The FTC is issuing more than $5.6 million in refunds to Ring customers as part of a privacy settlement. The Associated Press reports: In a 2023 complaint, the FTC accused the doorbell camera and home security provider of allowing its employees and contractors to access customers' private videos. Ring allegedly used such footage to train algorithms without consent, among other purposes. Ring was also charged with failing to implement key security protections, which enabled hackers to take control of customers' accounts, cameras and videos. This led to "egregious violations of users' privacy," the FTC noted.

The resulting settlement required Ring to delete content that was found to be unlawfully obtained, establish stronger security protections and pay a hefty fine. The FTC says that it's now using much of that money to refund eligible Ring customers. According to a Tuesday notice, the FTC is sending 117,044 PayPal payments to impacted consumers who had certain types of Ring devices -- including indoor cameras -- during the timeframes that the regulators allege unauthorized access took place. Eligible customers will need to redeem these payments within 30 days, according to the FTC -- which added that consumers can contact this case's refund administrator, Rust Consulting, or visit the FTC's FAQ page on refunds for more information about the process.

An anonymous reader quotes a report from BleepingComputer: A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). The developers are asked to perform tasks supposedly related to the interview, like downloading and running code from GitHub, in an effort to make the entire process appear legitimate. However, the threat actor's goal is make their targets download malicious software that gathers system information and enables remote access to the host. According to Securonix analysts, the campaign is likely orchestrated by North Korean threat actors based on the observed tactics. The connections are not strong enough for attribution, though. [...]

Although the perpetrators of the Dev Popper attack aren't known, the tactic of using job lures as bait to infect people with malware is still prevalent, so people should remain vigilant of the risks. The researchers note that the method "exploits the developer's professional engagement and trust in the job application process, where refusal to perform the interviewer's actions could compromise the job opportunity," which makes it very effective.

The head of Britain's domestic intelligence agency warned the country's leading research universities on Thursday that foreign states are targeting their institutions and imperilling national security. The Record: "We know that our universities are being actively targeted by hostile actors and need to guard against the threat posed to frontier research in the most sensitive sectors," said the deputy prime minister Oliver Dowden, who also attended the briefing. The threat requires "further measures," said the deputy PM, who announced that the government was launching a consultation with the sector so it could "do more to support our universities and put the right security in place to protect their cutting-edge research."

The briefing was delivered by Ken McCallum, the director general of MI5, alongside Dowden and the National Cyber Security Centre's interim chief executive, Felicity Oswald. It was made to the vice-chancellors of the Russell Group, a collective of the country's 24 leading universities. Among the range of measures being considered is having MI5, the domestic security agency, carry out security vetting on key researchers involved in a "small proportion of academic work, with a particular focus on research with potential dual uses in civilian and military life."

A now-abandoned USB worm that backdoors connected devices has continued to self-replicate for years since its creators lost control of it and remains active on thousands, possibly millions, of machines, researchers said Thursday. ArsTechnica: The worm -- which first came to light in a 2023 post published by security firm Sophos -- became active in 2019 when a variant of malware known as PlugX added functionality that allowed it to infect USB drives automatically. In turn, those drives would infect any new machine they connected to, a capability that allowed the malware to spread without requiring any end-user interaction. Researchers who have tracked PlugX since at least 2008 have said that the malware has origins in China and has been used by various groups tied to the country's Ministry of State Security.

For reasons that aren't clear, the worm creator abandoned the one and only IP address that was designated as its command-and-control channel. With no one controlling the infected machines anymore, the PlugX worm was effectively dead, or at least one might have presumed so. The worm, it turns out, has continued to live on in an undetermined number of machines that possibly reaches into the millions, researchers from security firm Sekoia reported. The researchers purchased the IP address and connected their own server infrastructure to "sinkhole" traffic connecting to it, meaning intercepting the traffic to prevent it from being used maliciously. Since then, their server continues to receive PlugX traffic from 90,000 to 100,000 unique IP addresses every day.

U.S. authorities consider DJI a security threat. Congress is weighing legislation to ban it [non-paywalled link], prompting a lobbying campaign from the company, which dominates the commercial and consumer drone markets. The New York Times: DJI is on a Defense Department list of Chinese military companies whose products the U.S. armed forces will be prohibited from purchasing in the future. As part of the defense budget that Congress passed for this year, other federal agencies and programs are likely to be prohibited from purchasing DJI drones as well. The drones -- though not designed or authorized for combat use -- have also become ubiquitous in Russia's war against Ukraine.

The Treasury and Commerce Departments have penalized DJI over the use of its drones for spying on Uyghur Muslims who are held in camps by Chinese officials in the Xinjiang region. Researchers have found that Beijing could potentially exploit vulnerabilities in an app that controls the drone to gain access to large amounts of personal information, although a U.S. official said there are currently no known vulnerabilities that have not been patched. Now Congress is weighing legislation that could kill much of DJI's commercial business in the United States by putting it on a Federal Communications Commission roster blocking it from running on the country's communications infrastructure.

The bill, which has bipartisan support, has been met with a muscular lobbying campaign by DJI. The company is hoping that Americans like Mr. Nordfors who use its products will help persuade lawmakers that the United States has nothing to fear -- and much to gain -- by keeping DJI drones flying. "DJI presents an unacceptable national security risk, and it is past time that drones made by Communist China are removed from America," Representative Elise Stefanik, Republican of New York and one of the bill's primary sponsors, said in an emailed statement this month.

Sam Altman of OpenAI and the chief executives of Nvidia, Microsoft and Alphabet are among technology-industry leaders joining a new federal advisory board focused on the secure use of AI within U.S. critical infrastructure, in the Biden administration's latest effort to fill a regulatory vacuum over the rapidly proliferating technology. From a report: The Artificial Intelligence Safety and Security Board is part of a government push to protect the economy, public health and vital industries from being harmed by AI-powered threats, U.S. officials said. Working with the Department of Homeland Security, it will develop recommendations for power-grid operators, transportation-service providers and manufacturing plants, among others, on how to use AI while bulletproofing their systems against potential disruptions that could be caused by advances in the technology.

In addition to Nvidia's Jensen Huang, Microsoft's Satya Nadella, Alphabet's Sundar Pichai and other leaders in AI and technology, the panel of nearly two dozen consists of academics, civil-rights leaders and top executives at companies that work within a federally recognized critical-infrastructure sector, including Kathy Warden, chief executive of Northrop Grumman, and Delta Air Lines Chief Executive Ed Bastian. Other members are public officials, such as Maryland Gov. Wes Moore and Seattle Mayor Bruce Harrell, both Democrats.

Thomas Claburn reports via The Register: Baltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and antisemitic remarks. Darien, of Baltimore, Maryland, was subsequently charged with witness retaliation, stalking, theft, and disrupting school operations. He was detained late at night trying to board a flight at BWI Thurgood Marshall Airport. Security personnel stopped him because the declared firearm he had with him was improperly packed and an ensuing background check revealed an open warrant for his arrest.

"On January 17, 2024, the Baltimore County Police Department became aware of a voice recording being circulated on social media," said Robert McCullough, Chief of Baltimore County Police, at a streamed press conference today. "It was alleged the voice captured on the audio file belong to Mr Eric Eiswert, the Principal at the Pikesville High School. We now have conclusive evidence that the recording was not authentic. "The Baltimore County Police Department reached that determination after conducting an extensive investigation, which included bringing in a forensic analyst contracted with the FBI to review the recording. The results of the analysis indicated the recording contained traces of AI-generated content." McCullough said a second opinion from a forensic analyst at the University of California, Berkeley, also determined the recording was not authentic. "Based off of those findings and further investigation, it's been determined the recording was generated through the use of artificial intelligence technology," he said.

According to the warrant issued for Darien's arrest, the audio file was shared through social media on January 17 after being sent via email to school teachers. The recording sounded as if Principal Eric Eiswert had made remarks inflammatory enough to prompt a police visit to advise on protective security measures for staff. [...] The clip, according to the warrant, led to the temporary removal of Eiswert from his position and "a wave of hate-filled messages on social media and numerous calls to the school," and significantly disrupted school operations. Police say it led to threats against Eiswert and concerns about his safety. Eiswert told investigators that he believes the audio clip was fake as "he never had the conversations in the recording." And he said he believed Darien was responsible due to his technical familiarity with AI and had a possible motive: Eiswert said there "had been conversations with Darien about his contract not being renewed next semester due to frequent work performance challenges." "It is clear that we are also entering a new deeply concerning frontier as we continue to embrace emerging technology and its potential for innovation and social good," said John Olszewski, Baltimore County Executive, during a press conference. "We must also remain vigilant against those who would have used it for malicious intent. That will require us to be more aware and more discerning about the audio we hear and the images we see. We will need to be careful in our judgment."

prisoninmate shares a report from 9to5Linux: Canonical released today Ubuntu 24.04 LTS (Noble Numbat) as the latest version of its popular Linux-based operating system featuring some of the latest GNU/Linux technologies and Open Source software. Powered by Linux kernel 6.8, Ubuntu 24.04 LTS features the latest GNOME 46 desktop environment, an all-new graphical firmware update tool called Firmware Updater, Netplan 1.0 for state-of-the-art network management, updated Ubuntu font, support for the deb822 format for software sources, increased vm.max_map_count for better gaming, and Mozilla Thunderbird as a Snap by default.

It also comes with an updated Flutter-based graphical desktop installer that's now capable of updating itself and features a bunch of changes like support for accessibility features, guided (unencrypted) ZFS installations, a new option to import auto-install configurations for templated custom provisioning, as well as new default installation options, such as Default selection (previously Minimal) and Extended selection (previously Normal)."

An anonymous reader quotes a report from the New York Times: The Federal Communications Commission voted on Thursday to restore regulations that expand government oversight of broadband providersand aim to protect consumer access to the internet, a move that will reignite a long-running battle over the open internet. Known as net neutrality, the regulations were first put in place nearly a decade ago under the Obama administration and are aimed at preventing internet service providers like Verizon or Comcast from blocking or degrading the delivery of services from competitors like Netflix and YouTube. The rules were repealed under President Donald J. Trump, and have proved to be a contentious partisan issue over the years while pitting tech giants against broadband providers.

In a 3-to-2 vote along party lines, the five-member commission appointed by President Biden revived the rules that declare broadband a utility-like service regulated like phones and water. The rules also give the F.C.C. the ability to demand broadband providers report and respond to outages, as well as expand the agency's oversight of the providers' security issues. Broadband providers are expected to sue to try to overturn the reinstated rules.

The core purpose of the regulations is to prevent internet service providers from controlling the quality of consumers' experience when they visit websites and use services online. When the rules were established, Google, Netflix and other online services warned that broadband providers had the incentive to slow down or block access to their services. Consumer and free speech groups supported this view. There have been few examples of blocking or slowing of sites, which proponents of net neutrality say is largely because of fear that the companies would invite scrutiny if they did so. And opponents say the rules could lead to more and unnecessary government oversight of the industry.

An anonymous reader quotes a report from MIT Technology Review: Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto.

These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps -- built by major internet companies like Baidu, Tencent, and iFlytek -- basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.

In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties. Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping. [...] After the researchers got in contact with companies that developed these keyboard apps, the majority of the loopholes were fixed. But a few companies have been unresponsive, and the vulnerability still exists in some apps and phones, including QQ Pinyin and Baidu, as well as in any keyboard app that hasn't been updated to the latest version.

Google is delaying the end of third-party cookies in Chrome -- again. This marks the third time Google pushed back its original deadline set in January 2020, when the company said it would phase out third-party cookies "within two years" to improve internet security. Digiday reports: The announcement was made on Tuesday ahead of quarterly reports from Google and the ever-watchful U.K. Competition and Markets Authority (CMA), keeping tabs on how this whole situation unfolds.

"We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem," according to a statement Google posted on its website for the Privacy Sandbox. "It's also critical that the CMA has sufficient time to review all evidence including results from industry tests, which the CMA has asked market participants to provide by the end of June. Given both of these significant considerations, we will not complete third-party cookie deprecation during the second half of Q4."

Google did not outline a more specific timetable beyond hoping for 2025. [...] "We remain committed to engaging closely with the CMA and ICO and we hope to conclude that process this year," Google's statement read. "Assuming we can reach an agreement, we envision proceeding with third-party cookie deprecation starting early next year." "We welcome Google's announcement clarifying the timing of third-party cookie deprecation. This will allow time to assess the results of industry tests and resolve remaining issues," said a spokesperson from the CMA. "Under the commitments, Google has agreed to resolve our remaining competition concerns before going ahead with third-party cookie deprecation. Working closely with the ICO we expect to conclude this process by the end of 2024."

At the start of the year, Google started purging third-party cookies for one percent of browser traffic.

An anonymous reader quotes a report from Wired: Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Cisco warned that its so-called Adaptive Security Appliances -- devices that integrate a firewall and VPN with other security features -- had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant's gear to compromise government targets globally in a hacking campaign it's calling ArcaneDoor.

The hackers behind the intrusions, which Cisco's security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn't be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group's espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored. "This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor," a blog post from Cisco's Talos researchers reads. Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China's state interests.

Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. "The investigation that followed identified additional victims, all of which involved government networks globally," the company's report reads. In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco's ASA products. One, which it's calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers' malware to maintain its access to the target devices even when they were rebooted or updated. It's not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances. Cisco advises that customers apply its new software updates to patch both vulnerabilities.

