Multiple people who appear to be employees of Microsoft have exposed sensitive login credentials to the company's own infrastructure on GitHub, potentially offering attackers a gateway into internal Microsoft systems, according to a cybersecurity research firm that found the exposed credentials. Motherboard reports: "We continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it's becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days," Mossab Hussein, chief security officer at cybersecurity firm spiderSilk which discovered the issue, told Motherboard in an online chat. Hussein provided Motherboard with seven examples in total of exposed Microsoft logins. All of these were credentials for Azure servers. Azure is Microsoft's cloud computer service and is similar to Amazon Web Services. All of the exposed credentials were associated with an official Microsoft tenant ID. A tenant ID is a unique identifier linked to a particular set of Azure users. One of the GitHub users also listed Microsoft on their profile.

Three of the seven login credentials were still active when spiderSilk discovered them, with one seemingly uploaded just days ago at the time of writing. The other four sets of credentials were no longer active but still highlighted the risk of workers accidentally uploading keys for internal systems. Microsoft refused to elaborate on what systems the credentials were protecting when asked multiple times by Motherboard. But generally speaking, an attacker may have an opportunity to move onto other points of interest after gaining initial access to an internal system. One of the GitHub profiles with exposed and active credentials makes a reference to the Azure DevOps code repository. Highlighting the risk that such credentials may pose, in an apparently unrelated hack in March attackers gained access to an Azure DevOps account and then published a large amount of Microsoft source code, including for Bing and Microsoft's Cortana assistant. "We've investigated and have taken action to secure these credentials," said a Microsoft spokesperson in a statement. "While they were inadvertently made public, we haven't seen any evidence that sensitive data was accessed or the credentials were used improperly. We're continuing to investigate and will continue to take necessary steps to further prevent inadvertent sharing of credentials."

The Court of Appeals for the D.C. Circuit on Friday upheld the FCC's decision to reallocate part of the 5.9 GHz band for unlicensed use -- rather than the dedicated short-range communications (DSRC) it was originally allocated for. "This is part of the spectrum that in 1999 was set aside exclusively for the auto industry to use for DSCR to improve auto safety," notes Fierce Wireless. "At that time, the full amount set aside was 75 megahertz." From the report: After about 20 years, nothing ever really came of DSRC, and in 2020, the FCC divvied up the 75 megahertz, making 45 megahertz available for unlicensed use with the remaining 30 megahertz designated for auto safety. Specifically, the auto safety spectrum was reallocated for Cellular Vehicle-to-Everything (C-V2X) technology, a more modern tech than DSRC. The Intelligent Transportation Society of America and American Association of State Highway and Transportation Officials didn't like the FCC's decision and appealed, arguing that it violated the Transportation Equity Act. They also said the FCC unlawfully revoked or modified FCC licenses. But Circuit Court Judge Justin Walker said it did not violate the act and said the court disagreed with the transportation officials' arguments "on all fronts."

An anonymous reader quotes a report from the New York Times: The Food and Drug Administration decided on Tuesday to allow hearing aids to be sold over the counter and without a prescription to adults, a long-sought wish of consumers frustrated by expensive exams and devices. The high cost of hearing aids, which are not covered by basic Medicare, has discouraged millions of Americans who have hearing loss from buying the devices. Health experts say that untreated hearing loss can contribute to cognitive decline and depression in older people. Under the new rule, people with mild to moderate hearing loss should be able to buy hearing aids online and in retail stores as soon as October, without being required to see a doctor for an exam to get a prescription.

The F.D.A. cited studies estimating that about 30 million Americans experience hearing loss, but only about one-fifth of them get help. The changes could upend the market, which is dominated by a relatively small number of manufacturers, and make it a broader field with less costly, and perhaps, more innovative designs. Current costs for hearing aids, which tend to include visits with an audiologist, range from about $1,400at Costco to roughly $4,700elsewhere. The F.D.A.'s final rule takes effect in 60 days. Industry representatives say device makers are largely ready to launch new products, though some may need time to update labeling and packaging or to comply with technical details in the rule. "This could fundamentally change technology," said Nicholas Reed, an audiologist at the Department of Epidemiology at Johns Hopkins Bloomberg School of Public Health. "We don't know what these companies might come up with. We may literally see new ways hearing aids work, how they look."

