The security flaws impact multiple WiFi 6 access points (WAX206, WAX214v2, and WAX220) and Nighthawk Pro Gaming router models (XR1000, XR1000v2, XR500).

Although the American computer networking company did not disclose more details about the two bugs, it did reveal that unauthenticated threat actors can exploit them for remote code execution (tracked internally as PSV-2023-0039) and authentication bypass (PSV-2021-0117) in low-complexity attacks that don't require user interaction.

"NETGEAR strongly recommends that you download the latest firmware as soon as possible," the company said in security advisories published over the weekend.

The table below lists all vulnerable router models and the firmware versions with security patches.

To download and install the latest firmware for your Netgear router, you have to go through the following steps:

1. Visit NETGEAR Support.
2. Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
3. If you do not see a drop-down menu, ensure you entered your model number correctly or select a product category to browse for your product model.
4. Click Downloads.
5. Under Current Versions, select the first download whose title begins with Firmware Version.
6. Click Release Notes.
7. Follow the instructions in the release notes to download and install the new firmware.

"The unauthenticated RCE vulnerability remains if you do not complete all recommended steps," the company warned on Saturday.

"NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification."

A Netgear spokesperson was not available for comment when contacted by BleepingComputer for more information on the two security flaws.

In July, Netgear also urged customers to update to the latest firmware immediately to patch stored cross-site scripting (XSS) and authentication bypass vulnerabilities impacting several WiFi 6 router models.

One month earlier, security researchers disclosed six flaws of varying severity levels in Netgear WNR614 N300, an end-of-life router popular among home users and small businesses.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

The secretary of the Home Affairs Department has signed a directive banning the use of DeepSeek across government systems and devices, acting on advice from intelligence agencies that the chatbot presents an "unacceptable security risk." Home Affairs Minister Tony Burke emphasized that the decision was not based on the country of origin of the app but on the thorough assessment of its risks.

"The Albanese government is taking swift and decisive action to protect Australia’s national security and national interest," Burke said. "AI is a technology of promise and potential-but this government will never be afraid to take action where there is an identified national security risk."

The ban comes weeks after the Albanese administration announced a ban on the Chinese social media app TikTok from all government devices over "security and privacy" issues. It also comes after the industry closely followed the rollout of the AI chatbot, with several red flags being raised regarding censorship and data security.

The action of the Australian government comes in line with that of other governments, such as Taiwan and Italy, which are trying to deny access or limit access to DeepSeek.

The science minister, Ed Husic, had previously foreseen DeepSeek debate, similar to the arguments about TikTok. "I think people will naturally gravitate towards that. I think there'll be parallels to what you've seen with discussion around TikTok that emerge around DeepSeek as well. I wouldn't be surprised if that emerges," Husic said in January.

Australia is not the only country concerned with DeepSeek's privacy issues. The US is also currently investigating whether DeepSeek trained its AI models by stealing American companies' proprietary data. On the other hand, the Irish Data Protection Commission has also queried DeepSeek for details on how it is processing the data.

Source: The Guardian

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

On a warm Saturday in August of 2024, Raphaël Maillochon was celebrating his son’s first birthday when he got a message from one of his sources. Maillochon, a 34-year-old crime reporter for the French broadcaster TF1, was used to contacts in law enforcement pinging him on the weekend. They liked Telegram, which they felt was more secure than other messaging apps. While Maillochon was strictly off work that day, at a country house two hours south of Paris, he couldn’t help but set down the bottle of champagne he’d been about to open and look at his phone.

The source had news about “un gros poisson”—a “big fish.” If confirmed, it was going to trump all other stories in France and beyond. “Stay tuned!” the source wrote.

Maillochon tried to enjoy the birthday party while nervously eyeing his Telegram messages. Around 6 pm, just as his guests were sitting down for aperitifs, the source told him that the gros poisson was none other than Telegram’s CEO, Pavel Durov. Police were tracking Durov’s private jet, and it was due to arrive in Paris that evening from Baku, Azerbaijan. If he was on the plane, they would arrest him.

Although Maillochon used Telegram every day, he had to google its Russian-born CEO. He learned that Durov came to prominence as the cofounder of VKontakte, Russia’s homegrown version of Facebook. His next company, Telegram, made him a global tech mogul. Durov presented himself as a libertarian crusader for privacy and freedom of speech on the internet. In 2014 he blamed the Kremlin for forcing him out of VKontakte and went into self-imposed “exile,” which many saw as proof of his bona fides. Now Telegram was nearing a billion users and, Durov claimed, planning to go public by 2026. Maillochon began to grasp the size of what he was reeling in.

At 8:59 pm, his phone pinged again: “He’s been arrested.” Maillochon excused himself from the party and went outside into the garden. He checked in with other sources in different police departments, the French public prosecutor’s office, and Europol. At 10:24 pm, his story went up on TF1’s website. From there it spread to news outlets around the world.

When Durov disembarked at the small Le Bourget Airport outside Paris, he seemed to have no idea what was about to happen, Maillochon’s sources told him. They said Durov was petulant and haughty in his initial interviews with police. He flaunted his connections, claiming that he had come to Paris to meet with Emmanuel Macron. Durov also reportedly asked that French telecom billionaire Xavier Niel, until recently a majority shareholder in Le Monde newspaper, be notified of his arrest. Politico.eu later reported that Durov even used his one call to phone Niel. (Devon Spurgeon, a public relations consultant for Telegram based in Washington, DC, told WIRED that Durov phoned his own assistant, not Niel. Niel did not reply to WIRED’s requests for comment.)

As Maillochon and other French journalists went on to report, prosecutors had been secretly investigating Durov for months over his and Telegram’s alleged failure to block illegal activity—which authorities claim included fraud, drug trafficking, child sexual abuse material (CSAM), organized crime, and terrorism—on the platform. The French Gendarmerie alone had counted 2,460 cases between 2013 and 2024 in which legal requests made to Telegram had gone unanswered, according to the outlet Libération. Maylis de Roeck, a spokesperson for the prosecutor’s office, told WIRED that when her team realized just how many investigations across different departments were being stymied by Telegram’s lack of response, they decided to issue an arrest warrant. As they saw it, Durov’s silence amounted to complicity.

In the immediate aftermath of the arrest, no one from Telegram commented publicly. One of Durov’s close associates, George Lobushkin—the former head of PR at VKontakte—told WIRED: “I am in shock, and everyone close to Pavel feels the same. Nobody was prepared for this situation.” Lobushkin added that he worried “a lot” about Telegram’s future if Durov remained in custody.

In the US, one of the first to react to the arrest was Tucker Carlson, the right-wing TV host. In a post on X, Carlson called Durov “a living warning to any platform owner who refuses to censor the truth at the behest of governments and intel agencies.” Elon Musk reposted a clip from Carlson’s interview and captioned it “#FreePavel.” Even Edward Snowden, a stern critic of Telegram’s security claims, expressed alarm. “I am surprised and deeply saddened that Macron has descended to the level of taking hostages as a means for gaining access to private communications,” he wrote on X. Macron, for his part, issued a statement that France was “deeply committed to freedom of expression,” adding of the arrest: “It is in no way a political decision. It is up to the judges to rule on the matter.”

On the Sunday evening after Durov’s arrest, his custody was extended to the 96-hour limit. According to Maillochon’s sources, he slept in a cramped cell, although investigators made the rare concession of letting Durov have a fresh set of clothes delivered. Under further questioning, Durov reportedly claimed he hadn’t been unresponsive to takedown requests from law enforcement; police had merely sent their requests to the wrong place. (Durov made a similar claim in 2022 when Brazil’s supreme court temporarily banned Telegram, essentially saying the court’s legal requests had been lost in the mail.) Durov also said he had been in touch with French intelligence services about terrorism cases.

On August 28, nearly four days after his arrest, Durov was formally indicted on six charges. The most serious—complicity in the administration of an online platform to enable organized crime and illicit transactions—carried a maximum penalty of 10 years’ imprisonment, as well as a €500,000 ($521,000) fine. With bail set at €5 million ($5.2 million) and swiftly paid, Durov was released that night but prohibited from leaving the country. He was also ordered to report to a police station twice a week.

The case against Durov, the CEO of a huge mainstream platform, was unprecedented. And it came at a moment when his professed libertarian ideals and laissez-faire attitude to content moderation seemed to be ascendant. The small size of Durov’s team had actually inspired Musk to fire 80 percent of Twitter’s staff when he took it over, according to Character Limit, a book by Kate Conger and Ryan Mac. Musk gutted the company’s moderation and trust-and-safety teams. If Durov could run a platform with about 60 full-time employees, most of them in Dubai, why not try something similar? More recently, Mark Zuckerberg fired Meta’s fact-checkers in the US and loosened the enforcement of rules against inflammatory content on the company’s platforms. The “recent elections,” Zuckerberg said, were a “cultural tipping point toward once again prioritizing speech.”

