Businesses

Retailers Explore Radio-Emitting Threads To Combat Surging Theft (bloomberg.com) 143

Major retailers are considering embedding radio-emitting threads into clothing as a novel anti-theft measure amid soaring retail crime rates, according to Bloomberg, citing industry sources. The technology, developed by Spanish firm Myruns, uses conductive ink derived from cellulose to create threads five times thinner than human hair that can trigger security alarms.

Zara owner Inditex has discussed implementing the system, though the company says it has no plans for in-store testing. Retail theft caused an estimated $73 billion in lost sales in the U.S. in 2022, according to the National Retail Federation, while UK losses doubled to $4.2 billion in 2023. The crisis has prompted retailers to increase security personnel and surveillance systems. The threadlike technology could provide an alternative to traditional metal-based security tags, potentially offering biodegradable and recyclable anti-theft protection.
Security

D-Link Won't Fix Critical Flaw Affecting 60,000 Older NAS Devices 87

D-Link confirmed no fix will be issued for the over 60,000 D-Link NAS devices that are vulnerable to a critical command injection flaw (CVE-2024-10914), allowing unauthenticated attackers to execute arbitrary commands through unsanitized HTTP requests. The networking company advises users to retire or isolate the affected devices from public internet access. BleepingComputer reports: The flaw impacts multiple models of D-Link network-attached storage (NAS) devices that are commonly used by small businesses: DNS-320 Version 1.00; DNS-320LW Version 1.01.0914.2012; DNS-325 Version 1.01, Version 1.02; and DNS-340L Version 1.08. [...] A search that Netsecfish conducted on the FOFA platform returned 61,147 results at 41,097 unique IP addresses for D-Link devices vulnerable to CVE-2024-10914.

In a security bulletin today, D-Link has confirmed that a fix for CVE-2024-10914 is not coming and the vendor recommends that users retire vulnerable products. If that is not possible at the moment, users should at least isolate them from the public internet or place them under stricter access conditions. The same researcher discovered in April this year an arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, impacting mostly the same D-Link NAS models as the latest flaw.
Security

Amazon Confirms Employee Data Stolen After Hacker Claims MOVEit Breach (techcrunch.com) 5

Amazon has confirmed that employee data was compromised after a "security event" at a third-party vendor. From a report: In a statement given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. "Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations," Montgomery said.

Amazon declined to say how many employees were impacted by the breach. It noted that the unnamed third-party vendor doesn't have access to sensitive data such as Social Security numbers or financial information and said the vendor had fixed the security vulnerability responsible for the data breach. The confirmation comes after a threat actor claimed to have published data stolen from Amazon on notorious hacking site BreachForums. The individual claims to have more than 2.8 million lines of data, which they say was stolen during last year's mass-exploitation of MOVEit Transfer.

Android

Android 15's Virtual Machine Mandate is Aimed at Improving Security (androidauthority.com) 52

Google will require all new mobile chipsets launching with Android 15 to support its Android Virtualization Framework (AVF), a significant shift in the operating system's security architecture. The mandate, reports AndroidAuthority that got a hold of Android's latest Vendor Software Requirements document, affects major chipmakers including Qualcomm, MediaTek, and Samsung's Exynos division. New processors like the Snapdragon 8 Elite and Dimensity 9400 must implement AVF support to receive Android certification.

AVF, introduced with Android 13, creates isolated environments for security-sensitive operations including code compilation and DRM applications. The framework also enables full operating system virtualization, with Google demonstrating Chrome OS running in a virtual machine on Android devices.
Java

Java Proposals Would Boost Resistance to Quantum Computing Attacks (infoworld.com) 14

"Java application security would be enhanced through two proposals aimed at resisting quantum computing attacks," reports InfoWorld, "one plan involving digital signatures and the other key encapsulation." The two proposals reside in the OpenJDK JEP (JDK Enhancement Proposal) index.

The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in FIPS 204.

