Microsoft is ending support for Windows 10 in October 2025, but the company is now taking the unusual step of reopening its beta program for Windows 10 to test new features and improvements. From a report: Windows 10 already got the AI Copilot feature that was originally exclusive to Windows 11, and it may well get other features soon. "To bring new features and more improvements to Windows 10 as needed, we need a place to do active feature development with Windows Insiders," explains Microsoft's Windows Insider team in a blog post. "So today, we are opening the Beta Channel for Windows Insiders who are currently on Windows 10."

Microsoft hasn't revealed what additional Windows 10 features it plans to test next, but Windows Insiders can opt into the beta channel to get them early. Crucially, the Windows 10 end of support date of October 14th, 2025 is still unchanged. "Joining the Beta Channel on your Windows 10 PC does not change that," says Microsoft.

An anonymous reader quotes a report from Wired: When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the"magical" things about it was that the data doesn't leave your laptop; theWindows Recall system takes screenshots of your activity every five seconds and saves them on the device. But security experts say that data may not stay there for long. Two weeks ahead ofRecall's launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database. The researchers say the data could easily be hoovered up by an attacker. And now, in a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity strategist and ethical hacker, has released a demo tool that can automatically extract and display everything Recall records on a laptop.

Dubbed TotalRecall -- yes, after the 1990 sci-fi film -- the tool can pull all the information that Recall saves into its main database on a Windows laptop. "The database is unencrypted. It's all plain text," Hagenah says. Since Microsoft revealed Recall in mid-May, security researchers have repeatedly compared it to spyware or stalkerware that can track everything you do on your device. "It's a Trojan 2.0 really, built in," Hagenah says, adding that he built TotalRecall -- which he's releasing on GitHub -- in order to show what is possible and to encourage Microsoft to make changes before Recall fully launches. [...] TotalRecall, Hagenah says, can automatically work out where the Recall database is on a laptop and then make a copy of the file, parsing all the data as it does so. While Microsoft's new Copilot+ PCs aren't out yet, it's possible to use Recall by emulating a version of the devices. "It does everything automatically," he says. The system can set a date range for extracting the data -- for instance, pulling information from only one specific week or day. Pulling one day of screenshots from Recall, which stores its information in an SQLite database, took two seconds at most, Hagenah says.

Included in what the database captures are screenshots of whatever is on your desktop -- a potential gold mine for criminal hackers or domestic abusers who may physically access their victim's device. Images include captures of messages sent on encrypted messaging apps Signal and WhatsApp, and remain in the captures regardless of whether disappearing messages are turned on in the apps. There are records of websites visited and every bit of text displayed on the PC. Once TotalRecall has been deployed, it will generate a summary about the data; it is also possible to search for specific terms in the database. Hagenah says an attacker could get a huge amount of information about their target, including insights into their emails, personal conversations, and any sensitive information that's captured by Recall. Hagenah's work builds on findings from cybersecurity researcher Kevin Beaumont, who has detailed how much information Recall captures and how easy it can be to extract it.

A Google contractor used admin privileges to access private information from Nintendo's YouTube account about an upcoming Yoshi game in 2017, which later made its way to Reddit before Nintendo announced the game, according to a copy of an internal Google database detailing potential privacy and security incidents obtained by 404 Media. From the report: The news provides more clarity on how exactly a Redditor, who teased news of the new Yoshi game, which was later released as Yoshi's Crafted World in 2019, originally obtained their information. A screenshot in the Reddit post shows a URL that starts with www.admin.youtube.com, which is a Google corporate login page. "Google employee deliberately leaked private Nintendo information," the entry in the database reads. The database obtained by 404 Media includes privacy and security issues that Google's own employees reported internally.

jd writes: There aren't many details yet, but a private company used by the National Health Service in London was hit by a ransomware attack today, leading to cancelled operations and cancelled tests. The provider has been hit multiple times this year and is obviously not bothering with making any improvements in cybersecurity. There really should be legal requirements when it comes to maintaining what is de-facto critical infrastructure.

From the article:

"Major NHS hospitals in London have been hit by a cyber-attack, which is seriously disrupting their services, including blood tests and transfusions. The ransomware attack is having a "major impact" on the care provided by Guy's and St Thomas' NHS trust, its chief executive has told staff in a letter. The attack is understood to affect other hospitals, including King's College hospital, and has left them unable to connect to the servers of the private firm that provides their pathology services.

