A recent indictment (PDF) of an Alaska man stands out due to the sophisticated use of multiple encrypted communication tools, privacy-focused apps, and dark web technology. "I've never seen anyone who, when arrested, had three Samsung Galaxy phones filled with 'tens of thousands of videos and images' depicting CSAM, all of it hidden behind a secrecy-focused, password-protected app called 'Calculator Photo Vault,'" writes Ars Technica's Nate Anderson. "Nor have I seen anyone arrested for CSAM having used all of the following: [Potato Chat, Enigma, nandbox, Telegram, TOR, Mega NZ, and web-based generative AI tools/chatbots]." An anonymous reader shares the report: According to the government, Seth Herrera not only used all of these tools to store and download CSAM, but he also created his own -- and in two disturbing varieties. First, he allegedly recorded nude minor children himself and later "zoomed in on and enhanced those images using AI-powered technology." Secondly, he took this imagery he had created and then "turned to AI chatbots to ensure these minor victims would be depicted as if they had engaged in the type of sexual contact he wanted to see." In other words, he created fake AI CSAM -- but using imagery of real kids.

The material was allegedly stored behind password protection on his phone(s) but also on Mega and on Telegram, where Herrera is said to have "created his own public Telegram group to store his CSAM." He also joined "multiple CSAM-related Enigma groups" and frequented dark websites with taglines like "The Only Child Porn Site you need!" Despite all the precautions, Herrera's home was searched and his phones were seized by Homeland Security Investigations; he was eventually arrested on August 23. In a court filing that day, a government attorney noted that Herrera "was arrested this morning with another smartphone -- the same make and model as one of his previously seized devices."

The government is cagey about how, exactly, this criminal activity was unearthed, noting only that Herrera "tried to access a link containing apparent CSAM." Presumably, this "apparent" CSAM was a government honeypot file or web-based redirect that logged the IP address and any other relevant information of anyone who clicked on it. In the end, given that fatal click, none of the "I'll hide it behind an encrypted app that looks like a calculator!" technical sophistication accomplished much. Forensic reviews of Herrera's three phones now form the primary basis for the charges against him, and Herrera himself allegedly "admitted to seeing CSAM online for the past year and a half" in an interview with the feds.

An anonymous reader quotes a report from Ars Technica: A controversial bill aimed at enforcing safety standards for large artificial intelligence models has now passed the California State Assembly by a 45-11 vote. Following a 32-1 state Senate vote in May, SB-1047 now faces just one more procedural state senate vote before heading to Governor Gavin Newsom's desk. As we've previously explored in depth, SB-1047 asks AI model creators to implement a "kill switch" that can be activated if that model starts introducing "novel threats to public safety and security," especially if it's acting "with limited human oversight, intervention, or supervision." Some have criticized the bill for focusing on outlandish risks from an imagined future AI rather than real, present-day harms of AI use cases like deep fakes or misinformation. [...]

If the Senate confirms the Assembly version as expected, Newsom will have until September 30 to decide whether to sign the bill into law. If he vetoes it, the legislature could override with a two-thirds vote in each chamber (a strong possibility given the overwhelming votes in favor of the bill). At a UC Berkeley Symposium in May, Newsom said he worried that "if we over-regulate, if we overindulge, if we chase a shiny object, we could put ourselves in a perilous position." At the same time, Newsom said those over-regulation worries were balanced against concerns he was hearing from leaders in the AI industry. "When you have the inventors of this technology, the godmothers and fathers, saying, 'Help, you need to regulate us,' that's a very different environment," he said at the symposium. "When they're rushing to educate people, and they're basically saying, 'We don't know, really, what we've done, but you've got to do something about it,' that's an interesting environment." Supporters of the AI safety bill include state senator Scott Weiner and AI experts including Geoffrey Hinton and Yoshua Bengio. Bengio supports the bill as a necessary step for consumer protection and insists that AI should not be self-regulated by corporations, akin to other industries like pharmaceuticals and aerospace.

