Russian Email Domains Target US Polling Sites with Bomb Threats, FBI Says

The FBI warned on Tuesday that polling stations across multiple U.S. states received fake bomb threats sent from Russian email domains, forcing brief evacuations at two voting sites in Georgia’s Fulton County.

The threats, which targeted locations in Georgia, Michigan, and Wisconsin, have not been deemed credible, the FBI said in a statement. The evacuated Fulton County sites reopened after 30 minutes, prompting local officials to seek extended voting hours beyond the 7 p.m. ET deadline.

The incidents follow Friday’s joint intelligence warning from the FBI, ODNI, and CISA about Russian-created fake videos aimed at undermining election integrity. The agencies also reported Russian actors are spreading false claims about planned election fraud by U.S. officials.

Read more of this story at Slashdot.

The FBI warned on Tuesday that polling stations across multiple U.S. states received fake bomb threats sent from Russian email domains, forcing brief evacuations at two voting sites in Georgia’s Fulton County.

The threats, which targeted locations in Georgia, Michigan, and Wisconsin, have not been deemed credible, the FBI said in a statement. The evacuated Fulton County sites reopened after 30 minutes, prompting local officials to seek extended voting hours beyond the 7 p.m. ET deadline.

The incidents follow Friday’s joint intelligence warning from the FBI, ODNI, and CISA about Russian-created fake videos aimed at undermining election integrity. The agencies also reported Russian actors are spreading false claims about planned election fraud by U.S. officials.

Read more of this story at Slashdot.

Read More 

The Internet Archive’s Wayback Machine is fully back in action with saving pages

The Internet Archive is continuing the recovery process after a series of DDoS attacks that took down its servers in early October. On Monday, the nonprofit digital library posted on X that its ‘Save Page Now’ service has been restored to the Wayback Machine.
Save Page Now is back online via the Wayback Machine: https://t.co/0x24WHlhAcWeb pages archived since October 9 will start being added to @waybackmachine. pic.twitter.com/fbQxXKSRL5— Internet Archive (@internetarchive) November 4, 2024
The Wayback Machine resumed operation in read-only mode on October 14; now users can upload new web pages to record their information and access them later. As the X post notes, the Wayback Machine will begin collecting web pages that have been archived since October 9 when the entire site was taken down.
The October DDoS attacks coincided with the Internet Archive’s move to disclose a data breach that saw more than 31 million records taken. Security researcher Troy Hunt, who runs the Have I Been Pwned? service for monitoring compromised accounts, said that the two actions against the Internet Archive were “entirely coincidental” and likely taken by “multiple parties.”This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/the-internet-archives-wayback-machine-is-fully-back-in-action-with-saving-pages-223736576.html?src=rss

The Internet Archive is continuing the recovery process after a series of DDoS attacks that took down its servers in early October. On Monday, the nonprofit digital library posted on X that its ‘Save Page Now’ service has been restored to the Wayback Machine.

Save Page Now is back online via the Wayback Machine: https://t.co/0x24WHlhAc

Web pages archived since October 9 will start being added to @waybackmachine. pic.twitter.com/fbQxXKSRL5

— Internet Archive (@internetarchive) November 4, 2024

The Wayback Machine resumed operation in read-only mode on October 14; now users can upload new web pages to record their information and access them later. As the X post notes, the Wayback Machine will begin collecting web pages that have been archived since October 9 when the entire site was taken down.

The October DDoS attacks coincided with the Internet Archive’s move to disclose a data breach that saw more than 31 million records taken. Security researcher Troy Hunt, who runs the Have I Been Pwned? service for monitoring compromised accounts, said that the two actions against the Internet Archive were “entirely coincidental” and likely taken by “multiple parties.”

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/the-internet-archives-wayback-machine-is-fully-back-in-action-with-saving-pages-223736576.html?src=rss

Read More 

RTO mandate was attempt at thwarting Grindr workers unionizing: US labor board

80 out of 120 workers trying to unionize reportedly quit due to RTO mandate.

The National Labor Relations Board (NLRB) is accusing Grindr of using a return-to-office (RTO) mandate in an attempt to block employee efforts to form a union.

On July 20, 2023, employees at the LGBTQ+ dating app announced plans to unionize. On August 3, 2023, Grindr told employees that they had two weeks to decide if they would start working in an office location two days per week or exit Grindr with six months of severance, per The New York Times, which reported that it saw the memo. Grindr also reportedly offered up to $15,000 for relocation expenses to its offices in New York, Chicago, Los Angeles, San Francisco, and Washington DC. Before the RTO mandate, Grindr allowed fully remote work.

Despite the announcement’s timing, Grindr said in August 2023 that it had been working on an RTO mandate for months and that employees were notified of this in early summer 2023, per the NYT. On August 4, 2023, the Communications Workers of America Union, which Grindr employees were working to join, filed a complaint with the NLRB.

Read full article

Comments

Read More 

Mozilla is eliminating its advocacy division, which fought for a free and open web

Illustration by Alex Castro / The Verge

The Mozilla Foundation laid off 30 percent of its workforce and completely eliminated its advocacy and global programs divisions, TechCrunch reports.
While Mozilla is best known for its Firefox web browser, the Mozilla Foundation — the parent of the Mozilla Corporation — describes itself as standing up “for the health of the internet.” With its advocacy and global programs divisions gone, its impact may be lessened going forward.
“The Mozilla Foundation is reorganizing teams to increase agility and impact as we accelerate our work to ensure a more open and equitable technical future for us all. That unfortunately means ending some of the work we have historically pursued and eliminating associated roles to bring more focus going forward,” Brandon Borrman, the Mozilla Foundation’s communications chief, said in an email to TechCrunch.
This is Mozilla’s second round of layoffs this year. In February, the Mozilla Corporation laid off around 60 workers said it would be making a “strategic correction” that would involve involve cutting back its work on a Mastodon instance. Mozilla shut down its virtual 3D platform and refocused its efforts on Firefox and AI. The Mozilla Foundation had around 120 employees before this more recent round of layoffs, according to TechCrunch.
In an email sent to all employees on October 30th, Nabhia Syed, the foundation’s executive director, said that the advocacy and global programs divisions “are no longer part of our structure.”
“Navigating this topsy-turvy, distracting time requires laser focus — and sometimes saying goodbye to the excellent work that has gotten us this far because it won’t get us to the next peak,” wrote Syed, who previously worked as the chief executive of The Markup, an investigative news site. “Lofty goals demand hard choices.”
The Mozilla Foundation did not immediately respond to The Verge’s request for comment.

Illustration by Alex Castro / The Verge

The Mozilla Foundation laid off 30 percent of its workforce and completely eliminated its advocacy and global programs divisions, TechCrunch reports.

While Mozilla is best known for its Firefox web browser, the Mozilla Foundation — the parent of the Mozilla Corporation — describes itself as standing up “for the health of the internet.” With its advocacy and global programs divisions gone, its impact may be lessened going forward.

“The Mozilla Foundation is reorganizing teams to increase agility and impact as we accelerate our work to ensure a more open and equitable technical future for us all. That unfortunately means ending some of the work we have historically pursued and eliminating associated roles to bring more focus going forward,” Brandon Borrman, the Mozilla Foundation’s communications chief, said in an email to TechCrunch.

This is Mozilla’s second round of layoffs this year. In February, the Mozilla Corporation laid off around 60 workers said it would be making a “strategic correction” that would involve involve cutting back its work on a Mastodon instance. Mozilla shut down its virtual 3D platform and refocused its efforts on Firefox and AI. The Mozilla Foundation had around 120 employees before this more recent round of layoffs, according to TechCrunch.

In an email sent to all employees on October 30th, Nabhia Syed, the foundation’s executive director, said that the advocacy and global programs divisions “are no longer part of our structure.”

“Navigating this topsy-turvy, distracting time requires laser focus — and sometimes saying goodbye to the excellent work that has gotten us this far because it won’t get us to the next peak,” wrote Syed, who previously worked as the chief executive of The Markup, an investigative news site. “Lofty goals demand hard choices.”

The Mozilla Foundation did not immediately respond to The Verge’s request for comment.

Read More 

[Sponsor] 1Password: The Infinite Loop of Security

We recently attended the RSA conference in San Francisco — security’s biggest event of the year — and we were struck by how infatuated everyone was with the promise of new, shiny solutions to fix new, shiny problems. On some level that’s not surprising — tech is constantly driving toward the future, and security is one of the fastest-moving areas of tech.

But on the other hand, it seems like the security industry is walking away from some of its most foundational problems before they’ve actually been solved. People would rather talk about AI-powered behavioral analytics that can detect when a worker’s mouse is moving strangely than the decidedly un-glamorous work of rolling out patches and managing permissions.

This disconnect was especially clear in the 2024 Verizon Data Breach Investigations Report (DBIR). This year’s report found that “the human element” (accidental breaches caused by human error or victimization in phishing attacks and the like) was the number one cause of breaches. The same was true last year, and the year before that, and the year before that.

The single biggest culprit in breaches continues to be weak and stolen credentials. The 2024 DBIR found that “use of stolen credentials” is the number one initial action during a breach, and that credentials are the number one way attackers get in in non-error, non-misuse breaches, followed by phishing and vulnerability exploits.

What’s frustrating about the persistence of credential-based attacks is that they are eminently solvable! Roll out a password manager to your end users, put SSO and MFA in front of sensitive applications, and implement passkeys when possible. Yet in 1Password’s 2022 State of Access Report, only 29% of respondents said they used a password manager at work.

The same narrative about credentials is also true about compromised devices and, especially, employee training. The DBIR’s authors said as much in a webinar about the report, claiming that “You can address two-thirds of these breaches by training and equipping your employees appropriately.”

But at RSAC, it was tough to fill a room for a talk on employee training or credential management. The popular talks tended to focus on things like the dangers of AI deepfakes, which is ironic, since the 2024 DBIR said that GenAI hasn’t made much of an impact on breaches so far.

This needs to change, and the 2024 DBIR offers a clear look at where we’re falling short and where we go from here.

To get more insights about the report and its implications for security, read the full blog.

 ★ 

We recently attended the RSA conference in San Francisco — security’s biggest event of the year — and we were struck by how infatuated everyone was with the promise of new, shiny solutions to fix new, shiny problems. On some level that’s not surprising — tech is constantly driving toward the future, and security is one of the fastest-moving areas of tech.

But on the other hand, it seems like the security industry is walking away from some of its most foundational problems before they’ve actually been solved. People would rather talk about AI-powered behavioral analytics that can detect when a worker’s mouse is moving strangely than the decidedly un-glamorous work of rolling out patches and managing permissions.

This disconnect was especially clear in the 2024 Verizon Data Breach Investigations Report (DBIR). This year’s report found that “the human element” (accidental breaches caused by human error or victimization in phishing attacks and the like) was the number one cause of breaches. The same was true last year, and the year before that, and the year before that.

The single biggest culprit in breaches continues to be weak and stolen credentials. The 2024 DBIR found that “use of stolen credentials” is the number one initial action during a breach, and that credentials are the number one way attackers get in in non-error, non-misuse breaches, followed by phishing and vulnerability exploits.

What’s frustrating about the persistence of credential-based attacks is that they are eminently solvable! Roll out a password manager to your end users, put SSO and MFA in front of sensitive applications, and implement passkeys when possible. Yet in 1Password’s 2022 State of Access Report, only 29% of respondents said they used a password manager at work.

The same narrative about credentials is also true about compromised devices and, especially, employee training. The DBIR’s authors said as much in a webinar about the report, claiming that “You can address two-thirds of these breaches by training and equipping your employees appropriately.”

But at RSAC, it was tough to fill a room for a talk on employee training or credential management. The popular talks tended to focus on things like the dangers of AI deepfakes, which is ironic, since the 2024 DBIR said that GenAI hasn’t made much of an impact on breaches so far.

This needs to change, and the 2024 DBIR offers a clear look at where we’re falling short and where we go from here.

To get more insights about the report and its implications for security, read the full blog.

Read More 

Suspect arrested in Snowflake data-theft attacks affecting millions

Threat actor exploited account credentials swept up by infostealers years earlier.

Canadian authorities have arrested a man on suspicion he breached hundreds of accounts belonging to users of cloud storage provider Snowflake and used that access to steal personal data belonging to millions of people, authorities said Tuesday.

“Following a request by the United States, Alexander Moucka (aka Connor Moucka) was arrested on a provisional arrest warrant on Wednesday, October 30, 2024,” an official with the Canada Department of Justice wrote in an email Tuesday. “He appeared in court later that afternoon, and his case was adjourned to Tuesday, November 5, 2024. As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case.”

Word of the arrest first came from Bloomberg News and was later confirmed by 404 Media.

Read full article

Comments

Read More 

Apple reportedly facing first-ever EU fine over App Store rules

Image: Cath Virginia / The Verge

Apple will soon become the first company to incur a fine for violating the European Union’s Digital Markets Act (DMA), reports Bloomberg. Sources tell the outlet that the Commission is getting ready to levy the penalty after it found that Apple’s “anti-steering” practices harmed competition on the App Store.
This follows the EU’s €1.84 billion (around $2 billion) fine imposed on Apple in March. After investigating a complaint from Spotify, the EU Commission ruled that Apple restricted developers’ ability to point users to cheaper purchases outside the App Store in March — a practice that’s illegal under the DMA.
We still don’t know how much the EU will fine Apple, but the DMA rules say companies can be charged up to 10 percent of annual global revenue and up to 20 percent for repeat offenses. Based on Apple’s revenue last year, the EU’s initial fine could add up to as much as $38 billion. The Commission may announce the fine as soon as this month before competition head Margrethe Vestager leaves office, Bloomberg reports.
The Verge reached out to Apple with a request for comment but didn’t immediately hear back.
Apple is also facing an investigation over whether it’s undermining alternative app stores in the EU. In September, the EU won its fight to make Apple pay €13 billion (about $14.4 billion) in unpaid taxes. Apple CEO Tim Cook even allegedly called former President Donald Trump to complain about the fines his company has accrued.

Image: Cath Virginia / The Verge

Apple will soon become the first company to incur a fine for violating the European Union’s Digital Markets Act (DMA), reports Bloomberg. Sources tell the outlet that the Commission is getting ready to levy the penalty after it found that Apple’s “anti-steering” practices harmed competition on the App Store.

This follows the EU’s €1.84 billion (around $2 billion) fine imposed on Apple in March. After investigating a complaint from Spotify, the EU Commission ruled that Apple restricted developers’ ability to point users to cheaper purchases outside the App Store in March — a practice that’s illegal under the DMA.

We still don’t know how much the EU will fine Apple, but the DMA rules say companies can be charged up to 10 percent of annual global revenue and up to 20 percent for repeat offenses. Based on Apple’s revenue last year, the EU’s initial fine could add up to as much as $38 billion. The Commission may announce the fine as soon as this month before competition head Margrethe Vestager leaves office, Bloomberg reports.

The Verge reached out to Apple with a request for comment but didn’t immediately hear back.

Apple is also facing an investigation over whether it’s undermining alternative app stores in the EU. In September, the EU won its fight to make Apple pay €13 billion (about $14.4 billion) in unpaid taxes. Apple CEO Tim Cook even allegedly called former President Donald Trump to complain about the fines his company has accrued.

Read More 

Scroll to top