The U.S. Department of Justice has charged Russian-Israeli national, Rostislav Panev, for his alleged role as a developer in the LockBit ransomware group, accused of designing malware and maintaining infrastructure for attacks that extorted over $500 million and caused billions in global damages. CyberScoop reports: The arrest is part of a broader campaign by international law enforcement agencies to dismantle LockBit. In February, a coordinated operation led by the U.K.'s National Crime Agency in cooperation with the FBI and the U.S. Justice Department disrupted LockBit's infrastructure, seizing websites and servers critical to its operations. These efforts significantly curtailed the group's ability to launch further attacks and extort victims.

Panev is one of several individuals charged in connection with LockBit. Alongside him, other key figures have been indicted, including Dmitry Khoroshev, alleged to be "LockBitSupp," the group's primary creator and administrator. Khoroshev, still at large, is accused of developing the ransomware and coordinating attacks on an international scale. The State Department has offered a reward of up to $10 million for his capture.

Meanwhile, numerous members linked to LockBit remain fugitives, such as Russian nationals Artur Sungatov and Ivan Kondratyev, each facing charges for deploying ransomware against multiple industries globally. Mikhail Matveev, another alleged LockBit affiliate, is also at large, with a $10 million reward for his capture. Matveev was recently charged with computer crimes in Russia. You can read the full criminal complaint against Panev here (PDF).

Jurors delivered a mixed verdict on Friday, ruling that Qualcomm had properly licensed its central processor chips from Arm. This decision effectively concludes Arm's lawsuit against Qualcomm, which had the potential to disrupt the global smartphone and PC chip markets.

The dispute stemmed from Qualcomm's $1.4 billion acquisition of chip startup Nuvia in 2021. Arm claimed Qualcomm breached contract terms by using Nuvia's designs without permission, while Qualcomm maintained its existing agreement covers the acquired technology. Arm demanded Qualcomm destroy the Nuvia designs created before the acquisition. Reuters reports: An eight-person jury in U.S. federal court deadlocked on the question of whether Nuvia, a startup that Qualcomm purchased for $1.4 billion in 2021, breached the terms of its license with Arm. But the jury found that Qualcomm did not breach Nuvia's license with Arm.

The jury also found that Qualcomm's chips created using Nuvia technology, which have been central to Qualcomm's push into the personal computer market, are properly licensed under its own agreement with Arm, clearing the way for Qualcomm to continue selling them.

A bipartisan group of senators is calling out the auto industry for its "hypocritical, profit-driven" opposition to national right-to-repair legislation, while also selling customer data to insurance companies and other third-party interests. From a report: In a letter sent to the CEOs of the top automakers, the trio of legislators -- Sens. Elizabeth Warren (D-MA), Jeff Merkley (D-OR), and Josh Hawley (R-MO) -- urge them to better protect customer privacy, while also dropping their opposition to state and national right-to-repair efforts.

"Right-to-repair laws support consumer choice and prevent automakers from using restrictive repair laws to their financial advantage," the senators write. "It is clear that the motivation behind automotive companies' avoidance of complying with right-to-repair laws is not due to a concern for consumer security or privacy, but instead a hypocritical, profit-driven reaction."

Teenagers using Meta's virtual reality headsets to cheat at the popular game Gorilla Tag are unknowingly selling access to their home internet connections to potential cybercriminals, cybersecurity researchers found. The players have been side-loading Big Mama VPN, a free Android app, onto their VR headsets to create lag that makes it easier to win the tag-based game. However, the app simultaneously operates as a residential proxy service, selling access to users' IP addresses on a marketplace frequented by cybercriminals.

Cybersecurity firm Trend Micro discovered VR headsets were the third most common devices using Big Mama VPN, after Samsung and Xiaomi devices. The company's proxy services have been promoted on cybercrime forums and were linked to at least one cyberattack, according to research from security firms Trend Micro and Kela.

Home Assistant (not to be confused with the Google Assistant on Google Home) has launched the Voice Preview Edition (Voice PE), its first dedicated voice assistant hardware for $59. The device offers a privacy-focused, locally controlled solution that supports over 50 languages and integrates seamlessly with the open-source smart home platform. As The Verge notes, Voice PE supports the wake words "Hey Jarvis" right out of the box. From the report: The Voice PE is a small white box, about the size of your palm, with dual microphones and an audio processor. An internal speaker lets you hear the assistant, but you can also connect a speaker to it via a 3.5 mm headphone jack for better-quality media playback. A colored LED ring on top of the Voice PE indicates when the assistant is listening. It surrounds a rotary dial and a physical button, which is used for setup and to talk to the voice assistant without using the wake word. The button can also be customized to do whatever you want (because this is Home Assistant). A physical mute switch is on the side, and the device is powered by USB-C (charger and cable not included). There's also a Grove port where you can add sensors and other accessories.

For those who don't like the idea of always-listening microphones in their home from companies such as Amazon and Google, but who still want the convenience of controlling their home with their voice, the potential here is huge. But it may be a while until Voice PE is ready to replace your Echo or Nest smart speaker. [...] if you want more features, Voice PE can connect to supported AI models, such as ChatGPT or Gemini, to fully replace Assist or use it as a fallback for commands it doesn't understand. But for many smart home users, there will be plenty of value in a simple, inexpensive device that lets you turn your lights on and off, start a timer, and execute other useful commands with your voice without relying on an internet connection.

Craig Wright, an Australian computer scientist living in the UK, has been found guilty of contempt of court for persistently and falsely claiming to be Bitcoin's creator, Satoshi Nakamoto, despite a High Court ruling against his claim. He has been sentenced to 12 months in prison, suspended for two years, and faces jail if he continues his assertions. The BBC reports: [...] Wright, who appeared via videolink, refused to disclose where he was, saying only he was in Asia. It means an international arrest warrant would have to be issued if the UK authorities wanted to detain him.

Wright's actions were described in court as "legal terrorism" that "put people through personal hell" in his campaign to be recognised as Bitcoin's inventor. The judge, Mr Justice Mellor, said Wright arguments were "legal nonsense" but acknowledged that he was not in the UK and "appears to be well aware of countries with which the UK does not have extradition arrangements".

An anonymous reader quotes a report from The Guardian: Montana's top court on Wednesday held that the state's constitution guaranteed a right to a stable climate system and invalidated a law barring regulators from considering the effects of greenhouse gas emissions when permitting new fossil fuel projects. The Montana supreme court upheld a landmark trial court decision last August in favor of 16 young people who said their health and futures were being jeopardized by climate change, which the state aggravates through its permitting of energy projects. The 6-1 decision, the first of its kind by a US state supreme court, came in the first lawsuit to go to trial nationwide by young environmental activists challenging state and federal policies they say are exacerbating climate change.

Spanish police have uncovered a major clue in the year-long investigation of a missing Cuban man, JLPO, after Google Street View images showed a man loading a body-shaped package into a car and pushing a wheelbarrow with a large white package. These images led to the discovery of the victim's dismembered remains in a cemetery and the arrest of two suspects, including the victim's wife and a bar worker. The Independent reports: Spanish police have said the pictures are a "decisive" clue in case, with detectives reportedly launching a murder investigation and arresting two people in connection with the man's death. According to El Pais, police are still investigating the case -- and it appears neither have yet appeared charged before a court.

Longtime Slashdot reader sinij shares a report from Wired with the caption: "This story will be an on-going payday for traffic ticket lawyers. I am ordering one now." From the report: Digital license plates, already legal to buy in a growing number of states and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now one security researcher has shown how they can also be hacked to enable a less benign feature: changing a car's license plate number at will to avoid traffic tickets and tolls -- or even pin them on someone else.

Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to "jailbreak" digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he's able to rewrite a Reviver plate's firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image. That susceptibility to jailbreaking, Rodriguez points out, could let drivers with the license plates evade any system that depends on license plate numbers for enforcement or surveillance, from tolls to speeding and parking tickets to automatic license plate readers that police use to track criminal suspects. "You can put whatever you want on the screen, which users are not supposed to be able to do," says Rodriguez. "Imagine you are going through a speed camera or if you are a criminal and you don't want to get caught."

Worse still, Rodriguez points out that a jailbroken license plate can be changed not just to an arbitrary number but also to the number of another vehicle -- whose driver would then receive the malicious user's tickets and toll bills. "If you can change the license plate number whenever you want, you can cause some real problems," Rodriguez says. All traffic-related mischief aside, Rodriguez also notes that jailbreaking the plates could also allow drivers to use the plates' features without paying Reviver's $29.99 monthly subscription fee. Because the vulnerability that allowed him to rewrite the plates' firmware exists at the hardware level -- in Reviver's chips themselves -- Rodriguez says there's no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display. That means the company's license plates are very likely to remain vulnerable despite Rodriguez's warning -- a fact, Rodriguez says, that transport policymakers and law enforcement should be aware of as digital license plates roll out across the country. "It's a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it," he says.

An anonymous reader quotes a report from TechCrunch: GPS tracking firm Hapn is exposing the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations -- such as the name of their workplace -- spilling from one of Hapn's servers, which TechCrunch has seen.

Hapn, formerly known as Spytec, is a tracking company that allows users to remotely monitor the real-time location of internet-enabled tracking devices, which can be attached to vehicles or other equipment. The company also sells GPS trackers to consumers under its Spytec brand, which rely on the Hapn app for tracking. Spytec touts its GPS devices for tracking the locations of valuable possessions and "loved ones." According to its website, Hapn claims to track more than 460,000 devices and counts customers within the Fortune 500.

The bug allows anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser. The exposed data contains information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker, which uniquely identify each device. The exposed data does not include location data, but thousands of records contain the names and business affiliations of customers who own, or are tracked by, the GPS trackers.

Nebraska's attorney general has sued Change Healthcare over a massive data breach that exposed sensitive medical information of more than 100 million Americans following a February ransomware attack. The lawsuit alleges the UnitedHealth-owned company failed to implement basic security measures, including multi-factor authentication, allowing hackers to breach its systems using credentials from a customer support employee that were posted on Telegram.

The Russian-speaking ALPHV ransomware group accessed personal health records, financial data and treatment information across Change Healthcare's poorly segmented network, according to the complaint filed by Attorney General Mike Hilgers.

Spain's leftwing government has introduced a bill requiring digital platforms and social media influencers with large followings to publish corrections to false or harmful information. The law intends to "[make] life more difficult for those who dedicate themselves to lies and spreading fake news every day," said justice minister Felix Bolanos. The Guardian reports: The draft law replaces legislation from 1984 and targets internet users who have more than 100,000 followers on a single platform or 200,000 across several, the justice ministry said in a statement. These outlets and the platforms that host them must have a mechanism to facilitate citizens' right to ask that false or inaccurate information that harms them be corrected publicly, the ministry said. The correction request will no longer have to be addressed to the outlet's director because confirming their identity is difficult for many "pseudo media," justice minister Felix Bolanos told a press conference.

A San Francisco jury convicted tech entrepreneur Nima Momeni of second-degree murder for the April 2023 stabbing death of Cash App's founder Bob Lee. He faces 15 years to life in prison. The BBC reports: Momeni was found not guilty of the more serious charge of first-degree murder, which denotes a pre-meditated killing. [...] The six-week trial featured dramatic testimony, and details of Mr Lee's drug-fueled final night. According to prosecutors, Momeni stabbed Mr Lee with a kitchen paring knife because he was upset that he had introduced his sister, Khazar Momeni, to a man who gave her GHB, a so-called date rape drug.

Like the prosecution, Nima Momeni's defense team said he had been partying with his sister and Mr Lee on the night of his murder. But they said Momeni had been acting in self-defense. Mr Lee, Momeni said, had lunged at him with a knife over what Momeni described as a "bad joke" at the expense of Mr Lee's family, according to CBS News, the BBC's US partner. Prosecutors pushed back on this account, asking why Momeni did not report the incident to the police or tell anyone that Mr Lee had allegedly attacked him.

Autopsy reports indicated that Mr Lee was under the influence of alcohol, ketamine and cocaine at the time of his death. Defense attorneys argued that a pattern of drug use had made Mr Lee aggressive. "We are victims of drug abuse," Momeni's mother, Mahnaz Tayarani, told reporters outside the courtroom on Tuesday. "I know my son... This is not a fair trial." Ms Tayarani said her son would appeal against the conviction.

The Supreme Court has rejected the broadband industry's challenge to a New York law that requires Internet providers to offer $15- or $20-per-month service to people with low incomes. From a report: In August, six trade groups representing the cable, telecom, mobile, and satellite industries filed a petition asking the Supreme Court to overturn an appeals court ruling that upheld the state law. But the Supreme Court won't take up the case. The Supreme Court denied the telecom groups' petition without comment in a list of orders released yesterday.

Although a US District Court judge blocked the law in 2021, that judge's ruling was reversed by the US Court of Appeals for the 2nd Circuit in April 2024. The Supreme Court's denial of the industry petition leaves the 2nd Circuit ruling in place. The appeals court ruling is an important one for the broader question of how states can regulate broadband providers when the Federal Communications Commission isn't doing so. Trade groups claimed the state law is preempted by former FCC Chairman Ajit Pai's repeal of net neutrality rules, which ended Title II common-carrier regulation of ISPs.

In a 2-1 opinion, a panel of 2nd Circuit appeals court judges said the Pai-era FCC "order stripped the agency of its authority to regulate the rates charged for broadband Internet, and a federal agency cannot exclude states from regulating in an area where the agency itself lacks regulatory authority."

An anonymous reader quotes a report from the New York Times: TikTokasked the Supreme Court on Monday to temporarily block a law that would effectively ban it in the United States in a matter of weeks. Saying that the law violates both its First Amendment rights and those of its 170 million American users, TikTok, which is controlled by a Chinese parent company, urged the justices to maintain the status quo while they decide whether to hear an appeal. "Congress's unprecedented attempt to single out applicants and bar them from operating one of the most significant speech platforms in this nation presents grave constitutional problems that this court likely will not allow to stand," lawyers for TikTok wrote in their emergency application.

President Biden signed the law this spring after it was enacted with wide bipartisan support. Lawmakers said the app's ownership represented a risk because the Chinese government's oversight of private companies would allow it to retrieve sensitive information about Americans or to spread propaganda, though they have not publicly shared evidence that this has occurred. They have also noted that American platforms like Facebook and YouTube are banned in China, and that TikTok itself is not allowed in the country.