MI5 Warns of Spies Using LinkedIn To Trick Staff Into Spilling Secrets

According to the United Kingdom's Security Service, known as MI5, hostile states are creating fake LinkedIn profiles to trick users into spilling secrets. The BBC reports: At least 10,000 UK nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years, according to MI5. "Malicious profiles" are being used on "an industrial scale," the security agency's chief, Ken McCallum, said. A campaign has been launched to educate government workers about the threat. The effort -- Think Before You Link -- warns foreign spies are targeting those with access to sensitive information. One concern is the victims' colleagues, in turn, become more willing to accept follow-up requests - because it looks as if they share a mutual acquaintance. MI5 did not specifically name LinkedIn but BBC News has learned the Microsoft-owned service is indeed the platform involved. The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information. And it is thought a large number of those approached engaged initially with the profiles that contacted them online. Read more of this story at Slashdot.
2021-04-20 21:00:01 preview's
Apple Announces New Apple TV 4K With Redesigned Siri Remote

The new Apple TV sports a more powerful A12 Bionic chip that lets it play HDR video at higher frame rates. It also comes equipped with a redesigned Siri remote. The Verge reports: The new Siri remote has an iPod-style scroll wheel, a five-way click pad, touch controls, a mute button, and a power button that can turn your TV on and off. Meanwhile, the Siri button is now on the side of the remote, and Apple says that the voice assistant now works on Apple TV in Austria, Ireland, and New Zealand, in addition to the 13 countries where it was already supported. Finally, the new Siri remote's enclosure is made out of 100 percent recycled aluminum. You'll get the new remote with the new $179 4K set-top box, or it's available separately for $59. As well as being compatible with the new Apple TV 4K, it also works with the 2017 model and Apple TV HD. Apple will also sell the remote bundled with the Apple TV HD for $149. Other features of the Apple TV 4K include support for 60fps Dolby Vision playback over AirPlay from a compatible iPhone, and the ability to optimize the colors of your TV screen using the light sensor on an iPhone. Read more of this story at Slashdot.
2021-04-20 20:30:05 preview's
Hackers Are Exploiting a Pulse Secure 0-Day To Breach Orgs Around the World

An anonymous reader quotes a report from Ars Technica: Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said. At least one of the security flaws is a zero-day, meaning it was unknown to Pulse Secure developers and most of the research world when hackers began actively exploiting it, security firm Mandiant said in a blog post published Tuesday. Besides CVE-2021-22893, as the zero-day is tracked, multiple hacking groups -- at least one of which likely works on behalf of the Chinese government -- are also exploiting several Pulse Secure vulnerabilities fixed in 2019 and 2020. Used alone or in concert, the security flaws allow the hackers to bypass both single-factor and multifactor authentication protecting the VPN devices. From there, the hackers can install malware that persists across software upgrades and maintain access through webshells, which are browser-based interfaces that allow hackers to remotely control infected devices. Multiple intrusions over the past six months have hit defense, government, and financial organizations around the world, Tuesday's post reported. Separately, the US Cybersecurity and Infrastructure Security Agency said that targets also include US government agencies, critical infrastructure entities, and other private sector organizations." Mandiant said that it has uncovered "limited evidence" that tied one of the hacker groups to the Chinese government. Dubbed UNC2630, this previously unknown team is one of at least two hacking groups known to be actively exploiting the vulnerabilities. Tuesday's blog post also referred to another previously unseen group that Mandiant is calling UNC2717. In March, the group used malware Mandiant identifies as RADIALPULSE, PULSEJUMP, and HARDPULSE against Pulse Secure systems at a European organization. Pulse Secure on Tuesday published an advisory instructing users how to mitigate the currently unpatched security bug. Read more of this story at Slashdot.
2021-04-20 18:45:01 preview's
Ransomware Gang Tried To Extort Apple Hours Ahead of Tuesday Event

An anonymous reader writes: The operators of the REvil ransomware are demanding that Apple pay a ransom demand to avoid having confidential information leaked on the dark web. The REvil crew claims it came into possession of Apple product data after breaching Quanta Computer, a Taiwanese company that is the biggest laptop manufacturer in the world and which is also one of the companies that assemble official Apple products based on pre-supplied product designs and schematics. The REvil gang posted 21 screenshots depicting Macbook schematics and threatened to publish new data every day until May 1, or until Apple or Quanta pay the ransom demand. The extortion attempt was also perfectly timed for maximum visibility to coincide with the Spring Loaded event, where Apple announced new products and software updates. Read more of this story at Slashdot.
2021-04-20 18:15:02 preview's
Chat App Discord Ends Takeover Talks With Microsoft

Microsoft and video-game chat company Discord have ended takeover talks after Discord rejected a $12 billion bid, Bloomberg reported Tuesday, citing a people familiar with the matter. From the report: Discord is now focused on a potential public listing in the long term, the people said, asking not to be identified because the matter is private. Several other companies also tried to buy Discord in recent weeks, the people said. The identity of these companies couldn't immediately be learned. San Francisco-based Discord is best known for its free service that lets gamers communicate by video, voice and text. People stuck at home during the pandemic have increasingly used its technology for study groups, dance classes, book clubs and other virtual gatherings. Read more of this story at Slashdot.
2021-04-20 17:30:03 preview's
Would Be Cool if Everyone Normalized These Pesky Data Leaks, Says Data-Leaking Facebook in Leaked Memo

Facebook wants you to believe that the scraping of 533 million people's personal data from its platform, and the dumping of that data online by nefarious people, is something to be "normalised." The Register: A blundering Facebook public relations operative managed to send a journalist a copy of an internal document detailing the social network's strategy for containing the leaking of 533 million accounts -- and what the memo contained was infuriating though unsurprising. Belgian tech journalist Pieterjan van Leemputten asked the Mark Zuckerberg-owned company some questions about the theft and dumping online of account data earlier this month. Miscreants had helped themselves to 70GB of names, phone numbers, dates of birth, email addresses, and more from people's Facebook profiles, thanks to a security weakness in the platform. Having stolen the data in 2019, crims bought and sold it among themselves before one shared it via a Tor-hidden site in early April, inviting anyone to come and help themselves to it all. Yet when van Leemputten asked Facebook's mouthpieces to respond, what he got in return was quite unexpected. As he told The Register: "Facebook accidentally sent me an internal email where they literally state that they will frame the recent 533 million data leak as a 'broad industry issue' and that they want to normalize this." The memo added, "To do this, the team is proposing a follow-up post in the next several weeks that talks more broadly about our anti-scraping work and provides more transparency around the amount of work we're doing in this area." Read more of this story at Slashdot.
2021-04-20 16:15:02 preview's
Tile Bashes Apple's New AirTag as Unfair Competition

Now that Apple's lost item finder AirTag has officially been introduced, competitor Tile is going on record ahead of its testimony in front of Congress tomorrow about how it perceives Apple's latest product. In a statement, Tile CEO CJ Prober said today: "Our mission is to solve the everyday pain point of finding lost and misplaced things and we are flattered to see Apple, one of the most valuable companies in the world, enter and validate the category Tile pioneered. The reason so many people turn to Tile to locate their lost or misplaced items is because of the differentiated value we offer our consumers. In addition to providing an industry leading set of features via our app that works with iOS and Android devices, our service is seamlessly integrated with all major voice assistants, including Alexa and Google. And with form factors for every use case and many different styles at affordable prices, there is a Tile for everyone. Tile has also successfully partnered with top brands like HP, Intel, Skullcandy and fitbit to enable our finding technology in mass market consumer categories like laptops, earbuds and wearables. With over 30 partners, we look forward to extending the benefits of Tile to millions of customers and enabling an experience that helps you keep track of all your important belongings. We welcome competition, as long as it is fair competition. Unfortunately, given Apple's well-documented history of using its platform advantage to unfairly limit competition for its products, we're skeptical. And given our prior history with Apple, we think it is entirely appropriate for Congress to take a closer look at Apple's business practices specific to its entry into this category. We welcome the opportunity to discuss these issues further in front of Congress tomorrow. Read more of this story at Slashdot.
2021-04-20 15:30:02 preview's
Apple Introduces M1 Chip-Powered iMac

Apple has finally given the world a dramatic new iMac redesign, aimed at the company's long-standing goal of "making the computer disappear." From a report: Naturally, the latest version of the 24-inch all-in-one desktop is built around the company's new proprietary M1 chips. The screen sports a 4.5K Retina Display, coupled with a 1080p camera -- a first for the Mac line, and a sign the company is taking both audio and video more seriously as these products are serving as a kind of life line for the work from home crowd. True Tone is, naturally, on board for better color balance, and sound have been improved with six-speaker setup. The new devices are significantly thinner -- with overall volume reduced by half, according to the company. The rear is also flat, instead of curved. All told, the company says it's up to 85% faster than the last model, coupled with a GPU that's up to twice as fast and 3x the machine learning. Around back are two Thunderbolt ports and a new magnetic power adapter that also delivers Ethernet. The system comes in seven colors. It starts at $1,299. Read more of this story at Slashdot.
2021-04-20 14:15:02 preview's
Apple Announces $29 AirTag, a New Tile-like Item Tracker

Apple has launched a Tile-like item tracker that will work with the company's software and services. From a report: Dubbed AirTag, the small circular tag will allow you to track items within Apple's "Find My" app on iOS. Much like Tile, Apple's AirTags will be useful for tracking items like keys or wallets, and you'll be provided with notifications when you're separated from your item. The AirTag itself is a small puck-like device that includes a built-in speaker, accelerometer, Bluetooth LE, and a user-replaceable battery. Apple says the tracker should last for a year of battery life, and you can use an NFC tap to activate a lost mode. AirTag will be available for $29 on April 30th, or $99 for a four-pack of the devices. Apple is also working with accessory makers to create luggage tag and keyring enclosures for the AirTag itself. Read more of this story at Slashdot.
2021-04-20 13:30:03 preview's
How “cosmetic” DLC became “pay to win” camouflage in some online shooters

COD: Warzone and Fortnite struggle to balance player style and gameplay visibility.
2021-04-20 12:45:03