Security

Hacker In Snowflake Extortions May Be a US Soldier (krebsonsecurity.com) 20

An anonymous reader quotes a report from KrebsOnSecurity: Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

Kiberphant0m's identities on cybercrime forums and on Telegram and Discord chat channels have been selling data stolen from customers of the cloud data storage company Snowflake. At the end of 2023, malicious hackers discovered that many companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with nothing more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories for some of the world's largest corporations. Among those was AT&T, which disclosed in July that cybercriminals had stolen personal information, phone and text message records for roughly 110 million people. Wired.com reported in July that AT&T paid a hacker $370,000 to delete stolen phone records.

On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States, which has since indicted him on 20 criminal counts connected to the Snowflake breaches. Another suspect in the Snowflake hacks, John Erin Binns, is an American who is currently incarcerated in Turkey. Investigators say Moucka, who went by the handles Judische and Waifu, had tasked Kiberphant0m with selling data stolen from Snowflake customers who refused to pay a ransom to have their information deleted. Immediately after news broke of Moucka's arrest, Kiberphant0m was clearly furious, and posted on the hacker community BreachForums what they claimed were the AT&T call logs for President-elect Donald J. Trump and for Vice President Kamala Harris. [...] Also on Nov. 5, Kiberphant0m offered call logs stolen from Verizon's push-to-talk (PTT) customers -- mainly U.S. government agencies and emergency first responders.
Kiberphant0m denies being in the U.S. Army and said all these clues were "a lengthy ruse designed to create a fictitious persona," reports Krebs.

"I literally can't get caught," Kiberphant0m said, declining an invitation to explain why. "I don't even live in the USA Mr. Krebs." A mind map illustrates some of the connections between and among Kiberphant0m's apparent alter egos.
AI

LinkedIn Posts Are Now Mostly AI-Written, Study Shows 37

More than half of longer English posts on LinkedIn are likely generated by AI, according to research from AI detection firm Originality AI. The company analyzed nearly 9,000 public posts over 100 words published between 2018 and 2024, finding AI usage surged 189% after ChatGPT's launch in early 2023, Wired reported Wednesday.

LinkedIn, which also offers AI writing tools to premium subscribers, told Wired that it does not track AI-generated content levels but maintains "robust defenses" against low-quality and duplicate posts.
Businesses

Leica Just Recorded the Highest Revenue in Its Entire 100-Year History 36

PetaPixel: Leica Camera announced that its 2023/2024 fiscal year saw it achieve the highest revenue in the entire history of the company. It saw 14% growth to 554 million euros ($586.3 million) over last year's already spectacular 485 million euros.

Last winter, Leica announced that it had set a sales record for the 2022/23 financial year and it has shattered that achievement now in 2024. The company says it was able to build on its successful business and sustain the growth of its earnings. The biggest driver of the company's success remains unchanged: cameras. While Leica has bolstered its business with its Mobile Imaging segment (smartphone technology and partnerships), the core of its business remains stand-alone cameras and the support of photography.

Specifically, Leica says that the most potent revenue driver this year was the Leica Q3. However, it did not elaborate on sales numbers for this camera. 2024 is the best fiscal year so far in the almost 100-year history of the company and Leica says that this result confirms its "strategic alignment" of the Leica Camera Group as it continues to foster its core business as well as expansions into other markets.
Software

RIP Delicious Library 37

Wil Shipley, announcing the end of Delicious Library, a media cataloging app: Amazon has shut off the feed that allowed Delicious Library to look up items, unfortunately limiting the app to what users already have (or enter manually).

I wasn't contacted about this.

I've pulled it from the Mac App Store and shut down the website so nobody accidentally buys a non-functional app.
John Gruber of DaringFireball adds: The end of an era, but it's kind of surprising it was still functional until now. (Shipley has been a full-time engineer at Apple for three years now.)

