Rockstar Games, a division of Take-Two Interactive Software, will ask employees to return to the office five days a week beginning in April as the video-game maker enters the final stages of development on its next game, the hotly anticipated Grand Theft Auto VI. Bloomberg: In an email to staff on Wednesday reviewed by Bloomberg, Rockstar Head of Publishing Jenn Kolbe said the decision was made for productivity and security reasons. The company has faced several security breaches including a massive dump of early footage from the new Grand Theft Auto and an early trailer that leaked in December. Kolbe wrote that the company also found "tangible benefits" from in-person work. "Making these changes now puts us in the best position to deliver the next Grand Theft Auto at the level of quality and polish we know it requires, along with a publishing roadmap that matches the scale and ambition of the game," she wrote.

Citing potential national security risks, the Biden administration says it will investigate Chinese-made "smart cars" that can gather sensitive information about Americans driving them. From a report: The probe could lead to new regulations aimed at preventing China from using sophisticated technology in electric cars and other so-called connected vehicles to track drivers and their personal information. Officials are concerned that features such as driver assistance technology could be used to effectively spy on Americans.

While the action stops short of a ban on Chinese imports, President Joe Biden said he is taking unprecedented steps to safeguard Americans' data. "China is determined to dominate the future of the auto market, including by using unfair practices," Biden said in a statement Thursday. "China's policies could flood our market with its vehicles, posing risks to our national security. I'm not going to let that happen on my watch." Biden and other officials noted that China has imposed wide-ranging restrictions on American autos and other foreign vehicles. Commerce Secretary Gina Raimondo said connected cars "are like smart phones on wheels" and pose a serious national security risk.

An anonymous reader quotes a report from Ars Technica: GitHub is struggling to contain an ongoing attack that's flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency from developer devices, researchers said. The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories, meaning the source code is copied so developers can use it in an independent project that builds on the original one. The result is millions of forks with names identical to the original one that add a payload that's wrapped under seven layers of obfuscation. To make matters worse, some people, unaware of the malice of these imitators, are forking the forks, which adds to the flood.

"Most of the forked repos are quickly removed by GitHub, which identifies the automation," Matan Giladi and Gil David, researchers at security firm Apiiro, wrote Wednesday. "However, the automation detection seems to miss many repos, and the ones that were uploaded manually survive. Because the whole attack chain seems to be mostly automated on a large scale, the 1% that survive still amount to thousands of malicious repos." Given the constant churn of new repos being uploaded and GitHub's removal, it's hard to estimate precisely how many of each there are. The researchers said the number of repos uploaded or forked before GitHub removes them is likely in the millions. They said the attack "impacts more than 100,000 GitHub repositories." GitHub issued the following statement: "GitHub hosts over 100M developers building across over 420M repositories, and is committed to providing a safe and secure platform for developers. We have teams dedicated to detecting, analyzing, and removing content and accounts that violate our Acceptable Use Policies. We employ manual reviews and at-scale detections that use machine learning and constantly evolve and adapt to adversarial tactics. We also encourage customers and community members to report abuse and spam."

An anonymous reader quotes a report from The Independent: Wildfires sweeping across Texas briefly forced the evacuation of America's main nuclear weapons facility as strong winds, dry grass and unseasonably warm temperatures fed the blaze. Pantex Plant, the main facility that assembles and disassembles America's nuclear arsenal, shut down its operations on Tuesday night as the Windy Deuce fire roared towards the Potter County location. Pantex re-opened and resumed operations as normal on Wednesday morning. Pantex is about 17 miles (27.36 kilometers) northeast of Amarillo and some 320 miles (515 kilometers) northwest of Dallas. Since 1975 it has been the US's main assembly and disassembly site for its atomic bombs. It assembled the last new bomb in 1991. "We have evacuated our personnel, non-essential personnel from the site, just in an abundance of caution," said Laef Pendergraft, a spokesperson for National Nuclear Security Administration's Production Office at Pantex. "But we do have a well-equipped fire department that has trained for these scenarios, that is on-site and watching and ready should any kind of real emergency arise on the plant site."