Durov seems to have been unaware how close to the sun he was flying. One senior former Telegram employee reflected that, while the arrest was not inconceivable under strict European legislation, it was still startling. Yulia Conley, who worked as Telegram’s first official head of external and government relations and has agreed to go on the record for the first time in WIRED, thought it “unreasonable” to hold Durov responsible for everything happening on the platform. “I wouldn’t say that he had it coming,” Conley told WIRED. But she suggested that Telegram’s “scarcity of human capital in this very important domain of content moderation could be the main reason why the current escalation had occurred.” The issues that landed Durov in jail went back years.

On September 21, 2015, Durov sat for an interview at the TechCrunch Disrupt conference in San Francisco. It had been more than a year since he sold his stake in VKontakte, and he portrayed himself as a digital nomad, traveling the world with a cohort of Telegram engineers. He looked the part, clad all in black, and spoke with the self-assurance of a true disrupter.

Telegram was barely two years old and already handling 12 billion messages a day. All the other messaging apps out there? “They suck,” Durov said—especially WhatsApp. The interviewer brought up reports of ISIS operating on Telegram. “Do you sleep well at night knowing that terrorists use your platform?” he asked Durov. First grinning awkwardly, Durov composed himself. “Our right for privacy is more important than our fear of bad things happening, like terrorism,” he said. “I don’t think we should feel guilty about it.”

The next day, Telegram introduced the feature that transformed it from a messaging app to something more like a social network. “Channels” allowed users to broadcast their messages to an unlimited number of subscribers. Within a few days, ISIS operatives started a channel of their own. Barely two months after that, ISIS gunmen and suicide bombers attacked Paris’ Bataclan theater and Stade de France, killing 130 people and injuring hundreds. ISIS used Telegram to claim responsibility to the world.

Five days later, Telegram removed 78 ISIS channels and announced efforts to curb terrorist activity on the platform. Yet it continued to bill the app as a place where users were safe from the prying eyes of authorities, especially if those users communicated via end-to-end encrypted “secret chats.” (Contrary to popular perception, encryption has never been the default setting.) Within weeks of the attacks, the European Union set up an initiative called the Internet Forum, meant to coordinate anti-terrorism efforts between tech platforms and member states. Facebook, Google, Microsoft, and Twitter quickly joined up. Not Telegram. Its privacy policy stated bluntly: “We never share your data with anyone. No.”

As a marketing strategy, this brashly defiant pose kept paying dividends in the unlikeliest places. Even as Telegram was becoming known in France as ISIS’s platform of choice, it was also gaining popularity in French political circles. Ludovic Chaker, a manager of Macron’s 2017 presidential campaign, had his team use Telegram groups and “secret chats” for internal communications, a legal representative for Chaker confirmed to WIRED. Telegram quickly spread within the French political establishment. Members of parliament even reportedly identified which of their colleagues were pro-Macron by whether they were on the app.

But Durov’s public image as an Übermensch of privacy and free speech concealed a dowdier reality: He would spend the coming years freely contradicting the tenets of Telegram’s self-mythology when it suited him, dodging its ramifications when he had to, playing ball with governments as necessary, scrambling to pay Telegram’s bills, and then inevitably finding himself buoyed yet again by some event that seemed to validate Telegram’s anti-authoritarian, above-it-all mystique.

Take the perception Durov fostered that he lived in conscientious exile from Putin’s Russia. According to iStories, an independent Russian news outlet, which recently analyzed leaked Federal Security Service (FSB) data on border crossings, Durov in fact entered Russia 41 times between 2015 and late 2017. (Irina Bolgar, Durov’s then partner, confirmed to WIRED that he was frequently with her and their children in St. Petersburg throughout this time; their relationship was not public.)

Eventually, though, Durov’s claims about operating Telegram in defiance of the Kremlin became a problematic reality. In July 2017, the FSB sent Telegram an order to hand over encryption keys for a half-dozen accounts “suspected of terrorism-related activities.” Durov’s company refused, claiming end-to-end encryption (which applied only to “secret chats”) prevented it from complying. Telegram’s stance suddenly put its employees in Russia—including Durov—at personal risk from the Kremlin. He needed safe harbors for himself and his company to live and operate in. (While WIRED previously reported that Telegram staff were working in St. Petersburg until at least 2017, Spurgeon said that the company “has never legally or physically been connected to Russia.”)

Durov also needed money. How much would it cost to cover Telegram’s operating expenses as the messenger kept growing? “About $620 million,” Durov estimated in a document he shared with potential investors in 2017, which later came out as part of a US Securities and Exchange Commission investigation. In late 2017, news leaked that Telegram was reportedly getting ready to launch its own cryptocurrency on a bespoke blockchain. Investing opened in 2018, allowing people to buy into Durov’s latest vision: Their dollars now for his “Grams” later. The presale brought in $1.7 billion, about a quarter of which came from the US. Individual investors included Kremlin ally Roman Abramovich; former Russian government minister Mikhail Abyzov; London-based oligarch Said Gutseriev; Jan Marsalek, a fugitive tech executive from Austria later accused of being a Russian spy; and, as recently revealed by iStories, a company linked to mining in the Russian-occupied Donbas region of Ukraine. Weeks after the token presale ended, the Russian government officially blocked domestic internet users from accessing Telegram.

In reinforcing the story of Telegram’s opposition to the Kremlin, this provided a perfect context for Durov as he set about shoring up his connections in Europe. He reportedly visited the Élysée Palace to have lunch with Macron, where Macron suggested that Durov move Telegram to France and offered him French citizenship. An official who worked closely with Macron at the time told WIRED that the president may have seen Durov as a kind of “trophy” in the geopolitical contest with Putin’s Russia. (The president’s current international press adviser, Anastasia Colosimo, noted that Snap CEO Evan Spiegel was granted French citizenship around this time and that no deal was struck between Macron and Durov.)

As Telegram wooed European leaders, it also bent to European priorities. A month after Russia banned Telegram, the company finally took a seat at the EU Internet Forum, where it joined the Silicon Valley giants that had volunteered years earlier to actively cooperate on taking down dangerous content. The company also overhauled its privacy policy, removing the promise to users that it would “never share your data with anyone.”

Around this time, Durov appointed Telegram’s first dedicated head of external and government relations. Yulia Conley took the job. Born in Russia and raised partly in Michigan, she had a master’s degree in environmental science from Oxford and had previously worked for nine months at a UN sustainable development program in New York. Now, at age 23, she would be Telegram’s “frontline person” for communications on content moderation and requests from international agencies.

Under Conley’s tenure, Telegram’s relationship with law enforcement evolved to the point that Europol was routinely sending the company large datasets of content it wanted taken down—and Telegram was complying. Conley and some engineers from the company attended a so-called “action day” in the fall of 2018, hosted at Europol’s headquarters in the Hague. With law enforcement from six EU member states, they removed hundreds of items of “terrorist content” from the platform, including audio, video, and PDFs posted by ISIS and al Qaeda, along with the public channels that hosted them.

There was another action day the following year. Europol’s operations room was fully stacked with representatives from 27 member states, according to Stéphane Duguin, who worked at Europol and led the establishment of the forum. “Everyone was there,” he recalled to WIRED. They watched onscreen in real time as Telegram took down channels “one after the other.” In a press release at the time, Europol hailed Telegram’s content referral tools and automated detection systems. “Our engineers were producing models and automation tools like nobody else,” Conley told WIRED, despite “scarce resources.”

At the time, Duguin said, no other companies in the EU Internet Forum were cooperating on the scale that Telegram was. Duguin, who left Europol just a few days after this final successful action day, strongly implied that much of the relationship’s success was due to Conley. “She was really committed,” he says. “She can be proud. Because, honestly, it was not easy.”

While Conley was busy earning Telegram the goodwill of authorities in Europe and beyond, Durov was confronting another crisis, this time in the United States. In October 2019, the Securities and Exchange Commission filed a complaint against Telegram, contending that the token presale had violated registration requirements. The SEC demanded that Durov return $1.2 billion to investors. Once he did that, Telegram would have to raise funds somewhere else.

Back in Russia, the Telegram ban had turned into something of a farce. Durov’s platform remained the most popular messaging app in the country, despite the Kremlin’s half-hearted attempts to build a firewall around it. In June 2020, the Russian government announced that it would unblock the app, having reached its own agreement with Telegram over terrorist content. (Telegram has denied to WIRED that any agreement with the Kremlin existed.) When the unblocking happened, Durov was once again poised to take advantage of the timing. Within a week, Telegram had signed a settlement with the SEC in which it agreed to pay back the $1.2 billion.

Durov began freely visiting Russia again after Telegram’s unblocking, according to the leaked FSB data on border crossings obtained by iStories. In the year that followed, 2021, Telegram raised $1.7 billion in bond sales. The company reportedly got help selling the bonds from VTB, a Russian bank that’s majority state-owned and has close ties to the Kremlin, as well as Russian investment firm Aton, which was founded by a former government aide. While Russian media reported that 50 percent of the bonds were sold to Russian and European investors, Spurgeon told WIRED that “Russian investors did not play a significant role.”

Also in 2021, Durov gained citizenship in France and the UAE. Having weathered public pressure from the Kremlin and western governments, and having found a temporary fix for Telegram’s financial stresses, he seemed to relax his attention toward content moderation issues. In 2021, Conley left her role at Telegram. Sources told WIRED that after she departed, the company was less proactive, and its cooperation with Europol and other authorities deteriorated. Telegram remained in the EU Internet Forum, but 2019’s action day would remain the high-water mark for taking down malicious content, according to Duguin. (Spurgeon disagreed with this characterization, saying Telegram has always processed all takedown requests it received.)

The case that culminated with Durov’s dramatic arrest on multiple charges began with a single investigation the previous winter. It was a covert operation pursuing a suspect on Telegram who investigators said had pressured underage girls to send him child sexual abuse material and had admitted on the platform to raping a young girl. According to a document seen by Politico.eu, when investigators made a request to Telegram to reveal the suspect’s identity, the company refused.

De Roeck, the prosecutor’s office spokesperson, confirmed to WIRED that investigators requested help from Telegram to identify the suspect. She also noted that Telegram was not responding to requests from other police departments. “If it was one, we wouldn’t think anything about Telegram,” de Roeck explained. “But the point is, it’s every time, for every kind of request, in every country that we ask.” She added: “We’re not here to judge him right now. We’re here to ask: ‘Were you aware? Did you agree? What did you agree?’ Because it was not just once. It was thousands of times.” That March, according to documents reviewed by Politico.eu, arrest warrants went out for both Durov and Telegram’s other longest-serving officer, his brother Nikolai.

As the French investigation proceeded in secret, Durov was emerging from a long period out of the public eye. In April, he granted his first video interview in eight years—an hour-long sit-down with Tucker Carlson. Presenting himself as a champion of unfettered online expression, Durov praised Elon Musk for making X “more pro-freedom of speech.” (Musk replied to a clip of the interview: “Cool.”)

Later that month, Durov made his first onstage appearance in a decade. He was promoting TON, a successor to the crypto project the SEC had shut down in 2020. Officially, the new TON wasn’t run by Telegram, but Durov had been endorsing it, and anyone on the platform could activate a dedicated crypto wallet with a few clicks and start trading Toncoin. Now he was touting a new partnership with Tether, the company behind USDT, one of the most-traded cryptocurrencies in the world. By the end of April, Toncoin was worth more than double what it had been at the start of the year.

While Durov courted Carlson and hocked Toncoin, the French investigation into Telegram was escalating. By July 2024, it had grown to encompass a broad range of crimes, and France’s specialized anti-cybercrime unit, known as J3, took charge. Led by 39-year-old Johanna Brousse, this was the same small office that in 2021 had helped take down Sky ECC, an encrypted phone service used by organized crime for drug trafficking, buying weapons, extortion, and hiring hitmen. (Brousse declined to comment on either the Sky ECC case or Durov’s case, noting that both are still open.)

Durov spent most of that summer traveling around Central Asia with a 24-year-old self-described gamer and crypto enthusiast named Julia Vavilova. Vavilova uploaded pictures and videos to her social media accounts of helicopter rides, visits to nature parks, flights on a private jet, and stays in exclusive villas. On the morning of August 24, Durov was pictured having breakfast with Vavilova in Baku. They each appeared in videos at the same shooting range before they boarded the jet to Paris.

After Durov was arrested, one of the first questions among European journalists was whether the EU would piggyback on France’s case and seek to fine Telegram under its Digital Services Act. The law, which took effect a year earlier, holds platforms that operate in the EU legally responsible for users’ criminal activity, hate speech, and disinformation. “Very large online platforms”—those with at least 45 million users in the EU—face tougher obligations and penalties. So far the law had resulted in high-profile probes into X and public spats with Elon Musk. Telegram had avoided more serious scrutiny by claiming it was under the “very large” threshold. EU regulators were unconvinced and had begun an investigation into its user numbers.

A WIRED analysis with app growth expert Thomas Petit found that Telegram was very likely to have more than 45 million users in the bloc. Data that Petit accessed from Sensor Tower found 50 million monthly active users, and that was excluding some smaller countries for which there was no data. “Sensor Tower also tends to underestimate monthly active users,” Petit said. He put “the real figure” at 75 million or more. The ongoing probe into Telegram’s user base meant that the company was likely to have faced severe pressure to change its approach to moderation anyway.

In Durov’s first post on his Telegram channel after making bail, he said that blaming a CEO for users’ crimes was “misguided.” His interviews with police were “surprising,” he said, because Telegram had an official representative in the EU who responded to requests. At the same time, Durov acknowledged “growing pains” owing to the “abrupt increase” to 950 million global users, which had made it easier for criminals to abuse the platform. “I hope that the events of August will result in making Telegram—and the social networking industry as a whole—safer and stronger,” he wrote.

Durov took further steps in a post the next day, announcing the removal of a feature called “people nearby” that had supposedly been abused by scammers. He also disabled new media uploads to Telegra.ph, a blogging platform that authorities around Europe say had hosted illegal content, especially CSAM. Soon afterward he announced that “a dedicated team of moderators, leveraging AI,” would monitor Telegram’s in-app search tool to prevent discovery of certain kinds of malicious content. Telegram also quietly updated its privacy policy. The earlier language had said that Telegram might share data with legal authorities if they identified a user as a “terror suspect.” The new language broadened that to include anyone suspected of “criminal activities.”

“It’s night and day,” a Gendarmerie officer told WIRED. The officer, who investigates cybercrime but is not directly involved in Durov’s case, said that compliance from Telegram with metadata requests was helping with numerous investigations, especially drug trafficking. The Belgian prosecutor’s office told Libération that they had noticed improved cooperation from Telegram too. In fact, regulators as far afield as South Korea have been saying the same. Soyoung Park, who works for the country’s independent media commission, told WIRED that prior to Durov’s arrest, referring illegal content to the company felt like yelling into the void. But then, late last year, Park said, she met with a high-ranking executive in Japan. (Telegram vice president Ilya Perekopsky, who was in Tokyo around the same time, did not reply to WIRED’s requests for comment. Park declined to confirm the identity of the employee.) Now, Park said, her contacts at Telegram “not only remove the flagged content but provide us with compliance updates, typically within an average of 24 hours … And I think that’s, you know, a pretty big deal.”

Durov’s case in France won’t go to trial for a year or more, de Roeck, the prosecutor’s office spokesperson, told me. She added that it’s too early to discuss any kind of settlement agreement. For now, Durov is stuck in France, and his company seems to be in a kind of limbo, waiting to find out if a leader who has positioned himself as irreplaceable will need to be replaced.

What’s the mood inside Telegram? Current employees weren’t willing to comment. Shortly after WIRED contacted the company’s creative director for this story, he posted a cartoon that implied an internal attitude of defiance: A black-armored Durov stands in front of the Eiffel Tower, repelling waves of riot police who have “Thinkpol” emblazoned on their backs, while Macron looks on, clutching a red-bound copy of 1984. That seems to be how Durov continues to see himself and his company. The day after Zuckerberg announced Meta’s new moderation policies, Durov posted: “I’m proud that Telegram has supported freedom of speech long before it became politically safe to do so. Our values don’t depend on US electoral cycles.” He added: “It’s easy to say you support something when you risk nothing.” Elon Musk replied on X: “Good for you.” Durov wrote back: “I’m sure you can relate.”

Spurgeon, who joined Telegram shortly before the US presidential election, told WIRED that the company is now profitable, which she attributed to its monetization efforts, including 12 million premium subscriptions and an uptick in advertising revenue. In 2024, Spurgeon said, the company brought in $1 billion in revenue. A source familiar with Telegram’s financials told WIRED that more than half of this came from its ad platform. The company also unloaded Toncoin holdings valued at more than $244 million, according to documents obtained by the Financial Times. “It’s not like we’re using crypto to become profitable,” Spurgeon told WIRED.

The case against Durov has apparently done nothing to dampen Telegram’s growth, especially in the US. In the days after his capture, it briefly held the number two spot in the social networking category on Apple’s US App Store. Thomas Petit told WIRED that Sensor Tower data ranks the US as Telegram’s fifth biggest market, with at least 15 million monthly active users—and as with the EU, Petit estimates the real figure to be higher. The platform remains especially popular among far-right and pro-Trump groups. Telegram’s channels and secret chats are set to remain vital tools as these groups coordinate their activity. Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, told WIRED: “Vigilantism is my primary concern.”

Among investors—arguably Durov’s most important constituency—questions over the company’s long-term future remain. Even before the arrest, many had concerns about the platform’s reputation for enabling criminal activity and extremist violence. Some prospective investors told WIRED they worried about being able to call in their debt if Durov went rogue: “If it’s just him in Dubai with 50 engineers, it’s going to be really difficult for us to enforce on this,” one analyst remembers thinking when his credit investment firm briefly considered Telegram bonds. Another question was uppermost in the minds of several potential investors: What happens to Telegram if Durov is gone for good?

Yulia Conley, who is now launching an education tech and mental health startup, sees this as a reset moment for the company. She stressed that the AI systems Durov has touted still require human experts to interpret context. What does “prioritizing speech” look like when you’re trying to decide if a right-wing militia member is inciting violence or just expressing an extreme anti-immigrant opinion? As of late last year, Telegram claimed to have about 750 content moderators on contract. (The company would not specify what the number of moderators was prior to then.) Conley says Durov’s first statements after the arrest gave her a feeling of cautious optimism. “OK, he’s got it,” she remembers telling herself. “Hopefully. Hopefully everything will be fine.’”

Additional reporting by Gabriel Thierry

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

The leaked records originate from multiple high-profile sources, including Weibo, China’s largest social media platform, and DiDi, the country’s top ride-hailing service. Other affected entities include major banks, telecommunications providers, courier services, and even the Shanghai Communist Party.

Researchers believe this dataset is a compilation of both known and previously undisclosed breaches, aggregated on an Elasticsearch server. The sheer volume and diversity of data suggest malicious intent, as large-scale leaks like this can fuel identity theft, targeted phishing attacks, and unauthorized financial access.

Among the most alarming aspects of the leak is the presence of highly sensitive financial and healthcare data. The dataset includes 504 million records tied to Weibo, 25 million from SF Express (China’s largest courier service), and over 142 million from JD.com, a major e-commerce platform that had no previously known breaches.

In addition to personal and corporate data, the dataset contains politically sensitive records. A collection labeled “The Communist Party of Shanghai” includes 1.6 million records, while others titled "Friendly Nations" and "Data of Multiple Neighboring Countries" hint at potential geopolitical implications.

Though the exposed server was eventually taken offline after multiple alerts to China’s CERT, the scale of this breach highlights the persistent risks of mass data aggregation. As cybersecurity experts analyze the impact, this incident could rank among the largest known data leaks in history, second only to the infamous Shanghai National Police breach.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Last year, Microsoft expanded Defender's Privacy protection feature availability to Windows, Mac, iOS, and Android in the UK, Germany, and Canada. Microsoft also promised to bring privacy protection to ten additional countries in Europe, Asia, and Latin America.

To everyone's surprise, Microsoft today sent out an email to Microsoft 365 subscribers notifying them that the Defender Privacy protection feature will be discontinued on February 28, 2025. Microsoft provided the following reason for discontinuing the VPN service:

"Our goal is to ensure you and your family remain safer online. We routinely evaluate the usage and effectiveness of our features. As such, we are removing the privacy protection feature and will invest in new areas that will better align with customer needs."

Microsoft highlighted that other Defender features, like device protection and identity theft and credit monitoring (US), will continue to be available as before.

Microsoft Defender users on Windows, iOS, and macOS need not take any action because of this change. However, Defender users on Android should remove the VPN profile from their device using the steps below:

• Go to your phone’s Settings app.

• Search for ‘VPN’ in the settings.

• If you’ve onboarded to privacy protection, you should see a ‘Microsoft Defender’ VPN profile in the list of VPN profiles.

• Use the info icon to tap on it and remove it.

   

While the discontinuation of the VPN feature may disappoint some users, Microsoft's stated commitment to improving other security aspects could ultimately benefit its customer base.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Victim Calls Latest Gmail Threat ‘The Most Sophisticated Phishing Attack I’ve Ever Seen’

Imagine getting a call from a number with a Google caller ID from an American support technician warning you that someone had compromised your Google account, which had now been temporarily blocked. Imagine that support person then sending an email to your Gmail account to confirm this, as requested by you, and sent from a genuine Google domain. Imagine querying the phone number and asking if you could call them back on it to be sure it was genuine. They agreed after explaining it was listed on google.com and said there might be a wait while on hold. You checked and it was listed, so you didn’t make that call. Imagine being sent a code from Google to be able to reset your account and take back control and almost clicking on it. Luckily, by this stage Zach Latta, founder of Hack Club and the person who nearly fell victim, had sussed it was an AI-driven attack, albeit a very clever one indeed.

If this sounds familiar, that’s because it is: I first warned about such AI-powered attacks against Gmail users on Oct. 11 in a story that went viral. The methodology is almost exactly the same, but the warning to all 2.5 billion users of Gmail remains the same: be aware of the threat and don’t let your guard down for even a minute.

“Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats,” Spencer Starkey, a vice-president at SonicWall, said, “This requires a proactive and flexible approach to cybersecurity, which includes regular security assessments, threat intelligence, vulnerability management, and incident response planning.”

Mitigating The AI-Attacks Against Your Gmail Account Credentials

All the usual phishing mitigation advice goes out the window — well, a lot of it, at least — when talking about these super-sophisticated AI attacks. “She sounded like a real engineer, the connection was super clear, and she had an American accent,” Latta said. This reflects the description in my story back in October when the attacker was described as being “super realistic,” although then there was a pre-attack phase where notifications of compromise were sent seven days earlier to prime the target for the call.

The original target is a security consultant, which likely saved them from falling prey to the AI attack, and the latest would-be victim is the founder of a hacking club. You may not have quite the same levels of technical experience as these two, who both very nearly succumbed, so how can you stay safe?

“We've suspended the account behind this scam,” a Google spokesperson said, “we have not seen evidence that this is a wide-scale tactic, but we are hardening our defenses against abusers leveraging g.co references at sign-up to further protect users."

“Due to the speed at which new attacks are being created, they are more adaptive and difficult to detect, which poses an additional challenge for cybersecurity professionals,” Starkey said, “From a high-level business perspective, they must look to constantly monitor their network for suspicious activity, using security tools to detect where logins are occurring and on what devices.”

For everyone else, consumers especially, stay calm if you are approached by someone claiming to be from Google support, and hang up, as they won’t call you.

If in any doubt, use resources such as Google search and your Gmail account to check for that phone number and to see if your account has been accessed by anyone unfamiliar to you. Use the web client and scroll to the bottom of the screen where, bottom right, you’ll find a link to reveal all recent activity on your account.

Finally, pay particular attention to what Google says about staying safe from attackers using Gmail phishing scam hack attacks.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend  

Microsoft Edge has a new feature known as "Scareware Blocker" that helps you block (primarily) tech support online scams. In this guide, I'll help you understand and enable the feature on Windows 11.

What is Scareware Blocker on Edge?

Scareware Blocker is a security feature that uses a local AI model to analyze the contents on the screen (in this case, the web browser) to detect signs of scams in real-time.

Scareware scams have been around for many years, and they have been increasing significantly each year. Usually, the malicious individual builds up a web page with a large popup that is impossible to close and tries to persuade you to believe that your computer has been infected with malware and that you must contact the fake technical support phone number to recover your system.

A big part of the scam is to use design elements to make it seem like the message is coming from the operating system, using a similar window and button design.

As part of the security system built into the operating system and the browser, Microsoft implements the Defender SmartScreen, a similar technology that helps protect users from phishing, malware, and other online threats. It works by checking the reputation of files and websites and then taking action based on that reputation.

However, the new Scareware Blocker feature adds an extra layer of protection, using AI to detect more accurately when a web page is trying to scam you.

It's important to note that this feature is currently in preview with the latest release of the browser in the stable channel.

The unsecured ClickHouse instances reportedly held over a million log entries containing user chat history in plaintext form, API keys, backend details, and operational metadata.

Wiz Research discovered this exposure during a security assessment of DeepSeek's external infrastructure.

