An anonymous reader quotes a report from CNBC: Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe. The tech giant said in a blog post that its digital crimes unit discovered more than 394,000 Windows computers were infected by the Lumma malware worldwide between March 16 through May 16. The Lumma malware was a favorite hacking tool used by bad actors, Microsoft said in the post. Hackers used the malware to steal passwords, credit cards, bank accounts and cryptocurrency wallets.

Microsoft said its digital crimes unit was able to dismantle the web domains underpinning Lumma's infrastructure with the help of a court order from the U.S. District Court for the Northern District of Georgia. The U.S. Department of Justice then took control of Lumma's "central command structure" and squashed the online marketplaces where bad actors purchased the malware. The cybercrime control center of Japan "facilitated the suspension of locally based Lumma infrastructure," the blog post said. "Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims," Microsoft said in the post. "Moreover, more than 1,300 domains seized by or transferred to Microsoft, including 300 domains actioned by law enforcement with the support of Europol, will be redirected to Microsoft sinkholes." Cloudflare, Bitsight and Lumen also helped break down the Lumma malware ecosystem.

Microsoft has officially cited Apple's App Store policies as the roadblock preventing its Xbox mobile store launch promised for July 2024. In an amicus brief supporting Epic Games filed this week, Microsoft alleged that Apple's "anti-steering policies" have "stymied" its mobile store ambitions despite a court injunction allowing developers to advertise alternative payment methods.

The brief challenges Apple's attempt to overturn this crucial ruling, which enabled Fortnite's App Store return with external payment links. Microsoft argues that launching its store under threat of Apple potentially winning a temporary stay creates significant business risk. The restrictions also impact Microsoft's Xbox mobile app functionality.

Fortnite has returned to Apple's App Store in the United States after a nearly five-year absence, marking a significant victory for Epic Games in its protracted legal battle against Apple's App Store policies. The return follows an April 30 ruling where a federal judge determined Apple violated a court order requiring the company to allow greater competition for app downloads and payment methods, referring Apple to federal prosecutors for a criminal contempt investigation.

Epic CEO Tim Sweeney celebrated on X with a simple "We back fam" message. The game, which had 116 million users on Apple's platform before its 2020 removal, was banned after Epic challenged Apple's practice of charging up to 30% commission on in-app payments as anticompetitive.

A Massachusetts man has agreed to plead guilty to hacking into one of the top education tech companies in the United States and stealing tens of millions of schoolchildren's personal information for profit. From a report: Matthew Lane, 19, of Worcester County, Massachusetts, signed a plea agreement related to charges connected to a major hack on an educational technology company last year, as well as another company, according to court documents published Tuesday.

While the documents refer to the education company only as "Victim-2" and the U.S. attorney's office declined to name the victim, a person familiar with the matter told NBC News that it is PowerSchool. The hack of PowerSchool last year is believed to be the largest breach of American children's sensitive data to date.

According to his plea agreement, Lane admitted obtaining information from a protected computer and aggravated identity theft and agreed not to challenge a prison sentence shorter than nine years and four months. He got access simply by trying an employee's stolen username and password combination, the complaint says, echoing a private third-party assessment of the incident previously reported by NBC News.

Spain has ordered Airbnb to remove over 65,000 listings that violate rental regulations, citing missing license numbers and unclear ownership details. The crackdown is part of a broader government effort to address the country's housing crisis, which many blame on unregulated short-term rentals reducing long-term housing supply. Reuters reports: Most of the Airbnb listings to be blocked do not include their licence number, while others do not specify whether the owner was an individual or a corporation, the Consumer Rights Ministry said in a statement on Monday. Consumer Rights Minister Pablo Bustinduy said his goal was to end the general "lack of control" and "illegality" in the holiday rental business. "No more excuses. Enough with protecting those who make a business out of the right to housing in our country," he told reporters.

Bustinduy said Madrid's high court is backing the request to withdraw as many as 5,800 listings. Airbnb will appeal the decision, a spokesperson said on Monday. The company believes the ministry does not have the authority to make rulings over short-term rentals and failed to provide an evidence-based list of non-compliant accommodation. Some of the incriminated listings are non-touristic seasonal ones, the spokesperson said.

Delta can pursue much of its lawsuit seeking to hold cybersecurity company CrowdStrike liable for a massive computer outage last July that caused the carrier to cancel 7,000 flights, a Georgia state judge ruled. From a report: In a decision on Friday, Judge Kelly Lee Ellerbe of the Fulton County Superior Court said Delta can try to prove CrowdStrike was grossly negligent in pushing a defective update of its Falcon software to customers, crashing more than 8 million Microsoft Windows-based computers worldwide.