The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using public key cryptography. ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in FIPS 203.

Electronic Frontier Foundation

Aaron Swartz Day Commemorated With 'Those Carrying on the Work' (aaronswartzday.org) 44

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:
  • Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."
  • Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."
  • Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."
  • Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."
  • Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."


The Military

Behind the Scenes at a Minuteman ICBM Test Launch (airandspaceforces.com) 61

Tuesday at California's Vandenberg Space Force base, the U.S. launched a Minuteman III missile, "in an important test of the weapon's ability to strike its targets with multiple warheads," according to Air and Space Forces magazine: The Minuteman III missiles that form a critical leg of the U.S. nuclear triad each carry one nuclear-armed reentry vehicle. But the missile that was tested carried three test warheads... The intercontinental ballastic missile (ICBM) test was controlled by an airborne command post in a test of the U.S. ability to launch its nuclear deterrent from a survivable platform.... Gen. Thomas A. Bussiere, the commander of Air Force Global Strike Command, said in a release: "An airborne launch validates the survivability of our ICBMs, which serve as the strategic backstop of our nation's defense and defense of allies and partners...."

The three test reentry vehicles — one high-fidelity Joint Test Assembly, which carries non-nuclear explosives, and two telemetry Joint Test Assembly objects — struck the Reagan Test Site near the Kwajalein Atoll in the Marshall Islands roughly 30 minutes later after launch, a flight of about 4,200 miles. "They make up essentially a mock warhead," Col. Dustin Harmon, the commander of the 377th Test and Evaluation Group, the nation's operational ICBM test unit, said in an interview with Air & Space Forces Magazine. "There's two different types. One is telemetered, so it's got a radio transmitter in it, it's got antennas, gyroscopes, accelerometers — all the things that can sense motion and movement. And we fly those or we can put one in there that's called a high-fidelity. That is assembled much like an actual weapon would be, except we use surrogate materials, and so we want it to fly similarly to an actual weapon. ... It has the explosives in it that a normal warhead would to drive a detonation, but there's nothing to drive...."

The U.S. government formally notified Russia in advance of the launch in accordance with a 1988 bilateral agreement. More than 145 countries were also provided with advance notice of the launch under the Hague Code of Conduct — an international understanding on launch notifications. The U.S. also provided advance notice to China, a DOD spokesperson told Air & Space Forces Magazine. China notified the U.S. of an ICBM launch over the Pacific Ocean in September. There is no formal agreement between Washington and Beijing that requires such notifications, but each side provided them to avoid miscalculations.

Test launches happen three times a year, according to the article, yielding "several gigabytes of data" about reentry vehicles, subsystems, and payloads. "There are 400 Minuteman III missiles currently in service across Colorado, Montana, Nebraska, North Dakota, and Wyoming."

Thanks to long-time Slashdot reader SonicSpike for sharing the article.
Linux

Intel Sees a 3888.9% Performance Improvement in the Linux Kernel - From One Line of Code (phoronix.com) 61

An anonymous reader shared this report from Phoronix: Intel's Linux kernel test robot has reported a 3888.9% performance improvement in the mainline Linux kernel as of this past week...

Intel thankfully has the resources to maintain this automated service for per-kernel commit/patch testing and has been maintaining their public kernel test robot for years now to help catch performance changes both positive and negative to the Linux kernel code. The commit in question causing this massive uplift to performance is mm, mmap: limit THP alignment of anonymous mappings to PMD-aligned sizes. The patch message confirms it will fix some prior performance regressions and deliver some major uplift in specialized cases...

That mmap patch merged last week affects just one line of code.

This week the Register also reported that Linus Torvalds revised a previously-submitted security tweak that addressed Spectre and Meltdown security holes, writing in his commit message that "The kernel test robot reports a 2.6 percent improvement in the per_thread_ops benchmark."
Firefox

20 Years Ago Today: 'Firefox Browser Takes on Microsoft' (archive.org) 50

A 2002 Slashdot post informed the world that "Recently Blake Ross, a developer of the Phoenix web browser, has made a post on the Mozillazine forums looking for a new name for the project. Apparently the people over at Phoenix Technologies decided that the name interferes with their trademark since they make an 'internet access device'..."

