News of the Cyber World

[kyonides]

Illinois County Clerk Reports Cyber Attacks on Servers, Voters Asked to ‘Stay in Line’

The Champaign County Clerk’s Office said it is “is aware of connectivity issues and computer server performance being impacted. The Clerk’s Office believes these are due to cyber-attacks on the network and servers,” according to a statement posted on social media on Tuesday afternoon.

The office said its websites have been subject to distributed denial-of-service, or DDOS, attacks for the past month.
...
“Election judges and staff are doing everything they can to process voters according to the requirements of election law while navigating these attacks. We appreciate your patience and commitment to our democratic process,” it said.
...
Champaign County, which reliably votes in favor of Democrats, is located in central Illinois. In 2020, President Joe Biden won with about 60 percent of the vote to former President Donald Trump’s 37 percent, according to election data. The last Republican president to win the county was George H. W. Bush in 1988.

In Illinois, several important statewide races include governor, secretary of state, and attorney general. A number of House races, one U.S. Senate race, and other local races are on the ballot.

Google Is Impacting Elections by Influencing Votes on ‘Massive Scale’

Robert Epstein and his research team from the American Institute for Behavioral Research and Technology have been monitoring online political content being sent to voters in swing states. As part of the research, the team is looking into search engine results on Google and Bing, messages displayed on Google’s homepage, tweets sent by Twitter, email suppression on Gmail, auto-play videos suggested on Google-owned YouTube, and so on.

The study found over 1.9 million “ephemeral experiences” that Google and other firms were using to “shift opinions and voting preferences,” Epstein wrote in a Nov. 6 article for the Daily Caller. “Ephemeral experiences” are short-lived content that immediately disappears without leaving a trace after user consumption.

The team expects such “ephemeral experiences” to number over 2.5 million by Election Day. Epstein has identified roughly a dozen new forms of online manipulation using ephemeral experiences which are almost exclusively controlled by Google and a few other tech firms.
...
“Carefully crafted search suggestions that flash at you while you are typing a search term can turn a 50/50 split among undecided voters into a 90/10 split with no one knowing they have been manipulated,” Epstein writes.

“A single question-and-answer interaction on a digital personal assistant can shift the voting preferences of undecided voters by more than 40 percent.”

Ahead of the 2022 election, “a high level of liberal bias” is being seen in Google search results in swing states like Arizona, Florida, and Wisconsin, Epstein wrote. Search results from Bing did not indicate such bias.

In multiple swing states, liberal news sources make up 92 percent of auto-play videos being sent to YouTube users, which can potentially shift “hundreds of thousands of votes” on Election Day, he warned.
...
He found that Google sent more voting reminders to moderates and liberals than conservatives, which Epstein calls a “brazen and powerful manipulation.”

Google also “turned off all manipulations” in the 2020 Georgia Senate races after three Republican senators sent a letter to Google CEO Sundar Pichai which discussed Epstein’s findings on manipulation. Political bias in Google search results “dropped to zero” after the letter, he pointed out.

[kyonides]

Facebook Parent Meta to Cut Over 11,000 Jobs; Zuckerberg Concedes He Got Trends ‘Wrong’

Facebook parent company Meta will cut more than 11,000 jobs, reducing its workforce by about 13 percent, as it faces a revenue crunch as advertisers pull back amid high inflation and a wobbly economy.

Meta CEO Mark Zuckerberg announced the cuts in a Nov. 9 blog post, in which he took the blame for overestimating the company’s growth prospects and overextending investments.
...
The Facebook founder went on to say that not only has the pandemic-era e-commerce boom abated, but a tanking economy, growing competition, and a pullback in advertising dollars have all “caused our revenue to be much lower than I’d expected.”

In addition to cutting jobs, Meta is also slashing discretionary spending and extending its existing hiring freeze through the first quarter of 2023.

The company also is scaling back budgets, reducing its real estate footprint, and looking for more areas in which to cut costs in the coming months. Zuckerberg said one of the changes would involve Meta staff who rarely come into the office having to start sharing desks.
...
Meta has seen its shares plunge in recent months and is down about 70 percent year-to-date. At its peak in September 2021, the stock was trading at around $380 per share.