It's hard to describe just what a sensation Delicious Library was when it debuted, and how influential it was. Delicious Library was simultaneously very useful, in very practical ways, and obsessed with its exuberant UI in ways that served no purpose other than looking cool as shit. It was an app that demanded to be praised just for the way it looked, but also served a purpose that resonated with many users. For about a decade it seemed as though most popular new apps would be designed like Delicious Library. Then Apple dropped iOS 7 in 2013, and now, no apps look like this. Whatever it is that we, as an industry, have lost in the now decade-long trend of iOS 7-style flat design, Delicious Library epitomized it.
News

Philippines Recruits Civilian Tech Talent To Fend Off Cyber Attacks (restofworld.org) 11

The Philippine Army is recruiting civilian hackers to bolster its cybersecurity defenses amid rising digital threats from China, army officials said. The 120-member Cyber Battalion has hired 70 tech experts in their 20s and 30s since 2020, offering them military training and the opportunity to serve the nation despite lower wages than private sector jobs.

The initiative follows cyber attacks on Philippine government servers, including those of the Coast Guard and President Marcos Jr., which authorities traced to China. Beijing denies involvement. The Philippines ranks among the countries most vulnerable to cyber threats, with recent attacks compromising millions of citizens' data through state and private institutions.
Businesses

China Woos Western Tech Talent in Race for Chip Supremacy (msn.com) 82

Chinese companies are aggressively recruiting foreign tech talent as a key strategy to gain technological supremacy, prompting national security concerns across Western nations and Asia, WSJ reported Wednesday, citing multiple intelligence officials and corporate sources. The campaign focuses particularly on advanced semiconductor expertise, with companies like Huawei offering triple salaries to employees at critical firms like Zeiss SMT and ASML, which produce essential components for cutting-edge chip manufacturing.

These recruitment efforts intensified after Western export controls restricted China's access to advanced technology. While Taiwan and South Korea have implemented strict countermeasures, including criminal penalties for illegal talent transfers, the U.S. and Europe struggle to balance open labor markets with national security concerns.

Chinese firms often obscure their origins through local ventures and persistent recruitment tactics. The strategy has shown results: Former employees have helped Chinese companies advance their technological capabilities, including SMIC's development of 7nm chips with help from ex-TSMC talent.
Sony

Sony Says It Sold 160 Million PlayStation 2 Units in Milestone Disclosure (playstation.com) 13

Sony has confirmed the PlayStation 2 has sold over 160 million units worldwide since its 2000 launch, marking the first official acknowledgment of its record-breaking lifetime sales. The figure, revealed on Sony's 30th anniversary PlayStation website, cements PS2's position as the best-selling gaming console ever, ahead of Nintendo DS at 154.02 million units and Nintendo Switch at 146 million units.
Piracy

Italian Authorities Shut Down $3.2 Billion-a-Year Pirate TV, Streaming Ring (ft.com) 44

A piracy ring that gave 22 million subscribers in Europe cheap access to content stolen from international streaming services has been shut down by Italian authorities after a two-year investigation. From a report: The criminal enterprise used a complex international IT system to "capture and resell" live programming and other on-demand content from companies including sports broadcaster DAZN, Netflix, Amazon Prime, Paramount, Sky and Disney+, prosecutors said in a statement on Wednesday.

Authorities estimate the operation generated revenues of roughly $264.3 million a month [non-paywalled link], or $3.2 billion a year, and caused combined damages of more than $10.6 billion to the affected broadcast companies. "The rate of profit you get from these illegal activities with lower risk is equivalent to that of cocaine trafficking," Francesco Curcio, the criminal prosecutor who led the investigation, told reporters.

Technology

Most Smart Device Makers Fail To Reveal Software Support Periods, FTC Finds (ftc.gov) 32

Nearly 89% of smart device manufacturers fail to disclose how long they will provide software updates for their products, a Federal Trade Commission staff study found this week. The review of 184 connected devices, including hearing aids, security cameras and door locks, revealed that 161 products lacked clear information about software support duration on their websites.

Basic internet searches failed to uncover this information for two-thirds of the devices. "Consumers stand to lose a lot of money if their smart products stop delivering the features they want," said Samuel Levine, Director of the FTC's Bureau of Consumer Protection. The agency warned that manufacturers' failure to provide software update information for warranted products costing over $15 may violate the Magnuson Moss Warranty Act. The FTC also cautioned that companies could violate the FTC Act if they misrepresent product usability periods. The study excluded laptops, personal computers, tablets and automobiles from its review.
AI

AI Publishing Startup Plans To Release 8,000 Books Next Year (theguardian.com) 44

Startup Spines plans to publish up to 8,000 books in 2025 using AI, charging authors between $1,200 and $5,000 for editing, design and distribution services. The venture-backed company, which recently secured $16 million in funding, promises to reduce publishing timelines to two to three weeks while allowing authors to retain full royalties.