And then, on November 9 of 2004, the BBC reported that "Microsoft's Internet Explorer has a serious rival in the long-awaited Firefox 1.0 web browser, which has just been released." Their headline? "Firefox Browser Takes on Microsoft." Fans of the software have banded together to raise cash to pay for an advert in the New York Times announcing that version 1.0 of the browser is available. ["Are you fed up with your browser? You're not alone...."] The release of Firefox 1.0 on 9 November might even cause a few heads to turn at Microsoft because the program is steadily winning people away from the software giant's Internet Explorer browser.

Firefox has been created by the Mozilla Foundation which was started by former browser maker Netscape back in 1998... Earlier incarnations, but which had the same core technology, were called Phoenix and Firebird. Since then the software has been gaining praise and converts, not least because of the large number of security problems that have come to light in Microsoft's Internet Explorer. Rivals to IE got a boost in late June when two US computer security organisations warned people to avoid the Microsoft program to avoid falling victim to a serious vulnerability.

Internet monitoring firm WebSideStory has charted the growing population of people using the Firefox browser and says it is responsible for slowly eroding the stranglehold of IE. Before July this year, according to WebSideStory, Internet Explorer was used by about 95% of web surfers. That figure had remained static for years. In July the IE using population dropped to 94.7% and by the end of October stood at 92.9%. The Mozilla Foundation claims that Firefox has been downloaded almost eight million times and has publicly said it would be happy to garner 10% of the Windows- using, net-browsing population.

Firefox is proving popular because, at the moment, it has far fewer security holes than Internet Explorer and has some innovations lacking in Microsoft's program. For instance, Firefox allows the pages of different websites to be arranged as tabs so users can switch easily between them. It blocks pop-ups, has a neat way of finding text on a page and lets you search through the pages you have browsed...

Firefox celebrated its 20th anniversary with a special video touting new and upcoming features like tab previews, marking up PDFs, and tab grouping.

And upgrading to the latest version of Firefox now displays this message on a "What's New" page. "Whether you just downloaded Firefox or have been with us since the beginning, you are a vital part of helping us make the internet a better place.

"We can't wait to show you what's coming next." ("Check out our special edition wallpapers — open a new tab and click the gear icon at the top right corner...")
Iphone

Police Freak Out at iPhones Mysteriously Rebooting Themselves, Locking Cops Out (404media.co) 129

Law enforcement officers are warning other officials and forensic experts that iPhones which have been stored securely for forensic examination are somehow rebooting themselves, returning the devices to a state that makes them much harder to unlock, 404 Media is reporting, citing a law enforcement document it obtained. From the report: The exact reason for the reboots is unclear, but the document authors, who appear to be law enforcement officials in Detroit, Michigan, hypothesize that Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time. After being rebooted, iPhones are generally more secure against tools that aim to crack the password of and take data from the phone.

"The purpose of this notice is to spread awareness of a situation involving iPhones, which is causing iPhone devices to reboot in a short amount of time (observations are possibly within 24 hours) when removed from a cellular network," the document reads. Apple did not provide a response on whether it introduced such an update in time for publication.

Privacy

Hackers Are Sending Fraudulent Police Data Requests To Tech Giants To Steal People's Private Information (gizmodo.com) 14

An anonymous reader quotes a report from TechCrunch: The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.

"Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory. [...] The FBI said in its advisory that it had seen several public posts made by known cybercriminals over 2023 and 2024, claiming access to email addresses used by U.S. law enforcement and some foreign governments. The FBI says this access was ultimately used to send fraudulent subpoenas and other legal demands to U.S. companies seeking private user data stored on their systems. The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would "suffer greatly or die" unless the company in question returns the requested information.

The FBI said the compromised access to law enforcement accounts allowed the hackers to generate legitimate-looking subpoenas that resulted in companies turning over usernames, emails, phone numbers, and other private information about their users. But not all fraudulent attempts to file emergency data requests were successful, the FBI said. The FBI said in its advisory that law enforcement organizations should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication. The FBI said that private companies "should apply critical thinking to any emergency data requests received," given that cybercriminals "understand the need for exigency."

China

TSMC Halts Advanced Chip Shipments To Chinese AI Companies 18

Starting November 11, TSMC plans to stop supplying 7 nm and smaller chips to Chinese companies working on AI processors and GPUs. "The move is reportedly to ensure it remains compliant with US export restrictions," reports The Register. From the report: This will not affect Chinese customers wanting 7 nm chips from TSMC for other applications such as mobile and communications, according to Nikkei, which said the overall impact on the chipmaker's revenue is likely to be minimal. TrendForce further cites another China-based source who claims the move was at the behest of the US Department of Commerce, which informed TSMC that any such shipments should not proceed unless approved and licensed by its BIS (Bureau of Industry and Security). We asked the agency for confirmation.

Any moves by the silicon supremo is likely to be out of caution to pre-empt accusations from Washington that it isn't doing enough to prevent advanced technology from getting into the hands of Chinese entities that have been sanctioned. As TrendForce notes, it "highlights the foundry giant's delicate position in the global semiconductor supply chain amid the heating chip war between the world's two superpowers."
AI

Claude AI To Process Secret Government Data Through New Palantir Deal 14

An anonymous reader quotes a report from Ars Technica: Anthropic has announced a partnership with Palantir and Amazon Web Services to bring its Claude AI models to unspecified US intelligence and defense agencies. Claude, a family of AI language models similar to those that power ChatGPT, will work within Palantir's platform using AWS hosting to process and analyze data. But some critics have called out the deal as contradictory to Anthropic's widely-publicized "AI safety" aims. On X, former Google co-head of AI ethics Timnit Gebru wrote of Anthropic's new deal with Palantir, "Look at how they care so much about 'existential risks to humanity.'"

The partnership makes Claude available within Palantir's Impact Level 6 environment (IL6), a defense-accredited system that handles data critical to national security up to the "secret" classification level. This move follows a broader trend of AI companies seeking defense contracts, with Meta offering its Llama models to defense partners and OpenAI pursuing closer ties with the Defense Department. In a press release, the companies outlined three main tasks for Claude in defense and intelligence settings: performing operations on large volumes of complex data at high speeds, identifying patterns and trends within that data, and streamlining document review and preparation.

While the partnership announcement suggests broad potential for AI-powered intelligence analysis, it states that human officials will retain their decision-making authority in these operations. As a reference point for the technology's capabilities, Palantir reported that one (unnamed) American insurance company used 78 AI agents powered by their platform and Claude to reduce an underwriting process from two weeks to three hours. The new collaboration builds on Anthropic's earlier integration of Claude into AWS GovCloud, a service built for government cloud computing. Anthropic, which recently began operations in Europe, has been seeking funding at a valuation up to $40 billion. The company has raised $7.6 billion, with Amazon as its primary investor.
Privacy

Voted In America? VoteRef Probably Doxed You (404media.co) 210

An anonymous reader quotes a report from 404 Media: If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people. Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process -- simply voting -- into a security and privacy threat. [...]