Regeneron Pharmaceuticals is acquiring most of 23andMe's assets for $256 million. The sale includes 23andMe's Personal Genome Service, Total Health and Research Services business lines. What's not included is 23andMe's telehealth unit, Lemonaid Health, which the company acquired for around $400 million in 2021. It'll be shut down, but all staffers will remain employed. CNBC reports: The deal is still subject to approval by the U.S. Bankruptcy Court for the Eastern District of Missouri. Pending approval, it's expected to close in the third quarter of this year, according to the release. In its bankruptcy proceedings, 23andMe required all bidders to comply with its privacy policies, and a court-appointed, independent "Consumer Privacy Ombudsman" will assess the deal, the companies said.

Several lawmakers and officials, including the Federal Trade Commission, had expressed concerns about the safety of consumers' genetic data through 23andMe's sale process. The privacy ombudsman will present a report on the acquisition to the court by June 10. "We are pleased to have reached a transaction that maximizes the value of the business and enables the mission of 23andMe to live on, while maintaining critical protections around customer privacy, choice and consent with respect to their genetic data," Mark Jensen, 23andMe's board chair, said in a statement. "At its peak, 23andMe was valued at around $6 billion," notes the report.

An anonymous reader quotes a report from Ars Technica: Meta thinks there's no reason to carry on with its defense after the Federal Trade Commission closed its monopoly case, and the company has moved to end the trial early by claiming that the FTC utterly failed to prove its case. "The FTC has no proof that Meta has monopoly power," Meta's motion for judgment (PDF) filed Thursday said, "and therefore the court should rule in favor of Meta." According to Meta, the FTC failed to show evidence that "the overall quality of Meta's apps has declined" or that the company shows too many ads to users. Meta says that's "fatal" to the FTC's case that the company wielded monopoly power to pursue more ad revenue while degrading user experience over time (an Internet trend known as "enshittification"). And on top of allegedly showing no evidence of "ad load, privacy, integrity, and features" degradation on Meta apps, Meta argued there's no precedent for an antitrust claim rooted in this alleged harm.

"Meta knows of no case finding monopoly power based solely on a claimed degradation in product quality, and the FTC has cited none," Meta argued. Meta has maintained throughout the trial that its users actually like seeing ads. In the company's recent motion, Meta argued that the FTC provided no insights into what "the right number of ads" should be, "let alone" provide proof that "Meta showed more ads" than it would in a competitive market where users could easily switch services if ad load became overwhelming. Further, Meta argued that the FTC did not show evidence that users sharing friends-and-family content were shown more ads. Meta noted that it "does not profit by showing more ads to users who do not click on them," so it only shows more ads to users who click ads.

Meta also insisted that there's "nothing but speculation" showing that Instagram or WhatsApp would have been better off or grown into rivals had Meta not acquired them. The company claimed that without Meta's resources, Instagram may have died off. Meta noted that Instagram co-founder Kevin Systrom testified that his app was "pretty broken and duct-taped" together, making it "vulnerable to spam" before Meta bought it. Rather than enshittification, what Meta did to Instagram could be considered "a consumer-welfare bonanza," Meta argued, while dismissing "smoking gun" emails from Mark Zuckerberg discussing buying Instagram to bury it as "legally irrelevant." Dismissing these as "a few dated emails," Meta argued that "efforts to litigate Mr. Zuckerberg's state of mind before the acquisition in 2012 are pointless."

"What matters is what Meta did," Meta argued, which was pump Instagram with resources that allowed it "to 'thrive' -- adding many new features, attracting hundreds of millions and then billions of users, and monetizing with great success." In the case of WhatsApp, Meta argued that nobody thinks WhatsApp had any intention to pivot to social media when the founders testified that their goal was to never add social features, preferring to offer a simple, clean messaging app. And Meta disputed any claim that it feared Google might buy WhatsApp as the basis for creating a Facebook rival, arguing that "the sole Meta witness to (supposedly) learn of Google's acquisition efforts testified that he did not have that worry." In sum: A ruling in Meta's favor could prevent a breakup of its apps, while a denial would push the trial toward a possible order to divest Instagram and WhatsApp.