A separate advisory (PDF) from the UK's National Cybersecurity Center notes that physically unplugging an ASA device does disrupt the hackers' access. "A hard reboot by pulling the power plug from the Cisco ASA has been confirmed to prevent Line Runner from re-installing itself," the advisory reads.

Andy Greenberg reports via Wired: More than two months after the start of a ransomware debacle whose impact ranks among the worst in the history of cybersecurity, the medical firm Change Healthcare finally confirmed what cybercriminals, security researchers, and Bitcoin's blockchain had already made all too clear: that it did indeed pay a ransom to the hackers who targeted the company in February. And yet, it still faces the risk of losing vast amounts of customers' sensitive medical data. In a statement sent to WIRED and other news outlets on Monday evening, Change Healthcare wrote that it paid a ransom to a cybercriminal group extorting the company, a hacker gang known as AlphV or BlackCat. "A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure," the statement reads. The company's belated admission of that payment accompanied a new post on its website where it warns that the hackers may have stolen health-related data that would "cover a substantial proportion of people in America."

Cybersecurity and cryptocurrency researchers told WIRED last month that Change Healthcare appeared to have paid that ransom on March 1, pointing to a transaction of 350 bitcoins or roughly $22 million sent into a crypto wallet associated with the AlphV hackers. That transaction was first highlighted in a message on a Russian cybercriminal forum known as RAMP, where one of AlphV's allegedly jilted partners complained that they hadn't received their cut of Change Healthcare's payment. However, for weeks following that transaction, which was publicly visible on Bitcoin's blockchain and which both security firm Recorded Future and blockchain analysis firm TRM Labs told WIRED had been received by AlphV, Change Healthcare repeatedly declined to confirm that it had paid the ransom.

Change Healthcare's confirmation of that extortion payment puts new weight behind the cybersecurity industry's fears that the attack -- and the profit AlphV extracted from it -- will lead ransomware gangs to further target health care companies. "It 100 percent encourages other actors to target health care organizations," Jon DiMaggio, a researcher with cybersecurity firm Analyst1 who focuses on ransomware, told WIRED at the time the transaction was first spotted in March. "And it's one of the industries we don't want ransomware actors to target -- especially when it affects hospitals." Compounding the situation, a conflict between hackers in the ransomware ecosystem has led to a second ransomware group claiming to possess Change Healthcare's stolen data and threatening to sell it to the highest bidder on the dark web. Earlier this month that second group, known as RansomHub, sent WIRED alleged samples of the stolen data that appeared to come from Change Healthcare's network, including patient records and a contract with another health care company.

An anonymous reader quotes a report from Ars Technica: There's a new Linux distro on the scene today, and it's a bit specialized. Its development was led by the automotive electronics supplier Elektrobit, and it's the first open source OS that complies with the automotive industry's functional safety requirements. [...] With Elektrobit's EB corbos Linux for Safety Applications (that sure is a long name), there's an open source Linux distro that finally fits the bill, having just been given the thumbs up by the German organization TUV Nord. (It also complies with the IEC 61508 standard for safety applications.) "The beauty of our concept is that you don't even need to safety-qualify Linux itself," said Moritz Neukirchner, a senior director at Elektrobit overseeing SDVs. Instead, an external safety monitor runs in a hypervisor, intercepting and validating kernel actions.

"When you look at how safety is typically being done, look at communication -- you don't safety-certify the communication specs or Ethernet stack, but you do a checker library on top, and you have a hardware anchor for checking down below, and you insure it end to end but take everything in between out of the certification path. And we have now created a concept that allows us to do exactly that for an operating system," Neukirchner told me. "So in the end, since we take Linux out of the certification path and make it usable in a safety-related context, we don't have any problems in keeping up to speed with the developer community," he explained. "Because if you start it off and say, 'Well, we're going to do Linux as a one-shot for safety,' you're going to have the next five patches and you're off [schedule] again, especially with the security regulation that's now getting toward effect now, starting in July with the UNECE R155 that requires continuous cybersecurity management vulnerability scanning for all software that ends up in the vehicle."

"In the end, we see roughly 4,000 kernel security patches within eight years for Linux. And this is the kind of challenge that you're being put up to if you want to participate in that speed of innovation of an open source community as rich as that of Linux and now want to combine this with safety-related applications," Neukirchner said. Elektrobit developed EB corbos Linux for Safety Applications together with Canonical, and together they will share the maintenance of keeping it compliant with safety requirements over time.