Many PlayStation Network users reported Monday that their accounts were unexpectedly permanently suspended. As of Tuesday morning, many of the people who had received the messages now say their accounts have been restored. From a report: Some of them contacted customer service while others did not, but nearly a day after the issues began, Sony hasn't commented publicly or responded to us about the wave of bans or the restorations that followed. A message to one user read: "This account is permanently suspended from PlayStation Network due to violations of the PlayStation Network Terms of Service and User Agreement."

Jon Porter reports via The Verge: UK telecoms regulator Ofcom has laid out how porn sites could verify users' ages under the newly passed Online Safety Act. Although the law gives sites the choice of how they keep out underage users, the regulator is publishing a list of measures they'll be able to use to comply. These include having a bank or mobile network confirm that a user is at least 18 years old (with that user's consent) or asking a user to supply valid details for a credit card that's only available to people who are 18 and older. The regulator is consulting on these guidelines starting today and hopes to finalize its official guidance in roughly a year's time.

Ofcom lists six age verification methods in today's draft guidelines. As well as turning to banks, mobile networks, and credit cards, other suggested measures include asking users to upload photo ID like a driver's license or passport, or for sites to use "facial age estimation" technology to analyze a person's face to determine that they've turned 18. Simply asking a site visitor to declare that they're an adult won't be considered strict enough. Once the duties come into force, pornography sites will be able to choose from Ofcom's approaches or implement their own age verification measures so long as they're deemed to hit the "highly effective" bar demanded by the Online Safety Act. The regulator will work with larger sites directly and keep tabs on smaller sites by listening to complaints, monitoring media coverage, and working with frontline services. Noncompliance with the Online Safety Act can be punished with fines of up to [$22.7 million] or 10 percent of global revenue (whichever is higher).

The guidelines being announced today will eventually apply to pornography sites both big and small so long as the content has been "published or displayed on an online service by the provider of the service." In other words, they're designed for professionally made pornography, rather than the kinds of user-generated content found on sites like OnlyFans. That's a tricky distinction when the two kinds often sit together side by side on the largest tube sites. But Ofcom will be opening a consultation on rules for user-generated content, search engines, and social media sites in the new year, and Whitehead suggests that the both sets of rules will come into effect at around the same time.

An anonymous reader quotes a report from Wired: One of the world's most peculiar test beds stretches above Princeton, New Jersey. It's a fiber optic cable strung between three utility poles that then runs underground before feeding into an "interrogator." This device fires a laser through the cable and analyzes the light that bounces back. It can pick up tiny perturbations in that light caused by seismic activity or even loud sounds, like from a passing ambulance. It's a newfangled technique known as distributed acoustic sensing, or DAS. Because DAS can track seismicity, other scientists are increasingly using it to monitor earthquakes and volcanic activity. (A buried system is so sensitive, in fact, that it can detect people walking and driving above.) But the scientists in Princeton just stumbled upon a rather noisier use of the technology.

In the spring of 2021, Sarper Ozharar -- a physicist at NEC Laboratories, which operates the Princeton test bed -- noticed a strange signal in the DAS data. "We realized there were some weird things happening," says Ozharar. "Something that shouldn't be there. There was a distinct frequency buzzing everywhere." The team suspected the "something" wasn't a rumbling volcano -- not inNew Jersey -- but the cacophony of the giant swarm of cicadas that had just emerged from underground, a population known as Brood X. A colleague suggested reaching out to Jessica Ware, an entomologist and cicada expert at the American Museum of Natural History, to confirm it. "I had been observing the cicadas and had gone around Princeton because we were collecting them for biological samples," says Ware. "So when Sarper and the team showed that you could actually hear the volume of the cicadas, and it kind of matched their patterns, I was really excited."

Add insects to the quickly growing list of things DAS can spy on. Thanks to some specialized anatomy, cicadas are the loudest insects on the planet, but all sorts of other six-legged species make a lot of noise, like crickets and grasshoppers. With fiber optic cables, entomologists might have stumbled upon a powerful new way to cheaply and constantly listen in on species -- from afar. "Part of the challenge that we face in a time when there's insect decline is that we still need to collect data about what population sizes are, and what insects are where," says Ware. "Once we are able to familiarize ourselves with what's possible with this type of remote sensing, I think we can be really creative."

100 miles south of the Canadian border, the tiny town of Bemidji, Minnesota "has been bombarded by a sudden onslaught of Amazon packages" since early November, reports the Washington Post, "and local postal workers say they have been ordered to deliver those packages first."

A spokesperson for the U.S. Postal Service tells the Post that's not true, and that their service "does not prioritize the delivery of packages from Amazon or other customers."

But whatever's going on, the Post reports that "The result has been chaos..." Mail is getting backed up, sometimes for days, leaving local residents waiting for checks, credit card statements, health insurance documents and tax rebates. Routes meant to take eight or nine hours are stretching to 10 or 12. At least five carriers have quit, and the post office has banned scheduled sick days for the rest of the year, carriers say... Dennis Nelson, a veteran mail carrier, said he got so frustrated watching multiple co-workers "breaking down and crying" that he staged a symbolic strike earlier this month outside the post office where he has worked for more than 20 years...

Bemidji is not the only place where postal workers say they have been overwhelmed by packages from Amazon... Carriers and local officials say mail service has been disrupted in rural communities from Portland, Maine, to Washington state's San Juan Islands.

The situation stems from a crisis at the Postal Service, which has lost $6.5 billion in the past year. The post office has had a contract with Amazon since 2013, when it started delivering packages on Sundays. But in recent years, that business has exploded as Amazon has increasingly come to rely on postal carriers to make "last-mile" deliveries in harder-to-reach rural locations. The Postal Service considers the contract proprietary and has declined to disclose its terms. But U.S. Postmaster General Louis DeJoy has said publicly that "increasing package volume" — not just from Amazon, but from FedEx and UPS as well — is key to the mail service's financial future. In a Nov. 14 speech to the Postal Service Board of Governors, DeJoy said he wants the post office to become the "preferred delivery provider in the nation...."

In bigger cities, Amazon has its own distribution network, which takes some of the pressure off the post office. But in rural areas, where carriers drive miles of lonely routes in their personal vehicles, the arrangement has caused problems. In the mountains of Colorado, biologists in Crested Butte are struggling with the delay of time-sensitive samples, the Denver Post reported in September, while mail carriers in Carbondale say they are overwhelmed by Amazon packages. Other Minnesota towns including Brainerd and La Porte have been hit hard by Amazon in the past, carriers said...

Partenheimer defended the post office's record in an email, while conceding "much work remains to be done...."
An Amazon spokesperson told the Post "We work directly with the USPS to balance our delivery needs with their available capacity," and "we'll continue to collaborate on package volume each week and adjust as needed."

Sony is about to delete tons of Discovery shows from PlayStation users' libraries even if they already "purchased" them. Why? Because most users don't actually own the digital content they buy thanks to the mess of online DRM and license agreements. Some of the soon-to-be-deleted TV shows include Mythbusters and Naked and Afraid. Kotaku reports: The latest pothole in the road to an all-digital future was discovered via a warning Sony recently sent out to PlayStation users who purchased TV shows made by Discovery, the reality TV network that recently merged with Warner Bros. in one of the most brutal and idiotic corporate maneuvers of our time. "Due to our content licensing arrangements with content providers, you will no longer be able to watch any of your previously purchased Discovery content and the content will be removed from your video library," read a copy of the email that was shared with Kotaku.

It linked to a page on the PlayStation website listing all of the shows impacted. As you might imagine, given Discovery's penchant for pumping out seasons of relatively cheap to produce but popular reality TV and documentary-based shows, there are a lot of them. They include, but are not limited to, hits such as: Say Yes to the Dress, Shark Week, Cake Boss, Long Island Medium, Deadly Women, and many, many more. [...] Now, essentially anything you buy on PSN, whether a PS5 blockbuster or, uh, Police Women of Cincinnati, is essentially just on indefinite loan until such time as the PlayStation servers die or the original copyright owner decides to pull the content.

An anonymous reader quotes a report from UploadVR: Valve just launched a free official Steam Link app on Meta Quest. The app, which is on the official Quest Store and approved by Meta, lets you wirelessly play SteamVR games like Half-Life: Alyx on your Quest 2, Quest Pro, or Quest 3 by streaming from your gaming PC over your home Wi-Fi network. You can also play your traditional non-VR Steam games on a giant virtual screen.

An anonymous reader quotes a report from Ars Technica: A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported. The intrusion, by a group tracked under names including "Chimera" and "G0114," lasted from late 2017 to the beginning of 2020, according to Netherlands national news outlet NRC Handelsblad, which cited "several sources" familiar with the incident. During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn't uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

NRC cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in "early Q4 2017." Some of the intrusions lasted as long as three years before coming to light. NRC said the unidentified victim was NXP. "Once nested on a first computer -- patient zero -- the spies gradually expand their access rights, erase their tracks in between and secretly sneak to the protected parts of the network," NRC reporters wrote in an English translation. "They try to secrete the sensitive data they find there in encrypted archive files via cloud storage services such as Microsoft OneDrive. According to the log files that Fox-IT finds, the hackers come every few weeks to see whether interesting new data can be found at NXP and whether more user accounts and parts of the network can be hacked."

NXP did not alert customers or shareholders to the intrusion, other than a brief reference in a 2019 annual report. It read: "We have, from time to time, experienced cyber-attacks attempting to obtain access to our computer systems and networks. Such incidents, whether or not successful, could result in the misappropriation of our proprietary information and technology, the compromise of personal and confidential information of our employees, customers, or suppliers, or interrupt our business. For instance, in January 2020, we became aware of a compromise of certain of our systems. We are taking steps to identify the malicious activity and are implementing remedial measures to increase the security of our systems and networks to respond to evolving threats and new information. As of the date of this filing, we do not believe that this IT system compromise has resulted in a material adverse effect on our business or any material damage to us. However, the investigation is ongoing, and we are continuing to evaluate the amount and type of data compromised. There can be no assurance that this or any other breach or incident will not have a material impact on our operations and financial results in the future."

A series of arrests that began in late August and continued into last week has sparked concerns that a relatively rare 'Scene' crackdown targeting the top of the so-called 'Piracy Pyramid' may be underway in the Nordic region. TorrentFreak reports: In a statement last week, Denmark's National Unit for Special Crime (NSK) announced that as part of a long-running investigation, a man was arrested on November 22 and then charged with copyright infringement offenses. NSK said its officers searched the home of a 47-year-old man in South Zealand (Sydsjaelland) and seized IT equipment in connection with illegal file-sharing and "copyright infringement of a particularly serious nature." "The case is about an organized network that has illegally shared extremely large quantities of films and TV series via file sharing services," said NSK Police Commissioner Anders-Emil Nohr Kelbaek. While noting that NSK had no further information to offer at this time, Kelbaek said he was pleased that NSK had arrested another suspect believed to have played a 'significant role' in the unnamed network.

Last week's arrest was only the latest in a series of arrests carried out as part of the same long-running NSK investigation into the illegal distribution of movies and TV shows. In late August, NSK arrested four people on suspicion of sharing "extremely large quantities" of movies and TV shows. NSK raided addresses in South-West Jutland, North Zealand and Bornholmand. A 43-year old was arrested at the last location, but it's claimed he lives elsewhere. In common with last week's arrest, all were charged on suspicion of "particularly serious" copyright infringement offenses. In an almost identical statement to that issued last week, Commissioner Anders-Emil Nohr Kelbaek said the case was about "an organized network that shares extremely large amounts of data, presumably in the form of films and series."

TorrentFreak sources report concerns that last week's arrest may be linked to Scene groups. Terminology used by NSK doesn't instantly rule that out and does seem to suggest something potentially more significant than other arrests over the past few years. According to NSK, the August arrests took place on August 28, 2023. Using information in Scene release databases we looked for Danish Scene groups and/or groups that were releasing Denmark-focused content before that date but then made no releases afterward; while that wouldn't provide conclusive proof that a group had been targeted, the method has proven useful in the past. While activity late August suggests nothing especially out of the ordinary, activity since the arrest last week stands in contrast. TF is informed that some groups may have gone dark simply out of an abundance of caution. It's also possible that the groups have nothing to release. Furthermore, there are many other global groups with no obvious links to Danish content or Denmark that also stopped releasing on November 21. The reasons for this are unknown but holidays in the United States may play a role.

Germany will entice electric vehicle drivers to charge up when there's plenty of green power on the system by offering them cheap tariffs linked to wholesale prices. From a report: It's part of a push by the government to better integrate huge swings of renewable power onto the grid when it's particularly sunny or windy by ramping demand up or down to match. It's an example of the flexible tariffs that are popping up all over Europe aimed at consumers with electricity-hungry devices like heat pumps or cars that can help balance the network.

Europe's largest economy aims to produce 80% of its power from renewables by 2030, but is struggling to expand its network infrastructure. To reduce bottlenecks, consumers' network costs should be reduced by as much as $208 per year, or they can opt for a 60% reduction on their energy price and benefit from other levy exemptions for heat pumps, the regulator Bundesnetzagentur said in a statement Monday.

Long-time Slashdot reader destinyland writes: The popular party game "Cards Against Humanity" continued their tradition of practical jokes on Black Friday. They created a new social network where users can perform only one action: posting the word "yowza."

Then announced it on their official social media accounts on Instagram, Facebook, and X...

Regardless of what words you type into the window, they're replaced with the word yowza. "For just $0.99, you'll get an exclusive black check by your name," reads an announcement on the site, "and the ability to post a new word: awooga."

It's a magical land where "yowfluencers" keep "reyowzaing" the "yowzas" of other users. And there's also a tab for trending hashtags. (Although, yes, they all seem to be "yowza".) But they've already gotten a write up in the trade industry publication Advertising Age.

"With every bad thing happening in the world, social media is always right there, making it worse," a spokesperson said.... "[W]e asked ourselves: Is there a way we could make a social network that doesn't suck? At first, the answer was 'no.' The content moderation problem is just too hard. And then we thought, why not solve the content moderation problem by having no content? That's Yowza...."

When creating your profile on the network there's a dropdown menu for specifying your age and location — although all of the choices are yowza. More details from Advertising Age:

The company said the word "yowza" was the first that came to mind when its creative teams were brainstorming—and it just stuck. "It's dumb, it's ridiculous, it means nothing. It's perfect," the rep said.

And the service is still evolving, with fresh user upgrades. The official Yowza store will now also sell you the ability to also post the word Shazam — for $29.99. (Also on sale are 100,000 followers — for 99 cents.) But there's also an official FAQ which articulates the service's deep commitment to protecting their users' privacy.

Do you promise you won't share my private information with the Chinese Communist Party, like TikTok?

Yowza.

AI models can find patterns and make predictions, but their reasoning is often inscrutable. This "black box" issue makes AI less reliable and less scientifically useful. However, a team led by Dion Hafner (a computer scientist at the University of Copenhagen) devised a clever neural network to predict rogue waves. By restricting inputs to meaningful wave measurements and tracing how they flowed through the network, the team extracted a simple five-part equation encapsulating the AI's logic. Economist adds: To generate a human-comprehensible equation, the researchers used a method inspired by natural selection in biology. They told a separate algorithm to come up with a slew of different equations using those five variables, with the aim of matching the neural network's output as closely as possible. The best equations were mixed and combined, and the process was repeated. The result, eventually, was an equation that was simple and almost as accurate as the neural network. Both predicted rogue waves better than existing models.

The first part of the equation rediscovered a bit of existing theory: it is an approximation of a well-known equation in wave dynamics. Other parts included some terms that the researchers suspected might be involved in rogue-wave formation but are not in standard models. There were some puzzlers, too: the final bit of the equation includes a term that is inversely proportional to how spread out the energy of the waves is. Current human theories include a second variable that the machine did not replicate. One explanation is that the network was not trained on a wide enough selection of examples. Another is that the machine is right, and the second variable is not actually necessary.

An anonymous reader quotes a report from TorrentFreak: Cloudflare is a content-neutral Internet infrastructure service. The company aims not to interfere with the traffic of its clients and users but, in some cases, it has to take action. This means responding to DMCA subpoenas and takedown requests for hosted content, for example. In addition, Cloudflare now reports it has blocked access to 'abusive' content on its Ethereum gateway. [...] In its most recent transparency report, Cloudflare further notes that it has implemented access restrictions on its public Ethereum gateway. The company doesn't store any content on the Ethereum network, nor can it remove any. However, it can block access through its service.

If Cloudflare receives valid abuse reports or copyright infringement complaints, it will take appropriate action. The same applies to the gateway for the decentralized IPFS network. In its previous transparency report, Cloudflare already mentioned more than 1,000 IPFS actions a figure that increased slightly in the second half of last year. At the same time, Cloudflare also restricted access to 99 'items' on the Ethereum network. Since these are 'gateway' related restrictions there's no impact on the content hosted on IPFS or Ethereum. Instead, it will only make it impossible to access content through Cloudflare's service.

It's not clear how many of these restrictions are abuse or copyright-related, as not much context is provided. The Ethereum actions are, at least in part, a response to the U.S. Department of Treasury's sanctions against the cryptocurrency tumbler Tornado Cash. "Those sanctions raise significant legal questions about the extent to which particular computer software, rather than individuals or entities that use that software, can be subject to sanctions," Cloudflare writes. "Nonetheless, to comply with legal requirements, Cloudflare has taken steps to disable access through the Cloudflare-operated Ethereum Gateway to the digital currency addresses identified in the designation." The report notes that the volume of valid DMCA notices Cloudflare received has increased, "up from 18 to 972 in the span of a year." Meanwhile, the number of civil subpoenas it's received, including those issued under the DMCA, has decreased. "In the second half of last year, the company received 20 civil subpoenas which targeted 57 domain names," reports TorrentFreak. "That's the lowest number since Cloudflare first disclosed this statistic five years ago, signaling a downward trend."

Cloudflare's latest Transparency Report is available here (PDF).

An anonymous reader quotes a report from Ars Technica: Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday. Both of the vulnerabilities, which were previously unknown to their manufacturers and to the security research community at large, allow for the remote execution of malicious code when the affected devices use default administrative credentials, according to an Akamai post. Unknown attackers have been exploiting the zero-days to compromise the devices so they can be infected with Mirai, a potent piece of open source software that makes routers, cameras, and other types of Internet of Things devices part of a botnet that's capable of waging DDoSes of previously unimaginable sizes.

Akamai researchers said one of the zero-days under attack resides in one or more models of network video recorders. The other zero-day resides in an "outlet-based wireless LAN router built for hotels and residential applications." The router is sold by a Japan-based manufacturer, which "produces multiple switches and routers." The router feature being exploited is "a very common one," and the researchers can't rule out the possibility it's being exploited in multiple router models sold by the manufacturer. Akamai said it has reported the vulnerabilities to both manufacturers, and that one of them has provided assurances security patches will be released next month. Akamai said it wasn't identifying the specific devices or the manufacturers until fixes are in place to prevent the zero-days from being more widely exploited.

The Akamai post provides a host of file hashes and IP and domain addresses being used in the attacks. Owners of network video cameras and routers can use this information to see if devices on their networks have been targeted. [...] In an email, Akamai researcher Larry Cashdollar wrote: "The devices don't typically allow code execution through the management interface. This is why getting RCE through command injection is needed. Because the attacker needs to authenticate first they have to know some login credentials that will work. If the devices are using easy guessable logins like admin:password or admin:password1 those could be at risk too if someone expands the list of credentials to try." He said that both manufacturers have been notified, but only one of them has so far committed to releasing a patch, which is expected next month. The status of a fix from the second manufacturer is currently unknown. Cashdollar said an incomplete Internet scan showed there are at least 7,000 vulnerable devices. The actual number of affected devices may be higher.

According to Polish news channel TVN24, a secret cryptomining rig was found under the floors of a Polish court, stealing thousands of Polish Zlotys worth of energy per month (the equivalent of roughly $250 per 1,000 Zlotys). "It's currently unknown how long the rig was running because the illegal operation went undetected, partly because the computers used were connected to the Internet through their own modems rather than through the court's network," reports Ars Technica. From the report: While no one has been charged yet with any crimes, the court seemingly has suspects. Within two weeks of finding the rig, the court terminated a contract with a company responsible for IT maintenance in the building, TVN24 reported. Before the contract ended, the company fired two employees that it said were responsible for maintenance in the parts of the building where the cryptomine was hidden. Poland's top law enforcement officials, the Internal Security Agency, have been called in to investigate. The Warsaw District Prosecutor's Office has hired IT experts to help determine exactly how much electricity was stolen from Poland's Supreme Administrative Court in Warsaw, TVN24 reported.

The Supreme Administrative Court is the last resort for sensitive business and tax disputes, but no records seem to have been compromised. Judge Sylwester Marciniak -- the chairman of the Judicial Information Department of the Supreme Administrative Court -- told TVN24 that the discovery of the cryptomine "did not result in any threat to the security of data stored" in the court.

Earlier this month, the entire Optus mobile network went offline nationwide following a "routine software upgrade." According to Reuters, "More than 10 million Australians were hit by the 12-hour network blackout [...], triggering fury and frustration among customers and raising wider concerns about the telecommunications infrastructure." Now, according to the Australian Broadcasting Corporation, Optus CEO Kelly Bayer Rosmarin has resigned in the wake of the outage. From the report: She said it "had been an honour to serve" but that "now was an appropriate time to step down." During Friday's Senate hearing into the outage, Ms Bayer Rosmarin rebuffed suggestions she was under pressure to step down. "On Friday, I had the opportunity to appear before the Senate to expand on the cause of the network outage and how Optus recovered and responded," she said in a statement on Monday. "I was also able to communicate Optus's commitment to restore trust and continue to serve customers. Having now had time for some personal reflection, I have come to the decision that my resignation is in the best interest of Optus moving forward."

Ms Bayer Rosmarin will be replaced in the interim by chief financial officer Michael Venter. Yuen Kuan Moon, the chief executive of Optus's Singaporean parent company Singtel Group, said the company understood her decision to resign. Mr Yuen said Singtel recognised "the need for Optus to regain customer trust and confidence as the team works through the impact and consequences of the recent outage and continues to improve." He said Optus's priority was about "setting on a path of renewal for the benefit of the community and customers." Singtel said Optus had also created a new chief operating officer position, which would be carried out by former Optus Business Managing Director Peter Kaliaropoulos.

"The Chinese government has built up the world's largest known online disinformation operation," reports CNN, "and is using it to harass US residents, politicians, and businesses."

CNN reports that disinformation operation is even "at times threatening its targets with violence, a CNN review of court documents and public disclosures by social media companies has found." The onslaught of attacks — often of a vile and deeply personal nature — is part of a well-organized, increasingly brazen Chinese government intimidation campaign targeting people in the United States, documents show. The U.S. State Department says the tactics are part of a broader multi-billion-dollar effort to shape the world's information environment and silence critics of Beijing that has expanded under President Xi Jinping... Victims face a barrage of tens of thousands of social media posts that call them traitors, dogs, and racist and homophobic slurs.

They say it's all part of an effort to drive them into a state of constant fear and paranoia. Often, these victims don't know where to turn. Some have spoken to law enforcement, including the FBI — but little has been done. While tech and social media companies have shut down thousands of accounts targeting these victims, they're outpaced by a slew of new accounts emerging virtually every day. Known as "Spamouflage" or "Dragonbridge," the network's hundreds of thousands of accounts spread across every major social media platform have not only harassed Americans who have criticized the Chinese Communist Party, but have also sought to discredit U.S. politicians, disparage American companies at odds with China's interests and hijack online conversations around the globe that could portray the CCP in a negative light.
Some numbers from the article:

• Meta "announced in August it had taken down a cluster of nearly 8,000 accounts attributed to this group in the second quarter of 2023 alone."

• YouTube owner Google "told CNN it had shut down more than 100,000 associated accounts in recent years."

• X "has blocked hundreds of thousands of China 'state-backed' or "state-linked" accounts, according to company blogs."

An anonymous reader quotes a report from SecurityWeek: Moving to clamp down on the growing scourge of SIM-swapping and port-out fraud, the Federal Communications Commission (FCC) has unveiled new rules mandating telcos to give consumers greater control of their mobile phone accounts. Under the new rules, wireless carriers are required to notify customers of any SIM transfer requests, a measure designed to thwart fraudulent attempts by cybercriminals. The FCC has also revised its customer proprietary network information and local number portability rules, making it more challenging for scammers to access sensitive subscriber information.

The new protective measures (PDF) are meant to address SIM-swapping and port-out attacks widely documented in cybercriminal attacks against businesses and consumers. The attack technique is used to hijack mobile accounts, change and steal passwords, bypass MFA roadblocks and raid bank accounts. Studies have found that major mobile carriers in the US are vulnerable to SIM-swapping with the Federal Bureau of Investigation (FBI) receiving thousands of consumer complaints every year.

The technology has become the standard LAN worldwide. From a report: Ethernet became commercially available in 1980 and quickly grew into the industry LAN standard. To provide computer companies with a framework for the technology, in June 1983 Ethernet was adopted as a standard by the IEEE 802 Local Area Network Standards Committee. Currently, the IEEE 802 family consists of 67 published standards, with 49 projects under development. The committee works with standards agencies worldwide to publish certain IEEE 802 standards as international guidelines.

A plaque recognizing the technology is displayed outside the PARC facility. It reads: "Ethernet wired LAN was invented at Xerox Palo Alto Research Center (PARC) in 1973, inspired by the ALOHAnet packet radio network and the ARPANET. In 1980 Xerox, DEC, and Intel published a specification for 10 Mbps Ethernet over coaxial cable that became the IEEE 802.3-1985 Standard. Later augmented for higher speeds, and twisted-pair, optical, and wireless media, Ethernet became ubiquitous in home, commercial, industrial, and academic settings worldwide."

One of the world's most active ransomware groups has taken an unusual -- if not unprecedented -- tactic to pressure one of its victims to pay up: reporting the victim to the US Securities and Exchange Commission. From a report: The pressure tactic came to light in a post published on Wednesday on the dark web site run by AlphV, a ransomware crime syndicate that's been in operation for two years. After first claiming to have breached the network of the publicly traded digital lending company MeridianLink, AlphV officials posted a screenshot of a complaint it said it filed with the SEC through the agency's website. Under a recently adopted rule that goes into effect next month, publicly traded companies must file an SEC disclosure within four days of learning of a security incident that had a "material" impact on their business.

"We want to bring to your attention a concerning issue regarding MeridianLink's compliance with the recently adopted cybersecurity incident disclosure rules," AlphV officials wrote in the complaint. "It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under item 1.05 of form 8-K within the stipulated four business days, as mandated by the new SEC rules." The violation category selected in the online report was "Material misstatement or omission in a company's filings or financial statements or a failure to file."

An anonymous reader quotes a report from The Verge: The Federal Communications Commission has approved (PDF) a new set of rules aiming to prevent "digital discrimination." It means the agency can hold telecom companies accountable for digitally discriminating against customers -- or giving certain communities poorer service (or none at all) based on income level, race, or religion. The new rules come as part of the Biden Administration's 2021 Bipartisan Infrastructure Law, which requires the FCC to develop and adopt anti-digital discrimination rules. "Many of the communities that lack adequate access to broadband today are the same areas that suffer from longstanding patterns of residential segregation and economic disadvantage," FCC Chairwoman Jessica Rosenworcel said following today's vote. "It shows that minority status and income correlate with broadband access."

Under the new rules, the FCC can fine telecom companies for not providing equal connectivity to different communities "without adequate justification," such as financial or technical challenges of building out service in a particular area. The rules are specifically designed to address correlations between household income, race, and internet speed. Last year, a joint report from The Markup and the Associated Press found that AT&T, Verizon, and other internet service providers offer different speeds depending on the neighborhood in cities throughout the US. The report revealed neighborhoods with lower incomes and fewer white people get stuck with slower internet while still having to pay the same price as those with faster speeds. At the time, USTelecom, an organization that represents major telecom providers, blamed the higher price on having to maintain older equipment in certain communities.

The FCC was nearly divided on the new set of rules, as it passed with a 3-2 vote. Critics of the new policy argue the rules are an overextension of the FCC's power. Jonathan Spalter, the CEO of USTelecom, says the FCC is "taking overly intrusive, unworkably vague, and ultimately harmful steps in the wrong direction." Spalter adds the framework "is counter" to Congress' goal of giving customers equal access to the internet. Still, supporters of the new rules believe they can go a long way toward improving fractured broadband coverage throughout the US. The FCC will also establish an "improved" customer portal, where the agency will field and review complaints about digital discrimination. It will take things like broadband deployment, network upgrades, and maintenance across communities into account when evaluating providers for potential rule violations, giving it the authority to hopefully finally address the disparities in internet access throughout the US.