Meta shares rose about 5 percent to $101.47 on Nov. 9 following the announcement.
...
Zuckerberg’s announcement follows thousands of layoffs at other major tech companies, including Microsoft and Twitter, as soaring inflation and rapidly rising interest rates have turned a pandemic tech boom into a bust.

Ransomware costs top $1 billion as White House inks new threat-sharing initiative

U.S. financial institutions observed nearly $1.2 billion in costs associated with ransomware attacks in 2021, a nearly 200 percent increase over the previous year, according to data reported by banks to the U.S. Treasury Department and released in a report Tuesday.
...
The Treasury report that was first reported by CNN underscores that curbing ransomware represents a key challenge in Washington’s fractious relationship with Moscow. Of the top five ransomware variants reported during the second half of 2021, four are connected to Russia, Treasury’s Financial Crimes Enforcement Network, FinCEN, said in its report, while cautioning that it cannot definitively attribute the variants to Moscow.

The data released Tuesday represents suspicious transactions that American banks have flagged to U.S. regulators as potentially connected to ransomware, and, for that reason, experts caution that the data from the Treasury Department offers only a partial picture of the broader ransomware industry.
...
The data is limited, however, and “is not a complete representation of all ransomware attacks or payments,” the agency noted. The dollar figures include extortion attempts, attempted transactions and payments that were unpaid, the agency said.
...
The Biden administration has attempted to get more aggressive with ransomware groups by sanctioning cryptocurrency exchanges, seizing cryptocurrency proceeds from attacks and carrying out offensive operations against ransomware infrastructure.

Four-year cybercrime campaign targeting African banks netted $30 million

A French-speaking cybercrime group pulled off a series of heists over the past four years, netting perhaps as much as $30 million from firms in Africa, Asia and Latin America.

Using a combination of high-quality spear phishing and off-the-shelf tools, the group has carried out more than 30 attacks targeting banks, financial services and telecommunications firms, according to research on the group’s activities published Thursday.

Dubbed “OPERA1ER,” the group works its way into various accounts, gains control of them and then moves money into accounts it controls, before cashing out primarily through ATM withdrawals, researchers with the cybersecurity firm Group-IB concluded in a report shared with CyberScoop.

As an example of the group’s sprawling operations, one of the attacks utilized what the report described as a “vast network of 400 mule accounts” — accounts controlled by money mules hired to cash out stolen funds.
...
OPERA1ER’s activities demonstrate the global nature of this risk. The group has successfully targeted banks and other institutions in at least 15 countries: Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo and Argentina, according to Group-IB’s findings.
...
Starting in 2019, Tom Ueltschi, a Swiss security researcher, began publicly identifying information related to a group he called “DESKTOP-Group,” including email headers, malware hashes and command and control details. In 2020, the Dubai-based cybersecurity firm Rewterz shared hashes from a file used by a group it tracked as “Common Raven.” In 2021, SWIFT, the messaging system used by banks for international transactions, published a bulletin on activity connected to the group.

[kyonides]

Mississippi Officials Confirm Cyber Attack on State Election Websites on Election Day

“Yesterday, our offices confirmed an abnormally large increase in traffic volume due to DDoS activity, which caused the public-facing side of our websites to be periodically inaccessible,” Secretary of State Michael Watson said in a press release on Wednesday. “At this time, we do not have confirmation as to where the DDoS activity originated, and more evidence would be required to attribute to any person or group.”

Watson added that his office can “confidently say our election system was not compromised.”
...
When voters logged on to the Secretary of State’s website to find voting locations and access to other information, they were faced with a “This site can’t be reached” page.

In an interview with WAPT16, Watson said the hackers were generating multiple addresses to attack the system to slow it down, preventing Mississippians from being able to access the website.

When asked if he knew who is behind it, he said, “We saw some reports initially that a pro-Russian group was claiming credit for this attack. I’m not exactly sure if that was them or not.”

Watson reaffirmed that voting itself wasn’t impacted by the attack.
...
In October, there were media reports of an alleged pro-Russian computer hacking cell calling itself Killnet posting a list of several government websites on Telegram that it will take down ahead of the 2022 midterm elections.

