To maintain high quality, stability, and security for its customers, Microsoft planned the roll out of the EU Data Boundary in phases. Phase 1 started in January 2023, enabling the storage and processing of customer data for core services including Microsoft 365, Dynamics 365, Power Platform, and Azure. Phase 2 started in January 2024, and it included pseudonymized personal data to ensure data that prevents direct identification remains within the EU regions.

Microsoft today announced the completion of the EU Data Boundary with the Phase 3 rollout. In Phase 3, when customers in the EU and EFTA request technical support for services such as Microsoft 365, Power Platform, and Dynamics 365, the professional services data, including logs shared by customers and support case notes generated by Microsoft, will be stored within the EU and EFTA regions.

Microsoft highlighted that implementing this EU Data Boundary solution involved a massive, multi-year engineering effort across hundreds of Microsoft product teams and thousands of developers around the globe.

The EU Data Boundary consists of the following countries in the EU and EFTA:

Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Liechtenstein, Iceland, Norway, and Switzerland.

Julie Brill, Corporate Vice President and Chief Privacy Officer, and Paul Lorimer, Corporate Vice President, Microsoft 365, wrote the following regarding the completion of the EU Data Boundary solution:

At Microsoft, we believe cloud technology can be innovative, secure, and built to honor European values. The EU Data Boundary for the Microsoft Cloud is another example of how we are working to empower European organizations with the solutions and tools they need to grow and thrive in a modern, secure cloud environment.

By ensuring data remains within regional boundaries, Microsoft has addressed critical privacy concerns and reinforced trust with its European customer base.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

The latest Edge Canary version started disabling Manifest V2-based extensions with the following message: "This extension is no longer supported. Microsoft Edge recommends that you remove it." Although the browser turns off old extensions without asking, you can still make them work by clicking "Manage extension" and toggling it back (you will have to acknowledge another prompt).

At this point, it is not entirely clear what is going on. Google started phasing out Manifest V2 extensions in June 2024, and it has a clear roadmap for the process. Microsoft's documentation, however, still says "TBD," so the exact dates are not known yet. This leads to some speculating about the situation being one of "unexpected changes" coming from Chromium. Either way, sooner or later, Microsoft will ditch MV2-based extensions, so get ready as we wait for Microsoft to shine some light on its plans.

Another thing worth noting is that the change does not appear to be affecting Edge's stable release or Beta/Dev Channels. For now, only Canary versions disable uBlock Origin and other MV2 extensions, leaving users a way to toggle them back on. Also, the uBlock Origin is still available in the Edge Add-ons store, which recently received a big update.

In August 2024, when Google started flagging uBlock Origin as unsupported, the extension's maker stepped in and recommended users switch to uBlock Origin Lite, a Manifest V3-based extension, and accept some of its limitations. Another option is to switch to Firefox. Mozilla recently announced its plans to keep Manifest V2 extensions working, including uBlock Origin, based on Mozilla Manifesto, which claims that "individuals must have the ability to shape the internet and their own experiences on it."

Now, users can either switch to a browser that still supports MV2 extensions or move to MV3-based ad blockers. Of course, not all MV2 extensions have "more modern" versions, so for many, switching to Firefox or another browser with MV2 support will be the only option to keep old extensions working.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Late last year, I published a long post that criticized the user unfriendliness of passkeys, the industry-wide alternative to logging in with passwords. A chief complaint was passkey implementations tend to lock users into whatever platform they used to create the credential.

An example: when using Chrome on an iPhone, passkeys were saved to iCloud. When using Chrome on other platforms, passkeys were saved to a user’s Google profile. That meant passkeys created for Chrome on, say, Windows, wouldn’t sync to iCloud. Passkeys created in iCloud wouldn’t sync with a Google account.

GPM and iOS finally play nice together

That headache is finally over. Chrome on all platforms now uses the Google Password Manager, a tool built into Chrome, to seamlessly sync keys. GPM, as it’s abbreviated, will sync passkeys to all Chrome browsers logged in to the same user account. I’ve spent a few days testing the new capabilities, and they mostly work hassle free. The tool can be accessed by opening this link in Chrome.

GPM allows me to log in to passkey-protected accounts not just in Chrome, but also in standalone iOS apps such as those from Kayak, eBay, or LinkedIn. When creating a passkey in a standalone app, I now get the option to sync it through either GPM or iCloud. That means the same passkeys I created on Chrome for Android, Windows, or macOS work out of the box on my iOS apps. These passkeys are synced using end-to-end encryption, as mandated by the FIDO specification, which is maintained by the FIDO Alliance.

Creating a passkey on the Kayak app and syncing with GPM.

 

Using GPM to log in to the LinkedIn app for iOS.

 

When saving a passkey, Chrome allows users to choose where to sync it.

 

Creating a passkey for Kayak.

 

The first step to using GPM on iOS is to enable it in the iOS settings menu, specifically, Settings > General > Autofill & Passwords, and then flip on the Chrome option. The next time Chrome is invoked to work with a passkey, the user will be prompted for a PIN. Those who are already using a Pixel can enter the unlock code for that device. Those without a Pixel will have to select a PIN.

“If the first passkey for Google Password Manager is created on desktop, Chrome asks to create a Google Password Manager PIN and it will be used,” a Google tutorial explains. “The user needs to sign in to their Google Account and enter their Android device screen lock or Google Password Manager PIN to decrypt a synced passkey on a new environment.”

There’s no lock in with GPM. I configured an iPhone to autofill from both Apple Passwords, the new interface for working with iCloud Passwords, and Chrome. From then on, I got the option to use either when saving passkeys in both Chrome or in standalone apps.

GPM provides a modest step forward in simplifying passkey storage and syncing. Third-party apps such as 1Password and Dashlane have already provided this level of convenience. Unfortunately, there are still no ways to transfer passkeys in bulk from one app to another. This is a major shortcoming, since GPM, Apple Passwords, and most other password managers already allow passwords to be imported or exported, making it easy to move from one to another. The FIDO Alliance says passkey transfer capabilities are in the works.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Some Google Chrome users ran into a disappointing message today. According to several people on Reddit, uBlock Origin no longer works on Chrome. It's been known for a while that uBlock Origin and several other extensions would stop working on Chrome, but the deadline is finally affecting people.

The change that stops uBlock Origin and some other extensions from working is rolling out gradually, so you may be able to use uBlock Origin for a little longer on Chrome.

However, if you're using Google's browser, the extension will be turned off soon. Several other browsers will also stop working with uBlock Origin.

What happened to uBlock Origin?

For many people, uBlock Origin has stopped working on Chrome because Chrome has shifted to Manifest 3 for its extensions.

That change started years ago, and the process has been gradual because developers needed time to migrate extensions from Manifest V2 to Manifest V3.

Manifest V3 is a Chrome extension platform that includes several security and privacy improvements. Extensions built on Manifest V3 should also perform better. While there are many benefits to moving from Manifest V2 to Manifest V3, there are some downsides.

Perhaps the most notable change is that Manifest V3 limits the WebRequest API, which is essential for uBlock Origin. That API allows uBlock Origin to block certain content before that content loads.

Manifest V3 is a Google-developed browser extension specification aimed at making add-on functionality in web browsers safer by restricting overly permissive network requests and remote content loading.

Despite the intentions, Manifest V3 places restrictions on certain types of add-ons, like ad-blockers, that can render them less effective.

As Manifest V3 enforcement is rolling out, extensions not compatible with it are being disabled from people's browsers, depriving users of the choice of functionality over risk.

