Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability. From a report: Most of the details about the bug are being kept under wraps given the potential for wide exploitation. The vendor hasn't assigned it a CVE identifier or really said much about it at all other than that it's a buffer overflow bug that leads to unauthenticated RCE.

Unauthenticated RCE issues are essentially as bad as vulnerabilities get, and D-Link warned that if customers continued to use the affected products, the devices connected to them would also be put at risk. Previous bugs in similar products from other vendors have carried warnings that attackers could exploit them to install rootkits and use that persistent access to surveil an organization's web traffic, potentially stealing data such as credentials. Further reading: D-Link Won't Fix Critical Flaw Affecting 60,000 Older NAS Devices.

Apple has pushed out security updates that it says are "recommended for all users," after fixing a pair of security bugs used in active cyberattacks targeting Mac users. From a report: In a security advisory on its website, Apple said it was aware of two vulnerabilities that "may have been actively exploited on Intel-based Mac systems." The bugs are considered "zero day" vulnerabilities because they were unknown to Apple at the time they were exploited.

[...] The vulnerabilities were reported by security researchers at Google's Threat Analysis Group, which investigates government-backed hacking and cyberattacks, suggesting that a government actor may be involved in the attacks.

Microsoft has announced sweeping changes to Windows security architecture, including new recovery capabilities designed to prevent system-wide outages following July's CrowdStrike incident that disabled 8.5 million Windows devices.

The Windows Resiliency Initiative introduces Quick Machine Recovery, allowing IT administrators to remotely fix unbootable systems through an enhanced Windows Recovery Environment. Microsoft is also mandating stricter testing and deployment practices for security vendors under its Microsoft Virus Initiative, including gradual rollouts and monitoring procedures.

The company is also developing a framework to move antivirus processing outside the Windows kernel, with a preview planned for security partners in July 2025.

WhatsApp's newly unsealed court documents have exposed the extensive reach of NSO Group's Pegasus spyware operation, which targeted "between hundreds and tens of thousands" of devices, according to testimony from the company's head of research and development. The Israeli surveillance firm charged government customers up to $6.8 million for one-year licenses, generating at least $31 million in revenue in 2019 alone, TechCrunch first reported.

The documents detail previously unknown hacking tools named "Hummingbird," "Eden," and "Heaven," developed specifically to compromise WhatsApp users' devices. The revelations emerge from WhatsApp's ongoing 2019 lawsuit against NSO Group for alleged violations of U.S. anti-hacking laws.

Further reading: NSO, Not Government Clients, Operates Its Spyware.

Microsoft is planning to launch a new purpose-built miniature PC for its Windows 365 cloud service next year. The Verge: Windows 365 Link is a $349 device that acts like a thin client PC to connect to the cloud and stream a version of Windows 11. The Link device is designed to be a compact, fanless, and easy-to-use cloud PC for your local monitors and peripherals. It's meant to be the ideal companion to Microsoft's Windows 365 service, which lets businesses transition employees over to virtual machines that exist in the cloud and can be streamed securely to multiple devices. Windows 365 Link cannot run local apps.

In a technical blog post, Microsoft veteran Raymond Chen has explained why Windows 95's installation process required users to pass through three different operating systems -- MS-DOS, Windows 3.1, and Windows 95. The design choice stemmed from the need to support upgrades from multiple starting points while maintaining a graphical user interface throughout the process.

Rather than creating separate installers for MS-DOS, Windows 3.1, and Windows 95 users, developers opted for a unified approach using three chained setup programs. The process began with installing a minimal version of Windows 3.1 when starting from MS-DOS, followed by a 16-bit Windows application that handled core installation tasks, and concluded with a 32-bit Windows 95 program for final configuration steps.

Apple has stopped selling its Lightning-to-3.5mm headphone jack adapter in the U.S. and most countries, with limited stock remaining only in select European markets. The $9 accessory, introduced with iPhone 7 in 2016 (after the "courageous" move to stop including the headphone jack in iPhones), allowed users to connect traditional headphones to Lightning port iPhones. The discontinuation comes as Apple transitions to USB-C ports across its iPhone lineup.

On a small network of islands north of Seattle, Washington, San Juan County just completed its first full year of 32-hour workweeks, reports CNN.

And Tuesday the county released a report touting "a host of positive outcomes — from recruiting to retention to employee happiness — and a cost savings of more than $975,000 compared to what the county would have paid if it met the union's pay increase demands." The county said the 32-hour workweek has attracted a host of new talent: Applications have spiked 85.5% and open positions are being filled 23.75% faster, while more employees are staying in their jobs — separation (employees quitting or retiring) dropped by 48%. And 84% of employees said their work-life balance was better. "This is meeting many of the goals that we set out to do when we implemented it," County Manager Jessica Hudson said. said, noting the county is looking for opportunities to expand the initiative...

Departments across San Juan County have implemented the 32-hour workweek differently, some staggering staffing to maintain their previous availability to the public while others have shortened schedules to be open just four days a week... "I tell people, you're not going to see things change from your perspective," said Joe Ingman, a park manager in the county. "Offices are going to stay open, bathrooms are going to get cleaned, grass is going to get mowed." His department adjusted schedules to stay staffed seven days a week, and while communication across shifts was an initial hurdle, issues were quickly ironed out. "It was probably the smoothest summer I've had, and I've been working in parks for over a decade," he said, crediting the new schedule as a boon for recruiting. While job postings used to languish unfilled for months, last summer the applicant pool was not only bigger but more qualified, and the two staffers he hired both cited coming to the county because of the 32-hour workweek.

"It's no more cost to the public to work 32 hours — but we have better applicants," he said. Ingman also said the four-day workweek has done wonders for his job satisfaction; he'd watched colleagues burn out for years, but now sees a path for his own future in the department... County employees have used their extra time off to spend less money on childcare, volunteer in their kids' schools, and contribute to the community... While San Juan County's motivation in adopting a shortened workweek was financial, the benefits its employees cite speak to a larger trend, as workplaces around the country increasingly explore flexible schedules to combat burnout and attract and retain talent.

A survey of CEOs this spring found nearly one third of large US companies were looking into solutions like four-day or four-and-a-half-day workweeks... Even without a reduction in total hours, a Gallup poll last year found a third day off would be widely embraced: 77% of US workers said a 4-day, 40-hour workweek would have a positive impact on their wellbeing.
One worker shared their thoughts with CNN. "Life shouldn't be about just working yourself into the ground..." And they added that "So far, I feel happy; I feel seen as an employee and as a human, and I feel like it could be a beautiful step forward for other people if we just trust it and try it."

They even had some advice for other employers. "Change happens by somebody actually doing the change. The only way we're going to find out if it works is by doing."

"Amazon is making it harder for disabled employees to get permission to work from home," reports Bloomberg, a move they say shows Amazon's "determination" to enforce a five-days-a-week return to the office. The company recently told employees with disabilities that it was implementing a more rigorous vetting process, both for new requests to work from home and applications to extend existing arrangements. Affected workers must submit to a "multilevel leader review" and could be required to return to the office for monthlong trials to determine if accommodations meet their needs... Affected employees are receiving calls from "accommodation consultants" who explain how the new policy works. They review medical documentation and discuss how effective working from home has been for employees who've already received an accommodation as well as any previous attempts to help the person work in the office. If the consultant agrees that the person should be allowed to work from home, another Amazon manager must sign off. If they don't, the request goes to a third manager...

Some workers fear the process was designed to make requests less likely to be approved, two employees said. In internal chat rooms, according to one of them, employees have accused [Chief Executive Officer Andy] Jassy of hypocrisy because the bureaucratic process belies his stated determination to cut through red tape that he says is slowing Amazon down.
"Jassy says the return-to-office requirement will strengthen the company's culture, which he believes has suffered since the pandemic and become overly bureaucratic," the article points out. But it adds that down at the workforce level, the move "is seen by some employees as a way to get people to quit and shrink the workforce."

Last year 30,000 people moved into central Florida's Polk County — more than to any other county in America. Its largest city has just 112,641 people, living a full 35 miles east of the 3.1 million residents in the metropolitan area around Tampa.

But the Associated Press says something similar is happening all over the country: "the rise of the far-flung exurbs." Outlying communities on the outer margins of metro areas — some as far away as 60 miles (97 kilometers) from a city's center — had some of the fastest-growing populations last year, according to the U.S. Census Bureau. Those communities are primarily in the South, like Anna, Texas on the outskirts of the Dallas-Fort Worth metro area; Fort Mill, South Carolina [just 18 miles from North Carolina city Charlotte]; Lebanon, Tennessee outside Nashville; and Polk County's Haines City... [C]ommuting to work can take up to an hour and a half one-way. But [Marisol] Ortega, who lives in Haines City about 40 miles (64 kilometers) from her job in Orlando, says it's worth it. "I love my job. I love what I do, but then I love coming back home, and it's more tranquil," Ortega said.

The rapid growth of far-flung exurbs is an after-effect of the COVID-19 pandemic, according to the Census Bureau, as rising housing costs drove people further from cities and remote working allowed many to do their jobs from home at least part of the week... Recent hurricanes and citrus diseases in Florida also have made it more attractive for some Polk County growers to sell their citrus groves to developers who build new residences or stores...

Anna, Texas, more than 45 miles (72 kilometers) north of downtown Dallas, is seeing the same kind of migration. It was the fourth-fastest growing city in the U.S. last year and its population has increased by a third during the 2020s to 27,500 residents. Like Polk County, Anna has gotten a little older, richer and more racially diverse.
The article points out that in Anna, Texas, "close to 3 in 5 households have moved into their homes since 2020, according to the Census Bureau."