Stanford professor Fei-Fei Li opposes the bill, arguing that it could have harmful effects on the AI ecosystem by discouraging open-source collaboration and limiting academic research due to the liability placed on developers of modified models. A group of business leaders also sent an open letter Wednesday urging Newsom to veto the bill, calling it "fundamentally flawed."

Google says it has evidence that Russian government hackers are using exploits that are "identical or strikingly similar" to those previously made by spyware makers Intellexa and NSO Group. From a report: In a blog post on Thursday, Google said it is not sure how the Russian government acquired the exploits, but said this is an example of how exploits developed by spyware makers can end up in the hands of "dangerous threat actors." In this case, Google says the threat actors are APT29, a group of hackers widely attributed to Russia's Foreign Intelligence Service, or the SVR. APT29 is a highly capable group of hackers, known for its long-running and persistent campaigns aimed at conducting espionage and data theft against a range of targets, including tech giants Microsoft and SolarWinds, as well as foreign governments.

Google said it found the hidden exploit code embedded on Mongolian government websites between November 2023 and July 2024. During this time, anyone who visited these sites using an iPhone or Android device could have had their phone hacked and data stolen, including passwords, in what is known as a "watering hole" attack. The exploits took advantage of vulnerabilities in the iPhone's Safari browser and Google Chrome on Android that had already been fixed at the time of the suspected Russian campaign. Still, those exploits nevertheless could be effective in compromising unpatched devices.

According to a new survey from Bitkom, cybercrime and other acts of sabotage have cost German companies around $298 billion in the past year, up 29% on the year before. Reuters reports: Bitkom surveyed around 1,000 companies from all sectors and found that 90% expect more cyberattacks in the next 12 months, with the remaining 10% expecting the same level of attacks. Some 70% of companies that were targeted attributed the attacks to organised crime, the survey found, adding 81% of companies reported data theft, including customer data, access data and passwords, as well as intellectual property such as patents. Around 45% of companies said they could attribute at least one attack to China, up from 42% in the previous year. Attacks blamed on Russia came in second place at 39%.

The increase in attacks has prompted companies to allocate 17% of their IT budget to digital security, up from 14% last year, but only 37% said they had an emergency plan to react to security incidents in their supply chain, the survey showed.

snydeq writes: CSO Online's Sarah Wiedemar reports on a rising trend in the Russia cybersecurity community: bug bounty programs, which the researcher says could have far-reaching implications as the bounty ecosystem matures. From the report: "Given the current uncertainty that Russian bug bounty hunters and vulnerability researchers are facing when dealing with Western bug bounty programs, Russian IT companies have begun to fill that vacuum. [...] Russian bug bounty platforms have a high probability for substantial growth in the next few years. They provide a credible Western alternative not only to Russian hackers, but also for all other vulnerability researchers located in countries that could potentially face international financial sanctions in the future.

From a Western perspective, a potential problematic development could be that Russian hackers decide to sell vulnerabilities found in Western products to Russian zero-day acquisition companies such as Operation Zero. Thus, instead of reporting them to Western bug bounty platforms for free, they sell to the highest bidder. Those zero-day acquisition companies in turn sell them on to Russian law enforcement and security agencies, which could lead to increased espionage campaigns in Western countries. Western policy makers would do well to keep an eye on the evolution of Russia's bug bounty ecosystem." Although bug bounty programs have existed in Russia since 2012, they weren't widely adopted due to distrust from the government and dominance of Western platforms. Recently, new platforms like Bug Bounty RU, Standoff 365, and BI.ZONE have emerged, attracting thousands of bug hunters and major Russian companies. "In 2023, the total number of bug hunters on these platforms amounted to 20,000 people," notes Wiedemar. The Russian government has also begun participating, launching programs for 10 of its e-government systems.

However, legal ambiguities remain, as ethical hacking is still considered illegal in Russia, with potential prison sentences. Despite this, there are ongoing legislative efforts to legalize ethical hacking, alongside broader government initiatives to enhance cybersecurity, including increased fines for data breaches and the potential creation of a cybersecurity agency akin to the US CISA.

Apple announced that CFO Luca Maestri will step down at the start of next year, transitioning to head of its corporate services team to lead "information systems and technology, information security, and real estate and development." Kevan Parekh will take over as CFO. The Verge reports: Maestri joined Apple in 2013 after serving as the CFO of Xerox. He became the CFO just one year later, replacing Peter Oppenheimer. CNBC notes that when he took over, Apple's annual revenue was $183 billion, and last year, it reached $383 billion. Apple also announced an expansion to its share repurchase program to $90 billion, which Maestri would oversee.

This spring, Apple announced it would increase the amount from $90 billion to $110 billion, breaking its own record of $100 billion. It also reported an increase in revenue from its services business of 14 percent, even as sales of iPhones and iPads were down from the previous year. In Apple's announcement, it said, "...Maestri enabled essential investments and practiced robust financial discipline, which together helped the company more than double its revenue, with services revenue growing more than five times."

Kevan Parekh, Apple's vice president of financial planning and analysis, will take Maestri's place managing the finances of the now $3 trillion company. Parekh has been at Apple for 11 years and previously worked in senior leadership positions at Thomson Reuters and General Motors. Last week, Apple announced that it's splitting its App Store group into two teams, with App Store vice president Matt Fischer leaving the role in October.

The state-sponsored Chinese hacking campaign known as Volt Typhoon is exploiting a bug in a California-based startup to hack American and Indian internet companies, according to security researchers. From a report: Volt Typhoon has breached four US firms, including internet service providers, and another in India through a vulnerability in a Versa Networks server product, according to Lumen's unit Black Lotus Labs. Their assessment, much of which was published in a blog post on Tuesday, found with "moderate confidence" that Volt Typhoon was behind the breaches of unpatched Versa systems and said exploitation was likely ongoing.

Versa, which makes software that manages network configurations and has attracted investment from Blackrock and Sequoia Capital, announced the bug last week and offered a patch and other mitigations. The revelation will add to concerns over the susceptibility of US critical infrastructure to cyberattacks. The US this year accused Volt Typhoon of infiltrating networks that operate critical US services, including some of the country's water facilities, power grid and communications sectors, in order to cause disruptions during a future crisis, such as an invasion of Taiwan.

An anonymous reader quotes a report from Bloomberg: People in a quiet neighborhood in Carthage, a town in Moore County, North Carolina, heard a series of six loud pops a few minutes before 8:00 p.m. on Dec. 3, 2022. A resident named Michael Campbell said he ducked at the sound. Another witness told police they thought they were hearing fireworks. The noise turned out to be someone shooting a rifle at a power substation next door to Campbell's home. The substation, operated by the utility Duke Energy Corp., consists of equipment that converts electricity into different voltages as it's transported to the area and then steered into individual houses. The shots hit the radiator of an electrical transformer, a sensitive piece of technology whose importance would likely be understood only by utility company employees. It began dumping a "vast amount" of oil, according to police reports. A subsequent investigation has pointed to a local right-wing group, one of a wave of attacks or planned attacks on power infrastructure.

By 8:10 the lights in Carthage went out. Minutes later, a security alarm went off at a Duke Energy substation 10 miles away, this one protected from view by large pine trees. When company personnel responded, they found that someone had shot its transformer radiator, too. Police found shell casings on the ground at the site and noticed someone had slashed the tires on nearby service trucks. The substations were designed to support each other, with one capable of maintaining service if the other went down. Knocking out both facilities prevented the company from rerouting power. Police described the two incidents as a coordinated attack. About 45,000 families and businesses remained dark for four days. This was a burden for area grocery stores and local emergency services. One woman, 87-year-old Karin Zoanelli, died in the hours after the shooting when the blackout caused her oxygen machine to stop operating. The North Carolina Medical Examiner's office classified the death as a homicide.

The attack on Duke's facilities in Moore County remains unsolved, but law enforcement officials and other experts suspect it's part of a rising trend of far-right extremists targeting power infrastructure in an attempt to sow chaos. The most ambitious of these saboteurs hope to usher in societal collapse, paving the way for the violent overthrow of the US government, according to researchers who monitor far-right communities. Damaging the power grid has long been a fixation of right-wing extremists, who have plotted such attacks for many years. They've been getting a boost recently from online venues such as "Terrorgram," a loose network of channels on the social media platform Telegram where users across the globe advocate violent white supremacism. In part, people use Terrorgram to egg one another on -- a viral meme shows a stick figure throwing a Molotov cocktail at electrical equipment. People on the forum have also seized on recent anti-immigration riots in the UK, inciting people there to clash with police. In June 2022, months before the Moore County shootings, users on the forum began offering more practical support in the form of a 261-page document titled "Hard Reset," which includes specific directions on how to use automatic weapons, explosives and mylar balloons to disrupt electricity. One of the document's suggestions is to shoot high-powered firearms at substation transformers.

The Register's Iain Thomson reports: The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General. Drives containing national security data, Foreign Intelligence Surveillance Act information and documents classified as Secret were routinely unlabeled, opening the potential for it to be either lost or stolen, the report [PDF] addressed to FBI Director Christopher Wray states. Ironically, this lack of identification might be considered a benefit, given the lax security at the FBI's facility used to destroy such media after they have been finished with.

The OIG report notes that it found boxes of hard drives and removable storage sitting open and unattended for "days or even weeks" because they were only sealed once the boxes were full. This potentially allows any of the 395 staff and contractors with access to the facility to have a rummage around. To deal with this, the FBI is installing wire cages to lock away storage media. In December, the bureau said it would install a video surveillance system at the evidence destruction storage facility to tighten security. As of June this year, it was still processing the paperwork to do so. The OIG also found that FBI agents aren't tracking hard drives and removable storage sent into the central office and the destruction facility. Typically, seized computers are tagged for tracking, but as a cost-saving measure, agents are advised to send in media storage devices containing national security information without the chassis. While there is a requirement to tag removable storage, there isn't the same requirement for internal hard drives. [...]

The FBI has assured the regulator that it has the problem in hand and has drafted a Physical Control and Destruction of Classified and Sensitive Electronic Devices and Material Policy Directive, which will require data to be marked up and destroyed safely. The agency says this policy is in the final editing stage and will be issued as soon as possible.

An anonymous reader shares a report: OpenAI lacks advanced security and customer support. It's just a research company, not an established cloud provider. The ChatGPT-maker is not focused enough on corporate customers. These are just some of the talking points Amazon Web Services' salespeople are told to follow when dealing with customers using, or close to buying, OpenAI's products, according to internal sales guidelines obtained by Business Insider. Other talking points from the documents include OpenAI's lack of access to third-party AI models and weak enterprise-level contracts. AWS salespeople should dispel the hype around AI chatbots like ChatGPT, and steer the conversation toward AWS's strength of running the cloud infrastructure behind popular AI services, the guidelines added.

[...] The effort to criticize OpenAI is also unusual for Amazon, which often says it's so customer-obsessed that it pays little attention to competitors. This is the latest sign that suggests Amazon knows it has work to do to catch up in the AI race. OpenAI, Microsoft, and Google have taken an early lead and could become the main platforms where developers build new AI products and tools. Though Amazon created a new AGI team last year, the company's existing AI models are considered less powerful than those made by its biggest competitors. Instead, Amazon has prioritized selling AI tools like Bedrock, which gives customers access to third-party AI models. AWS also offers cloud access to in-house AI chips that compete with Nvidia GPUs, with mixed results so far.

This weekend NASA said they'd turn to SpaceX to return two astronauts from the International Space Station, notes the Associated Press, "rather than risk using the Boeing Starliner capsule that delivered them." (They add that Boeing's capsule "has been plagued by problems with its propulsion system.")

But Reuters reported that even before the setback, Boeing and Lockheed Martin were "in talks to sell their rocket-launching joint venture United Launch Alliance to Sierra Space, two people familiar with the discussions said." A deal to sell ULA, a major provider of launch services to the U.S. government and a top rival to Elon Musk's SpaceX, would mark a significant shift in the U.S. space launch industry as ULA separates from two of the largest defense contractors to a smaller, privately held firm.

The potential sale comes after years of speculation about ULA's future and failed attempts to divest the joint venture over the past decade. In 2019, Boeing and Lockheed Martin reportedly explored selling ULA but couldn't agree on terms with potential buyers... Jeff Bezos' Blue Origin and Cerberus Capital Management had placed bids in early 2023 for the company, according to people familiar with the negotiations. Rocket Lab had also expressed interest, two people said. None of those discussions led to a deal...

A potential deal could accelerate deployment of [Sierra Space's] crewed spaceflight business, analysts said. A ULA acquisition, they said, would give the company in-house access to launch vehicles that could send its spaceplane and space-station components into Earth's orbit, rather than spending hundreds of millions of dollars for those launches as a customer...

ULA has faced challenges in scaling Vulcan production and upping its launch rate to meet commercial demand and fulfill contract obligations with the Space Force, which in 2021 picked Vulcan for a sizable chunk of national security missions alongside SpaceX's Falcon fleet. A sale of ULA would unshackle the company from Boeing and Lockheed, whose boards have long resisted ideas from ULA to expand the business beyond rockets and into new competitive markets such as lunar habitats or maneuverable spacecraft, according to former executives.
While Reuters's sources say the negotiations could still end without a deal, they also said ULA could be valued between $2 billion and $3 billion, giving Boeing some cash while shifting its focus to its core businesses of aerospace and defense.

Thanks to long-time Slashdot reader schwit1 for sharing the news.

SecurityWeek reports: A significant backdoor in millions of contactless cards made by China-based Shanghai Fudan Microelectronics Group allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.

French security services firm Quarkslab has made an eye-popping discovery... Although the backdoor requires just a few minutes of physical proximity to an affected card to conduct an attack, an attacker in a position to carry out a supply chain attack could execute such attacks instantaneously at scale, researcher Philippe Teuwen explained in a paper.
Thanks to Slashdot reader wiredmikey for sharing the article.

A university in Taiwan was breached with "a previously unseen backdoor (Backdoor.Msupedge) utilizing an infrequently seen technique," Symantec reports. The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic... The code for the DNS tunneling tool is based on the publicly available dnscat2 tool. It receives commands by performing name resolution... Msupedge not only receives commands via DNS traffic but also uses the resolved IP address of the C&C server (ctl.msedeapi[.]net) as a command. The third octet of the resolved IP address is a switch case. The behavior of the backdoor will change based on the value of the third octet of the resolved IP address minus seven...

The initial intrusion was likely through the exploit of a recently patched PHP vulnerability (CVE-2024-4577). The vulnerability is a CGI argument injection flaw affecting all versions of PHP installed on the Windows operating system. Successful exploitation of the vulnerability can lead to remote code execution.

Symantec has seen multiple threat actors scanning for vulnerable systems in recent weeks. To date, we have found no evidence allowing us to attribute this threat and the motive behind the attack remains unknown.
More from The Record: Compared to more obvious methods like HTTP or HTTPS tunneling, this technique can be harder to detect because DNS traffic is generally considered benign and is often overlooked by security tools. Earlier in June, researchers discovered a campaign by suspected Chinese state-sponsored hackers, known as RedJuliett, targeting dozens of organizations in Taiwan, including universities, state agencies, electronics manufacturers, and religious organizations. Like many other Chinese threat actors, the group likely targeted vulnerabilities in internet-facing devices such as firewalls and enterprise VPNs for initial access because these devices often have limited visibility and security solutions, researchers said.
Additional coverage at The Hacker News.