Synnovis, an outsourced provider of lab services to NHS trusts across south-east London, was the target of the attack, believed to be a form of ransomware, a piece of software which locks up a computer system to extort a payment for restoring access. According to one healthcare worker, the labs were still functional, but communication with them was limited to paper only, imposing a huge bottleneck and forcing cancellation or reassignment of all but the most urgent bloodwork. Direct connections with Synnovis' servers were cut to limit the risk of the infection spreading. ...
This is the third attack in the last year to hit part of the Synlab group, a German medical services provider with subsidiaries across Europe. In June 2023, ransomware gang Clop hacked and stole data from the French branch of the company just days after it hit headlines for bringing down a payroll provider for companies including BA, Boots and the BBC. Clop published the stolen data later that summer."

An anonymous reader shares a report: A Ticketmaster data breach that allegedly includes details for 560 million accounts and another one affecting Santander have been linked to their accounts at Snowflake, a cloud storage provider. However, Snowflake says there's no evidence its platform is at fault. A joint statement to that effect made last night with CrowdStrike and Mandiant, two third-party security companies investigating the incident, lends additional credibility to the claim.

Also, an earlier third-party report saying bad actors generated session tokens and may have compromised "hundreds" of Snowflake accounts has now been removed. Hudson Rock, the security firm behind that report, posted a statement of its own today on LinkedIn: "In accordance to a letter we received from Snowflake's legal counsel, we have decided to take down all content related to our report." A post from Snowflake says, "To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted."

An anonymous reader quotes a report from The Register: Billions of records detailing people's personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks' private info. A criminal gang that goes by the handle USDoD put the database up for sale for $3.5 million on an underworld forum in April, and rather incredibly claimed the trove included 2.9 billion records on all US, Canadian, and British citizens. It's believed one or more miscreants using the handle SXUL was responsible for the alleged exfiltration, who passed it onto USDoD, which is acting as a broker. The pilfered information is said to include individuals' full names, addresses, and address history going back at least three decades, social security numbers, and people's parents, siblings, and relatives, some of whom have been dead for nearly 20 years. According to USDoD, this info was not scraped from public sources, though there may be duplicate entries for people in the database.

Fast forward to this month, and the infosec watchers at VX-Underground say they've not only been able to view the database and verify that at least some of its contents are real and accurate, but that USDoD plans to leak the trove. Judging by VX-Underground's assessment, the 277.1GB file contains nearly three billion records on people who've at least lived in the United States -- so US citizens as well as, say, Canadians and Brits. This info was allegedly stolen or otherwise obtained from National Public Data, a small information broker based in Coral Springs that offers API lookups to other companies for things like background checks. There is a small silver lining, according to the VX team: "The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present." So, we guess this is a good lesson in opting out.

Google has accidentally collected childrens' voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users' deleted watch history, among thousands of other employee-reported privacy incidents, according to a copy of an internal Google database which tracks six years worth of potential privacy and security issues obtained by 404 Media. From the report: Individually the incidents, most of which have not been previously publicly reported, may only each impact a relatively small number of people, or were fixed quickly. Taken as a whole, though, the internal database shows how one of the most powerful and important companies in the world manages, and often mismanages, a staggering amount of personal, sensitive data on people's lives.

The data obtained by 404 Media includes privacy and security issues that Google's own employees reported internally. These include issues with Google's own products or data collection practices; vulnerabilities in third party vendors that Google uses; or mistakes made by Google staff, contractors, or other people that have impacted Google systems or data. The incidents include everything from a single errant email containing some PII, through to substantial leaks of data, right up to impending raids on Google offices. When reporting an incident, employees give the incident a priority rating, P0 being the highest, P1 being a step below that. The database contains thousands of reports over the course of six years, from 2013 to 2018. In one 2016 case, a Google employee reported that Google Street View's systems were transcribing and storing license plate numbers from photos. They explained that Google uses an algorithm to detect text in Street View imagery.