The Voter Reference Foundation, which runs VoteRef, is a right wing organization helmed by a former Trump campaign official, ProPublica previously reported. The goal for that organization was to find irregularities in the number of voters and the number of ballots cast, but state election officials said their findings were "fundamentally incorrect," ProPublica added. In an interview with NPR, the ProPublica reporter said that the Voter Reference Foundation insinuated (falsely) that the 2020 election of Joe Biden was fraudulent in some way. 404 Media has found people on social media using VoteRef's data to spread voting conspiracies too. VoteRef has steadily been adding more states' records to the VoteRef website. At the time of writing, it has records for all states that legally allow publication. Some exceptions include California, Virginia, and Pennsylvania. ProPublica reported that VoteRef removed the Pennsylvania data after being contacted by an attorney for Pennsylvania's Department of State.
"Digitizing and aggregating data meaningfully changes the privacy context and the risks to people. Your municipal government storing your marriage certificate and voter information in some basement office filing cabinet is not even remotely the same as a private company digitizing all the data, labeling it, piling it all together, making it searchable," said Justin Sherman, a Duke professor who studies data brokers.

"Policymakers need to get with the times and recognize that data brokers digitizing, aggregating, and selling data based on public records -- which are usually considered 'publicly available information' and exempted from privacy laws -- has fueled decades of stalking and gendered violence, harassment, doxing, and even murder," Sherman said. "Protecting citizens of all political stripes, targets and survivors of gendered violence, public servants who are targets for doxing and death threats, military service members, and everyone in between depends on reframing how we think about public records privacy and the mass aggregation and sale of our data."
United States

US Agency Warns Employees About Phone Use Amid Ongoing China Hack (msn.com) 8

A federal agency has issued a directive to employees to reduce the use of their phones for work matters due to China's recent hack of U.S. telecommunications infrastructure, WSJ reported on Thursday, citing people familiar with the matter. From the report: In an email to staff sent Thursday, the chief information officer at the Consumer Financial Protection Bureau warned that internal and external work-related meetings and conversations that involve nonpublic data should only be held on platforms like Microsoft Teams and Cisco WebEx and not on work-issued or personal phones.

"Do NOT conduct CFPB work using mobile voice calls or text messages," the email said, while referencing a recent government statement acknowledging the telecommunications infrastructure attack. "While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised," said the email, which was sent to all CFPB employees and contractors. It wasn't clear if other federal agencies had taken similar measures or were planning to, but many U.S. officials have already curtailed their phone use due to the hack, according to a former official.

Businesses

Malwarebytes Acquires AzireVPN (malwarebytes.com) 1

Malwarebytes, in a blog post: We've acquired AzireVPN, a privacy-focused VPN provider based in Sweden. I wanted to share with you our intentions behind this exciting step, and what this means for our existing users and the family of solutions they rely on to keep them private and secure.

Malwarebytes has long been an advocate for user privacy (think Malwarebytes Privacy VPN and our free web extension Malwarebytes Browser Guard). Now, we're leaning even more on our mission to reimagine consumer cybersecurity to protect devices and data, no matter where users are located, how they work and play, or the size of their wallet. With AzireVPN's infrastructure and intellectual property, Malwarebytes is poised to develop more advanced VPN technologies and features, offering increased flexibility and enhanced security for our users.

Security

DataBreach.com Emerges As Alternative To HaveIBeenPwned (pcmag.com) 21

An anonymous reader quotes a report from PCMag: Have I Been Pwned has long been one of the most useful ways to learn if your personal information was exposed in a hack. But a new site offers its own powerful tool to help you check if your data has been leaked to cybercriminals. DataBreach.com is the work of a New Jersey company called Atlas Privacy, which helps consumers remove their personal information from data brokers and people search websites. On Wednesday, the company told us it had launched DataBreach.com as an alternative to Have I Been Pwned, which is mainly searchable via the user's email address. DataBreach.com is designed to do that and more. In addition to your email address, the site features an advanced search function to see whether your full name, physical address, phone number, Social Security number, IP address, or username are in Atlas Privacy's extensive library of recorded breaches. More categories will also be added over time.

