An anonymous reader quotes a report from CNN: Several US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software, according to a top US cybersecurity agency. The US Cybersecurity and Infrastructure Security Agency "is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications," Eric Goldstein, the agency's executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. "We are working urgently to understand impacts and ensure timely remediation." It was not immediately clear if the hackers responsible for breaching the federal agencies were a Russian-speaking ransomware group that has claimed credit for numerous other victims in the hacking campaign.

Agencies were much quicker Thursday to deny they'd been affected by the hacking than to confirm they were. The Transportation Security Administration and the State Department said they were not victims of the hack. CISA Director Jen Easterly told MSNBC on Thursday that she was "confident" that there will not be "significant impacts" to federal agencies from the hacks because of the government's defensive improvements. But the news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major US universities and state governments. The hacking spree mounts pressure on federal officials who have pledged to put a dent in the scourge of ransomware attacks that have hobbled schools, hospitals and local governments across the US.

The new hacking campaign shows the widespread impact that a single software flaw can have if exploited by skilled criminals. The hackers -- a well-known group whose favored malware emerged in 2019 -- in late May began exploiting a new flaw in a widely used file-transfer software known as MOVEit, appearing to target as many exposed organizations as they could. The opportunistic nature of the hack left a broad swath of organizations vulnerable to extortion. Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.

Three Romanians ran a complicated online fraud operation -- along with a massive malware botnet -- for nine years, reports ZDNet, netting tens of millions of US dollars, but their crime spree is now over. But now they're all facing long prison sentences.

"The three were arrested in late 2016 after the FBI and Symantec had silently stalked their malware servers for years, patiently waiting for the highly skilled group to make mistakes that would leave enough of a breadcrumb trail to follow back to their real identities."

An anonymous Slashdot reader writes: The group started from simple eBay scams [involving non-existent cars and even a fake trucking company] to running one of the most widespread keylogger trojans around. They were considered one of the most advanced groups around, using PGP email and OTR encryption when most hackers were defacing sites under the Anonymous moniker, and using multiple proxy layers to protect their infrastructure. The group operated tens of fake websites, including a Yahoo subsidiary clone, conned and stole money from their own money mules, and were of the first groups to deploy Bitcoin crypto-mining malware on desktops, when Bitcoin could still be mined on PCs.

The Bayrob group was led by one of Romania's top IT students, who went to the dark side and helped create a malware operation that took nine years for US authorities and the FBI to track and eventually take down. Before turning hacker, he was the coach of Romania's national computer science team, although he was still a student, and won numerous awards in programming and CS contests.

An anonymous reader shares a report: Information technology services account for 9.5 percent of the India's gross domestic product, according to the India Brand Equity Foundation (IBEF), but now, after decades of boom, the future of the industry seems precarious. Since May, workers' groups have reported unusually numerous layoffs. The Forum for IT Employees (FITE) estimates that 60,000 workers have lost their jobs in the past few months (syndicated source). "Employees are being rated as poor performers so companies can get rid of them," said FITE's Chennai coordinator, Vinod A.J. IT companies and some government officials say the numbers have been exaggerated, but industry experts say the country's digital wunderkinds have much to fear. "For the first time, companies are touching middle management," said Kris Lakshmikanth, chief of a recruitment firm called Head Hunters India. Bias against Indians abroad is also compounding workers' fears of layoffs and downsizing at home. President Trump has stoked anxiety among Indian techies, who make up the majority of applicants for the H-1B visa program for highly skilled foreign workers. Trump has talked about sharply restricting H-1Bs, and this year the number of applications dropped a staggering 16 percent as companies prepared for Trump's immigration cutbacks. Instead, Indian outsourcing companies such as Infosys started recruiting Americans, bowing to Trump's calls for "America First." On Monday, India's Prime Minister Modi will meet Trump to talk about trade, visas and climate issues.