An anonytmous reader shared a recent report from BleepingComputer: Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware — answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware... "We further noticed that a StackOverflow account 'EstAYA G' [was] exploiting the platform's community members seeking debugging help [1, 2, 3] by directing them to install this malicious package as a 'solution' to their issue even though the 'solution' is unrelated to the questions posted by developers," explained Sonatype researcher Ax Sharma in the Sonatype report.
Sonatype's researcher "noticed that line 17 was laden with ...a bit too many whitespaces," according to the report, "in turn hiding code much further to the right which would be easy to miss, unless you notice the scroll bar. The command executes a base64-encoded payload..."

And then, reports BleepingComputer... When deobfuscated, this command will download an executable named 'runtime.exe' from a remote site and execute it. This executable is actually a Python program converted into an .exe that acts as an information-stealing malware to harvest cookies, passwords, browser history, credit cards, and other data from web browsers. It also appears to search through documents for specific phrases and, if found, steal the data as well.

All of this information is then sent back to the attacker, who can sell it on dark web markets or use it to breach further accounts owned by the victim.

An anonymous Slashdot reader shared this report from Computer Weekly: A former student at the Inns of Court College of Advocacy (ICCA) says he was hauled over the coals by the college for having acted responsibly and "with integrity" in reporting a security blunder that left sensitive information about students exposed. Bartek Wytrzyszczewski faced misconduct proceedings after alerting the college to a data breach exposing sensitive information on hundreds of past and present ICCA students...

The ICCA, which offers training to future barristers, informed data protection regulator the Information Commissioner's Office of a breach "experienced" in August 2023 after Wytrzyszczewski alerted the college that sensitive files on nearly 800 students were accessible to other college users via the ICCA's web portal. The breach saw personal data such as email addresses, phone numbers and academic information — including exam marks and previous institutions attended — accessible to students at the college. Students using the ICCA's web portal were also able to access ID photos, as well as student ID numbers and sensitive data, such as health records, visa status and information as to whether they were pregnant or had children... After the college secured a written undertaking from Wytrzyszczewski not to disclose any of the information he had discovered, it launched misconduct proceedings against him. He had stumbled across the files in error, he said, and viewed a significant number to ensure he could report their contents with accuracy.
"The panel cleared Wytrzyszczewski and found it had no jurisdiction to hear the matter," according to the article.

But he "said the experience caused him to unenroll from the ICCA's course and restart his training at another provider."

Slashdot reader storagedude shares a provocative post from the cybersecurity news blog of Cyble Inc. (a Ycombinator-backed company promising "AI-powered actionable threat intelligence").

The post delves into concerns that the new "Recall" feature planned for Windows (on upcoming Copilot+ PCs) is "a security and privacy nightmare." Copilot Recall will be enabled by default and will capture frequent screenshots, or "snapshots," of a user's activity and store them in a local database tied to the user account. The potential for exposure of personal and sensitive data through the new feature has alarmed security and privacy advocates and even sparked a UK inquiry into the issue. In a long Mastodon thread on the new feature, Windows security researcher Kevin Beaumont wrote, "I'm not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC."

In a blog post on Recall security and privacy, Microsoft said that processing and storage are done only on the local device and encrypted, but even Microsoft's own explanations raise concerns: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry." Security and privacy advocates take issue with assertions that the data is stored securely on the local device. If someone has a user's password or if a court orders that data be turned over for legal or law enforcement purposes, the amount of data exposed could be much greater with Recall than would otherwise be exposed... And hackers, malware and infostealers will have access to vastly more data than they would without Recall.

Beaumont said the screenshots are stored in a SQLite database, "and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.... Recall enables threat actors to automate scraping everything you've ever looked at within seconds."
Beaumont's LinkedIn profile and blog say that starting in 2020 he worked at Microsoft for nearly a year as a senior threat intelligence analyst. And now Beaumont's Mastodon post is also raising other concerns (according to Cyble's blog post):

• "Sensitive data deleted by users will still be saved in Recall screenshots... 'If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.'"

• "Beaumont also questioned Microsoft's assertion that all this is done locally."

The blog post also notes that Leslie Carhart, Director of Incident Response at Dragos, had this reaction to Beaumont's post. "The outrage and disbelief are warranted."

"To save itself, TikTok in 2022 offered the U.S. government an extraordinary deal," reports the Washington Post. The video app, owned by a Chinese company, said it would let federal officials pick its U.S. operation's board of directors, would give the government veto power over each new hire and would pay an American company that contracts with the Defense Department to monitor its source code, according to a copy of the company's proposal. It even offered to give federal officials a kill switch that would shut the app down in the United States if they felt it remained a threat.

