Month: July 2023
FBI investigation reveals that it was unknowingly using NSO-backed spyware
A New York Times investigation uncovered earlier this year that the US government used spyware made by Israeli hacking firm NSO. Now, after an FBI investigation into who was using the tech, the department uncovered a confusing answer: itself, according to the New York Times on Monday. Since 2021, the Biden administration has taken steps toward parting ways with NSO, given the firm’s reputation for shady tools like Pegasus that lets governments discreetly download personal information from hacked phones without the user’s knowledge. But even after the president signed an executive order banning commercial spyware in March, an FBI contractor used NSO’s geolocation product Landmark to track the locations of targets in Mexico. The FBI had inked a deal with telecommunications firm Riva Networks to track drug smugglers in Mexico, according to TheTimes. The spyware let US officials track mobile phones because of existing security gaps in the country’s cellphone networks. While the FBI says it was misled by Riva Networks into using the tech, and has since terminated the contract, people with direct knowledge of the situation said the FBI used the spyware as recently this year. This isn’t the FBI’s first run in with NSO and its spyware tools. Prior to the executive order banning the products for government use, the agency considered using Pegasus to aid in its criminal investigations. Spyware generally gained a bad reputation for its use to surveil citizens and suppress political dissent, with NSO considered one of the largest in the business. This article originally appeared on Engadget at https://www.engadget.com/fbi-investigates-use-of-nso-spyware-pegasus-landmark-163949655.html?src=rss
A New York Times investigation uncovered earlier this year that the US government used spyware made by Israeli hacking firm NSO. Now, after an FBI investigation into who was using the tech, the department uncovered a confusing answer: itself, according to the New York Times on Monday.
Since 2021, the Biden administration has taken steps toward parting ways with NSO, given the firm’s reputation for shady tools like Pegasus that lets governments discreetly download personal information from hacked phones without the user’s knowledge. But even after the president signed an executive order banning commercial spyware in March, an FBI contractor used NSO’s geolocation product Landmark to track the locations of targets in Mexico.
The FBI had inked a deal with telecommunications firm Riva Networks to track drug smugglers in Mexico, according to TheTimes. The spyware let US officials track mobile phones because of existing security gaps in the country’s cellphone networks. While the FBI says it was misled by Riva Networks into using the tech, and has since terminated the contract, people with direct knowledge of the situation said the FBI used the spyware as recently this year.
This isn’t the FBI’s first run in with NSO and its spyware tools. Prior to the executive order banning the products for government use, the agency considered using Pegasus to aid in its criminal investigations. Spyware generally gained a bad reputation for its use to surveil citizens and suppress political dissent, with NSO considered one of the largest in the business.
This article originally appeared on Engadget at https://www.engadget.com/fbi-investigates-use-of-nso-spyware-pegasus-landmark-163949655.html?src=rss
Video: 15 Hidden iOS 17 Features You Need to Know About
Along with major additions like StandBy mode, Live Voicemail, Contact Posters, and NameDrop, there are dozens if not hundreds of smaller, lesser known features that Apple is adding in iOS 17.
Subscribe to the MacRumors YouTube channel for more videos.
In our latest YouTube video, we rounded up a list of 15 features in iOS 17 that you might not know about, from changes to Visual Look Up to AirTag sharing to new functionality in Messages, Reminders, and Photos. It can be hard to keep up with what’s been added in iOS 17, but we’re dedicated to making sure you don’t miss any iOS 17 changes.
Make sure to watch the video up above to see the features in action, and for even more on what’s new in iOS 17, we have a comprehensive iOS 17 roundup that outlines all of the changes coming in the update.Related Roundups: iOS 17, iPadOS 17Related Forums: iOS 17, iPadOS 17This article, “Video: 15 Hidden iOS 17 Features You Need to Know About” first appeared on MacRumors.comDiscuss this article in our forums
Along with major additions like StandBy mode, Live Voicemail, Contact Posters, and NameDrop, there are dozens if not hundreds of smaller, lesser known features that Apple is adding in iOS 17.
In our latest YouTube video, we rounded up a list of 15 features in iOS 17 that you might not know about, from changes to Visual Look Up to AirTag sharing to new functionality in Messages, Reminders, and Photos. It can be hard to keep up with what’s been added in iOS 17, but we’re dedicated to making sure you don’t miss any iOS 17 changes.
Make sure to watch the video up above to see the features in action, and for even more on what’s new in iOS 17, we have a comprehensive iOS 17 roundup that outlines all of the changes coming in the update.