Co-founder Yehuda Niv describes Spines as a "publishing platform" rather than self-publishing. The announcement has drawn criticism from industry professionals. Independent publisher Canongate condemned the company for automating book production "with the least possible attention, care or craft." The Society of Authors urged writers to exercise caution, citing concerns about AI systems potentially trained on unlicensed content.
Transportation

Singapore Emerges as Key Testing Ground for Autonomous Vehicles (restofworld.org) 12

Singapore is positioning itself as a key testing ground for autonomous vehicles, attracting major Chinese firms and establishing unified national guidelines that contrast with fragmented regulations in the U.S. and China.

China's WeRide launched the country's first public autonomous bus service on Sentosa island in June, while multiple companies are deploying self-driving vehicles for logistics and transportation. The controlled rollout aligns with Singapore's strategy to address labor shortages and land constraints.

Singapore topped KPMG's Autonomous Vehicles Readiness Index, with companies citing its political neutrality and stringent safety standards as major draws for testing operations.
Microsoft

Microsoft Slaps Windows 11 Update Hold on Hardware Connected To eSCL Devices (theregister.com) 19

Microsoft has confirmed that Windows 11 24H2 has issues with USB-connected devices that support the Scanner Communication Language (eSCL) protocol. From a report: A compatibility hold has been applied to the hardware. The hold means that hardware connected to a USB device supporting the eSCL protocol will not be offered an upgrade to Windows 11 24H2. Microsoft said: "This issue primarily affects USB-connected multifunction devices or standalone scanners that support scan functionality and the eSCL protocol."

According to Microsoft, the issue lies in device discovery. Install Windows 11 24H2, wait for it to discover USB-connected peripherals, and... nothing. Or as Microsoft put it: "You might observe that your device does not discover the USB-connected peripheral and the device discovery does not complete." The company added: "This issue is caused due to the device not switching out of eSCL mode to USB mode, which allows the scanner drivers to be matched."

Security

Russia-Linked Hackers Exploited Firefox, Windows Bugs In 'Widespread' Hacking Campaign (techcrunch.com) 31

An anonymous reader quotes a report from TechCrunch: Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America. RomCom is a cybercrime group that is known to carry out cyberattacks and other digital intrusions for the Russian government. The group -- which was last month linked to a ransomware attack targeting Japanese tech giant Casio -- is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014.

Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs -- described as such because the software makers had no time to roll out fixes before they were used to hack people -- to create a "zero click" exploit, which allows the hackers to remotely plant malware on a target's computer without any user interaction. "This level of sophistication demonstrates the threat actor's capability and intent to develop stealthy attack methods," ESET researchers Damien Schaeffer and Romain Dumont said in a blog post on Monday. [...] Schaeffer told TechCrunch that the number of potential victims from RomCom's "widespread" hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America.
Mozilla and the Tor Project quickly patched a Firefox-based vulnerability after being alerted by ESET, with no evidence of Tor Browser exploitation. Meanwhile, Microsoft addressed a Windows vulnerability on November 12 following a report by Google's Threat Analysis Group, indicating potential use in government-backed hacking campaigns.
Businesses

Qualcomm Reportedly Loses Interest In Intel Takeover 51

Qualcomm's interest in acquiring Intel is cooling due to the complexity of the deal, Intel's debt, and regulatory hurdles. However, according to Bloomberg, Qualcomm may still explore acquiring certain divisions of Intel to expand into markets like PCs and networking. Tom's Hardware reports: [T]he proposed acquisition faced significant obstacles, including Intel's $50 billion debt, dropping CPU market share, and its struggling semiconductor manufacturing unit, an area where Qualcomm lacks expertise. A deal of this magnitude would also likely trigger extensive regulatory scrutiny, particularly in China, a key market for both companies.

Intel is undergoing significant restructuring under CEO Pat Gelsinger to reclaim its competitiveness in the semiconductor market in terms of products and process technologies. Still, for now, both Intel and Qualcomm are quite successful standalone companies. While the combination would make a formidable firm (probably facing unprecedented antitrust scrutiny), it does not make much sense for Qualcomm to make such a massive takeover. These factors have collectively made a complete takeover less appealing to Qualcomm. Meanwhile, selling off a part of the company to Qualcomm may not make sense for Intel.

Qualcomm aims to generate $22 billion in annual revenue by 2029 by expanding into markets like personal computers, networking, and automotive chips. Although Cristiano Amon, Qualcomm's chief executive, has stated that his company did not need a major takeover to achieve this goal, the company initiated preliminary discussions with Intel regarding a potential acquisition in September. Yet, it does not look like the deal is going to happen.
Communications

FCC Approves T-Mobile, SpaceX License To Extend Coverage To Dead Zones 43

The FCC said it has approved a license for T-Mobile and SpaceX's Starlink to provide supplemental coverage to cover internet dead zones. Reuters reports: The license marks the first time the FCC has authorized a satellite operator collaborating with a wireless carrier to provide supplemental telecommunications coverage from space on some flexible-use spectrum bands allocated to terrestrial service. The partnership aims to extend the reach of wireless networks to remote areas and eliminate "dead zones."

T-Mobile and SpaceX announced a partnership in 2022 and in January the first set of satellites supporting the partnership was launched into low-Earth orbit with SpaceX's Falcon 9 rocket. "The FCC is actively promoting competition in the space economy by supporting more partnerships between terrestrial mobile carriers and satellite operators to deliver on a single network future that will put an end to mobile dead zones," said FCC Chair Jessica Rosenworcel.
Science

'Lollipop' Device Brings Taste To Virtual Reality (ieee.org) 26

An anonymous reader quotes a report from IEEE Spectrum: Virtual- and augmented-reality setups already modify the way users see and hear the world around them. Add in haptic feedback for a sense of touch and a VR version of Smell-O-Vision, and only one major sense remains: taste. To fill the gap, researchers at the City University of Hong Kong have developed a new interface to simulate taste in virtual and other extended reality (XR). The group previously worked on other systems for wearable interfaces, such as haptic and olfactory feedback. To create a more "immersive VR experience," they turned to adding taste sensations, says Yiming Liu, a coauthor of the group's research paper published today in the Proceedings of the National Academy of Sciences.

The lollipop-shaped lickable device can produce nine different flavors: sugar, salt, citric acid, cherry, passion fruit, green tea, milk, durian, and grapefruit. Each flavor is produced by food-grade chemicals embedded in a pocket of agarose gel. When a voltage is applied to the gel, the chemicals are transported to the surface in a liquid that then mixes with saliva on the tongue like a real lollipop. Increase the voltage, and get a stronger flavor. Initially, the researchers tested several methods for simulating taste, including electrostimulating the tongue. The other methods each came with limitations, such as being too bulky or less safe, so the researchers opted for chemical delivery through a process called iontophoresis, which moves chemicals and ions through hydrogels and has a low electrical-power requirement. With a 2-volt maximum, the device is well within the human safety limit of 30 V, which is considered enough to deliver a substantial shock in some situations.
Some of the possible applications mentioned by the authors include gustation tests, virtual grocery shopping, and immersive environments for exploring food flavors. However, the current system is limited to one hour of use due to gel depletion and it only supports a handful of flavor channels.

Future development aims to extend operation time, increase flavor complexity, and improve usability, marking the beginning of a new frontier for XR interfaces.
Technology

'Enshittification' Is Officially the Biggest Word of the Year (gizmodo.com) 166

The Macquarie Dictionary, the national dictionary of Australia, has picked "enshittification" as its word of the year. Gizmodo reports: The Australians define the word as "the gradual deterioration of a service or product brought about by a reduction in the quality of service provided, especially of an online platform, and as a consequence of profit-seeking." We've all felt this. Google search is filled with garbage. The internet is clogged with SEO-farming websites that clog up results. Facebook is an endless stream of AI-generated slop. Zoom wants you to test out its new AI features while you're trying to go into a meeting. Twitter has become X, and its owner thinks sharing links is a waste of time. Last night I reinstalled Windows 11 on a desktop machine and got pissed as it was finalized and Microsoft kept trying to get me to install OneDrive, Office 360, Call of Duty Black Ops 6, and a bunch of other shit I didn't want. Writer and activist Cory Doctorow coined the term enshittification in 2022, and recently offered potential solutions to the age-old phenomenon in an interview with The Register.

"We need to have prohibition and regulation that prohibits the capital markets from funding predatory pricing," he explained. "It's very hard to enter the market when people are selling things below cost. We need to prohibit predatory acquisitions. Look at Facebook: buying Instagram, and Mark Zuckerberg sending an email saying we're buying Instagram because people don't like Facebook and they're moving to Instagram, and we just don't want them to have anywhere else to go."
Businesses

Uber's Gig-Economy Workforce Now Includes Programmers (yahoo.com) 15

Uber's gig-economy workforce now includes programmers. According to Bloomberg, "The company is expanding beyond its rideshare roots to enter a hot new market: helping other businesses outsource some of their artificial intellgience development to independent contractors." From the report: Its new AI training and data labeling division, called Scaled Solutions, builds on an internal team that tackles large-scale annotation tasks for Uber's rideshare, food delivery and freight units. According to its website, Scaled Solutions has begun serving other companies that also need high-quality datasets. Clients include Aurora Innovation Inc., an Uber-backed firm that makes self-driving software for commercial trucks, and Niantic Inc., the game developer behind Pokemon Go.

Uber's efforts to sell data labeling services have not previously been reported. The move could allow it to gain a piece of a growing market, as global companies rely on humans to vet data to train AI models. Scale AI Inc, which offers similar services, is valued at $14 billion, making it one of the hottest artificial intelligence startups. The rideshare giant has plenty of experience recruiting contractors, as it has done for years with drivers and couriers. Now the company is betting that it can help other businesses by getting enough skilled workers who can label images, text and videos with context for machine learning models to recognize patterns and make accurate predictions and recommendations.

AI

Job Seekers Doubt AI's Promised Productivity Gains 42

Despite significant enterprise AI hype, most job seekers remain unconvinced of its benefits, with 69% doubting its ability to enhance work performance and 62% skeptical it reduces workloads. The findings come from a study conducted by Resume Genius. The Register reports: Consistent with the majority opinion that AI in the workplace has failed to impress, only 34 percent of respondents said they were worried about being replaced by a bot, while just 30 percent think AI will increase competition for jobs or harm salaries. Broken down by generation (Boomers, Gen X, Millennials, and Gen Z job seekers all responded), the results are largely the same, with even Gen Z workers skeptical of the latest "next big thing" in enterprise tech. In short, Resume Genius's findings align with other recent studies suggesting enterprise AI's hype has not lived up to its marketing promises.
Cellphones

Huawei's Mate 70 Smartphones Will Run Its New Android-Free OS (theverge.com) 80

An anonymous reader quotes a report from The Verge: Huawei has announced its new Mate 70 series smartphone lineup, which will be the first offered with the company's new HarmonyOS Next operating system that doesn't rely on Google's Android services and won't run any Android apps, according to a report by Reuters. The four models of the Mate 70 also don't feature any US hardware following a half decade of US sanctions.

The Mate 70, Mate 70 Pro, Mate 70 Pro Plus, and Mate 70 RS will also be offered with Huawei's HarmonyOS 4.3, which first launched in August 2019 as an alternative to Google's Android OS and is still compatible with Android's extensive app library. Users who decide to opt for Huawei's new Android-free HarmonyOS Next will have less choice when it comes to the apps they can install. Huawei says it has "secured more than 15,000 applications for its HarmonyOS ecosystem, with plans to expand to 100,000 apps in the coming months," according to Reuters.

Starting next year, Huawei also says all the new phones and tablets it launches in 2025 will run HarmonyOS Next. [...] Huawei hasn't confirmed what processors are being used in the Mate 70 lineup, but the company has previously used chips made by China's SMIC for last year's Mate 60 series and other smartphones.

Slashdot Top Deals