The Biden administration, however, went its own way. Officials declined the proposal, forfeiting potential influence over one of the world's most popular apps in favor of a blunter option: a forced-sale law signed last month by President Biden that could lead to TikTok's nationwide ban. The government has never publicly explained why it rejected TikTok's proposal, opting instead for a potentially protracted constitutional battle that many expect to end up before the Supreme Court... But the extent to which the United States evaluated or disregarded TikTok's proposal, known as Project Texas, is likely to be a core point of dispute in court, where TikTok and its owner, ByteDance, are challenging the sale-or-ban law as an "unconstitutional assertion of power."

The episode raises questions over whether the government, when presented with a way to address its concerns, chose instead to back an effort that would see the company sold to an American buyer, even though some of the issues officials have warned about — the opaque influence of its recommendation algorithm, the privacy of user data — probably would still be unresolved under new ownership...

A senior Biden administration official said in a statement that the administration "determined more than a year ago that the solution proposed by the parties at the time would be insufficient to address the serious national security risks presented. While we have consistently engaged with the company about our concerns and potential solutions, it became clear that divestment from its foreign ownership was and remains necessary."
"Since federal officials announced an investigation into TikTok in 2019, the app's user base has doubled to more than 170 million U.S. accounts," according to the article.

It also includes this assessment from Anupam Chander, a Georgetown University law professor who researches international tech policy. "The government had a complete absence of faith in [its] ability to regulate technology platforms, because there might be some vulnerability that might exist somewhere down the line."

"The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild," reported Ars Technica on Friday.

"The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges." It's the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation. The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations... It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation.

A deep-dive write-up of the vulnerability reveals that these exploits provide "a very powerful double-free primitive when the correct code paths are hit." Double-free vulnerabilities are a subclass of use-after-free errors...

A new article in the Washington Post argues that a phenomenon called "Quiet vacationing" has "joined 'quiet quitting' and 'quiet firing' as the latest (and least poetic) scourge of the modern workplace.

"Also known as the hush trip, workcation, hush-cation, or bleisure travel — you get the idea — quiet vacationing refers to workers taking time off, even traveling, without notifying their employers." Taking advantage of work-from-anywhere technology, they are logging in from hotels, beaches and campgrounds, sometimes using virtual backgrounds and VPNs to cover their tracks.

Given the difficulty many employers already have trusting remote workers to be productive anywhere outside the office, you can bet they are not keen on the idea of their employees pretending to have their head in the game while their toes are in the sand. But employers also have legitimate legal reasons for keeping tabs on their employees' location when they're on the clock. "Evil HR Lady" Suzanne Lucas, writing in Inc. magazine, recently highlighted the many tax, employment, business-operation and security laws that focus on an employee's location. Workers secretly performing their jobs in other states or countries can trigger compliance headaches for their employers, Lucas notes, giving the hypothetical of an employee seeking workers' compensation after sustaining an injury while on unauthorized travel....

As with declines in birthrates, home purchases and demand for mined diamonds, the quiet-vacationing trend is being attributed primarily, though not exclusively, to millennial workers. But before launching into generational finger-pointing and stereotyping, it's worth taking a look at why they might feel the need to take their PTO on the DL. The U.S. Travel Association in a 2016 report proclaimed millennials to be a generation of "work martyrs," entering the workforce around the time average U.S. vacation usage began declining and mobile technology began enabling round-the-clock attachment to jobs... The work-vacation boundaries most premillennial workers took for granted growing up have gone the way of defined-benefit pensions and good tomatoes.

Inadequate paid leave is another driving force. The United States continues to be the only nation among its industrialized economic peers that does not guarantee paid vacation, sick leave or holidays for all workers, leaving such benefits to the discretion of employers. Workers with limited PTO — whether new to the workforce or stuck in lower-paying, low-benefit industries — generally want to keep as much paid leave banked as possible, especially if they may need it for unpredictable emergencies like illness or caretaking. If you can preserve those precious hours by packing your laptop alongside your flip-flops, why wouldn't you?
The article also mentions employers who begrudge vacation and employees who fear "becoming a target for future cost-cutting..."

An anonymous reader quotes a report from the BBC: Hackers are attempting to sell what they say is confidential information belonging to millions of Santander staff and customers. They belong to the same gang which this week claimed to have hacked Ticketmaster. The bank -- which employs 200,000 people worldwide, including around 20,000 in the UK -- has confirmed data has been stolen. Santander has apologized for what it says is "the concern this will understandably cause" adding it is "proactively contacting affected customers and employees directly."

"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said in a statement posted earlier this month. "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords." It said its banking systems were unaffected so customers could continue to "transact securely."

In a post on a hacking forum -- first spotted by researchers at Dark Web Informer- the group calling themselves ShinyHunters posted an advert saying they had data including: 30 million people's bank account details, 6 million account numbers and balances, 28 million credit card numbers, and HR information for staff. Santander has not commented on the accuracy of those claims.

Japanese crypto exchange DMM Bitcoin confirmed on Friday that it had been the victim of a hack resulting in the theft of 4,502.9 bitcoin, or about $305 million. From a report: According to crypto security firm Elliptic, this is the eighth largest crypto theft in history. DMM Bitcoin said it detected "an unauthorized leak of Bitcoin (BTC) from our wallet" on Friday and that it was still investigating and had taken measures to stop further thefts. The crypto exchange said it also "implemented restrictions on the use of some services to ensure additional safety," according to a machine translation of the company's official blog post (written in Japanese).

Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19 after a threat actor breached the company's website, stealing the Fanzone member information of 500,000 customers. BleepingComputer reports: [A] threat actor known as 'Ghostr' told us they hacked the company's Fanzone website on May 18 and downloaded its linked databases. Cooler Master's Fanzone site is used to register a product's warranty, request an RMA, or open support tickets, requiring customers to fill in personal data, such as names, email addresses, addresses, phone numbers, birth dates, and physical addresses. Ghostr said they were able to download 103 GB of data during the Fanzone breach, including the customer information of over 500,000 customers.

The threat actor also shared data samples, allowing BleepingComputer to confirm with numerous customers listed in the breach that their data was accurate and that they recently requested support or an RMA from Cooler Master. Other data in the samples included product information, employee information, and information regarding emails with vendors. The threat actor claimed to have partial credit card information, but BleepingComputer could not find this data in the data samples. The threat actor now says they will sell the leaked data on hacking forums but has not disclosed the price. Cooler Master said in a statement to BleepingComputer: "We can confirm on May 19, Cooler Master experienced a data breach involving unauthorized access to customer data. We immediately alerted the authorities, who are actively investigating the breach. Additionally, we have engaged top security experts to address the breach and implement new measures to prevent future incidents. These experts have successfully secured our systems and enhanced our overall security protocols. We are in the process of notifying affected customers directly and advising them on next steps. We are committed to providing timely updates and support to our customers throughout this process."

A widespread outage affecting over 600,000 routers connected to Windstream's Kinetic broadband service left customers without internet access for several days last October, according to a report by security firm Lumen Technologies' Black Lotus Labs. The incident, dubbed "Pumpkin Eclipse," is believed to be the result of a deliberate attack using commodity malware known as Chalubo to overwrite router firmware. Windstream, which has about 1.6 million subscribers in 18 states, has not provided an explanation for the outage. The company sent replacement routers to affected customers, many of whom reported significant financial losses due to the disruption. ArsTechnica adds: After learning of the mass router outage, Black Lotus began querying the Censys search engine for the affected router models. A one-week snapshot soon revealed that one specific ASN experienced a 49 percent drop in those models just as the reports began. This amounted to the disconnection of at least 179,000 ActionTec routers and more than 480,000 routers sold by Sagemcom. The constant connecting and disconnecting of routers to any ISP complicates the tracking process, because it's impossible to know if a disappearance is the result of the normal churn or something more complicated. Black Lotus said that a conservative estimate is that at least 600,000 of the disconnections it tracked were the result of Chaluba infecting the devices and, from there, permanently wiping the firmware they ran on. After identifying the ASN, Black Lotus discovered a complex multi-path infection mechanism for installing Chaluba on the routers.

