Welcome to September, a month representing an absurd amount of progress through 2023. Isn’t it supposed to still be May? I find myself in Melbourne for work and related matters, which gives me an opportunity to discuss a topic that’s been near and dear to my heart for many years.
The United Nations Human Rights Office said in a new report on Tuesday that criminal syndicates in Southeast Asia are forcing hundreds of thousands of individuals into online criminal activity, including operating fraudulent investment schemes and facilitating unlawful gambling.€
Someone recently sent me their Amiga 1200, which used to be their pride and joy, for free, to look after. They no longer had a use for it. It needed a bit of work, so I decided to document it. This Amiga This machine came with a case that was not in great condition.
It takes too long to get a new compute engine in the field, and everybody complains about it.
On the plus side, the sales of devices priced above US$1000 (A$1541) continued to grow, IDC said without providing a specific figure. sales of mid-range phones showed a downward trend, while the lower end saw sales rise.
The average selling price of a smartphone in Australia rose by 5% year-on-year in the quarter but saw a 10% drop from the previous quarter, going down to US$755.
SkyKick, whose products include tools to migrate to and backup for Microsoft 365, has confirmed to CRN that the vendor is laying off more than 100 employees worldwide.
In a statement to CRN, Todd Schwartz – co-CEO of Seattle-based SkyKick – said that the layoff was a “tough decision” and due to “current market conditions.”
“We are well positioned and remain steadfastly committed to ensuring our partners’ success in the cloud over the long-term,” Schwartz said.
The Canada Revenue Agency (CRA) has fired dozens of employees who “inappropriately claimed the Canada Emergency Response Benefit (CERB)” during the COVID-19 pandemic.
According to news outlets, including CTV News, the agency said in a statement on Sept. 1 that “120 individuals are not longer with the CRA.”
“The CRA takes any form of wrongdoing very seriously, and is strongly committed to protecting the integrity of Canada’s tax and benefit systems and demonstrating to Canadians that [we are] a trusted and fair organization,” the statement reads.
Several denial of service (DoS) and code execution vulnerabilities have been discovered in the Vim enhanced vi editor.
[This is a Guest Diary by James Turner, an ISC intern as part of the SANS.edu BACS program]
Security updates have been issued by Debian (chromium, firefox-esr, and gst-plugins-ugly1.0), Fedora (firefox, libeconf, libwebsockets, mosquitto, and rust-rustls-webpki), SUSE (amazon-ssm-agent, open-vm-tools, and terraform-provider-helm), and Ubuntu (linux-azure, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp-5.15, linux-gcp-5.4, linux-oracle-5.4, linux-gkeop, linux-gkeop-5.15, linux-intel-iotg, linux-kvm, linux-oracle, and python-git).
On the 31st of August 2023, the Information Regulator took action by issuing an Enforcement Notice against Dis-Chem, due to their non-compliance with several provisions of the Protection of Personal Information Act (POPIA).
In the timeline of events, it was revealed that during the months of April and May in 2022, a brute force attack was launched against Grapevine, a third-party service provider engaged by Dis-Chem. A brute force attack involves repeated attempts to guess a password until the correct combination is discovered. It wasn’t until the 1st of May 2022 that Dis-Chem became aware of this security breach when certain employees received SMS notifications.
In August's board meeting, Norman Public Schools announced it would improve its relationship with media outlets and parents.
"We are always wanting to make sure we have ongoing transparent easily-accessible communication, not only internally, but externally as well," said Holly Nevels, the associate superintendent and chief human resource officer, at the meeting.
"We want our internal staff, teachers, and students to feel informed, and we certainly want our community to feel informed and connect to our schools," she added.
The district has adjusted language in its 2022-2027 Strategic Plan to bolster its commitment to open communication, said Chelsey Kraft, the director of communications, public relations, and public information officer for the district, in an interview with The Transcript.
Well, it seems one school district has seen the light and will try to be more transparent and timely in the event of security incidents. Norman Public Schools in Oklahoma experienced a ransomware attack in November 2022. At the time, DataBreaches was revealing more details about the breach by the Hive ransomware gang and the leaked data than the district had revealed and noted the district had not responded to this site’s inquiries.
As the 2023 school year begins, threat actors are poised to launch various types of cyberattacks ranging from direct deposit scams to ransomware. The education sector is often targeted during holiday breaks. Threat actors take advantage of this pastime when staff is away or just prior to busy seasons, such as the beginning of the school year, long weekends, or before the end of a marking period when final grades are due. Within the last few weeks, publicly announced ransomware attacks sharply increased and included Cleveland City Schools in Tennessee, the Prince George’s County Public Schools – one of the largest US school districts with approximately 130,000 students in the Washington D.C. area – and the University of Michigan, just three weeks after the MOVEit data theft attack impacted Michigan State University.
In December 2019, Sophos published an analysis of Snatch ransomware. In June 2020, DFIR Report provided a case study, and in July 2020, LIFARS wrote an article about Snatch ransomware having been detected in attacks in June.