The security firm found two publicly accessible database instances at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000 that allowed arbitrary SQL queries via a web interface without requiring authentication.

The databases contained a 'log_stream' table that stored sensitive internal logs dating from January 6, 2025, containing:

• user queries to DeepSeek's chatbot,
• keys used by backend systems to authenticate API calls,
• internal infrastructure and services information, 
• and various operational metadata.

"This level of access posed a critical risk to DeepSeek's own security and for its end-users," comments Wiz.

"Not only an attacker could retrieve sensitive logs and actual plaintext chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file('filename') depending on their ClickHouse configuration."

Wiz says it could execute more intrusive queries but limited its exploration to enumeration to keep its research within certain ethical constraints.

It is unknown if Wiz's researchers were the first to discover this exposure or if malicious actors have already taken advantage of the misconfiguration.

In any case, Wiz informed DeepSeek of the matter, and the company promptly addressed the exposure, so the databases are no longer public.

DeepSeek's security problems

Apart from all the concerns that arise from DeepSeek being a China-based technology company, meaning it has to comply with aggressive data access requests from the country's government, the company does not appear to have established a solid security stance, placing sensitive data at risk.

The exposure of user prompts is a privacy breach that should be very concerning for organizations using the AI model for sensitive business operations.

Additionally, the exposure of backend details and API keys could give attackers a way into DeepSeek's internal networks, privilege escalation, and potentially larger-scale breaches.

Earlier this week, the Chinese platform was targeted by persistent cyberattacks, which it appeared unable to thwart, forcing it to suspend new user registrations for nearly 24 hours.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

VPNs are widely used for privacy protection, accessing geo-restricted content, and circumventing government censorship. However, many governments and platforms have developed methods to detect and block VPN traffic by identifying patterns associated with VPN servers. NordVPN’s new protocol attempts to counter these blocks by disguising VPN traffic as normal browsing activity.

While the company asserts that NordWhisper can improve access in restricted regions, it acknowledges that the technology may not work perfectly in all cases. Additionally, the protocol may introduce higher latency due to the extra steps involved in obfuscating traffic. NordWhisper is currently rolling out for Windows, Linux, and Android users, with support for other platforms expected in the future.

Some countries have intensified their efforts to block VPN usage, even pressuring companies like Apple to remove VPN apps from their app stores. One nation has reportedly experimented with isolating its internet infrastructure from the global web. While VPNs continue to function in these regions, their long-term accessibility remains uncertain.

Despite NordVPN’s new technology, privacy advocates warn that VPN users should remain cautious. Since all internet traffic is routed through a third-party service, there is always a risk of data exposure through government requests or security vulnerabilities.

As NordVPN expands NordWhisper to more platforms, it remains to be seen how effective this new approach will be in countering increasingly sophisticated VPN detection methods.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

"This website, as well as the information on the customers and victims of the website, has been seized by international law enforcement partners," the banners read.

Cracked.io's staff has released a new statement on Telegram confirming that law enforcement has seized the cracked.io domain.

"Now that everyone has more clarity on the situation, Cracked.io has been seized under operation talent with specific reasons being undisclosed," they said.

"We are still waiting for the official court documentation from the data centre and the domain host. We will inform you guys further on those details once we have it. A sad day indeed for our community."

Update January 29th 16:54 EST: Europol said that an operation is currently undergoing and more information will be available at a later date.

See our original story below.

The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks.

While some of their members also engaged in ethical hacking discussions, the sites were widely regarded as a hub for cybercriminal activity.

They also hosted content related to software cracks, hacking tools like "configs" used by credential stuffing attack tools (e.g., OpenBullet and SilverBullet), and other illicit activities, including a "combo lists" marketplace with stolen credentials or databases.

When trying to open the sites, web browsers display "Error 1000. DNS points to prohibited IP" and Error 1016. Origin DNS error" messages.

Today, the FBI seized the forums' domains and changed their name servers to ns1.fbi.seized.gov and ns2.fbi.seized.gov from their previous Cloudflare name servers.

Cracked.io's staff published an announcement on their Telegram channel earlier today, blaming a data center issue for the ongoing access problems.

"There is an active issue in our data centre which the staff is working on. Hence services remain offline till the issue is resolved. We will get detailed report later," they said.

"We can only hope it is resolved without further issue. No estimated time at this moment. The current status from data centre is that it may take up to 1 day."

Today, the FBI also seized domains used by:

• MySellIX (mysellix.io) and SellIX (sellix.io), two platforms that allowed users to create their own online stores, which threat actors also used to sell stolen data, software keys, and compromised accounts, and
• StarkRDP (starkrdp.io), a Windows RDP virtual hosting provider that some threat actors allegedly used for credential stuffing attacks.

An FBI spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

While the law enforcement agency has yet to share more information about this wave of seizures, all signs point to a crackdown on platforms involved in credential stuffing and stolen account credentials.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

The Italian data protection authority, known as the Garante, is currently looking into how DeepSeek collects and uses personal information. The Garante wants to know what kind of data the app gathers, where this data comes from, and how it is stored. Perhaps the main question for them is whether the user data is kept in China, which raises privacy issues for many users.

Pasquale Stanzione, President of Garante, told Italian news agency ANSA that he doesn't know what may have caused the removal of DeepSeek from the app stores.

"We have asked for information. Now the company has 20 days to respond: when it responds our offices will start an in-depth investigation to see if there is compliance with the GDPR".

The Garante has given DeepSeek 20 days to respond to these questions and provide more information about its operations in the EU region. The investigation is also to ensure that the app follows the GDPR (General Data Protection Regulation) guidelines.

Italy isn't the only country that is investigating DeepSeek's privacy issues. The Irish Data Protection Commission has also asked DeepSeek for details regarding how it is processing the data of the citizens of Ireland. The U.S. is also currently investigating whether DeepSeek trained its AI models by stealing U.S. companies' proprietary data.

Although DeepSeek isn't available for download to new users, those who have already downloaded the app on their devices can still use it. DeepSeek is still available to download in the rest of Europe and the U.K.

Source: Reuters | Image: DepositPhotos

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

The vulnerability allows unauthenticated attackers to execute arbitrary commands using the ‘supervisor’ or ‘zyuser’ service accounts.

Vulnerability intelligence company VulnCheck added the security issue to its database last year on July 12 and listed it among other issues exploited in the wild for initial access.

Technical details on the vulnerability have not been publicly disclosed and Zyxel did not release a security advisory or a patch for CVE-2024-40891, and the issue remains exploitable in the latest firmware.

It appears that hackers discovered how to leverage the vulnerability and are using it in attacks as threat monitoring platform GreyNoise has observed recently exploitation activity originating from multiple unique IP addresses.

GreyNoise notes that the flaw is similar to CVE-2024-40890, which is HTTP-based. However, VulnCheck confirmed that the current exploitation detection is for the unpatched CVE-2024-40891, which is based on the telnet protocol.

“GreyNoise is observing active exploitation attempts targeting a zero-day critical command injection vulnerability in Zyxel CPE Series devices tracked as CVE-2024-40891,” reads the bulletin.

“At this time, the vulnerability is not patched, nor has it been publicly disclosed. Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration” - GreyNoise

Internet scanning service Censys reports that there are more than 1,500 Zyxel CPE Series devices currently exposed online, mostly in the Philippines, Turkey, the United Kingdom, France, and Italy.

Considering that no security update is available to address the problem, system administrators should at least try to block the IP addresses launching the exploitation attempts. However, this attacks from other IP addresses are still possible.

For further mitigation, it is recommended to monitor traffic for atypical telnet requests to Zyxel CPE management interfaces, and restrict access to the administrative interface only to a specified IP allowlist.

If remote management features are not used/needed, it is better to disable them entirely to reduce the attack surface.

BleepingComputer has contacted Zyxel with a request for a comment, but we are still waiting for the vendor’s response.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple's Core Media framework.

"A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2," Apple said today.

According to the company's official documentation, Core Media "defines the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms."

Apple has fixed CVE-2024-23222 with improved memory management in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3.

The list of devices impacted by this zero-day is quite extensive, as the bug affects older and newer models, including:

• iPhone XS and later,
• iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
• macOS Sequoia
• Apple Watch Series 6 and later
• Apple TV HD and Apple TV 4K (all models)

Apple has yet to attribute the discovery of this security vulnerability to a security researcher and has not published details regarding attacks, even though it disclosed that it is exploited in the wild.

While this zero-day bug was likely only exploited in targeted attacks, it is highly advised to install today's security updates as soon as possible to block potentially ongoing attack attempts.