As part of its IPO filing with the SEC, Reddit disclosed that it has invested some of its excess cash in bitcoin, ether and Polygon. From a report: Based on the document, the firm now holds BTC and ETH in its balance sheet. Notably, Reddit filing came as part of the IPO registration statement with the SEC. Apart from ETH and BTC, the filing revealed Reddit's investment in Polygon (MATIC). According to the document, the social media platform plans to use both Ether and Polygon as a form of payment for digital goods. Further, Reddit noted that the amount of Polygon and Ethereum from virtual goods is currently immaterial. However, it indicated the possibility of a continuous addition of Bitcoin and Ethereum to its treasury. Also, it plans to keep trying out its passion for virtual goods. Moreover, the document revealed that Reddit made the investments using some of its excess cash reserves. However, the firm didn't disclose details of the crypto investments it made.

Reddit's filing document revealed why the popular social media platform dabbled into crypto. According to the firm, it holds Bitcoin and Ethereum to enable its engineering and product teams to use them. Further, it cited the present regulatory stance that suggests these two assets are potentially non-securities under US laws. Also, Reddit disclosed its plans to expand its crypto holding by including other digital assets in its balance sheet. However, it highlighted that such a move will depend on future regulations that exempt crypto as a security.

San Francisco will vote next week on a divisive ballot measure that would authorize police to use surveillance cameras, drones and AI-powered facial recognition as the city struggles to restore a reputation tarnished by street crime and drugs. From a report: The Safer San Francisco initiative, formally called Proposition E, is championed by Mayor London Breed who believes disgruntled citizens will approve the proposal on Tuesday. Although technology fueled the Silicon Valley-adjacent city's decades-long boom, residents have a history of being deeply suspicious. In 2019, San Francisco, known for its progressive politics, became the first large U.S. city to ban government use of facial recognition due to concerns about privacy and misuse.

Breed, who is running for re-election in November, played down the potential for abuse under the ballot measure, saying safeguards are in place. "I get that people are concerned about privacy rights and other things, but technology is all around us," she said in an interview. "It's coming whether we want it to or not. And everyone is walking around with AI in their hands with their phones, recording, videotaping," Breed said. Critics of the proposal contend it could hurt disadvantaged communities and lead to false arrests, arguing surveillance technology requires greater oversight.

President Joe Biden will issue an executive order on Wednesday aimed at curbing foreign governments' ability to buy Americans' sensitive personal information such as heath and geolocation data, according to senior US officials. From a report: The move marks a rare policy effort to address a longstanding US national security concern: the ease with which anyone, including a foreign intelligence services, can legally buy Americans' data and then use the information for espionage, hacking and blackmail. The issue, a senior Justice Department official told reporters this week, is a "growing threat to our national security."

The executive order will give the Justice Department the authority to regulate commercial transactions that "pose an unacceptable risk" to national security by, for example, giving a foreign power large-scale access to Americans' personal data, the Justice Department official said. The department will also issue regulations that require better protection of sensitive government information, including geolocation data on US military members, according to US officials. A lot of the online trade in personal information runs through so-called data brokers, which buy information on people's Social Security numbers, names, addresses, income, employment history and criminal background, as well as other items.

"Countries of concern, such as China and Russia, are buying Americans' sensitive personal data from data brokers," a separate senior administration official told reporters. In addition to health and location data, the executive order is expected to cover other sensitive information like genomic and financial data. Administration officials told reporters the new executive order would be applied narrowly so as not to hurt business transactions that do not pose a national security risk. The White House's press release.

Tontoman shares a report: The White House Office of the National Cyber Director (ONCD) urged tech companies to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. Such vulnerabilities are coding errors or weaknesses within software that can lead to memory management issues when memory can be accessed, written, allocated, or deallocated. They occur when software accesses memory in unintended or unsafe ways, resulting in various security risks and issues like buffer overflow, use after free, use of uninitialized memory, and double free that attackers can exploit.

