says is "the concern this will understandably cause" adding it is "proactively contacting affected customers and employees directly."

"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said in a statement posted earlier this month. "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords." It said its banking systems were unaffected so customers could continue to "transact securely."

In a post on a hacking forum -- first spotted by researchers at Dark Web Informer- the group calling themselves ShinyHunters posted an advert saying they had data including: 30 million people's bank account details, 6 million account numbers and balances, 28 million credit card numbers, and HR information for staff. Santander has not commented on the accuracy of those claims.

Japanese crypto exchange DMM Bitcoin confirmed on Friday that it had been the victim of a hack resulting in the theft of 4,502.9 bitcoin, or about $305 million. From a report: According to crypto security firm Elliptic, this is the eighth largest crypto theft in history. DMM Bitcoin said it detected "an unauthorized leak of Bitcoin (BTC) from our wallet" on Friday and that it was still investigating and had taken measures to stop further thefts. The crypto exchange said it also "implemented restrictions on the use of some services to ensure additional safety," according to a machine translation of the company's official blog post (written in Japanese).

An anonymous reader shares a report: The sound of the 1990s still resonates in the German capital. Like techno music, the fax machine remains on trend. According to the latest figures from Germany's digital industry association, four out of five companies in Europe's largest economy continue to use fax machines and a third do so frequently or very frequently. Much as Germany's reputation for efficiency is regularly undermined by slow internet connections and a reliance on paper and rubber stamps, fax machines are at odds with a world embracing artificial intelligence.

But progress is on the horizon in the Bundestag -- the lower house of parliament -- where lawmakers have been instructed by the parliamentary budget committee to ditch their trusty fax machines by the end of June, and rely on email instead for official communication. Torsten Herbst, parliamentary whip of the pro-business Free Democrats, points out one fax machine after the other as he walks through the Bundestag. He says the public sector is particularly fond of faxing and that joining parliament was like going back in time.