An anonymous reader shares a report: Citigroup plans to dramatically reduce its reliance on IT contractors and hire thousands of employees for IT as the lender grapples with regulatory punishments over data governance and deficient controls. Citigroup's head of technology Tim Ryan told staff in recent weeks that the bank aims to cut back external contractors to 20% of those working in IT from the current 50%, according to an internal presentation to employees seen by Reuters.

The briefing did not give a precise time horizon for the changes. As part of the overhaul, Citi will replenish the ranks by hiring more staff, and aims to have 50,000 employees in technology, up from 48,000 in 2024, the presentation showed. "Citi is growing our internal technology capabilities to support our strategy to improve safety and soundness, enable revenue growth and drive efficiencies," Citi said in a statement to Reuters.

Several Asian airlines have tightened restrictions on portable battery chargers amid growing concerns about fire risks, following a January blaze that destroyed an Air Busan aircraft in South Korea. South Korean airlines now require passengers to keep portable chargers within arm's reach rather than in overhead bins, a rule implemented March 1 to ease public anxiety, according to the Transportation Ministry. Taiwan's EVA Air and China Airlines have banned using or charging power banks on flights but still allow them in overhead compartments.

Thai Airways announced a similar ban last Friday, citing "incidents of in-flight fires on international airlines." Battery-related incidents on U.S. airlines have increased from 32 in 2016 to 84 last year, with portable chargers identified as the most common culprit, according to Federal Aviation Administration data. The International Civil Aviation Organization has banned lithium-ion batteries from cargo holds since 2016, though no industry standard exists for regulating power banks.

Microsoft is ending support of its Remote Desktop app for Windows on May 27th. From a report: If you use the Remote Desktop app to connect to Windows 365, Azure Virtual Desktop, or Microsoft Dev Box machines then you'll have to transition to the Windows app instead.

The new Windows app, which launched in September, includes multimonitor support, dynamic display resolutions, and easy access to cloud PCs and virtual desktops. Microsoft says "connections to Windows 365, Azure Virtual Desktop, and Microsoft Dev Box via the Remote Desktop app from the Microsoft Store will be blocked after May 27th, 2025."

The Ballista botnet is actively exploiting a high-severity remote code execution flaw (CVE-2023-1389) in TP-Link Archer AX-21 routers, infecting over 6,000 devices primarily in Brazil, Poland, the UK, Bulgaria, and Turkey. Tom's Hardware reports: According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.

Ballista's most recent exploitation attempt was February 17, 2025 and Cato CTRL first detected it on January 10, 2025. Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico.

Abstract of a paper published on Journal of Hospitality and Tourism Management:The adoption of digital menus accessed through quick response (QR) codes has witnessed a notable upsurge. Despite potential benefits for restaurant operators, the nuanced effects of QR code menus on customer behavior and experience remain relatively unknown. This research investigates the influence of menu presentation (QR code vs. traditional) on customer loyalty. In two studies, we find that QR code menus diminish customer loyalty (compared to traditional menus) due to perceived inconvenience. This effect is further moderated by customers' need for interaction. Our work is timely in highlighting the negative impact of perceptions of inconvenience on technology adoption.

Businesses, governments, and researchers continue to struggle with extracting usable data from PDF files, despite AI advances. These digital documents contain valuable information for everything from scientific research to government records, but their rigid formats make extraction difficult.

"PDFs are a creature of a time when print layout was a big influence on publishing software," Derek Willis, a lecturer in Data and Computational Journalism at the University of Maryland, told ArsTechnica. This print-oriented design means many PDFs are essentially "pictures of information" requiring optical character recognition (OCR) technology.

Traditional OCR systems have existed since the 1970s but struggle with complex layouts and poor-quality scans. New AI language models from companies like Google and Mistral now attempt to process documents more holistically, with varying success. "Right now, the clear leader is Google's Gemini 2.0 Flash Pro Experimental," Willis notes, while Mistral's recent OCR solution "performed poorly" in tests.

A critical root certificate expiring on March 14, 2025 will disable extensions and potentially break DRM-dependent streaming services for Firefox users running outdated browsers. Users must update to at least Firefox 128 or ESR 115.13+ to maintain functionality across Windows, macOS, Linux, and Android platforms.

The expiration additionally compromises security infrastructure, including blocklists for malicious add-ons, SSL certificate revocation lists, and password breach notifications. Even those on legacy operating systems (Windows 7/8/8.1, macOS 10.12â"10.14) must update to minimum ESR 115.13+.

The Register's Simon Sharwood reports: The body that runs New Zealand's public health system uses a single Excel spreadsheet as the primary source of data to consolidate and manage its finances, which aren't in great shape perhaps due to the sheet's shortcomings. The spreadsheet-using agency is Health New Zealand (HNZ) which was established in 2022 to replace 20 district health boards in the expectation it would be more cost-effective and deliver more consistent services. The org has a budget of $NZ28 billion ($16 billion) and advised lawmakers it would stay within it for FY 23.24.

That prediction was incorrect and HNZ blew its budget, leading to a review of its finances that last week delivered a damming report [PDF] that found the org lost "control of the critical levers that drive financial outcomes" and had an "inability to identify and respond to the disconnect between expenditure and revenue." The Deloitte-penned report also found an Excel spreadsheet was the "primary data file used by HNZ to manage its financial performance" and was used for "consolidation, journals, business-critical reporting, and analysis."

The report also noted five big problems with the sheet used at HNZ:
- Financial information was often 'hard-coded,' making it difficult to trace to the source or have updated data flow through.
- Errors such as incorrectly releasing accruals or double-up releases were not picked up until following periods.
- Changes to prior periods and FTE errors in district financial reporting Excel submissions, would not flow through to consolidated file.
- The spreadsheet can be easy to manipulate information as there is limited tracking to source information where information is not flowing directly from accounting systems.
- It is highly prone to human error, such as accidental typing of a number or omission of a zero.
Relying on the spreadsheet also meant Health NZ moved slowly: The report found "monthly financial reporting usually took 12-15 days to consolidate and five days to analyze."

Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves. From a report: Discovered by Microsoft Threat Intelligence late last year, the campaign saw pirate vid-streaming websites embed malvertising redirectors to generate pay-per-view or pay-per-click revenue from malvertising platforms. "These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub" according to Microsoft's threat research team.

GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths. Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."

AmiMoJo writes: In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing last week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.

On March 6, federal prosecutors in northern California said they seized approximately $24 million worth of cryptocurrencies that were clawed back following a $150 million cyberheist on Jan. 30, 2024. The complaint refers to the person robbed only as 'Victim-1,' but according to blockchain security researcher ZachXBT the theft was perpetrated against Chris Larsen, the co-founder of the cryptocurrency platform Ripple.

ZachXBT was the first to report on the heist, of which approximately $24 million was frozen by the feds before it could be withdrawn. This week's action by the government merely allows investigators to officially seize the frozen funds. But there is an important conclusion in this seizure document: It basically says the U.S. Secret Service and the FBI agree with the findings of the LastPass breach story published here in September 2023.

smooth wombat writes: In what can only be described as a no-brainer, Volkswagen has announced it will have once again have physical buttons in all its vehicles. As Andreas Mindt, design chief at the company said, removing buttons was "a mistake".

"From the ID 2all onwards, we will have physical buttons for the five most important functions -- the volume, the heating on each side of the car, the fans and the hazard light -- below the screen," he explained, adding: "It's not a phone: it's a car."

This doesn't mean touch screens are set to disappear on new Volkswagens, just that drivers will now have the option of physical controls for their most used day-to-day tasks. The new controls are set to make their debut in the ID.2all, a small, budget EV set to debut in Europe.

1Password has introduced a 'nearby items' feature, allowing users to tag credentials with physical locations so the relevant information automatically surfaces when users are near those locations. Engadget reports: Location information can be added to any new or existing item in a 1Password vault. The app has also been updated with a map view for setting and viewing the locations of your items. In the blog post announcing the feature, the company cited examples such as door codes for a workplace, health records at a doctor's office, WiFi access at the gym and rewards membership information for local shops as potential uses for location data.

Privacy and security are paramount for a password manager, and 1Password confirmed that a user's location coordinates are only used locally and do not leave the device. Nearby items is available to 1Password customers starting today.

The U.K. government appears to have quietly scrubbed encryption advice from government web pages, just weeks after demanding backdoor access to encrypted data stored on Apple's cloud storage service, iCloud. From a report: The change was spotted by security expert Alec Muffett, who wrote in a blog post on Wednesday that the U.K.'s National Cyber Security Centre (NCSC) is no longer recommending that high-risk individuals use encryption to protect their sensitive information.

The NCSC in October published a document titled "Cybersecurity tips for barristers, solicitors & legal professionals," that advised the use of encryption tools such as Apple's Advanced Data Protection (ADP). ADP allows users to turn on end-to-end encryption for their iCloud backups, effectively making it impossible for anyone, including Apple and government authorities, to view data stored on iCloud. The URL hosting the NCSC document now redirects to a different page that makes no mention of encryption or ADP. Instead, it recommends that at-risk individuals use Apple's Lockdown Mode, an "extreme" security tool that restricts access to certain functions and features.

An anonymous reader shares a report: YouTube is warning creators about a new phishing scam that attempts to lure victims using an AI-generated video of its CEO Neal Mohan. The fake video has been shared privately with users and claims YouTube is making changes to its monetization policy in an attempt to steal their credentials, according to an announcement on Tuesday.

"YouTube and its employees will never attempt to contact you or share information through a private video," YouTube says. "If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam." In recent weeks, there have been reports floating around Reddit about scams similar to the one described by YouTube.

Citigroup nearly credited about $6 billion to a customer's account in its wealth-management business by accident. From a report: The near-error occurred after a staffer handling the transfer copied and pasted the account number into a field for the dollar figure, which was detected on the next business day, the report added. The wealth division's near-miss was reported to regulators and the company has since set up a tool to help vet large, anomalous payments and transfers, according to the report. The error was related to an attempted transfer of funds between internal accounts, the report said. Last week, the Financial Times reported that Citigroup erroneously credited $81 trillion, instead of $280, to a customer's account and took hours to reverse the transaction.

Apple is stepping up its fight with the British government over a demand to create a "back door" in its most secure cloud storage systems, by filing a legal complaint that it hopes will overturn the order. Financial Times: The iPhone maker has made its appeal to the Investigatory Powers Tribunal, an independent judicial body that examines complaints against the UK security services, according to people familiar with the matter. The Silicon Valley company's legal challenge is believed to be the first time that provisions in the 2016 Investigatory Powers Act allowing UK authorities to break encryption have been tested before the court.

The Investigatory Powers Tribunal will consider whether the UK's notice to Apple was lawful and, if not, could order it to be quashed. The case could be heard as soon as this month, although it is unclear whether there will be any public disclosure of the hearing. The government is likely to argue the case should be restricted on national security grounds. Apple received a "technical capability notice" under the act in January.

After California's bar exams were plagued last week with technical problems, the State Bar of California is recommending that the agency return to in-person tests as it scrutinizes whether the vendor behind the new testing system met the obligations of its contract. From a report: "Based on the administration of the February Bar Exam, staff cannot recommend going forward with Meazure Learning," Donna Hershkowitz, chief of admissions for the State Bar, wrote to the agency's Board of Trustees in a staff memo, referring to the vendor. Instead, she wrote, staff recommend reverting to in-person testing for the next round of exams in July.

The State Bar's 13-member board, which is scheduled to meet March 5, will ultimately decide on plans for the July bar exam and remedies for test takers who faced problems. In a statement Monday, the State Bar said it is "closely scrutinizing whether Meazure Learning met its contractual obligations" in administering the February State Bar exam and will be "actively working with its psychometrician and other stakeholders to determine the full scope of necessary remediation measures for February 2025 bar exam test takers."

CISA has warned U.S. federal agencies about active exploitation of vulnerabilities in Cisco VPN routers and Windows systems. "While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it," adds Bleeping Computer. From the report: The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges. Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.

The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices. According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.

Today, CISA added the two vulnerabilities to its Known Exploited Vulnerabilities catalog, which lists security bugs the agency has tagged as exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021, Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until March 23, to secure their networks against ongoing exploitation.

An anonymous reader quotes a report from TechCrunch: The United States has suspended its offensive cyber operations against Russia, according to reports, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine. The reported order to halt U.S.-launched hacking operations against Russia was authorized by U.S. Defense Secretary Pete Hegseth, according to The Record. The new guidance affects operations carried out by U.S. Cyber Command, a division of the Department of Defense focused on hacking and operations in cyberspace, but does not apply to espionage operations conducted by the National Security Agency. The reported order has since been confirmed by The New York Times and The Washington Post.

The order was handed down before Friday's Oval Office meeting between U.S. President Donald Trump, Vice President JD Vance, and Ukrainian President Volodymyr Zelenskyy, according to the reports. The New York Times said that the instruction came as part of a broader effort to draw Russian President Vladimir Putin into talks about the country's ongoing war in Ukraine. The Guardian also reports that the Trump administration has signaled it no longer views Russian hackers as a cybersecurity threat, and reportedly ordered U.S. cybersecurity agency CISA to no longer report on Russian threats. The newspaper cites a recent memo that set out new priorities for CISA, including threats faced by China and protecting local systems, but the memo did not mention Russia. CISA employees were reportedly informed verbally that they were to pause any work on Russian cyber threats.

A malicious PyPi package effectively turned its users' systems "into an illicit network for facilitating bulk music downloads," writes The Hacker News.

Though the package has been removed from PyPI, researchers at security platform Socket.dev say it enabled "coordinated, unauthorized music downloads from Deezer — a popular streaming service founded in France in 2007." Although automslc, which has been downloaded over 100,000 times, purports to offer music automation and metadata retrieval, it covertly bypasses Deezer's access restrictions... The package is designed to log into Deezer, harvest track metadata, request full-length streaming URLs, and download complete audio files in clear violation of Deezer's API terms... [I]t orchestrates a distributed piracy operation by leveraging both user-supplied and hardcoded Deezer credentials to create sessions with Deezer's API. This approach enables full access to track metadata and the decryption tokens required to generate full-length track URLs.

Additionally, the package routinely communicates with a remote server... to update download statuses and submit metadata, thereby centralizing control and allowing the threat actor to monitor and coordinate the distributed downloading operation. In doing so, automslc exposes critical track details — including Deezer IDs, International Standard Recording Codes, track titles, and internal tokens like MD5_ORIGIN (a hash used in generating decryption URLs) — which, when collected en masse, can be used to reassemble full track URLs and facilitate unauthorized downloads...

Even if a user pays for access to the service, the content is licensed, not owned. The automslc package circumvents licensing restrictions by enabling downloads and potential redistribution, which is outside the bounds of fair use...
"The malicious package was initially published in 2019, and its popularity (over 100,000 downloads) indicates wide distribution..."