Connect with us

Technology

Tim Hortons offer free coffee, donut to settle privacy claim • The Register

Voice Of EU

Published

on

In brief Canadian fast food chain Tim Hortons is settling multiple data privacy class-action lawsuits against it by offering something it knows it’s good for: a donut and coffee.

The Canadian Broadcasting Corporation (CBC) said Friday that Timmies’ agreement still requires approval from the courts, but if given the go ahead, Tim Hortons mobile app users affected by the chain’s improper data collection will “receive a free hot beverage and baked good.”

Tim Hortons will also have to permanently delete any geolocation data its apps improperly collected, and must instruct third party providers who had access to the data to do the same. 

Between May 2019 and August 2020, Tim Hortons’ mobile apps collected geolocation data from users without their knowledge or consent, a Canadian government investigation discovered.

According to that probe, Tim Hortons updated its apps to specifically add location tracking technology managed by a US company called Radar. That biz collected information from devices every few minutes to infer customers’ home and work locations and see if they were buying donuts elsewhere. 

The app continued to gather data even when it was in the background and only stopped if the app was quit, the investigation found. 

Tim Hortons said it never used the geolocation data it gathered to target ads, and permanently removed Radar’s code from its apps in September 2020. “The very limited use of this data was on an aggregated, de-identified basis to study trends in our business – and the results did not contain personal information from any guests,” Tim Hortons said in June when lawsuits started landing against it.

By Canadian pricing, affected Tim Hortons customers can expect a class-action settlement to pay out approximately C$2.88 ($2.25) in free food and beverages, which could very well be more than class members could expect to get in cash.

Kaspersky has detailed UEFI firmware-level malware dubbed CosmicStrand. This rootkit hides in firmware images of Gigabyte or ASUS motherboards, and has been seen in private individuals’ systems in China, Vietnam, Iran, and Russia. When Windows boots on an infected machine, CosmicStrand alters the kernel, allowing it to silently gain control of the computer and its applications, and communicate with a remote command-and-control server.

Cyber-scum agree: Container files are the new macros

While Microsoft is battling to stem the abuse of Office macros, cybercriminals are now turning to crafting malicious container files to infect victims with malware. And by container files, we mean things like disc images and archives, not Docker containers and the like.

According to research by Proofpoint, the use of Visual Basic for Applications (VBA) and XL4 macros to launch attacks against Microsoft Office users has dropped by 66 percent since October 2021, when Microsoft announced plans to block macros in downloaded Office files, Proofpoint said. 

“From October 2021 through June 2022, threat actors have pivoted away from macro-enabled documents attached directly to messages to deliver malware, and have increasingly used container files such as ISO and RAR attachments and Windows Shortcut (LNK) files,” Proofpoint said. 

Over the same time period Proofpoint tracked the decline in macro attacks, it said that container file attacks rose by 175 percent. “More than half of the 15 tracked threat actors that used ISO files in this time began using them in campaigns after January 2022,” Proofpoint said. Attacks involving LNK files have risen, too.

Along with a spike in attackers emailing malicious container files, Proofpoint said it also noticed a slight increase in the use of HTML attachments to transmit malware. While the number of HTML attachment attacks more than doubled in the period Proofpoint examined for its report, overall numbers remain low, it said. 

Microsoft began blocking internet-sourced Office macros earlier this year, though the change was temporarily rolled back in early July due to usability complaints. As of July 22, macro blocking has been re-enabled.

Proofpoint believes container files are likely to become the new standard for launching email attacks, so get ready to start blocking those, if you’re not already.

“Proofpoint researchers assess with high confidence this is one of the largest email threat landscape shifts in recent history,” the outfit said. 

Robin Banks: Easier than ever

A new phishing-as-a-service platform has emerged, and its purpose is right in its name: Robin Banks.

First spotted by researchers at IronNet, Robin Banks gained additional attention when the security biz found it to be behind a large-scale phishing campaign targeting Citibank customers and also trying to steal Microsoft account credentials. 

Robin Banks sells ready-made phishing kits focused on stealing financial account information from victims, hosts all the necessary infrastructure to run attacks for its customers, and has customization features so users can build their own phishing kits. 

In order to access the platform, crooks have to pay $50 a month for a single phishing page, or $200 a month for a broader package.

Robin Banks primarily targets US financial institutions, and has templates for Bank of America, Capital One, Citibank, and more. It also offers templates for Lloyds Bank and Australia’s Commonwealth Bank. Netflix, Microsoft, and Google account templates are also available.

