International authorities and a raft of private technology companies say they have disrupted a cybercrime “assembly line” that allowed crooks to collect millions of login credentials and steal more than $47 million in ransom payments and by other fraudulent means.

The crux of the operation was the simultaneous targeting of two unrelated tools that are widely used in various online scams. The first is Amadey, a malware-as-a-service platform for compromising devices and delivering malicious payloads for ransomware and other scams. Amadey has been observed in the wild since at least 2018 and was seen last year abusing GitHub as it collected system information from infected devices and installed customized payloads. The second tool was StealC, an infostealer-as-a-service platform that collects credentials, authentication cookies, cryptocurrency wallets, browser extensions, and files whose names match customer-defined patterns.

Severing a critical link in the cybercrime chain

Amadey and StealC are separate tools that are run independently of each other. Given their widespread use, however, many customers use both in their individual cybercrime activities. The tools also, it turns out, relied on some of the same underlying infrastructure to run. Microsoft said it made this determination after analyzing the tools using AI. This insight allowed Microsoft attorneys to seek an order disrupting both at the same time.

Read full article

Comments

The Walt Disney Company has agreed to pay $50 million to subscribers of YouTube TV and DirecTV’s live TV streaming services to settle a lawsuit that claimed that Disney forced these services to raise their prices.

In November 2022, four YouTube TV subscribers filed a class action complaint (PDF) against Disney in the US District Court for the Northern District of California. They accused Disney of entering “anticompetitive agreements with YouTube TV” and other companies that provide access to broadcast channels via the Internet.

The complaint argued that Disney forced over-the-top (OTT) live TV services to cost more by requiring distributors to include ESPN, which Disney owns, with their base packages.

Read full article

Comments

A Federal Communications Commission proposal to collect more identifying information from phone users has drawn protests from privacy-focused groups and advocates for domestic violence survivors. The plan is ostensibly designed to thwart robocallers but could make it difficult for individuals to use prepaid phones that can protect their privacy, devices that are often referred to as burner phones.

The FCC is seeking comment on the proposal to require phone companies to obtain and retain, at a minimum, "the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services."

Critics say this would prevent people from using prepaid phones without revealing their identities. Technology Safety Specialist Belle Torek of the National Network to End Domestic Violence told the FCC in a filing yesterday that "many of the behaviors and privacy-protective measures the Commission appears to view as suspicious are, for survivors, well-established and often life-preserving safety practices."

Read full article

Comments

A few days after a Tesla plowed through a Texas home and killed a grandmother, the family sued the carmaker, alleging that the Model 3’s automated assist mode was defective.

In a complaint filed this week in Harris County District Court, Jennifer Barbour, the daughter of 76-year-old Martha Avila, and Barbour's husband Justin confirmed they were seeking more than $1 million in damages following their sudden and tragic loss.

After the crash, the driver, Michael Butler, who is also a named defendant in the lawsuit, told police that the automated driver-assist feature was engaged when he lost control of the car. Cops told Ars on Monday that they’re still investigating whether the feature was in use and confirmed that Butler was not intoxicated and has been cooperating with police.

Read full article

Comments

In May, the White House announced that its new app would be automatically downloaded onto the work phones of millions of government employees. The problem: Federal workers hate it and can’t get rid of it.

Employees of the US Department of Agriculture, the State Department, and the Department of Labor, who spoke to WIRED on the condition of anonymity due to fear of retaliation, say that they were disturbed when the app appeared on their phones. Some attempted to delete it, but to no avail.

“I deleted it as a test and it came immediately back,” says an employee from the USDA.

Read full article

Comments

The White House is drastically shortening the deadline for government agencies and organizations to adopt new quantum-resistant encryption systems that will withstand attacks that use quantum computers, as the federal government seeks to protect decades’ worth of secrets belonging to militaries, banks, governments, and most individuals on Earth.

The executive order, titled Securing the Nation against Advanced Cryptographic Attacks, requires computing systems for “high-value assets” and “high-impact systems” to transition to post-quantum cryptographic key establishment schemes by December 31, 2030, and to quantum-safe digital signature schemes by December 31, 2031.

Heading off a significant threat

The new deadline, which for many organizations is about five years sooner than the previous one, comes on the heels of recent research showing that the resources and cost for building a cryptographically relevant quantum computer are far less than previous consensus estimates. In response, Google, Cloudflare, and other companies recently tightened their timelines for moving off vulnerable systems to 2029.

Read full article

Comments