Hackers Are Using SEO To Rank Malicious PDFs On Search Engines, Research Finds
An anonymous reader quotes a report from VentureBeat:
Today, researchers at security service edge provider, Netskope, published the Netskope Cloud and Threat Report: Global Cloud and Malware Trends, which found that phishing downloads rose 450% over the past 12 months, and highlighted that attackers are using search engine optimization (SEO) to rank malicious PDF files on search engines. The report's findings show that phishing attempts are constantly evolving, and attackers aren't just targeting employees through their email inboxes; they're also using popular search engines like Google and Bing. The increase in phishing attacks and the growing popularity of SEO techniques among cybercriminals highlights the need for enterprises to provide their employees with security awareness training so they're prepared to spot threats and not at risk of handing over sensitive information.
When it comes to defending against these SEO-driven attacks, [Ray Canzanese, director of Netskope's Threat Labs] highlights several methods that security teams can use to protect employees. One of the most effective is to use a solution that can decrypt and scan web traffic for malicious content. At the same time, security teams should encourage users to inspect all links they click on, and to exercise caution if the link takes them to an unfamiliar website. In the event an employee does click on a malicious PDF, they can expect to see a fake captcha at the top of the first page, followed by text on other pages. In these scenarios, users should close the file, delete it from the device and report it to the security team ASAP. Canzanese also notes that it's important for users to report malicious URLs that feature on popular search engines to help the provider unlist them from the site and prevent other users from falling victim to a scam.
San Francisco Police Are Using Driverless Cars As Mobile Surveillance Cameras
BeerFartMoron shares a report from Motherboard:
For the last five years, driverless car companies have been testing their vehicles on public roads. These vehicles constantly roam neighborhoods while laden with a variety of sensors including video cameras capturing everything going on around them in order to operate safely and analyze instances where they don't. While the companies themselves, such as Alphabet's Waymo and General Motors' Cruise, tout the potential transportation benefits their services may one day offer, they don't publicize another use case, one that is far less hypothetical: Mobile surveillance cameras for police departments.
"Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads," says a San Francisco Police department training document obtained by Motherboard via a public records request. "Investigations has already done this several times."
Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. "This is very concerning," Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them. "So when we see any police department identify AVs as a new source of evidence, that's very concerning."
As companies continue to make public roadways their testing grounds for these vehicles, everyone should understand them for what they are -- rolling surveillance devices that expand existing widespread spying technologies," said Chris Gilliard, Visiting Research Fellow at Harvard Kennedy School Shorenstein Center. "Law enforcement agencies already have access to automated license plate readers, geofence warrants, Ring Doorbell footage, as well as the ability to purchase location data. This practice will extend the reach of an already pervasive web of surveillance."
AT&T Is About To Get Away With Its Bogus $1.99 'Administrative Fee'
Sean Hollister writes via The Verge:
Since 2013, AT&T has quietly bilked customers out of hundreds of millions of dollars with a bogus "administrative fee," a fee it more than doubled to $1.99 a month in 2018. For a few years there, a California class-action lawsuit made it seem like AT&T might finally get taken to task. But this week, both sides told a judge they'd settle for just $14 million -- meaning customers may get less than 10 percent of what they paid AT&T, while AT&T gets to keep on charging them. According to the proposed settlement agreement in Vianu v. AT&T Mobility -- which still needs to be approved by a judge -- just about every AT&T Wireless postpaid customer in California since 2015 will be eligible for an estimated payment of between $15 and $29.
But again, that's only a fraction of what AT&T's own records show it charged: $180 per customer on average since 2015, according to documents. The settlement "represents a refund of approximately 6-11 months of the average fees," they read. Meanwhile, the lawyers are likely to get $3.5 million. "The estimated payment amount represents a strong result for the Settlement Class, particularly given the substantial risks, costs, and delay of continued litigation," reads the proposed settlement agreement, going on to list all the ways that the lawyers suing AT&T believe that AT&T might still win the case. [...]
Oh, and you won't even get a check in the mail if you're still an AT&T customer, assuming this version of the settlement is approved. The money will be credited back to your AT&T account, where AT&T can dip its hand right back in again for that $1.99 -- or more if it feels emboldened enough to increase the fee yet again. (Admittedly, the AT&T account could be a more reliable way to make sure customers get money back.) The settlement websites can be found
An AT&T spokesperson issued the following response: "We deny the allegations in this lawsuit because we clearly disclose all fees that are charged to our customers. However, we have decided to settle this case to avoid lengthy, expensive litigation."
Samsung Is Reportedly Planning To Raise Chip Prices By 20%
Samsung is currently
considering raising the cost of its semiconductor products by up to 20%, as well as those it manufactures for other companies, which would ultimately lead to consumers paying more for new devices. PC Magazine reports:
As Bloomberg reports, the price hike consideration is in response to just about everything in the world getting more expensive, including the cost of raw materials and the logistics surrounding production pipelines. The final price increase is expected to be linked to sophistication of the components being manufactured, but that still means vendors will end up paying between 15-20% more for chips. Samsung is a huge player in the semiconductor industry, producing processors for a wide-range of industries, as well as memory products, storage solutions, and foundry solutions which allow other semiconductor products to be manufactured. Adding up to a 20% price rise across all those sectors will inevitably push up prices for any products that use Samsung components.
Ex-eBay Exec Pleads Guilty To Terrorizing Couple With Spiders, Funeral Wreaths
An anonymous reader quotes a report from The Guardian:
A former eBay executive pleaded guilty on Thursday to participating in a scheme to terrorize the creators of an online newsletter that included the delivery of live spiders and other disturbing items to their home. David Harville, eBay's former director of global resiliency, is the final onetime eBay employee charged in the case to plead guilty. Six others have admitted to their roles in the harassment campaign targeting a Massachusetts couple who publish the newsletter EcommerceBytes, which eBay executives viewed as critical of the company.
The scheme included sending items like a box of live cockroaches, a funeral wreath and books about surviving the loss of a spouse to the couple's home with the hopes of getting them to stop publishing negative articles about the company, prosecutors say. eBay employees also set up fake social media accounts to send threatening messages to the couple and posted the couple's home address online. Harville and others were charged in June 2020 over the plot, which authorities say was orchestrated by members of eBay's executive leadership team after the newsletter published an article about a lawsuit filed by eBay accusing Amazon of poaching its sellers, authorities said. Another former executive who pleaded guilty last month, James Baugh, held meetings to coordinate the harassment campaign and directed Harville to go with him to Boston to spy on the couple, prosecutors say.
Startup Raises $17 Million To Develop Smart Gun
Biofire Technologies has
raised $17 million in seed funding to further develop its smart gun, which uses a fingerprint sensor to unlock the trigger. Axios reports:
Biofire's guns only can be fired by authorized users, which should exclude kids or teens from using guns that their parents didn't secure. Even if you're someone who decries firearms proliferation and supports stricter gun control, this is an innovation that should be welcomed. "I see firearm ownership continuing to be part of American culture for the foreseeable future," says Biofire founder and CEO Kai Kloepfer. "This issue has become so politicized that really nothing is being done, even for things that shouldn't be political in any way, like kids getting hold of guns ... A smart gun isn't a cure-all, but we do think that we can have an immediate and substantial impact."
Kloepfer, who dropped out of MIT to pursue Biofire, adds that the gun is being beta tested with law enforcement and firearms experts, and that it doesn't have any RFID or other wireless capabilities that could turn off prospective buyers A recent Morning Consult poll found that 55% of current gunowners would be comfortable using a smart gun.
Google Announces Flutter 3, Now With macOS and Linux Desktop Support
An anonymous reader quotes a report from XDA Developers:
Google created Flutter a number of years ago, with the aim to make a cross-platform software framework. Flutter's biggest strength is that it can be used to build applications for Android, iOS, Linux, Windows, macOS, and even the web, and all from the same shared codebase. While building apps for Windows received stable support back in February, both macOS and Linux were still only in beta. Now that's changing, as Google has announced Flutter 3 at this year's Google I/O, complete with stable support for building apps for macOS and Linux.
Of course, cross-platform support for both of these new platforms requires more than just programs being able to run. They need to fit in with the rest of the experience, and they need to support specific features that may be unique, as well. That's why Google is highlighting two things: the first is that Linux support helped by Canonical (the publisher of Ubuntu) and Google collaborating in order to "offer a highly-integrated, best-of-breed option for development."
As Google puts it, Canonical is already developing with "Flutter for key shell experiences including installation and firmware updates." What's more, their Linux-specific packages "provide an idiomatic API for core operating system services including dbus, gsettings, networkmanager, Bluetooth and desktop notifications, as well as a comprehensive theme and widget set for Yaru, the Ubuntu look and feel." As for macOS, Google invested in supporting both Intel and Apple Silicon devices, with Universal Binary support that allows apps to package executables that run natively on both architectures. Tim Sneath, Director of Product and UX for Flutter & Dart, highlights all the new improvements in
a Medium post.