A June campaign that tipped IronNet researchers off to Robin Banks’ level of activity was reportedly “very successful,” with numerous victims having their account information sold on the dark web or Telegram, the researchers said. The researchers believe the campaign is still expanding. 

IronNet said that Robin Banks isn’t particularly sophisticated, but stands out because it offers 24/7 support and has a “distinct dedication to pushing updates, fixing bugs, and adding features to its kits,” IronNet said. 

Based on its research, IronNet said that Robin Banks appears to be primarily focused on selling phishing kits to basic users motivated solely by profit. “Cyber criminals using the Robin Banks kit often post the monetary data of their victims on Telegram and other various websites, listing the hacked account balances of various victims,” IronNet said. 

While the report doesn’t reveal who’s behind Robin Banks nor indicate where they may be located, IronNet said their investigation has identified potential suspects. IronNet was also able to estimate how much money Robin Banks’ users have gained illicit access to via the platform: more than $500,000, a number it said is rising daily.

Expect Robin Banks to react to its publicity, too, IronNet said: “Given the criminal operator’s clear dedication to managing and improving the platform, we suspect the threat actor behind Robin Banks to change tactics or toolings as a result of this report.”

North Korean malware steals emails as you read them

A well-established North Korean cyber-gang known as SharpTongue has adopted a heretofore undocumented malware family able to steal email and attachments while victims read them.

The new malware, named SHARPEXT by researchers at Volexity who apparently discovered it, exists as an extension for Chromium-based Microsoft Edge, Chrome, and Whale, a web browser that is little used outside South Korea. 

Unlike previous SharpTongue campaigns, SHARPEXT doesn’t attempt to steal any credentials. “Rather, the malware directly inspects and exfiltrates data from a victim’s webmail account as they browse it,” Volexity said. Gmail and AOL webmail are the only two services targeted by SHARPEXT.

SHARPEXT is the first malicious browser extension that Volexity has observed being installed as part of the post-exploitation phase of an attack. Installing the extension is a manual process, carried out by miscreants on a Windows PC once it’s been compromised.

“By stealing email data in the context of a user’s already-logged-in session, the attack is hidden from the email provider, making detection very challenging. Similarly, the way in which the extension works means suspicious activity would not be logged in a user’s email ‘account activity’ status page, were they to review it,” Volexity said. 

SharpTongue has been deploying SHARPEXT for over a year, Volexity said. To help combat this malware, Volexity has provided links to YARA rules and IOCs in its report. The researchers also recommend enabling and analyzing the results of PowerShell ScriptBlock logging, as PowerShell is used in the SHARPEXT installation process, and regularly reviewing installed browser extensions for ones loaded from outside the Chrome Web Store. 

No More Ransom celebrates 6 years and 1.5m decryptions

No More Ransom, a joint initiative between law enforcement agencies and cybersecurity firms that distributes free ransomware decryption software, recently celebrated six years in operation, and claims that in that time it has liberated more than 1.5 million ransomware victims.

Founded in 2016, No More Ransom started with four partners – The Dutch Police, Europol, Kaspersky, and McAfee – and has since grown to 188 partners across law enforcement, cybersecurity and other industries. 

One hundred and thirty-six tools covering 165 ransomware families are available for download at NMR, and they’ve been collectively downloaded more than 10 million times, the project claims. 

Ransomware, which infects systems, encrypts files, often exfiltrates documents, and demands payment for decryption, is a serious problem that only continues to grow. A SonicWall report from earlier this year found a 105 percent rise in ransomware incidents in 2021 and a threefold increase from 2019. Ransomware attacks against government entities have grown even faster, with SonicWall seeing a 1,885 percent rise in such attacks over the same period. 

Other sectors leading in malware attacks include healthcare, which saw a 755 percent increase, a 152 percent rise in education, and a 21 percent increase in attacks against retail organizations, SonicWall said. 

Bitdefender, a member of No More Ransom, said it is one of the top five contributors of decryptors to the project. According to its own research, its decryptors have saved ransomware victims nearly $1 billion in payments. 

“The No More Ransom initiative is one of the best examples of how private and public sectors can partner together for the betterment of everyone from individuals to large corporations. Bitdefender is proud to play a part in this ongoing initiative,” the company said. 

Ransomware is often delivered via phishing attacks, and often targets known vulnerabilities. In an ideal world that would mean that most organizations are protected by regularly applied patches and properly trained users, but we’re not in an ideal world. 

