An anonymous reader quotes a report from CNN: A group of teenage hackers managed to breach some of the world's biggest tech firms last year by exploiting systemic security weaknesses in US telecom carriers and the business supply chain, a US government review of the incidents has found, in what is a cautionary tale for America's critical infrastructure. The Department of Homeland Security-led review of the hacks, which was shared exclusively with CNN, determined US regulators should penalize telecom firms with lax security practices and Congress should consider funding programs to steer American youth away from cybercrime. The investigation of the hacks -- which hit companies like Microsoft and Samsung -- found that, in general, it was far too easy for the cybercriminals to intercept text messages that corporate employees use to log into systems. [...]

"It is highly concerning that a loose band of hackers, including a number of teenagers, was able to consistently break into the best-defended companies in the world," Homeland Security Secretary Alejandro Mayorkas told CNN in an interview, adding: "We are seeing a rise in juvenile cybercrime." After a series of high-profile cyberattacks marked his first four months in office, President Joe Biden established the DHS-led Cyber Safety Review Board in 2021 to study the root causes of major hacking incidents and inform policy on how to prevent the next big cyberattack. Staffed by senior US cybersecurity officials and executives at major technology firms like Google, the board does not have regulatory authority, but its recommendations could shape legislation in Congress and future directives from federal agencies. [...]

The board's first review, released in July 2022, concluded that it could take a decade to eradicate a vulnerability in software used by thousands of corporations and government agencies worldwide. The second review, to be released Thursday, focused on a band of young criminal hackers based in the United Kingdom and Brazil that last year launched a series of attacks on Microsoft, Uber, Samsung and identity management firm Okta, among others. The audacious hacks were often followed by extortion demands and taunts by hackers who seemed to be out for publicity as much as they were for money. The hacking group, known as Lapsus$, alarmed US officials because they were able to embarrass major tech firms with robust security programs. "If richly resourced cybersecurity programs were so easily breached by a loosely organized threat actor group, which included several juveniles, how can organizations expect their programs to perform against well-resourced cybercrime syndicates and nation-state actors?" the Cyber Safety Review Board's new report states. Lapsus$, as well as other hacking groups, conduct "SIM-swapping" attacks that can take over a victim's phone number by having it transferred to another device, thereby gaining access to 2FA security codes and personal messages. These can then be used to reveal login credentials and access financial information.

"The board wants telecom carriers to report SIM-swapping attacks to US regulatory agencies, and for those agencies to penalize carriers when they don't adequately protect customers from such attacks," reports CNN.

SanDisk's silence this week has been deafening. Its portable SSDs are being lambasted as users and tech publications call for them to be pulled. From a report: The recent scrutiny of the drives follows problems from this spring when users, including an Ars Technica staff member, saw Extreme-series portable SSDs wipe data and become unmountable. A firmware update was supposed to fix things, but new complaints dispute its effectiveness. SanDisk has stayed mum on recent complaints and hasn't explained what caused the problems.

In May, Ars Technica reported on SanDisk Extreme V2 and Extreme Pro V2 SSDs wiping data before often becoming unreadable to the user's system. At least four months of complaints had piled up by then, including on SanDisk's forums and all over Reddit. Even Ars' Lee Hutchinson fell victim to the faulty drives. Two whole Extreme Pros died on him. Both times they filled about 50 percent and then showed a bunch of read and write errors. Upon disconnecting and reconnecting, the drive was unformatted and wiped, and he could not fix either drive by wiping and reformatting. When Ars reached out to SanDisk about the problem in May, it didn't answer most of our questions about why these problems happened (and, oddly, excluded certain models we saw affected when naming which models were affected).

Amid the flood of big tech layoffs, entry to Y Combinator has become the most competitive it's ever been. From a report: Silicon Valley's premier business incubator has received 44,000 applications so far this year, the most ever, and the acceptance rate for its summer batch was less than 1%, the lowest in the organization's history. Garry Tan, the president and chief executive officer of Y Combinator, said he anticipates "little tech" will thrive even in a turbulent economy. Cuts at big tech companies have unshackled people to work on important, new companies, Tan said on this week's episode of The Circuit with Emily Chang. "I think a lot of large companies started treating their employee base almost as a place to park resources and almost as a competitive moat versus the other giants," he said.

"The amount of talent that was locked up in cushy jobs,â Tan said, "I'm hoping a lot of them actually come over to startups, and they realize, oh, this is what it's like to run fast again." Tan stepped into the top job at Y Combinator in January, succeeding co-founder Paul Graham and Sam Altman, who went on to help start OpenAI. Tan himself was accepted to the incubator as a founder in 2008, the same year Mark Zuckerberg attended the accelerator's regular "demo day" where Jeff Bezos announced Amazon Web Services.

Amazon is jettisoning dozens of its in-house brands as part of a significant reduction of its private-label operation as it works to fend off antitrust scrutiny and shore up profit. From a report: The Seattle-based company in the past year has decided to eliminate 27 of its 30 clothing brands, such as Lark & Ro, Daily Ritual and Goodthreads, according to people familiar with the matter. Some of the brands remain on Amazon's site for now as the company sells off remaining inventory, but when completed its house-label clothing division will have just three brands: Amazon Essentials, Amazon Collection and Amazon Aware.

Amazon also is dropping private-label furniture, phasing out its Rivet and Stone & Beam brands once its stock of those items are gone, some of the people said. Exact numbers for brands being cut in other parts of the business couldn't be learned, but Amazon Basics, which sells a range of home goods and tech accessories, will remain a focus for the company.

An anonymous reader quotes a report from the Associated Press: President Joe Biden signed an executive order Wednesday to block and regulate high-tech U.S.-based investments going toward China -- a move the administration said was targeted but it also reflected an intensifying competition between the world's two biggest powers. The order covers advanced computer chips, micro electronics, quantum information technologies and artificial intelligence. Senior administration officials said that the effort stemmed from national security goals rather than economic interests, and that the categories it covered were intentionally narrow in scope. The order seeks to blunt China's ability to use U.S. investments in its technology companies to upgrade its military while also preserving broader levels of trade that are vital for both nations' economies.

The officials previewing the order said that China has exploited U.S. investments to support the development of weapons and modernize its military. The new limits were tailored not to disrupt China's economy, but they would complement the export controls on advanced computer chips from last year that led to pushback by Chinese officials. The Treasury Department, which would monitor the investments, will announce a proposed rulemaking with definitions that would conform to the presidential order and go through a public comment process. The goals of the order would be to have investors notify the U.S. government about certain types of transactions with China as well as to place prohibitions on some investments. Officials said the order is focused on areas such as private equity, venture capital and joint partnerships in which the investments could possibly give countries of concern such as China additional knowledge and military capabilities. The Chinese Ministry of Commerce responded in a statement early Thursday that it has "serious concern" about the order and "reserves the right to take measures."

"We hope the U.S. side respects the laws of the market economy and the principle of fair competition, does not artificially obstruct global economic and trade exchanges and cooperation and does not put up obstacles for the recovery and growth of the world economy."

The Chinese Ministry of Commerce also said the executive order "seriously deviates from the market economy and fair competition principles the United States has always advocated. It affects the normal business decisions of enterprises, disrupts the international economic and trade order and seriously disrupts the security of global industrial and supply chains."

A recent comprehensive study reveals that automated bots are substantially more efficient than humans at cracking Captcha tests, a widely used security measure on over 100 popular websites. The Independent reports: In the study, scientists assessed 200 of the most popular websites and found 120 still used Captcha. They took the help of 1,000 participants online from diverse backgrounds -- varying in location, age, sex and educational level -- to take 10 captcha tests on these sites and gauge their difficulty levels. Researchers found many bots described in scientific journals could beat humans at these tests in both speed and accuracy.

Some Captcha tests took human participants between nine and 15 seconds to solve, with an accuracy of about 50 to 84 per cent, while it took the bots less than a second to crack them, with up to near perfection. "The bots' accuracy ranges from 85-100 per cent, with the majority above 96 per cent. This substantially exceeds the human accuracy range we observed (50-85 per cent)," scientists wrote in the study. They also found that the bots' solving times are "significantly lower" or nearly the same as humans in almost all cases.