Thanks to Slashdot reader joshuark for sharing the article.

The nonprofit American Radio Relay League — founded in 1914 — has approximately 161,000 members, according to Wikipedia (with over 7,000 members outside the U.S.)

But sometime in early May its systems network was compromised, "by threat actors using information they had purchased on the dark web," the nonprofit announced this week. The attackers accessed the ARRL's on-site systems — as well as most of its cloud-based systems — using "a wide variety of payloads affecting everything from desktops and laptops to Windows-based and Linux-based servers." Despite the wide variety of target configurations, the threat actors seemed to have a payload that would host and execute encryption or deletion of network-based IT assets, as well as launch demands for a ransom payment, for every system... The FBI categorized the attack as "unique" as they had not seen this level of sophistication among the many other attacks, they have experience with.

Within 3 hours a crisis management team had been constructed of ARRL management, an outside vendor with extensive resources and experience in the ransomware recovery space, attorneys experienced with managing the legal aspects of the attack including interfacing with the authorities, and our insurance carrier. The authorities were contacted immediately as was the ARRL President... [R]ansom demands were dramatically weakened by the fact that they did not have access to any compromising data. It was also clear that they believed ARRL had extensive insurance coverage that would cover a multi-million-dollar ransom payment. After days of tense negotiation and brinkmanship, ARRL agreed to pay a $1 million ransom. That payment, along with the cost of restoration, has been largely covered by our insurance policy...

Today, most systems have been restored or are waiting for interfaces to come back online to interconnect them. While we have been in restoration mode, we have also been working to simplify the infrastructure to the extent possible. We anticipate that it may take another month or two to complete restoration under the new infrastructure guidelines and new standards.
ARRL's called the attack "extensive", "sophisticated", "highly coordinated" and "an act of organized crime". And tlhIngan (Slashdot reader #30335) shared this detail from BleepingComputer.

"While the organization has not yet linked the attack to a specific ransomware operation, sources told BleepingComputer that the Embargo ransomware gang was behind the breach."

Long-time Slashdot reader theodp shared this anecdote about Amazon's GenAI assistant for software development, Amazon Q: On Thursday, Amazon CEO Andy Jassy took to Twitter to boast that using Amazon Q to do Java upgrades has already saved Amazon from having to pay for 4,500 developer-years of work. ("Yes, that number is crazy but, real," writes Jassy). And Jassy says it also provided Amazon with an additional $260M in annualized efficiency gains from enhanced security and reduced infrastructure costs.

"Our developers shipped 79% of the auto-generated code reviews without any additional changes," Jassy explained. "This is a great example of how large-scale enterprises can gain significant efficiencies in foundational software hygiene work by leveraging Amazon Q."

Jassy — who FORTUNE reported had no formal training in computer science — also touted Amazon Q's Java upgrade prowess in his Letter to Shareholders earlier this year, as has Amazon in its recent SEC filings ("today, developers can save months using Q to move from older versions of Java to newer, more secure and capable ones; in the near future, Q will help developers transform their .net code as well"). Earlier this week, Business Insider reported on a leaked recording of a fireside chat in which AWS CEO Matt Garman predicted a paradigm shift in coding as a career in the foreseeable future with the prevalence of AI. According to Garman, "If you go forward 24 months from now, or some amount of time — I can't exactly predict where it is — it's possible that most developers are not coding."

Microsoft will meet with CrowdStrike and other security companies" on September 10, reports CNBC, to "discuss ways to evolve" the industry after a faulty CrowdStrike software update in July caused millions of Windows computers to crash: [An anonymous Microsoft executive] said participants at the Windows Endpoint Security Ecosystem Summit will explore the possibility of having applications rely more on a part of Windows called user mode instead of the more privileged kernel mode... Attendees at Microsoft's September 10 event will also discuss the adoption of eBPF technology, which checks if programs will run without triggering system crashes, and memory-safe programming languages such as Rust, the executive said.
Wednesday Crowdstrike argued no cybersecurity vendor could "technically" guarantee their software wouldn't cause a similar incident.

On a possibly related note, long-time Slashdot reader 278MorkandMindy shares their own thoughts: The "year of the Linux desktop" is always just around the corner, somewhat like nuclear fusion. Will Windows 11, with its general advert and telemetry BS, along with the recall feature, FINALLY push "somewhat computer literate" types like myself onto Linux?

Reuters reports that the Iranian hacking team which compromised the campaign of U.S. presidential candidate Donald Trump "is known for placing surveillance software on the mobile phones of its victims, enabling them to record calls, steal texts and silently turn on cameras and microphones, according to researchers and experts who follow the group." Known as APT42 or CharmingKitten by the cybersecurity research community, the accused Iranian hackers are widely believed to be associated with an intelligence division inside Iran's military, known as the Intelligence Organization of the Islamic Revolutionary Guard Corps or IRGC-IO. Their appearance in the U.S. election is noteworthy, sources told Reuters, because of their invasive espionage approach against high-value targets in Washington and Israel. "What makes (APT42) incredibly dangerous is this idea that they are an organization that has a history of physically targeting people of interest," said John Hultquist, chief analyst with U.S. cybersecurity firm Mandiant, who referenced past research that found the group surveilling the cell phones of Iranian activists and protesters... Hultquist said the hackers commonly use mobile malware that allows them to "record phone calls, room audio recordings, pilfer SMS (text) inboxes, take images off of a machine," and gather geolocation data...

APT42 also commonly impersonates journalists and Washington think tanks in complex, email-based social engineering operations that aim to lure their targeting into opening booby-trapped messages, which let them takeover systems. The group's "credential phishing campaigns are highly targeted and well-researched; the group typically targets a small number of individuals," said Josh Miller, a threat analyst with email security company Proofpoint. They often target anti-Iran activists, reporters with access to sources inside Iran, Middle Eastern academics and foreign-policy advisers. This has included the hacking of western government officials and American defense contractors. For example, in 2018, the hackers targeted nuclear workers and U.S. Treasury department officials around the time the United States formally withdrew from the Joint Comprehensive Plan of Action (JCPOA), said Allison Wikoff, a senior cyber intelligence analyst with professional services company PricewaterhouseCoopers.
"APT42 is still actively targeting campaign officials and former Trump administration figures critical of Iran, according to a blog post by Google's cybersecurity research team."

An anonymous reader quotes a report from Ars Technica: Amazon may be forced to meet some unionized delivery drivers at the bargaining table after a regional National Labor Relations Board (NLRB) director determined Thursday that Amazon is a joint employer of contractors hired to ensure the e-commerce giant delivers its packages when promised. This seems like a potentially big loss for Amazon, which had long argued that delivery service partners (DSPs) exclusively employed the delivery drivers, not Amazon. By rejecting its employer status, Amazon had previously argued that it had no duty to bargain with driver unions and no responsibility for alleged union busting, The Washington Post reported.

But now, after a yearlong investigation, the NLRB has issued what Amazon delivery drivers' union has claimed was "a groundbreaking decision that sets the stage for Amazon delivery drivers across the country to organize with the Teamsters." In a press release reviewed by Ars, the NLRB regional director confirmed that as a joint employer, Amazon had "unlawfully failed and refused to bargain with the union" after terminating their DSP's contract and terminating "all unionized employees." The NLRB found that rather than bargaining with the union, Amazon "delayed start times by grounding vans and not preparing packages for loading," withheld information from the union, and "made unlawful threats." Teamsters said those threats included "job loss" and "intimidating employees with security guards." [...]

Unless a settlement is reached, the NLRB will soon "issue a complaint against Amazon and prosecute the corporate giant at a trial" after finding that "Amazon engaged in a long list of egregious unfair labor practices at its Palmdale facility," Teamsters said. Apparently downplaying the NLRB determination, Amazon is claiming that the Teamsters are trying to "misrepresent what is happening here." Seemingly Amazon is taking issue with the union claiming that an NLRB determination on the merits of their case is a major win when the NLRB has yet to issue a final ruling. According to the NLRB's press release, "a merit determination is not a 'Board decision/ruling' -- it is the first step in the NLRB's General Counsel litigating the allegations after investigating an unfair labor practice charge." Sean M. O'Brien, the Teamsters general president, claimed the win for drivers unionizing not just in California but for nearly 280,000 drivers nationwide.

"Amazon drivers have taken their future into their own hands and won a monumental determination that makes clear Amazon has a legal obligation to bargain with its drivers over their working conditions," O'Brien said. "This strike has paved the way for every other Amazon worker in the country to demand what they deserve and to get Amazon to the bargaining table."

The Register's Connor Jones reports: The U.S. is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees. Georgia Institute of Technology (GIT), commonly referred to as Georgia Tech, and its contracting entity, Georgia Tech Research Corporation (GTRC), are being investigated following whistleblower reports from insiders Christopher Craig and Kyle Koza about alleged (PDF) failures to protect controlled unclassified information (CUI). The series of allegations date back to 2019 and continued for years after, although Koza was said to have identified the issues as early as 2018.

Among the allegations is the suggestion that between May 2019 and February 2020, Georgia Tech's Astrolavos Lab -- ironically a group that focuses on cybersecurity issues affecting national security -- failed to develop and implement a cybersecurity plan that complied with DoD standards (NIST 800-171). When the plan was implemented in February 2020, the lawsuit alleges that it wasn't properly scoped -- not all the necessary endpoints were included -- and that for years afterward, Georgia Tech failed to maintain that plan in line with regulations. Additionally, the Astrolavos Lab was accused of failing to implement anti-malware solutions across devices and the lab's network. The lawsuit alleges that the university approved the lab's refusal to deploy the anti-malware software "to satisfy the demands of the professor that headed the lab," the DoJ said. This is claimed to have occurred between May 2019 and December 2021. Refusing to install anti-malware solutions at a contractor like this is not allowed. In fact, it violates federal requirements and Georgia Tech's own policies, but allegedly happened anyway.

The university and the GTRC also, it is claimed, submitted a false cybersecurity assessment score in December 2020 -- a requirement for all DoD contractors to demonstrate they're meeting compliance standards. The two organizations are accused of issuing themselves a score of 98, which was later deemed to be fraudulent based on various factors. To summarize, the issue centers around the claim that the assessment was carried out on a "fictitious" environment, so on that basis the score wasn't given to a system related to the DoD contract, the US alleges. The claims are being made under the False Claims Act (FCA), which is being utilized by the Civil Cyber-Fraud Initiative (CCFI), which was introduced in 2021 to punish entities that knowingly risk the safety of United States IT systems. It's a first-of-its-kind case being pursued as part of the CCFI. All previous cases brought under the CCFI were settled before they reached the litigation stage.

Microsoft is stepping up its plans to make Windows more resilient to buggy software [non-paywalled source] after a botched CrowdStrike update took down millions of PCs and servers in a global IT outage. Financial Times: The tech giant has in the past month intensified talks with partners about adapting the security procedures around its operating system to better withstand the kind of software error that crashed 8.5mn Windows devices on July 19. Critics say that any changes by Microsoft would amount to a concession of shortcomings in Windows' handling of third-party security software that could have been addressed sooner.

Yet they would also prove controversial among security vendors that would have to make radical changes to their products, and force many Microsoft customers to adapt their software. Last month's outages -- which are estimated to have caused billions of dollars in damages after grounding thousands of flights and disrupting hospital appointments worldwide -- heightened scrutiny from regulators and business leaders over the extent of access that third-party software vendors have to the core, or kernel, of Windows operating systems. Microsoft will host a summit next month for government representatives and cyber security companies, including CrowdStrike, to discuss "improving resiliency and protecting mutual customers' critical infrastructure," Microsoft said on Friday.