aggregator

Uber Finds One Allegedly Stolen Waymo File -- On An Employee's Personal Device

Slashdot - Your Rights Online - Śr, 2017-04-05 22:40
Uber said today that it had found one of the documents Waymo alleges was stolen by a former employee -- who left its self-driving car effort to join Uber's -- on the employee's personal computer. From a report on TechCrunch: The document was found on a personal device belonging to Sameer Kshirsagar, Uber's attorney Arturo Gonzalez said at a court hearing today. It's the first time that Uber has acknowledged that any of Waymo's documents are in the possession of any Uber employees. However, Uber emphasized that the document was not found on Uber's computers. "We did collect documents from him and thus far we have only found one document from his computers that matches the documents identified in the complaint," Gonzalez said. Waymo claims that Kshirsagar downloaded several confidential documents in June 2016, one month before resigning and joining Anthony Levandowski at Uber. The names of the five specific documents are partially redacted in court filings, but one references "laser questions" and another "lens placement."

Read more of this story at Slashdot.

Phony VPN Services Are Cashing In On America's War On Privacy

Slashdot - Your Rights Online - Śr, 2017-04-05 22:00
Reader Freshly Exhumed writes: Nicholas Deleon at Motherboard reveals a run-in with scammers who are already hard at work taking advantage of newly signed legislation that allows Internet Service Providers to sell your online privacy, including your web browser history, to the highest bidder without your consent. Relatedly, Tim Berners-Lee would prefer people to protest in the streets rather than take technical measures such as TOR and VPN. For those intent on using VPN, TorrentFreak has their latest reviews of VPN anonimity practices, with the caveat that the info is submitted by the VPN companies themselves on a "trust us" basis.

Read more of this story at Slashdot.

FCC's Ajit Pai Says Broadband Market Too Competitive For Strict Privacy Rules

Slashdot - Your Rights Online - Śr, 2017-04-05 19:20
In an op-ed published on the Washington Post, FCC Chairman Ajit Pai and his counterpart at the FTC have argued that strict privacy rules for ISPs aren't necessary in part because the broadband market is more competitive than the search engine market. From a report on ArsTechnica: Internet users who have only one choice of high-speed home broadband providers would probably scoff at this claim. But an op-ed written by Pai and Acting FTC Chair Maureen Ohlhausen ignored the lack of competition in home Internet service, focusing only on the competitive wireless broadband market. Because of this competition, it isn't fair to impose different rules on ISPs than on websites, they wrote. "Others argue that ISPs should be treated differently because consumers face a unique lack of choice and competition in the broadband marketplace," Pai and Ohlhausen wrote in their op-ed. "But that claim doesn't hold up to scrutiny either. For example, according to one industry analysis, Google dominates desktop search with an estimated 81 percent market share (and 96 percent of the mobile search market), whereas Verizon, the largest mobile broadband provider, holds only an estimated 35 percent of its market." [...] Instead of addressing the lack of competition in home Internet service, Pai and Ohlhausen simply didn't mention it in their op-ed. But they argued that ISPs shouldn't face stricter privacy rules than search engines and other websites because of the level of competition in broadband and the amount of data companies like Google collect about Internet users. "As a result, it shouldn't come as a surprise that Congress decided to disapprove the FCC's unbalanced rules," they wrote. "Indeed, the FTC's criticism of the FCC's rules last year noted specifically that they 'would not generally apply to other services that collect and use significant amounts of consumer data.'"

Read more of this story at Slashdot.

Bannon Loses National Security Council Role in Trump Shakeup

Slashdot - Your Rights Online - Śr, 2017-04-05 18:35
Top presidential strategist Steve Bannon has been booted from the National Security Council amid a reshuffling of the key panel, Bloomberg reports Wednesday morning. President Donald Trump reorganized the council, removing Bannon and downgrading the role of his homeland security adviser, Tom Bossert, the report added, citing multiple sources. From the report: Bannon, the former executive chairman of Breitbart News, was elevated to the National Security Council's principals committee at the beginning of Trump's presidency. The move drew criticism from some members of Congress and Washington's foreign policy establishment. A White House official said that Bannon was placed on the committee in part to monitor Trump's first national security adviser, Michael Flynn, and never attended a meeting. He's no longer needed with McMaster in charge of the council, the official said. Trump fired Flynn on Feb. 13 for not disclosing to the president or to Vice President Mike Pence the extent of his conversations with Russia's ambassador to the U.S., Sergey Kislyak, before Trump's inauguration.

