News: Security & Privacy News

Proton launches Docs for encrypted, privacy-focused document editing and collaboration

Wed, 03 Jul 2024 20:19:35 +0000

Today, Proton announced a new tool that expands its portfolio of privacy-focused services. Proton Docs is here to rival Google Docs, Microsoft Office, and other apps, offering customers document editing and collaboration capabilities with an emphasis on security and privacy. Proton touts its latest app as a "secure alternative to Google Drive and Docs" and a solid option for healthcare, media, finance, legal, and other industries that often deal with sensitive data.

Key features in Proton Docs include rich text editing with advanced formatting capabilities, wide compatibility with popular document formats like Word (docx), real-time collaboration and commenting, image support, and more. Proton Docs also supports features from the recently acquired Standard Notes. They include markdown, rich text, code blocks, checklists, and more. Most importantly, Proton promises to keep it end-to-end encrypted by default and never harvest any of your data.

Anant Vijay Singh, Product Lead for Proton Drive, said the following about the launch of Proton Docs:

Docs in Proton Drive makes it effortless to stay secure and private. Users don’t have to lift a finger or worry about complicated security measures—Proton’s got it all covered. In a world where Big Tech constantly breaches privacy and mishandles data, Docs offers a seamless and reliable solution for document editing and collaboration. Our users can confidently create and share documents, resting easy knowing their information is protected.

Like other Proton services, Proton Docs offers a free tier for all customers. It provides access to essential features, giving users a privacy-focused service at no cost. Additional features are available for those willing to pay.

Proton promises to deliver more features in future updates. Customers can look out for improved collaboration and new tools that will make it easier to create and edit documents with their coworkers.

You can learn more about Proton Docs in a blog post on the official Proton website.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts

“Everything’s frozen”: Ransomware locks credit union users out of bank accounts

Wed, 03 Jul 2024 20:16:31 +0000

Patelco Credit Union in Calif. shut down numerous banking services after attack.

A California-based credit union with over 450,000 members said it suffered a ransomware attack that is disrupting account services and could take weeks to recover from.

"The next few days—and coming weeks—may present challenges for our members, as we continue to navigate around the limited functionality we are experiencing due to this incident," Patelco Credit Union CEO Erin Mendez told members in a July 1 message that said the security problem was caused by a ransomware attack. Online banking and several other services are unavailable, while several other services and types of transactions have limited functionality.

Patelco Credit Union was hit by the attack on June 29 and has been posting updates on this page, which says the credit union "proactively shut down some of our day-to-day banking systems to contain and remediate the issue... As a result of our proactive measures, transactions, transfers, payments, and deposits are unavailable at this time. Debit and credit cards are working with limited functionality."

Patelco Credit Union is a nonprofit cooperative in Northern California with $9 billion in assets and 37 local branches. "Our priority is the safe and secure restoration of our banking systems," a July 2 update said. "We continue to work alongside leading third-party cybersecurity experts in support of this effort. We have also been cooperating with regulators and law enforcement."

“Everything’s frozen”

Patelco member Enrique Juarez said he was having trouble accessing his Social Security payment, according to the Mercury News. "I've never had a problem before," Juarez told the news organization. "Everything's frozen, I can't even check my balance until this is resolved—and they don't know [when that will happen]."

Patelco says that check and cash deposits should be working, but direct deposits have limited functionality.

Security expert Ahmed Banafa "said Tuesday that it looks likely that hackers infiltrated the bank's internal databases via a phishing email and encrypted its contents, locking out the bank from its own systems," the Mercury News reported. Banafa was paraphrased as saying that it is "likely the hackers will demand an amount of money from the credit union to restore its systems back to normal, and will continue to hold the bank's accounts hostage until either the bank finds a way around the hack or until the hackers are paid."

Change Healthcare, a health payment processing company hit by ransomware this year, told lawmakers that it paid a ransom of $22 million in bitcoin. Change Healthcare owner UnitedHealth failed to use multifactor authentication on critical systems.

Patelco hasn't revealed details about how it will recover from the ransomware attack but acknowledged to customers that their personal information could be at risk. "The investigation into the nature and scope of the incident is ongoing," the credit union said. "If the investigation determines that individuals' information is involved as a result of this incident, we will of course notify those individuals and provide resources to help protect their information in accordance with applicable laws."

Patelco waives fees, warns of more outages

Patelco said it is waiving overdraft, late payment, and ATM fees "until we are back up and running." Members who need to access funds from direct deposits can do so by writing a check, using an ATM card to get cash, or by making a purchase, Patelco said.

As of yesterday, members could expect to "experience short, intermittent outages at Patelco ATMs," the organization said. "This is normal and to be expected during our recovery process. Access to shared ATMs will not be interrupted as part of this process and they remain available for cash withdrawals and deposits."

A chart on the security update page says the services that remain unavailable include online banking, the mobile app, outgoing wire transfers, monthly statements, Zelle, balance inquiries, and online bill payments.

Patelco branches, call center services, and live chats have "limited functionality," as do debit card transactions, credit card transactions, and direct deposits, according to the chart. Services that are listed as available include check and cash deposits, ATM withdrawals, ACH transfers, ACH for bill payments, and in-branch loan payments.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts

Prudential Financial now says 2.5 million impacted by data breach

Tue, 02 Jul 2024 07:11:56 +0000

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach.

According to an 8-K form filed with the U.S. Securities and Exchange Commission, Prudential detected the incident on February 5, one day after the attackers (a suspected cybercrime group) breached its systems and accessed administrative/user data and employee/contractor accounts.

In March, the Fortune 500 company revealed in a filing with the Maine Attorney General's Office that it notified over 36,000 people whose personal information (including names, driver's license numbers, and non-driver identification card numbers) was stolen during the breach.

"Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024 and removed a small percentage of personal information from our systems," Prudential said.

"As part of our response, we have worked with leading cybersecurity experts to confirm the unauthorized third party no longer has access to our company systems."

However, last week, the company updated the information shared with the Maine Attorney General's Office regarding the February data breach and now says that the incident impacted 2,556,210 people.

A Prudential Financial spokesperson has yet to reply to BleepingComputer's request for more details regarding the attack.

Breach claimed by ALPHV

While Prudential has yet to share additional information regarding the threat actors behind the February 2024 data breach, the ALPHV/Blackcat ransomware gang claimed the attack on February 13.

ALPHV shut down its operations and pulled an exit scam after stealing the $22 million ransom from Notchy, the affiliate behind the Change Healthcare breach.

The FBI linked this ransomware gang to over 60 breaches worldwide during its first four months of activity and said that ALPHV raked in at least $300 million from over 1,000 victims until September 2023.

Prudential is the second-largest life insurance company in the United States, with 40,000 employees worldwide and reported revenues of over $50 billion in 2023.

In May 2023, the personal information of an additional 320,000 Prudential customers—including names, addresses, dates of birth, phone numbers, and Social Security numbers—was also exposed after the Clop cybercrime gang hacked into the MOVEit Transfer file-sharing platform of Pension Benefit Information (PBI), a third-party vendor handling the data.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts

Microsoft outs details, system requirements of Windows 11's new VBS Enclave security feature

Mon, 01 Jul 2024 19:15:49 +0000

When Microsoft released Windows 11, VBS or Virtualization-based Security was a major talking point about it. While the feature itself was not new, it was enabled by default on Windows 11 to provide an additional layer of protection. When Windows 11 was made generally available, Microsoft explained in some detail why VBS, alongside TPM version 2.0, which was another key security feature and a requirement for the OS, was so important.

Today, in a Tech Community blog post, the company has published details on a new feature based on VBS called VBS Enclaves which is a Trust Execution Environment (TEE) meant to make third-party apps secure using the power of isolated user mode Virtual Trust Levels (VTLs).

VBS enclaves are essentially a type of DLL file which means Windows can use them across various programs. Microsoft explains:

.. a VBS enclave is a software-based TEE inside the address space of a host application. It is a Dynamic Link Library (DLL) loaded by a standard Windows application. VBS enclaves can help secure secrets and sensitive operations in memory. The basic premise is that a VBS enclave can isolate a portion of your application that you want to secure while it is in memory

.. .VBS uses the Windows Hyper-V hypervisor to create an isolated, privileged virtual environment known as Virtual Trust Level 1 (or VTL1) that becomes the root of trust of the OS. The traditional Windows environment is called VTL0. VTL1 is further split into isolated user mode and the secure kernel.

..

The isolation provided by VBS is the core technology that allows a VBS enclave to isolate a portion of an application in higher-privilege VTL1, inaccessible to VTL0.

The graphic below explains how Enclave works by creating an isolated secure environment inside the VTL1 that is not accessible to VTL0.

Microsoft also published system requirements for VBS Enclaves:

Device requirements

The following are required to run VBS Enclaves:

VBS/HVCI must be enabled. This should be enabled on Windows 11 or later by default.

Windows 11 or later or Windows Server 2019 or later.

Developers can find details about creating a VBS enclave in this support document here on Microsoft's website.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts

Australian charged for ‘Evil Twin’ WiFi attack on plane

Mon, 01 Jul 2024 19:00:36 +0000

An Australian man was charged by Australia's Federal Police (AFP) for allegedly conducting an 'evil twin' WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people's email or social media credentials.

The police started investigating reports from airline employees in April 2024 and found evidence of the man performing malicious activities after examining his devices seized at the airport.

Evil Twin WiFi attack

An evil twin WiFi network is a malicious/fake wireless access point that uses the identical SSID (WiFI network name) as that of a legitimate or expected network in a specific area. For example, many flights offer in-flight WiFi, requiring passengers to first connect to the airline's WiFi network.

When a cybercriminal conducts an evil twin attack, they set up a WiFi network under their own control that uses the same name as the one promoted by the airline.

However, users attempting to connect to the malicious access points are directed to a fake login page or a captive portal webpage, asking them to log in using email addresses, passwords, or other credentials.

In the case of the Australian arrested by AFP, the agency says that he used a portable device to create free WiFi access points at multiple locations, requiring them to log in using their email or social media accounts.

The man collected this information, which could be later used to access more sensitive data, hijack social media accounts, extort victims, or sell it to other cybercriminals.

"AFP cybercrime investigators have allegedly identified data relating to the use of the fraudulent WiFi pages at airports in Perth, Melbourne and Adelaide, on domestic flights and at locations linked to the man's previous employment," explains the AFP.

Investigation into the post-exploitation activity and the extent of the man's operation is still underway.

The criminal charges the suspect faces are:

Unauthorized impairment of electronic communication, incurring a maximum penalty of 10 years in prison.
Possession of control of data with intent to commit a serious offense, incurring a maximum penalty of 3 years in prison.
Unauthorized access or modification of restricted data, incurring a maximum penalty of 2 years in prison.
Dishonestly obtaining or dealing in personal financial information, incurring a maximum penalty of 5 years in prison.
Possession of identification information with intent to commit an offense, incurring a maximum penalty of 3 years in prison.

Malicious or untrustworthy WiFi access points are always possible in public spaces, so people who need to use them should be careful about sharing their other login credentials when attempting to use them.

It is also advised to turn off file sharing on untrusted WiFi networks and use a VPN to encrypt internet traffic and prevent the capture of sensitive information.

Not a common attack

While it is not unheard of for threat actors to conduct these types of WiFi attacks, cybersecurity researcher Daniel Card warns that evil twin attacks are not something most people need to worry about.

"This kind of attack is totally possible, as we do it in labs and as part of security testing/training but it's rarely seen in the wild," Card told BleepingComputer.

"It's close proximity phishing. Out of all the incidents myself and friends deal with I've never seen or heard about this in the wild other than when used by GRU (or at hacker conferences as a demo/joke/ctf). Outside of GRU (who also got caught), I only have heard of one other case."

The researcher is referring to the 2018 indictments of Russian state-sponsored GRU hackers who conducted evil twin attacks to monitor targets' internet traffic.

Card says that telling people not to use WiFi is unrealistic, as the need to remain online, especially on long trips, has become crucial for employees and students.

Instead, Card says that usernames and passwords are flawed authentication mechanisms, which is why MFA and robust security standards are necessary to protect our accounts.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts

Latest Intel CPUs impacted by new Indirector side-channel attack

Mon, 01 Jul 2024 18:59:35 +0000

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU.

Indirector exploits flaws in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB), two hardware components found in modern Intel CPUs, to manipulate speculative execution for data extraction.

Three researchers at the University of California, San Diego discovered and presented the Indirector attack, with full details to be presented at the upcoming USENIX Security Symposium in August 2024.

Indirector attacks

The Indirect Branch Predictor is designed to predict the target addresses of indirect branches using historical execution information, while the Branch Target Buffer predicts the target addresses of direct branches using a set-associative cache structure.

IBP structure in modern CPUs
Source: indirector.cpusec.org

The researchers found that the two systems have flaws in indexing, tagging, and entry-sharing mechanisms and are generally built upon a predictable structure that allows for targeted, high-precision manipulation.

Based on the above, Indirector performs attacks mainly using three mechanisms:

iBranch Locator: Custom tool that uses eviction-based techniques to identify the indices and tags of victim branches and accurately determine the IBP entries for specific branches.
IBP/BTB injections: Perform targeted injections into the prediction structures to perform speculative code execution.
ASLR bypass: Break Address Space Layout Randomization (ASLR) by determining the exact locations of indirect branches and their targets, making the prediction and manipulation of the control flow of protected processes easier.

Along with the speculative execution achieved by the targeted injections, the attacker can use cache side-channel techniques, such as measuring access times, to infer the accessed data.

Mitigating Indirector attacks

Indirector works against Raptor Lake and Alder Lake Intel CPUs, the 12th and 13th generation of the chipmaker's 'Core' processors.

Intel was informed about the attack in February 2024 and has informed impacted hardware and software vendors.

The researchers propose two primary mitigations against the Indirector attack: more aggressive use of the Indirect Branch Predictor Barrier (IBPB) and bolstering the Branch Prediction Unit (BPU) design by incorporating more complex tags, encryption, and randomization.

However, there are significant performance trade-offs to consider, especially when using IBPB, so implementing the proposed mitigation requires delicate balancing work.

On Linux, IBPB is activated by default during transitions to SECCOMP mode or tasks with restricted indirect branches in the kernel, but its use is limited due to causing a 50% performance hit.

More details about Indirector, the attack methodologies, potential data leak mechanisms, and the suggested mitigations can be found in this technical paper.

The researchers have also published proof-of-concept code and tools for their branch injection attacks on GitHub.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts

Fake IT support sites push malicious PowerShell scripts as Windows fixes

Sun, 30 Jun 2024 18:51:35 +0000

Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware.

First discovered by eSentire's Threat Response Unit (TRU), the fake support sites are promoted through YouTube channels that have been compromised and hijacked to add legitimacy to the content creator.

In particular, the threat actors are creating fake videos promoting a fix for the 0x80070643 error that millions of Windows users have been dealing with since January.

During the January 2024 Patch Tuesday, Microsoft released security updates to fix a BitLocker encryption bypass flaw, which is tracked as CVE-2024-20666.

After installing the update, Windows users worldwide reported receiving '0x80070643 - ERROR_INSTALL_FAILURE' when attempting to install the update, which would not go away no matter how hard they tried.

"There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)," reads the Windows Update error.

0x80070643 in Windows Update
Source: BleepingComputer

It turns out that Windows Update is displaying an incorrect error message, as it was supposed to display a CBS_E_INSUFFICIENT_DISK_SPACE error on systems with a Windows Recovery Environment (WinRE) partition that's too small for the update to install.

Microsoft explained that the new security update requires that the WinRE partition have 250 megabytes of free space, and if it doesn't, you must manually expand the partition yourself.

However, expanding the WinRE partition is complicated, if not impossible, for those whose WinRE is not the last partition on the drive.

Due to this, many are unable to install the security update and are left with the 0x80070643 error message every time they use Windows Update.

These errors have caused many frustrated Windows users to seek a solution online, allowing threat actors to capitalize on their search for a fix.

Fake IT sites promote PowerShell fixes

According to eSentire, threat actors are creating numerous fake IT support sites that are specifically designed to help users with common Windows errors, heavily focusing on the 0x80070643 error.

"In June 2024, eSentire's Threat Response Unit (TRU) observed an intriguing case involving a Vidar Stealer infection initiated through a fake IT support website (Figure 1)," explains the eSentire report.

"The infection began when the victim performed a web search for solutions to a Windows Update Error code."

The researchers found two fake IT support sites promoted on YouTube named pchelprwizzards[.]com and pchelprwizardsguide[.]com. While writing this article, BleepingComputer found additional sites at pchelprwizardpro[.]com, pchelperwizard[.]com, and fixedguides[.]com.

Like the other videos eSentire found for the PCHelperWizard typo sites, BleepingComputer also found YouTube videos for the FixedGuides site, also promoting fixes for the 0x80070643 errors.

Fake IT support sites promoted on YouTube
Source: BleepingComputer

These sites all offer fixes that either require you to copy and run a PowerShell script or import the contents of a Windows Registry file.

Regardless of which "solution" is used, a PowerShell script will be executed that downloads malware on the device.

eSentire's report outlines how the PCHelperWizard sites (not to be confused with the legitimate course site) will walk users through copying a PowerShell script into the Windows Clipboard and execute it in a PowerShell prompt.

Malicious PowerShell script disguised as a Windows error fix
Source: BleepingComputer

This PowerShell script contains a Base64 encoded script that will connect to a remote server to download another PowerShell script, which installs the Vidar information-stealing malware on the device.

When the script is finished, it will display a message that the fix was successful and to restart the computer, which will also launch the malware.

The FixedGuides site does it a bit differently, using an obfuscated Windows Registry file to hide autostarts that launch a malicious PowerShell script.

Obfuscated Windows Registry file
Source: BleepingComputer

However, when I extracted the strings from the above file, you can see that it contains a valid Registry file that adds a Windows autostart (RunOnce) entry that runs a PowerShell script. This script ultimately downloads and installs information-stealing malware on the computer.

Unobfuscated Windows Registry file
Source: BleepingComputer

Using either fake fix will result in the information-stealing malware launching after Windows is restarted. Once started, the malware will extract saved credentials, credit cards, cookies, and browsing history from your browser.

Vidar can also steal cryptocurrency wallets, text files, and Authy 2FA authenticator databases, as well as take screenshots of your desktop.

This data is compiled into an archive called a "log," which is then uploaded to the attacker's servers. The stolen data is then used to fuel other attacks, such as ransomware attacks, or sold to other threat actors on dark web marketplaces.

However, the infected user is now left with a nightmare, having all their accounts compromised and potentially suffering financial fraud.

While Windows errors can be annoying, it is crucial to download software and fixes only from trusted websites, not from random videos and websites with little or no reputation.

Your credentials have become a valuable commodity and threat actors are coming up with sneaky and creative methods to steal them, so unfortunately, everyone needs to stay vigilant against unusual attack methods.

As for the 0x80070643 errors, if you are unable to resize the WinRE partition, your best bet is to use Microsoft's Show or Hide Tool to hide the KB5034441 update so that Windows Update no longer offers it on your system and not search on the Internet for a magic fix.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack

Sat, 29 Jun 2024 20:29:41 +0000

The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.

Indonesia is building out National Data Centers to securely store servers used by the government for online services and data hosting.

On June 20th, one of the temporary National Data Centers suffered a cyberattack that encrypted the government's servers and disrupted immigration services, passport control, issuing of event permits, and other online services.

The government confirmed that a new ransomware operation, Brain Cipher, was behind the attack, disrupting over 200 government agencies.

Brain Cipher demanded $8 million in the Monero cryptocurrency to receive a decryptor and not leak allegedly stolen data.

BleepingComputer has learned that the threat actors have stated in the negotiation chat that they are issuing a "press release" about the "quality of personal data protection" in the attack, likely indicating that data was stolen.

Who is Brain Cipher

Brain Cipher is a new ransomware operation launched earlier this month, conducting attacks on organizations worldwide.

While the ransomware gang initially launched without a data leak site, their latest ransom notes now link to one, indicating that data is still in attack and will be used in double-extortion schemes.

BleepingComputer is aware of numerous samples of the Brain Cipher ransomware uploaded to various malware-sharing sites over the past two weeks.

These samples [1, 2, 3] were created using the leaked LockBit 3.0 builder, which other threat actors heavily abused to launch their own ransomware operations.

However, Brain Cipher has made some minor changes to the encryptor.

One of those changes is that it not only appends an extension to the encrypted file but also encrypts the file name, as shown below.

Files encrypted by Brain Cipher

Source: BleepingComputer

The encryptor will also create ransom notes named in the format of [extension].README.txt, as shown below. These ransom notes briefly describe what happened, make threats, and link to the Tor negotiation and data leak sites.

Brain Cipher ransom note

Source: BleepingComputer

In one note seen by BleepingComputer, the threat actor deviated a bit in the template and used the file name 'How To Restore Your Files.txt.'

Brain Cipher ransom note variant

Source: BleepingComputer

Each victim has a unique encryption ID that is entered into the threat actor's Tor negotiation site. Like many other recent ransomware operations, the negotiation site is pretty simple, just including a chat system that the victim can use to communicate with the ransomware gang.

Brain Cipher dark web negotiation site

Source: BleepingComputer

New data leak site launched

Like other ransomware operations, Brain Cipher will breach a corporate network and spread laterally to other devices. Once the threat actors gain Windows domain admin credentials, they deploy the ransomware throughout the network.

However, before encrypting files, the threat actors will steal corporate data for leverage in their extortion attempts, warning victims that it will be publicly released if a ransom is not paid.

Brain Cipher is no different and has recently launched a new data leak site that does not currently list any victims.

Brain Cipher data leak site

Source: BleepingComputer

From negotiations seen by BleepingComputer, the ransomware gang has demanded ransoms ranging between $20,000 and $8 million.

As the encryptor is based on the leaked LockBit 3 encryptor, it has been thoroughly analyzed in the past, and unless Brain Cipher tweaked the encryption algorithm, there are no known ways to recover files for free.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Ever put content on the web? Microsoft says that it's okay for them to steal it because it's 'freeware.'

Fri, 28 Jun 2024 18:00:01 +0000

Microsoft's CEO of AI said that content on the open web can be copied and used to create new content.

What you need to know

Microsoft's AI CEO claimed that content shared on the web is "freeware" that can be copied and used to create new content.
The remarks centered around Microsoft and other companies using preexisting content to train AI models.
The CEO claimed that there's a separate category of content that cannot be used to train AI, which is indicated by an organization explicitly stating "do not scrape or crawl me for any other reason than indexing me so that other people can find that content."

Microsoft may have opened a can of worms with recent comments made by the tech giant's CEO of AI Mustafa Suleyman. The CEO spoke with CNBC's Andrew Ross Sorkin at the Aspen Ideas Festival earlier this week. In his remarks, Suleyman claimed that all content shared on the web is available to be used for AI training unless a content producer says otherwise specifically.

"With respect to content that is already on the open web, the social contract of that content since the 90s has been that it is fair use. Anyone can copy it, recreate with it, reproduce with it. That has been freeware, if you like. That's been the understanding," said Suleyman.

"There's a separate category where a website or a publisher or a news organization had explicitly said, 'do not scrape or crawl me for any other reason than indexing me so that other people can find that content.' That's a gray area and I think that's going to work its way through the courts."

Suleyman's quote raises several questions:

Is it actually okay to use other people's work to create new content?
If so, is it okay to profit off those recreations or work derivative of preexisting content?
How could websites and organizations "explicitly" say that their work cannot be used for AI training before AI became commonplace?
Has Microsoft respected any organization that specified content should only be used for search?
Have Microsoft's partners, including OpenAI, respected any demands that content not be used for AI training?

Several ongoing lawsuits suggest that publishers do not agree with the take of Suleyman.

Training vs. stealing

Generative AI is one of the hottest topics in tech in 2024. It's also a hot button topic among creators. Some claim that AI trained on other people's work is a form of theft. Others equate training AI on existing work to artists studying at school. Contention often circles around monetizing work that's derivative of other content.

YouTube has reportedly offered "lumps of cash" to train its AI models on music libraries from major record labels. The difference in that situation is that record labels and YouTube will have agreed to terms. Suleyman claims that a company could use any content on the web to train AI, as long as there was not an explicit statement demanding that not be done.

Microsoft and OpenAI have been on the receiving end of several copyright infringement lawsuits. Eight US-based publishers filed suits against OpenAI and Microsoft, joining The New York Times, which already had an ongoing suit.

AI-generated content is controversial in ways other than its source material. An animated video stirred up Pink Floyd fans when it became a finalist in an animation competition.

Assuming I've understood Suleyman correctly, the CEO claimed that any content is freeware that anyone can use to make new content, unless the creator says otherwise. I'm not a lawyer, but Suleyman's claims sound a lot like those viral chain messages that get forwarded around Facebook and Instagram saying, "I DO NOT CONSENT TO MY CONTENT BEING USED." I always assumed copyright law was more complicated than a Facebook post.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims

Thu, 27 Jun 2024 18:30:30 +0000

Temu "surprised" by the lawsuit, plans to "vigorously defend" itself.

Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday.

Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place."

Griffin fears that Temu is capable of accessing virtually all data on a person's phone, exposing both users and non-users to extreme privacy and security risks. It appears that anyone texting or emailing someone with the shopping app installed risks Temu accessing private data, Griffin's suit claimed, which Temu then allegedly monetizes by selling it to third parties, "profiting at the direct expense" of users' privacy rights.

"Compounding" risks is the possibility that Temu's Chinese owners, PDD Holdings, are legally obligated to share data with the Chinese government, the lawsuit said, due to Chinese "laws that mandate secret cooperation with China's intelligence apparatus regardless of any data protection guarantees existing in the United States."

Griffin's suit cited an extensive forensic investigation into Temu by Grizzly Research—which analyzes publicly traded companies to inform investors—last September. In their report, Grizzly Research alleged that PDD Holdings is a “fraudulent company” and that “Temu is cleverly hidden spyware that poses an urgent security threat to United States national interests.”

As Griffin sees it, Temu baits users with misleading promises of discounted, quality goods, angling to get access to as much user data as possible by adding addictive features that keep users logged in, like spinning a wheel for deals. Meanwhile hundreds of complaints to the Better Business Bureau showed that Temu's goods are actually low-quality, Griffin alleged, apparently supporting his claim that Temu's end goal isn't to be the world's biggest shopping platform but to steal data.

Investigators agreed, the lawsuit said, concluding “we strongly suspect that Temu is already, or intends to, illegally sell stolen data from Western country customers to sustain a business model that is otherwise doomed for failure."

Seeking an injunction to stop Temu from allegedly spying on users, Griffin is hoping a jury will find that Temu's alleged practices violated the Arkansas Deceptive Trade Practices Act (ADTPA) and the Arkansas Personal Information Protection Act. If Temu loses, it could be on the hook for $10,000 per violation of the ADTPA and ordered to disgorge profits from data sales and deceptive sales on the app.

Temu “surprised” by lawsuit

The company that owns Temu, PDD Holdings, was founded in 2015 by a former Google employee, Colin Huang. It was originally based in China, but after security concerns were raised, the company relocated its "principal executive offices" to Ireland, Griffin's complaint said. This, Griffin suggested, was intended to distance the company from debate over national security risks posed by China, but because the majority of its business operations remain in China, risks allegedly remain.

PDD Holdings' relocation came amid heightened scrutiny of Pinduoduo, the Chinese app on which Temu's shopping platform is based. Last year, Pinduoduo came under fire for privacy and security risks that got the app suspended from Google Play as suspected malware. Experts said Pinduoduo took security and privacy risks "to the next level," the lawsuit said. And "around the same time," Apple's App Store also flagged Temu's data privacy terms as misleading, further heightening scrutiny of two of PDD Holdings' biggest apps, the complaint noted.

Researchers found that Pinduoduo "was programmed to bypass users’ cell phone security in order to monitor activities on other apps, check notifications, read private messages, and change settings," the lawsuit said. "It also could spy on competitors by tracking activity on other shopping apps and getting information from them," as well as "run in the background and prevent itself from being uninstalled." The motivation behind the malicious design was apparently "to boost sales."

According to Griffin, the same concerns that got Pinduoduo suspended last year remain today for Temu users, but the App Store and Google Play have allegedly failed to take action to prevent unauthorized access to user data. Within a year of Temu's launch, the "same software engineers and product managers who developed Pinduoduo" allegedly "were transitioned to working on the Temu app."

Google and Apple did not immediately respond to Ars' request for comment.

A Temu spokesperson provided a statement to Ars, discrediting Grizzly Research's investigation and confirming that the company was "surprised and disappointed by the Arkansas Attorney General's Office for filing the lawsuit without any independent fact-finding."

"The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded," Temu's spokesperson said. "We categorically deny the allegations and will vigorously defend ourselves."

While Temu plans to defend against claims, the company also seems to potentially be open to making changes based on criticism lobbed in Griffin's complaint.

"We understand that as a new company with an innovative supply chain model, some may misunderstand us at first glance and not welcome us," Temu's spokesperson said. "We are committed to the long-term and believe that scrutiny will ultimately benefit our development. We are confident that our actions and contributions to the community will speak for themselves over time."

How is Temu malware?

Last year, Temu was the most downloaded app in the US, Griffin's complaint noted, while most users had no way of knowing that the app was allegedly collecting "a shocking amount of sensitive user data" that was "beyond what is necessary for an online shopping app."

According to the complaint, Temu is allegedly obscuring its unauthorized access to data through misleading terms of use and privacy policies that do not alert users to the full scope of data that the app can potentially collect. That includes not telling users about tracking granular locations for no defined purpose and collecting "even biometric information such as users’ fingerprints."

App store security scans don't flag Temu's risks, the complaint alleged, because Temu can "change its own code once it has been downloaded to a user’s phone"—which means it's essentially able to transform into malware once it is past the security checkpoint.

That seemingly allows Temu to "exploit" the user's personally identifying information (PII) "and other data or to otherwise control the user's device, in unknown and unknowable ways." To do this, like Pinduoduo, Temu allegedly relies on "code designed to achieve 'privilege escalation,' a type of cyberattack that exploits a vulnerable operating system to gain a higher level of access to data than is authorized."

Among other allegedly malicious design features, Temu seemingly easily bypasses security scans by relying on a "cryptically named function" of its source code that "is not visible to security scans before or during installation of the app, or even with elaborate penetration testing," Grizzly Research found. This function allegedly "enables the app to change its behavior—and possibly its entire function—on the user's phone, without anyone being able to know, much less prevent such a change."

That might also make it possible for Temu to hide from debuggers identifying malware, the complaint said, by simply changing the app's behavior once a user's security scan is detected.

On Android phones, Temu also allegedly uses what Google considers a "high risk or sensitive permission" to install any program that it wants "without the user's knowledge or control." While some apps require this permission to function, "there is no justifiable use for this feature on the Temu app, which purportedly is simply an e-commerce platform," the complaint said.

"The ability to bypass phone security systems is dangerous because it potentially allows Temu to read a user's private messages, change the phone’s settings, and track notifications," the complaint warned, which is why Grizzly research considers Temu "the most dangerous malware/spyware package currently in widespread circulation.” And other security experts have flagged Temu as “even more ‘malicious’" than Pinduoduo, Griffin's complaint said.

According to Statista data, Temu has only become more popular as reports of security and privacy risks have come out. In May, "the app was downloaded over 52 million times all over the world, making it more popular than Amazon’s marketplace app." As Temu's popularity soars, Griffin hopes to intervene to stop allegedly deceptive and privacy-infringing trade practices that could impact millions.

Temu and PDD Holdings "utilize deception—in the forms of misrepresentation, omission, and deliberate concealment—to mask the Temu app's behavior, hide the fact that PII is being siphoned from the user's device, and prevent the user from knowing that said PII is subject to unfettered use by other individuals and an adversarial government," the lawsuit alleged.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Today is your last chance to stop Meta from using your personal data to train its AI models

Wed, 26 Jun 2024 19:33:06 +0000

This year has seen a steady rise in the generative Artificial Intelligence (AI) space with companies like Microsoft and Google getting on the bandwagon. While the improvements in the AI space have been great, it came at a cost. The AI models used by companies have to be trained and more often than not, companies have used publicly available data to train them. However, at times this has included Personally Identifiable Information (PII), creating a privacy nightmare for companies and users alike.

Now, if you are not happy with this and want to take back control of your data, you can do so with Meta. The social media giant is allowing users to submit a request with the company if they don't wish to have Meta use their data to train its various AI models. Unfortunately, the form only covers third-party services and sources which means that you cannot ask Meta to not use data collected from its own services like Facebook and Instagram.

Generative AI models are computer programs. They use predictions and patterns to create new content. To be able to spot these patterns, models are trained on billions of pieces of data from a variety of sources. These can include information that is publicly available on the internet or licensed sources. (These are often called third party sources.)

That being said, you can still have Meta delete the third-party data by following the steps below:

Head to Facebook's Generative AI data subject rights form
You will now be presented with three options. You can ask Facebook to provide all the data it has on you, or you can have it deleted. Select the second option to have the data deleted
Once selected, fill out your country of residence, name, and email address. Though the form does not mention it, it would be a good idea to use your Facebook account's email address when filling out the form
Once done, click on send to submit the details with Facebook

Meta has not mentioned the timeline for compliance once the request has been submitted. However, the company does note that submitting the form does not automatically qualify you to have the data deleted. Once Meta receives your request, it will review it and act in line with the country's privacy laws.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

LockBit lied: Stolen data is from a bank, not US Federal Reserve

Wed, 26 Jun 2024 19:31:19 +0000

Recently-disrupted LockBit ransomware group, in what appears to be a desperate attempt to make a comeback, claimed this week that it had hit US Federal Reserve, the central bank of the United States.

The tall claim was followed up with LockBit stating it had stolen 33 terabytes of sensitive banking information belonging to Americans and that negotiations were ongoing.

Except, the rumor has been quashed. Turns out, the threat actor hit an individual bank, and not the Fed.

Bold claims

On Sunday, June 23rd, the LockBit ransomware gang announced that it had breached the US Federal Reserve (aka The Fed), the most powerful economic institution in the United States.

"33 terabytes of juicy banking information containing Americans' banking secrets," claimed LockBit on its leak site, alluding to the group having breached the Fed's systems and stolen sensitive data.

The ransomware operator further suggested that negotiations were ongoing and that a "clinical idiot" offered them $50,000 to not leak the data.

"You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans' bank secrecy at $50,000."

LockBit claims it attacked the Fed, leaks data (Hackmanac)

Eventually, the group began publishing the stolen data on its site.

Some media outlets reported on the allegation without obtaining a statement from the Federal Reserve or verifying if the organization was even attacked as LockBit claims.

It turns out that it's not the Fed but an individual US financial institution that the threat actors have targeted in this attack.

"They have apparently breached the American bank Evolve Bank & Trust," cyber threat monitoring company, HackManac posted in an update on social media.

"For now, there is still no trace of 'secret' files, but the analysis is ongoing."

BleepingComputer reached out to Evolve Bank & Trust with questions related to the attack and the financial institution has confirmed that threat actors have "illegally" obtained data from its systems.

"Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization. It appears these bad actors have released illegally obtained data, on the dark web," an Evolve Spokesperson told BleepingComputer.

"We take this matter extremely seriously and are working tirelessly to address the situation. Evolve has engaged the appropriate law enforcement authorities to aid in our investigation and response efforts. This incident has been contained, and there is no ongoing threat."

"In response to this event, we will offer all impacted customers (end users) complimentary credit monitoring with identity theft protection services. Those affected will be contacted directly with instructions on how to enroll in these protective measures. Additionally, impacted customers will receive new account numbers if warranted."

"Updates and further information will be posted on our website as they become available."

We asked Evolve if it knew exactly when the threat actors had stolen this data, and how the bank's systems were breached.

"No further comments will be made during investigation," Evolve further responded to BleepingComputer.

We also attempted to reach out to LockBitSup, the manager of the ransomware operation, but it appears we have been blocked by him.

Interestingly, recently the Federal Reserve had penalized Evolve Bank & Trust over multiple "deficiencies" identified in how the bank conducted risk management, anti-money laundering (AML), and compliance practices.

Examinations conducted in 2023 found that the bank had "engaged in unsafe and unsound banking practices by failing to have in place an effective risk management framework for those partnerships."

As a result, the Fed demanded that Evolve halt some of its activities until the bank improves its risk management policies and complies with AML laws and regulations.

"A desperate bid for relevance"

Reacting to the ransomware operator's baseless claims, X account AzAl Security dubbed this as LockBit's "desperate bid for relevance."

Previously notorious for executing ransomware attacks on high-profile targets like Boeing, the Continental automotive giant, the Italian Internal Revenue Service, Bank of America, the UK Royal Mail, and most recently London Drugs, the cybercrime group found itself in hot waters this year.

In February, law enforcement took down LockBit's infrastructure in an action known as Operation Cronos and seized 34 servers containing over 2,500 decryption keys that helped create a free LockBit 3.0 Black Ransomware decryptor.

Having thrived through its peak, LockBit seems to have entered tough times compelling it to resort to making misleading claims to stay relevant.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Proton VPN launches credential-less login on Android and expands free VPN to more countries

Wed, 26 Jun 2024 19:29:25 +0000

Proton has announced some upgrades for its VPN service. With elections coming up in dozens of countries, the company strives to provide its customers with easier access to information, especially in countries with heavy censorship and media manipulation. Now, Proton VPN's free servers are available in five more countries that will be holding elections later this year.

Here are the countries where citizens can access Proton VPN for free:

Syria
Jordan
Tunisia
Uzbekistan
Brazil

Other countries that already have free access to Proton VPN include Uzbekistan, Sri Lanka, Venezuela, Algeria, Jordan, and more.

According to Proton, offering access to VPN in countries with unstable infrastructure and other technical hurdles was made possible by utilizing neighboring countries and masking IP addresses to make them look like "native."

In addition to expanding its list of free servers, Proton unveiled another privacy-focused feature. Now, Android customers can use Proton VPN without creating an account or signing in. David Peterson, General Manager of Proton VPN, said the following:

Over the past year, VPNs have become an essential tool in combating online censorship, with signups surging during major geopolitical events around the world be they protests, contested elections, or government crackdowns. As authoritarian governments have stepped up their efforts to restrict freedom of their citizens, we have stepped up our efforts to defend those same freedoms with Proton VPN.

Protecting free speech and fighting censorship is a daily battle and this initiative and the launch of Credential-less logins on Android is part of our long term commitment towards advancing freedom online.

Proton VPN features several tools that let you circumvent online censorship. They include alternative routing through unlikely-to-be-blocked servers, VPN censorship detection, a custom protocol that masks your VPN connection to look like a regular one, and more.

You can read more about the latest Proton VPN update in a blog post on the official website.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Plugins on WordPress.org backdoored in supply chain attack

Wed, 26 Jun 2024 06:15:04 +0000

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.

The attack was discovered by the Wordfence Threat Intelligence team yesterday, but the malicious injections appear to have occurred towards the end of last week, between June 21 and June 22.

As soon as Wordfence discovered the breach, the company notified the plugin developers, which resulted in patches being released yesterday for most of the products.

Together, the five plugins have been installed on more than 35,000 websites:

Social Warfare 4.4.6.4 to 4.4.7.1 (fixed in version 4.4.7.3)
Blaze Widget 2.2.5 to 2.5.2 (fixed in version 2.5.4)
Wrapper Link Element 1.0.2 to 1.0.3 (fixed in version 1.0.5)
Contact Form 7 Multi-Step Addon 1.0.4 to 1.0.5 (fixed in version 1.0.7)
Simply Show Hooks 1.2.1 to 1.2.2 (no fix available yet)

Wordfence notes that it does not know how the threat actor managed to gain access to the source code of the plugins but an investigation is looking into it.

Although it is possible that the attack impacts a larger number of WordPress plugins, current evidence suggests that the compromise is limited to the aforementioned set of five.

Backdoor operation and IoCs

The malicious code in the infected plugins attempts to create new admin accounts and inject SEO spam into the compromised website.

“At this stage, we know that the injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server,” explains Wordfence.

“In addition, it appears the threat actor also injected malicious JavaScript into the footer of websites that appears to add SEO spam throughout the website.”

The data is transmitted to the IP address 94.156.79[.]8, while the arbitrarily created admin accounts are named “Options” and “PluginAuth,” the researchers say.

Website owners that notice such accounts or traffic to the attacker's IP address should perform a complete malware scan and cleanup.

“If you have any of these plugins installed, you should consider your installation compromised and immediately go into incident response mode.” – Wordfence.

Wordfence notes that some of the impacted plugins were temporarily delisted from WordPress.org, which may result in users getting warnings even if they use a patched version.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Microsoft risks huge fine over “possibly abusive” bundling of Teams and Office

Tue, 25 Jun 2024 19:08:48 +0000

Microsoft vows to make more changes facing EU fine over Teams bundling.

Microsoft may be hit with a massive fine in the European Union for "possibly abusively" bundling Teams with its Office 365 and Microsoft 365 software suites for businesses.

On Tuesday, the European Commission (EC) announced preliminary findings of an investigation into whether Microsoft's "suite-centric business model combining multiple types of software in a single offering" unfairly shut out rivals in the "software as a service" (SaaS) market.

"Since at least April 2019," the EC found, Microsoft's practice of "tying Teams with its core SaaS productivity applications" potentially restricted competition in the "market for communication and collaboration products."

The EC is also "concerned" that the practice may have helped Microsoft defend its dominant market position by shutting out "competing suppliers of individual software" like Slack and German video-conferencing software Alfaview. Makers of those rival products had complained to the EC last year, setting off the ongoing probe into Microsoft's bundling.

Customers should have choices, the EC said, and seemingly at every step, Microsoft sought instead to lock customers into using only its software.

"Microsoft may have granted Teams a distribution advantage by not giving customers the choice whether or not to acquire access to Teams when they subscribe to their SaaS productivity applications," the EC wrote. This alleged abusive practice "may have been further exacerbated by interoperability limitations between Teams' competitors and Microsoft's offerings."

For Microsoft, the EC's findings are likely not entirely unexpected, although Tuesday's announcement must be disappointing. The company had been hoping to avoid further scrutiny by introducing some major changes last year. Most drastically, Microsoft began "offering some suites without Teams," the EC said, but even that wasn’t enough to appease EU regulators.

"The Commission preliminarily finds that these changes are insufficient to address its concerns and that more changes to Microsoft's conduct are necessary to restore competition," the EC said, concluding that "the conduct may have prevented Teams' rivals from competing, and in turn innovating, to the detriment of customers in the European Economic Area."

Microsoft will now be given an opportunity to defend its practices. If the company is unsuccessful, it risks a potential fine up to 10 percent of its annual worldwide turnover and an order possibly impacting how the leading global company conducts business.

In a statement to Ars, Microsoft President Brad Smith confirmed that the tech giant would work with the commission to figure out a better solution.

"Having unbundled Teams and taken initial interoperability steps, we appreciate the additional clarity provided today and will work to find solutions to address the commission's remaining concerns," Smith said.

The EC's executive vice-president in charge of competition policy, Margrethe Vestager, explained in a statement why the commission refuses to back down from closely scrutinizing Microsoft's alleged unfair practices.

"We are concerned that Microsoft may be giving its own communication product Teams an undue advantage over competitors by tying it to its popular productivity suites for businesses," Vestager said. "And preserving competition for remote communication and collaboration tools is essential as it also fosters innovation" in these markets.

Changes coming to EU antitrust law in 2025

The EC initially launched its investigation into Microsoft's allegedly abusive Teams bundling last July. Its probe came after Slack and Alfaview makers complained that Microsoft may be violating Article 102 of the Treaty on the Functioning of the European Union (TFEU), "which prohibits the abuse of a dominant market position."

Nearly one year later, there's no telling when the EC's inquiry into Microsoft Teams will end. Microsoft will have a chance to review all evidence of infringement gathered by EU regulators to form its response. After that, the EC will review any additional evidence before making its decision, and there is no legal deadline to complete the antitrust inquiry, the EC said.

It's possible that the EC's decision may come next year when the EU is preparing to release new guidance to more "vigorously" and effectively enforce TFEU.

Last March, the EC called for stakeholder feedback after rolling out "the first major policy initiative in the area of abuse of dominance rules." The initiative sought to update TFEU for the first time since 2008 based on reviewing relevant case law.

"A robust enforcement of rules on abuse of dominance benefits both consumers and a stronger European economy," Vestager said at that time. "We have carefully analyzed numerous EU court judgments on the application of Article 102, and it is time for us to start working on guidelines reflecting this case law."

US fears EU only targeting US companies

Stakeholders had four weeks to submit comments. Among those providing feedback, however, was the US Chamber of Commerce (COC), which warned that the EU's updated guidance didn't seem to adhere to case law and would "likely will reduce innovation and lead to higher prices for consumers" when it's adopted. Currently, that is set to happen during the fourth quarter of 2025, the EC's call for comments said.

According to the COC, the EU rushed the comment period and could have missed out on a "meaningful opportunity" to adequately weigh all valid concerns.

"Such a major policy shift deserves more discussion, particularly one that could affect trillions of dollars in commerce and risk fraying transatlantic economic relations," the COC said.

The COC seemed particularly concerned that the EU's upcoming guidance is too lax, allowing enforcement following complaints of potential harms that are unlinked to "actual effects or harm" currently found in markets. On top of that, the EU seemed to be "openly targeting US companies for enforcement," despite "serious concerns" raised by US Secretary of Commerce Gina Raimondo that EU's stricter digital laws would "disproportionately impact” US tech companies.

"There are growing concerns in the US— among policymakers and in the business community—that the Commission is using competition policy to promote a protectionist agenda," the COC said, suggesting that the EU was seeking to update laws to benefit domestic companies over foreign rivals.

"The proposed guidelines raise questions about whether the Commission intends to utilize its abuse of dominance review solely to exercise significant discretionary authority over American companies without training its review on any European companies," the COC said.

Microsoft did not submit feedback, but Google raised additional concerns that, seemingly contradictory to the EC's purposes, the guidelines depart from case law.

According to Google, case law "has reiterated that anticompetitive effects must be more than merely plausible" and "that any doubt regarding the existence of potential effects must benefit" dominant companies.

Google agreed with the COC that the EU risked "lowering" the "relevant standard for intervention" under TFEU, "particularly given the Commission’s position" that "it is sufficient for effects to be 'potential,' that it is not necessary to conduct a counterfactual analysis, or show 'full causality,' or determine whether the alleged foreclosure effects may be due to competitors’ lesser efficiency or attractiveness."

"A finding of anticompetitive foreclosure should, at a minimum, require establishing that the impugned conduct compromises rivals’ ability and incentive to compete effectively in the market," Google suggested.

The COC warned that the EU's bid to potentially "punish success" would likely "lead to overenforcement against targeted companies" and "increase those firms’ costs, reducing their incentive to innovate."

Just this week, the COC's fears seemed to be substantiated as the EC cracked down on Microsoft and Apple. On Monday, the Commission concluded that Apple may be violating the Digital Markets Act by preventing "app developers from freely steering consumers to alternative channels for offers and content."

"The Digital Markets Act is another discriminatory measure that departs fundamentally from sound competition policy by creating rules without any linkage to actual effects or harm," the COC told the EC.

For Microsoft, the fear of repeat targeting or lowering the standard for enforcement is likely more concerning since Microsoft was already fined by the EU two decades ago over illegal bundling, Reuters reported.

Back then, Microsoft had to fork over $2.4 billion, and now Microsoft risks even higher fines since it's worth more than ever, and fines are based on a percentage of its revenue. In January, Microsoft became the second company ever worth $3 trillion, CNN reported.

For rivals, though, intervention is apparently urgently needed to stop Microsoft's alleged anticompetitive behavior with Teams, as Slack owner Salesforce has argued. Sabastian Niles, Salesforce's president and chief legal officer, told Reuters that Salesforce has pushed the EC to "move towards a swift, binding, and effective remedy to restore a free and fair choice."

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Citing national security, US will ban Kaspersky anti-virus software in July

Tue, 25 Jun 2024 18:58:49 +0000

Kaspersky blames the "present geopolitical climate and theoretical concerns."

The Biden administration will ban all sales of Kaspersky antivirus software in the US starting in July, according to reporting from Reuters and a filing from the US Department of Commerce (PDF).

The US believes that security software made by Moscow-based Kaspersky Lab represents a national security risk and that the Russian government could use Kaspersky's software to install malware, block other security updates, and "collect and weaponize the personal information of Americans," said US Commerce Secretary Gina Raimondo.

“When you think about national security, you may think about guns and tanks and missiles,” said Raimondo during a press briefing, as reported by Wired. “But the truth is, increasingly, it's about technology, and it's about dual-use technology, and it's about data.”

US businesses and consumers will be blocked from buying new software from Kaspersky starting on or around July 24, 2024, 30 days after the restrictions are scheduled to be published in the federal register. Current users will still be able to download the software, resell it, and download new updates for 100 days, which Reuters says will give affected users and businesses time to find replacement software. Rebranded products that use Kaspersky's software will also be affected.

Companies that continue to sell Kaspersky's software in the US after the ban goes into effect could be subject to fines.

The ban follows a two-year national security probe of Kaspersky's antivirus software by the Department of Commerce. It's being implemented using authority that the government says it was given under a national defense authorization act signed during the Trump administration in 2018.

The ban is the culmination of long-running concern across multiple presidential administrations. Kaspersky's software was banned from systems at US government agencies following allegations of the company's links to Russian intelligence operations. A month after Russia began its invasion of Ukraine in early 2022, the US Federal Communications Commission went one step further, adding Kaspersky to a security threat list that included Chinese hardware makers Huawei and ZTE. Adding Kaspersky to that list didn't ban consumer sales, but it did prevent Kaspersky from receiving funding from the FCC.

For its part, Kaspersky and its representatives have always denied the US government's allegations. CEO Eugene Kaspersky called the 2017 reports "BS brewed on [a] political agenda," and the company similarly accused the FCC in 2022 of making decisions "on political grounds" and "not based on any technical assessment of Kaspersky products."

Update, 6/21/2024 at 5pm Eastern: Kaspersky shared the following statement with Ars, reiterating that it views the Department of Commerce's moves as primarily political rather than motivated by fact and vowing to "pursue all legally available options" to protect its business. We've included the full text of the company's statement below.

"Kaspersky is aware of the decision by the U.S. Department of Commerce to prohibit the usage of Kaspersky software in the United States. The decision does not affect the company’s ability to sell and promote cyber threat intelligence offerings and/or trainings in the U.S. Despite proposing a system in which the security of Kaspersky products could have been independently verified by a trusted 3rd party, Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services. Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies. The company intends to pursue all legally available options to preserve its current operations and relationships.

For over 26 years, Kaspersky has succeeded in its mission of building a safer future by protecting over a billion devices. Kaspersky provides industry-leading products and services to customers around the world to protect them from all types of cyber threats, and has repeatedly demonstrated its independence from any government. Additionally, Kaspersky has implemented significant transparency measures that are unmatched by any of its cybersecurity industry peers to demonstrate its enduring commitment to integrity and trustworthiness. The Department of Commerce’s decision unfairly ignores the evidence.

The primary impact of these measures will be the benefit they provide to cybercrime. International cooperation between cybersecurity experts is crucial in the fight against malware, and yet this will restrict those efforts. Furthermore, it takes away the freedom that consumers and organizations, large and small, should have to use the protection they want, in this case forcing them away from the best anti-malware technology in the industry, according to independent tests. This will cause a dramatic disruption for our customers, who will be forced to urgently replace technology they prefer and have relied upon for their protection for years.

Kaspersky remains committed to protecting the world from cyberthreats. The company’s business remains resilient and strong, marked by an 11-percent growth in sales bookings in 2023. We look forward to what the future holds, and will continue to defend ourselves against actions that seek to unfairly harm our reputation and commercial interests."

Source

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

Tue, 25 Jun 2024 18:54:56 +0000

Malicious updates available from WordPress.org create attacker-controlled admin account.

WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday.

So far, five plugins are known to be affected in the campaign, which was active as recently as Monday morning, researchers from security firm Wordfence reported. Over the past week, unknown threat actors have added malicious functions to updates available for the plugins on WordPress.org, the official site for the open source WordPress CMS software. When installed, the updates automatically create an attacker-controlled administrative account that provides full control over the compromised site. The updates also add content designed to goose search results.

Poisoning the well

“The injected malicious code is not very sophisticated or heavily obfuscated and contains comments throughout making it easy to follow,” the researchers wrote. “The earliest injection appears to date back to June 21st, 2024, and the threat actor was still actively making updates to plugins as recently as 5 hours ago.”

The five plugins are:

Social Warfare (https://wordpress.org/plugins/social-warfare/) - 30,000 installs
BLAZE Retail Widget (https://wordpress.org/plugins/blaze-widget/) - 10 installs
Wrapper Link Elementor (https://wordpress.org/plugins/wrapper-link-elementor/) - 1,000 installs
Contact Form 7 Multi-Step Addon (https://wordpress.org/plugins/contact-form-7-multi-step-addon/) - 700 installs
Simply Show Hooks (https://wordpress.org/plugins/simply-show-hooks/) - 4,000 installs

Over the past decade, supply-chain attacks have evolved into one of the most effective vectors for installing malware. By poisoning software at the very source, threat actors can infect large numbers of devices when users do nothing more than run a trusted update or installation file. Earlier this year, disaster was narrowly averted after a backdoor planted in the widely used open source XZ Utils code library was discovered, largely by luck, a week or two before it was scheduled for general release. Examples of other recent supply-chain attacks abound.

The researchers are in the process of further investigating the malware and how it became available for download in the WordPress plugin channel. Representatives of WordPress, BLAZE, and Social Warfare didn’t respond to emailed questions. Representatives for developers of the remaining three plugins couldn’t be reached because they provided no contact information on their sites.

The Wordfence researchers said the first indication they found of the attack was on Saturday from this post by a member of the WordPress plugins review team. The researchers analyzed the malicious file and identified four other plugins that were infected with similar code. The researchers wrote further:

At this stage, we know that the injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server. In addition, it appears the threat actor also injected malicious JavaScript into the footer of websites that appears to add SEO spam throughout the website. The injected malicious code is not very sophisticated or heavily obfuscated and contains comments throughout making it easy to follow. The earliest injection appears to date back to June 21st, 2024, and the threat actor was still actively making updates to plugins as recently as 5 hours ago. At this point we do not know exactly how the threat actor was able to infect these plugins.

Anyone who has installed one of these plugins should uninstall it immediately and carefully inspect their site for recently created admin accounts and malicious or unauthorized content. Sites that use the Wordfence Vulnerability Scanner will receive a warning if they’re running one of the plugins.

The Wordfence post also recommended people check their sites for connections from the IP address 94.156.79.8 and admin accounts with the usernames Options or PluginAuth.

Source

Chrome for Android tests feature that securely verifies your ID with sites

Tue, 25 Jun 2024 18:22:53 +0000

Google is testing a new feature called "Digital Credential API" for Chrome on Android that allows websites to securely request identity information, such as driver's licenses and passports, stored in mobile wallets.

According to Google's official documentation, the Identity Credential APIs provide an interface to a secure store that holds identity documents. These documents can be passports, drivers licenses, or any other identification document uploaded by the user.

Digital Credential API integration in Chrome uses Android's IdentityCredential system, which supports various types of credentials and data.

Google says integrating "Digital Credential API" would allow sites to request real-world identity information from wallets via Android's IdentityCredential CredMan system, allowing websites to securely verify your identity without requiring you to upload documents manually.

"Government-recognized documents play a big and constructive role in society (e.g., drivers licenses, passports, etc.)," explains Google's explainer on the new feature.

"Increasingly, with the movement of government and financial services online, and regulation (e.g. eIDAS and various age verification regulations), these paper-based documents are gaining digital counterparts."

This new feature allows websites to request identity information directly from your mobile wallet using a secure system called IdentityCredential.

When a website needs your ID, like a digital driver's license, it sends a request through Chrome. The user will see the request and choose whether to approve it.

If approved, Android will securely send the necessary information from the wallet to the requesting site, only sharing what is necessary. This way, your data is protected, and you control what information is shared.

"Websites can and do get credentials from mobile wallet apps through a variety of mechanisms today (custom URL handlers, QR code scanning, etc.)," Google noted in a support document.

"It is extensible to support multiple credential formats (eg. ISO mDoc and W3C verifiable credential) and allows multiple wallet apps to be used. Mechanisms will be added to help reduce the risk of ecosystem-scale abuse of real-world identity," the company added.

It's unclear when the feature will be available, but Google is still experimenting with the idea and will share more details soon.

Source

Microsoft Defender thinks you created your own Windows PC virus by writing this one line

Mon, 24 Jun 2024 19:33:06 +0000

Microsoft Defender is generally considered to be an excellent anti-malware solution even though it comes as a stock Windows app. Threat detection assessments from AV-Comparatives and AV-TEST have shown that Defender performs well against third-party solutions.

It is not flawless though and from time to time, we get false alarms from it. In the past, Windows security has flagged Office updates as malware, Google Chrome updates as "suspicious," legitimate URLs and links as viruses, and most recently, Edge was found blocking websites from loading and it was due to a freshly deprecated Defender feature.

Microsoft explained in 2022 how it was improving its ways such that false positives and negatives could be reduced but clearly much more work remains to be done.

A couple of days ago, X user yappy noticed that Defender would flag a text file if one would write the following on it: "This content is no longer available." As soon as you write this on a TXT file and try to save it, Defender flags it as a severe threat since it thinks it is a Casdet trojan and is described as "Trojan:Win32/Casdet!rfn."

While the x user first thought it was due to a SHA-256 collision, it looks like the issue is elsewhere. Here's what Trojan:Win32/Casdet!rfn is according to Microsoft's official website:

Trojan:Win32/Casdet!rfn

Summary

Microsoft Defender Antivirus detects and removes this threat.

This threat can perform a number of actions of a malicious hacker's choice on your PC.

Hence the description from Microsoft itself is not particularly useful. Obviously, this is not a major problem as it won't break Windows like some of these odd and weird bugs do like the Y2K38 superbug. Microsoft should hopefully be able to fix it with updated definitions.

Speaking of updated definitions, Microsoft recently released new images for Windows 11, 10 and Server installations.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Microsoft fixes six security vulnerabilities in the latest Edge update

Fri, 21 Jun 2024 23:07:03 +0000

Microsoft Edge has received an important update in the Stable Channel. It does not contain any new features or visible improvements, but it fixes six security vulnerabilities to make your browsing experience safer. Version 126.0.2592.68 is now available for download with two Edge-specific patches and four Chromium-related fixes for high-severity vulnerabilities.

Microsoft has released the latest Microsoft Edge Stable Channel (Version 126.0.2592.68) which incorporates the latest Security Updates of the Chromium project. For more information, see the Security Update Guide.

This update contains the following Microsoft Edge-specific updates:

CVE-2024-38082

CVE-2024-38093

Here are the Chromium-related vulnerabilities that Microsoft Edge 126.0.2592.68 fixes:

CVE-2024-6103: Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-6102: Out-of-bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-6101: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out-of-bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2024-6100: Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Microsoft Edge will update itself automatically in the background and apply the update upon the next restart. As usual, you can force-update the browser by heading to Menu > Help & Feedback > About Microsoft Edge or the edge://settings/help page.

As a reminder, Microsoft released Edge 126 in the Stable Channel earlier this month. The update brought an AI-based theme generator, Copilot summarization notifications, security setting controls in the Microsoft Edge management service, and plenty of various under-the-hood improvements or small fixes. Check out the release notes for Microsoft Edge 126 here.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Exclusive: Biden to ban US sales of Kaspersky software over Russia ties, source says

Thu, 20 Jun 2024 17:40:46 +0000

WASHINGTON, June 20 (Reuters) - The Biden administration on Thursday will announce plans to bar the sale of antivirus software made by Russia's Kaspersky Labs in the United States, a person familiar with the matter said, citing the firm's large U.S. customers including critical infrastructure providers and state and local governments.

The company's close ties to the Russian government were found to pose a critical risk, the person said, adding that the software's privileged access to a computer's systems could allow it to steal sensitive information from American computers, install malware or withhold critical updates.

The sweeping new rule, using broad powers created by the Trump administration, will be coupled with another move to add the company to a trade restriction list, according to two other people familiar with the matter, dealing a blow to the firm's reputation that could hammer its overseas sales.

The plan to add the cybersecurity company to the entity list, which effectively bars a company's U.S. suppliers from selling to it, and the timing and details of the software sales prohibition, have not been previously reported.

A spokesperson for the Commerce Department declined to comment, while Kaspersky Lab and the Russian Embassy did not respond to requests for comment. Previously, Kaspersky has said that it is a privately managed company with no ties to the Russian government.

The moves show the administration is trying to stamp out any risks of Russian cyberattacks stemming from Kaspersky software and keep squeezing Moscow as its war effort in Ukraine has regained momentum and as the United States has run low on fresh sanctions it can impose on Russia.

It also shows the Biden administration is harnessing a powerful new authority that allows it to ban or restrict transactions between U.S. firms and internet, telecom and tech companies from "foreign adversary" nations like Russia and China.

The tools are largely untested.

Former President Donald Trump used them to try to bar Americans from using Chinese social media platforms TikTok and WeChat, but federal courts halted the moves.

The new restrictions on inbound sales of Kaspersky software, which will also bar downloads of software updates, resales and licensing of the product, kick in on Sept. 29, 100 days after publication, to give businesses time to find alternatives. New U.S. business for Kaspersky will be blocked 30 days after the restrictions are announced.

Sales of white-labeled products — that integrate Kaspersky into software sold under a different brand name — will also be barred, the source said, noting that the Commerce Department will notify the companies before taking enforcement action against them.

It is less clear what impact the entity listing will have on Kaspersky, whose Russian business is already subject to sweeping U.S. export restrictions over Ukraine which make it almost impossible for any U.S.-made items other than food or medical equipment to reach Russia.

If the Commerce Department adds foreign units of Kaspersky to the entity list that purchase significant inputs from the United States, the move could crimp its supply chain. If it only adds the Russian entity, the impact will be largely reputational.

Kaspersky has long been in regulators' crosshairs. In 2017, the Department of Homeland Security banned its flagship antivirus product from federal networks, alleging ties to Russian intelligence and noting Russian law lets intelligence agencies compel assistance from Kaspersky and intercept communications using Russian networks.

Media reports at the time alleged Kaspersky Lab was involved in taking hacking tools from a National Security Agency employee that ended up in the hands of the Russian government. Kaspersky responded by saying it had stumbled upon the code but said no third parties saw it.

Pressure on the company's U.S. business grew after Moscow's move against Kyiv; The U.S. government privately warned some American companies the day after Russia invaded Ukraine in February 2022 that Moscow could manipulate software designed by Kaspersky to cause harm, Reuters reported.

The war also prompted the Commerce Department to ramp up the national security probe into the software, first reported by Reuters, that resulted in Thursday's action.

The delayed unveiling of the prohibition is due in part to a "significant back and forth" with Kaspersky, which proposed mitigating measures instead of an outright ban, the source said.

However, the agency concluded that the threats, especially the ties to the Russian government, meant "there really were no mitigating measures that could be implemented to address those risks."

Under the new rules, sellers and resellers who violate the restrictions will face fines from the Commerce Department. If someone willfully violates the prohibition, the Justice Department can bring a criminal case. Software users will not face legal penalties but will be strongly encouraged to stop using it.

Kaspersky, which has a U.K. holding company and operations in Massachusetts, said in a corporate profile that it generated revenue of $752 million in 2022 from more than 220,000 corporate clients in some 200 countries. Its website lists Italian vehicle maker Piaggio (PIA.MI), Volkswagen's (VOWG_p.DE), retail division in Spain and the Qatar Olympic Committee among its customers.

Source

Car Dealers Are Idle Across the US After Second Cyberattack

Thu, 20 Jun 2024 14:26:57 +0000

(Bloomberg) -- Auto retailers across the US suffered a second major disruption in as many days after another cyberattack at CDK Global, the software provider thousands of dealers rely on to run their stores.

CDK informed customers Thursday of the incident that occurred late the prior evening. The company shut down most of its systems again and said in a recorded update that it doesn’t have an estimate for how long it will take to restore services.

“Our dealers’ systems will not be available at a minimum on Thursday,” the company said.

On what otherwise would have been a busy US holiday for business, dealers reliant on CDK were unable to complete transactions, access customer records, schedule appointments or handle car-repair orders. CDK works with almost 15,000 dealerships, supporting front-office salespeople, back-office support staff and parts-and-service shops.

Source

CDK Global cyberattack impacts thousands of US car dealerships

Wed, 19 Jun 2024 21:02:27 +0000

Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally.

CDK Global provides clients in the auto industry a SaaS platform that handles all aspects of a car dealership's operation, including CRM, financing, payroll, support and service, inventory, and back office operations.

The company is used by over 15,000 car dealerships in North America and has thousands of employees throughout the country.

To use CDK's services, car dealerships configure an always-on VPN to the SaaS provider's data centers, allowing their locally installed applications to access the platform.

Last night and into this morning, CDK Global suffered a cyberattack that caused it to shut down its IT systems, phones, and applications to prevent the attack's spread.

Brad Holton, CEO of Proton Dealership IT, a cybersecurity and IT services firm for car dealerships, told BleepingComputer that the attack caused CDK to take its two data centers offline at approximately 2 AM last night.

Employees at multiple car dealerships have also told BleepingComputer that CDK has not shared much information other than to send an email warning that they suffered a cyber incident.

"We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems," reads an email shared with BleepingComputer.

"We are currently assessing the overall impact and currently have no ETA."

Some of these employees have also shared concerns that threat actors could use the always-on VPN to pivot into the internal network of car dealerships.

An IT professional for one dealership told BleepingComputer CDK advised them to disconnect the always-on VPN out of caution.

Holton explained that CDK software running on devices has administrative privileges used to deploy updates, which could explain why CDK recommends disconnecting from the data centers.

While some users have stated that they can log in with old credentials that were upgraded during CDK's transition to a modern single-sign-on platform, BleepingComputer has been told that the application does not work as expected.

If you have any information regarding this incident or any other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at tips@bleepingcomputer.com.

Widespread disruption

The outage has led to widespread disruption among car dealerships using their platform to track and order car parts, conduct new sales, and offer financing.

Employees have reported on Reddit that they were left with nothing to do or were forced to go back to paper and pencil. Some dealerships are sending employees home for the day due to the outages.

"We are almost to that point… no parts, no ROs, no times… just dead vehicles with nothing to show for them or parts to fix them," a dealership employee posted to Reddit.

"Excel spreadsheets and post it notes for any parts we're handing out. Any big jobs are not happening," another employee commented.

While there has been no official statement from CDK, it is rumored that the company suffered a ransomware attack that also impacted its backups.

BleepingComputer has been unable to confirm this information independently, but if it was a ransomware attack, the outages will likely last for days, if not into next week and longer.

When ransomware gangs breach corporate networks, they quietly spread to other devices while stealing corporate data.

Once all data has been stolen and the threat actors gain administrative privileges, they encrypt all of the devices on the network, leaving behind ransom notes with instructions on contacting the hackers.

The encrypted devices and stolen data are used in double-extortion schemes, where the threat actors demand a ransom payment to provide a decryptor and to delete and not publish any stolen data.

These negotiations can take weeks, and if a ransom is not paid, the threat actors ultimately leak the corporate data, which usually includes the personal information of employees and, potentially, customers.

Update 6/19/24: CDK shared the following statement with BleepingComputer:

"We are actively investigating a cyber incident. Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible." - CDK.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

Manifest v3 update: Vivaldi is future-proofed with its built-in functionality

Wed, 19 Jun 2024 15:07:39 +0000

Google is forcing an update from manifest v2 to v3. With the most important functionality built into Vivaldi, it will have a limited impact. Those running extensions not supporting v3 will be affected. Vivaldi’s goal to make bad ads sad continues, regardless.

Chromium, the open-source engine on which Vivaldi is based, has announced that its extension format has changed. Extensions that are not updated from its deprecated Manifest version 2 format will gradually stop working; many of those extensions are ad-blockers.

We’re not opposed to phasing out the old format; extensions that used it can be a performance drag, slowing down pages and allowing third-party scripts to modify them. One of our desktop developers, Daniel Aleksandersen, explains this on his personal blog:

The crux of the matter is the proposed deprecation of the webRequest API in favor of the newer declarativeNetRequest API. The webRequest API let extension developers intercept all network requests, pause them while they evaluated and blocked or modify them in JavaScript, and only then begin fulfilling the requests. These are quite powerful capabilities with big privacy, security, and performance implications.

The ability to inject code that is not originally part of the extension bundle is being removed. This is a good thing for security. But inevitably, this means that any extension whose author hasn’t updated their code to the new format will stop working.

We will keep Manifest v2 for as long as it’s still available in Chromium. We expect to drop support in June 2025, but we may maintain it longer or be forced to drop support for it sooner, depending on the precise nature of the changes to the code.

Here at Vivaldi, it’s always been our policy to build the most important functionality into the browser, so you don’t have to trust an unknown third party and worry that it’s in danger of going away.

That’s why we have long provided our built-in tracker and ad blocker, which isn’t dependent on Chrome’s extension architecture, and we’re continually upgrading its powers and performance – In the upcoming Vivaldi 6.8, we have added support for the hosts file format, and we plan to include more features to our tracker and ad blocker.

Naturally the Vivaldi Tracker and Ad-Blocker is customisable, so you can add lists of sites to block (or, conversely, which sites to allow ads from if you want to see them and contribute to the content provider’s revenue).

Source

If you use an adblocker, you need to read this!

Tue, 18 Jun 2024 19:21:01 +0000

A fundamental shift that concerns adblockers will happen in the next twelve months. You may have heard about Google ending support for the old ruleset for extensions in favor of a new one. Google, citing security, privacy, and performance for the change, has been heavily criticized for it.

One of the main objections is that content blockers will lose effectiveness once the change goes live. While Google did make adjustments to the new ruleset, it never addressed the main point of criticism that developers of adblockers had.

In short: while adblockers continue to remain available for Chrome and other Chromium-based browsers, they won't be the most effective tools anymore.

It is possible that some users won't notice a difference to before. If you do not use advanced options and keep most settings set to the defaults, you may be fine. This is however not the case for users who use advanced options.

In fact, the only browser that retains full content blocking capabilities for extensions is Firefox (and any Firefox fork also).

All Chromium-based browsers, including Google Chrome, Microsoft Edge, Brave, Opera, or Vivaldi, won't support best in class adblockers anymore. An extension like uBlock Origin, which is the adblocker that is regarded to be the cream of the crop, will be superior on Firefox going forward.

Many developers of Chromium-based browsers are not too happy about the change. Vivaldi, for instance, released a statement this week regarding the change. The team appears to be genuinely displeased by Google's decision and plans to keep on supporting the old ruleset for as long as possible.

The makers of Brave Browser also said that they will continue to support extensions that use the old ruleset.

Come mid-2025, it is very likely that all Chromium-based browser developers are forced to end support though. While it is theoretically possible that some find a way to keep on supporting old extensions, it would likely require dedicating development resources for that task.

Another thing to consider is that Google will remove all old extensions from the official Chrome Web Store eventually. Since it is the main source for extensions for all Chromium-based browsers, once has to wonder how well continued support would work anyway.

This change won't affect built-in content blockers. Some of these are quite good for the majority of tasks, but they are still not as good as uBlock Origin.

Vivaldi, Brave, or Opera support internal adblockers. You may need to enable them in the browser, but you do get a level of content blocking without having to install an extension.

What you may do

Your next action depends largely on the adblocker and browser that you are using:

If you use an adblocker extension in a Chromium-based browser, check if it supports the new ruleset (also known as Manifest V3). If it does, check if it supports all the features you need.
- If the answer is no, you may consider switching to a browser that continues to support the extension (which is Firefox or one of its forks).
- You may notice this automatically at one point, as Google will disable old extensions that do not support the new ruleset.
If you use an adblocker extension in Firefox, you do not have to do anything.
If you use a built-in adblocker in any browser, you do not have to do anything.

What about you? Are you worried about the upcoming change?

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every single day for many years.

2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts