An anonymous reader shares a report: There are concerning reports on Reddit that Apple's latest iOS 17.5 update has introduced a bug that causes old photos that were deleted -- in some cases years ago -- to reappear in users' photo libraries. After updating their iPhone, one user said they were shocked to find old NSFW photos that they deleted in 2021 suddenly showing up in photos marked as recently uploaded to iCloud. Other users have also chimed in with similar stories. "Same here," said one Redditor. "I have four pics from 2010 that keep reappearing as the latest pics uploaded to iCloud. I have deleted them repeatedly." "Same thing happened to me," replied another user. "Six photos from different times, all I have deleted. Some I had deleted in 2023." More reports have been trickling in overnight. One said: "I had a random photo from a concert taken on my Canon camera reappear in my phone library, and it showed up as if it was added today."

The FBI has seized the notorious BreachForums hacking forum that leaked and sold stolen corporate data to other cybercriminals. From a report: The seizure occurred on Wednesday morning, soon after the site was used last week to leak data stolen from a Europol law enforcement portal. The website is now displaying a message stating that the FBI has taken control over it and the backend data, indicating that law enforcement seized both the site's servers and domains. [...] The seizure message also shows the two forum profile pictures of the site's administrators, Baphomet and ShinyHunters, overlaid with prison bars.

At Google I/O on Tuesday, Google previewed a feature that will alert users to potential scams during a phone call. TechCrunch reports: The feature, which will be built into a future version of Android, uses Gemini Nano, the smallest version of Google's generative AI offering, which can be run entirely on-device. The system effectively listens for "conversation patterns commonly associated with scams" in real time. Google gives the example of someone pretending to be a "bank representative." Common scammer tactics like password requests and gift cards will also trigger the system. These are all pretty well understood to be ways of extracting your money from you, but plenty of people in the world are still vulnerable to these sorts of scams. Once set off, it will pop up a notification that the user may be falling prey to unsavory characters.

No specific release date has been set for the feature. Like many of these things, Google is previewing how much Gemini Nano will be able to do down the road sometime. We do know, however, that the feature will be opt-in.

A portal linking New York City to Dublin via a livestream has been temporarily shut down after inappropriate behavior ensued, according to the Dublin City Council. From a report: Less than a week after the 24/7 visual art installation was put in place, officials have opted to close it down temporarily after people began to flash each other, grind on the portal, and one person even shared pictures of the twin tower attack to people in New York City. Alternatively, the portal had also been the site of reunions with old friends and even a proposal, with many documenting their experience with the installation online.

The Dublin City Council said that although those engaged in the inappropriate behavior were few and far between, videos of said behavior went viral online. "While we cannot control all of these actions, we are implementing some technical solutions to address this and these will go live in the next 24 hours," the council said in a Monday statement. "We will continue to monitor the situation over the coming days with our partners in New York to ensure that portals continue to deliver a positive experience for both cities and the world."

Marc Whitten, Unity Create's chief product and technology officer, is stepping down on June 1, 2024, following the company's contentious Runtime Fee policy. Whitten will assist with the transition until December 31, 2024. The now-discarded Runtime Fee, announced in September 2023, faced severe backlash from developers who viewed it as a punitive per-install tariff. Unity reworked the fee and acknowledged its lack of communication with developers. CEO John Riccitiello also departed in October 2023, succeeded by Matthew Bromberg. Upon resignation, Whitten will receive a total of $814,801 in various payouts and benefits.

A panel of judges in the Netherlands has found Alexey Pertsev, one of the developers behind crypto anonymizing tool Tornado Cash, guilty of money laundering. Wired: Over the course of two days in March, the Russian national was tried on the allegation that the tool he developed had allowed criminals -- among them hackers with ties to North Korea -- to freely launder $1.2 billion in stolen cryptocurrency. "The management of Tornado Cash welcomed the bank robbers with open arms," the prosecutors wrote in a March court filing.

Dutch judges sentenced Pertsev to five years and four months in prison on Tuesday, which was the term requested by prosecutors in the case. "With Tornado Cash, the defendant created a shortcut for financing crimes and terrorism," said the court in a statement, translated from Dutch. "He chose to look away from the abuse and did not take any responsibility." The purpose of tools like Tornado Cash, known as crypto mixers or tumblers, is to mask the origin and destination of users' coins. Funds belonging to many parties are pooled, jumbled up, and spat out into brand-new wallets, by which time it is no longer clear whose crypto is whose. These services are promoted as a way to improve the level of privacy available to crypto users, but have been readily co-opted for the purpose of money laundering.

On August 8, 2022, Tornado Cash was sanctioned in the United States, making it illegal for US citizens to use the service. Any product that "indiscriminately facilitates anonymous transactions," wrote the US Treasury's Office of Foreign Assets Control, represents a "threat to US national security." Two days later, Pertsev was arrested in the Netherlands, where he resided. Money laundering activity, the Dutch prosecutors claim, accounted for more than 30 percent of the funds that passed through Tornado Cash between 2019 and 2022. [...] Pertsev built his defense on the argument that Tornado Cash, which remains in operation, is under nobody's control -- including his own -- as a piece of software that runs on the Ethereum blockchain, a distributed network of computers. Further reading: Coinbase Employees and Ethereum Backers Sue US Treasury Over Tornado Cash Sanctions (September 2022).

An anonymous reader quotes a report from the Washington Post: Return-to-office mandates at some of the most powerful tech companies -- Apple, Microsoft and SpaceX -- were followed by a spike in departures among the most senior, tough-to-replace talent, according to a case study published last week by researchers at the University of Chicago and the University of Michigan. Researchers drew on resume data from People Data Labs to understand the impact that forced returns to offices had on employee tenure and the movement of workers between companies. What they found was a strong correlation between the departures of senior-level employees and the implementation of a mandate, suggesting that these policies "had a negative effect on the tenure and seniority of their respective workforce." High-ranking employees stayed several months less than they might have without the mandate, the research suggests -- and in many cases, they went to work for direct competitors.

At Microsoft, the share of senior employees as a portion of the company's overall workforce declined more than five percentage points after the return-to-office mandate took effect, the researchers found. At Apple, the decline was four percentage points, while at SpaceX -- the only company of the three to require workers to be fully in-person -- the share of senior employees dropped 15 percentage points. "We find experienced employees impacted by these policies at major tech companies seek work elsewhere, taking some of the most valuable human capital investments and tools of productivity with them," said Austin Wright, an assistant professor of public policy at the University of Chicago and one of the study's authors. "Business leaders should weigh carefully employee preferences and market opportunities when deciding when, or if, they mandate a return to office." While the corporate culture and return-to-office policies differ "markedly" between the three companies, the similar effects of the RTO mandates suggest that "the effects are driven by common underlying dynamics," wrote the authors of the study.

"Our findings suggest that RTO mandates cost the company more than previously thought," said David Van Dijcke, a researcher at the University of Michigan who worked on the study. "These attrition rates aren't just something that can be managed away."

Robert Ployhart, a professor of business administration and management at the University of South Carolina, said executives haven't provided much evidence that RTO mandates actually benefit their workforces. "The people sitting at the apex may not like the way they feel the organization is being run, but if they're not bringing data to that point of view, it's really hard to argue why people should be coming back to the workplace more frequently," Ployhart said.

Senior employees, he said, are "the caretakers of a company's culture," and having to replace them can have negative effects on team morale and productivity. "By driving those employees away, they've actually enhanced and sped up the very thing they were trying to stop," Ployhart said.

Apple and Google have launched a new industry standard called "Detecting Unwanted Location Trackers" to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple's AirTags being used for malicious purposes.

Several Bluetooth tag companies have committed to making their future products compatible with the new standard. Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking.

An anonymous reader shares a report: Microsoft is attempting to solve the hassle of coordinating with colleagues on when everyone will be in the office. It's a problem that emerged with the increase in hybrid and flexible work after the recent covid-19 pandemic, with workers spending less time in the office. Microsoft Places is an AI-powered app that goes into preview today and should help businesses that rely on Outlook and Microsoft Teams to better coordinate in-office time together.

"When employees get to the office, they don't want to be greeted by a sea of empty desks -- they want face-time with their manager and the coworkers they collaborate with most frequently," says Microsoft's corporate vice president of AI at work, Jared Spataro, in a blog post. "With Places, you can more easily coordinate across coworkers and spaces in the office."

An anonymous reader shares a report: The default pasting behavior of Microsoft Word is a nightmare, and has been forever. If you want to add a text or image using the standard option, you can easily mess up the entire formatting in the text if a completely different font suddenly appears. After many years of complaints, Microsoft is finally listening to user feedback and changing the default behavior when pasting in Word.

From now on, the source's formatting will no longer be automatically retained. Instead, "Merge formatting" will be the new default for everyone, as Microsoft explained in a blog post this week. This means that after the update, newly pasted text will take on the font size, font type, and color of the text written in Word. However, special features such as lists or italicized elements will be retained. If you want these elements to be automatically adapted to the Word text, you must select the option "Keep text only."

mspohr shares a report: The solar storm that brought the aurora borealis to large parts of the United States this weekend also broke critical GPS and precision farming functionality in tractors and agricultural equipment during a critical point of the planting season, 404 Media has learned. These outages caused many farmers to fully stop their planting operations for the moment. One chain of John Deere dealerships warned farmers that the accuracy of some of the systems used by tractors are "extremely compromised," and that farmers who planted crops during periods of inaccuracy are going to face problems when they go to harvest, according to text messages obtained by 404 Media and an update posted by the dealership.

The outages highlight how vulnerable modern tractors are to satellite disruptions, which experts have been warning about for years. "All the tractors are sitting at the ends of the field right now shut down because of the solar storm," Kevin Kenney, a farmer in Nebraska, told me. "No GPS. We're right in the middle of corn planting. I'll bet the commodity markets spike Monday." Specifically, some GPS systems were temporarily knocked offline. This caused intermittent connections and accuracy problems with "Real-Time Kinematic" (RTK) systems, which connect to John Deere "StarFire" receivers that are in modern tractors and agricultural equipment. RTK systems use GPS plus a stream of constantly-updating "correction" data from a fixed point on the ground to achieve centimeter-level positional accuracy for planting crops, tilling fields, spraying fertilizer and herbicide, etc.

The Russia-linked ransomware group Black Basta is responsible for Wednesday's cyberattack on St. Louis-based Ascension health system, according to sources reported by CNN. The attack disrupted access to electronic health records, some phone systems and "various systems utilized to order certain tests, procedures and medications," the company said in a statement. From a report: On Friday, the nonprofit group Health-ISAC (Information Sharing and Analysis Center) issued an alert about the group, saying that Black Basta has "recently accelerated attacks against the healthcare sector." HHS said that Black Basta was initially spotted in early 2022, known for its double extortion attack. The group not only executes ransomware but also exfiltrates sensitive data, operating a cybercrime marketplace to publicly release it should a victim fail to pay a ransom.

"The level of sophistication by its proficient ransomware operators, and reluctance to recruit or advertise on Dark Web forums, supports why many suspect the nascent Black Basta may even be a rebrand of the Russian-speaking RaaS threat group Conti, or also linked to other Russian-speaking cyber threat groups," the alert from HHS said. According to one report from blockchain analytics firm Elliptic and cybersecurity risk-focused Corvus Insurance, Black Basta in less than two years has won itself more than $100 million via ransomware schemes from 329 organizations. Previous victims of its attacks include Dish Network, the American Dental Association, business process services firm Capita and tech firm ABB.

The U.S. FBI is working towards charging hackers from the aggressive Scattered Spider criminal gang who are largely based in the U.S. and western countries and have breached dozens of American organisations, a senior official said. From a report: The young hackers grabbed headlines last year when they broke into the systems of casino-operators MGM Resorts International and Caesars Entertainment locking up the companies' systems and demanding hefty ransom payments. From health and telecom companies to financial services, they have hacked a range of organisations over two years, piling pressure on law enforcement agencies to thwart them.

"We are working towards charging individuals where we can with criminal conduct, in this case, largely around the Computer Fraud and Abuse Act," Brett Leatherman, the FBI's cyber deputy assistant director, told Reuters in an interview. The group was a rare alliance of hackers in Western countries with veteran cybercriminals from eastern Europe, he said on the sidelines of the RSA Conference in San Francisco Wednesday. "Often we don't see that mingling of geographical hackers working together outside the confines of like hacktivism, for example," he said. Security researchers have tracked Scattered Spider since at least 2022 and say the group is far more aggressive than other cybercrime gangs - skilled especially at hijacking the identities of IT helpdesk staff to penetrate into company networks. Caesars paid around $15 million to free its systems from the hackers.

An anonymous reader shares a report: Sonos has responded to the avalanche of feedback -- some good, plenty bad -- about the company's redesigned mobile app that was released on May 7th. In the days since, customers have complained about missing features like sleep timers, broken local music library management, and no longer having the ability to edit playlists or the upcoming song queue. More alarmingly, the Sonos app's accessibility has also taken a hit, something the company says it's aiming to resolve by next month.

In a statement provided to The Verge, Sonos confirms that it's keenly aware of the gripes that customers have expressed about the new app. It's hearing their response and is working to address the functionality that has (for now) gone missing. But the company is also standing behind its decision to roll out the app this week, basically describing it as a rough patch that will, in theory, lead to a much better experience for everyone down the line. "Redesigning the Sonos app is an ambitious undertaking that represents just how seriously we are committed to invention and re-invention," said chief product officer Maxime Bouvat-Merlin. "It takes courage to rebuild a brand's core product from the ground up, and to do so knowing it may require taking a few steps back to ultimately leap into the future."

Technology giant Dell notified customers on Thursday that it experienced a data breach involving customers' names and physical addresses. TechCrunch: In an email seen by TechCrunch and shared by several people on social media, the computer maker wrote that it was investigating "an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell."

Dell wrote that the information accessed in the breach included customer names, physical addresses, and "Dell hardware and order information, including service tag, item description, date of order and related warranty information." Dell did not say if the incident was caused by malicious outsiders or inadvertent error. The breached data did not include email addresses, telephone numbers, financial or payment information, or "any highly sensitive customer information," according to the company. The company downplayed the impact of the breach in the message.

OpenAI, the company behind ChatGPT, is exploring whether users should be allowed to create AI-generated pornography and other explicit content with its products. From a report:While the company stressed that its ban on deepfakes would continue to apply to adult material, campaigners suggested the proposal undermined its mission statement to produce "safe and beneficial" AI. OpenAI, which is also the developer of the DALL-E image generator, revealed it was considering letting developers and users "responsibly" create what it termed not-safe-for-work (NSFW) content through its products. OpenAI said this could include "erotica, extreme gore, slurs, and unsolicited profanity."

It said: "We're exploring whether we can responsibly provide the ability to generate NSFW content in age-appropriate contexts ... We look forward to better understanding user and societal expectations of model behaviour in this area." The proposal was published as part of an OpenAI document discussing how it develops its AI tools. Joanne Jang, an employee at the San Francisco-based company who worked on the document, told the US news organisation NPR that OpenAI wanted to start a discussion about whether the generation of erotic text and nude images should always be banned from its products. However, she stressed that deepfakes would not be allowed.

An anonymous reader quotes a report from TechCrunch: The federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years. The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private domicile address -- which can include their home address -- appeared in public records between August 23, 2023 and April 19, 2024. U.S. trademark law requires that applicants include a private address when filing their paperwork with the agency to prevent fraudulent trademark filings.

USPTO said that while no addresses appeared in regular searches on the agency's website, about 14,000 applicants' private addresses were included in bulk datasets that USPTO publishes online to aid academic and economic research. The agency took blame for the incident, saying the addresses were "inadvertently exposed as we transitioned to a new IT system," according to the email to affected applicants, which TechCrunch obtained. "Importantly, this incident was not the result of malicious activity," the email said. Upon discovery of the security lapse, the agency said it "blocked access to the impacted bulk data set, removed files, implemented a patch to fix the exposure, tested our solution, and re-enabled access." Last June, the USPTO inadvertently exposed about 61,000 applicants' private addresses "in a years-long data spill in part through the release of its bulk datasets," reports TechCrunch. It told affected individuals that the issue was fixed.

An anonymous reader quotes a report from The Register: Ransomware infections have morphed into "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant. "We saw situations where threat actors essentially SIM swap the phones of children of executives, and start making phone calls to executives, from the phone numbers of their children," Charles Carmakal, Mandiant's CTO, recounted during a Google Security Threat Intelligence Panel at this year's RSA Conference in San Francisco on Monday.

"Think about the psychological dilemma that the executive goes through – seeing a phone call from the children, picking up the phone and hearing that it's somebody else's voice? Sometimes, it's caller ID spoofing. Other times, we see demonstrated SIM swapping family members." Either way, it's horrifying. It's the next step in the evolution of ransomware tactics, which have now moved far beyond simply encrypting victims' files and even stealing their data. "There are a few threat actors that really have no rules of engagement in terms of how far [they] try to coerce victims," Carmakal noted, recalling ransomware incidents in which the criminals have directly contacted executives, their family members, and board members at their homes.

The criminals have moved from just staging an attack against a company, its customers and their data, and becomes "more against the people," he added. It changes the calculation involved in deciding whether to pay the extortion demand, Carmakal said. "It's less about 'do I need to protect my customers?' But more about 'how do I better protect my employees and protect the families of employees?' That's a pretty scary shift."

An anonymous reader shares a report: One Raspberry Pi often leads to another. Soon enough, you're running out of spots in your free RealVNC account for your tiny boards and "real" computers. Even if you go the hardened route of SSH or an X connection, you have to keep track of where they all are. All of this is not the easiest thing to tackle if you're new to single-board computers or just eager to get started.

Enter Raspberry Pi Connect, a new built-in way to access a Raspberry Pi from nearly anywhere you can open a browser, whether to control yourself or provide remote assistance. On a Raspberry Pi 4, 5, or Pi 400 kit, you install Pi connect with a single terminal line, reboot the Pi, and then click a new tray icon to connect the Pi to a Raspberry Pi ID (and then enable two-factor authentication, of course). From then on, visiting connect.raspberrypi.com gives you an encrypted connection to your desktop. It's a direct connection if possible, and if not, it runs through relay servers in London, encrypting it with DTLS and keeping only the metadata needed for the service to work. The Pi will show a notification in its tray that somebody has connected, and you can manage screen sharing from there.

An anonymous reader quotes a report from Wired: In April, Apple sent notifications to iPhone users in 92 countries, warning them they'd been targeted with spyware. "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID," the notification reads. Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based inIndia, but others in Europe also reported receiving Apple's warning. Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed "LightSpy," but Apple spokesperson Shane Bauer says this is inaccurate.

While Apple says the latest spyware notifications aren't linked to LightSpy, the spyware remains a growing threat, particularly to people who may be targeted in Southern Asia, according to Blackberry's researchers. Described as a "sophisticated iOS implant," LightSpy first emerged targeting Hong Kong protesters in 2020. However, the latest iteration is much more capable than the first. "It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims' private information, including hyper-specific location data and sound recording during voice over IP calls," the researchers wrote. April's warnings were not the first time Apple has issued notifications of this kind. The iPhone maker has sent out alerts to people in over 150 countries since 2021 as spyware continues to target high-profile figures across the globe.

Spyware can be weaponized by nation-state adversaries -- but this is relatively rare and expensive. Its deployment is typically highly targeted against a very specific group of people, including journalists, political dissidents, government workers, and businesses in certain sectors. "Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks." Plus, Apple says its Lockdown Mode feature can successfully protect against attacks. "As we have said before, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware," Bauer says. Still, for those who are targeted and caught unaware, spyware is extremely dangerous. There are a number of ways to protect yourself against spyware and zero-click exploits in particular:

1. Regularly Update Devices: Keep your devices updated to the latest software to protect against known vulnerabilities.
2. Restart Devices Daily: Regularly restarting your device can help disrupt persistent spyware infections by forcing attackers to reinfect the device, potentially increasing their chances of detection.
3. Disable Vulnerable Features: Consider disabling features prone to exploits, such as iMessage and FaceTime, especially if you suspect you're a target for spyware.
4. Use Multifactor Authentication and Secure Sources: Employ multifactor authentication and only install apps from verified sources to prevent unauthorized access and downloads.
5. Monitor for Indicators: Be vigilant for signs of infection such as battery drain, unexpected shutdowns, and high data usage, though these may not always be present with more sophisticated spyware.
6. Seek Professional Help: If you suspect a spyware infection, consider professional assistance or helplines like Access Now's Digital Security Helpline for guidance on removal.
7. Utilize Advanced Security Features: Activate security features like Apple's Lockdown Mode, which limits device functionality to reduce vulnerabilities, thus safeguarding against infections.