An anonymous reader quotes a report from Ars Technica: Teleperformance, one of the world's largest call center companies, is reportedly requiring some employees to consent to video monitoring in their homes. Employees in Colombia told NBC News that their new contract granted the company the right to use AI-powered cameras to observe and record their workspaces. The contract also requires employees to share biometric data like fingerprints and photos of themselves, and workers have to agree to share data and images that may include children under 18.

Teleperformance employs over 380,000 people in 83 countries to provide call center services for a range of companies, including Amazon, Apple, and Uber. A company spokesperson told NBC that it is "constantly looking for ways to enhance the Teleperformance Colombia experience for both our employees and our customers, with privacy and respect as key factors in everything we do." Amazon and Apple said that they did not ask Teleperformance for this extra monitoring, and an Apple spokesperson said the company forbids video monitoring of employees by suppliers. A recent Apple audit reportedly found Teleperformance in compliance with this requirement. But Uber apparently requested the ability to monitor some workers. Uber said it wouldn't observe the entire workforce, but the company did not specify which employees would be subject to the new policies. The ride sharing company asked for the monitoring of Teleperformance's remote employees because call center staff have access to customers credit cards and trip details, an Uber spokesperson told NBC News.

Facebook's decision to close accounts connected to a misinformation research project last week prompted a broad outcry from the company's critics -- and now Congress is getting involved. From a report: A handful of lawmakers criticized the decision at the time, slamming Facebook for being hostile toward efforts to make the platform's opaque algorithms and ad targeting methods more transparent. Researchers believe that studying those hidden systems is crucial work for gaining insight on the flow of political misinformation.

The company specifically punished two researchers with NYU's Cybersecurity for Democracy project who work on Ad Observer, an opt-in browser tool that allows researchers to study how Facebook targets ads to different people based on their interests and demographics. In a new letter, embedded below, a trio of Democratic senators are pressing Facebook for more answers. Senators Amy Klobuchar (D-MN), Chris Coons (D-DE) and Mark Warner (D-VA) wrote to Facebook CEO Mark Zuckerberg asking for a full explanation on why the company terminated the researcher accounts and how they violated the platform's terms of service and compromised user privacy. The lawmakers sent the letter on Friday.

Routers and modems running a version of the Arcadyan firmware, including devices from ASUS, Orange, Vodafone, and Verizon, are currently under attack from a threat actor attempting to ensnare the devices into their DDoS botnet. From a report: First spotted by security firm Bad Packets earlier this week and confirmed by Juniper Labs on Friday, the attacks are exploiting a vulnerability tracked as CVE-2021-20090.

Discovered by Tenable security researcher Evan Grant earlier this year, the vulnerability resides in the firmware code produced by Taiwanese tech firm Arcadyan. Grant says the vulnerability has existed in the code for at least ten years and has made its way into the firmware of at least 20 router and modem models sold by 17 different vendors, which based their products on a white-label version of old Arcadyan devices. The list of affected devices includes some of today's biggest router vendors and internet service providers, such as ASUS, Orange, Vodafone, Telstra, Verizon, Deutsche Telekom, British Telecom, and many others.

"Someone claiming to work with one of the most notorious ransomware gangs says they're fed up with how extortion money is divvied up and has leaked a host of the gang's files on a hacker forum," reports NBC News: The files, posted to a forum frequented by Russian-speaking cybercriminals and reviewed by NBC News, include numerous instruction manuals allegedly belonging to Conti, a Russian-speaking hacker group that has attacked several hospitals, including health care chains in the U.S., and Ireland's national system, the Health Service Executive... The leak appears authentic, said Allan Liska, a ransomware analyst at the cybersecurity company Recorded Future, as it describes the attacks as coming from the same servers that his company already tracked as Conti. Some of the files show IP addresses Conti used for Cobalt Strike attacks, which Recorded Future had seen before...

The leak shows how much of Conti's operations are apparently contracted out from principal gang members to affiliate hackers, a relationship that can grow sour. "What's interesting to me about this is how much of it is scripted," Liska said...

In their post leaking the files, the user, whose role in Conti's operation has been to find vulnerabilities in potential victims' networks, complained that those at the top of the gang took too large a percentage of the extortion money. "They recruit suckers and divide the money among themselves," the user posted in Russian.