A data-marketing and analytics company has sued the Federal Trade Commission, saying the agency is wrongly threatening to sue it for marketing geolocation data that might be used to track consumer visits to sensitive locations such as abortion clinics. From a report: The lawsuit by Kochava was filed on Friday in U.S. District Court in Idaho, where the company is based. The FTC didn't immediately respond to requests for comment. The commission announced last week that it would begin considering rules to protect the privacy of a range of consumer data. The Kochava case represents an early salvo in what could be a lengthy battle over the privacy of some online healthcare data. In June, the U.S. Supreme Court eliminated the constitutional right to an abortion, overturning the 1973 Roe v. Wade decision and leaving the question of abortion's legality to the states. In response, President Biden issued an executive order encouraging the FTC to take new actions to protect consumers' privacy when they seek information about reproductive health.

Losses arising from cryptocurrency hacks jumped nearly 60% in the first seven months of the year to $1.9 billion, propelled by a surge in funds stolen from decentralized finance (DeFi) protocols, according to a blog post from blockchain analysis firm Chainalysis released on Tuesday. From a report: In the same period last year, stolen funds from hacking amounted to $1.2 billion. DeFi applications, many of which run on the Ethereum blockchain, are financial platforms that enable crypto-denominated lending outside of traditional banks.

Oracle has begun vetting TikTok's algorithms and content moderation models to ensure they aren't manipulated by Chinese authorities, Axios reported Tuesday. From the report: The effort is meant to provide further assurance to lawmakers that TikTok's U.S. platform operates independently from influence by the Chinese Communist Party. TikTok is owned by Chinese tech giant ByteDance. ByteDance bought the U.S. lip-syncing app Musical.ly in 2017 and merged it with its version of a similar app called TikTok. The app has since skyrocketed in popularity in the U.S.

An anonymous reader quotes a report from Motherboard: The American Data Privacy and Protection Act (ADPPA), a new federal privacy bill that has actually a chance of becoming law, is designed to introduce new privacy protections for Americans. But it may also have the side effect of wiping out $200 million worth of fines proposed against some of the country's biggest telecommunications companies as part of a major location-data selling scandal in which the firms sold customer data that ended up in the hands of bounty hunters and other parties. The issue centers around the ADPPA's shift of enforcement for privacy related matters from the Federal Communications Commission (FCC), which proposed the fines, to the Federal Trade Commission (FTC). The news highlights the complex push and pulls when developing privacy legislation, and some of the pitfalls along the way.

The FCC proposed the $200 million fines in February 2020. The fines came after Motherboard revealed that the carriers sold phone location data to a complex supply chain of companies which then provided it to hundreds of bounty hunters and other third parties, including someone that allowed Motherboard to track a phone for just $300. The fines also came after The New York Times and the office of Sen. Ron Wyden found that the carriers sold location data in a similar method to a company called Securus, which allowed law enforcement officials to track the location of phones without a warrant. A former sheriff abused the tool to spy on judges and other officials. The offending telecoms -- AT&T, T-Mobile, Sprint, Verizon -- said they stopped the sale of location data at varying points in time in response to the investigations. The FCC then found that the carriers broke the law by selling such data.

FCC Press Secretary Paloma Perez told Motherboard in an emailed statement that "our real-time location information is some of the most sensitive data there is about us, and it deserves the highest level of privacy protection. That is why the FCC has proposed more than $200 million in fines against the nation's largest wireless carriers for selling their customers' location data. Through our continued oversight we have ensured that these carriers are no longer monetizing their consumers' real-time location in this way, and we are continuing our investigation into these practices and expect to reach a conclusion very soon." In July FCC Chairwoman Jessica Rosenworcel sent letters to a host of U.S. telecommunications, tech, and retail companies to ask about their use of location data.

The United States is formally banning the export of four technologies tied to semiconductor manufacturing, calling the protection of the items "vital to national security." The Register reports: Announced Friday (PDF) by the US Commerce Department's Bureau of Industry and Security (BIS) and enacted today, the rule will ban the export of two ultra-wide bandgap semiconductor materials, as well as some types of electronic computer-aided design (ECAD) technology and pressure gain combustion (PGC) technology. In particular, the BIS said that the semiconductor materials gallium oxide and diamond will be subject to renewed export controls because they can operate under more extreme temperature and voltage conditions. The Bureau said that capability makes the materials more useful in weapons. ECAD software, which aids design for a wide range of circuits, comes in specialized forms that supports gate-all-around field effect transistors (GAAFETs), which are used to scale semiconductors to 3 nanometers and below. PGC technology also has "extensive potential" for ground and aerospace uses, the BIS said.

All four items are being classified under Section 1758 of the Export Control Reform Act, which covers the production of advanced semiconductors and gas turbine engines. Those types of technology are also covered by the Wassenaar Arrangement, made in 2013 between the US and 41 other countries, which functions as a broader arms control treaty. "We are protecting the four technologies identified in today's rule from nefarious end use by applying controls through a multilateral regime," Assistant Secretary of Commerce for Export Administration Thea D Rozman Kendler said in a statement. "This rule demonstrates our continued commitment to imposing export controls together with our international partners."

The reason for the addition of the four forms of technology to export controls is a change made in May to how the BIS characterizes emerging and foundational technologies. Under the change, such tech was reclassified to be covered by Section 1758. The BIS statement announcing the export ban made no mention of the countries, but recent events make it clear the target is China -- the US has been considering other tech export bans (and investment freezes), recently all of which appeared tailored to target China. Analysts in the Middle Kingdom have claimed the ban would have little short-term impact on China's chipmaking industry as no one in China has yet managed to design chips as advanced as those targeted by the ban.

An anonymous reader quotes a report from Wired: If you were born in the United States within the last 50 or so years, chances are good that one of the first things you did as a baby was give a DNA sample to the government. By the 1970s, states had established newborn screening programs, in which a nurse takes a few drops of blood from a pinprick on a baby's heel, then sends the sample to a lab to test for certain diseases. Over the years, the list has grown from just a few conditions to dozens. The blood is supposed to be used for medical purposes -- these screenings identify babies with serious health issues, and they have been highly successful at reducing death and disability among children. But a public records lawsuit filed last month in New Jersey suggests these samples are also being used by police in criminal investigations. The lawsuit, filed by the state's Office of the Public Defender and the New Jersey Monitor, a nonprofit news outlet, alleges that state police sought a newborn's blood sample from the New Jersey Department of Health to investigate the child's father in connection with a sexual assault from the 1990s.

Crystal Grant, a technology fellow at the American Civil Liberties Union, says the case represents a "whole new leap forward" in the misuse of DNA by law enforcement. "It means that essentially every baby born in the US could be included in police surveillance," she says. It's not known how many agencies around the country have sought to use newborn screening samples to investigate crimes, or how often those attempts were successful. But there is at least one other instance of it happening. In December 2020, a local TV station reported that police in California had issued five search warrants to access such samples, and that at least one cold case there was solved with the help of newborn blood. "This increasing overreach into the health system by police to get genetic information is really concerning," Grant says.

The New Jersey lawsuit alleges that police obtained the blood sample of a newborn child (who is now elementary-school aged) to perform a DNA analysis that linked the baby's father to a crime. This was done using a technique called investigative genetic genealogy, or forensic genealogy. It usually involves isolating DNA left at a crime scene and using it to create a digital genetic profile of a suspect. Investigators can upload this profile to genealogy websites where other people have freely shared their own DNA information in the hope of connecting with family members or learning about their ancestry. Because DNA is shared within families, investigators can use relative matches to map out a suspect's family tree and narrow down their identity. According to the New Jersey lawsuit, police had reopened an investigation into a cold case and had used genetics to place the suspect within a single family: one of several adults or their children. But police didn't yet have probable cause to obtain search warrants for DNA swabs from any of them. Instead, they asked the state's newborn screening lab for a blood sample of one of the children. Analysis of this genetic information revealed a close relationship between the baby's DNA and the DNA taken at the crime scene, indicating that the baby's father was the person police were seeking. That was enough to establish probable cause in the assault investigation, so police sought a warrant for a cheek swab from the father. After analyzing his DNA, the suit contends, police found that it was a match to the crime scene DNA. "Because there are no federal laws governing newborn screening programs, states set their own policies on which diseases they test for, how long samples are stored, and how they can be used," notes Wired. "Some states hold on to blood samples for months, others for years or decades. Virginia only keeps samples from infants with normal results for six months, while Michigan retains them for up to 100 years. New Jersey stores samples for 23 years before destroying them."

"Need an easy way to make $23 million?" asks Mashable.

"Have you ever considered just claiming music others uploaded to YouTube as your own and collecting the royalties? That's basically all two Phoenix men did to swindle Latin music artists like Daddy Yankee and Julio Iglesias out of millions of dollars in royalties, as detailed in a new piece from Billboard last week.

According to Kristin Robinson of Billboard, Jose "Chenel" Medina Teran and Webster Batista set up a media company called MediaMuv and claimed to own the rights to various Latin music songs and compositions. In total, MediaMuv claimed to own more than 50,000 copyrights since 2017, when Teran and Batista began their scheme.

In order for MediaMuv to claim these copyrights and collect royalties through YouTube's Content ID system, the fraudulent company needed to partner with AdRev, a third-party company that has access to YouTube's CMS and Content ID tools and helps artists manage their digital copyrights. MediaMuv created a few fake documents and provided AdRev with this paperwork in order to prove ownership over the music it claimed. From there, AdRev not only helped MediaMuv collect royalties for those copyrights but also provided Terana and Batista with direct access to YouTube's CMS so they could claim copyrights on its own.

Teran and Batista's four-year-long royalties heist came to an end late last year following an investigation from the IRS. According to Billboard, the two were indicted on "30 counts of conspiracy, wire fraud, money laundering and aggravated identity theft."
Mashable calls it "a huge reminder that online copyright is deeply flawed..."

"[J]ust think about how many more careful scammers are still skimming royalties off of an untold number of artists."

Long-time Slashdot reader drinkypoo writes: John Deere, current and historic American producer of farming equipment, has long been maligned for their DRM-based lockdowns of said equipment which can make it impossible for farmers to perform their own service. Now a new security bypass has been discovered for some of their equipment, which has revealed that it is in general based on outdated versions of Linux and Windows CE.

Carried out by Sick Codes, the complete attack involves attaching hardware to the PCB inside a touchscreen controller, and ultimately produces a root terminal.

In the bargain and as a result, the question is being raised about JD's GPL compliance.
Sick Codes isn't sure how John Deere can eliminate this vulnerability (beyond overhauling designs to add full disk encryption to future models). But Wired also notes that "At the same time, though, vulnerabilities like the ones that Sick Codes found help farmers do what they need to do with their own equipment."

Although the first thing Sick Codes did was get the tractor running a farm-themed version of Doom.

The Independent reports that the UK's National Health System is experiencing a major outage "expected to last for more than three weeks" after a third-party supplying the NHS's "CareNotes" software was hit by ransomware.

Unfortunately, this leaves doctors unable to see their notes on patients, and the mental health trusts that provide care "across the country will be left unable to access patient notes for weeks, and possibly months." Oxford Health NHS Foundation Trust has declared a critical incident over the outage, which is believed to affect dozens of trusts, and has told staff it is putting emergency plans in place. One NHS trust chief said the situation could possibly last for "months" with several mental health trusts, and there was concern among leaders that the problem is not being prioritised.

In an email to staff, Oxford Health NHS Foundation Trust chief executive Nick Broughton, said: "The cyberattack targeted systems used to refer patients for care, including ambulances being dispatched, out of hours appointment bookings, triage, out of hours care, emergency prescriptions and safety alerts. It also targeted the finance system used by the trust.... An NHS director said: "The whole thing is down. It's really alarming...we're carrying a lot of risk as a result of it because you can't get records and details of assessments, prescribing, key observations, medical mental health act observations. You can't see any of it...Staff are going to have to write everything down and input it later."

They added: "There is increased risk to patients. We're finding it hard to discharge people, for example to housing providers, because we can't access records."
"'Weeks' is an unreasonable period," argues Slashdot reader Bruce66423, wondering why it couldn't be resolved with a seemingly simple restore from backups?

And Alan Woodward, a professor of cybersecurity at Surrey University, warns the Guardian that "Even if it was ransomware ... that doesn't mean data was not stolen."

In June Netflix launched Web of Make Believe: Death, Lies, and the Internet, a true-crime series. It began with an episode documenting the 2017 death of a 28-year-old Kansas man named Andrew Finch after California gamer Tyler Barriss faked an emergency call from Finch's home to the Wichita, Kansas police department.

So where are they now? Barriss is now serving a 20-year prison sentence, Bustle reports. "Barriss, a resident of Los Angeles, California, pled guilty to a total of 51 charges, all having to do with hoax emergency calls he'd made, including the call that resulted in Finch's murder." Barriss received as 12-and-a-half year sentence for the Kansas call, and then another 8-and-a-half-year sentence for all the other illegal calls placed between 2015 and 2017 to 17 different U.S. states. "He also received another five years of supervised release in Washington, D.C., for phoning in bomb threats to the FBI and Federal Communications Commission in 2017."

And the 19-year-old who'd hired Barriss "received a 15-month prison sentence in 2019 after pleading guilty to obstruction of justice."

Meanwhile, Andrew Finch's surviving family members filed legal actions against the police department responsible for Finch's death. And while police officers normally receive "qualified immunity" protecting them from lawsuits over the performance of their duties, there was an update last month: An officer with the Wichita Police Department will face a civil trial in connection with the December 2017 swatting incident... Justin Rapp was the officer who shot the unarmed man. A U.S. appeals court sided with the Kansas district court in denying Officer Rapp qualified immunity in Finch's death. The court said a reasonable jury could believe Finch was unarmed and unthreatening when Rapp fired the shot that killed him.

Finch's family brought the excessive force civil suit. Sedgwick County District Attorney Marc Bennett declined to prosecute Rapp for fatally shooting Finch. The Wichita Police Department conclude Rapp didn't violate department policy....

Along with its conclusion that the civil case against Rapp can move forward, the appellate court also affirmed the district court's summary judgment on liability claims against the City of Wichita. This decision essentially maintained the city and the WPD as a whole weren't liable in Finch's death. The court of appeals dismissed arguments saying, in sum, "[the lawsuit from Finch's family] has failed to show any deliberately indifferent policies or customs that caused Rapp to use excessive lethal force."

"California Gov. Gavin Newsom on Friday proposed extending the life of the state's last operating nuclear power plant by five to 10 years," reports the Associated Press, "to maintain reliable power supplies in the climate change era." Newsom's draft proposal includes a potential forgivable loan for PG&E for up to $1.4 billion and would require state agencies to act quickly to clear the way for the reactors to continue running. The seaside plant located midway between Los Angeles and San Francisco produces 9% of the state's electricity. The proposal says its continued operation beyond 2025 is "critical to ensure statewide energy system reliability" as climate change stresses the energy system....

Newsom clearly wants to avoid a repeat of August 2020, when a record heat wave caused a surge in power use for air conditioning that overtaxed California's electrical grid. That caused two consecutive nights of rolling blackouts for the state, affecting hundreds of thousands of residential and business customers. The Newsom administration is pushing to expand clean energy, as the state aims to cut emissions by 40% below 1990 levels by 2030. Nuclear power doesn't produce carbon pollution like fossil fuels, but leaves behind waste that can remain dangerously radioactive for centuries.

The California Legislature has less than three weeks to determine if it will endorse the plan and attempt to extend the life of the plant — a decision that would be made amid looming questions over the costs and earthquake safety risks.... The Democratic governor, who is seen as a possible future White House candidate, has urged PG&E for months to pursue a longer run beyond a scheduled closing by 2025, warning that the plant's power is needed as the state transitions to solar, wind and other renewable sources of energy.
One concerned Democratic state Senator (from the district housing the plant) argued that another earthquake fault was discovered near the plant in 2008, and reminded the Associated Press that "seismic upgrades were never totally completed. Will they address that?"

Thursday Meta published a blog post by their "product management director of Messenger Trust," who emphasized that they've begun at least testing end-to-end encryption by default for Messenger chats. But Meta also announced plans "to test a new secure storage feature for backups of your end-to-end encrypted chats on Messenger...."

"As with end-to-end encrypted chats, secure storage means that we won't have access to your messages, unless you choose to report them to us."

CNBC provides some context: The announcement comes after Facebook turned over Messenger chat histories to Nebraska police as part of an investigation into an alleged illegal abortion. Meta spokesperson Andy Stone said the feature has been in the works for a while and is not related to the Nebraska case...

The feature is rolling out on Android and iOS devices this week, but it isn't yet available on the Messenger website. The company has been discussing full-scale deployment of end-to-end encryption since 2016, but critics have said the security measure would make it much more difficult for law enforcement to catch child predators....Meta said in the release that it is making progress toward the global rollout of default end-to-end encryption for personal messages and calls in 2023.
Other privacy enhancements announced Thursday by Meta:

• "We plan to bring end-to-end encrypted calls to the Calls Tab on Messenger."

• Meta announced that the deleting of messages will start syncing across your other devices "soon."

• Messenger will continue offering the option of "Disappearing" messages, in which viewed messages in an end-to-end encrypted chat automatically then disappear after a pre-specified period of time.

And there's more, according to Meta's announcement:.

"This week, we'll begin testing default end-to-end encrypted chats between some people. If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature. You'll still have access to your message history, but any new messages or calls with that person will be end-to-end encrypted. You can still report messages to us if you think they violate our policies, and we'll review them and take action as necessary....

"Last year, we started a limited test of opt-in end-to-end encrypted messages and calls on Instagram, and in February we broadened the test to include adults in Ukraine and Russia. Soon, we'll expand the test even further to include people in more countries and add more features like group chats....

"We will continue to provide updates as we make progress toward the global rollout of default end-to-end encryption for personal messages and calls in 2023."

An anonymous reader quotes a report from Ars Technica: For some people, the term "Ring Nation" might evoke a warrantless surveillance dystopia overseen by an omnipotent megacorp. To Amazon-owned MGM, Ring Nation is a clip show hosted by comedian Wanda Sykes, featuring dancing delivery people and adorable pets. Deadline reports that the show, due to debut on September 26, is "the latest example of corporate synergy at Amazon." Amazon owns household video security brand Ring, Hollywood studio MGM, and Big Fish, the producer of Ring Nation. Viral videos captured by doorbell cameras have been hot for a while now. You can catch them on late-night talk shows, the r/CaughtOnRing subreddit, and on millions of TikTok users' For You page. Amazon's media properties, perhaps sensing an opportunity to capitalize and soften Ring's image, are sallying forth with an officially branded offering.

Ring Nation will feature "neighbors saving neighbors, marriage proposals, military reunions and silly animals," Deadline writes. But Ring Nation might be aiming even higher, according to Ring founder Jamie Siminoff -- to something approaching a salve for our deeply divided nation. "Bringing the new community together is core to our mission at Ring, and Ring Nation gives friends and family a fun new way to enjoy time with one another," Siminoff told Deadline. "We're so excited to have Wanda Sykes join Ring Nation to share people's memorable moments with viewers." "Ring sharing its owners' moments with other viewers has been a contentious issue," notes Ars. Amazon's Ring can share footage with police during emergencies without consent and without warrants. The service has also reportedly partnered with hundreds of law enforcement agencies across the country to increase Ring installations and ease police access to footage.

An anonymous reader quotes a report from TechCrunch: Lawsuits from disgruntled investors are beginning to stack up after crypto prices plummeted over the past few months, leaving them with steep losses. Billionaire Mark Cuban is the latest celebrity on the receiving end of investor ire. A group of Voyager Digital customers filed a class-action suit in Florida federal court against Cuban, as well as the basketball team he owns, the Dallas Mavericks, alleging their promotion of the crypto platform resulted in more than 3.5 million investors losing $5 billion collectively. Voyager Digital's CEO, Stephen Ehrlich, was also named as a defendant in the suit. Voyager, a New Jersey-based crypto firm, filed for Chapter 11 bankruptcy in July following a crash in crypto prices that instigated a liquidity crunch on the platform. The firm is one of many that got burned after loaning money, in Voyager's case worth ~$600 million, to hedge fund Three Arrows Capital (3AC). 3AC declared bankruptcy in the wake of the Terra collapse, triggering a domino effect throughout the crypto markets when the hedge fund defaulted on more than $3.5 billion worth of obligations to its lenders.

The plaintiffs in the suit against Cuban described Voyager as "an unregulated and unsustainable fraud, similar to other Ponzi schemes." They claim in the complaint that Cuban and Ehrlich personally reached out to investors both individually and through a partnership with the Dallas Mavericks, to encourage them to invest with the platform. The lawsuit also specifically calls out Voyager's Earn Program Accounts (EPAs), claiming they are unregistered securities. The Mavericks launched their exclusive, five-year partnership with Voyager in October 2021, giving fans cash rewards for making trades on the platform. The announcement said the cryptocurrencies were "an attractive investment for novice investors who might only have $100 to start." According to the lawsuit filed today, Cuban also promoted the company "as a Voyager customer himself, in a ploy to dupe investors into believing that Voyager was a safe platform." Although the partnership with the Mavericks was disclosed, the lawsuit alleges that Cuban did not disclose the compensation he personally received to promote Voyager. "During the runup in crypto prices, many web3 companies, apparently including Voyager, pretended that existing laws and regulations did not apply to crypto," said Shane Seppinni, founder of law firm Seppinni LLP, who was worked on various crypto and "meme stock" lawsuits. "Even smart people like Mark Cuban got caught up in the hype. But now that crypto prices have crashed it's plain to see that centuries-old legal theories like fraud, breach of fiduciary duty, and civil conspiracy are as applicable to crypto as they are elsewhere."

The Mount Sinai Health System began an effort this week to build a vast database of patient genetic information that can be studied by researchers -- and by a large pharmaceutical company. From a report: The goal is to search for treatments for illnesses ranging from schizophrenia to kidney disease, but the effort to gather genetic information for many patients, collected during routine blood draws, could also raise privacy concerns. The data will be rendered anonymous, and Mount Sinai said it had no intention of sharing it with anyone other than researchers. But consumer or genealogical databases full of genetic information, such as Ancestry.com and GEDmatch, have been used by detectives searching for genetic clues that might help them solve old crimes.

Vast sets of genetic sequences can unlock new insights into many diseases and also pave the way for new treatments, researchers at Mount Sinai say. But the only way to compile those research databases is to first convince huge numbers of people to agree to have their genomes sequenced. Beyond chasing the next breakthrough drug, researchers hope the database, when paired with patient medical records, will provide new insights into how the interplay between genetic and socio-economic factors -- such as poverty or exposure to air pollution -- can affect people's health. The health system hopes to eventually amass a database of genetic sequences for 1 million patients, which would mean the inclusion of roughly one out of every 10 New York City residents. The effort began this week, a hospital spokeswoman, Karin Eskenazi, said.

Software sold by market leaders tend to be primary purchases for regular consumers. Brand comfort is important but so too is affordability, especially when pirate copies are available for free. Some find a middle ground with purchases of discounted activation keys but, as a new Microsoft lawsuit shows, that can amount to copyright infringement for buyers and sellers alike. From a report: In a complaint filed at a Washington court this week, Microsoft targets Canadian company The Search People Enterprises Ltd (TSPE), assumed director Mehtabjit Singh, and 'John Doe' defendants 1-10. The defendants are described as prolific distributors of "black market access devices," aka activation keys and tokens for Microsoft software. Those who bought keys and tokens may have been under the impression that they were purchasing official software but as Microsoft explains, that is not only misleading but a mischaracterization of the things they were sold.

Products including Microsoft Office, Project, Visio, Windows 10, and Windows 11 are all subject to licensing terms that restrict how the products can be used. Microsoft can also provide a product activation key to be entered as part of the installation process, with data about the activation sent to the company's servers. Like software tokens, which enable downloads and automatic software activation, activation keys are anti-piracy tools, and exchanging money for them is not the same as buying a license. Indeed, Microsoft makes itself very clear -- the activation of a piece of software means nothing in the absence of a license. Microsoft's problem is that product activation keys can be 'decoupled' from the software they were meant to authorize and then reused to activate more copies of the software, in some cases more copies than the attached Microsoft license permits.

Australia's consumer watchdog agency said Friday that Google has been ordered to pay AU$60 million, nearly $43 million, by the Federal Court over the collection of location data on Android phones. From a report: The fine stems from legal action the Australian Competition & Consumer Commission initiated back in 2019. The ACCC accused Google of "making misleading representations to consumers" about the collection and use of personal location data on Android devices between January 2017 and December 2018. The court previously found that Google misled consumers into thinking "Location History" was the only setting that impacted whether the tech giant collected, kept and used location data, when in fact, the "Web & App Activity" setting also allowed Google to collect some of this information, according to the ACCC. An estimated 1.3 million people with Google accounts in Australia may have "viewed a screen found by the Court to have breached the Australian Consumer Law," the ACCC said.