Google's transistion to Safe Coding and memory-safe languages "will take multiple years," according to a post on Google's security blog. So "we're also retrofitting secure-by-design principles to our existing C++ codebase wherever possible," a process which includes "working towards bringing spatial memory safety into as many of our C++ codebases as possible, including Chrome and the monolithic codebase powering our services." We've begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs. While C++ will not become fully memory-safe, these improvements reduce risk as discussed in more detail in our perspective on memory safety, leading to more reliable and secure software... It's also worth noting that similar hardening is available in other C++ standard libraries, such as libstdc++. Building on the successful deployment of hardened libc++ in Chrome in 2022, we've now made it default across our server-side production systems. This improves spatial memory safety across our services, including key performance-critical components of products like Search, Gmail, Drive, YouTube, and Maps... The performance impact of these changes was surprisingly low, despite Google's modern C++ codebase making heavy use of libc++. Hardening libc++ resulted in an average 0.30% performance impact across our services (yes, only a third of a percent) ...

In just a few months since enabling hardened libc++ by default, we've already seen benefits. Hardened libc++ has already disrupted an internal red team exercise and would have prevented another one that happened before we enabled hardening, demonstrating its effectiveness in thwarting exploits. The safety checks have uncovered over 1,000 bugs, and would prevent 1,000 to 2,000 new bugs yearly at our current rate of C++ development...

The process of identifying and fixing bugs uncovered by hardened libc++ led to a 30% reduction in our baseline segmentation fault rate across production, indicating improved code reliability and quality. Beyond crashes, the checks also caught errors that would have otherwise manifested as unpredictable behavior or data corruption... Hardened libc++ enabled us to identify and fix multiple bugs that had been lurking in our code for more than a decade. The checks transform many difficult-to-diagnose memory corruptions into immediate and easily debuggable errors, saving developers valuable time and effort.
The post notes that they're also working on "making it easier to interoperate with memory-safe languages. Migrating our C++ to Safe Buffers shrinks the gap between the languages, which simplifies interoperability and potentially even an eventual automated translation."

Chinese hackers, reportedly linked to a Chinese intelligence agency, breached T-Mobile as part of a broader cyber-espionage campaign targeting telecom companies to spy on high-value intelligence targets. "T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information," a company spokesperson told the Wall Street Journal. Reuters reports: It was unclear what information, if any, was taken about T-Mobile customers' calls and communications records, according to the report. On Wednesday, The Federal Bureau of Investigation (FBI) and the U.S. cyber watchdog agency CISA said China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies. Further reading: U.S. Wiretap Systems Targeted in China-Linked Hack

An anonymous reader shares a report: The cloud migration narrative that powered tech valuations during the pandemic is attempting a comeback, but the underlying data suggests a more complex story.

UBS's new survey of IT services reveals a striking disconnect between industry expectations and customer reality. While executives proclaim "2025 will be far better than what we've seen in 2024," their enterprise clients report having migrated merely 15% of workloads to the cloud, with the remainder presenting increasingly complex challenges.

The numbers are particularly telling: Growth rates for major cloud providers AWS, Azure, and Google Cloud have declined from pandemic peaks of 40-50% to 10-20%. IT budgets for 2024, meanwhile, are projected to be "flattish to up very slightly, maybe a couple percent," marking a significant departure from the explosive growth of recent years.

An academic journal has retracted two papers because it determined their authors used unlicensed software. The Register: Elsevier's Ain Shams Engineering Journal withdrew two papers exploring dam failures after complaints from Flow Science, the Santa Fe, New Mexico-based maker of a computational fluid dynamics application called FLOW-3D.

"Following an editorial investigation as a result of a complaint from the software distributor, the authors admitted that the use of professional software, FLOW-3D program for the results published in the article, was made without a license from the developer," a note from the journal's editor-in-chief explains.

"One of the conditions of submission of a paper for publication is that the article does not violate any intellectual property rights of any person or entity and that the use of any software is made under a license or permission from the software owner."

An anonymous reader shares a report: After dragging its feet for years, Microsoft has finally released the first official Windows 11 ISOs for PCs with an Arm64 processor. This means users can now clean install Windows 11 using official offline media on an Arm64-based PC, including the latest Snapdragon X Copilot+ PCs.

The ISOs contain version 24H2 can be downloaded from the official Microsoft website, and are around 5GB in size depending on the language you select. According to the company, the ISOs are primarily designed for running Windows 11 in a virtual machine on Arm64 PCs. However, it also mentions that you can use them to clean install Windows 11 directly onto Arm64 hardware too.Unfortunately, depending on the Arm64 PC you have, you may need to do some additional work to get the ISO bootable.