Hopefully you won’t need No More Ransom’s services anytime soon, but it’s there, and active, if you do. ®

Source link

Technology

Linux 6.0 debuts, missing some Rusty bits • The Register

Voice Of EU

Published

on

Emperor Penguin Linus Torvalds has released the first release candidate for Linux 6.0, but doesn’t mind what you call it.

“After I had already decided to call this kernel 6.0, a few Chinese developers piped up and pointed out that ‘5.20’ is a more wholesome version of the Western ‘4.20’ internet-famous number,” he wrote in his announcement that Linux 6.0 rc1 has been released.

“4.20” is a reference to a day on which some celebrate marijuana, while “5.20” does likewise for magic mushrooms.

“So if you want to call this ‘Linux 5.20’, go right ahead,” Torvalds wrote.

“Because the kernel version numbers really are entirely made up and have no intrinsic meaning.”

That this week’s release has the 6.0 label is still nice to know, as discussion on the Linux kernel mailing list in recent weeks used 5.20 and 6.0 interchangeably.

As The Register has already reported, the release does not make major changes to the kernel but does include many useful updates – such as more RISC-V support, code to drive Intel’s Gaudi accelerators, and improved ACPI handling.

Torvalds lamented some Rust-enabling code didn’t make it into the release.

“I actually was hoping that we’d get some of the first rust infrastructure, and the multi-gen LRU VM, but neither of them happened this time around,” he mused, before observing “There’s always more releases.”

“This is one of those releases where you should not look at the diffstat too closely, because more than half of it is yet another AMD GPU register dump,” he added, noting that Intel’s Gaudi2 Ai processors are also likely to produce plenty of similar kernel additions.

“The CPU people also show up in the JSON files that describe the perf events, but they look absolutely tiny compared to the ‘asic_reg’ auto-generated GPU and AI hardware definitions,” he added.

The release includes 13,099 changed files, 1,280,295 insertions and 341,210 deletions. Torvalds calculated those numbers “just because I was curious and looked.”

He wants you to be curious too – or at least curious enough to test the kernel, because that’s what release candidates are for and this one contains at least one active bug. ®

Source link

Continue Reading

Technology

Tinder is the most hated app in Ireland

Voice Of EU

Published

on

Ireland is one of 19 countries worldwide that strongly dislikes Tinder. One in five Tweets by Irish people about all apps are negative.

According to Electronics Hub’s analysis of the most hated apps in the world, Tinder is the most loathed app in Ireland.

Irish people are not alone in their hatred for the dating app. Tinder was the most hated app in 19 countries in total, with Canadians, Americans, Nigerians, Kenyans and our neighbours in the UK also singling it out as their least favourite.

Electronics Hub determined the most hated apps in each country by analysing Twitter data. It processed more than 3m geotagged tweets related to 87 social media, dating, mobile games, entertainment, cryptocurrency and money transfer apps.

Researchers calculated the percentage of tweets about each app that were negative using a sentiment analysis tool which identifies whether a tweet has positive, negative or neutral sentiment.

Infographic of the most hated apps in the world by country.

Click to enlarge and see the most hated apps in the world by country. Infographic: Electronics Hub

Ireland was found to be one of the most negative countries when it came to attitudes towards apps. One in five Tweets posted by Irish people about apps were negative, Electronics Hub found.

Despite Irish people’s professed loathing for Tinder, the dating platform tried to play a role in keeping daters safe in the pandemic. It hooked up with the HSE to promote vaccines by adding badges to users’ profiles.

Tinder was only the second-most hated app in the world, with Roblox taking first place. More than 20 countries said the child-targeted gaming app was their most hated app. Other unpopular apps include Snapchat, Disney and Reddit.

Neighbouring countries tend to dislike similar apps, with the Scandinavians professing a dislike for Reddit and South Americans hating e-commerce apps.

Dating apps, meanwhile, are disliked the world over. In Iraq, 71.4pc of all tweets about Tinder are negative, which is the highest out of any country. A state-by-state breakdown of the most hated apps in North America also found Tinder took the top spot in 21 states.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

‘A sweatshop in the UK’: how the cost of living crisis triggered walkouts at Amazon | Industrial action

Voice Of EU

Published

on

Amazon workers say they are working in a “sweatshop” as safety concerns and worries about the cost of living crisis have triggered walkouts at warehouses around the country.

The Observer has spoken to four staff involved in the walkouts, who work at three Amazon warehouses, including Tilbury in Essex, where protests began on 4 August. All say they will struggle to survive this winter with pay rise offers between 35p and 50p an hour – far less than the rate of inflation, which is currently at 9.4%.

The workers, who spoke anonymously for fear of reprisals from Amazon, said they were speaking out to highlight how the firm’s ultra-cheap, ultra-convenient, super-fast delivery model works.

Amazon employs more than 70,000 people in the UK, adding 25,000 staff in 2021 alone. Many work at the company’s 21 fulfilment centres, where some workers say they are asked to carry out long, physical shifts, with difficult targets, for low pay.

Starting pay in Amazon warehouses will shortly be increasing to between £10.50 and £11.45 per hour, depending on location. An Amazon spokesperson said this was a 29% increase in the minimum hourly wage paid to staff since 2018. They said it is also augmented by a comprehensive benefits package worth thousands of pounds a year, and a company pension plan.

But staff say it is too low for the type of work being done and given the current economic crisis, especially at a company that just posted $121bn (£100bn) in revenues in the second quarter of 2022 alone.

“When we heard the news, it was shocking,” said one worker at Amazon’s warehouse in Tilbury. “It’s ridiculous. Inflation is [forecast to reach] 13%, and our salary increases barely 3%.” The worker rents a house with her husband for £1,350 a month without bills. “My salary is £1,600. … I’m lucky I’m married, otherwise I’d be homeless.”

Some staff are seeking a pay rise of £2 an hour from the tech giant.

Hundreds of Amazon employees stop working over disputed pay rise – video

Another worker at Amazon’s warehouse in Tilbury said they were “petrified” about how they would survive this winter. “We had a scenario recently where someone was living in [an] Amazon [warehouse],” he said. “If I’m honest, I can probably see that happening again.

“I can see people staying in the canteen all the time because they can’t afford to go home.”

The worker is protesting against the poor pay offer, as well as conditions that lock staff in cages for entire shifts at the warehouses, from where they pick items to be delivered to customers. (Amazon says the workstations are to protect workers from moving robotics.)

“It’s a Chinese sweatshop in the UK,” said the second worker at Tilbury. “It’s how they set up their model.”

The worker has struggled with his mental health while working for the company. “I’ve realised how bad Amazon is for my mental health,” he said. “The anxiety of going into work, knowing you’ve got to do the same stuff day in, day out, is horrible.”

That concern is echoed by a worker at an Amazon facility near Bristol, who has worked there with his wife for three years. “It was good initially,” the worker said. “There was a lot of safety consciousness, and the targets were pretty reasonable. But now they’re just pushing it higher and higher, and exploiting people.”

Around 100 Amazon staff at Bristol staged a sit-in at the company canteen on 10 August – action for which they say they were docked pay by management at the site. “The vast majority of people went back to work at that point, because at the end of the day, as much as they want to fight for it, they have to think about themselves financially.”

The Bristol warehouse worker says that managers used to stop employees from lifting heavy items from bins on high shelves in the warehouse without a ladder. “If you overstretched yourself for 10 hours, you’d end up with a bad neck and a bad back,” he said.

That has subsequently changed as staff said they felt pressured to meet ever-escalating demand. Staff pushing carts around the warehouse used to be limited to using one cart at a time for safety reasons; now it is claimed managers turn a blind eye to staff pulling two carts at once. “They don’t say nothing because all they care about is getting the work done as fast as possible,” he said. “Safety just goes out the window.”

He says he has personally lifted items weighing up to 25kg by himself, despite rules saying anything heavier than 15kg should be lifted by two people.

A worker at an Amazon facility in the north-west of England said that managers at his warehouse similarly ignored rules around not running on site and lifting down heavy items from high areas in an attempt to meet targets, which at his site require two items to be picked every minute.

Amazon declined to respond to specific claims.

Martha Dark, director at Foxglove, a non-profit organisation working to highlight issues within tech companies that supports Amazon workers, said: “None of the workers we’re supporting wanted to protest.

“They’re desperate and can’t survive on these wages. Meanwhile, Amazon threatens to dock pay and send workers to HR for revealing the truth about life in the warehouse.”

She added: “Amazon needs to respect workers’ rights to organise, stop penalising people who are fighting to survive and provide a real pay rise now.”

Two workers said they plan to leave the company because of the conditions and pay. However, some hope to stay put – to change things.

“If a lot of us who are experienced leave Amazon at this point they’ll get a new group of people in who they can mould into this depressing way of work,” said the Bristol worker. “That’s the problem.”

This article was amended on 14 August 2022. Inflation is at 9.4%, not 13% as stated in an earlier version; the latter is a forecast rate.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!