Successful exploitation carries severe risks, potentially enabling threat actors to gain unauthorized access to data or execute malicious code with the privileges of the system owner. "For over 35 years, this same class of vulnerability has vexed the digital ecosystem. The challenge of eliminating entire classes of software vulnerabilities is an urgent and complex problem. Looking forward, new approaches must be taken to mitigate this risk," ONCD's report says. "The highest leverage method to reduce memory safety vulnerabilities is to secure one of the building blocks of cyberspace: the programming language. Using memory safe programming languages can eliminate most memory safety errors."

Nintendo has filed a 41-page lawsuit against the makers of Yuzu, an open-source Nintendo Switch emulator, accusing them of "facilitating piracy at a colossal scale." Polygon reports: Yuzu is a free emulator that was released in 2018 months after the Nintendo Switch originally launched. The same folks who made Citra, a Nintendo 3DS emulator, made this one. Basically, it's a piece of software that lets people play Nintendo Switch games on Windows PC, Linux, and Android devices. (It also runs on Steam Deck, which Valve showed -- then wiped -- in a Steam Deck video clip.) Emulators aren't necessarily illegal, but pirating games to play on them is. But Nintendo said in its lawsuit that there's no way to legal way to use Yuzu.

Nintendo argued that Yuzu executes codes that "defeat" Nintendo's security measures, including decryption using "an illegally-obtained copy of prod.keys." "In other words, without Yuzu's decryption of Nintendo's encryption, unauthorized copies of games could not be played on PCs or Android devices," Nintendo wrote in the lawsuit. As to the alleged damages created by Yuzu, Nintendo pointed to the release of The Legend of Zelda: Tears of the Kingdom. Tears of the Kingdom leaked almost two weeks earlier than the game's May 12 release date. The pirated version of the game spread quickly; Nintendo said it was downloaded more than 1 million times before Tears of the Kingdom's release date. People used Yuzu to play the game; Nintendo said more than 20% of download links pointed people to Yuzu.

Though Yuzu doesn't give out pirated copies of games, Nintendo repeatedly said that most ROM sites point people toward Yuzu to play whatever games they've downloaded. Nintendo said its "expended significant resources to stop the illegal copying, marketing, sale, and distribution" of its Nintendo Switch games. It says that Yuzu earns the team $30,000 per month on its Patreon from more than 7,000 patrons. Nintendo said the company has earned at least $50,000 in paid Yuzu downloads. Nintendo said that Yuzu's Patreon doubled its paid members in the period between May 1 and May 12, when Tears of the Kingdom was released. Nintendo is asking the court to shut down the emulator, and for damages.

An anonymous reader quotes a report from Ars Technica: The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they've been hacked and are being used to conceal ongoing malicious operations by Russian state hackers. The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses.

"In summary, with root access to compromised Ubiquiti EdgeRouters, APT28 actors have unfettered access to Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns," FBI officials wrote in an advisory Tuesday. APT28 -- one of the names used to track a group backed by the Russian General Staff Main Intelligence Directorate known as GRU -- has been doing just for at least the past four years, the FBI has alleged. Earlier this month, the FBI revealed that it had quietly removed Russian malware from routers in US homes and businesses. The operation, which received prior court authorization, went on to add firewall rules that would prevent APT28 -- also tracked under names including Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit -- from being able to regain control of the devices.

On Tuesday, FBI officials noted that the operation only removed the malware used by APT28 and temporarily blocked the group using its infrastructure from reinfecting them. The move did nothing to patch any vulnerabilities in the routers or to remove weak or default credentials hackers could exploit to once again use the devices to surreptitiously host their malware. "The US Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers," they warned. "However, owners of relevant devices should take the remedial actions described below to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises."

Those actions include:

- Perform a hardware factory reset to remove all malicious files
- Upgrade to the latest firmware version
- Change any default usernames and passwords
- Implement firewall rules to restrict outside access to remote management services

Amazon has issued an update to Fire TV streaming devices and televisions that has broken apps that let users bypass the Fire OS home screen. From a report: The tech giant claims that its latest Fire OS update is about security but has refused to detail any potential security concerns. Users and app developers have reported that numerous apps that used to work with Fire TV devices for years have suddenly stopped working. As first reported by AFTVnews, the update has made apps unable to establish local Android Debug Bridge (ADB) connections and execute ADB commands with Fire TV devices.