Mississippi was included in the list, along with governmental websites in Alabama, Alaska, Connecticut, Colorado, Delaware, Florida, Hawaii, Idaho, Indiana, Kansas, and Kentucky, as well as an alleged attack on the website of the Internal Revenue Service.

Thousands of bogus Twitter accounts push NFT scams to steal cryptocurrency

A fraud network made up of thousands of bogus Twitter accounts has been impersonating legitimate NFT stores to swindle users out of cryptocurrency, according to research published Thursday.
...
Researchers at the threat intelligence firm Nisos found that between July 26 and Oct. 11 more than 3,000 Twitter accounts produced nearly 6,000 tweets linking to sham storefronts that offered to mint new NFTs — non-fungible token — for free. Thousands of other bogus accounts amplified those tweets, according to researchers.

The fake NFT stores prompted victims to share access to their wallets under the guise of minting a new NFT, allowing scammers to deplete the owner’s collection of NFTs along with other virtual currency funds.

NFTs, like bitcoin, are virtual assets that exist only on the blockchain. Because NFTs are unique and unable to be recreated, they’ve gained value among collectors.

Researchers were unable to assess how much scammers bilked from their victims. Wallet addresses tied to scammers have “received hundreds of transactions ranging from tens to hundreds of dollars” since the scam begin, according to an analysis researchers did with the assistance of cryptocurrency tracing firm Chainalysis.
...
Researchers couldn’t definitively say where the network originated, but all the accounts that produced the original tweets followed three Indonesia-based accounts.

LockBit ransomware suspect arrested in Canada, faces charges in US

Canadian law enforcement officials arrested a dual Russian and Canadian national in October accused of participating in LockBit ransomware attacks against targets across the world, costing victims millions of dollars.

The Justice Department identified the suspect as Mikhail Vasiliev who, according to court documents unsealed Thursday, faces charges related to conspiracy to damage computers and transmitting ransom demands. Vasiliev faces up to five years in prison and is awaiting extradition to the U.S.
...
Europol called Vasiliev one of its most “high-value targets due to his involvement in numerous high-profile ransomware cases,” the agency said in a statement obtained by CyberScoop.

Investigators from the French Gendarmerie, the FBI and Europol’s European Cybercrime Centre were deployed to Ontario as part of the operation, according to the Europol statement.

Police seized two firearms, eight computers and 32 external hard drives, along with roughly $405,000 in cryptocurrencies in the Oct. 26 arrest, Europol said in its statement.

[kyonides]

Elon Musk ‘Not Super Worried’ Amid Reports Twitter Offices Closed

Amid reports that numerous Twitter employees quit the company on Thursday, new owner Elon Musk wrote the social media firm has seen all-time high in traffic.

Anonymously sourced reports said that a new batch of Twitter employees quit the company, prompting widespread speculation on the platform that it would shut down and fail on Thursday. As of Friday, Twitter was still online, although DownDetector.com showed that some Twitter users were reporting problems with the website on Thursday night.
...
The Tesla and SpaceX CEO also suggested that he was not worried about resignations because “the best people are staying.” Later, he wrote: “Record numbers of users are logging in to see if Twitter is dead, ironically making it more alive than ever!”

Musk did not publicly address claims that Twitter workers quit en masse on Thursday. It was prompted by a reported ultimatum from Musk to work “extremely hardcore” or quit the firm.

Musk’s email asked workers to click “yes” if they wanted to stay around. But those who did not respond by 5 p.m. ET on Thursday would be considered to have quit and were given a severance package, the email said, according to Reuters. The Epoch Times has contacted Twitter for comment on the reports.

Those reports prompted speculation from mainstream media outlets that the social media site will be permanently shut down as some journalists alleged that the company temporarily closed its office and suspended badge access to workers.

Over 110 Twitter employees across several nations announced their decision to leave in public Twitter posts, according to a Reuters report. However, those resignations could not be independently verified by Reuters. Some 15 employees, many in advertisement sales, posted their intention to stay at the company.

Senate Democrats call on FTC to investigate Twitter's data security

A group of Senate Democrats including Sens. Richard Blumenthal, D-Conn., and Elizabeth Warren, D-Mass., are calling on Federal Trade Commission to investigate potential security issues at Twitter since Elon Musk purchased and took over the company late last month.

In a letter to the FTC sent Thursday, lawmakers expressed concerns that the company may be in violation of consumer protection laws as well as in breach of a 2011 agreement the company reached with the agency over repeated security failures.

Lawmakers’ top concerns related to how Musk rolled out Twitter’s verification services to all paying users, a move that experts warned could further exacerbate the platform’s issues with disinformation and financial scams. Fraudsters immediately used the service, Twitter Blue, to create accounts to impersonate corporations and individuals and spread fake news. Washington Post reporters were even able to create a verified account impersonating Sen. Edward Markey, D-Mass., one of the letter’s signatories.
...
Twitter was already under increased lawmaker scrutiny prior to the finalization of Musk’s purchase after its former chief information security officer, Peiter “Mudge” Zatko, filed a whistleblower complaint alleging that the company had misled regulators, consumers and its own board members about its security performance.

Earlier this year, Twitter agreed to pay $150 million to settle a separate case with the FTC and Department of Justice that found Twitter violated its 2011 consent decree by misleading users about how it was using phone numbers collected to verify their accounts.

An internal message from a lawyer at Twitter, obtained by The Verge, suggested that Musk wasn’t deterred by the threat of legal action and that “Elon has shown that his only priority with Twitter users is how to monetize them.”

Iranian hackers use Log4Shell to mine crypto on federal computer system

Hackers with connections to the Iranian government broke into a U.S. government agency’s network in early 2022, utilizing a well-known flaw in an open-source software library to install cryptocurrency mining software and compromise credentials, federal cybersecurity officials said Wednesday.

By exploiting the Log4Shell vulnerability, the Iranian-backed hackers broke into an an unpatched VMware Horizon server in February and then used that access to move laterally within the network of an unidentified federal agency, according to Wednesday’s joint advisory from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation.

On Thursday, The Washington Post reported that the affected agency was U.S. Merit Systems Protection Board.
...
Organizations still running vulnerable versions of Log4j should assume they’ve been breached, CISA and the FBI said in the Wednesday advisory. 

Iranian hacking groups have relied on unpatched versions of log4j to gain access to a wide variety of sensitive U.S. systems. In February, Iranian hackers gained access to a U.S. aerospace company and the computer systems of a municipal government by using the vulnerability, according to a September advisory from U.S. and allied cybersecurity agencies. That advisory attributed the activity to groups with ties to Iran’s Islamic Revolutionary Guard Corps.

[kyonides]

Twitter Reactivates Trump’s Account Following Poll of 15 Million Users

“The people have spoken. Trump will be reinstated. Vox Populi, Vox Dei,” Musk said in a post linking to the polling decision, using a Latin phrase meaning “the voice of the people, the voice of God.”

The poll was open for 24 hours.

With more than 15 million votes tallied, the poll indicated that 51.8 percent of users wanted Trump to be allowed to post on Twitter, while a minority 48.2 percent wanted the former president to remain banned.
...
It isn’t clear if Trump will return to Twitter. While past public statements indicate that the former president has no plans to return to Twitter, preferring his own social media platform Truth Social, some actions have implied a potential return.

Lawyers for the former president on Nov. 14 asked the appeals court to revive a lawsuit against Twitter challenging Trump’s permanent suspension.

In the lawsuit (pdf), the lawyers allege that government officials have used social media platforms as “cat’s paws” to suppress opinions “that turn out to be correct or at least debatable,” citing Hunter Biden’s laptop, the COVID-19 pandemic, and 2020 election integrity.

The action will no longer be needed.

CBS News Resumes Posting on Twitter Amid ‘Uncertainty’ Over Elon Musk

CBS News is back on Twitter after saying it halted activity on the platform due to “security concerns” due to the “uncertainty about Twitter” after Elon Musk’s takeover.
...
About two days before that, on Nov. 18, CBS had said that “in light of the uncertainty around Twitter and out of an abundance of caution, CBS News is pausing its activity on the social media site as it continues to monitor the platform.”

Some local CBS affiliates such KPIX 5 in Dallas posted a similar message around the same time on Nov. 18.

CBS’s various accounts stopped posting on Twitter late on Friday. It came after Musk, who recently purchased the company for $44 billion, reportedly gave an ultimatum to work “extremely hardcore” or accept a severance package and leave the firm.

The Paramount Global-owned company’s statement announcing that it was resuming activity drew a response from Musk himself. He responded with an emoji of a face with a hand over its mouth.

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware.
...
The threat actor is known to rely on malvertising to point unsuspecting victims to malware downloader links that pose as software installers for legitimate apps like Adobe Flash Player, AnyDesk, LogMeIn, Microsoft Teams, and Zoom.

The malware downloader, a strain referred to as BATLOADER, is a dropper that functions as a conduit to distribute next-stage payloads. It has been observed to share overlaps with another malware called ZLoader.
...
Alternatively, phishing links are shared through spam emails, fake forum pages, blog comments, and even contact forms present on targeted organizations' websites.
...
Also utilized is a tool known as NSudo to launch programs with elevated privileges and impair defenses by adding registry values that are designed to disable antivirus solutions.

[kyonides]

Elon Musk pokes fun at ‘Stay Woke’ shirts found at Twitter HQ

Elon Musk is literally cleaning out the closets of Twitter, laughing after finding a stack of unworn “Stay Woke” T-shirts.

The world’s richest man posted a video late Tuesday of him holding up one of the progressive-slogan shirts in a video seen more than 10.2 million times in just hours.
...
In the clip, someone can be heard chuckling as Musk, 51, shows stacks of the shirts, one of which Twitter co-founder Jack Dorsey had himself worn in 2016.
...
“Here we are, at the merch thing, and there’s an entire, entire closet full of hashtag woke T-shirts,” Musk says over his laughing pal, who calls it a “secret closet.”
...
Musk further enraged followers with a since-deleted tweet in which he revealed that the shirts he was laughing at “stem from the Ferguson protests” over the 2014 Missouri police shooting of 18-year-old Michael Brown.

Well, it seems that not even Dorsey stayed as woke as he let people think.

Twitter fact-checks owner Elon Musk over 'Dune' quote

New Twitter CEO and owner Elon Musk was fact-checked by his own platform on Tuesday after he falsely attributed a quote to the science fiction epic "Dune."

"Fanaticism is always a function of repressed doubt," Musk tweeted, attributing the saying to Frank Herbert's 1965 novel, which was recently turned into a blockbuster film.

Users quickly pointed out that the quote is actually by the prolific Swiss psychiatrist, Carl Jung.

The fact check came in the form of Twitter's new Community Notes feature, which aims to "create a better informed world by empowering people on Twitter to collaboratively add context to potentially misleading Tweets."
...
"Birdwatch (soon to be renamed Community Notes) has incredible potential for improving information accuracy on Twitter!" the billionaire tweeted.

The feature has been used to flag other powerful individuals, including a tweet by the White House that incorrectly credited President Biden for increasing Social Security payments.

I guess Musk hasn't read the novel in quite some time.

[kyonides]

Elon Musk Addresses Trump’s Silence on Twitter

Elon Musk, the new owner of Twitter, said Friday the social media platform made a “grave mistake” when it banned former President Donald Trump in early 2021, noting that it broke trust with half the country.

Musk made his comment in reply to author and comedian Tim Young, who said “the left can’t handle” Trump’s Twitter account being reinstated by Musk, even though the former president hasn’t posted anything.

“It’s been a week since @elonmusk brought Trump back … and without him even tweeting once … The left can’t handle it,” Young wrote.

“I’m fine with Trump not tweeting,” Musk replied. “The important thing is that Twitter correct a grave mistake in banning his account, despite no violation of the law or terms of service.”

He added: “Deplatforming a sitting President undermined public trust in Twitter for half of America.”
...
The world’s richest man, who also runs SpaceX and Telsa, noted that freedom of speech was more important than which way he votes.

Musk has made clear that he views Twitter as a digital town square for the world.
...
After Musk reinstated Trump’s Twitter account, the former president’s tweets from Jan. 6, 2021, began circulating. Conservative pundits reposted Trump’s Twitter messages from the event as evidence that he had called for his supporters to “stay peaceful” when they went to the U.S. Capitol.

Does Musk care about democracy or freedom?
Or does he have some ulterior motives we should learn about first before trusting in Twitter?

[kyonides]

Meta confirms U.S. military involvement in sprawling phony social media operation

People associated with the U.S. military were behind dozens of phony Facebook accounts, more than a dozen pages, a pair of groups and 26 Instagram accounts that pushed pro-U.S. messaging while attempting to hide their real identities, Facebook’s parent company Meta said in a report published Tuesday.

After researchers first exposed the decade-long operation in August, the Pentagon ordered “a sweeping audit of how it conducts clandestine information warfare,” The Washington Post reported in September. Citing unnamed U.S. officials, the paper reported that U.S. Central Command was among the entities under scrutiny as part of their potential role in the operation.

Tuesday’s report is the latest evidence pointing the finger at the U.S. military for its role in an operation that targeted audiences in the Middle East and Central Asia.
...
Meta confirmed to CyberScoop at the time that the network originated in the U.S., while Twitter listed the presumptive “countries of origin” as the U.S. and Great Britain.
...
The activity in question included “several clusters” of activity focused on Iran, the Gulf, Central Asia, and the Middle East and North Africa, Meta said in Tuesday’s report. “Typically, each cluster posted about particular themes, including sports and culture in a particular country; cooperation with the United States, including military cooperation; and criticism of Iran, China, or Russia.”

Twitter erupts after Elon Musk mocks CNN
with satirical chyron about threats to free speech

Musk posted a picture of CNN’s Don Lemon on Monday alongside a satirical chyron that read, "Elon Musk could threaten free speech on Twitter by allowing people to speak freely."

Some Twitter users were confused about whether the meme was from an actual CNN broadcast. The image is originally from Geniuses Times, a satirical website that describes itself as "the most reliable source of fake news in the planet."
...
Ronald Brownstein, a senior editor at The Atlantic, claimed that Musk was simply repackaging hate speech as free speech to empower extremism on the far right.

"Simple equation: Musk repackages hate speech racism anti-semitism homophobia and far-right intimidation as ‘free speech’ & any effort to hold him accountable for injecting it into US society as the ‘woke mob.’ On both ends, same goal: amplifying & empowering far-right extremists," he tweeted.

Meanwhile, The Jewish Voice, a news and opinion site dedicated to promoting classical Judaism, asserted that Don Lemon’s continued presence on CNN would ensure most Americans would click off the channel.

i can't blame Musk on this one. CNN and other leftist venues love to call censorship "free speech" even if that's exactly the opposite.

[kyonides]

Musk Meets Apple’s Tim Cook, Gives Critical Update on App Store Twitter Ban ‘Misunderstanding’

Musk said in a post on Twitter late Wednesday that he and Cook had a “good conversation” and that they “resolved the misunderstanding about Twitter potentially being removed from the App Store.”

“Tim was clear that Apple never considered doing so,” Musk added.

Musk also shared a brief video clip of a pond at Apple’s headquarters in Cupertino, California, saying in the caption that Cook had shown him around the “beautiful” site.
...
Pulling Twitter from Apple’s App Store would have meant the social media platform’s app wouldn’t be available on any iOS-using devices aside from a web browser.

Such a tactic was deployed by Apple, Google, Amazon, and others against free speech-promoting social media platform Parler in 2021. Critics of the move compared it to a form of censorship.

Several months after Parler changed its content moderation policies, the app was restored on the App Store.

But data show Parler’s usage dropped significantly since early 2021, after Amazon Web Services abruptly took the platform down for about a month as the company had to find a new host.

Facebook in Race Against Time to Turn ‘Metaverse’ Into Success

Meta, formerly known as Facebook, is staking its future on the success of its virtual reality platform. But the project is bleeding money so fast, it raises the question of how long the company can keep it going.

About a year ago, Meta was the fifth-most valuable publicly traded company in the world, trailing only Apple, Microsoft, Alphabet, and Amazon. Today, it’s No. 25, behind Home Depot.

Meta has seen measures of its financial health decline across the board. Revenue dropped by more than 4 percent in the third quarter, year-over-year. Administrative expenses went up, while profit was halved.

The company has acknowledged that it went on too much of a hiring spree in recent years, announcing layoffs of 11,000 employees and a hiring freeze until March.

But the largest factor appears to be the financial drain of Meta’s virtual reality (VR) division, Reality Labs, which has accumulated an operating loss of more than $21 billion over the past two years, including more than $3.6 billion lost in the third quarter of 2022 alone.

Meta CEO Mark Zuckerberg told investors he expects those losses to continue piling up, with the company expecting it to take years for the VR effort to mature.

Honestly, I'm not interested in a VR world.
This world is a mess. Why wouldn't people make the VR version a mess as well?

[kyonides]

Tim Cook's damage-control day on Capitol Hill

Amid an onslaught of criticism from Republicans and Big Tech rivals, Apple CEO Tim Cook met with lawmakers on Thursday to try to shore up support on Capitol Hill.

The big picture: Tech's leaders are beginning to take stock of a new political landscape in Washington as Republicans prepare to take over the House and ready hearings to spotlight what they see as biased treatment at Big Tech's hands.

Some lawmakers have criticized Apple for an update to its AirDrop feature on phones in China last month that could make it harder for protesters to share video.

The company says the update, which turns off the ability to AirDrop anyone outside of a user's contact list after ten minutes, is for security purposes and will be rolled out globally.
...
On the Republican side, Apple remains suspect for App Store rules that lawmakers say unfairly block conservatives and the apps they prefer.

Cook arrived in D.C. after settling (for now) a brawl with Twitter owner Elon Musk over App Store fees.
Rep. Darrell Issa (R-Calif.) said he and Cook spoke about China, Section 230 and the need for greater encryption and security in tech.
...
Rep. Jim Jordan (R-Ohio), who will soon take the reins of the House Judiciary committee, told Axios his meeting with Cook was "very good" and they spoke about the "AirDrop issue" and the "App Store issue."

Google reveals Spanish IT firm's links
to spyware targeting Chrome, Firefox and Microsoft Defender

A Spanish company that offers “tailor made Information Security Solutions” may have exploited vulnerabilities in Chrome, Firefox and the Microsoft Defender antivirus program to deploy spyware, researchers with Google’s Threat Analysis Group said Wednesday.

The company’s apparent exploitation framework called “Heliconia” provided “all the tools necessary to deploy a payload to a target device,” the researchers said. And although the team has not detected active exploitation, researchers added “it appears likely these were utilized as zero-days in the wild.”

A script within the code that Google examined referred to Variston IT, a Barcelona company that offers “Custom Security” solutions and tools that support “the discovery of digital information by [law enforcement agencies],” among other services.

Google, Microsoft and Mozilla fixed the relevant vulnerabilities in 2021 and early 2022, researchers said.
...
Heliconia was discovered when an anonymous party submitted three vulnerabilities to the Chrome bug reporting program, each with instructions and an archive that contained source code. The bug reports contained three unique names: “Heliconia Noise,” “Heliconia Soft,” and “Files.”

An analysis of the submissions revealed the frameworks capable of deploying exploits in the wild and also a script within the source code that checked whether binaries contained sensitive strings including “variston,” the company name, as well as the project or developer names, the researchers said.

Musk Suspends Ye From Twitter After Offensive Image Post

The artist tweeted an image combining the Star of David with a swastika, which got removed by the social media service. In its place was a message saying the post violated Twitter Inc.’s rules and a link to its policy page explaining enforcement actions. Since then, the entire account has been suspended, with all of its tweets now obscured. Ye had 32.2 million followers before the suspension.

Musk addressed the issue after the post’s initial removal, saying Ye had -- not for the first time -- breached Twitter’s rule against incitement to violence and his account would be suspended. It’s the most high-profile test yet of Musk’s avowed policy of making Twitter a home for free speech, even where it offends, so long as it’s not in breach of the law.