This article, “Video: 15 Hidden iOS 17 Features You Need to Know About” first appeared on MacRumors.com
Discuss this article in our forums
SEC sues crypto influencer for allegedly buying sports cars and a rare black diamond with investor funds
Image: Richard Heart via YouTube
Crypto influencer Richard Heart is facing a lawsuit from the Securities and Exchange Commission over claims he used “at least” $12 million in proceeds from his crypto products to buy luxury products. That includes the purchase of sports cars, luxury watches, and a 555-carat black diamond called The Enigma — supposedly the largest in the world.
Heart was born in the US and currently lives in Finland. He has operated a YouTube channel since 2017, where he promotes his own crypto products, including the Hex token and its sister product PulseChain, which operates on the PulseX protocol.
In its lawsuit, the SEC alleges Heart raised over $1 billion through his unregistered Hex, PulseChain, and PulseX crypto securities. According to the SEC, Heart marketed his products as “a pathway to grandiose wealth for investors” and espoused claims that Hex “was built to be the highest appreciating asset that has ever existed in the history of man.”
Today we charged Richard Heart (aka Richard Schueler) and three unincorporated entities that he controls, Hex, PulseChain, and PulseX, with conducting unregistered offerings of crypto asset securities that raised more than $1 billion in crypto assets from investors.— U.S. Securities and Exchange Commission (@SECGov) July 31, 2023
While Heart said the investments in his products were for promoting “free speech,” the SEC claims he never revealed that he actually spent “millions of dollars of PulseChain investor funds to buy luxury goods for himself.” Some of those purchases include a $534,916 McLaren sports car, a $314,125 Ferrari Roma, and a $1.38 million Rolex watch. In February 2022, he allegedly spent $5 million of investors’ assets to purchase The Enigma.
Additionally, the lawsuit states that from December 2019 to November 2019, Heart accepted over 2.3 million Ethereum valued at around $678 million in exchange for Hex tokens. However, the SEC claims 94 to 97 percent of these ETH deposits were “recycling” transactions that allowed Heart and other insiders to control “a large number of Hex tokens” while also “creating the false impression of significant trading volume and organic demand.”
“Heart called on investors to buy crypto asset securities in offerings that he failed to register. He then defrauded those investors by spending some of their crypto assets on exorbitant luxury goods,” said Eric Werner, the director of the SEC’s Fort Worth regional office. “This action seeks to protect the investing public and hold Heart accountable for his actions.”
This follows a wave of lawsuits from the SEC that have unfolded over the past several months. In addition to a lawsuit against Binance and its CEO Changpeng Zhao, the SEC is also taking action against Coinbase and Tron founder Justin Sun. Out of all these lawsuits, though, this one stands out for the sheer amount of luxury items that Heart (allegedly) spent investors’ funds on.
Image: Richard Heart via YouTube
Crypto influencer Richard Heart is facing a lawsuit from the Securities and Exchange Commission over claims he used “at least” $12 million in proceeds from his crypto products to buy luxury products. That includes the purchase of sports cars, luxury watches, and a 555-carat black diamond called The Enigma — supposedly the largest in the world.
Heart was born in the US and currently lives in Finland. He has operated a YouTube channel since 2017, where he promotes his own crypto products, including the Hex token and its sister product PulseChain, which operates on the PulseX protocol.
In its lawsuit, the SEC alleges Heart raised over $1 billion through his unregistered Hex, PulseChain, and PulseX crypto securities. According to the SEC, Heart marketed his products as “a pathway to grandiose wealth for investors” and espoused claims that Hex “was built to be the highest appreciating asset that has ever existed in the history of man.”
Today we charged Richard Heart (aka Richard Schueler) and three unincorporated entities that he controls, Hex, PulseChain, and PulseX, with conducting unregistered offerings of crypto asset securities that raised more than $1 billion in crypto assets from investors.
— U.S. Securities and Exchange Commission (@SECGov) July 31, 2023
While Heart said the investments in his products were for promoting “free speech,” the SEC claims he never revealed that he actually spent “millions of dollars of PulseChain investor funds to buy luxury goods for himself.” Some of those purchases include a $534,916 McLaren sports car, a $314,125 Ferrari Roma, and a $1.38 million Rolex watch. In February 2022, he allegedly spent $5 million of investors’ assets to purchase The Enigma.
Additionally, the lawsuit states that from December 2019 to November 2019, Heart accepted over 2.3 million Ethereum valued at around $678 million in exchange for Hex tokens. However, the SEC claims 94 to 97 percent of these ETH deposits were “recycling” transactions that allowed Heart and other insiders to control “a large number of Hex tokens” while also “creating the false impression of significant trading volume and organic demand.”
“Heart called on investors to buy crypto asset securities in offerings that he failed to register. He then defrauded those investors by spending some of their crypto assets on exorbitant luxury goods,” said Eric Werner, the director of the SEC’s Fort Worth regional office. “This action seeks to protect the investing public and hold Heart accountable for his actions.”
This follows a wave of lawsuits from the SEC that have unfolded over the past several months. In addition to a lawsuit against Binance and its CEO Changpeng Zhao, the SEC is also taking action against Coinbase and Tron founder Justin Sun. Out of all these lawsuits, though, this one stands out for the sheer amount of luxury items that Heart (allegedly) spent investors’ funds on.
eBay Workers Fight Back Against Union-busting Tactics
In recent months, eBay has found itself embroiled in a heated battle with its first union, the TCG Union-CWA. What
The post eBay Workers Fight Back Against Union-busting Tactics appeared first on ReadWrite.
In recent months, eBay has found itself embroiled in a heated battle with its first union, the TCG Union-CWA. What started as a hopeful victory for workers has quickly turned into a struggle for recognition and fair treatment. In this article, we will delve into the details of the ongoing conflict, examining the unfair labor complaints filed against eBay and TCGplayer, and shedding light on the tactics employed to undermine the union. Let’s explore the events leading up to this clash and the challenges faced by the TCG Union-CWA.
The seeds of the TCG Union-CWA were sown in 2020 when workers at TCGplayer, an online marketplace for collectible card games, were set to vote on unionization. Promises of improved benefits and better pathways to promotion were made by TCGplayer management in an attempt to dissuade the workers from unionizing. Despite these promises, the union vote was eventually withdrawn, and workers were left waiting for the changes they had been promised.
Fast forward to March of this year, when the majority of TCGplayer workers voted in favor of the TCG Union-CWA representing them. However, eBay and TCGplayer immediately filed several appeals challenging the election, refusing to recognize the union and effectively stalling the negotiation process. This refusal to acknowledge the certified union has left workers frustrated and powerless, as their voices are being disregarded by the very company they helped build.
Briana Thomas, a member of the TCG Union-CWA organizing committee, expressed her concerns about eBay and TCGplayer’s refusal to engage in negotiations: “They have refused to give us our rights to status quo. Our Weingarten rights. They refuse to recognize us as a union. They refuse to acknowledge the fact that [the union has] been certified even if we present them with certification.”
To further erode union support, eBay and TCGplayer have resorted to intimidation tactics and legal challenges. Littler Mendelson, a notorious anti-union law firm known for its work against organizers at Starbucks and Apple, has been retained by eBay and TCGplayer. This move has raised concerns among union members, who have faced captive audience meetings and the demonization of those who support the union.
Thomas recounted the hostile atmosphere created by eBay and TCGplayer: “We had to deal with them quite literally demonizing those of us that wanted the union. They told us to call the cops on our coworkers if they made us feel uncomfortable. They spread lies about how we were showing up at people’s houses and harassing them. They tried to perpetuate this idea that we were doing this maliciously.”
The unfair labor complaints filed against eBay and TCGplayer highlight the extent of the companies’ violations. These complaints include:
Refusal to Recognize and Bargain: eBay and TCGplayer have refused to recognize the union and engage in collective bargaining, denying workers their right to negotiate for fair contracts.
Lack of Information Disclosure: The companies have failed to provide relevant information requested by the union during the bargaining process, hindering the progress towards a resolution.
Violation of Weingarten Rights: Employees have been denied their Weingarten rights, which grant them the right to have a union representative present during investigatory meetings that may result in disciplinary action.
Unilateral Changes to Employment Terms: eBay and TCGplayer have implemented unilateral changes to various terms and conditions of employment without negotiating with the union, violating the established status quo rules.
The ongoing battle between eBay and the TCG Union-CWA has taken a toll on the workers. Briana Thomas emphasized the growing anger and fear among the employees: “People are getting angry. They’re angry because they’re afraid. We are afraid that they are going to continue drawing this out.” With the constant changes at work, the loss of sick time, and the absence of cost-of-living raises for three years, workers are struggling to maintain their livelihoods and a sense of security.
As labor movements in the gaming industry gain momentum, the struggle of the TCG Union-CWA serves as a reminder that winning a union election is just the first step. The ultimate goal of a union is to secure a collective bargaining agreement that ensures fair treatment for workers. However, eBay and TCGplayer’s refusal to recognize the union and engage in negotiations threatens the realization of this goal.
The Verge has reached out to eBay and TCGplayer for comment, but their response and the future of the TCG Union-CWA remain uncertain. The outcome of this battle will not only impact the workers at TCGplayer but also set a precedent for labor movements in the gaming industry as a whole.
The conflict between eBay and the TCG Union-CWA highlights the challenges faced by workers in their pursuit of fair treatment and recognition. Despite winning a union election, eBay and TCGplayer have engaged in tactics to undermine the union, further exacerbating the struggles of the workers. The unfair labor complaints filed against the companies shed light on their disregard for workers’ rights and their unwillingness to negotiate in good faith. The outcome of this battle will shape the future of labor movements in the gaming industry, and workers are holding on to hope for a fair resolution.
First reported on The Verge
Frequently Asked Questions
1. What is the TCG Union-CWA, and how did it come about?
The TCG Union-CWA is the first union formed by workers at TCGplayer, an online marketplace for collectible card games. The seeds of the union were sown in 2020 when workers at TCGplayer were set to vote on unionization, seeking improved benefits and better pathways to promotion. Despite promises made by TCGplayer management, the union vote was withdrawn, leaving workers waiting for the changes they were promised.
2. When did the majority of TCGplayer workers vote in favor of the TCG Union-CWA?
In March of the year mentioned in the article, the majority of TCGplayer workers voted in favor of the TCG Union-CWA to represent them.
3. Why is there an ongoing conflict between eBay, TCGplayer, and the TCG Union-CWA?
After the workers voted in favor of union representation, eBay and TCGplayer filed several appeals challenging the election. This move has effectively stalled the negotiation process, as the companies refuse to recognize the certified union and engage in collective bargaining.
4. How have eBay and TCGplayer undermined union support?
To erode union support, eBay and TCGplayer have resorted to intimidation tactics and legal challenges. They have retained the services of Littler Mendelson, an anti-union law firm, which has raised concerns among union members. Workers have faced captive audience meetings and the demonization of those who support the union.
5. How has the conflict affected the workers at TCGplayer?
The ongoing battle between eBay and the TCG Union-CWA has taken a toll on the workers. Changes at work, loss of sick time, and the absence of cost-of-living raises for three years have left workers struggling to maintain their livelihoods and a sense of security. This has led to growing anger and fear among employees.
6. What is the ultimate goal of the TCG Union-CWA?
The ultimate goal of the TCG Union-CWA, like any union, is to secure a collective bargaining agreement that ensures fair treatment and benefits for workers.
7. What is the significance of this conflict for the gaming industry labor movements?
This conflict sets a precedent for labor movements in the gaming industry. It highlights the challenges workers face in their pursuit of fair treatment and recognition. The outcome will have implications not only for the workers at TCGplayer but also for labor movements in the gaming industry as a whole.
8. Has there been any response from eBay and TCGplayer regarding the conflict?
The article mentions that The Verge reached out to eBay and TCGplayer for comment, but their response and the future of the TCG Union-CWA remain uncertain.
9. How can the conflict be resolved?
To resolve the conflict, eBay and TCGplayer must recognize the certified union and engage in good faith negotiations with the TCG Union-CWA to address the workers’ concerns and reach a fair resolution.
Featured Image Credit: Unsplash
The post eBay Workers Fight Back Against Union-busting Tactics appeared first on ReadWrite.
Kevin Systrom talks AI and his post-Instagram social app at TechCrunch Disrupt 2023
When Kevin Systrom and Mike Krieger co-founded Instagram in 2010, they basically invented photo-based social networking in the modern mobile era. Fast-forward to 2012 and a $1 billion acquisition by Facebook — and then again to 2018 when Systrom stepped down to research his next company. That’s one heck of an eight-year ride. Fast-forward once
When Kevin Systrom and Mike Krieger co-founded Instagram in 2010, they basically invented photo-based social networking in the modern mobile era. Fast-forward to 2012 and a $1 billion acquisition by Facebook — and then again to 2018 when Systrom stepped down to research his next company.
That’s one heck of an eight-year ride.
Fast-forward once more to early 2023 when Systrom and Krieger launched their new app, Artifact, a personalized news reader. A rather surprising move considering the plethora of competing news readers and a struggling online news industry plagued by unbridled misinformation.
We have so many questions, which is why we are thrilled that Kevin Systrom will join us for a fireside chat on the Disrupt Stage at TechCrunch Disrupt 2023, which runs from September 19–21 in San Francisco.
Clearly not one to shrink from a challenge, Systrom aims to make the news industry a place where creators and audiences alike can come together around topics and content they love in a sustainable way with a focus on quality and integrity.
Artifact’s underlying technology incorporates the latest advances in machine learning and artificial intelligence — key differentiators, according to Systrom. We definitely want to hear more about AI’s role, both in his app and in the media landscape at large. We’re looking forward to hearing his take on how the media landscape is evolving — or should be. We’re also curious about why Systrom believes there’s new ground left to tread around published content when it comes to journalists, audiences and community.
Don’t miss this conversation about the future of news and social media with the co-founder behind one of the world’s most iconic social apps.
Kevin Systrom: Artifact co-founder and CEO; Instagram co-founder
Kevin Systrom, an American entrepreneur, started his career as an intern at Odeo, which later became Twitter. Systrom then worked on various consumer teams at Google and in quantitative marketing.
Systrom and Mike Krieger created Instagram, and within a few years, the app had hundreds of millions of users. In January 2023, Systrom launched Artifact, a personalized news and content reading application driven by the latest advances in machine learning.
Systrom is passionate about the next chapter of social media being driven by artificial intelligence and has dedicated the last few years to building this company. Systrom graduated from Stanford University with a degree in management science and engineering.
You’ll find conversations with tech’s leading luminaries — including Shaquille O’Neal — on the Disrupt Stage. We’ll announce the stage agenda soon, so check back for updates. Don’t forget to take a look at our six new stages for six breakthrough sectors at Disrupt.
TechCrunch Disrupt 2023 takes place on September 19–21 in San Francisco. Buy your pass now and save up to $600. Student and nonprofit passes are available for just $195. Prices increase August 11.
Is your company interested in sponsoring or exhibiting at TechCrunch Disrupt 2023? Contact our sponsorship sales team by filling out this form.
‘Minecraft’ mod exploit lets hackers control your device
You might want to run antivirus tools if you use certain Minecraft mods. The MMPA security community has learned that hackers are exploiting a “BleedingPipe” flaw in the Forge framework powering numerous mods, including some versions of Astral Sorcery, EnderCore and Gadomancy. If one of the game tweaks is running on Forge 1.7.10/1.12.2, intruders can remotely control both servers and gamers’ devices. In one case, an attacker was using a new exploit variant to breach a Minecraft server and steal both Discord chatters’ credentials as well as players’ Steam session cookies.As Bleeping Computerexplains, BleedingPipe relies on incorrect deserialization for a class in the Java code powering the mods. Users just have to send special network traffic to a server to take control. The first evidence of BleedingPipe attacks surfaced in March 2022 and were quickly patched by modders, but MMPA understands most servers running the mods haven’t updated.We’ve asked Mojang parent company Microsoft for comment. It’s not responsible for Forge, so the tech giant can’t necessarily stop or limit the damage. You won’t be affected if you use stock Minecraft or stick to single-player sessions.The full scope of the vulnerability isn’t clear. While there are 46 mods known to fall prey to BleedingPipe as of this writing, there’s the potential for considerably more. Users are asked to scan their systems (including their Minecraft folder) for malware. Server operators, meanwhile, are urged to either update mods or stop running them entirely. MMPA also has a PipeBlocker mod that protects everyone involved, although mod packs may cause problems if the mods haven’t been updated.This article originally appeared on Engadget at https://www.engadget.com/minecraft-mod-exploit-lets-hackers-control-your-device-162231445.html?src=rss
You might want to run antivirus tools if you use certain Minecraft mods. The MMPA security community has learned that hackers are exploiting a “BleedingPipe” flaw in the Forge framework powering numerous mods, including some versions of Astral Sorcery, EnderCore and Gadomancy. If one of the game tweaks is running on Forge 1.7.10/1.12.2, intruders can remotely control both servers and gamers’ devices. In one case, an attacker was using a new exploit variant to breach a Minecraft server and steal both Discord chatters’ credentials as well as players’ Steam session cookies.
As Bleeping Computerexplains, BleedingPipe relies on incorrect deserialization for a class in the Java code powering the mods. Users just have to send special network traffic to a server to take control. The first evidence of BleedingPipe attacks surfaced in March 2022 and were quickly patched by modders, but MMPA understands most servers running the mods haven’t updated.
We’ve asked Mojang parent company Microsoft for comment. It’s not responsible for Forge, so the tech giant can’t necessarily stop or limit the damage. You won’t be affected if you use stock Minecraft or stick to single-player sessions.
The full scope of the vulnerability isn’t clear. While there are 46 mods known to fall prey to BleedingPipe as of this writing, there’s the potential for considerably more. Users are asked to scan their systems (including their Minecraft folder) for malware. Server operators, meanwhile, are urged to either update mods or stop running them entirely. MMPA also has a PipeBlocker mod that protects everyone involved, although mod packs may cause problems if the mods haven’t been updated.
This article originally appeared on Engadget at https://www.engadget.com/minecraft-mod-exploit-lets-hackers-control-your-device-162231445.html?src=rss