The update, Fire OS 7.6.6.9, affects several Fire OS-based TVs, including models from TCL, Toshiba, Hisense, and Amazon's Fire TV Omni QLED Series. Other devices running the update include Amazon's first Fire TV Stick 4K Max, the third-generation Fire TV Stick, as well as the third and second-generation Fire TV Cubes and the Fire TV Stick Lite. A code excerpt shared with AFTVnews by what the publication described as an "affected app developer," which you can view here, shows a line of code indicating that Fire TVs would not be allowed to make ADB connections with a local device or app. As pointed out by AFTVnews, such apps have been used by Fire TV modders for abilities like clearing installed apps' cache and using a different home screen than the Fire OS default.

An anonymous reader shares a report: Microsoft is already testing Windows 11 24H2, this fall's big new Windows release. The company has already demonstrated a few new features, like 80Gbps USB4 support and Sudo for Windows, and the new version could also give a significant refresh to the Windows installer for the first time since the Windows Vista days. But there's one big update you might not notice at all. Late last week, Microsoft released "servicing updates" with no new features to Windows Insiders in the Dev and Canary channels. The updates were "designed to test [Microsoft's] servicing pipeline for Windows 11." It's pretty common for Insiders to get these kinds of updates-that-exist-only-to-test-the-update-process, but the twist here is that PCs with Virtualization Based Security (VBS) enabled could apply the update without rebooting.

Sources speaking to Windows Central say this isn't a fluke -- Microsoft reportedly intends to use a Windows Server feature called hotpatching to deliver more Windows 11 security updates without requiring a reboot, making it easier to stay up to date without disrupting whatever you're doing. You'll still need to reboot "every few months" -- Microsoft's documentation says a reboot is needed roughly once every three months, though it can happen more often than that for unanticipated zero-day patches and others that can't be fixed via hotpatching. The Arm versions of Windows 11 also won't get the feature for another year or so, according to Windows Central.

The U.S. and several international partners endorsed shared principles for developing 6G wireless communication systems, the White House said Monday. From a report: A battle is underway to influence the standards of 6G amid concerns by Western countries and their allies that authoritarian regimes could gain further control over Internet in their countries. Policies around wireless communications influence economic-growth and national security, fueling the race between the U.S. and China -- which claimed earlier this month that it had launched the world's first satellite "to test 6G architecture," per state media.

The governments of the U.S., Australia, Canada, the Czech Republic, Finland, France, Japan, South Korea, Sweden and the U.K. released a joint statement saying that by working together, "we can support open, free, global, interoperable, reliable, resilient, and secure connectivity." They laid out principles including using systematic approaches to cybersecurity, being protective of privacy and creating technologies that are widely available and accessible to developing nations.

An anonymous reader quotes a report from The Guardian: A global coalition of democracies is being formed to protect their societies from disinformation campaigns by foreign governments, the US special envoy on the issue has said. James Rubin, the special envoy for non-state propaganda and disinformation efforts at the US state department's global engagement centre (GEC), said the coalition hoped to agree on "definitions for information manipulation versus plain old opinions that other governments are entitled to have even if we disagree with them." The US, UK and Canada have already signed up to a formal framework agreement, and Washington hopes more countries will join.

The GEC focuses solely on disinformation by foreign powers. Apart from trying to develop global strategies, it works to expose specific covert disinformation operations, such as a Russian operation in Africa to discredit US health services. The US, UK and Canada signed the framework to counter foreign state manipulation this month with the aim of addressing disinformation as a national security threat that requires coordinated government and civil society responses. "Now is the time for a collective approach to the foreign information manipulation threat that builds a coalition of like-minded countries committed to strengthening resilience and response to information manipulation," the framework says. It also encourages information-sharing and joint data analysis tools to identify covert foreign disinformation.