Last year, the company fixed a total of six zero-days, the first in January, two in March, a fourth in May, and two more in November,

One year before, in 2023, Apple patched 20 zero-day flaws exploited in the wild, including:

• two zero-days (CVE-2023-42916 and CVE-2023-42917) in November
• two zero-days (CVE-2023-42824 and CVE-2023-5217) in October
• five zero-days (CVE-2023-41061, CVE-2023-41064, CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993) in September
• two zero-days (CVE-2023-37450 and CVE-2023-38606) in July
• three zero-days (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439) in June
• three more zero-days (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) in May
• two zero-days (CVE-2023-28206 and CVE-2023-28205) in April
• and another WebKit zero-day (CVE-2023-23529) in February

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

Scareware scams (also known as tech support scams) have been a pervasive threat for years. The scammers use aggressive landing pages to persuade potential victims that their devices have been compromised with malware and then try to gain remote access to targets' systems by pressuring them to call a fake tech support number.

Defender SmartScreen, which also protects Edge users from scams, activates after an abusive site is detected and added to its index of malicious web pages to safeguard users globally within minutes.

However, Microsoft's new Edge scareware blocker, introduced at the 2024 Ignite conference, offers extra protection by detecting signs of scareware scams in real-time using a local machine learning model.

"Scareware blocker adds a new, first line of defense to help protect the users exposed to a new scam if it attempts to open a full screen page. Scareware blocker uses a machine learning model that runs on the local computer," Microsoft said.

"The model uses computer vision to compare full screen pages to thousands of sample scams that the scam-fighting community shared with us. The model runs locally, without saving or sending images to the cloud."

Once it detects a scam page, it alerts users and allows them to continue loading the webpage if they trust the site is safe.

"To enable in Edge, first make sure that previews are allowed by your administrator and also that Edge is fully up to date. You may want to restart the browser once more to make sure your Edge client has the preview," Microsoft added on Monday.

"After making sure you have the latest updates, you should see the scareware blocker preview listed under "Privacy Search and Services.'"

When the scareware blocker spots a potentially malicious page, Edge gives control back to the user, exiting full-screen mode, halting loud audio, displaying a warning, and showing a thumbnail of the page.

Users can then report the scam site to protect others by sharing screenshots and diagnostic info with Microsoft, helping the Defender SmartScreen service detect scareware outbreaks across users' devices.

The scareware blocker ML model will discard the page if users don't report the page. To reduce false positives, users should also report cases where legitimate sites are flagged as malicious.

"By reporting false alarms, you help us make the feature more reliable to catch the real scams. Beyond just blocking individual scam outbreaks, our Microsoft Digital Crimes Unit goes even further to target the cybercrime supply chain directly," Microsoft said.

On Friday, the company also reminded customers that a new brand impersonation protection feature for Teams Chat will be generally available by mid-February 2025.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

DeepSeek is a relatively new AI platform that has quickly gained attention over the past week for its development and release of an advanced AI model that allegedly matches or outperforms the capabilities of US  tech giant's models at significantly lower costs.

The news of the new model led to a massive sell-off in the US stock market as the AI arms race heats up.

However, with this surge in popularity comes the attention of threat actors, or as some believe, their corporate rivals.

Today, just as the DeepSeek AI Assistant app overtook ChatGPT as the top downloaded app on the Apple App Store, the company was forced to turn off new registrations after suffering a cyberattack.

"Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," reads a message on the DeepSeek status page.

"Existing users can log in as usual. Thanks for your understanding and support."

While no details about the attack were shared, it is believed that the company is facing a distributed denial-of-service (DDoS) attack against its API and Web Chat platform.

A DDoS attack is when a large amount of traffic is sent to a particular IP address or URL, which uses up the available resources on the devices. This causes the services to no longer function anymore until the DDoS attack is mitigated or stopped.

While the attack is impacting their registration process, you can now log in with your Google account to gain access.

In doing so, you will share your name, email address, language preference, and profile picture with DeepSeek.

Now that DeepSeek has seen immense media attention, it is also being heavily scrutinized by cybersecurity researchers.

Today, cybersecurity firm KELA reported that it was able to jailbreak the model to produce malicious outputs.

"KELA has observed that while DeepSeek R1 bears similarities to ChatGPT, it is significantly more vulnerable," reads KELA's report.

"KELA's AI Red Team was able to jailbreak the model across a wide range of scenarios, enabling it to generate malicious outputs, such as ransomware development, fabrication of sensitive content, and detailed instructions for creating toxins and explosive devices.

BleepingComputer reached out to DeepSeek to learn more about the attack but did not receive a response.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

When a potentially suspicious login attempt is detected, like from an unrecognized device, the user will now prompted to confirm the action by entering a verification code they received via email.

Those who fail to provide the code cannot access the password vault.

"Starting in February, Bitwarden will bolster user account security for those users who are not utilizing two-step login (2FA) for their Bitwarden account," reads the announcement.

"When logging in from an unrecognized device, users will be asked for an emailed verification code to confirm the login attempt and better protect their Bitwarden vaults."

This security step is a form of two-factor authentication, so essentially, Bitwarden is enforcing it even for those who haven't activated it themselves.

While this will provide additional protection, the best approach would be to enable multi-factor authentication via authenticator apps or, even better, FIDO-compliant passkeys.

Activating any 2FA method or using API keys or SSO to log in automatically opts users out of this new security mechanism. Self-hosted instances are also excluded.

As Bitwarden explained in a separate FAQ page, the following events will trigger the extra code prompt:

• Logging in from a new device
• Re-installing the mobile or desktop app
• Clearing the web browser cookies

Bitwarden is aware of a sub-category of users who store their email credentials inside the password manager's vault and warns about the practical problems that arise from the new verification step to be introduced next week.

To avoid being locked out of both their email and Bitwarden accounts, users need to ensure they have independent access to their email credentials or simply enable 2FA on their Bitwarden accounts.

This extra security step should not be considered an excuse for using weak master passwords or recycling passwords.

Users should ensure their master password is hard to brute-force by picking something long and unique and including different character types.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

In October, UnitedHealth reported to the US Department of Health and Human Services Office for Civil Rights that the attack affected 100 million people. However, as first reported by TechCrunch, UnitedHealth confirmed on Friday that the figure has nearly doubled to 190 million.

"Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million," UnitedHealth Group told TechCrunch.

"The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date."

While UnitedHealth says that there are no indications that the threat actors have misused the stolen data, the sheer quantity of sensitive information stolen in the attack is massive.

This stolen data includes patients' health insurance information, medical records, billing and payment information, and sensitive personal information, such as phone numbers, addresses, and, in some cases, Social Security Numbers and government ID numbers.

The ransomware attack on UnitedHealth's subsidiary, Change Healthcare, is the largest healthcare data breach in US history.

The Change Healthcare ransomware attack

In February 2024, UnitedHealth subsidiary Change Healthcare suffered a massive ransomware attack, leading to widespread disruption to the United States healthcare system.

This disruption prevented doctors and pharmacies from filing claims and pharmacies from accepting discount prescription cards, causing patients to pay full price for medications.

It was later learned that the BlackCat ransomware gang, aka ALPHV, was behind the attack. The threat actors used stolen credentials to breach the company's Citrix remote access service, which did not have multi-factor authentication enabled.

After breaching the network, the threat actors stole 6 TB of data and encrypted computers, causing the company to shut down IT systems and its online platforms for billing, claims, and prescription fulfillment.

The UnitedHealth Group later confirmed it paid a ransom to receive a decryptor and to prevent the threat actors from publicly releasing the stolen data. This ransom payment was allegedly $22 million, according to the BlackCat ransomware affiliate who conducted the attack.

This ransom payment was supposed to be split between the affiliate and the ransomware operators, but the BlackCat suddenly shut down in an exit scam, stealing the entire payment for themselves.

This is where it got worse for UnitedHealth, as the threat actor behind the attack stated that they did not delete the stolen data as promised.

The attacker then partnered with a new ransomware operation named RansomHub and began leaking some of the stolen data, demanding an additional payment for the data not to be released.

A few days later, the Change Healthcare entry on RansomHub's data leak site mysteriously disappeared, indicating that United Health likely paid a second ransom demand.

UnitedHealth said in April that the Change Healthcare ransomware attack caused $872 million in losses, which increased as part of the Q3 2024 earnings to an expected $2.45 billion for the nine months to September 30, 2024,

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

By July last year, Threads had amassed over 170 million monthly users. At launch, the platform was ad-free, but Adam Mosseri recently announced that this is changing. On Threads, the Instagram and Threads head wrote:

We’re starting a small test for ads on Threads with a handful of brands in the US and Japan. We know there will be plenty of feedback about how we should approach ads, and we are making sure they feel like Threads posts you’d find relevant and interesting. We’ll closely monitor this test before scaling it more broadly, with the goal of getting ads on Threads to a place where they are as interesting as organic content.