An anonymous reader quotes a report from Reuters: U.S. internet companies including Facebook Inc and Amazon Inc have sent President-elect Donald Trump a detailed list of their policy priorities, which includes promoting strong encryption, immigration reform and maintaining liability protections from content that users share on their platforms. The letter sent on Monday by the Internet Association, a trade group whose 40 members also include Alphabet's Google, Uber and Twitter, represents an early effort to repair the relationship between the technology sector and Trump, who was almost universally disliked and at times denounced in Silicon Valley during the presidential campaign. Some of the policy goals stated in the letter may align with Trump's priorities, including easing regulation on the sharing economy, lowering taxes on profits made from intellectual property and applying pressure on Europe to not erect too many barriers that restrict U.S. internet companies from growing in that market. Other goals are likely to clash with Trump, who offered numerous broadsides against the tech sector during his campaign. They include supporting strong encryption in products against efforts by law enforcement agencies to mandate access to data for criminal investigations, upholding recent reforms to U.S. government surveillance programs that ended the bulk collection of call data by the National Security Agency, and maintaining net neutrality rules that require internet service providers to treat web traffic equally. The association seeks immigration reform to support more high-skilled workers staying in the United States. While urging support for trade agreements, the letter does not mention the Trans Pacific Partnership, which Trump has repeatedly assailed with claims it was poorly negotiated and would take jobs away from U.S. workers. The technology sector supported the deal, but members of Congress have conceded since the election it is not going to be enacted.

The Free Software Foundation will be celebrating its 30th anniversary on Oct. 3rd. Recently, you had a chance to ask its founder Richard Stallman about GNU/Linux, free software, and other issues of public concern. Below you'll find his answers to your questions. Learn more about how you can join the FSF here, and help fight the good fight.

brothke writes "If Gartner were to have created the CERT-RMM framework like what is detailed in the book CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience; it likely would be offered to their clients for at least $15,000. With a list price of $79.99, the book is clearly a bargain. Besides being inexpensive, it details an invaluable model that should be seriously considered by nearly every organization." Keep reading for the rest of Ben's review.

brothke writes "As computing and technology has evolved, so too have the security threats correspondingly evolved. The classic Yankee Doodle virus of 1989 did minimal damage, all while playing a patriotic, albeit monotone song. In 2010, aggressive malware now executes in stealth mode, running in the background with an oblivious end-user, and antivirus software that can’t detect it." Read on for the rest of Ben's review.

I get a lot of mail from obviously unbalanced people. Enough in fact, that I've often wondered if there was a institution that allowed their patients to only read Slashdot. We've even had a few visits from some questionable individuals. A man who tried to bribe me with a car if I let him "reverse engineer" Rob Malda's Life comes to mind. He insisted on Rob being present for the process and couldn't explain to me what it entailed, so I suggested he leave. The personal visits are rare, however, compared to the amount of mail I get. Here are a few of my favorites; let's hope these people have started to take their medication. Read below and don't be worried if you don't understand all of it.

In the age of months-early previews, reviews the day the game ships, and opinionated bloggers, it's always really nice to find something unexpected in a videogame. I went into Yakuza expecting something like GTA in Japan, and was very pleasantly surprised. I've been frustrated by this before, but here Amusement Vision presents an engrossing story strung together by a bare minimum of gameplay ... and it completely works. Yakuza is a Japanese gangster story with a uniquely cultural outlook, some very different minigames, and a zen-simple but highly enjoyable combat mechanic. If storytelling and character development mean as much to you as framerate and polygon counts, read on for my impressions to see if this title is for you.

joe_bruin writes "Beware the Ides of March... the Gnome people have announced the release of Gnome 2.14, right on time to meet their 6 month release schedule. See what's new in this release, as well as the release notes. New features include many more searching options, fast user switching, and speed increases to all the apps you know and love." From the release notes: "Just as you would tune your car, our skilled engineers have strived to tune many parts of GNOME to be as fast as possible. Several important components of the GNOME desktop are now measurably faster, including text rendering, memory allocation, and numerous individual applications. Faster font rendering and memory allocation benefit all GNOME and GTK+ based applications without the need for recompilation. Some applications have received special attention to make sure they are performing at their peak."