A hugely experienced US official and journalist who has worked with diplomats such as Madeleine Albright in the past, Rubin admitted his first year as special envoy had been one of his most intellectually taxing because of the complex definitions surrounding disinformation. In the continuum between hostile opinion and disinformation, he has tried to identify where and how governments can intervene without limiting free speech. The principle on which he has alighted is deception by foreign powers. "In principle every government should be free to convey their views, but they should have to admit who they are," he said an interview. "We want to promote more fact-based information, but at the same time find ways to label those information operations that are generated by the Chinese government or the Kremlin but to which they don't admit. "In the end that is all I know we can do right now without interfering with a free press. We are not asking for such covert disinformation to be taken down but a way to be found for the source to be labelled."

wiredmikey writes: The LockBit ransomware operators launched a new leak site over the weekend, claiming they restored their infrastructure following a law enforcement takedown and invited affiliates to re-join the operation.



Over the weekend, an individual involved with the RaaS, who uses the moniker of "LockBitSupp", launched a new leak site that lists hundreds of victim organizations and which contains a long message providing his view on the takedown.

Fast Company notes that "the deadly impacts of Pegasus and other cyberweapons — wielded by governments from Spain to Saudi Arabia against human rights defenders, journalists, lawyers and others — is by now well documented. A wave of scrutiny and sanctions have helped expose the secretive, quasi-legal industry behind these tools, and put financial strain on firms like Israel's NSO Group, which builds Pegasus.

"And yet business is booming." New research published this month by Google and Meta suggest that despite new restrictions, the cyberattack market is growing, and growing more dangerous, aiding government violence and repression and eroding democracy around the globe.

"The industry is thriving," says Maddie Stone, a researcher at Google's Threat Analysis Group (TAG) who hunts zero-day exploits, the software bugs that have yet to be fixed and are worth potentially hundreds of millions to spyware sellers. "More companies keep popping up, and their government customers are determined to buy from them, and want these capabilities, and are using them." For the first time, half of known zero-days against Google and Android products now come from private companies, according to a report published this month by Stone's team at Google. Beyond prominent firms like NSO and Candiru, Google's researchers say they are tracking about 40 companies involved in the creation of hacking tools that have been deployed against "high risk individuals."

Of the 72 zero-day exploits Google discovered in the wild between 2014 and last year, 35 were attributed to these and other industry players, as opposed to state-backed actors. "If governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over," reads the report.

The Google findings and a spyware-focused threat report published by Meta a week later reflect an increasingly tough response by Big Tech to an industry that profits from breaking into its systems. The reports also put new pressure on the US and others to take action against the mostly unregulated industry.
"In its report, Google describes a 'rise in turnkey espionage solutions' offered by dozens of shady companies..."

Thanks to Slashdot reader tedlistens for sharing the article.

"One London resident watched on CCTV as a thief walked up to his £40,000 car and drove away," reports the Observer. "Now manufacturers say they are being drawn in to a hi-tech 'arms race' with criminals." [H]i-tech devices disguised as handheld games consoles are being traded online for thousands of pounds and are used by organised crime gangs to mimic the electronic key on an Ioniq 5, opening the doors and starting the engine. The device, known as an "emulator", works by intercepting a signal from the car, which is scanning for the presence of a legitimate key, and sending back a signal to gain access to the vehicle...

Hyundai says it is looking at measures to prevent the use of emulators "as a priority". But it is not the only carmaker whose vehicles appear to be vulnerable. An Observer investigation found that models by Toyota, Lexus and Kia have also been targeted... British motorists now face an increase in the number of thefts and rising insurance premiums... Car thefts are at their highest level for a decade in England and Wales, rising from 85,803 vehicles in the year to March 2012 to 130,270 in the year to March 2023 — an increase of more than 50%. Part of the reason, say experts, is the rise of keyless entry...

Kia did not respond to a request for comment. A spokesperson for Toyota, which owns Lexus, said: "Toyota and Lexus are continuously working on developing technical solutions to make vehicles more secure. Since introducing enhanced security hardware on the latest versions of a number of models, we have seen a significant drop-off in thefts. For older models we are currently developing solutions."
Another common attack requires entry to the vehicle first, according to the article, but then uses the vehicle's onboard diagnostic port to program "a new key linked to the vehicle..."

"Many owners of Ioniq 5s, which sell from around £42,000, now use steering locks to deter thieves."

Two days after an international team of authorities struck a major blow to LockBit, one of the Internet's most prolific ransomware syndicates, researchers have detected a new round of attacks that are installing malware associated with the group. From a report: The attacks, detected in the past 24 hours, are exploiting two critical vulnerabilities in ScreenConnect, a remote desktop application sold by Connectwise. According to researchers at two security firms -- SophosXOps and Huntress -- attackers who successfully exploit the vulnerabilities go on to install LockBit ransomware and other post-exploit malware. It wasn't immediately clear if the ransomware was the official LockBit version.

"We can't publicly name the customers at this time but can confirm the malware being deployed is associated with LockBit, which is particularly interesting against the backdrop of the recent LockBit takedown," John Hammond, principal security researcher at Huntress, wrote in an email. "While we can't attribute this directly to the larger LockBit group, it is clear that LockBit has a large reach that spans tooling, various affiliate groups, and offshoots that have not been completely erased even with the major takedown by law enforcement." Hammond said the ransomware is being deployed to "vet offices, health clinics, and local governments (including attacks against systems related to 911 systems)." Further reading: US Offers Up To $15 Million For Information on LockBit Leaders.

U.S. health insurance giant UnitedHealth Group said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised likely by government-backed hackers. From a report: In a filing Thursday, UHG blamed the ongoing cybersecurity incident affecting Change Healthcare on suspected nation state hackers but said it had no timeframe for when its systems would be back online. UHG did not attribute the cyberattack to a specific nation or government, or cite what evidence it had to support its claim.

Change Healthcare provides patient billing across the U.S. healthcare system. The company processes billions of healthcare transactions annually and claims it handles around one-in-three U.S. patient records, amounting to around a hundred million Americans. The cyberattack began early Wednesday, according to the company's incident tracker.

An anonymous reader quotes a report from CNN Business: AT&T's network went down for many of its customers across the United States Thursday morning, leaving customers unable to place calls, text or access the internet. By a little after 3 pm ET, roughly 11 hours after reports of the outage first emerged, the company said that it had restored service to all impacted customers. "We have restored wireless service to all our affected customers. We sincerely apologize to them," AT&T said in a statement. The company added that it is "taking steps to ensure our customers do not experience this again in the future."

The Federal Communications Commission confirmed Thursday afternoon that it is investigating the outage. The White House says federal agencies are in touch with AT&T about network outages but that it doesn't have all the answers yet on what exactly led to the interruptions. Although Verizon and T-Mobile customers reported some network outages, too, they appeared far less widespread. T-Mobile and Verizon said their networks were unaffected by AT&T's service outage and customers reporting outages may have been unable to reach customers who use AT&T.

Thursday morning, more than 74,000 AT&T customers reported outages on digital-service tracking site DownDetector, with service disruptions beginning around 4 am ET. That's not a comprehensive number: It tracks only self-reported outages. Reports had been rising steadily throughout the morning but leveled off in the 9 am ET hour. By 12:30 pm ET, the DownDetector data showed some 25,000 AT&T customers still reporting outages. By 2 pm ET, fewer than 5,000 customers were still reporting issues. Earlier Thursday, AT&T acknowledged that it had a widespread outage but did not provide a reason for the system failure. By late morning, AT&T said most of its network was back online, and it confirmed Thursday afternoon that service was fully restored. According to an anonymous industry source, the issue for the outage appears to be related to how cellular services hand off calls from one network to the next, a process known as peering. They said there's no indication that it was the result of a cyberattack or other malicious activity.

The FCC confirmed that it is investigating the incident. "We are aware of the reported wireless outages, and our Public Safety and Homeland Security Bureau is actively investigating," the FCC said in a statement posted on X. "We are in touch with AT&T and public safety authorities, including FirstNet, as well as other providers."