An anonymous reader quotes an op-ed from The Globe and Mail, written by Kate Robertson and Ron Deibert. Robertson is a senior research associate and Deibert is director at the University of Toronto's Citizen Lab. From the piece: A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about. And they threaten the online security of everyone in Canada. Bill C-26 empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada's networks. This could include requiring telcos to alter the 5G encryption standards that protect mobile communications to facilitate government surveillance. The government's decision to push the proposed law forward without amending it to remove this encryption-breaking capability has set off alarm bells that these new powers are a feature, not a bug.

There are already many insecurities in today's networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP's cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world's mobile networks. So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.

It's not as if the government wasn't warned. Citizen Lab researchers presented the 2023 report's findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada's telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the "confidentiality, integrity, or availability" of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications -- personal, business, religious, or otherwise. The new powers would only make people in Canada more vulnerable to malicious threats to the privacy and security of all network users, including Canada's most senior officials. [...] "Now, more than ever, there is no such thing as a safe backdoor," the authors write in closing. "A shortcut that provides a narrow advantage for the few at the expense of us all is no way to secure our complex digital ecosystem."

"Against this threat landscape, a pivot is crucial. Canada needs cybersecurity laws that explicitly recognize that uncompromised encryption is the backbone of cybersecurity, and it must be mandated and protected by all means possible."

The notorious hacker group ShinyHunters has claimed to have breached the security of Ticketmaster-Live Nation, compromising the personal data more than half a billion users. "This massive 1.3 terabytes of data, is now being offered for sale on Breach Forums for a one-time sale for $500,000," reports Hackread. From the report: ShinyHunters has allegedly accessed a treasure trove of sensitive user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data. Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details. The data breach, if confirmed, could have severe implications for the affected users, leading to potential identity theft, financial fraud, and further cyber attacks. The hacker group's bold move to put this data on sale goes on to show the growing menace of cybercrime and the increasing sophistication of these cyber adversaries.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

From 2015 to July 2022, 911 S5 sold access to hundreds of thousands of Microsoft Windows computers daily, as "proxies" that allowed customers to route their Internet traffic through PCs in virtually any country or city around the globe -- but predominantly in the United States. 911 built its proxy network mainly by offering "free" virtual private networking (VPN) services. 911's VPN performed largely as advertised for the user -- allowing them to surf the web anonymously -- but it also quietly turned the user's computer into a traffic relay for paying 911 S5 customers. 911 S5's reliability and extremely low prices quickly made it one of the most popular services among denizens of the cybercrime underground, and the service became almost shorthand for connecting to that "last mile" of cybercrime. Namely, the ability to route one's malicious traffic through a computer that is geographically close to the consumer whose stolen credit card is about to be used, or whose bank account is about to be emptied.

In July 2022, KrebsOnSecurity published a deep dive into 911 S5, which found the people operating this business had a history of encouraging the installation of their proxy malware by any means available. That included paying affiliates to distribute their proxy software by secretly bundling it with other software. That story named Yunhe Wang from Beijing as the apparent owner or manager of the 911 S5 proxy service. In today's Treasury action, Mr. Wang was named as the primary administrator of the botnet that powered 911 S5. Update, May 29, 12:26 p.m. ET: The U.S. Department of Justice (DOJ) just announced they have arrested Wang in connection with the 911 S5 botnet. The DOJ says 911 S5 customers have stolen billions of dollars from financial institutions, credit card issuers, and federal lending programs. [...] The third man sanctioned is Yanni Zheng, a Chinese national the U.S. Treasury says acted as an attorney for Wang and his firm -- Spicy Code Company Limited -- and helped to launder proceeds from the business into real estate holdings. Spicy Code Company was also sanctioned, as well as Wang-controlled properties Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited. "911 S5 customers allegedly targeted certain pandemic relief programs," a DOJ statement on the arrest reads. "For example, the United States estimates that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion. Additionally, in evaluating suspected fraud loss to the Economic Injury Disaster Loan (EIDL) program, the United States estimates that more than 47,000 EIDL applications originated from IP addresses compromised by 911 S5. Millions of dollars more were similarly identified by financial institutions in the United States as loss originating from IP addresses compromised by 911 S5."

"Jingping Liu assisted Yunhe Wang by laundering criminally derived proceeds through bank accounts held in her name that were then utilized to purchase luxury real estate properties for Yunhe Wang," the document continues. "These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats."