Medicine

America's FDA Warns About Backdoor Found in Chinese Company's Patient Monitors (fda.gov) 51

Thursday America's FDA "raised concerns about cybersecurity vulnerabilities" in patient monitors from China-based medical device company Contec "that could allow unauthorized individuals to access and potentially manipulate those devices," reports Reuters. The patient monitors could be remotely controlled by unauthorized users or may not function as intended, and the network to which these devices are connected could be compromised, the agency warned. The FDA also said that once these devices are connected to the internet, they can collect patient data, including personally identifiable information and protected health information, and can export this data out of the healthcare delivery environment.

The agency, however, added that it is currently unaware of any cybersecurity incidents, injuries, or deaths related to these identified cybersecurity vulnerabilities.

The FDA's announcement says "The software on the patient monitors includes a backdoor, which may mean that the device or the network to which the device has been connected may have been or could be compromised." And it offers this advice to caregivers and patients: If your health care provider confirms that your device relies on remote monitoring features, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.

If your device does not rely on remote monitoring features, use only the local monitoring features of the patient monitor. This means unplugging the device's ethernet cable and disabling wireless (that is, WiFi or cellular) capabilities, so that patient vital signs are only observed by a caregiver or health care provider in the physical presence of a patient. If you cannot disable the wireless capabilities, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.

A detailed report from CISA describes how a research team "created a simulated network, created a fake patient profile, and connected a blood pressure cuff, SpO2 monitor, and ECG monitor peripherals to the patient monitor. Upon startup, the patient monitor successfully connected to the simulated IP address and immediately began streaming patient data..." to an IP address that hard-coded into the backdoor function. "Sensor data from the patient monitor is also transmitted to the IP address in the same manner. If the routine to connect to the hard-coded IP address and begin transmitting patient data is called, it will automatically initialize the eth0 interface in the same manner as the backdoor. This means that even if networking is not enabled on startup, running this routine will enable networking and thereby enable this functionality
Security

Sensitive DeepSeek Data Was Exposed to the Web, Cybersecurity Firm Says (reuters.com) 17

An anonymous reader shared this report from Reuters: New York-based cybersecurity firm Wiz says it has found a trove of sensitive data from the Chinese artificial intelligence startup DeepSeek inadvertently exposed to the open internet. In a blog post published Wednesday, Wiz said that scans of DeepSeek's infrastructure showed that the company had accidentally left more than a million lines of data available unsecured.

Those included digital software keys and chat logs that appeared to capture prompts being sent from users to the company's free AI assistant.

Wiz's chief technology officer tells Reuters that DeepSeek "took it down in less than an hour" after Wiz alerted them.

"But this was so simple to find we believe we're not the only ones who found it."
Social Networks

TikTok's Traffic Bounces Back Despite Being Pulled Off App Stores (cnbc.com) 17

Despite being removed from app stores and facing a potential U.S. ban, TikTok has regained nearly 90% of its user traffic, according to Cloudflare Radar. "DNS traffic for TikTok-related domains has continued to recover since service restoration, and is currently about 10% lower than pre-shutdown level," said David Belson, head of data insight at Cloudflare. CNBC reports: The data from Cloudflare shows that, for the most part, TikTok has managed to maintain the bulk of its users and creators in the U.S. despite going offline for about 14 hours and remaining off of the Apple or Google app stores.

As for its alternatives, Cloudflare's data shows a spike in traffic the day of the temporary ban, with levels remaining steadily higher in the following week. Traffic for alternatives began to grow a week ahead of the expected shutdown, driven by the increased popularity of RedNote, known as Xiaohongshu in China, Belson said.

But traffic to TikTok alternatives peaked on Jan. 19, the day TikTok returned online, he added. "DNS traffic fell rapidly once the shutdown ended, and has continued to slowly decline over the last week and a half," Belson said.

The Internet

Swiss Tax Authority Forced To Buy Bahamas Domain Name After URL Typo (techcrunch.com) 29

The Swiss canton ("state") of Basel-Stadt fixed a tax flyer typo by buying the incorrect domain and setting up a redirect, avoiding a $100,000 reprint cost. TechCrunch reports: As Swiss news outlet SRF reports, the Basel tax administration printed fliers that were supposed to include a URL to file taxes online. However, the Swiss country code top-level domain (ccTLD) of ".ch" was omitted, leaving just the Basel-Stadt suffix of ".bs" -- which just happens to be the ccTLD of the Bahamas.

A spokesperson for Basel-Stadt's department of finance told SRF that it would cost the equivalent of around $100,000 to print and send out a batch of new flyers, so it was a no-brainer to fork out $1,000 to administer the new domain instead.

Data Storage

Archivists Work To Identify and Save the Thousands of Datasets Disappearing From Data.gov (404media.co) 70

An anonymous reader quotes a report from 404 Media: Datasets aggregated on data.gov, the largest repository of U.S. government open data on the internet, are being deleted, according to the website's own information. Since Donald Trump was inaugurated as president, more than 2,000 datasets have disappeared from the database. As people in the Data Hoarding and archiving communities have pointed out, on January 21, there were 307,854 datasets on data.gov. As of Thursday, there are 305,564 datasets. Many of the deletions happened immediately after Trump was inaugurated, according to snapshots of the website saved on the Internet Archive's Wayback Machine. Harvard University researcher Jack Cushman has been taking snapshots of Data.gov's datasets both before and after the inauguration, and has worked to create a full archive of the data.

"Some of [the entries link to] actual data," Cushman told 404 Media. "And some of them link to a landing page [where the data is hosted]. And the question is -- when things are disappearing, is it the data it points to that is gone? Or is it just the index to it that's gone?" For example, "National Coral Reef Monitoring Program: Water Temperature Data from Subsurface Temperature Recorders (STRs) deployed at coral reef sites in the Hawaiian Archipelago from 2005 to 2019," a NOAA dataset, can no longer be found on data.gov but can be found on one of NOAA's websites by Googling the title. "Stetson Flower Garden Banks Benthic_Covage Monitoring 1993-2018 -- OBIS Event," another NOAA dataset, can no longer be found on data.gov and also appears to have been deleted from the internet. "Three Dimensional Thermal Model of Newberry Volcano, Oregon," a Department of Energy resource, is no longer available via the Department of Energy but can be found backed up on third-party websites. [...]

Data.gov serves as an aggregator of datasets and research across the entire government, meaning it isn't a single database. This makes it slightly harder to archive than any individual database, according to Mark Phillips, a University of Northern Texas researcher who works on the End of Term Web Archive, a project that archives as much as possible from government websites before a new administration takes over. "Some of this falls into the 'We don't know what we don't know,'" Phillips told 404 Media. "It is very challenging to know exactly what, where, how often it changes, and what is new, gone, or going to move. Saving content from an aggregator like data.gov is a bit more challenging for the End of Term work because often the data is only identified and registered as a metadata record with data.gov but the actual data could live on another website, a state .gov, a university website, cloud provider like Amazon or Microsoft or any other location. This makes the crawling even more difficult."

Phillips said that, for this round of archiving (which the team does every administration change), the project has been crawling government websites since January 2024, and that they have been doing "large-scale crawls with help from our partners at the Internet Archive, Common Crawl, and the University of North Texas. We've worked to collect 100s of terabytes of web content, which includes datasets from domains like data.gov." [...] It is absolutely true that the Trump administration is deleting government data and research and is making it harder to access. But determining what is gone, where it went, whether it's been preserved somewhere, and why it was taken down is a process that is time intensive and going to take a while. "One thing that is clear to me about datasets coming down from data.gov is that when we rely on one place for collecting, hosting, and making available these datasets, we will always have an issue with data disappearing," Phillips said. "Historically the federal government would distribute information to libraries across the country to provide greater access and also a safeguard against loss. That isn't done in the same way for this government data."

The Courts

Amazon Sues WA State Over Washington Post Request for Kuiper Records (geekwire.com) 40

The company that Jeff Bezos founded has gone to court to keep the newspaper he owns from finding out too much about the inner workings of its business. From a report: Amazon is suing Washington state to limit the release of public records to The Washington Post from a series of state Department of Labor and Industries investigations of an Amazon Project Kuiper satellite facility in the Seattle area.

The lawsuit, filed this week in King County Superior Court in Seattle, says the newspaper on Nov. 26 requested "copies of inspection records, investigation notes, interview notes, complaints," and other documents related to four investigations at the Redmond, Wash., facility between August and October 2024. It's not an unusual move by the company, and in some ways it's a legal technicality.

Amazon says it's not seeking to block the records release entirely, but rather seeking to protect from public disclosure certain records that contain proprietary information and trade secrets about the company's satellite internet operations. The lawsuit cites a prior situation in which Amazon and the Department of Labor and Industries similarly worked through the court to respond to a Seattle Times public records request without disclosing proprietary information.

Democrats

Democrat Teams Up With Movie Industry To Propose Website-Blocking Law (arstechnica.com) 155

An anonymous reader quotes a report from Ars Technica: US Rep. Zoe Lofgren (D-Calif.) today proposed a law that would let copyright owners obtain court orders requiring Internet service providers to block access to foreign piracy websites. The bill would also force DNS providers to block sites. Lofgren said in a press release that she "work[ed] for over a year with the tech, film, and television industries" on "a proposal that has a remedy for copyright infringers located overseas that does not disrupt the free Internet except for the infringers." Lofgren said she plans to work with Republican leaders to enact the bill. [...]

Lofgren's bill (PDF) would impose site-blocking requirements on broadband providers with at least 100,000 subscribers and providers of public domain name resolution services with annual revenue of over $100 million. The bill has exemptions for VPN services and "similar services that encrypt and route user traffic through intermediary servers"; DNS providers that offer service "exclusively through encrypted DNS protocols"; and operators of premises that provide Internet access, like coffee shops, bookstores, airlines, and universities. Lofgren released a summary of the bill explaining how copyright owners can obtain blocking orders. "A copyright owner or exclusive licensee may file a petition in US District Court to obtain a preliminary order against a foreign website or online service engaging in copyright infringement," the summary said.

For non-live content, the petition must show that "transmission of a work through a foreign website likely infringes exclusive rights under Section 106 [of US law] and is causing irreparable harm." For live events, a petition must show that "an imminent or ongoing unauthorized transmission of a live event is likely to infringe, and will cause irreparable harm." The proposed law says that after a preliminary order is issued, copyright owners would be able to obtain orders directing service providers "to take reasonable and technically feasible measures to prevent users of the service provided by the service provider from accessing the foreign website or online service identified in the order." Judges would not be permitted to "prescribe any specific technical measures" for blocking and may not require any action that would prevent Internet users from using virtual private networks.
Consumer advocacy group Public Knowledge described the bill as a "censorious site-blocking" measure "that turns broadband providers into copyright police at Americans' expense."

"Rather than attacking the problem at its source -- bringing the people running overseas piracy websites to court -- Congress and its allies in the entertainment industry has decided to build out a sweeping infrastructure for censorship," Public Knowledge Senior Policy Counsel Meredith Rose said. "Site-blocking orders force any service provider, from residential broadband providers to global DNS resolvers, to disrupt traffic from targeted websites accused of copyright infringement. More importantly, applying blocking orders to global DNS resolvers results in global blocks. This means that one court can cut off access to a website globally, based on one individual's filing and an expedited procedure. Blocking orders are incredibly powerful weapons, ripe for abuse, and we've seen the messy consequences of them being implemented in other countries."
The Internet

NordVPN Says Its New Protocol Can Circumvent VPN Blockers (gizmodo.com) 26

NordVPN has introduced NordWhisper, a new protocol designed to bypass VPN blocks in restrictive countries like Russia and India by making VPN traffic appear like regular internet activity. Gizmodo reports: NordVPN claims to have found a way to make traffic from its service look normal, though admits that it may not always work perfectly. It also says the NordWhisper protocol may introduce more latency. The protocol is rolling out first to users on Windows, Linux, and Android. Support for other platforms will come in the future.
The Internet

Comcast Is Rolling Out 'Ultra-Low Lag' Tech That Could Fix the Internet (theverge.com) 80

Comcast is deploying "Low Latency, Low Loss, Scalable Throughput" (L4S) technology across its Xfinity internet network in six U.S. cities, a system that reduces the time data packets take to travel between users and servers. Initial trials showed a 78% reduction in working latency under normal home conditions. The technology will first support FaceTime calls, Nvidia's GeForce Now cloud gaming, and Steam games, with planned expansion to Meta's mixed reality applications.
Communications

FCC Will Drop Biden Plan To Ban Bulk Broadband Billing For Tenants (reuters.com) 63

The Federal Communications Commission will abandon a proposal that would have banned mandatory internet service charges for apartment and condominium residents. FCC Chair Brendan Carr halted the Biden-era plan that sought to prevent landlords from requiring tenants to pay for specific broadband providers. Housing industry groups said they welcomed the decision, arguing bulk billing arrangements help secure discounted rates. They claim these agreements can reduce internet costs by up to 50%. However, public interest advocates, who backed the original proposal, contend that landlords don't always pass these savings to tenants.
Privacy

Software Flaw Exposes Millions of Subarus, Rivers of Driver Data (securityledger.com) 47

chicksdaddy share a report from the Security Ledger: Vulnerabilities in Subaru's STARLINK telematics software enabled two, independent security researchers to gain unrestricted access to millions of Subaru vehicles deployed in the U.S., Canada and Japan. In a report published Thursday researchers Sam Curry and Shubham Shah revealed a now-patched flaw in Subaru's STARLINK connected vehicle service that allowed them to remotely control Subarus and access vehicle location information and driver data with nothing more than the vehicle's license plate number, or easily accessible information like the vehicle owner's email address, zip code and phone number. (Note: Subaru STARLINK is not to be confused with the Starlink satellite-based high speed Internet service.)

[Curry and Shah downloaded a year's worth of vehicle location data for Curry's mother's 2023 Impreza (Curry bought her the car with the understanding that she'd let him hack it.) The two researchers also added themselves to a friend's STARLINK account without any notification to the owner and used that access to remotely lock and unlock the friend's Subaru.] The details of Curry and Shah's hack of the STARLINK telematics system bears a strong resemblance to hacks documented in his 2023 report Web Hackers versus the Auto Industry as well as a September, 2024 discovery of a remote access flaw in web-based applications used by KIA automotive dealers that also gave remote attackers the ability to steal owners' personal information and take control of their KIA vehicle. In each case, Curry and his fellow researchers uncovered publicly accessible connected vehicle infrastructure intended for use by [employees and dealers was found to be trivially vulnerable to compromise and lack even basic protections around account creation and authentication].

Facebook

Facebook Flags Linux Topics As 'Cybersecurity Threats' (tomshardware.com) 96

Facebook has banned posts mentioning Linux-related topics, with the popular Linux news and discussion site, DistroWatch, at the center of the controversy. Tom's Hardware reports: A post on the site claims, "Facebook's internal policy makers decided that Linux is malware and labeled groups associated with Linux as being 'cybersecurity threats.' We tried to post some blurb about distrowatch.com on Facebook and can confirm that it was barred with a message citing Community Standards. DistroWatch says that the Facebook ban took effect on January 19. Readers have reported difficulty posting links to the site on this social media platform. Moreover, some have told DistroWatch that their Facebook accounts have been locked or limited after sharing posts mentioning Linux topics.

If you're wondering if there might be something specific to DistroWatch.com, something on the site that the owners/operators perhaps don't even know about, for example, then it seems pretty safe to rule out such a possibility. Reports show that "multiple groups associated with Linux and Linux discussions have either been shut down or had many of their posts removed." However, we tested a few other Facebook posts with mentions of Linux, and they didn't get blocked immediately. Copenhagen-hosted DistroWatch says it has tried to appeal against the Community Standards-triggered ban. However, they say that a Facebook representative said that Linux topics would remain on the cybersecurity filter. The DistroWatch writer subsequently got their Facebook account locked...
DistroWatch points out the irony at play here: "Facebook runs much of its infrastructure on Linux and often posts job ads looking for Linux developers."

UPDATE: Facebook has admited they made a mistake and stopped blocking the posts.
Businesses

Internet-Connected 'Smart' Products for Babies Suddenly Start Charging Subscription Fees (msn.com) 134

The EFF has complained that in general "smart" products for babies "collect a ton of information about you and your baby on an ongoing basis". (For this year's "worst in privacy" product at CES they chose a $1,200 baby bassinet equipped with a camera, a microphone, and a radar sensor...)

But today the Washington Post reported on a $1,700 bassinet that surprised the mother of a one-month-old when it "abruptly demanded money for a feature she relied on to soothe her baby to sleep." The internet-connected bassinet... reliably comforted her 1-month-old — just as it had her first child — until it started charging $20 a month for some abilities, including one that keeps the bassinet's motion and sounds at one level all night. The level-lock feature previously was available without a fee. "It all felt really intrusive — like they went into our bedroom and clawed back this feature that we've been depending on...." When the Snoo's maker, Happiest Baby, introduced a premium subscription for some of the bassinet's most popular features in July, owners filed dozens of complaints to the Federal Trade Commission and the Better Business Bureau, coordinated review bombs and vented on social media — saying the company took advantage of their desperation for sleep to bait-and-switch them...

Happiest Baby isn't the only baby gear company that has rolled out a subscription. In 2023, makers of the Miku baby monitor, which retails for up to $400, elicited similar fury from parents when it introduced a $10 monthly subscription for most features. A growing number of internet-connected products have lost software support or functionality after purchase in recent years, such as Spotify's Car Thing — a $90 Bluetooth streaming device that the company announced in May it plans to discontinue — and Levi's $350 smart jacket, which let users control their phones by swiping sensors on its sleeve...

Seventeen consumer protection and tech advocacy groups cited Happiest Baby and Car Thing in a letter urging the FTC to create guidelines that ensure products retain core functionality without the imposition of fees that did not exist when the items were originally bought.

The Times notes that the bassinets are often resold, so the subscription fees are partly to cover the costs of supporting new owners, according to Happiest Baby's vice president for marketing and communications. But the article three additional perspectives:
  • "This new technology is actually allowing manufacturers to change the way the status quo has been for decades, which is that once you buy something, you own it and you can do whatever you want. Right now, consumers have no trust that what they're buying is actually going to keep working." — Lucas Gutterman, who leads the Public Interest Research Group's "Design to Last" campaign.
  • "It's a shame to be beholden to companies' goodwill, to require that they make good decisions about which settings to put behind a paywall. That doesn't feel good, and you can't always trust that, and there's no guarantee that next week Happiest Baby isn't going to announce that all of the features are behind a paywall." — Elizabeth Chamberlain, sustainability director at iFixit.
  • "It's no longer just an out-and-out purchase of something. It's a continuous rental, and people don't know that." — Natasha Tusikov, an associate professor at York University

The Internet

Another Undersea Cable Damaged in Baltic Sea. Criminal Sabotage Investigation Launched (ft.com) 115

"An underwater data cable between Sweden and Latvia was damaged early on Sunday," reports the Financial Times, "in at least the fourth episode of potential sabotage in the Baltic Sea that has caused concern in Nato about the vulnerability of critical infrastructure..." Criminal investigations have started in Latvia and Sweden, and a ship has been seized as part of the probes, according to Swedish prosecutors, who did not identify the vessel. Previous incidents have been linked to Russian and Chinese ships...

The latest incident comes as the three Baltic states are preparing to disconnect their electricity systems from the former Soviet network in early February and integrate themselves into the continental European grid, with some fearing further potential disruption ahead of that. Estonia, Latvia and Lithuania have joined the EU and Nato since regaining their independence after their forced annexation by the Soviet Union, and see their switch to the European electricity system as their final integration into the west. KÄ(TM)stutis Budrys, Lithuania's foreign minister, said navigation rules in the Baltic Sea needed to be reviewed "especially when it comes to the use of anchors" and added there were now so many incidents that there was little chance they could all be accidents.

Repair of data cables has tended to take much less time than that for gas or electricity connections, and the Latvian state radio and television centre said it had found alternative routes for its communications.

Social Networks

Cory Doctorow Asks: Can Interoperability End 'Enshittification' and Fix Social Media? (pluralistic.net) 69

This weekend Cory Doctorow delved into "the two factors that make services terrible: captive users, and no constraints." If your users can't leave, and if you face no consequences for making them miserable (not solely their departure to a competitor, but also fines, criminal charges, worker revolts, and guerrilla warfare with interoperators), then you have the means, motive and opportunity to turn your service into a giant pile of shit... Every economy is forever a-crawl with parasites and monsters like these, but they don't get to burrow into the system and colonize it until policymakers create rips they can pass through.
Doctorow argues that "more and more critics are coming to understand that lock-in is the root of the problem, and that anti-lock-in measures like interoperability can address it." Even more important than market discipline is government discipline, in the form of regulation. If Zuckerberg feared fines for privacy violations, or moderation failures, or illegal anticompetitive mergers, or fraudulent advertising systems that rip off publishers and advertisers, or other forms of fraud (like the "pivot to video"), he would treat his users better. But Facebook's rise to power took place during the second half of the neoliberal era, when the last shreds of regulatory muscle that survived the Reagan revolution were being devoured... But it's worse than that, because Zuckerberg and other tech monopolists figured out how to harness "IP" law to get the government to shut down third-party technology that might help users resist enshittification... [Doctorow says this is "why companies are so desperate to get you to use their apps rather than the open web"] IP law is why you can't make an alternative client that blocks algorithmic recommendations. IP law is why you can't leave Facebook for a new service and run a scraper that imports your waiting Facebook messages into a different inbox. IP law is why you can't scrape Facebook to catalog the paid political disinformation the company allows on the platform...
But then Doctorow argues that "Legacy social media is at a turning point," citing as "a credible threat" new systems built on open standards like Mastodon (built on Activitypub) and Bluesky (built on Atproto): I believe strongly in improving the Fediverse, and I believe in adding the long-overdue federation to Bluesky. That's because my goal isn't the success of the Fediverse — it's the defeat of enshtitification. My answer to "why spend money fixing Bluesky?" is "why leave 20 million people at risk of enshittification when we could not only make them safe, but also create the toolchain to allow many, many organizations to operate a whole federation of Bluesky servers?" If you care about a better internet — and not just the Fediverse — then you should share this goal, too... Mastodon has one feature that Bluesky sorely lacks — the federation that imposes antienshittificatory discipline on companies and offers an enshittification fire-exit for users if the discipline fails. It's long past time that someone copied that feature over to Bluesky.
Doctorow argues that federated and "federatable" social media "disciplines enshittifiers" by freeing social media's captive audiences.

"Any user can go to any server at any time and stay in touch with everyone else."
Power

Could New Linux Code Cut Data Center Energy Use By 30%? (datacenterdynamics.com) 65

Two computer scientists at the University of Waterloo in Canada believe changing 30 lines of code in Linux "could cut energy use at some data centers by up to 30 percent," according to the site Data Centre Dynamics.

It's the code that processes packets of network traffic, and Linux "is the most widely used OS for data center servers," according to the article: The team tested their solution's effectiveness and submitted it to Linux for consideration, and the code was published this month as part of Linux's newest kernel, release version 6.13. "All these big companies — Amazon, Google, Meta — use Linux in some capacity, but they're very picky about how they decide to use it," said Martin Karsten [professor of Computer Science in the Waterloo's Math Faculty]. "If they choose to 'switch on' our method in their data centers, it could save gigawatt hours of energy worldwide. Almost every single service request that happens on the Internet could be positively affected by this."

The University of Waterloo is building a green computer server room as part of its new mathematics building, and Karsten believes sustainability research must be a priority for computer scientists. "We all have a part to play in building a greener future," he said. The Linux Foundation, which oversees the development of the Linux OS, is a founder member of the Green Software Foundation, an organization set up to look at ways of developing "green software" — code that reduces energy consumption.

Karsten "teamed up with Joe Damato, distinguished engineer at Fastly" to develop the 30 lines of code, according to an announcement from the university. "The Linux kernel code addition developed by Karsten and Damato was based on research published in ACM SIGMETRICS Performance Evaluation Review" (by Karsten and grad student Peter Cai).

Their paper "reviews the performance characteristics of network stack processing for communication-heavy server applications," devising an "indirect methodology" to "identify and quantify the direct and indirect costs of asynchronous hardware interrupt requests (IRQ) as a major source of overhead...

"Based on these findings, a small modification of a vanilla Linux system is devised that improves the efficiency and performance of traditional kernel-based networking significantly, resulting in up to 45% increased throughput..."
Security

Backdoor Infecting VPNs Used 'Magic Packets' For Stealth and Security (arstechnica.com) 17

An anonymous reader quotes a report from Ars Technica: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can't be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what's known in the business as a "magic packet." On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network's Junos OS has been doing just that. J-Magic, the tracking name for the backdoor, goes one step further to prevent unauthorized access. After receiving a magic packet hidden in the normal flow of TCP traffic, it relays a challenge to the device that sent it. The challenge comes in the form of a string of text that's encrypted using the public portion of an RSA key. The initiating party must then respond with the corresponding plaintext, proving it has access to the secret key.

The lightweight backdoor is also notable because it resided only in memory, a trait that makes detection harder for defenders. The combination prompted researchers at Lumin Technology's Black Lotus Lab to sit up and take notice. "While this is not the first discovery of magic packet malware, there have only been a handful of campaigns in recent years," the researchers wrote. "The combination of targeting Junos OS routers that serve as a VPN gateway and deploying a passive listening in-memory only agent, makes this an interesting confluence of tradecraft worthy of further observation." The researchers found J-Magic on VirusTotal and determined that it had run inside the networks of 36 organizations. They still don't know how the backdoor got installed.

Earth

Misinformation and Cyberespionage Top WEF's Global Risks Report 2025 22

The World Economic Forum's Global Risks Report 2025 (PDF) highlights misinformation as the top global risk due to generative AI tools and state-sponsored campaigns undermining democratic systems, while cyberespionage ranks as a persistent threat with inadequate cyber resilience, especially among small organizations. From a report: The manipulation of information through gen AI and state-sponsored campaigns is disrupting democratic systems and undermining public trust in critical institutions. Efforts to combat this risk have a "formidable opponent" in gen AI-created false or misleading content that can be produced and distributed at scale, the report warned. Misinformation campaigns in the form of deepfakes, synthetic voice recordings or fabricated news stories are now a leading mechanism for foreign entities to influence "voter intentions, sow doubt among the general public about what is happening in conflict zones, or tarnish the image of products or services from another country." This is especially acute in India, Germany, Brazil and the United States.

Concern remains especially high following a year of the so-called "super elections," which saw heightened state-sponsored campaigns designed to manipulate public opinion. But while it has become increasingly difficult to distinguish AI-generated fake content from human-generated one, AI technologies, in itself, is low in WEF's risk ranking. In fact, it has declined in the two-year outlook, from 29 in last year's report to 31 this year.

Cyberespionage and warfare continue to be a reason for unease for most organizations, ranked fifth in the global risk landscape. According to the report, one in three CEOs cited cyberespionage and intellectual property theft as their top concerns in 2024. Seventy-one percent of chief risk officers say cyber risk and criminal activity such as money laundering and cybercrime could severely impact their organizations, while 45% of cyber leaders are concerned about disruption of operations and business processes, according to WEF's Global Cybersecurity Outlook 2025 report. The rising likelihood of threat actor activity and sophisticated technological disruption is listed as immediate concerns among security leaders.
AI

Developer Creates Infinite Maze That Traps AI Training Bots 87

An anonymous reader quotes a report from 404 Media: A pseudonymous coder has created and released an open source "tar pit" to indefinitely trap AI training web crawlers in an infinitely, randomly-generating series of pages to waste their time and computing power. The program, called Nepenthes after the genus of carnivorous pitcher plants which trap and consume their prey, can be deployed by webpage owners to protect their own content from being scraped or can be deployed "offensively" as a honeypot trap to waste AI companies' resources.

"It's less like flypaper and more an infinite maze holding a minotaur, except the crawler is the minotaur that cannot get out. The typical web crawler doesn't appear to have a lot of logic. It downloads a URL, and if it sees links to other URLs, it downloads those too. Nepenthes generates random links that always point back to itself -- the crawler downloads those new links. Nepenthes happily just returns more and more lists of links pointing back to itself," Aaron B, the creator of Nepenthes, told 404 Media. "Of course, these crawlers are massively scaled, and are downloading links from large swathes of the internet at any given time," they added. "But they are still consuming resources, spinning around doing nothing helpful, unless they find a way to detect that they are stuck in this loop."
You can try Nepenthes via this link (it loads slowly and links endlessly on purpose).
China

DHS Terminates All Its Advisory Committees, Ending Its Investigation Into Chinese Telecom Hack (arstechnica.com) 144

An anonymous reader quotes a report from Ars Technica: The Department of Homeland Security has terminated all members of advisory committees, including one that has been investigating a major Chinese hack of large US telecom firms. "The Cyber Safety Review Board -- a Department of Homeland Security investigatory body stood up under a Biden-era cybersecurity executive order to probe major cybersecurity incidents -- has been cleared of non-government members as part of a DHS-wide push to cut costs under the Trump administration, according to three people familiar with the matter," NextGov/FCW reported yesterday.

A memo sent Monday by DHS Acting Secretary Benjamine Huffman said that in order to "eliminate[e] the misuse of resources and ensur[e] that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately. Future committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS's strategic priorities." The memo said advisory board members terminated this week "are welcome to reapply." The Cyber Safety Review Board's list of members included security experts from the private sector and lead cybersecurity officials from multiple government agencies.
"The CSRB was 'less than halfway' done with its Salt Typhoon investigation, according to a now-former member," wrote freelance cybersecurity reporter Eric Geller, who quoted an anonymous source as saying the Cyber Safety Review Board's review of Salt Typhoon is "dead." The former member was also quoted as saying, "There are still professional staff for the CSRB and I hope they will continue some of the work in the interim."

The Cyber Safety Review Board operates under (PDF) the DHS's Cybersecurity and Infrastructure Security Agency (CISA), notes Ars. The review board previously investigated a 2023 hack of Microsoft Exchange Online and more recently has been investigating how the Chinese hacking group called Salt Typhoon infiltrated major telecom providers such as Verizon and AT&T.

Slashdot Top Deals