An anonymous reader quotes a report from TechCrunch: A lawyer representing Anthropic admitted to using an erroneous citation created by the company's Claude AI chatbot in its ongoing legal battle with music publishers, according to a filing made in a Northern California court on Thursday. Claude hallucinated the citation with "an inaccurate title and inaccurate authors," Anthropic says in the filing, first reported by Bloomberg. Anthropic's lawyers explain that their "manual citation check" did not catch it, nor several other errors that were caused by Claude's hallucinations. Anthropic apologized for the error and called it "an honest citation mistake and not a fabrication of authority." Earlier this week, lawyers representing Universal Music Group and other music publishers accused Anthropic's expert witness -- one of the company's employees, Olivia Chen -- of using Claude to cite fake articles in her testimony. Federal judge, Susan van Keulen, then ordered Anthropic to respond to these allegations. Last week, a California judge slammed a pair of law firms for the undisclosed use of AI after he received a supplemental brief with "numerous false, inaccurate, and misleading legal citations and quotations." The judge imposed $31,000 in sanctions against the law firms and said "no reasonably competent attorney should out-source research and writing" to AI.

An anonymous reader quotes a report from BleepingComputer: Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. The U.S. Justice Department also indicted three Russian nationals (Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin) and a Kazakhstani (Dmitriy Rubtsov) for their involvement in operating, maintaining, and profiting from these two illegal services.

During this joint action dubbed 'Operation Moonlander,' U.S. authorities worked with prosecutors and investigators from the Dutch National Police, the Netherlands Public Prosecution Service (Openbaar Ministerie), and the Royal Thai Police, as well as analysts with Lumen Technologies' Black Lotus Labs. Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. The two domains were managed by a Virginia-based company and hosted on servers globally.

On Wednesday, the FBI also issued a flash advisory (PDF) and a public service announcement warning that this botnet was targeting patch end-of-life (EoL) routers with a variant of the TheMoon malware. The FBI warned that the attackers are installing proxies later used to evade detection during cybercrime-for-hire activities, cryptocurrency theft attacks, and other illegal operations. The list of devices commonly targeted by the botnet includes Linksys and Cisco router models, including:

- Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550
- Linksys WRT320N, WRT310N, WRT610N
- Cisco M10 and Cradlepoint E100 "The botnet controllers require cryptocurrency for payment. Users are allowed to connect directly with proxies using no authentication, which, as documented in previous cases, can lead to a broad spectrum of malicious actors gaining free access," Black Lotus Labs said. "Given the source range, only around 10% are detected as malicious in popular tools such as VirusTotal, meaning they consistently avoid network monitoring tools with a high degree of success. Proxies such as this are designed to help conceal a range of illicit pursuits including ad fraud, DDoS attacks, brute forcing, or exploiting victim's data."

Elizabeth Holmes has lost her bid to have the appeal of her 2022 fraud conviction reheard by the 9th Circuit Court of Appeals, leaving the U.S. Supreme Court as her final option. She and former Theranos executive Sunny Balwani remain liable for $452 million in restitution, while Holmes continues serving her 11-year sentence. CNBC reports: The 9th Circuit U.S. Court of Appeals denied Holmes' request for a rehearing before the original three-judge panel that upheld her conviction. At the same time, the court said no judge on the circuit court had asked for a vote on whether to have the full court rehear the appeal.

Holmes, 41, was sentenced in January 2023 to 11 years and 3 months in prison after being found guilty of four counts of wire fraud in January 2022. She was found guilty of deceiving investors about the capabilities of Theranos, the blood-testing company she founded in 2003. The company crumbled after a Wall Street Journal story outlined the firm's struggles and shut down in 2018.

An anonymous reader quotes a report from Ars Technica: Schools across the US are warning parents about an Internet trend that has students purposefully trying to damage their school-issued Chromebooks so that they start smoking or catch fire. Various school districts, including some in Colorado, New Jersey, North Carolina, and Washington, have sent letters to parents warning about the trend that's largely taken off on TikTok. Per reports from school districts and videos that Ars Technica has reviewed online, the so-called Chromebook Challenge includes students sticking things into Chromebook ports to short-circuit the system. Students are using various easily accessible items to do this, including writing utensils, paper clips, gum wrappers, and pushpins.

The Chromebook challenge has caused chaos for US schools, leading to laptop fires that have forced school evacuations, early dismissals, and the summoning of first responders. Schools are also warning that damage to school property can result in disciplinary action and, in some states, legal action. In Plainville, Connecticut, a middle schooler allegedly "intentionally stuck scissors into a laptop, causing smoke to emit from it," Superintendent Brian Reas told local news station WFSB. The incident reportedly led to one student going to the hospital due to smoke inhalation and is suspected to be connected to the viral trend. "Although the investigation is ongoing, the student involved will be referred to juvenile court to face criminal charges," Reas said. TikTok recently banned the search term "Chromebook Challenge" and created a safety message that pops up when searching for the term. The social media company notes that the challenge is on other social media platforms, too.

Apple asked a judge to halt an order forcing it to give up control over App Store payments while it appeals the decision. From a report: In a filing on Wednesday, Apple says the order contains "extraordinary intrusions" that could result in "grave irreparable harm" to the company. Last week, California District Court Judge Yvonne Gonzalez Rogers found that Apple was in "willful violation" of a 2021 injunction issued as part of the Epic Games v. Apple case.

As a result, the judge ordered Apple to stop collecting an up to 27 percent commission on purchases made outside the App Store, and said the company can no longer restrict how developers point users toward external purchases.

An anonymous reader quotes a report from The Guardian: Chris Pelkey was killed in a road rage shooting in Chandler, Arizona, in 2021. Three and a half years later, Pelkey appeared in an Arizona court to address his killer. Sort of. "To Gabriel Horcasitas, the man who shot me, it is a shame we encountered each other that day in those circumstances," says a video recording of Pelkey. "In another life, we probably could have been friends. I believe in forgiveness, and a God who forgives. I always have, and I still do," Pelkey continues, wearing a grey baseball cap and sporting the same thick red and brown beard he wore in life.

Pelkey was 37 years old, devoutly religious and an army combat veteran. Horcasitas shot Pelkey at a red light in 2021 after Pelkey exited his vehicle and walked back towards Horcasitas's car. Pelkey's appearance from beyond the grave was made possible by artificial intelligence in what could be the first use of AI to deliver a victim impact statement. Stacey Wales, Pelkey's sister, told local outlet ABC-15 that she had a recurring thought when gathering more than 40 impact statements from Chris's family and friends. "All I kept coming back to was, what would Chris say?" Wales said. [...]

Wales and her husband fed an AI model videos and audio of Pelkey to try to come up with a rendering that would match the sentiments and thoughts of a still-alive Pelkey, something that Wales compared with a "Frankenstein of love" to local outlet Fox 10. Judge Todd Lang responded positively to the AI usage. Lang ultimately sentenced Horcasitas to 10 and a half years in prison on manslaughter charges. "I loved that AI, thank you for that. As angry as you are, as justifiably angry as the family is, I heard the forgiveness," Lang said. "I feel that that was genuine." Also in favor was Pelkey's brother John, who said that he felt "waves of healing" from seeing his brother's face, and believes that Chris would have forgiven his killer. "That was the man I knew," John said.

English regulators have approved a new law firm that uses AI instead of lawyers to offer services for as little as $2.67, as the technology continues to disrupt industries from finance to accounting. From a report: Garfield AI, which was founded by a former London litigator and a quantum physicist, is an online tool that allows businesses and individuals such as tradespeople to chase debts owed to them at a substantially lower cost than the average lawyer's fees. Its AI assistant guides claimants through the small claims court process, including creating "polite chaser" letters for $2.67 and filing documents such as claim forms for $67, and can also produce arguments for claimants to use at trial.

AI models are increasingly encroaching on legally sensitive tasks in high-paying sectors such as law and finance, potentially undercutting fees in high-volume work. Garfield received approval from the Solicitors Regulation Authority, the legal regulator for England and Wales, in March, in a move the latter hailed as a "landmark moment" for the industry.

Apple on Monday lodged an appeal to challenge a U.S. judge's ruling that ordered the tech company to immediately open its lucrative App Store to more competition. From a report: Apple in a court notice it will ask the San Francisco-based 9th U.S. Circuit Court of Appeals to review the April 30 ruling, which found the company in contempt of an earlier order in a 2020 antitrust lawsuit brought by Epic Games.

U.S. District Judge Yvonne Gonzalez Rogers said in her decision that Apple willfully failed to comply with a 2021 injunction designed to allow developers to more easily steer consumers to potentially cheaper non-Apple payment options. Gonzalez Rogers also referred Apple and one of its executives to federal prosecutors for a possible criminal contempt investigation.

An anonymous reader shared this report from The Verge: Firefox could be put out of business should a court implement all the [U.S.] Justice Department's proposals to restrict Google's search monopoly, an executive for the browser owner Mozilla testified Friday. "It's very frightening," Mozilla CFO Eric Muhlheim said.

The Department of Justice wants to bar Google from paying to be the default search engine in third-party browsers including Firefox, among a long list of other proposals including a forced sale of Google's own Chrome browser and requiring it to syndicate search results to rivals. The court has already ruled that Google has an illegal monopoly in search, partly thanks to exclusionary deals that make it the default engine on browsers and phones, depriving rivals of places to distribute their search engines and scale up. But while Firefox — whose CFO is testifying as Google presents its defense — competes directly with Chrome, it warns that losing the lucrative default payments from Google could threaten its existence.

Firefox makes up about 90 percent of Mozilla's revenue, according to Muhlheim, the finance chief for the organization's for-profit arm — which in turn helps fund the nonprofit Mozilla Foundation. About 85 percent of that revenue comes from its deal with Google, he added. Losing that revenue all at once would mean Mozilla would have to make "significant cuts across the company," Muhlheim testified, and warned of a "downward spiral" that could happen if the company had to scale back product engineering investments in Firefox, making it less attractive to users. That kind of spiral, he said, could "put Firefox out of business." That could also mean less money for nonprofit efforts like open source web tools and an assessment of how AI can help fight climate change.

Ironically, Muhlheim seemed to suggest that could cement the very market dominance the court seeks to remedy. Firefox's underlying Gecko browser engine is "the only browser engine that is held not by Big Tech but by a nonprofit," he said.

The U.S. government is seeking to break up Google's advertising technology business after a judge ruled the company holds an illegal monopoly over ad tools for publishers, marking the second such antitrust case following a similar request to divest Chrome. The Guardian reports: "We have a defendant who has found ways to defy" the law, US government lawyer Julia Tarver Wood told a federal court in Virginia, as she urged the judge to dismiss Google's assurance that it would change its behavior. "Leaving a recidivist monopolist" intact was not appropriate to solve the issue, she added. [...] The US government specifically alleged that Google controls the market for publishing banner ads on websites, including those of many creators and small news providers.

The hearing in a Virginia courtroom was scheduled to plan out the second phase of the trial, set for September, in which the parties will argue over how to fix the ad market to satisfy the judge's ruling. The plaintiffs argued in the first phase of the trial last year that the vast majority of websites use Google ad software products which, combined, leave no way for publishers to escape Google's advertising technology and pricing.

The district court judge Leonie Brinkema agreed with most of that reasoning, ruling last month that Google built an illegal monopoly over ad software and tools used by publishers, but partially dismissed the argument related to tools used by advertisers. The US government said it would use the trial to recommend that Google should spin off its ad publisher and exchange operations, as Google could not be trusted to change its ways. "Behavioral remedies are not sufficient because you can't prevent Google from finding a new way to dominate," Tarver Wood said.

Google countered that it would recommend that it agree to a binding commitment that it would share information with advertisers and publishers on its ad tech platforms. Google lawyer Karen Dunn did, however, acknowledge the "trust issues" raised in the case and said the company would accept monitoring to guarantee any commitments made to satisfy the judge. Google is also arguing that calls for divestment are not appropriate in this case, which Brinkema swiftly refused as an argument. The judge urged both sides to mediate, stressing that coming to a compromise solution would be cost-effective and more efficient than running a weeks-long trial.

A Michigan federal magistrate judge has banned a lawyer from using a cartoon dragon watermark on legal filings, calling the practice "juvenile and impertinent." Judge Ray Kent of the Western District of Michigan issued the order on April 28 after receiving a complaint featuring a purple, suit-wearing dragon on every page.

"Each page of plaintiff's complaint appears on an e-filing which is dominated by a large multi-colored cartoon dragon dressed in a suit," Kent wrote. "The Court is not a cartoon." The watermark belongs to Jacob A. Perrone of Dragon Lawyers, who told The New York Times he purchased the image online for $20 because "people like dragons."

Perrone said it plans to continue using the logo in his practice but will tone it down in future court submissions.

Apple has updated its App Store Guidelines to comply with a court order from the Epic Games lawsuit, now allowing U.S. apps to include external payment links and buttons without needing special approval. "The App Review Guidelines have been updated for compliance with a United States court decision regarding buttons, external links, and other calls to action in apps. These changes affect apps distributed on the United States storefront of the App Store," Apple said in an email to developers on Thursday night. 9to5Mac reports: Here are the full changes to the App Store Guidelines with today's revisions:

3.1.1: Apps on the United States storefront are not prohibited from including buttons, external links, or other calls to action when allowing users to browse NFT collections owned by others.
3.1.1(a): On the United States storefront, there is no prohibition on an app including buttons, external links, or other calls to action, and no entitlement is required to do so.
3.1.3: The prohibition on encouraging users to use a purchasing method other than in-app purchase does not apply on the United States storefront.
3.1.3(a): The External Link Account entitlement is not required for apps on the United States storefront to include buttons, external links, or other calls to action. "We strongly disagree with the decision. We will comply with the court's order and we will appeal," Apple said in a statement to 9to5Mac yesterday.

Spotify, Patreon, Epic Games and others are already working to circumvent Apple's App Store fees.