Atlas Privacy has been offering its paid services to customers, such as police officers and celebrities, to protect bad actors from learning their addresses or phone numbers. In doing so, the company has also amassed over 17.5 billion records from the numerous stolen databases circulating on the internet, including in cybercriminal forums. As a public service, Atlas is now using its growing repository of stolen records to create a breach notification site, free of charge. DataBreach.com builds off Atlas's effort in August to host a site notifying users whether their Social Security number and other personal information were leaked in the National Public Data hack. Importantly, Atlas designed DataBreach.com to prevent it from storing or collecting any sensitive user information typed into the site. Instead, the site will fetch a hash from Atlas' servers, or a fingerprint of the user's personal information -- whether it be an email address, name, or SSN -- and compare it to whatever the user is searching for. "The comparison will be done locally," meaning it'll occur on the user's PC or phone, rather than Atlas's internet server, de Saint Meloir said.

Operating Systems

Sysadmin Shock As Windows Server 2025 Installs Itself After Update Labeling Error (theregister.com) 86

A security update mislabeling by Microsoft led to Windows Server 2022 systems unexpectedly upgrading to Windows Server 2025, impacting 7 percent of Heimdal customers and leaving administrators scrambling to manage unexpected licensing and configuration challenges. The Register reports: It took Heimdal a while to trace the problem. According to a post on Reddit: "Due to the limited initial footprint, identifying the root cause took some time. By 18:05 UTC, we traced the issue to the Windows Update API, where Microsoft had mistakenly labeled the Windows Server 2025 upgrade as KB5044284." It added: "Our team discovered this discrepancy in our patching repository, as the GUID for the Windows Server 2025 upgrade does not match the usual entries for KB5044284 associated with Windows 11. This appears to be an error on Microsoft's side, affecting both the speed of release and the classification of the update. After cross-checking with Microsoft's KB repository, we confirmed that the KB number indeed references Windows 11, not Windows Server 2025."

As of last night, Heimdal estimated that the unexpected upgrade had affected 7 percent of customers -- it said it had blocked KB5044284 across all server group policies. However, this is of little comfort to administrators finding themselves receiving an unexpected upgrade. Since rolling back to the previous configuration will present a challenge, affected users will be faced with finding out just how effective their backup strategy is or paying for the required license and dealing with all the changes that come with Windows Server 2025.

Canada

Canada Bans TikTok Citing National Security Concerns (www.cbc.ca) 86

The federal government of Canada has ordered TikTok to shut down its operations in the country, citing national security concerns. However, Canadians will still be able to access the app and use it to create content. "The decision to use a social media application or platform is a personal choice," said Innovation Minister Francois-Philippe Champagne.

"We came to the conclusion that these activities that were conducted in Canada by TikTok and their offices would be injurious to national security. I'm not at liberty to go into much detail, but I know Canadians would understand when you're saying the government of Canada is taking measures to protect national security, that's serious." CBC News reports: Champagne urged Canadians to use TikTok "with eyes wide open." Critics have claimed that TikTok users' data could be obtained by the Chinese government. "Obviously, parents and anyone who wants to use social platform should be mindful of the risk," he said. The decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may harm Canada's national security.

Former CSIS director David Vigneault told CBC News it's "very clear" from the app's design that data gleaned from its users "is available to the government of China" and its large-scale data harvesting goals. "Most people can say, 'Why is it a big deal for a teenager now to have their data [on TikTok]?' Well in five years, in 10 years, that teenager will be a young adult, will be engaged in different activities around the world," he said at the time. "As an individual, I would say that I would absolutely not recommend someone have TikTok."

Security

Schneider Electric Ransomware Crew Demands $125k Paid in Baguettes (theregister.com) 25

Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data -- and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked. The Register: And yes, you read that right: payment in baguettes. As in bread. Schneider Electric declined to answer The Register's specific questions about the intrusion, including if the attackers really want $125,000 in baguettes or if they would settle for cryptocurrency.

A spokesperson, however, emailed us the following statement: "Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilized to respond to the incident.âSchneider Electric's products and services remain unaffected."

Slashdot Top Deals