Scientists have developed a method to reuse components from decommissioned data center servers, potentially reducing the carbon footprint of cloud computing infrastructure.

The research team from Microsoft, Carnegie Mellon University and the University of Washington demonstrated that older RAM modules and solid-state drives can be safely repurposed in new server builds without compromising performance, according to papers presented at recent computer architecture conferences.

When combined with energy-efficient processors, the prototype servers achieved an 8% reduction in total carbon emissions during Azure cloud service testing. Researchers estimate the approach could cut global carbon emissions by up to 0.2% if widely adopted. The cloud computing industry currently accounts for 3% of global energy consumption and could represent 20% of emissions by 2030, according to computing experts. Most data centers, including Microsoft's Azure, typically replace servers every 3-5 years.

Google is rolling out AI-powered scam call detection for Android phones, aiming to protect users from increasingly sophisticated phone fraud schemes. The new feature, available in beta for Pixel 6 and newer devices, analyzes conversation patterns in real-time to identify potential scams. When suspicious patterns emerge, such as urgently requesting fund transfers, the system alerts users through audio, haptic, and visual warnings.

The detection system operates entirely on-device using Google's machine learning models, with no call audio or transcripts stored or transmitted externally. While Pixel 9 devices utilize Google's advanced Gemini Nano AI model, earlier Pixel phones use the standard machine learning for detection, the company said. The feature, which is opt-in and can be disabled at any time, is currently limited to English-speaking Phone by Google beta users in the United States. Google plans to expand availability to additional Android devices in the future.

Italy has emerged as a major global spyware hub alongside Israel and India, with at least six major vendors operating in the country with limited oversight, The Record reported this week, citing researchers and Italian experts. Companies like RCS Labs, which has operated since 1992, sell surveillance tools to both domestic law enforcement and foreign governments including Kazakhstan, Syria, and several Asian nations.

Italian authorities can rent spyware for $160 per day without large acquisition costs, leading to thousands of domestic surveillance operations in recent years. While new regulations taking effect in February 2024 will require judges to evaluate specific reasons for spyware use, critics cited in the story say the reform package won't address core issues like the lack of centralized oversight. The country's competitive marketplace and relatively lax export controls have also enabled Italian vendors to expand their overseas sales.

An anonymous reader quotes a report from 404 Media: Flock is one of the largest vendors of automated license plate readers (ALPRs) in the country. The company markets itself as having the goal to fully "eliminate crime" with the use of ALPRs and other connected surveillance cameras, a target experts say is impossible. [...] Flock and automated license plate reader cameras owned by other companies are now in thousands of neighborhoods around the country. Many of these systems talk to each other and plug into other surveillance systems, making it possible to track people all over the country.

"It went from me seeing 10 license plate readers to probably seeing 50 or 60 in a few days of driving around," [said Alabama resident and developer Will Freeman]. "I wanted to make a record of these things. I thought, 'Can I make a database of these license plate readers?'" And so he made a map, and called it DeFlock. DeFlock runs on Open Street Map, an open source, editable mapping software. He began posting signs for DeFlock (PDF) to the posts holding up Huntsville's ALPR cameras, and made a post about the project to the Huntsville subreddit, which got good attention from people who lived there. People have been plotting not just Flock ALPRs, but all sorts of ALPRs, all over the world. [...]

When I first talked to Freeman, DeFlock had a few dozen cameras mapped in Huntsville and a handful mapped in Southern California and in the Seattle suburbs. A week later, as I write this, DeFlock has crowdsourced the locations of thousands of cameras in dozens of cities across the United States and the world. He said so far more than 1,700 cameras have been reported in the United States and more than 5,600 have been reported around the world. He has also begun scraping parts of Flock's website to give people a better idea of where to look to map them. For example, Flock says that Colton, California, a city with just over 50,000 people outside of San Bernardino, has 677 cameras.

People who submit cameras to DeFlock have the ability to note the direction that they are pointing in, which can help people understand how these cameras are being positioned and the strategies that companies and police departments are using when deploying them. For example, all of the cameras in downtown Huntsville are pointing away from the downtown core, meaning they are primarily focused on detecting cars that are entering downtown Huntsville from other areas.

Microsoft is planning to no longer support the Windows Mail, Calendar, and People apps later this year. The Verge: The software giant has been moving existing users of these apps over to the new Outlook for Windows app in recent months, and now it has set an end of support date for the Mail, Calendar, and People apps of December 31st.

Once the apps reach end of support later this year, Microsoft warns that users who haven't moved to the new Outlook app "will no longer be able to send and receive email using Windows Mail and Calendar."

Microsoft has been rolling out the new Outlook for Windows app for years, with it officially reaching the general availability stage in August. The new web-based Outlook is designed to eventually replace the full desktop version of Outlook too, and Microsoft plans to provide enterprise customers a 12-month notice before it starts to move people away from the desktop version of Outlook.