How Much Will It Cost To Secure Open-Source Software? OpenSSF Says $147.9 Million
Today at the Open Source Software Security Summit II in Washington, D.C., OpenSSF announced an ambitious,
multipronged plan with 10 key goals to better secure the entire open-source software ecosystem. From a report:
While open-source software itself can sometimes be freely available, securing it will have a price. OpenSSF has estimated that its plan will require $147.9 million in funding over a two-year period. In a press conference held after the summit, Brian Behlendorf, general manager of OpenSSF, said that $30 million has already been pledged by OpenSSF members including Amazon, Intel, VMware, Ericsson, Google and Microsoft.
Calling a Man Bald Counts as Sexual Harassment, UK Judge Rules
Calling a man bald can now be classed as sexual harassment,
a U.K. employment tribunal judge has ruled. From a report:
Three members of the tribunal who decided on the ruling, and alluded to their own experience of hair loss, said that baldness was more prevalent in men than women. Therefore, they argued that the use of the word "bald" as an insult related to a "protected characteristic of sex." The tribunal compared calling a man bald to commenting on the size of woman's breasts, based on a 1995 case. The ruling, published Wednesday, was made on a case where the insult was alleged to have been used against Tony Finn, while he worked as an electrician for the British Bung Manufacturing Company. Finn had worked at the company, which manufactures wooden cask closures for the brewing industry, in Yorkshire in the northeast of England, for nearly 24 years. He was fired last year and the circumstances around his dismissal were also part of the case. Finn claimed that he was called a "bald c---" and was also threatened by his shift supervisor, Jamie King, in a dispute in July 2019.
Elon Musk Says Twitter Deal 'Temporarily On Hold Over Spam'
Third Position shares a report from The Verge:
Elon Musk says his deal to buy Twitter is "temporarily on hold" after the social network reported that false or spam accounts comprised less than 5 percent of its 226 million monetizable daily active users. The Tesla CEO, who offered to buy twitter for $44 billion, tweeted a link to a May 2nd Reuters report on Twitter's filing, saying he wants to see the company's calculations.
"Twitter deal temporarily on hold pending details supporting calculation that spam/fake accounts do indeed represent less than 5% of users," Musk tweeted. However, in a follow-up tweet, he added that he's "still committed to [the] acquisition," suggesting that it'll proceed after Twitter provides satisfactory information on its numbers. Slashdot reader
Excelcia shared a
similar report from the BBC, which cited analysts speculating "he could be seeking to renegotiate the price or even walk away from the takeover."
"One analyst, as quoted in the story, suggests that 'Many will view this as Musk using this Twitter filing/spam accounts as a way to get out of this deal in a vastly changing market,'" writes Excelcia. "Shares have
dropped another 10% since the announcement."
Facebook-Owner Meta Tells Hardware Staffers To Prepare for Cutbacks
Facebook-owner Meta Platforms is
preparing cutbacks in its Reality Labs division, a unit at the center of the company's strategy to refocus on hardware products and the "metaverse," a spokesperson confirmed to Reuters on Wednesday. From a report:
Chief Technology Officer Andrew Bosworth told Reality Labs staffers during a weekly Q&A session on Tuesday to expect the changes to be announced within a week, according to a summary of his comments viewed by Reuters. The Meta spokesperson confirmed that Bosworth told staffers the division could not afford to do some projects anymore and would have to postpone others, without specifying which projects would be affected. She said Meta was not planning layoffs as part of the changes.
PC and Laptop Displays Are Working Toward 480 Hz
An anonymous reader shares a report:
If you've ever looked at a 360 Hz monitor and thought, "This isn't fast enough," here's something to look forward to. While we've seen monitor prototypes surpass 360 Hz, the highest native refresh rate you'll find on a PC display these days, it seems that AU Optronics (AUO) is working on panels that'll be available with an even snappier 480 Hz refresh rate. Of course, not many would look at a screen updating with new information 360 times every second as lagging. But for very fast-paced action -- like in a competitive game where words and items whizz by in an instant or where a few milliseconds of a delay could be the difference between a win or a loss -- more speed may be imperative.
Samsung 'Expert' Fired After Speaking Up About Working For Free
An anonymous reader shares a report:
On April 14th, The Verge published a story about how Samsung's "Experts," who answer customer chats at Samsung.com, were being pushed by both Samsung and staffing agency Ibbu to do some customer support for free. While we spoke to a dozen experts during our reporting, only one was willing to be named in the story: Jennifer Larson. The day after our story was published, Larson received an email saying that she was being temporarily suspended and that she'd get an update in a week. Over four weeks later, Ibbu told her she'd been fired.
