Enlarge / Drowning in a sea of data. (credit: Getty Images)

Internet services in Lithuania came under "intense" distributed denial of service attacks on Monday as the pro-Russia threat-actor group Killnet took credit. Killnet said its attacks were in retaliation regarding Lithuania's recent banning of shipments sanctioned by the European Union to the Russian exclave of Kaliningrad.

Lithuania's government said that the flood of malicious traffic disrupted parts of the Secure National Data Transfer Network, which it says is "one of the critical components of Lithuania's strategy on ensuring national security in cyberspace" and "is built to be operational during crises or war to ensure the continuity of activity of critical institutions." The country's Core Center of State Telecommunications was identifying the sites most affected in real time and providing them with DDoS mitigations while also working with international web service providers.

"It is highly probable that such or even more intense attacks will continue into the coming days, especially against the communications, energy, and financial sectors," Jonas Skardinskas, acting director of Lithuania's National Cyber Security Center, said in a statement. The statement warned of website defacements, ransomware, and other destructive attacks in the coming days.

Enlarge (credit: Aurich Lawson | Getty Images)

Home offices have gotten a lot of attention over the last couple of years. When offices all over the world shut down at the beginning of the pandemic, we were all reminded how important it is to have a consistent, comfortable workspace with all the tools and tech you need to work successfully. But what's next?

If you hastily created your home office during the pandemic, there are likely some luxuries you overlooked (or weren't able to find in stock). If you've shifted to hybrid working, where you sometimes work remotely and sometimes go to an office, some home office upgrades could help ensure you're always productive, regardless of where you're working from. Long-standing home offices, meanwhile, also deserve some fresh hacks to keep up with your evolving needs.

If you're ready to graduate to the next level of home office-ing, take a look at these eight pieces of tech we recommend for elevating your workspace. Today we're focusing on general ideas rather than specific products.

Enlarge / "It's a cookbook?!" (credit: Aurich Lawson | Getty Images)

"Artificial Intelligence" as we know it today is, at best, a misnomer. AI is in no way intelligent, but it is artificial. It remains one of the hottest topics in industry and is enjoying a renewed interest in academia. This isn't new—the world has been through a series of AI peaks and valleys over the past 50 years. But what makes the current flurry of AI successes different is that modern computing hardware is finally powerful enough to fully implement some wild ideas that have been hanging around for a long time.

Back in the 1950s, in the earliest days of what we now call artificial intelligence, there was a debate over what to name the field. Herbert Simon, co-developer of both the logic theory machine and the General Problem Solver, argued that the field should have the much more anodyne name of “complex information processing.” This certainly doesn’t inspire the awe that “artificial intelligence” does, nor does it convey the idea that machines can think like humans.

However, "complex information processing" is a much better description of what artificial intelligence actually is: parsing complicated data sets and attempting to make inferences from the pile. Some modern examples of AI include speech recognition (in the form of virtual assistants like Siri or Alexa) and systems that determine what's in a photograph or recommend what to buy or watch next. None of these examples are comparable to human intelligence, but they show we can do remarkable things with enough information processing.

Enlarge

In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores.

On the company's homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega's lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not.

Over the years, the company has repeatedly reminded the world of this supposed distinction, which is perhaps best summarized in this blog post. In it, the company claims, "As long as you ensure that your password is sufficiently strong and unique, no one will ever be able to access your data on MEGA. Even in the exceptionally improbable event MEGA's entire infrastructure is seized!" (emphasis added).

Enlarge (credit: MCCAIG/Getty)

In the UK, it now costs more than 100 pounds to fill up a typical family car with petrol, and oil prices could rise even further. But are such high prices for fossil fuels a bad thing? While attention is focused on measures to tackle the global cost of living crisis, there has been much less focus on a very uncomfortable truth—that solving the climate crisis requires fossil fuel prices for consumers to stay high forever.

Saying such a thing may seem tone-deaf. Millions of households in rich countries are facing a choice between heating and eating. In poorer countries, the situation is immeasurably worse. Rising prices for gas have dramatically increased the cost of fertilizer, while the war in Ukraine is hampering the export of its wheat.

Together these are leading to spiraling food prices globally, triggering a surge in inflation and worsening the already dire food security situation in places such as Yemen, the Horn of Africa, and Madagascar. We are already witnessing widespread foot riots just like those between 2008 and 2011, when citizens around the world protested the failure of their states to deliver their most basic right—the right to eat.

Enlarge / Bike rally by police personnel during "We Make Pune City Safe" awareness campaign on October 3, 2017, in Pune, India. (credit: Pratham Gokhale/Getty)

Police forces around the world have increasingly used hacking tools to identify and track protesters, expose political dissidents' secrets, and turn activists' computers and phones into inescapable eavesdropping bugs. Now, new clues in a case in India connect law enforcement to a hacking campaign that used those tools to go an appalling step further: planting false incriminating files on targets' computers that the same police then used as grounds to arrest and jail them.

More than a year ago, forensic analysts revealed that unidentified hackers fabricated evidence on the computers of at least two activists arrested in Pune, India, in 2018, both of whom have languished in jail and, along with 13 others, face terrorism charges. Researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International have since linked that evidence fabrication to a broader hacking operation that targeted hundreds of individuals over nearly a decade, using phishing emails to infect targeted computers with spyware, as well as smartphone hacking tools sold by the Israeli hacking contractor NSO Group. But only now have SentinelOne's researchers revealed ties between the hackers and a government entity: none other than the very same Indian police agency in the city of Pune that arrested multiple activists based on the fabricated evidence.

Enlarge (credit: Aurich Lawson | Getty Images)

A massive flood of malicious traffic that recently set a new distributed denial-of-service record came from an unlikely source. A botnet of just 5,000 devices was responsible as extortionists and vandals continue to develop ever more powerful attacks to knock sites offline, security researchers said.

The DDoS delivered 26 million HTTPS requests per second, breaking the previous record of 15.3 million requests for that protocol set only seven weeks ago, Cloudflare Product Manager ​​Omer Yoachimik reported. Unlike more common DDoS payloads such as HTTP, SYN, or SYN-ACK packets, malicious HTTPS requests require considerably more computing resources for the attacker to deliver and for the defender or victim to absorb.

4,000 times stronger

"We've seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale," Yoachimik wrote.

Enlarge (credit: Drew Angerer | Getty Images)

Blame is mounting on Microsoft for what critics say is a lack of transparency and adequate speed when responding to reports of vulnerabilities threatening its customers, security professionals said.

Microsoft's latest failing came to light on Tuesday in a post that showed Microsoft taking five months and three patches before successfully fixing a critical vulnerability in Azure. Orca Security first informed Microsoft in early January of the flaw, which resided in the Synapse Analytics component of the cloud service and also affected the Azure Data Factory. It gave anyone with an Azure account the ability to access the resources of other customers.

From there, Orca Security researcher Tzah Pahima said, an attacker could:

Enlarge

Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday.

Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that's considerably less demanding.

Targeting DVFS

The team discovered that dynamic voltage and frequency scaling (DVFS)—a power and thermal management feature added to every modern CPU—allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what's required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely.

Enlarge / Coinbase CEO Brian Armstrong speaks during the Milken Institute Global Conference on May 2, 2022 in Beverly Hills, California. (credit: Getty Images | Patrick T. Fallon )

Cryptocurrency exchange Coinbase is laying off 18 percent of its staff, the company announced today. The layoffs will cut 1,100 workers at the largest crypto exchange in the US, leaving it with about 5,000 employees, Coinbase said in a Securities and Exchange Commission filing.

"In the next hour every employee will receive an email from HR informing if you are affected or unaffected by this layoff," CEO Brian Armstrong wrote in a memo to staff that was posted on the company blog. Laid-off workers "will receive this notification in your personal email, because we made the decision to cut access to Coinbase systems for affected employees."

The immediate cutoff from Coinbase systems was necessary because of "the number of employees who have access to sensitive customer information," Armstrong wrote. This was "the only practical choice, to ensure not even a single person made a rash decision that harmed the business or themselves," he wrote.

Enlarge (credit: Getty Images)

A service that helps open source developers write and test software is leaking thousands of authentication tokens and other security-sensitive secrets. Many of these leaks allow hackers to access the private accounts of developers on Github, Docker, AWS, and other code repositories, security experts said in a new report.

The availability of the third-party developer credentials from Travis CI has been an ongoing problem since at least 2015. At that time, security vulnerability service HackerOne reported that a Github account it used had been compromised when the service exposed an access token for one of the HackerOne developers. A similar leak presented itself again in 2019 and again last year.

The tokens give anyone with access to them the ability to read or modify the code stored in repositories that distribute an untold number of ongoing software applications and code libraries. The ability to gain unauthorized access to such projects opens the possibility of supply chain attacks, in which threat actors tamper with malware before it's distributed to users. The attackers can leverage their ability to tamper with the app to target huge numbers of projects that rely on the app in production servers.

Enlarge (credit: Getty Images / iStock)

Researchers have unearthed a discovery that doesn’t occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.

On Thursday, researchers from Intezer and The BlackBerry Threat Research & Intelligence Team said that the previously undetected backdoor combines high levels of access with the ability to scrub any sign of infection from the file system, system processes, and network traffic. Dubbed Symbiote, it targets financial institutions in Brazil and was first detected in November.

Researchers for Intezer and BlackBerry wrote:

Enlarge (credit: Getty Images)

Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC Key Cards. Now, a researcher has shown how the feature can be exploited to steal cars.

For years, drivers who used their Tesla NFC Key Card to unlock their cars had to place the card on the center console to begin driving. Following the update, which was reported here last August, drivers could operate their cars immediately after unlocking them with the card. The NFC card is one of three means for unlocking a Tesla; a key fob and a phone app are the other two.

Enrolling your own key

Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys—with no authentication required and zero indication given by the in-car display.

Enlarge / Seizure notice on ssndob.ws.

Federal law enforcement agencies say they shut down a group of websites that made over $19 million selling Social Security numbers and other personal data.

A Justice Department press release yesterday announced "the seizure of the SSNDOB Marketplace, a series of websites that operated for years and were used to sell personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States." SSNDOB apparently operated for about a decade, and the Justice Department said it listed the personal information of about 24 million US residents.

The announcement described how the SSNDOB operation was run:

Enlarge (credit: Getty Images | Alan Schein)

The US Treasury Department has started approving broadband grants to states from a $10 billion fund created to expand access to Internet service and other digital connectivity tools.

The Treasury Department's announcement on Tuesday said the first approved projects would "connect over 200,000 homes and businesses to affordable, reliable, high-speed Internet" in Louisiana, New Hampshire, Virginia, and West Virginia. The funded networks will provide symmetrical service with download and upload speeds of at least 100Mbps, the department said.

The four states are getting a combined $583 million from the $10 billion Coronavirus Capital Projects Fund (CPF), which Congress passed in March 2021 as part of the American Rescue Plan Act. "Treasury designed its guidance to prioritize connecting families and businesses with poor and inadequate service—particularly those in rural and remote areas. Treasury also requires states to explain why communities they have identified to be served with funds from the CPF have a critical need for those projects," the department said.

Enlarge (credit: Getty Images)

As hacker groups working continue to hammer a former Windows zero-day that makes it unusually easy to execute malicious code on target computers, Microsoft is keeping a low profile, refusing even to say if it has plans to patch.

Late last week, security firm Proofpoint said that hackers with ties to known nation-state groups were exploiting the remote code execution vulnerability, dubbed Follina. Proofpoint said the attacks were delivered in malicious spam messages sent to fewer than 10 Proofpoint customers in European and local US governments.

Microsoft products are a “target-rich opportunity”

In an email on Monday, the security company added further color, writing:

Enlarge (credit: mturhanlar | Getty Images)

Researchers warned last weekend that a flaw in Microsoft's Support Diagnostic Tool could be exploited using malicious Word documents to remotely take control of target devices. Microsoft released guidance on Monday, including temporary defense measures. By Tuesday, the United States Cybersecurity and Infrastructure Security Agency had warned that “a remote, unauthenticated attacker could exploit this vulnerability,” known as Follina, “to take control of an affected system.” But Microsoft would not say when or whether a patch is coming for the vulnerability, even though the company acknowledged that the flaw was being actively exploited by attackers in the wild. And the company still had no comment about the possibility of a patch when asked by WIRED.

The Follina vulnerability in a Windows support tool can be easily exploited by a specially crafted Word document. The lure is outfitted with a remote template that can retrieve a malicious HTML file and ultimately allow an attacker to execute Powershell commands within Windows. Researchers note that they would describe the bug as a “zero-day,” or previously unknown vulnerability, but Microsoft has not classified it as such.

Enlarge (credit: Getty Images)

About this time last week, threat actors began quietly tapping a previously unknown vulnerability in Atlassian software that gave them almost complete control over a small number of servers. Since Thursday, active exploits of the vulnerability have mushroomed, creating a semi-organized frenzy among competing crime groups.

"It is clear that multiple threat groups and individual actors have the exploit and have been using it in different ways," said Steven Adair, president of Volexity, the security firm that discovered the zero-day vulnerability while responding to a customer's breach over the Memorial Day weekend. "Some are quite sloppy and others are a bit more stealth." His tweet came a day after his firm released the report detailing the vulnerability.

Adair also said that the industry verticals being hit "are quite widespread. This is a free-for-all where the exploitation seems coordinated."

Enlarge / Tesla charging station at the Chesapeake House Travel Plaza off I-95 in Maryland on March 11, 2022. (credit: Getty Images | Tom Williams )

Tesla CEO Elon Musk wants to cut 10 percent of jobs at the electric carmaker because he has a "super bad feeling" about the economy, he wrote in an email to executives, according to Reuters.

Musk sent the message on Thursday with the subject line "pause all hiring worldwide," according to the report. Musk "did not elaborate on the reasons for his 'super bad feeling' about the economic outlook in the brief email seen by Reuters," the news organization wrote.

Tesla stock was down more than 8 percent during Friday's trading as of this writing and down more than 40 percent in 2022.

Enlarge (credit: Owl Labs)

The Meeting Owl Pro is a videoconference device with an array of cameras and microphones that captures 360-degree video and audio and automatically focuses on whoever is speaking to make meetings more dynamic and inclusive. The consoles, which are slightly taller than an Amazon Alexa and bear the likeness of a tree owl, are widely used by state and local governments, colleges, and law firms.

A recently published security analysis has concluded the devices pose an unacceptable risk to the networks they connect to and the personal information of those who register and administer them. The litany of weaknesses includes:

• The exposure of names, email addresses, IP addresses, and geographic locations of all Meeting Owl Pro users in an online database that can be accessed by anyone with knowledge of how the system works. This data can be exploited to map network topologies or socially engineer or dox employees.
• The device provides anyone with access to it with the interprocess communication channel, or IPC, it uses to interact with other devices on the network. This information can be exploited by malicious insiders or hackers who exploit some of the vulnerabilities found during the analysis
• Bluetooth functionality designed to extend the range of devices and provide remote control by default uses no passcode, making it possible for a hacker in proximity to control the devices. Even when a passcode is optionally set, the hacker can disable it without first having to supply it.
• An access point mode that creates a new Wi-Fi SSID while using a separate SSID to stay connected to the organization network. By exploiting Wi-Fi or Bluetooth functionalities, an attacker can compromise the Meeting Owl Pro device and then use it as a rogue access point that infiltrates or exfiltrates data or malware into or out of the network.
• Images of captured whiteboard sessions—which are supposed to be available only to meeting participants—could be downloaded by anyone with an understanding of how the system works.

Glaring vulnerabilities remain unpatched

Researchers from modzero, a Switzerland- and Germany-based security consultancy that performs penetration testing, reverse engineering, source-code analysis, and risk assessment for its clients, discovered the threats while conducting an analysis of videoconferencing solutions on behalf of an unnamed customer. The firm first contacted Meeting Owl-maker Owl Labs of Somerville, Massachusetts, in mid-January to privately report their findings. As of the time this post went live on Ars, none of the most glaring vulnerabilities had been fixed, leaving thousands of customer networks at risk.