Read more of this story at Slashdot.

Microsoft Finally Reveals What Data Windows 10 Really Collects

Slashdot - Your Rights Online - Śr, 2017-04-05 17:20
Starting today, Microsoft is updating its privacy statement and publishing information about the data it collects as part of Windows 10. From a report: "For the first time, we have published a complete list of the diagnostic data collected at the Basic level," explains Windows chief Terry Myerson in a company blog post. "We are also providing a detailed summary of the data we collect from users at both Basic and Full levels of diagnostics." Microsoft is introducing better controls around its Windows 10 data collection levels in the latest Creators Update, which will start rolling out broadly next week. The controls allow users to switch between basic and full levels of data collection. "Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure," says Myerson. "As a result, we have reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level."

Read more of this story at Slashdot.

'Arctic World Archive' Will Keep the World's Data Safe In an Arctic Mineshaft

Slashdot - Your Rights Online - Śr, 2017-04-05 09:00
An anonymous reader quotes a report from The Verge: Norway's famous doomsday seed vault is getting a new neighbor. It's called the Arctic World Archive, and it aims to do for data what the Svalbard Global Seed Vault has done for crop samples -- provide a remote, impregnable home in the Arctic permafrost, safe from threats like natural disaster and global conflicts. But while the Global Seed Vault is (partially) funded by charities who want to preserve global crop diversity, the World Archive is a for-profit business, created by Norwegian tech company Piql and Norway's state mining company SNSK. The Archive was opened on March 27th this year, with the first customers -- the governments of Brazil, Mexico, and Norway -- depositing copies of various historical documents in the vault. Data is stored in the World Archive on optical film specially developed for the task by Piql. (And, yes, the company name is a pun on the word pickle, as in preserving-in-vinegar.) The company started life in 2002 making video formats that bridged analog film and digital media, but as the world went fully digital it adapted its technology for the task of long-term storage. As Piql founder Rune Bjerkestrand tells The Verge: "Film is an optical medium, so what we do is, we take files of any kind of data -- documents, PDFs, JPGs, TIFFs -- and we convert that into big, high-density QR codes. Our QR codes are massive, and very high resolution; we use greyscale to get more data into every code. And in this way we convert a visual storage medium, film, into a digital one." Once data is imprinted on film, the reels are stored in a converted mineshaft in the Arctic archipelago of Svalbard. The mineshaft (different to the one used by the Global Seed Vault) was originally operated by SNSK for the mining of coal, but was abandoned in 1995. The vault is 300 meters below the ground and impervious to both nuclear attacks and EMPs. Piql claims its proprietary film format will store data safely for at least 500 years, and maybe as long as 1,000 years, with the assistance of the mine's climate.

Read more of this story at Slashdot.

Utah Supreme Court Ruling Bars Direct Sales of Teslas Through a Subsidiary

Slashdot - Your Rights Online - Śr, 2017-04-05 02:45
The Utah Supreme court has ruled on Monday that the state's regulators could prohibit an auto manufacturer from having ownership interest in a dealer. "In what the court called 'a narrow, legal decision,' it said that it wouldn't weigh in on whether allowing the state's Tax Commission to prohibit direct sales from Tesla's wholly owned subsidiary was the best policy for residents of Utah," reports Ars Technica. "Instead, the court said its job was simply to determine whether the commission could legally make that prohibition." From the report: Tesla created its subsidiary, Tesla UT, to be able to sell new cars in Utah, but the State Tax Commission ruled that the subsidiary needed a franchise agreement. Tesla UT entered into a partnership with its parent company, but the commission said Tesla couldn't have a financial interest in Tesla UT's franchise. According to the Salt Lake Tribune, "Attempts were made in 2015 and 2016 to change Utah law to accommodate Tesla, but the car dealers and other automakers rebuffed the efforts." A Tesla spokesperson told Ars, "The Utah ruling is disappointing for Tesla and all Utah consumers interested in consumer choice, free markets, and sustainable energy. We will pursue all options to ensure that Tesla can operate in Utah without restriction. In the meantime, we will continue to provide service and limited sales activities (through our used car license) at our location in South Salt Lake City."

Read more of this story at Slashdot.

Former Snapchat Employee Presses To Unseal Allegedly Doctored Usage Statistics

Slashdot - Your Rights Online - Śr, 2017-04-05 02:05
In early January, a former Snapchat employee named Anthony Pompliano filed a lawsuit against the company claiming they reported false growth numbers to investors in an effort to inflate its valuation. Today, Pompliano's attorney asked a judge to unseal court filings that purportedly show the misrepresented usage of its app. Los Angeles Times reports: The specific details remain redacted until a ruling on whether they constitute trade secrets protected from disclosure. Snap described the allegations as "preposterous" in a Los Angeles County Superior Court filing in January, weeks before the Venice company held one of the largest initial public offerings in U.S. history. The company pointed out Pompliano filed a similar lawsuit against Brighten Labs. That Los Angeles startup fired Pompliano months after Snap. His move to go public with a dispute contractually bound to take place secretly in arbitration is a publicity stunt designed to pressure Snap, the company's attorneys said in January.

Read more of this story at Slashdot.

Gigabyte Firmware Bugs Allow the Installation of BIOS/UEFI Ransomware

Slashdot - Your Rights Online - Śr, 2017-04-05 01:20
An anonymous reader writes from a report via BleepingComputer: Last week, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware. During their presentation, researchers installed a proof-of-concept UEFI ransomware, preventing the BRIX devices from booting, but researchers say the same flaws can be used to plant rootkits that allow attackers to persist malware for years. The two vulnerabilities discovered are CVE-2017-3197 and CVE-2017-3198. The first is a failure on Gigabyte's part to implement write protection for its UEFI firmware. The second vulnerability is another lapse on Gigabyte's side, who forgot to implement a system that cryptographically signs UEFI firmware files. Add to this the fact that Gigabyte uses an insecure firmware update process, which doesn't check the validity of downloaded files using a checksum and uses HTTP instead of HTTPS. A CERT vulnerability note was published to warn users of the impending danger and the bugs' ease of exploitation.

Read more of this story at Slashdot.

Security Researcher Says Samsung's Tizen OS Is The Worst Code He's Ever Seen

Slashdot - Your Rights Online - Śr, 2017-04-05 00:40
Samsung has been working on its Tizen operating system for several years now, implementing it into its various televisions and smartwatches. According to a report from Motherboard, the OS isn't receiving a lot of praise in the security department. Israeli researcher Amihai Neiderman has found 40 unknown zero-day vulnerabilities in Tizen, adding that it may be the worst code he's ever seen. From the report: "It may be the worst code I've ever seen," he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab's Security Analyst Summit on the island of St. Maarten on Monday. "Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software." All of the vulnerabilities would allow hackers to take control of a Samsung device from afar, in what's called remote-code execution. But one security hole Neiderman uncovered was particularly critical. It involves Samsung's TizenStore app -- Samsung's version of Google Play Store -- which delivers apps and software updates to Tizen devices. Neiderman says a flaw in its design allowed him to hijack the software to deliver malicious code to his Samsung TV. Because the TizenStore software operates with the highest privileges you can get on a device, it's the Holy Grail for a hacker who can abuse it. Although TizenStore does use authentication to make sure only authorized Samsung software gets installed on a device, Neiderman found a heap-overflow vulnerability that gave him control before that authentication function kicked in. Although researchers have uncovered problems with other Samsung devices in the past, Tizen has escaped extensive scrutiny from the security community, probably because it's not widely used on phones yet.

Read more of this story at Slashdot.

'Extreme Vetting' Would Require Visitors To US To Share Contacts, Passwords

Slashdot - Your Rights Online - Śr, 2017-04-05 00:00
According to the Wall Street Journal, the Trump administration is considering whether or not to deploy "extreme vetting" practices at airports around the world, which could force tourists from Britain and other countries visiting the U.S. to reveal their mobile phone contacts, social media passwords and financial data. "Travelers who want to enter the U.S. could also face questioning over their ideology, as Washington moves away from a default position of allowing people in to a more skeptical approach to visitors," reports The Guardian. From the report: Trump made the "extreme vetting" of foreign nationals to combat terrorism a major theme of his presidential election campaign. But his executive order imposing a travel ban on several Muslim-majority countries has twice been blocked in court. Media reports suggest it has already hurt the tourism industry. The changes might include visitors from the 38 countries -- the UK, France, Australia and Japan among them -- that participate in the visa waiver program, which requires adherence to strict U.S. standards in data sharing, passport control and other factors, one senior official told the Journal. This could require people to hand over their phones so officials can study their stored contacts and possibly other information. The aim is to "figure out who you are communicating with," a senior Department of Homeland Security official was quoted as saying. "What you can get on the average person's phone can be invaluable." A second change would ask applicants for their social media handles and passwords, so that officials could see information posted privately in addition to public posts, the Journal said. The Journal report said the DHS official working on the review said questions under consideration included whether visa applicants believe in so-called honor killings, how they view the treatment of women in society, whether they value the "sanctity of human life" and who they view as a legitimate target in a military operation.

Read more of this story at Slashdot.

Web Inventor Sir Tim Berners-Lee Slams UK and US Net Plans

Slashdot - Your Rights Online - Wt, 2017-04-04 22:05
The web's creator has attacked any UK plans to weaken encryption and promised to battle any moves by the Trump administration to weaken net neutrality. From a report on BBC: Sir Tim Berners-Lee was speaking to the BBC following the news that he has been given the Turing Award. It is sometimes known as the Nobel Prize of computing. Sir Tim said moves to undermine encryption would be a "bad idea" and represent a massive security breach. Home Secretary Amber Rudd has said there should be no safe space for terrorists to be able to communicate online. But Sir Tim said giving the authorities a key to unlock coded messages would have serious consequences. "Now I know that if you're trying to catch terrorists it's really tempting to demand to be able to break all that encryption but if you break that encryption then guess what -- so could other people and guess what -- they may end up getting better at it than you are," he said. Sir Tim also criticised moves by legislators on both sides of the Atlantic, which he sees as an assault on the privacy of web users. He attacked the UK's recent Investigatory Powers Act, which he had criticised when it went through Parliament: "The idea that all ISPs should be required to spy on citizens and hold the data for six months is appalling." In the United States he is concerned that the principle of net neutrality, which treats all internet traffic equally, could be watered down by the Trump administration and the Federal Communications Commission. "If the FCC does move to reduce net neutrality I will fight it as hard as I can," he vowed.

Read more of this story at Slashdot.

Bill Would Stop Warrantless Border Device Searches of US Citizens

Slashdot - Your Rights Online - Wt, 2017-04-04 20:00
Senators Ron Wyden and Rand Paul as well as Reps. Jared Polis and Blake Farenthold have introduced legislation that would require law enforcement to first obtain a warrant before they can search our electronic devices when we enter the United States. From a report: A new bipartisan bill would prevent Americans' electronic devices from being searched at the border without a warrant, a response to an increase in such electronic searches. The bill would require a warrant before agents could search Americans' phones, laptops and other devices at entries to the US, including airports and border crossings. "Americans' constitutional rights shouldn't disappear at the border," Wyden said in a statement. "By requiring a warrant to search Americans' devices and prohibiting unreasonable delay, this bill makes sure that border agents are focused on criminals and terrorists instead of wasting their time thumbing through innocent Americans' personal photos and other data."

Read more of this story at Slashdot.

Companies Start Implanting Microchips Into Workers' Bodies

Slashdot - Your Rights Online - Wt, 2017-04-04 15:00
A Swedish start-up called Epicenter is offering to implant its employees and start-up members with microchips that function as swipe cards, allowing them to open doors, operate equipment or buy food and drinks with a wave of the hand. While these microchips have been available for decades, the technology has never been implanted in humans on such a broad scale. "Epicenter and a handful of other companies are the first to make chip implants broadly available," reports Associated Press. From the report: [A]s with most new technologies, it raises security and privacy issues. Although the chips are biologically safe, the data they generate can show how often employees come to work or what they buy. Unlike company swipe cards or smartphones, which can generate the same data, people cannot easily separate themselves from the chips. Epicenter, which is home to more than 100 companies and roughly 2,000 workers, began implanting workers in January 2015. Now, about 150 workers have the chips. A company based in Belgium also offers its employees such implants, and there are isolated cases around the world in which tech enthusiasts have tried them out in recent years. The small implants use near-field communication technology, or NFC, the same as in contactless credit cards or mobile payments. When activated by a reader a few inches away, a small amount of data flows between the two devices via electromagnetic waves. The implants are "passive," meaning they contain information that other devices can read, but cannot read information themselves. Ben Libberton, a microbiologist at Stockholm's Karolinska Institute, says hackers could conceivably gain huge swaths of information from embedded microchips. The ethical dilemmas will become bigger the more sophisticated the microchips become. Epicenter workers stage monthly events where attendees can receive the implant.

Read more of this story at Slashdot.

Bitcoin Becomes Legal Payment Option In Japan, Prices Spike

Slashdot - Your Rights Online - Wt, 2017-04-04 02:45
An anonymous reader quotes a report from Investopedia: A bill to amend Japan's Banking Act has finally come to fruition, recognizing Bitcoin and other cryptocurrencies as legal tender. The bill has far-reaching repercussions for the digital currency world as well as the way that cryptocurrencies can be traded and exchanged. The Banking Act was modified after a long process of debate and dialog which saw proponents of digital currencies arguing on their behalf. Now, after months of discussion, the bill has come into effect as of the beginning of April. Section 3 of the bill has been modified to including wording on virtual currency and is being called the Virtual Currency Act, according to reporting by Brave New Coin. Digital currencies like Bitcoin have finally received definition and recognition as a means of payment by the Japanese government. The Banking Act's Payment Services Act has also moved to define a digital currency as "property of value," meaning that it is usable for payment in the broader marketplace and that it may be bought or sold. At the same time, the Japanese bill distinguishes between digital currencies like Bitcoin and "electronic money." Digital currency, in this case, is not issued by a specific entity and may be used by any accepting individual, while electronic money can be linked to a specific issuer and can only be used by that issuer or persons specified by the issuer. Along with the recognition of Bitcoin and other digital currencies is the stipulation that profits from trading of those currencies may be considered as "income from business activities or miscellaneous income." This makes Bitcoin subject to various taxes, including capital gains tax.

Read more of this story at Slashdot.

FCC Limits Order On Charter Extending Broadband Service

Slashdot - Your Rights Online - Wt, 2017-04-04 01:20
According to Reuters, the FCC has voted on Monday to reverse a requirement imposed under the Obama administration that Charter extend broadband service to 1 million households already served by a competitor. From the report: As a condition of approval for its acquisition of two cable companies, Charter had agreed in May 2016 to extend high-speed internet access to 2 million customers within five years, with 1 million served by a broadband competitor. The decision was a win for a group representing smaller cable companies that sought to overturn the "overbuild" requirement and marked the latest reversal of Obama-era requirements by the new Republican-led FCC under President Donald Trump. Under the new order, Charter, the No. 2 U.S. cable company with 26 million residential and business customers in 41 states, must add service to 2 million additional potential subscribers in places without existing service, FCC spokesperson Mark Wigfield said. Supporters say the move ensures that more people without access to high-speed broadband, especially in some rural and urban areas, will have an option.

Read more of this story at Slashdot.

AIG Is Now Selling Cyber Insurance, But Only To High Net Worth Individuals

Slashdot - Your Rights Online - Wt, 2017-04-04 00:40
chicksdaddy writes from a report via Security Ledger: It turns out that the rich really aren't like everyone else -- they have more cyber insurance. That, after insurance giant AIG announced Monday that it has started offering cyber insurance to protect individuals and families from ransomware attacks, data theft and cyber bullying, The Security Ledger reports. But don't go looking to sign up at Wal-Mart: the service is only available to AIG's Private Client Group, which caters to high net worth and ultra high net worth individuals and families. The service is the first of its kind to provide what insurers call "first party coverage" -- basically: insurance to make the affected party whole after an adverse incident. In a sign of the times, AIG said it will pay for things like school relocation for children traumatized by cyber bullying and ransom to cyber criminals in the hope of restoring data and technology held hostage by crypto-ransomware. Private Client Group customers must have real estate or other assets like boats or art with a value of more than $1 million, said Jerry Hourihan, president of AIG's Private Client Group for the U.S. and Canada. Hourihan said that the new service is based on similar insurance that AIG offers to businesses and is a response to inquiries and demands from its high net worth clients, who have become increasingly concerned about cyber threats, he said. The insurance would be purchased as a so-called "rider" to a traditional home insurance policy and add about 10% or 15% to the annual premium. It's not a big stretch for AIG because it turns out there's not much daylight between really well off families and businesses. "Our clients have domestic employees and family offices to help manage their lives. They take on quasi commercial exposure," Hourihan said. There are no immediate plans to offer similar protections to families of ordinary means, despite a recent survey by the firm Accenture that found as many as 1 in 4 Americans has been the victim of data theft. (https://securityledger.com/2017/02/silent-epidemic-data-theft-has-become-a-public-health-crisis-digital-guardian/)

Read more of this story at Slashdot.

Computer Programmers May No Longer Be Eligible For H-1B Visas [Update]

Slashdot - Your Rights Online - Pn, 2017-04-03 20:00
Two anonymous readers share a report: U.S. Citizenship and Immigration Services quietly over the weekend released new guidance that computer programmers are no longer presumed to be eligible for H-1B visas. This aligns with the administration's focus on reserving the temporary visas for very high-skilled (and higher-paid) professionals while encouraging low- and mid-level jobs to go to American workers instead. The new guidance affects applications for the lottery for 2018 fiscal year that opened Monday. Companies applying for H-1B visas for computer programming positions will have to submit additional evidence showing that the jobs are complex or specialized and require professional degrees. From a Bloomberg report, which has confirmation: The U.S. Citizenship and Immigration Services department issued a memorandum that makes it harder for companies to bring foreign technology workers to the U.S. using the H-1B visa process. The new guidelines, issued late Friday, require additional information for computer programmers applying for the work visa to prove the jobs are complicated and require more advanced knowledge and experience. The new policy is effective immediately, so it will change how companies apply for the visas in an annual lottery process that begins Monday. Indian outsourcing firms, which have faced the most amount of criticism, stand to lose the most. The changes don't explicitly prohibit any applications for a specific type of job. Instead, they bring more scrutiny to those for computer programmers doing the simplest jobs.

Read more of this story at Slashdot.

Drone Complaints Soar in the UK

Slashdot - Your Rights Online - Pn, 2017-04-03 19:20
Drones are stirring up public annoyance in the U.K. as the number of complaints to police are said to have soared twelvefold over the past two years -- including allegations of snooping neighbors, burglary "scoping" exercises, prison smuggling and near-misses with aircraft. From a report: Last year incidents rose to 3,456 (about 10 a day), almost tripling the 2015 figure of 1,237. In 2014, the number of incidents was only 283, indicating that the commercial success of the devices has brought with it a growing public nuisance. The findings were a result of a freedom of information request submitted by the Press Association to show the number of incidents logged by police around the country between 2014 and 2016. Their timely release follows several reports of near-misses with passenger planes and drones, and the arrest of Daniel Kelly, 27, last year, who became the first person in the U.K. to be jailed for smuggling items into prisons. But the actual total of cases is thought to be much higher, as not all police forces were able to submit data on the drone cases.

Read more of this story at Slashdot.

GitHub Repository Owners Targeted By Data-Stealing Malware

Slashdot - Your Rights Online - Pn, 2017-04-03 12:30
"Phishing emails zeroing in on developers who own Github repositories were infecting victims with malware capable of stealing data through keyloggers and modules that would snag screenshots," writes ThreatPost. An anonymous reader quotes their report: Researchers at Palo Alto Networks this week said that in mid-January, an unknown number of developers were targeted with emails purporting to be job offers. The attachments instead carried malicious .doc files containing an embedded macro. The macro executed a PowerShell command that would grab malware from a command and control site and execute it... [Senior threat researcher Brandon] Levene said it's unknown how widespread the January campaign was or why developers were targeted, but given the vast number of projects hosted on the platform, it would likely be an attractive target for either criminals and nation-state attackers. Levene said the PowerShell script drops a binary named Dimnie, which has been around since 2014 but before January targeted primarily Russian-speaking targets. Someone who received two different emails said they appeared to be hand-crafted, according to Ars Technica, and referenced data changed that same day. They believe this suggests "a focused campaign explicitly targeting targets perceived as 'high return investments,' such as developers (possibly working on popular/open source projects)."

Read more of this story at Slashdot.