US Warns of Discrimination in Using AI To Screen Job Candidates
The federal government says that artificial intelligence technology to screen new job candidates or monitor worker productivity can
unfairly discriminate against people with disabilities, sending a warning to employers that the commonly used hiring tools could violate civil rights laws. From a report:
The U.S. Justice Department and the Equal Employment Opportunity Commission jointly issued guidance to employers to take care before using popular algorithmic tools meant to streamline the work of evaluating employees and job prospects -- but which could also potentially run afoul of the Americans with Disabilities Act. "We are sounding an alarm regarding the dangers tied to blind reliance on AI and other technologies that we are seeing increasingly used by employers," Assistant Attorney General Kristen Clarke of the department's Civil Rights Division told reporters Thursday. "The use of AI is compounding the longstanding discrimination that jobseekers with disabilities face." Among the examples given of popular work-related AI tools were resume scanners, employee monitoring software that ranks workers based on keystrokes, game-like online tests to assess job skills and video interviewing software that measures a person's speech patterns or facial expressions.
Apple Testing iPhones That Ditch Lightning Ports in Favor of USB-C
Apple is testing future iPhone models that replace the current Lightning charging port
with the more prevalent USB-C connector,
Bloomberg reported Friday, citing people with knowledge of the situation, a move that could help the company conform with looming European regulations. From the report:
In addition to testing models with a USB-C port in recent months, Apple is working on an adapter that would let future iPhones work with accessories designed for the current Lightning connector, said the people, who asked not to be identified because the matter is private. If the company proceeds with the change, it wouldn't occur until 2023 at the earliest. Apple is planning to retain the Lightning connector for this year's new models.
Germany Affirms Crypto Sold After One Year Is Tax-free
Crypto investors in Germany won't pay tax on sales of digital assets such as bitcoin and ether --
as long as they're held for more than one year. From a report:
Germany's Federal Ministry of Finance shared the ruling in a 24-page document, which formally defined blockchain concepts such as mining, staking, airdrops and masternodes within the context of the country's tax system. The decree marks the first time Germany has issued nationwide tax guidance on cryptocurrency. It was crafted in close consultation with the country's 16 federal states, as well as top financial institutions. Government ministers had held a hearing last summer to gauge sentiment among local crypto associations such as Bitkom and other market participants -- including individual investors. One of the most pressing questions related to whether lending or staking cryptocurrency extends the tax-free period on digital asset sales to 10 years, as is the case with buy-to-let properties.
EU Governments, Lawmakers Agree on Tougher Cybersecurity Rules for Key Sectors
EU countries and lawmakers agreed on Friday to
tougher cybersecurity rules for large energy, transport and financial firms, digital providers and medical device makers amid concerns about cyber attacks by state actors and other malicious players. From a report:
The European Commission two years ago proposed rules on the cybersecurity of network and information systems called NIS 2 Directive, in effect expanding the scope of the current rule known as NIS Directive.
The new rules cover all medium and large companies in essential sectors - energy, transport, banking, financial market infrastructure, health, vaccines and medical devices, drinking water, waste water, digital infrastructure, public administration and space. All medium and large firms in postal and courier services, waste management, chemicals, food manufacturing, medical devices, computers and electronics, machinery equipment, motor vehicles, and digital providers such as online market places, online search engines, and social networking service platforms will also fall under the rules.
Microsoft Considers Pay Raises To Stay Competitive
Microsoft is reportedly thinking about
bumping many employees' pay, following similar moves from other tech giants, in a bid to stay competitive with its rivals. From a report:
Citing two unnamed sources, Insider reported Wednesday that Microsoft may announce a change "as soon as Monday." Microsoft has reason to worry about retention, Insider reports. In Microsoft's most recent "Employee Signals" poll, which employees reportedly answered in March, only two-thirds of respondents said they're getting "a good deal" in terms of what they're giving the company and receiving in return. Microsoft is reportedly concerned about employees leaving for (or being poached by) Amazon specifically. The company more than doubled its base compensation cap from $160,000 to $350,000 earlier this year, and has reportedly been handing at a record amount of stock grants -- $6 billion, to be exact.
DOJ Loses Bid To Sanction Google for Withholding Documents
dodged court sanctions after it was called out by the Justice Department for hiding documents from government lawyers. From a report:
U.S. District Judge Amit Mehta in Washington said during a hearing Thursday that he wouldn't punish the company over its practice of having employees copy company lawyers on emails when discussing competition issues. The US government claims Google uses "silent attorney" emails as a ploy to avoid disclosing records in litigation. But Mehta ordered Google to ensure that all of the "silent-attorney" emails are reviewed anew to make sure the company has complied with disclosure obligations.
NSA Says 'No Backdoor' for Spies in New US Encryption Scheme
The US is readying new encryption standards that will be so ironclad that even the nation's top code-cracking agency says it
won't be able to bypass them. From a report:
The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards. "There are no backdoors," said Rob Joyce, the NSA's director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor. The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today's computers can't. But it's also one that the White House fears could allow the encrypted data that girds the U.S. economy -- and national security secrets -- to be hacked.
A Colony of Blue-Green Algae Can Power a Computer For Six Months
An anonymous reader quotes a report from Interesting Engineering:
Researchers from the University of Cambridge have managed to run a computer for six months, using blue-green algae as a power source. A type of cyanobacteria called Synechocystis sp. PCC 6803 -- commonly known as "blue-green algae," which produces oxygen through photosynthesis when exposed to sunlight, was sealed in a small container, about the size of an AA battery, made of aluminum and clear plastic.
Christopher Howe from the University of Cambridge and colleagues claim that similar photosynthetic power generators could be the source of power for a range of small devices in the future, without the need for the rare and unsustainable materials used in batteries. The battery made of blue-green algae has provided a continuous current across its anode and cathode that ran a microprocessor. The computer ran in cycles of 45 minutes. It was used to calculate sums of consecutive integers to simulate a computational workload, which required 0.3 microwatts of power, and 15 minutes of standby, which required 0.24 microwatts. The microcontroller measured the device's current output and stored this data in the cloud for researchers to analyze.
Howe suggests that there are two potential theories for the power source. Either the bacteria itself produces electrons, which creates a current, or it creates conditions in which an aluminum anode in the container is corroded in a chemical reaction that produces electrons. The experiment ran without any significant degrading of the anode and because of that, the researchers believe that the bacteria is producing the bulk of the current. Howe says that the approach could be scaled up, but further research is needed to figure out how far. The research was
published in the journal Energy & Environmental Science.
Promising Early Results From Largest-Ever Trial Testing LSD For Anxiety
Biopharmaceutical company MindMed has
announced the first topline data from a novel Phase 2 trial testing high doses of LSD as a treatment for anxiety. The results indicate one to two LSD sessions
can generate rapid and sustained reductions to anxiety, however, significantly larger trials will be needed to validate these findings. New Atlas reports:
This new trial was conducted at University Hospital Basel in Switzerland. The trial was randomized, and placebo-controlled with a crossover design enrolling 46 participants. The participants completed two high-dose (200-microgram) LSD sessions, six weeks apart. The primary endpoint was a reduction in anxiety 16 weeks after the second LSD session, as measured on a scale called STAI (State-Trait Anxiety Inventory), a common test used to quantify anxiety.
The data revealed by MindMed indicates 65 percent (13 out of 20) patients in the LSD group demonstrated a clinically significant reduction in STAI scores of more than 30 percent. Only nine percent of the placebo group (two out of 22) showed similar clinical improvements. The results indicate the treatment was generally safe with only mild adverse effects reported by most subjects. The announcement did report one serious adverse treatment event during an LSD session described as "acute transient anxiety and delusions." This subject required sedatives but no long-term adverse effects were noted. [...] MindMed is now beginning a Phase 2b trial to expand on these findings and further explore LSD as a treatment for anxiety disorders.
Virgin Orbit Is Assembling a Fleet of Boeing 747 Jets To Launch More Rockets Into Space
Virgin Orbit is
assembling a fleet of modified 747 jets, the company
announced Tuesday, ordering two new modified cargo airframes to help launch more rockets into space. CNBC reports:
The company is acquiring the two additional airframes through L3Harris, which will modify the jets to carry and launch Virgin Orbit's rockets. Virgin expects to take delivery of the first of the planes next year. Virgin Orbit CEO Dan Hart said the delivery timing of the second plane will be "driven more by market demand" for launches. The deal "unleashes us in a few ways," he said. "It eliminates one of the key chokepoints that we have in the system," Hart told CNBC. It also will help the company keep launches going in case one of their aircraft is undergoing maintenance, which will open up "all sorts of possibilities for supporting different customers in different places," he added.
Virgin Orbit has a single aircraft, a customized Boeing 747-400 called "Cosmic Girl," which has flown four missions of Virgin Orbit's LauncherOne rocket to date. Through a method known as air launch, the company's aircraft carries its rockets to about 45,000 feet of altitude and drops them just before they fire their engines and accelerate into space -- a method the company touts as more flexible than ground-based systems. [...] Virgin Orbit's new 747s will also feature an improved layout, with L3Harris modifying the aircraft to carry up to two LauncherOne rockets, as well as all of the company's ground support equipment, to a launch site.