Since then, the Snatch leak site has continued to add victims and the media (including DataBreaches) has continued to report on their attacks, but somehow, none of us reporting on Snatch seemed to know that there had been a seismic shift in their operations. On some date unknown to DataBreaches, the gang that took its name as fans of the movie “Snatch” was no longer a ransomware gang. To say that DataBreaches was surprised to realize that we might have been misreporting them as a ransomware gang would be an understatement.
Alexander Pakhtusov was a seller on both Slilpp and Paysell (now called Blackpass) using the moniker “Mrtikov.” His overall involvement spanned from at least April 2016 through September 2019 and included listing for sale over 17 million economically valuable accounts of individuals held at various companies and banks. He actually sold over 14,000 sets of login credentials. The people who purchased those login credentials used those credentials to steal money from victim accounts.
Sourcegraph says customer information was breached after an engineer accidentally leaked an admin access token.
ZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo.
Small electric utilities in the US offered $9 million as part of a competition whose goal is to help them boost their cybersecurity posture.
A vulnerability in the All-in-One WP Migration plugin’s extensions exposes WordPress websites to attacks leading to sensitive information disclosure.
Splunk has released patches for multiple high-severity vulnerabilities impacting Splunk Enterprise and IT Service Intelligence.
Dangling DNS records were abused by researchers to hijack subdomains belonging to major organizations, warning that thousands of entities are impacted.
Fashion retailer Forever 21 says that the personal information of more than 500,000 individuals was compromised in a data breach.
Telco Singtel Optus will not release a report into the data breach it suffered last year, which it commissioned professional services firm Deloitte to carry out, the company has confirmed.
Asked about the report on Thursday, an Optus spokesperson said: "Optus can confirm that Deloitte has completed its report. The report is confidential and the subject of a legal professional privilege claim."
No details were given as to the "legal professional privilege claim".
A lawsuit filed on behalf of a former student and former employee at the University of Minnesota accuses the university of not doing enough to protect personal information from a recent data breach.
A used government surveillance van is for sale in Chicago:
So how was this van turned into a mobile spying center? Well, let’s start with how it has more LCD monitors than a Counterstrike LAN party. They can be used to monitor any of six different video inputs including a videoscope camera. A videoscope and a borescope are very similar as they’re both cameras on the ends of optical fibers, so the same tech you’d use to inspect cylinder walls is also useful for surveillance. Kind of cool, right? Multiple Sony DVD-based video recorders store footage captured by cameras, audio recorders by high-end equipment brand Marantz capture sounds, and time and date generators sync gathered media up for accurate analysis. Circling back around to audio, this van features seven different audio inputs including a body wire channel...
DEVA Party Istanbul MP Yeneroßlu stated that there was a 22 percent increase in the submissions received by the Human Rights Foundation in 2022 related to torture compared to the previous year.
Move reflects Beijing’s strategy of ‘rocking the tree to threaten the monkey,’ an observer says.
Niger’s President Mohamed Bazoum was detained and deposed on 26 July by his military guard under the command of General Abdourahamane Tchiani. The unconstitutional change of government has been widely condemned internationally. Ecowas, the regional group, also issued sanctions and threatened military intervention.
Ecuador's fragile security situation was underscored Thursday by a series of car bombings and the hostage-taking of more than 50 law enforcement officers inside various prisons, just weeks after the country was shaken by the assassination of a presidential candidate.
The African Union's Peace and Security Council said Thursday it had decided to "immediately suspend" Gabon€ following a coup that ousted President Ali Bongo. The decision came as the junta that took power announced it would respect Gabon’s commitments at home and abroad in a bid to reassure the international community.
At least nine Pakistani soldiers have been killed and 20 more injured in a suicide attack that targeted a security convoy in northwestern Pakistan.
The United States has lauded Kyrgyzstan for its repatriation of 95 women and children from northeast Syria, calling it "important towards resolving the humanitarian and security challenges in the region."
Chongqing, a Chinese megacity of more than 32 million people, has pioneered a local version of the country's expanded counter-espionage law, requiring institutions to go through security screening when organising overseas trips.
The United Nations Security Council on Thursday renewed the mandate for its peacekeeping force in Lebanon for another year after tense debate around the troops' freedom of movement.
I recently wrote about my experiences in driving a fully electric car. Today, the electrician dropped by and installed a charging box in my garage. Finally I can do 11kW charging from home, at the lowest possible price.
Sputnik Turkey management, which has fired 24 journalists after the strike action at the news outlet was announced, went to court against the strike, but the 4th Labor Court of Istanbul rejected taking a "precautionary measure" against the strike.
Among foreign economists and civil society activists, the Nobel laureate Muhammad Yunus is an icon for extending microloans to those too poor to access conventional banks.
The DOJ announced Thursday that two men in two separate cases in Arizona and Georgia had pleaded guilty to threatening election officials in the respective states in separate cases, brought by the the Justice Department's Election Threats Task Force — which has now brought charges in 14 cases.
Yang Shaozheng's sentence comes amid allegations of torture from his legal defense team.
The State Security Service (VDD) has detained a citizen of Latvia of€ Islamic faith in relation to suspected public glorification and justification of terrorism, as well as the distribution of materials glorifying, justifying, and appealing to terrorism, the VDD said August 31.
We explain the challenges and exclusion some participants faced, apologize and take accountability for our role, and share thoughts on the road ahead.
Ezenwa Oruh was a creative spirit who loved storytelling and was pursuing his dream of being an actor. He was a wonderful uncle to his sister Chioma Oruh’s two children, who are both autistic. Ezenwa also had schizophrenia, and would sometimes become dysregulated and disoriented. Sometimes, his family would have to call 911 for help. They knew the responders would be police, but they had no other option.
“When the police come on site oftentimes — whether it’s for my brother, or the children that I birthed, or other children in the community that go through these crises — the last thing on the mind of a first responder is that these children are brilliant, that they’re loved, that they have gifts, that they offer things to the community,” said Chioma. “The problem is not their family or their condition, but it’s about how the system responds to them and their condition and their loved ones who only seek and want help.”
Two spinoffs of “The Walking Dead” and the next season of “Interview With the Vampire” will be resuming production despite the Hollywood strikes after reaching a deal with the actors' union. The union granted what's known as an interim agreement to the three shows on cable channel AMC. The agreements, which have been granted to hundreds of films and TV shows, allow productions outside the alliance of major studios to resume, so long as they grant actors what they were asking for before the strike broke out. The shows are the highest profile series yet to get the deals, which some actors say are undermining their strike.
From today's long decision in€ Free Speech Coalition, Inc. v. Colmenero, by Judge David Alan Ezra (W.D. Tex.) (see here for excerpts from the part of the decision that strikes down the separate age-verification requirement): [...]
The new school year is kicking off in Lithuania on Friday amid tensions over teachers' plans to go on strike if the government fails to raise their salaries.
In November 2022, the Graduate Employees’ Organization and the University of Michigan began negotiating a new contract for Graduate Student Instructors and Graduate Student Staff Assistants. Negotiations continued through the school year with no resolution, eventually leading GEO to go on strike March 27.
The case could have widespread effects on the internet as we know it.
Tech giant will unbundle Teams from Office 365 and stop links opening in Edge by default – but only for European customers.
Linde said Microsoft would enhance existing resources on inter-operability with Microsoft 365 and Office 365.
"...we have heard feedback that, given the broad capabilities of Microsoft 365, Microsoft could do more in terms of providing support and making development easier," she said.
"To help address these concerns, we will create new support resources to better organise and point application developers to the existing and publicly available APIs and extensibility in Microsoft 365 and Office 365 apps and services that connect with Teams."
Linde added that, additionally, new mechanisms would be created to enable third-party solutions to host Office Web applications.
The North American-based Coalition for Fair Software Licensing welcomed Microsoft's move, but said it was not enough.
The group's executive director, Ryan Triplette, said in a statement: "“This announcement proves that Microsoft is capable of doing the right thing for its customers, but chooses not to unless compelled by regulatory scrutiny. As we noted in our comment to the US Federal Trade Commission, the tying of Teams to the Office Suite is not a regional or product-specific issue.
“Microsoft has the power to flip a switch and offer its products separately, at any time and in any location it wants. However, unless the software giant’s entire restrictive licensing regime is unwound by regulators, it won’t.
USPTO’s proposed restrictions on validity review would hurt SMEs by limiting independent third parties interested in deterring patent trolls’ use of invalid patents. Unified's Shawn Ambwani provides third-party examples that have successfully challenged especially egregious patent trolls which would no longer be allowed if ANPRM proposals or the PREVAIL Act are enacted. Patent trolls will be more aggressive, more profitable, and more rampant, imposing what amounts to a legal tax on economic growth and innovation, especially against SMEs who do not have the financial resources to fight.
This post draws from and summarizes a forthcoming law review article from the author. The full article is available on SSRN. A patent is a monopoly, for a certain time, on the sale of something for profit.
Google is one of the largest companies in the US with extensive ties not just to every state, but virtually every household in the entire country.€ Still, the company regularly argues that it would be too unfair and inconvenient to litigate patent cases in states such as Texas. In a recent decision, Judge Alan Albright (W.D.Tex.) denied Google’s motion to transfer venue. In his 40-page order, Judge Albright provided an in-depth analysis of the private and public interest factors that, based upon prior precedent, govern transfer under 28 U.S.C. €§ 1404(a).€ The relevant statute reads as follows:
For the convenience of parties and witnesses, in the interest of justice, a district court may transfer any civil action to any other district or division where it might have been brought or to any district or division to which all parties have consented.
Id.€ Before analyzing this case, I want to step back and recognize that the current legal test for patent venue transfer has departed significantly from the statutory language declaring the goals of convenience and justice.