One notable case of deactivations confirmed by BleepingComputer late last week is for the uBlock Origin ad blocker, which has over 38 million downloads on the Chrome Web Store.

Although many ad-blockers have migrated to Manifest V3 versions, these are generally less capable of detecting and blocking promoted targeted content.

Although Microsoft Edge, Mozilla Firefox, and Apple Safari have all adopted MV3, they have done so with their own implementation modifications, allowing users greater freedom while still benefiting from the security enhancements.

Still, support for MV2 is the only way to go for older add-ons, and Firefox reiterated via an announcement today that it will continue to support it in the foreseeable future.

"While some browsers are phasing out Manifest V2 entirely, Firefox is keeping it alongside Manifest V3," said Mozilla.

Specifically, the internet company said it would continue to support both the 'blockingWebRequest' and 'declarativeNetRequest' APIs, corresponding to MV3 and MV2, respectively, allowing extensions like uBlock Origin to continue working as usual.

Firefox has not stated how long this support will continue, but as long as there are powerful add-ons enhancing user privacy and security, Mozilla should continue to have strong reasons to extend support for Manifest V2.

Ultimately, Mozilla stated that this is a matter of adherence to 'Principle 5' of its own manifesto, which states, "Individuals must have the ability to shape the internet and their own experiences on it."

When MV3 was introduced onto Firefox in November 2022, Mozilla said it would evaluate MV2's deprecation towards the end of 2023.

Later, in March 2024, and with all the technical and practical complexities that arose, Mozilla declared that it had no plans to deprecate MV2 in the foreseeable future.

The latest announcement renews this promise, maintaining Firefox as one of the few web browsers in the landscape to give users the freedom to continue using Manifest V2 add-ons.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Recently, a new phishing scam has been making the rounds that breaks with one of the fundamental tips to avoid being phished. You may have heard it before: one of the easiest options to identify most phishing emails is to look at the sender email. Yes, experienced users know that this is not perfect, but it can be used to weed out a good percentage of phishing mails straight away.

This new PayPal phishing scam passes that test, as its sender email appears to be [email protected]. This is a legitimate email that PayPal users for communication with its customers.

Surprisingly, this is not the first time that scammers used PayPal systems to send phishing emails from legitimate PayPal emails.

The email states that a new address was added to the PayPal account in question. It lists the address and also information about shipment changes for a MacBook M4 Max. It contains a phone number that is supposedly from PayPal support as well.

So, how is that email coming from PayPal you may ask. The answer might surprise you. Now, anyone may add multiple addresses to PayPal. These "gift addresses" may then be picked when you purchase goods on the Internet using PayPal.

When you add a new address, you are asked to add the street and number, zip and city. You may also add a second address line, and this is what the scammers use. You see, this line is not limited in characters. Instead of adding address information, they add the entire paragraph about the MacBook and the PayPal support number there.

PayPal sends the email to the linked account. The scammers create redirects for that original email address to forward the email to other PayPal users. Bleeping Computer has the details, but they use mailing lists and automation for that.

So, the process up to this stage is as follows:

1. The scammers sign-in to one of their PayPal accounts.
2. They add a second address to the account.
3. They add the scam message in the second address field.
4. PayPal sends the mail to the linked email address of the account.
5. Automated systems forward the PayPal email to emails from a mailing list.

This email lands in your inbox then. You see that the mail seems to be coming from PayPal. You have probably not added a secondary address to your account just now, and even if you did, it was probably not the one listed in the email. That leaves a hacked account as a possibility.

The scammers hope that you come to that conclusion. They also hope that you do not do something rational, like opening the PayPal website manually, signing in to your account, and checking the settings to see if there is a new address or notification from PayPal.

They hope that you call the phone number that is included in the address update. This is not an official support number, but one that the scammers operate. Once you call, they try to get you to install software on your systems. One common strategy to get callers to fall for the scam is to apply pressure by scaring them.

Best way to avoid these scams

All in all, it is best to avoid clicking on links in emails, opening attachments, or using any information displayed in emails, especially if you suspect them to be potential phishing emails.

Open the website of the service or the official app manually. You should be able to verify the claims made in those emails, and also contact support, provided that the service is offering any type of support.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

To enhance viewer experience, starting May 12, 2025, YouTube is improving the quality of mid-roll ads by showing fewer ads that may feel disruptive to the viewer. YouTube asserts that reducing annoying ad breaks can help retain more viewers on the video.

The official announcement from YouTube's Community Manager says(translated to English using Google Translate), "We're improving the quality of mid-roll ads on YouTube. This means we’ll show more mid-roll ads at natural breakpoints, like pauses and transitions, and fewer ads that might feel disruptive or cause viewers to abandon a video, like in the middle of a sentence or action sequence." (The blog post is in the Indonesian language. The quote is translated to English using Google Translate)

The change won't affect you if you are a creator and use auto mid-roll for your videos. But in the case of manual ad-slot placement, this update might override your manual ad-slots with automatic slots. In the case of opting out from automatic ad slots, videos with disruptive mid-roll ad slots may see a decrease in revenue.

To make it easier for creators to manage mid-roll ads, YouTube is introducing a new feature in YouTube Studio later this week. This feature will display ad slots that are considered disruptive and allow you to change their timestamp.

This change could be attributed to furnishing a balanced ad experience to viewers and YouTube's new quality standards. As per a survey conducted in July 2024 mentioned in the announcement post, YouTube observed that channels that have placed manual mid-rolls with automated mid-roll ads have seen a 5% increase in the overall YouTube ad revenue.

"Our goal with this feature is to give you more information and new options. You still have control over whether to show mid-roll ads in your videos and where you want them to appear," says YouTube .

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Last week, a Jeep driver turned to Reddit to do what people do best on the site—complain. Every time they hit the brakes on their Jeep, they wrote, a promotion for an extended warranty plan popped up in the center console. “Press the ‘call’ button to speak to a specialist,” they say the ad encouraged, welcoming the user to use their Bluetooth connection to complete the upsell then and there.

Ads are annoying and occasionally insidious; an ad that repeatedly appears inside one’s own car more so. According to other online posts on Reddit and Jeep forums, the issue goes back several years, affecting several models of Jeeps.

Stellantis, which owns Jeep, says the repetitive nature of the promotion was a glitch. “This is an isolated incident affecting fewer than ten vehicles at this time limited to the US,” Dan Reid, a spokesperson for the automaker, wrote in a statement. He acknowledged, though, that Stellantis shows other drivers in-vehicle promotions too. Dodge owners, for example, get an infotainment push after 60 days of purchase offering the Dodge Complete Performance Package, a comprehensive warranty offering. Stellantis says that, on average, customers receive about two in-vehicle messages annually, containing safety, maintenance, or marketing information.

Should ads be showing up inside cars at all? Safety experts have serious questions about the practice. But as automakers continue to explore how to make more money off their increasingly digitized and internet-connected wheels, the temptation to upsell on the center console may be too good to pass up.

The Data-Powered Upsell

Today’s new cars come stuffed with some 1,000 to 3,000 semiconductor chips that help to control and coordinate everything from lowering windows and adjusting mirrors to deploying airbags, enabling collision avoidance systems, pairing phones with center consoles and displays, and coordinating navigation. Add in the internet and drivers’ cell phones, and you get an ongoing “conversation” of data between individual cars and the manufacturers that build them.

Those manufacturers’ vision of the future has been pretty consistent over the past few years, says Mark Wakefield, the global automotive market lead at consulting firm AlixPartners. “In an ideal world, they’ve totally blended the mobile phone and different services and apps into a nice, big coherent ecosystem that travels from work to play to home,” he says. It’s the perfect platform for advertising, for upselling, and for pushing premium trimmings. As with Jeep’s extended warranty offer, many services can show up with just a remote software push.

Selling a car is a tight margin business; selling software-enabled features, less so. AlixPartners research estimates the connected vehicle services market will be worth more than $473 million globally this year, accounting for 11 percent of automotive revenue streams. By 2032, it could be worth $1.68 billion—more than a quarter of manufacturers’ revenue.

Some of these software-related plays have already worked out for automakers. General Motors brought in some $2 billion in revenue last year from OnStar, its subscription-based security and entertainment services division, and executives are sticking with a prediction first made in 2021 that the automaker will eventually make more than $20 billion annually in software-related revenue. Customers have shown that they’re willing to shell out a few bucks for services that heats or cool drivers’ cars before they get in, or turn on the garage lights when they get back home.

Other software plays have not worked well at all. General Motors settled a lawsuit this year with the US government after allegations it collected, used, and sold drivers’ data without their consent. Customers were horrified when BMW offered to turn on drivers’ seat heaters for a monthly fee. (The subscription was available in a handful of countries, including the UK, Germany, and South Korea.) The automaker discontinued the program after an outcry.

These experiences suggest there’s a limit to customers’ patience for data-enabled auto add-ons and the advertisements automakers use to promote them. “The guy in the black turtleneck with the frameless glasses in the design studio still thinks the extended digital environment in the vehicle is going to happen,” says Wakefield. “The customer service rep probably thinks it’s never going to happen.” The question is how long drivers are willing to put up with being trapped in their cars with tiny, digital car salesmen before they all take to Reddit—or buy different vehicles altogether.

Driven to Distraction

Safety advocates, meanwhile, say any kind of in-car screen pop-up can be dangerous. “People’s attention can be easily pulled by that sort of thing, and it’s vitally important that the demands on drivers’ attention be kept in check,” says William Wallace, who directs safety advocacy at Consumer Reports. He calls a snafu like Jeep’s alleged glitch “unacceptable.”

Auto safety research suggests that when messages are sent to a car’s infotainment systems, and how long they’re displayed, determines whether they’re safe, says William Horrey, a technical director with the AAA Foundation for Traffic Safety. Generally though, “messages sent during any driving trip can be detrimental to safety as they pull drivers’ eyes away from the roadway,” he writes in an email. Even messages that draw drivers’ eyes away from the road—and potential road hazards—during a red light can lead to accidents, both because drivers can start driving again with being fully aware of their surroundings, and because research shows that the effects of distraction can linger even seconds after drivers’ eyes return to the road.

Stellantis didn’t respond to questions about promotion messages and road safety. Neither did the National Highway Traffic Safety Administration, the US’ top road safety regulator, though it published guidance more than a decade ago suggesting that displaying images or video unrelated to driving or requiring reading of more than 30 characters of text “inherently interfere with a driver’s ability to safely operate the vehicle.”

Nathan Proctor, who follows auto issues as the senior director of US Public Interest Research Group’s right to repair campaign, says the Jeep ad snafu points to the need for wider reform in the internet-of-autos sector. “I think we should have a mandatory internet off switch in cars,” he says. “What am I getting out of my car being connected to the internet? I get cybersecurity risk, privacy invasion, they can subpoena info from my car.” So far, the switch doesn’t exist. Maybe some drivers really want the opportunity to buy a cheaper extended warranty. Proctor says it's far from worth the trade-off.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

"After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks and data, arising from threats of foreign interference, espionage and sabotage," justified Stephanie Foster, Secretary of the Department of Home Affairs.

"I have also considered the important need for a strong policy signal to critical infrastructure and other Australian governments regarding the unacceptable security risk associated with the use of Kaspersky Lab, Inc. products and web services."

According to the directive issued by the Department of Home Affairs, all non-corporate Commonwealth entities (subject to the Public Governance, Performance and Accountability Act 2013) must:

• Identify and remove all instances of Kaspersky Lab products and web services.
• Prevent the installation of Kaspersky Lab products and web services in the future.
• Report compliance to the Department of Home Affairs' Commonwealth Security Policy Branch.

A provision for exemption exists for cases where using Kaspersky products is necessary for national security or regulatory functions, including compliance and law enforcement.

Responding to our request for a comment, a Kaspersky spokesperson refuted the cited allegations, saying the cited risks "are not based on specific evidence and no due process has been organized or followed to provide justification."

The cybersecurity company stated that the real reasons behind this sudden ban are purely political.

"Kaspersky believes that the decision stems from the current geopolitical climate and was not supported by any technical assessment of the company's products, which the company has been continuously advocating for," stated Mai Al Akkad, Kaspersky's Corporate Communications Manager.

"The fact that the directive was issued without any warning or opportunity for engagement to address the Australian Government's concerns highlights its political nature."

This move by the Australian government follows similar actions in other Western countries that have also cited national security and espionage concerns.

The U.S. prohibited the use of Kaspersky products on government systems in 2017 and expanded the ban to cover all U.S. companies and consumers on September 29, 2024.

The German government advised companies in the country against using Kaspersky products soon after the invasion of Ukraine, while Canada banned the use of Kaspersky security products on the mobile devices of government employees in October 2023.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history.

Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.

This wallet is too hot, this one is too cold

Researchers for blockchain analysis firm Elliptic, among others, said over the weekend that the techniques and flow of the subsequent laundering of the funds bear the signature of threat actors working on behalf of North Korea. The revelation comes as little surprise since the isolated nation has long maintained a thriving cryptocurrency theft racket, in large part to pay for its weapons of mass destruction program.

Multisig cold wallets, also known as multisig safes, are among the gold standards for securing large sums of cryptocurrency. More shortly about how the threat actors cleared this tall hurdle. First, a little about cold wallets and multisig cold wallets and how they secure cryptocurrency against theft.

Wallets are accounts that use strong encryption to store bitcoin, ethereum, or any other form of cryptocurrency. Often, these wallets can be accessed online, making them useful for sending or receiving funds from other Internet-connected wallets. Over the past decade, these so-called hot wallets have been drained of digital coins supposedly worth billions, if not trillions, of dollars. Typically, these attacks have resulted from the thieves somehow obtaining the private key and emptying the wallet before the owner even knows the key has been compromised.

Defenders soon turned to cold wallets. These accounts aren’t directly accessible to the Internet, so even if a would-be thief manages to obtain the private key securing it, there’s no way to access it and transfer the currency elsewhere. Multisig cold wallets go a step further. In much the same way that nuclear arms systems are designed to require two or more authorized people to successfully authenticate themselves before a missile can be launched, multisig wallets need the digital signatures of two or more authorized people before assets can be accessed.

Bybit was largely following best practices by storing only as much currency as needed for day-to-day activity in warm and hot wallets, and keeping the rest in the multisig cold wallets. Transferring funds out of cold wallets required coordinated approval from multiple high-level employees of the exchange.

Immediate speculation was that somehow the drained cold wallet, or the infrastructure hosting it—provided by a company called Safe—had been somehow compromised. This theory was plausible enough since, these sorts of thefts are usually accomplished by exploiting vulnerabilities in the code enforcing cryptocurrency smart contracts or the infrastructure hosting them. The speculation was also consistent with accounts from Bybit employees that, according to Safe, the user cold wallet interfaces for the affected Bybit employees “displayed the correct-appearing transaction information … yet a malicious transaction that had all valid signatures was executed onchain.” (Safe also paused its Safe{Wallet} services following the attack and, as this story went live on Ars, had begun a phased rollout to restore them.)

This theory was ruled out after a subsequent investigation by Safe found no signs of unauthorized access to its infrastructure, no compromises of other Safe wallets, and no obvious vulnerabilities in the Safe codebase. As investigators continued to dig in, they finally settled on the true cause. Bybit ultimately said that the fraudulent transaction was “manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet.”

Shattering assumptions

What that means is that multiple systems inside Bybit had been hacked in a way that allowed the attackers to manipulate the Safe wallet UI on the devices of each person required to approve the transfer. That revelation, in turn, has touched off something of a eureka moment for many in the industry.

“The Bybit hack has shattered long-held assumptions about crypto security,” Dikla Barda, Roman Ziakin, and Oded Vanunu, researchers at security firm Check Point, wrote Sunday. “No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets.”

It’s still unclear how the attackers managed to hack the UIs of multiple Bybit employees whose signatures were required for the funds to be moved out of cold storage, but as researchers Dan Guido, Benjamin Samuels, and Anish Naik of security firm Trail of Bits noted, hackers working on behalf of the North Korean government have long deployed sophisticated malware tools that:

• Operate seamlessly across Windows, MacOS, and various wallet interfaces
• Show minimal signs of compromise while maintaining persistence
• Function as backdoors to execute arbitrary commands
• Download and execute additional malicious payloads
• Manipulate what users see in their interfaces

These hackers have also been long known for their relentless social engineering prowess. They often spend weeks or months building online personas that ultimately win the trust of targets. That persistence likely allowed the thieves who hit Bybit to somehow tamper with the UIs of each company employee whose digital imprimatur was required to move the funds out of cold storage—and ultimately into wallets the hackers controlled—all at breakneck speed.

As both Check Point and Trail of Bits point out, the lessons learned here bring cryptocurrency security back to some of the most basic elements such as segmenting internal networks, adopting defense-in-depth practices that include multiple, overlapping controls for detecting and preventing sophisticated attacks, and preparation for scenarios precisely like this one.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Google did introduce an option to enable 2-step verification for accounts without phone number in 2024 already.

A report by Forbes suggest that this is going to change in the coming months. Google plans to end SMS verification in favor of another system.

Google told Forbes that it wants to move away from using SMS messages for authentication. Other services, including X, formerly Twitter, have abandoned SMS in the past as well.

Currently, Google uses SMS verification in two situations:

1. When accounts get created, in order to limit the mass-creation of accounts by malware gangs and malicious groups.
2. To verify the identity of a returning user.

While SMS verification is better than no verification at all, the system has its fair share of significant issues. For one, SMS are sent out in clear text, which means they can be easily read when intercepted. Phishing is another problem that has been on the rise and there is the underlying issue of being tied to a phone number. Fraudulent groups have managed to obtain access to user phone numbers in the past through social engineering attacks that targeted the user's Internet Service Provider.

Google noted a rise in SMS related criminal activities. One of them, which Google calls traffic pumping, attempts to get online services to send SMS messages to numbers that they control in order to get paid.

From SMS to QR Codes

Google plans to switch off SMS verification in favor of a new system that relies on QR codes. So, instead of being asked to verify access by entering a six digit code sent to a mobile phone number, users are asked to scan the QR code using the mobile phone's camera.

Google believes that this new system is beneficial to itself and its users. Primarily, because it is removing phishing from the equation. Since there is no number that is sent to a mobile phone number anymore, there is nothing that can be phished in that regard.

Closing Words

In its talk with Forbes, Google did not reveal when it plans to introduce the change, only that it plans to reimagine how it verifies phone numbers "over the next few months". The changes may roll out in the first half of 2025 at the earliest.

What is your take on the changes? Do you use SMS for verification currently, or do you prefer other means? Feel free to leave a comment down below.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

In the Stable Channel, Microsoft released version 133.0.3065.82. It includes the following security patches:

• CVE-2025-0999: Heap buffer overflow in V8 allows remote attackers to exploit heap corruption using special HTML pages (high severity).
• CVE-2025-1006: Use after free in Network allows remote attackers to exploit heap corruption with web apps (medium severity)

• CVE-2025-1426: Heap buffer overflow in GPU allows remote attackers to exploit heap corruption using special HTML pages (high severity).

   

Edge users in the Extended Stable Channel, which receives big updates every eight weeks instead of four, have been updated to version 132.0.2957.171. The update contains four Edge-specific security fixes that patch remote code execution vulnerability: CVE-2025-21279, CVE-2025-21283, CVE-2025-21408, and CVE-2025-21342.

Like other modern browsers, Microsoft Edge will update itself automatically in the background. However, you can speed things up by heading to edge://settings/help. Speaking of speeding things up, a few days ago, Microsoft announced that more parts of the browser now work much faster thanks to WebUI 2.0. You can learn more about the migration to WebUI 2.0 and its performance improvements here.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

TP-Link is one of the most popular router manufacturers in the US, but the company is facing a potential ban due to security concerns about its links to China. A December report from The Wall Street Journal revealed that the US Commerce, Defense, and Justice Departments are investigating TP-Link, though no evidence of deliberate wrongdoing has yet emerged.

“We are a US company,” Jeff Barney, president of TP-Link told WIRED, “We have no affiliation with TP-Link Tech, which focuses on mainland China, and we can prove our separateness.”

The investigation was sparked by a letter from John Moolenaar, a Republican for Michigan, and Raja Krishnamoorthi, a Democrat of Illinois. Both are on the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party. They outlined concerns that Chinese state-sponsored hackers may be able to compromise TP-Link’s routers more easily than other brands and thereby infiltrate US systems, and that TP-Link is subject to Chinese law, meaning it can be forced to hand over sensitive US information by Chinese intelligence officials.

TP-Link was founded in China in 1996 by two brothers, and TP-Link USA was established in 2008. It wasn’t until 2022 that the Chinese and US wings began to split. The process of moving the 170 subsidiaries and all the related ownership out of Hong Kong and into the United States was delayed by the pandemic, says Barney, but it was divested and restructured by 2024.

TP-Link now has headquarters in California and Singapore and manufactures in Vietnam. It researches, designs, develops, and manufactures everything except chipsets in-house, according to Barney. “Our entities in China are governed directly by us, our employees badged by us, secured by us, in our own facilities.” He also says TP-Link has shared documentation with investigators and that its factory in Vietnam was audited by US retail partners like Walmart, Best Buy, and Costco.

“Everybody has a Nexus in China,” Barney says. He claims that American rival Netgear uses Chinese ODMs (original device manufacturers) to build its products and that even Apple relies on manufacturing in China. Netgear says its routers are manufactured in Taiwan, Vietnam, and Thailand, not China.

Competition Concerns

The WSJ report suggests that TP-Link has a leading 64.9 percent share of the US router market, but TP-Link disputes this. The company claims its share hovered around 20 percent for the last few years, but jumped to a 36.5 percent unit share and a 30.7 percent dollar share in 2024. But even TP-Link’s lower estimate shows a company in the ascendancy. This dominance has been driven by aggressively low prices and a relatively early roll-out of Wi-Fi 7 routers, perceived by some as a concerted effort to flood the US market.

“Technology should not be exorbitant,” Barney says. “We're trying to democratize these products.”

However, the wide product range raises questions, with many wondering how TP-Link can profit from routers sold at such low prices compared to the competition. Former CNET reviewer Dong Ngo explores this point on the in-depth router review website, Dong Knows.

Concerns about the links between Chinese companies and its government are nothing new. The ban on Huawei’s networking equipment and US sanctions came after years of cybersecurity concerns and intellectual property lawsuits brought by US companies. The TikTok ban is not being enforced by President Donald Trump’s administration, but owner ByteDance is still under pressure to divest its US operations. These situations can be tricky for the average person to navigate because the lines between shoddy security, Chinese espionage, US protectionism, and the growing trade war are distinctly blurry and are not mutually exclusive.

It’s no secret that US competitor Netgear has been lobbying the US government on “cybersecurity and strategic competition with China.” Netgear has had a tough couple of years after adopting a premium pricing strategy that did not resonate with consumers. It has also been embroiled in litigation against TP-Link for patent infringement, resulting in TP-Link paying a $135 million settlement in September 2024.

Are TP-Link Routers Secure?

TP-Link has signed CISA’s “Secure by Design” pledge and is part of the Technical Exchange Group. It has a vulnerability disclosure program, where independent researchers and the security community can report potential issues to security@tp-link.com. It claims report response time was 8.4 days on average in 2023, with patches released in an average of 38.5 days. The company is also planning to launch a bug bounty program.

Barney claims TP-Link’s rate of vulnerabilities per product is significantly lower than many of its peers, including Netgear and Cisco, citing public data collected by Finite State, an independent US cybersecurity company, from CVE Details, VulDB, and CISA (Cybersecurity and Infrastructure Security Agency), but not everyone agrees.

“TP-Link does not have a great reputation for patching vulnerabilities or working with security researchers, which does raise alarm bells,” Pieter Arntz, malware intelligence researcher for Malwarebytes told WIRED via email.

TP-Link was criticized in a recent Microsoft report over a “password spraying” hack that mostly impacted its routers, and the report suggested Chinese “nation-state threat actor activity.” Barney says these were end-of-service products and that Asus and Netgear routers were also impacted.

Other incidents include a Check Point Research exposé of a malicious firmware implant for TP-Link routers, linked to a Chinese state-sponsored “advanced persistent threat” group dubbed “Camaro Dragon.” Cyfirma researchers also found TP-Link router vulnerabilities for sale on underground forums.

“It’s also a challenge because regardless of the home router vendor, there will always be vulnerabilities found,” Arntz says.

A part of the problem with older routers is that the onus is often on the user to download and install updates, and this is rarely automatic or as simple as clicking on “update,” which means many patches are never installed, creating vulnerable devices for any savvy cybercriminals or nation-states. Even months after TP-Link released patches for a vulnerability on its popular Archer AX21 router, hackers continue to scan for and exploit it on unpatched routers.

These security concerns are moot in the face of built-in backdoors. Backdoors can be pieces of code or even hardware added to the circuit board that enables remote parties to gain access and potentially control the device. There’s no evidence that TP-Link devices have backdoors, but, as Ngo points out, when you use an online account with your router, you are already giving the company access through the front door. Whether remote connectivity is justified by the need for automatic software updates, remote control access, or other features for users, it effectively gives the manufacturer access to your router.

Should You Worry?

Ultimately, the concern isn’t so much about the Chinese government or other malicious actors spying on your web browsing habits—though that is possible—it’s the idea they might employ your router as a part of a botnet to launch a cyberattack on a US government agency or major service provider.

The NSA has been concerned about Chinese hackers for some time now, and China's Salt Typhoon spies continue to infiltrate US internet service providers and telecommunications companies. Speaking on the NatSec Tech podcast recently, former special assistant to the president and cybersecurity coordinator on the US National Security Council, Rob Joyce, likened TP-Link routers to a Trojan Horse and suggested China is pre-positioning for a potentially devastating attack on US infrastructure.

While some cybersecurity experts suggest a ban is imminent, Barney is confident that TP-Link routers won’t be banned. Investigations are ongoing. Even if the government doesn't find anything or decides against a ban, it won’t publicly clear TP-Link. It’s more likely the investigation will fade from the news.

For owners of a TP-Link router or anyone considering buying one, it all boils down to trust. We've tested and recommend several TP-Link routers and Deco mesh systems in our buying guides because they offer good value and great performance. But we continually update our guides and will monitor the situation before deciding whether we need to reconsider those recommendations.

There’s no easy fix because all the major router manufacturers have issues with vulnerabilities, and most of them require you to use an online account. You can go down the rabbit hole with router security, or seek out security-focused brands like Firewalla, but expect to pay more for your equipment in both time and money.

Even if you stick with what you have, there are steps you can take to be more secure online. We recommend using a VPN service and learning a little about router settings. Malwarebytes’ Arntz says the most secure router is the one on which you are comfortable changing the settings: credentials, firewall options, and especially installing updates.

Here’s his advice for home TP-Link router owners who are concerned:

• First, update your login credentials. Ensure you have moved away from the default login credentials set by the router manufacturer (or internet provider). Make this password different from your Wi-Fi name and password. And remember, length equals strength when it comes to passwords.
• Second, patch your device and set a reminder to check regularly for firmware updates.
• Third, turn on the firewall and Wi-Fi encryption. You can find these settings by logging into your router from its app or website.
• Finally, consider purchasing a new router from a different vendor with a less problematic history.

TP-Link also manufactures a wide range of smart home devices marketed under the Tapo brand, including everything from security cameras to water leak detectors. These are not part of the current investigation, which seems to be focused solely on routers. TP-Link says it has applied to the FCC’s Cyber Trust Mark program administered by UL Solutions, which ensures that internet-of-things devices are tested and labeled secure. Sadly, there is no such program for routers.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

As Apple told BleepingComputer on Friday, the optional Advanced Data Protection (ADP) feature introduced in December 2022 will no longer be available for new users in the U.K. starting today.

This decision follows a secret order from the United Kingdom government demanding that Apple create a backdoor that would provide access to the unencrypted data of any Apple user worldwide.

"ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy," the company told BleepingComputer.

"Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom."

On its "Government Information Requests" page, the company says it "never created a backdoor or master key" to any of its products or services, "never allowed any government direct access to Apple servers," and "never will."

Those trying to access and enable the feature will see the following message: "Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users."

While the company cannot disable ADP for current ADP users in the U.K., they will eventually be required to disable it to keep using their iCloud account using guidance provided by Apple over the coming weeks or days.

Apple's communication services (iMessage and FaceTime) and  Health and iCloud Keychain data will remain end-to-end encrypted, including in the U.K.

Apple says that ADP continues to be available for customers worldwide, who can enable it to ensure that their encrypted iCloud data can only be decrypted on trusted devices.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Microsoft will not change its account security default settings after all. Despite a support document appearing briefly and a notification appearing for Outlook users, Microsoft accounts will not remain signed in automatically.

Microsoft reversing its stance on the change will likely be welcomed since many criticized the change when it was announced. But the strange thing is that Microsoft does refer to the situation as backtracking or anything of the sort.

“There will be no changes to Microsoft users’ commercial (Microsoft Entra) or consumer (Microsoft account) sign in experiences in February,” said Microsoft corporate vice president of identity & network access program management Alex Simons to The Verge. “Media reports were based on incomplete information mistakenly published by a Microsoft product team. The incorrect notifications have been removed.”

That statement raises an eyebrow as well as some questions. What information was incomplete? Why were notifications sent out to users about the change? If "there will be no changes" why did the support document say "your sign-in experience is changing" in its subheading?

If you take Microsoft's statement at face value, there aren't any changes on the way and there either never were or the changes were not placed in context properly by the tech giant and the media. But if that is the case, that subheading does not make sense. Nor does the fact that the document said the following:

"The web browser sign-in experience is changing when you sign in to any product or service using your Microsoft account. Starting in February 2025, you will stay signed in automatically unless you sign out or use private browsing.

If you sign in on your own computer, your browser will remember your sign-in information, but if you sign in on a computer, phone or tablet that doesn't belong to you, or is accessed by other people, you should follow the steps below to use a private browsing window instead."

WinRAR is a popular file archiver and compression tool for Windows that allows users to create, extract, and manage compressed files, primarily in RAR, ZIP, and many other file formats. The author claims that the tool is used by 500 million people worldwide.

Yesterday, win.rar GmbH released the final version of WinRAR 7.10, listing numerous new features that increase the performance and usability of the program.

These new features include enabling larger memory pages for increased performance, a reworked settings interface, and a long-awaited dark mode.

One new feature that stood out is a new setting that lets you strip information that may be considered a privacy risk from the Mark of The Web alternate data stream.

"'Zone value only' option in "Settings/Security" dialog controls if archive Mark of the Web propagation includes only the security zone value or all available fields," reads the WinRAR 7.10 release notes.

"While additional fields, such as a download location or IP address, might help to identify a file source, they can be a privacy concern if file is shared with other persons."

For those unfamiliar with the Mark-of-the-Web (MoTW), it is an alternative data stream named "Zone.Identifier" that is added to files downloaded from the Internet, including from websites and email.

This identifier tells Windows and supported applications that the file was downloaded from another computer or the Internet and, therefore, could be risky to open.

When attempting to open a downloaded file, Windows will check if a MoTW exists and, if so, display additional warnings to the user, asking if they are sure they wish to run the file.

Microsoft Office will also check for the Mark-of-the-Web, and if found, it will open documents in Protected View, with the file in read-only mode and macros disabled.

To check if a downloaded file has the Mark-of-the-Web, you can right-click it in Windows Explorer and open its properties.

If the file contains a MoTW, you will see a message at the bottom stating, "This file came from another computer and might be blocked to help protection this computer."

Modern file archives will propagate the MoTW found in archives to extracted files, allowing those files to also be protected with the Windows security feature.

MoTW is a powerful security feature that is commonly targeted by threat actors who attempt to find zero-day flaws that allow their malicious files to bypass Windows' security warnings.

However, some may consider it a privacy concern, as if the file is shared with another person, the "Zone.Identifier" contains information that could reveal sensitive information about where a file was downloaded from.

This is because the Zone.Identifier flag contains a lot of information about a downloaded file, including the Internet Zone (ZoneID) it was downloaded from, the URL to the file, the URL referring to the file, and in some cases, the IP address of the host it was downloaded from.

As part of WinRAR 7.10, a new setting is enabled by default called "Zone value only" that strips all information from MoTW alternate data streams other than the ZoneId when it is propagated to extracted files.

This allows the Mark-of-the-Web security feature to continue to work with extracted files, but the alternate data stream can no longer be used to learn where the file was downloaded.

For those who wish to enable complete propagation of MoTW data, you will need to go into the WinRAR settings > Security and uncheck "Zone value only."

While this new setting may hamper digital forensics, it is a welcome feature for those who want the strictest privacy.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

As spotted by Leo on X, the update has been rolled out to Chrome’s stable channel on all platforms after three months of testing in Canary.

Enhanced protection, which is part of the Safe browsing feature, isn't new and has been around for years, but it's now being updated to use AI.

Previously, Google said Chrome used "proactive protection" to protect users from malicious or suspicious websites, but the terminology has been updated to reflect AI integration.

It's unclear how the feature is different from the older 'non-AI' version, but Google could be using AI to understand the pattern in real-time and warn users about potentially harmful sites, even those that Google hasn’t previously identified.

According to Google, AI protection also performs an in-depth scan for suspicious downloads.

However, it warns that the browsing data is sent to Google when Enhanced protection is actively used.

Enhanced protection with AI is turned off by default, but you can turn it on from Settings > Security on Windows, Android and iOS.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

This strategy seems to have worked for Apple so far, as the company reported nearly $25 billion in revenue from services in Q3 2024 alone. Ads are nothing new for Apple. The company has been trying to increase its advertising revenue by placing ads in the App Store, Apple News, and the Stocks app.

Gurman reports that although Apple has considered bringing ads to Maps in the past, it has begun giving the idea serious thought. The initial plan, which is still under consideration, was for ads in Maps to work similarly to those in Google Maps, where businesses pay to appear higher in search results. Apple's latest plan builds on Google's approach.

There is no timeline for when this will launch on Maps, but that hasn't stopped angry and disappointed reactions. One user (@hnlmorg) commented:

I get that Apple is looking at doing this tastefully, but this is a slippery slope where bean-counters realize they can get extra revenue for little effort. The entire point of paying a premium for Apple products is to avoid side hustles—except for Apple upselling its own services, which I’m honestly not okay with either.

 

If I wanted my hardware to be subsidized by advertisers, I would have stuck with Android.

A particularly biting comment came from 'Rohansi', who claimed that, unlike other companies, Apple isn't even subsidizing hardware costs with these ads: "You're paying the premium, and they aren't even subsidizing the hardware costs."

Other users argued that ads are an unavoidable reality in maintaining a service as complex and costly as Apple Maps, but even this reasoning couldn’t override the prevailing sentiment of disappointment.

The backlash is not surprising. Recently, Threads users angrily responded to Adam Mosseri's announcement that ads were coming to the platform, with some arguing that ads will ruin the experience.

Gurman’s newsletter also discussed other topics like Apple's push into humanoid robotics and the potential competition it could spark with Meta, as well as the censorship of Apple Intelligence in China.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Reddit is planning to introduce a paywall this year, CEO Steve Huffman said during a videotaped Ask Me Anything (AMA) session on Thursday.

Huffman previously showed interest in potentially introducing a new type of subreddit with "exclusive content or private areas" that Reddit users would pay to access.

When asked this week about plans for some Redditors to create "content that only paid members can see," Huffman said:

It’s a work in progress right now, so that one’s coming... We're working on it as we speak.

When asked about "new, key features that you plan to roll out for Reddit in 2025," Huffman responded, in part: “Paid subreddits, yes.”

Reddit's paywall would ostensibly only apply to certain new subreddit types, not any subreddits currently available. In August, Huffman said that even with paywalled content, free Reddit would "continue to exist and grow and thrive."

A critical aspect of any potential plan to make Reddit users pay to access subreddit content is determining how related Reddit users will be compensated. Reddit may have a harder time getting volunteer moderators to wrangle discussions on paid-for subreddits—if it uses volunteer mods at all. Balancing paid and free content would also be necessary to avoid polarizing much of Reddit's current user base.

Reddit has had paid-for premium versions of community features before, like r/Lounge, a subreddit that only people with Reddit Gold, which you have to buy with real money, can access.

Reddit would also need to consider how it might compensate people for user-generated content that people pay to access, as Reddit's business is largely built on free, user-generated content. The Reddit Contributor Program, launched in September 2023, could be a foundation; it lets users "earn money for their qualifying contributions to the Reddit community, including awards and karma, collectible avatars, and developer apps," according to Reddit. Reddit says it pays up to $0.01 per 1 Gold received, depending on how much karma the user has earned over the past year. For someone to pay out, they need at least 1,000 Gold, which is equivalent to $10.

Monetizing Reddit users’ interactions

Huffman also said that Reddit is “laying the foundation” for the ability to monetize commerce within subreddits this year, including when Reddit users buy something from another user via discussion on a subreddit. With Reddit marketplace features, Redditors could potentially make these transactions without leaving Reddit. Some subreddits, like r/Watchexchange, where Redditors “buy, sell or trade watches,” according to the subreddit’s description, are centered on transactions. Huffman said the fact that users are already “transacting on Reddit kind of opens the door” for such monetization.

“Though, that might be a little ways off,” the executive noted.

Reddit executives also discussed how they might introduce more ads into the social media platform. The push for ads follows changes to Reddit’s API policy that, in part, led to the closing of most third-party apps used for accessing Reddit. Reddit makes most of its revenue from ads and can only show ads on its native apps and website.

Reddit started testing ads in comments last year, with COO Jen Wong saying during an AMA that such ads are in “about 3 percent of inventory.” The executive hinted at that percentage growing. Wong also shared hopes that contextual advertising, or ads being shown based on the content surrounding them, will be a “bigger part of” Reddit’s business by 2026.

Reddit’s AMA was in relation to its Q4 2024 earnings results announced on Wednesday. The company reported a net income of $71 million for the quarter ending December 31 and a net loss of $484.3 million for 2024. The company notably missed its global daily active uniques target (101.7 million for the quarter versus 103. million), which it attributed to Google changing its search algorithm.

Advance Publications, which owns Ars Technica parent Condé Nast, is the largest shareholder in Reddit.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Discord is offering users a new way to block people without the confrontational nature of an actual block. The new feature, called Ignore, is essentially a mute function that can hide annoying or abusive users without attracting unwanted attention — thus avoiding unnecessary anxiety or flare-up drama.

You can apply the new Ignore feature by going to a user’s profile, tapping the triple-dot menu, and selecting Ignore (in the same menu where Block can be found). Once you activate it, you’ll no longer see that user’s profile and messages, and you will see less of them across Discord, as it will mute their notifications and activity, including in server message notifications (in other words, alerts). However, the big distinction is that, unlike with a Block, Ignore will still let them see your profile and activity and allow them to send you messages (which you won’t know about unless you unhide them). But they will be none-the-wiser about their Ignore status.

Ignore is in the same places you find Block.

GIF: Discord

Discord says it’s adding Ignore to its safety “toolbox” to give users, especially teens, more discreet ways to take space from others without making situations scary. Discord is also joining OpenAI, Google, Roblox, and others in establishing a non-profit foundation called ROOST, which will offer open-source technology for detecting child sexual abuse material (CSAM) to various organizations.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

A brute force attack is when threat actors attempt to repeatedly log into an account or device using many usernames and passwords until the correct combination is found. Once they have access to the correct credentials, the threat actors can then use them to hijack a device or gain access to a network.

According to the threat monitoring platform The Shadowserver Foundation, a brute force attack has been ongoing since last month, employing almost 2.8 million source IP addresses daily to perform these attacks.

Most of these (1.1 million) are from Brazil, followed by Turkey, Russia, Argentina, Morocco, and Mexico, but there's generally a very large number of countries of origin participating in the activity.

These are edge security devices like firewalls, VPNs, gateways, and other security appliances, often exposed to the internet to facilitate remote access.

The devices conducting these attacks are mostly MikroTik, Huawei, Cisco, Boa, and ZTE routers and IoTs, which are commonly compromised by large malware botnets.

In a statement to BleepingComputer, The Shadowserver Foundation confirmed that the activity has been ongoing for a while but recently increased to a much larger scale.

ShadowServer also said that the attacking IP addresses are spread across many networks and Autonomous Systems and are likely a botnet or some operation associated with residential proxy networks.

Residential proxies are IP addresses assigned to consumer customers of Internet Service Providers (ISPs), making them highly sought after for use  in cybercrime, scraping, geo-restriction bypasses, ad verification, sneaker/ticket scalping, and more.

These proxies route internet traffic through residential networks, making it appear that the user is a regular home user rather than a bot, data scraper, or hacker.

Gateway devices such as those targeted by this activity could be used as proxy exit nodes in residential proxying operations, routing malicious traffic through an organization's enterprise network.

These nodes are considered "high-quality" as organizations have a good reputation, and the attacks are harder to detect and stop.

Steps to protect edge devices from brute-forcing attacks include changing the default admin password to a strong and unique one, enforcing multi-factor authentication (MFA), using an allowlist of trusted IPs, and disabling web admin interfaces if they're not needed.

Ultimately, applying the latest firmware and security updates on those devices is crucial in eliminating vulnerabilities that threat actors can leverage to gain initial access.

Last April, Cisco warned about a large-scale credential brute-forcing campaign targeting Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide.

In December, Citrix also warned about password spray attacks targeting Citrix Netscaler devices worlwide.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

The security flaw (CVE-2024-56161) is caused by an improper signature verification weakness in AMD's CPU ROM microcode patch loader.

Attackers with local administrator privileges can exploit this weakness, resulting in the loss of confidentiality and integrity of a confidential guest running under AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).

According to AMD's development resources, SEV isolates guests and the hypervisor from one another, and SEV-SNP adds memory integrity protection that creates an isolated execution environment by helping prevent malicious hypervisor-based attacks (e.g., data replay, memory re-mapping, and more).

AMD now provides mitigation requiring a microcode update on all affected platforms to block malicious microcode execution.

Some platforms also require a SEV firmware update for SEV-SNP attestation, with users having to update the system BIOS and reboot to enable attestation of the mitigation.

To confirm that the mitigation has been correctly installed, check whether the microcode version(s) matches the one(s) listed in the table below.

"We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs. The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates," the Google Security Team said.

"This vulnerability could be used by an adversary to compromise confidential computing workloads protected by the newest version of AMD Secure Encrypted Virtualization, SEV-SNP or to compromise Dynamic Root of Trust Measurement."

Google security researchers, credited with finding and reporting this flaw to AMD, have also shared a proof-of-concept (PoC) exploit (tested on AMD EPYC and AMD Ryzen 9 CPUs) that shows how attackers can create arbitrary microcode patches.

Their PoC exploit makes the RDRAND instruction on vulnerable AMD Zen processors always return 4, which also sets the carry flag (CF) to 0. This indicates that the return value is invalid and ensures the exploit can't be used "to compromise correctly functioning confidential computing workloads."

This week, AMD has also received a report from Li-Chung Chiang at NTU (National Taiwan University) detailing cache-based side-channel attacks against Secure Encrypted Virtualization (SEV) that impact data center (1st Gen to 4th Gen AMD EPYC) and embedded (AMD EPYC 3000/7002/7003/9004) processors.

AMD advised developers to follow best practices for prime and probe attacks (e.g., constant-time algorithms), avoid secret-dependent data whenever possible, and follow the guidance regarding Spectre-type attacks.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

DeepSeek is a Chinese company, and this has raised significant security concerns regarding privacy, especially given that one of the world's biggest social media platforms, TikTok, was shut down in the US over its parent company's links to the Chinese Communist Party (CCP).

Lawmakers are addressing national security concerns related to the use of AI models by Chinese companies like DeepSeek. Missouri Republican Senator Josh Hawley has even introduced a bill that could potentially jail users who use models from Chinese companies like DeepSeek.

Now, a new report from Feroot Security, a cybersecurity firm, reveals that if you've signed up for DeepSeek, obfuscated code in the account creation and login process may be sending your information to China Mobile, a Chinese-owned telecommunications company banned from operating in the US since May 2019 due to national security concerns.

Speaking to ABC News, Ivan Tsarynny, Feroot Security's CEO said:

We see direct links to servers and to companies in China that are under control of the Chinese government. And this is something that we have never seen in the past.

It's already known that DeepSeek stores your data on servers in China. DeepSeek admitted this in its Privacy Policy (archived). But this is much more than just storing your data in China.

Tsarynny stated that AI software was used to deobfuscate DeepSeek's hidden code, uncovering potential data transfers to CMPassport.com, the official account management portal for China Mobile, which is owned and operated by the Chinese government.

It appears that users are being fingerprinted, and that fingerprint is used to track user activity not only on DeepSeek's website but also on other websites the users visit.

In response to the development, Rep. Josh Gottheimer called it "alarming" and demanded an immediate ban on DeepSeek from all government devices. Similarly, Australia has banned DeepSeek on government devices, citing "unacceptable security risk."

Rep. Raja Krishnamoorthi also reacted by calling DeepSeek's obfuscated method of data collection "disturbing." Speaking to ABC News, he argued that it is no accident this "pattern of data collection" appears in DeepSeek, as CCP-controlled company apps use it quite often, and you "use those apps at your own risk."

Image via Depositphotos.com

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

For much of the past year, the trail of destruction and mayhem left behind by ransomware hackers was on full display. Digital extortion gangs paralyzed hundreds of US pharmacies and clinics through their attack on Change Healthcare, exploited security vulnerabilities in the customer accounts of cloud provider Snowflake to breach a string of high-profile targets, and extracted a record $75 million from a single victim.

Yet beneath those headlines, the numbers tell a surprising story: Ransomware payments actually fell overall in 2024—and in the second half of the year dropped more precipitously than in any six-month period on record.

Cryptocurrency tracing firm Chainalysis today released a portion of its annual crime report focused on tracking the ransomware industry, which found that ransomware victims’ extortion payments totaled $814 million in 2024, a drop of 35 percent compared to the record $1.25 billion that hackers extracted from ransomware victims the previous year. Breaking down the payments over the course of 2024 shows an even more positive trend: Hackers collected just $321 million from July through December compared to $492 million the previous half year, the biggest falloff in payments between two six-month periods that Chainalysis has ever seen.

“The drastic reversal of the trends we were seeing in the first half of the year to the second was quite surprising,” says Jackie Burns Koven, who leads cyber threat intelligence at Chainalysis. She suggests that dropoff is likely due to law enforcement takedowns and disruptions, some of which had delayed effects that weren't immediately apparent in the first half of the year as ransomware victims and the cybersecurity industry grappled with catastrophic attacks.

“Don't get me wrong: For everyone who's a defender or an incident responder, it's been a year," Burns Koven says. “But it is noteworthy that for the major attacks that occurred last year, those groups don't exist anymore or have been laying low. There's been a strong signal from law enforcement that if you cross the line, there's going to be consequences.”

US and UK law enforcement scored two significant disruptions of major ransomware groups around the beginning of 2024: Six days before Christmas of 2023, the FBI announced that it had found vulnerabilities in the encryption software used by the group known as BlackCat or AlphV, distributed decryption keys to victims to foil the group’s extortion tactics, and taken down the dark-web sites the group had used to issue its threats. Two months later, in February of 2024, the UK’s National Crime Agency carried out an operation against the notorious ransomware group Lockbit, hijacking its infrastructure, seizing its cryptocurrency wallets, taking down its dark-web sites, and even obtaining information about its members and cybercriminal partners.

Initially, however, both groups seemed to bounce back from those busts. AlphV in February announced that it had hacked Change Healthcare, disabling payments at hundreds of US clinics and pharmacies and extracting $22 million from the United Healthcare–owned company in one of the worst health-care-related ransomware incidents in history. Lockbit, too, seemed to shake off the NCA’s blows, immediately launching a new dark-web site where it continued to extort victims old and new.

But in fact, both law enforcement operations may have been more successful than they appeared. AlphV, after receiving its $22 million ransom from Change Healthcare, pulled a so-called “exit scam,” taking the money and disappearing rather than sharing it with the hacker partners who had carried out the Change breach. Lockbit, too, largely fell off the map in the months that followed the NCA’s takedown, due perhaps to the cybercriminal underground’s distrust of the group and its alleged leader, Dmitry Khoroshev, when it became clear the NCA had identified him. In May of 2024, Khoroshev was also sanctioned by the US Treasury, making it far more legally complicated for Lockbit victims to pay a ransom to the group.

While the vacuum left behind by those major players in the ransomware ecosystem was filled by newer groups during the second half of 2024, many of them didn’t have the skills or experience to go after targets as big and as well defended as Lockbit and AlphV had, says Burns Koven. The result, she says, was far smaller ransom payments, often in the tens of thousands of dollars rather than the millions or tens of millions.

“Their talent is not quite as robust as their predecessors,“ Burns Koven says of the newer generation of ransomware gangs. “We're seeing the hangover of these law enforcement takedowns, not just directly targeting individuals and strains of malware but also the infrastructure and tools and services that had been used to help perpetuate these attacks.”

Last year actually saw more ransomware incidents than the previous year, says Allan Liska, a threat intelligence analyst focused on ransomware at the security firm Recorded Future. The firm counted 4,634 attacks in 2024 versus 4,400 in 2023. But the lower ransom amounts received by those newer ransomware groups suggests they may have been favoring quantity over quality, he says. “What we're seeing in terms of payments is a reflection of newer threat actors being attracted by the amount of money that they see you can make in ransomware, trying to get into the game and not being very good at it,” Liska says.

In addition to major law enforcement actions at the beginning of 2024, Chainalysis attributes the decline in payments during the second half of the year to heightened global awareness about the threat of ransomware, leading to more mature defenses and response plans within governments and other institutions. And Burns Koven adds that cryptocurrency regulation and law enforcement crackdowns on money laundering infrastructure, including mixers that help criminals anonymize and obfuscate the source of their ill-gotten cryptocurrencies, have also eroded ransomware actors’ abilities to handle payments without specialized knowledge.

While the decline in payments during the second half of 2024 is significant for being the largest ever in Chainalysis’s data, the number of ransomware attacks and volume of payments has fluctuated and declined before. Notably, researchers saw a marked decrease in activity in 2022, a year in which Chainalysis placed total ransomware payments at $655 million compared to $1.07 billion in 2021 and nearly $1 billion in 2020. But while governments and defenders were initially heartened that their deterrence efforts were working, ransomware surged back as an even more dire threat in 2023, totaling, by Chainalysis’s count, $1.25 billion in payments that year.

"I think ebbs and flows are inevitable," says Brett Callow, a managing director at FTI Consulting and longtime ransomware researcher. "If the baddies had a couple of brilliant quarters, a dip will follow, same as if the goodies had some good quarters. That's why we really need to analyze trends over a longer period, because increases and decreases over shorter periods don't really tell us much.”

Additionally, researchers have long warned that it is difficult to get truly reliable numbers about the volume of ransomware attacks and an accurate total of payments each year. This is partly the result of attackers attempting to inflate their records and make themselves seem more effective and menacing by claiming old data breaches as new attacks or simply making up attacks that they haven’t actually carried out. And it is always difficult to get accurate numbers about ransomware (not to mention digital scams more broadly), because stigma and regulatory requirements often keep victims from coming forward. This makes ransomware forecasting more of an art than a science.

"My vibe from the second half of 2024 is that if there was a decrease, there will also be a rebound," Callow says.

Chainalysis researchers are clear that the 2024 payment decline is not a guarantee of future reductions in ransomware attacks. But Burns Coven emphasizes that for defenders who are in the trenches on incident response, the data point is useful for making the case that sustained investment in ransomware defense is worthwhile.

“We're still standing in the rubble, right? We can't go tell everyone, everything's great, we solved ransomware—they’re continuing to go after schools, after hospitals and critical infrastructure," says Burns Koven. But, she adds, “I don't think anybody's necessarily celebrating. I think it's a signal of what work needs to be continued.”

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend