Cybercriminal gangs now releasing stolen photos of cancer patients, student records. From a report: In February, attackers from the Russia-based BlackCat ransomware group hit a physician practice in Lackawanna County, Pennsylvania, that's part of the Lehigh Valley Health Network (LVHN). At the time, LVHN said that the attack "involved" a patient photo system related to radiation oncology treatment. The health care group said that BlackCat had issued a ransom demand, "but LVHN refused to pay this criminal enterprise." After a couple of weeks, BlackCat threatened to publish data stolen from the system. "Our blog is followed by a lot of world media, the case will be widely publicized and will cause significant damage to your business," BlackCat wrote on their dark-web extortion site. "Your time is running out. We are ready to unleash our full power on you!" The attackers then released three screenshots of cancer patients receiving radiation treatment and seven documents that included patient information.

The medical photos are graphic and intimate, depicting patients' naked breasts in various angles and positions. And while hospitals and health care facilities have long been a favorite target of ransomware gangs, researchers say the situation at LVHN may indicate a shift in attackers' desperation and willingness to go to ruthless extremes as ransomware targets increasingly refuse to pay. "As fewer victims pay the ransom, ransomware actors are getting more aggressive in their extortion techniques," says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware. "I think we'll see more of that. It follows closely patterns in kidnapping cases, where when victims' families refused to pay, the kidnappers might send an ear or other body part of the victim." Researchers say that another example of these brutal escalations came on Tuesday when the emerging ransomware gang Medusa published sample data stolen from Minneapolis Public Schools in a February attack that came with a $1 million ransom demand. The leaked screenshots include scans of handwritten notes that describe allegations of a sexual assault and the names of a male student and two female students involved in the incident.

Dish Network must pay $469 million for infringing two patents held by parental-control technology maker ClearPlay related to filtering material from streaming video, a jury in U.S. federal court in Utah has decided. From a report: The jury in Salt Lake City reached its decision on Friday in ClearPlay's lawsuit against Dish, finding that Dish's AutoHop feature for skipping commercials on its Hopper set-top boxes is covered by ClearPlay's patents. While jurors found that Dish's technology violated ClearPlay's patent rights, they rejected ClearPlay's contention that Dish copied its technology intentionally. A Dish spokesperson said on Monday that the company was disappointed in the jury's decision and will contest the verdict, potentially through an appeal. Representatives for ClearPlay did not immediately respond to requests for comment on Monday.

"Meta, the parent firm of Facebook and Instagram, is working on a standalone, text-based social network app," reports the BBC.
BR> "It could rival both Twitter and its decentralised competitor, Mastodon." A spokesperson told the BBC: "We're exploring a standalone decentralized social network for sharing text updates...." According to MoneyControl, the new app is codenamed P92, and will allow users to log in through their existing Instagram credentials.

Meta's app will be based on a similar framework to the one that powers Mastodon, a Twitter-like service which was launched in 2016. The new app would be decentralised — it cannot be run at the whim of a single entity, bought or sold....

It was not immediately clear when Meta would roll out the new app.

The U.S. government is not seeking to "decouple" from China, nor is it seeking "technological decoupling," but Washington "would like to see India achieve its aspirations to play a larger role in the electronics supply chain," U.S. Commerce Secretary Gina Raimondo said on Friday. From a report: On its part, the U.S. signed a memorandum of understanding with India on Friday to cooperate in the semiconductor sector. The semiconductor industries in both the nations are beginning to assess the resiliency and gaps in the supply chain network, said Raimondo, whose department is overseeing pouring of about $52 billion into the U.S. semiconductor industry. [...] But even as India and the U.S. tighten their tech ties, Washington is not looking to cut reliance on China, she insisted. "We see India as a trusted technology partner and we want to continue to deepen our technological relationship with India. But I also want to make it clear that the United States doesn't seek to decouple from China."

Twitter's decline is paving the way for other platforms to build next-generation replacements. And now the biggest player in the game is getting involved: Meta is in the early stages of building a dedicated app for people to post text-based updates. From a report: "We're exploring a standalone decentralized social network for sharing text updates," the company told Platformer exclusively in an email. "We believe there's an opportunity for a separate space where creators and public figures can share timely updates about their interests." News that Meta has been exploring a text-based network was first reported Thursday by MoneyControl. The app is codenamed P92 and will allow users to log in through their existing Instagram credentials, the outlet reported.

Details about the project are scant. The product is still in its earliest stages, sources said, and there is no time frame for it being released. But legal and regulatory teams have already started to investigate potential privacy concerns around the app so they can be addressed before launch, we're told. Adam Mosseri, who runs Instagram, is taking the lead on the project, sources said. The most remarkable aspect of the project is that Meta plans for the network to be decentralized. While the company would not elaborate beyond its statement, in a decentralized network individual users are typically able to set up their own, independent servers and set server-specific rules for how content is moderated. Building a decentralized network could also give Meta the opportunity for its new app to interoperate with other social products -- a previously unheard-of gesture from a company known for building some of the most lucrative walled gardens in the industry's history.

Alphabet's Wing is debuting a Wing Delivery Network platform that relies on decentralized and highly automated pickups. Engadget reports: Drones charge and deliver in whatever locations make the most sense for the broader system. If demand surges in a given area, more drones can operate around the nearest pads. Crucially, your local restaurant or store doesn't have to do much to take advantage of the network. An AutoLoader system lets shops simply latch a package to a curbside pickup location and walk away -- the drone handles the rest. Businesses have to order drones, but they don't have to manage the fleet or make employees wait for an aircraft to arrive.

The technology is also meant to scale elegantly. It's relatively easy to add new pad locations as usage grows, and the drones can double as scouts that expand the network. The drones can even make sure they're allowed to fly in a given area. Wing expects "elements" of the Delivery Network to deploy over the next year, with demonstrations taking place worldwide in 2023. Provided all goes according to plan, the brand wants to handle "millions" of deliveries by mid-2024, at prices that beat conventional ground-based delivery.

The new 2024 Ford Mustang is losing its AM radio receiver, reports The Drive. A Ford spokesperson confirmed the feature's deletion, citing that "countries and automakers globally are modernizing radio by offering internet streaming through mobile apps, FM, or digital." From the report: The availability of AM radio in new cars has declined over the last decade with shifts in media consumption habits, with AM radio's audience evaporating in Europe and accounting for only a small minority of the U.S. population. [...] It's a trend of concern to current and former U.S. emergency officials, who recently wrote the Secretary of Transportation a letter advising action on AM radio's disappearance. AM radio is a crucial component of the U.S.'s national alert network, with just 75 stations reaching more than 90 percent of the country's population. Officials are concerned that AM receivers' decreasing availability in new cars could compromise their ability to reach citizens during emergencies.

An anonymous reader quotes a report from Motherboard: A security researcher appears to have tracked the physical location of a former top Biden administration official through his apparent usage of AllTrails, a popular hiking app with more than 30 million registered users. The AllTrails records appear to show the official visiting sensitive locations such as the White House, and also suggests the specific house where he or his family lives. By default, AllTrails users' activity is public for anyone to view, including completed trails, maps, and activities. But that convenience and focus on providing a social network style experience comes with potential risks around national security or privacy, depending on the particular user. Whether a public figure like a government official or celebrity, or someone at risk of stalking in general such as someone in an abusive relationship, AllTrails' privacy settings may be something users should consider.

"I found interesting results by searching near the Pentagon, NSA, CIA or White House and then looking at the user's other activity," Wojciech, the security researcher, told Motherboard in an email. Wojciech said they used their own open source intelligence platform as part of the investigative process. They said the tool supports Strava and another app called SportsTracker, and will include AllTrails itself soon. Wojciech sent Motherboard a link to what they believed to be the AllTrails profile of the former top Biden official. Motherboard is not naming the official because they did not respond to requests for comment, and their profile is still publicly accessible.

One trip to the White House in December recorded in AllTrails also shows a nearby apartment building he ended his journey at. More trips recorded that month show the official's other movements throughout Washington D.C. Much of the AllTrails activity relates to when this official was part of the administration. Motherboard searched through the official's AllTrails activity and found multiple hikes starting from the same location. Motherboard then queried public records and found this location was a house registered to the official's family, meaning AllTrails had helped identify where the official or his family may have been living. Motherboard also verified that the official does have an account on AllTrails by attempting to sign up to the service with the official's personal email address. This was not possible because the address was already registered to an account.

schwit1 shares an excerpt from a Substack article, written by former cybersecurity reporter Catalin Cimpanu: The Canada Revenue Agency (CRA), the tax department of Canada, recently updated its terms and conditions to force taxpayers to agree that CRA is not liable if their personal information is stolen while using the My Account online service portal -- which, ironically, all Canadians must use when doing their taxes and/or running their business. The CRA's terms of use assert the agency is not liable because they have "taken all reasonable steps to ensure the security of this Web site."

Excerpt from the CRA terms statement: "10. The Canada Revenue Agency has taken all reasonable steps to ensure the security of this Web site. We have used sophisticated encryption technology and incorporated other procedures to protect your personal information at all times. However, the Internet is a public network and there is the remote possibility of data security violations. In the event of such occurrences, the Canada Revenue Agency is not responsible for any damages you may experience as a result."

Unfortunately, that is not true. After reviewing the HTTP responses from the CRA My Account login page, it's clear the agency has not configured even some of the most basic security features. For example, security protections for their cookies are not configured, nor are all the recommended security headers used. Not only is that not "all reasonable steps," but the CRA is missing the very basics for securing online web applications.

The terms of use also state that users are not allowed to use "any script, robot, spider, Web crawler, screen scraper, automated query program or other automated device or any manual process to monitor or copy the content contained in any online services." Looking at the HTTP response headers using web browser developer tools doesn't breach the terms of services, but the CRA must be well aware that internet users perform scans like this all the time. And it's not the legitimate My Account users who are likely to be the culprits. Unfortunately for Canadians, threat actors don't read terms of use pages. A statement like this doesn't protect anyone, except CRA, from being held responsible for failing to properly secure Canadian citizens' personal data.

Google is expanding VPN access to all Google One members on all plans and rolling out a new dark web report feature for all subscribers. From a report: VPN by Google One was previously only available to members on the Premium 2TB plan, but will now be available to all Google One members, including those on the Basic plan that starts at $1.99 per month. The tech giant notes that VPN by Google One adds more protection to your internet activity no matter what apps or browsers you use, shielding it from hackers or network operators by masking your IP address. Google is also introducing a new feature called "dark web report" for Google One members on all plans in the United States to help users monitor their personal information on the dark web. Dark web report will start rolling out over the next few weeks to members across all Google One plans in the United States.

An anonymous reader quotes a report from InterestingEngineering: The U.S. Air Force's Global Strike Command awarded a new $75.5 million contract to New York-based firm Persistent Systems. The aim is to build a unified security system for 400 operational Minuteman III intercontinental-range nuclear missile silos secured in remote areas throughout the U.S. It will be the world's largest wireless ad-hoc network, helping secure the U.S.'s nuclear arsenal amid growing concerns over global nuclear security.

Persistent Systems will roll out its Infrastructure-based Regional Operation Network (IRON) offering across three Air Force bases as part of the Regional Operating Picture (ROP) program. According to the company, the new security network will cover an area of 25,000 square miles (64,750 sq km), making it the world's largest wireless ad-hoc network. The IRON offering is an easy-to-deploy Integrated MANET Antenna System on fixed towers and poles. It will allow the U.S. Air Force to connect 75 operation centers and more than 1,000 Security Force vehicles. The ROP program will allow constant communication to an Operations Center via the towers. Meanwhile, the personnel at that Operations Center will know the exact location of any Security Forces on a digital map. Both will be able to share critical data seamlessly.

As highlighted by Daring Fireball's John Gruber, Roku doesn't support IPv6 -- a next-gen Internet Protocol standard intended to eventually replace IPv4, the protocol many Internet services (including Roku) still use today. "DingleBog3899" writes on the Roku community forum: I work for a Native American tribe in the PNW. We scrambled to get the reservation reliable internet in the later part of 2019. We managed to cover most of the reservation with wi-max and wifi with a fiber back haul configuration. We are now slowly getting more stable and reliable fiber to the home(FttH) service installed to as many homes as we can, but it is slow process covering the mostly rural landscape doing all the work in house. Our tribal network started out IPv6, but soon learned we had to somehow support IPv4 only traffic. It took almost 11 months in order to get a small amount of IPv4 addresses allocated for this use. In fact there were only enough addresses to cover maybe 1% of population. So we were forced to create a very expensive proxy/translation server in order to support this traffic.

We learned a very expensive lesson. 71% of the IPv4 traffic we were supporting was from Roku devices. 9% coming from DishNetwork & DirectTV satellite tuners, 11% from HomeSecurity cameras and systems, and remaining 9% we replaced extremely outdated Point of Sale (POS) equipment. So we cut Roku some slack three years ago by spending a little over $300k just to support their devices. First off I despise both Apple and that other evil empire (house of mouse) I want nothing to do with either of them. Now with that said I am one of four individuals that suggested and lobbied 15 other tribal nations to offer a new AppleTV device in exchange for active Roku devices. Other nations are facing the same dilemma. Spend an exorbitant amount of money to support a small amount of antiquated devices or replace the problem devices at fraction of the cost. "Now if Roku cannot be proactive at keeping up with connectivity standards they are going to be wiped out by their own complacency," adds DingleBob3899. "Judging by the growing number of offers to replace their devices for free their competitors are already proactively exploiting that complacency. When we approached Apple to see about a discount to purchase a large number of their devices, for the exchange, they eagerly offered to supply their devices for free."

Meta Platforms' WhatsApp has agreed to be more transparent about changes to its privacy policy introduced in 2021, the European Commission said on Monday, following complaints from consumer bodies across Europe. From a report: The European Consumer Organisation (BEUC) and the European Network of consumer authorities told WhatsApp last year that it had not clarified the changes in plain and intelligible language, violating the bloc's laws. EU members' national regulators can sanction companies for breaches. WhatsApp has now agreed to explain changes to EU users' contracts and how these could affect their rights, and has agreed to display prominently the possibility for users to accept or reject the changes and ensure that users can easily close pop-up notifications on updates. The company also confirmed that users' personal data is not shared with third parties or other Meta companies, including Facebook, for advertising purposes.

An anonymous reader quotes a report from Ars Technica: Netflix co-CEO Greg Peters spoke out against a European proposal to make streaming providers and other online firms pay for ISPs' network upgrades. "Some of our ISP partners have proposed taxing entertainment companies to subsidize their network infrastructure," Peters said in a speech Tuesday at Mobile World Congress in Barcelona (transcript). The "tax would have an adverse effect, reducing investment in content -- hurting the creative community, hurting the attractiveness of higher-priced broadband packages, and ultimately hurting consumers," he argued. [...] "ISPs claim that these taxes would only apply to Netflix. But this will inevitably change over time as broadcasters shift from linear to streaming," Peters said at MWC. Sandvine data suggests that nearly half of global Internet traffic is sent by Facebook, Amazon, Google, Apple, Netflix, and Microsoft. Online video accounts for 65 percent of all traffic, and Netflix recently passed YouTube as the top video-traffic generator.

Peters cited Nielsen data showing that "Netflix accounts for under 10 percent of total TV time" in the US and UK while "traditional local broadcasters account for over half of all TV time." Live sports account for much of that. "As broadcasters continue the shift away from linear to streaming, they will start to generate significant amounts of Internet traffic too -- even more than streamers today based on the current scope and scale of their audiences," Peters said. "Broadband customers, who drive this increased usage, already pay for the development of the network through their subscription fees. Requiring entertainment companies -- both streamers and broadcasters -- to pay more on top would mean ISPs effectively charging twice for the same infrastructure." Telcos that receive new payments wouldn't be expected to lower the prices charged to home Internet users, Peters said. "As the consumer group BEUC has pointed out, there is no suggestion these levies would be passed onto consumers in the form of 'lower prices or better infrastructure,'" he said.

Peters said Netflix's "operating margins are significantly lower than either British Telecom or Deutsche Telekom. So we could just as easily argue that network operators should compensate entertainment companies for the cost of our content -- exactly as happened under the old pay-TV model." While telcos claim companies like Netflix don't pay their "fair share," Peters pointed out that Netflix has spent a lot building its own network that reduces the amount of data sent over traditional telecom networks. "We've spent over $1 billion on Open Connect, our own content delivery network, which we offer for free to ISPs," he said. "This includes 18,000 servers with Netflix content distributed across 6,000 locations and 175 countries. So when our members press play, instead of the film or TV show being streamed from halfway around the world, it's streamed from around the corner -- increasing efficiency for operators while also ensuring a high-quality, no-lag experience for consumers." Peters also touted Netflix's encoding technology that cut bit rates in half between 2015 and 2020. While Internet traffic has increased about 30 percent a year, "ISPs have managed this increased consumer usage efficiently while their costs have remained stable," Peters said. "Regulators have highlighted this, too, calling out that infrastructure costs are not sensitive to traffic and that growing consumption will be offset by efficiency gains."

San Diego Union-Tribune: Almost three years ago, the city of San Diego cut off access to its broad network of Smart Streetlights -- more than 3,000 devices perched atop light poles that could collect images and other data, some of which the Police Department used to solve criminal cases. The city removed that access, at least without a warrant, because of concerns from the public about surveillance and privacy issues. On Wednesday, the San Diego Police Department said it wants access to 500 of those devices to be restored -- and they want to add another crime-solving tool to the network: automated license plate readers.

The controversy surrounding the Smart Streetlights began in 2019 when it was revealed that the cameras had been installed without public input. Police started accessing the camera footage in 2018 for investigations. Direct access was cut off in 2020 as a result of public outcry. Because the Smart Streetlight cameras had not been well maintained over the years, the city would need to install new cameras. Adding the license plate reader technology would mark the first time the city of San Diego would have the readers in fixed locations. This is the first big push for surveillance technology in San Diego since the city approved ordinances last year specifically setting rules to govern this kind of technology in light of privacy concerns.

Australia is preparing for its next step away from fossil fuels by creating a market to replace the spinning coal plant turbines that help stabilize the power grid. From a report: The government's adviser on energy policy, the Australian Energy Market Commission, is consulting on a rule change for a spot market in inertia provision, it said in a statement on Thursday. Australia's world-leading usage of wind, solar and batteries has led to "new and previously unobserved operational conditions," it said.

Conventional power plants use turbines that keep revolving even when the fuel that's forcing them to move stops burning. It's a process known as inertia, which helps network operators maintain stability, smooth over disturbances in the grid and prevent blackouts. However, solar panels and wind turbines generally stop and start almost instantaneously -- hence the AEMC's call for other sources of inertia.

Dish Network, one of the largest television providers in the United States, confirmed on Tuesday that a previously disclosed "network outage" was the result of a cybersecurity breach that affected the company's internal communications systems and customer-facing support sites. CNBC reports: "Certain data was extracted," the company said in a statement Tuesday. The acknowledgment is an evolution from last week's earnings call, where it was described as an "internal outage." Dish Networks' website was down for multiple days beginning last week, but the company has now disclosed that "internal communications [and] customer call centers" remain affected by the breach. Dish said it had retained outside experts to assist in evaluating the problem.

The intrusion took place on the morning of Feb. 23, the same day the company reported its fourth-quarter earnings. "This morning, we experienced an internal outage that's continuing to affect our internal servers and IT telephony," Dish CEO W. Erik Carlson said at that time. "We're analyzing the root causes and any consequences of the outage, while we work to restore the affected systems as quickly as possible." According to Bleeping Computer, the Black Basta ransomware gang is behind the attack, first breaching Boost Mobile and then the Dish corporate network.

An anonymous reader quotes a report from Ars Technica: With Starlink speeds slowing due to a growing capacity crunch, SpaceX said a launch happening as soon as today will deploy the first "V2 Mini" satellites that provide four times more per-satellite capacity than earlier versions. Starlink's second-generation satellites include the V2 Minis and the larger V2. The larger V2s are designed for the SpaceX Starship, which isn't quite ready to launch yet, but the V2 Minis are slimmed-down versions that can be deployed from the Falcon 9 rocket. "The V2 Minis are smaller than the V2 satellites (hence the name) but don't let the name fool you," SpaceX said in a statement provided to Ars yesterday. "The V2 Minis include more advanced phased array antennas and the use of E-band for backhaul, which will enable Starlink to provide ~4x more capacity per satellite than earlier iterations."

SpaceX didn't specify the amount of data that each V2 Mini satellite can provide, but its first-generation satellites were designed for an aggregate downlink capacity of 17 to 23Gbps per satellite. The Federal Communications Commission recently gave SpaceX approval to launch 7,500 of the 30,000 planned second-generation satellites. A SpaceX Falcon 9 launch tentatively scheduled for today would put 21 V2 Minis into orbit. The larger V2 satellites that can't launch until Starship is ready will be able to send signals directly to cell phones, a capability that'll be used by SpaceX and T-Mobile in a partnership announced in August 2022. "Each Starlink V2 Mini satellite weighs about 1,760 pounds (800 kilograms) at launch, nearly three times heavier than the older Starlink satellites," notes Spaceflight Now. "They are also bigger in size, with a spacecraft body more than 13 feet (4.1 meters) wide, filling more of the Falcon 9 rocket's payload fairing during launch."

UPDATE: SpaceX successfully launched the first batch of "V2 Mini" Starlink satellites. "A Falcon 9 rocket hauled the 21 Starlink satellites into a 230-mile-high (370-kilometer) orbit after lifting off from pad 40 at Cape Canaveral Space Force Station at 6:13:50 p.m. EST (2313:50 GMT) Monday," reports Spaceflight Now. "SpaceX delayed the launch from earlier Monday afternoon to wait for radiation levels to abate following a solar storm that sparked dramatic auroral displays visible across Northern Europe and Canada." You can watch the launch here. Elon Musk also shared video of the first V2 satellites to reach orbit.

According to a spokesperson for the United States Marshals Service (USMS), the agency was hit with a ransomware attack last week that compromises sensitive information. NBC News reports: In a statement Monday, U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, telling NBC News: "The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees."

Wade said the incident occurred Feb. 17, when the Marshals Service "discovered a ransomware and data exfiltration event affecting a stand-alone USMS system." The system was disconnected from the network, and the Justice Department began a forensic investigation, Wade said. He added that on Wednesday, after the agency briefed senior department officials, "those officials determined that it constitutes a major incident." The investigation is ongoing, Wade said.

A senior law enforcement official familiar with the incident said the breach did not involve the database involving the Witness Security Program, commonly known as the witness protection program. The official said no one in the witness protection program is in danger because of the breach. Nevertheless, the official said, the incident is significant, affecting law enforcement sensitive information pertaining to the subjects of Marshals Service investigations. The official said the agency has been able to develop a workaround so it is able to continue operations and efforts to track down fugitives.

LinkedIn has been hit by a rise in sophisticated recruitment scams, as fraudsters seek to take advantage of the trend towards remote working and widespread lay-offs across the tech sector. From a report: Jobseekers on the world's largest professional network are being defrauded out of money after taking part in fake recruitment processes set up by scammers who pose as employers, before obtaining personal and financial information. "There's certainly an increase in the sophistication of the attacks and the cleverness," Oscar Rodriguez, vice-president of product management at LinkedIn told the Financial Times "We see websites being set up, we see phone numbers with a seemingly professional operator picking up the phone and answering on the company's behalf. We see a move to more sophisticated deception," he added.

The warning comes as the Microsoft-owned social media company said it has sought to block tens of millions of fake accounts in recent months, while US regulators warn of an increase in jobs-related cons. Last month, cyber security company Zscaler revealed a scam that targeted jobseekers and a dozen US companies, where fraudsters approached people through LinkedIn's direct messaging feature InMail. Scammers identified businesses that were already hiring, including enterprise software company Zuora, software developer Intellectsoft and Zscaler itself. They then created "lookalike" websites with similar job ads and, via LinkedIn's InMail feature, invited jobseekers to enter personal information into the websites, before conducting remote interviews via Skype.