Meta’s move isn’t surprising, considering that over 90% of its revenue comes from ads. Platforms like Facebook and Instagram contributed heavily to its $133 billion in revenue in 2023.

However, many Threads users are unhappy with the introduction of ads, even with Mosseri’s claim that they’ll be "as interesting as organic content." One user, @nat.whoo, replied to Mosseri’s announcement:

Damn, man. It’s unbelievable the effort Meta makes to turn everything you create into absolute sh*t. This feels like a safe space away from ads, and you want to ruin that as well?

Other users argued that ads ruined Facebook for regular users, and adding ads to Threads could similarly degrade the user experience. Some have even threatened to leave the platform if ads start appearing in their feeds.

This controversy is just the latest for Meta. Recently, the company faced backlash for blocking pro-Democrat hashtags on Instagram. In response, Meta claimed the blockage was an error and promised a fix.

Earlier this month, the company also discontinued its AI accounts feature, which included Instagram accounts powered by Meta's large language models. One such account, Liv, was an LLM claiming to be a "Black queer momma of two."

As an online publication, Neowin too relies on ads for operating costs and, if you use an ad blocker, we'd appreciate being whitelisted. In addition, we have an ad-free subscription for $28 a year, which is another way to show support!

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

Throughout the event, they targeted automotive software and products, including electric vehicle (EV) chargers, car operating systems (i.e., Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX), and in-vehicle infotainment (IVI) systems.

According to the Pwn2Own Tokyo 2025 contest rules, all devices targeted ran the latest operating system versions and had all security updates installed.

While Tesla also provided a Model 3/Y (Ryzen-based) equivalent benchtop unit, security researchers who joined the competition have only registered attempts against the company's Wall Connector charger.

The competitors collected $382,750 in cash awards after demoing 16 unique zero-days on the first day and another $335,500 on the second day after exploiting 23 more zero-day vulnerabilities and hacking Tesla's EV charger twice. On the third day of Pwn2Own, they collected another $168,000 for 10 more zero-days.

After the zero days are demoed and reported during Pwn2Own events, vendors have 90 days to release security patches before TrendMicro's Zero Day Initiative publicly discloses them.

Summoning Team's Sina Kheirkhah won this year's edition of Pwn2Own Automotive 2025 with 30.5 Master of Pwn points, and $222,250 in cash awards won after hacking the multiple EV chargers and In-Vehicle Infotainment (IVI) systems.

Synacktiv took second place with $147,500, PHP Hooligans earned $110,000, fuzzware.io will go home with $68,750, and Viettel Cyber Security collected $53,750 for the zero-day exploits demoed during the three days of the competition.

The results for each challenge on Pwn2Own Automotive 2025's last day and the final results can be found here.

During the first edition of Pwn2Own Automotive in January 2024, security researchers earned $1,323,750 for demonstrating 49 zero-day bugs in multiple electric car systems and hacking a Tesla car twice.

Two months later, during the Pwn2Own Vancouver 2024 competition, ZDI awarded another $1,132,500 for 29 zero-day bugs. Synacktiv went home with $200,000 and a Tesla Model 3 after hacking its ECU with Vehicle (VEH) CAN BUS Control in under 30 seconds.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

Your Threads feed will soon have ads. On Friday, Meta announced that it’s rolling out a “limited, early test of ads in Threads,” and the test will happen with a “handful of brands in the US and Japan,” according to Instagram boss Adam Mosseri.

Image: Meta

 

Ads on Threads will appear as images between posts in your home feed. “As we learn from this test, we will monitor to see how it’s going before filling out more broadly,” Meta says.

 

To serve you relevant ads, Meta will use your activity on Threads and Instagram, the posts you interact with, your email address, and “your activity from off Meta technologies,” according to a support page. Threads will also offer ways to customize the ads you see from your account center, along with options to skip, hide, and report them from within your feed.

 

Last April, Mosseri confirmed that Threads would eventually get ads, and rumors emerged that they would appear in early 2025.

 

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

About a year ago, security researcher Sam Curry bought his mother a Subaru, on the condition that, at some point in the near future, she let him hack it.

It took Curry until last November, when he was home for Thanksgiving, to begin examining the 2023 Impreza's Internet-connected features and start looking for ways to exploit them. Sure enough, he and a researcher working with him online, Shubham Shah, soon discovered vulnerabilities in a Subaru web portal that let them hijack the ability to unlock the car, honk its horn, and start its ignition, reassigning control of those features to any phone or computer they chose.

Most disturbing for Curry, though, was that they found they could also track the Subaru's location—not merely where it was at the moment but also where it had been for the entire year that his mother had owned it. The map of the car’s whereabouts was so accurate and detailed, Curry says, that he was able to see her doctor visits, the homes of the friends she visited, even which exact parking space his mother parked in every time she went to church.

A year of location data for Sam Curry’s mother’s 2023 Subaru Impreza that Curry and Shah were

able to access in Subaru’s employee admin portal thanks to its security vulnerabilities.

Credit: Sam Curry

“You can retrieve at least a year's worth of location history for the car, where it's pinged precisely, sometimes multiple times a day,” Curry says. “Whether somebody's cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone.”

Curry and Shah today revealed in a blog post their method for hacking and tracking millions of Subarus, which they believe would have allowed hackers to target any of the company's vehicles equipped with its digital features known as Starlink in the US, Canada, or Japan. Vulnerabilities they found in a Subaru website intended for the company's staff allowed them to hijack an employee's account to both reassign control of cars’ Starlink features and also access all the vehicle location data available to employees, including the car’s location every time its engine started, as shown in their video below.

Curry and Shah reported their findings to Subaru in late November, and Subaru quickly patched its Starlink security flaws. But the researchers warn that the Subaru web vulnerabilities are just the latest in a long series of similar web-based flaws they and other security researchers working with them have found that have affected well over a dozen carmakers, including Acura, Genesis, Honda, Hyundai, Infiniti, Kia, Toyota, and many others. There’s little doubt, they say, that similarly serious hackable bugs exist in other auto companies' web tools that have yet to be discovered.

In Subaru's case, in particular, they also point out that their discovery hints at how pervasively those with access to Subaru's portal can track its customers' movements, a privacy issue that will last far longer than the web vulnerabilities that exposed it. “The thing is, even though this is patched, this functionality is still going to exist for Subaru employees,” Curry says. “It's just normal functionality that an employee can pull up a year's worth of your location history.”

When WIRED reached out to Subaru for comment on Curry and Shah's findings, a spokesperson responded in a statement that “after being notified by independent security researchers, [Subaru] discovered a vulnerability in its Starlink service that could potentially allow a third party to access Starlink accounts. The vulnerability was immediately closed and no customer information was ever accessed without authorization.”

The Subaru spokesperson also confirmed to WIRED that “there are employees at Subaru of America, based on their job relevancy, who can access location data." The company offered as an example that employees have that access to share a vehicle's location with first responders in the case when a collision is detected. “All these individuals receive proper training and are required to sign appropriate privacy, security, and NDA agreements as needed,” Subaru's statement added. “These systems have security monitoring solutions in place which are continually evolving to meet modern cyber threats.”

Responding to Subaru's example of notifying first responders about a collision, Curry notes that would hardly require a year's worth of location history. The company didn't respond to WIRED asking how far back it keeps customers' location histories and makes them available to employees.

Shah and Curry's research that led them to the discovery of Subaru's vulnerabilities began when they found that Curry's mother's Starlink app connected to the domain SubaruCS.com, which they realized was an administrative domain for employees. Scouring that site for security flaws, they found that they could reset employees' passwords simply by guessing their email address, which gave them the ability to take over any employee's account whose email they could find. The password reset functionality did ask for answers to two security questions, but they found that those answers were checked with code that ran locally in a user's browser, not on Subaru's server, allowing the safeguard to be easily bypassed. “There were really multiple systemic failures that led to this,” Shah says.

The two researchers say they found the email address for a Subaru Starlink developer on LinkedIn, took over the employee's account, and immediately found that they could use that staffer's access to look up any Subaru owner by last name, zip code, email address, phone number, or license plate to access their Starlink configurations. In seconds, they could then reassign control of the Starlink features of that user's vehicle, including the ability to remotely unlock the car, honk its horn, start its ignition, or locate it, as shown in the video below.

Those vulnerabilities alone, for drivers, present serious theft and safety risks. Curry and Shah point out that a hacker could have targeted a victim for stalking or theft, looked up someone's vehicle's location, then unlocked their car at any time—though a thief would have to somehow also use a separate technique to disable the car's immobilizer, the component that prevents it from being driven away without a key.

Those car hacking and tracking techniques alone are far from unique. Last summer, Curry and another researcher, Neiko Rivera, demonstrated to WIRED that they could pull off a similar trick with any of millions of vehicles sold by Kia. Over the prior two years, a larger group of researchers, of which Curry and Shah are a part, discovered web-based security vulnerabilities that affected cars sold by Acura, BMW, Ferrari, Genesis, Honda, Hyundai, Infiniti, Mercedes-Benz, Nissan, Rolls Royce, and Toyota.

More unusual in Subaru's case, Curry and Shah say, is that they were able to access fine-grained, historical location data for Subarus going back at least a year. Subaru may in fact collect multiple years of location data, but Curry and Shah tested their technique only on Curry's mother, who had owned her Subaru for about a year.

Curry argues that Subaru's extensive location tracking is a particularly disturbing demonstration of the car industry's lack of privacy safeguards around its growing collection of personal data on drivers. “It's kind of bonkers,” he says. “There's an expectation that a Google employee isn't going to be able to just go through your emails in Gmail, but there's literally a button on Subaru's admin panel that lets an employee view location history.”

The two researchers’ work contributes to a growing sense of concern over the enormous amount of location data that car companies collect. In December, information a whistleblower provided to the German hacker collective the Chaos Computer Computer and Der Spiegel revealed that Cariad, a software company that partners with Volkswagen, had left detailed location data for 800,000 electric vehicles publicly exposed online. Privacy researchers at the Mozilla Foundation in September warned in a report that “modern cars are a privacy nightmare,” noting that 92 percent give car owners little to no control over the data they collect, and 84 percent reserve the right to sell or share your information. (Subaru tells WIRED that it “does not sell location data.”)

“While we worried that our doorbells and watches that connect to the Internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines,” Mozilla's report reads.

Curry and Shah's discovery of Subaru's security vulnerabilities in its tracking demonstrate a particularly egregious exposure of that data—but also a privacy problem that's hardly less disturbing now that the vulnerabilities are patched, says Robert Herrell, the executive director of the Consumer Federation of California, which has sought to create legislation for limiting a car's data tracking.

“It seems like there are a bunch of employees at Subaru that have a scary amount of detailed information,” Herrell says. “People are being tracked in ways that they have no idea are happening.”

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

Rsync is an open-source file synchronization tool that supports direct file syncing via its daemon, SSH transfers via SSH, and incremental transfers that save time and bandwidth.

It's widely used by many backup solutions like Rclone, DeltaCopy, and ChronoSync, as well as in cloud and server management operations and public file distribution.

The flaws are tracked as CVE-2024-12084 (heap buffer overflow), CVE-2024-12085 (information leak via uninitialized stack), CVE-2024-12086 (server leaks arbitrary client files), CVE-2024-12087 (path traversal via --inc-recursive option), CVE-2024-12088 (bypass of --safe-links option), and CVE-2024-12747 (symbolic link race condition).

QNAP says they affect HBS 3 Hybrid Backup Sync 25.1.x, the company's data backup and disaster recovery solution, which supports local, remote, and cloud storage services.

In a security advisory released on Thursday, QNAP said it addressed these vulnerabilities in HBS 3 Hybrid Backup Sync 25.1.4.952 and advised customers to update their software to the latest version.

To update the Hybrid Backup Sync installation on your NAS device, you will have to:

1. Log on to QTS or QuTS hero as an administrator.
2. Open App Center and search for HBS 3 Hybrid Backup Sync.
3. Wait for HBS 3 Hybrid Backup Sync to show up in the search results
4. Click Update and then OK in the follow-up confirmation message.

These Rsync flaws can be combined to create exploitation chains that lead to remote system compromise. The attackers only require anonymous read access to vulnerable servers.

"When combined, the first two vulnerabilities (heap buffer overflow and information leak) allow a client to execute arbitrary code on a device that has an Rsync server running," warned CERT/CC one week ago when rsync 3.4.0 was released with security fixes.

"The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client."

A Shodan search shows more than 700,000 IP addresses with exposed rsync servers. However, it's unclear how many of them are vulnerable to attacks exploiting these security vulnerabilities since successful exploitation requires valid credentials or servers configured for anonymous connections.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

Microsoft is about to make a major change to how sign-ins work within web browsers. Starting February 2025, you will automatically stay signed in to your Microsoft account. This is a significant change from the current behavior, which would sign out automatically after 24 hours.

The change aligns Microsoft more with Google, which already leaves accounts logged in. But that alignment is not necessarily a good thing. Google has been criticized for this behavior, and Microsoft will likely see some pushback.

The change will save some time for those who use Microsoft accounts on personal computers or within any secure environment. However, unless someone knows about the change, the new behavior could also increase security risks surrounding a Microsoft account.

It's good practice to explicitly sign out of your Microsoft account and other accounts after you've finished using a public or shared PC, but there was a built-in failsafe for those who did not sign out. Signing in an account by accident still leaves your details vulnerable for 24 hours, but after that, your account will be signed out automatically.

Alternatively, you can use private browsing. Microsoft recommends that route as a more secure way to use a public or shared PC.

To recall, Meta introduced its ad-free subscription for Facebook and Instagram in the EU, EEA, and Switzerland in October 2023 to comply with the Digital Markets Act (DMA) and General Data Protection Regulation (GDPR). Both laws restrict how much personal data an online service can take in the name of an ad-supported free service.

Its "Pay or Okay" model soon caught the attention of consumer groups, who filed a complaint against the company over "unfair commercial practices," alleging it forces users to "either consent to the processing of their data for advertising purposes by the company or pay in order not to be shown advertisements."

The social media giant had to launch a second version of its ad-free subscription in November 2024 after the European regulators took the matter into their hands, reducing its subscription price from €9.99 to €5.99.

In its latest attempt, the European consumer watchdog BEUC argues that Meta "fails to address the fundamental problems" in the "pay or consent" initial approach. The organization has listed several counts where it alleges Meta's ad-free subscription breaches EU laws, including:

• Using misleading practices and unclear terms and confusing interface design to steer users towards Meta’s preferred option;
• Not giving to users the possibility to consent fully freely to their data being processed, while the tech giant does not minimise the data it collects from users;
• Meta degrades the service to users who do not consent to the use of their personal data.

BEUC's director general Agustín Reyna called the changes applied by Meta "cosmetic," adding that the company is not giving a fair choice to the users and "making a weak bid to argue it is complying with EU law while still pushing users towards its behavioural ads system."

Meanwhile, Reuters reports that a Meta spokesperson didn't align with BEUC's conclusions and said that the changes introduced in November go in line with EU regulator demands and exceed EU law requirements.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend  

According to the investigation, PayPal's security measures on its platform weren't strong enough to keep bad actors from accessing user private data, including phone numbers, emails, addresses, and social security numbers. The DFS oversees all the financial institutions in the state of New York.

DFS's Superintendent Adrienne A. Harris said in a statement,

“New York’s nation-leading cybersecurity regulation sets a critical standard for safeguarding consumer data and strengthening the resilience of financial institutions. Qualified cybersecurity personnel are the first line of defense against potential data breaches, and providing proper training and effectively implementing cybersecurity policies and procedures are vital steps to protecting sensitive data and mitigating risks.”

The problem started when PayPal made changes to how it handled certain customer data related to IRS Form 1099-K, something that is used for reporting tax. The teams responsible for managing these changes weren't trained properly on the systems and the processes involved in making those changes that led to mistakes and eventually exposed private customer information. The bad actors took advantage of these weaknesses in PayPal's system and accessed customers' sensitive data.

The DFS investigation also found that PayPal didn't really have strong policies in place to control who could access sensitive information. All of these issues related to PayPal violated New York's strict cybersecurity rules, which are designed to protect consumers from data breaches and attacks like these. For starters, New York’s Cybersecurity Regulation has been in place since 2017 and was last updated in November 2023.

Earlier this week, Forbes also reported a "no-phish phishing" technique that was being used by bad actors against PayPal users to get access to their accounts where victims often receive payment requests that seemed legitimate, directly through PayPal's platform, making it challenging to identify any malicious intent. Instead of using fake emails or misleading links, hackers exploited vulnerabilities in PayPal's infrastructure to blend fraudulent requests with regular transactions, which led many users to unknowingly authorize unauthorized payments.

As a response, the company has reset passwords for affected users and urged them to use 2FA as an extra layer of security.

via Reuters

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend