The Philippine Army is recruiting civilian hackers to bolster its cybersecurity defenses amid rising digital threats from China, army officials said. The 120-member Cyber Battalion has hired 70 tech experts in their 20s and 30s since 2020, offering them military training and the opportunity to serve the nation despite lower wages than private sector jobs.

The initiative follows cyber attacks on Philippine government servers, including those of the Coast Guard and President Marcos Jr., which authorities traced to China. Beijing denies involvement. The Philippines ranks among the countries most vulnerable to cyber threats, with recent attacks compromising millions of citizens' data through state and private institutions.

An anonymous reader quotes a report from TechCrunch: Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America. RomCom is a cybercrime group that is known to carry out cyberattacks and other digital intrusions for the Russian government. The group -- which was last month linked to a ransomware attack targeting Japanese tech giant Casio -- is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014.

Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs -- described as such because the software makers had no time to roll out fixes before they were used to hack people -- to create a "zero click" exploit, which allows the hackers to remotely plant malware on a target's computer without any user interaction. "This level of sophistication demonstrates the threat actor's capability and intent to develop stealthy attack methods," ESET researchers Damien Schaeffer and Romain Dumont said in a blog post on Monday. [...] Schaeffer told TechCrunch that the number of potential victims from RomCom's "widespread" hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America. Mozilla and the Tor Project quickly patched a Firefox-based vulnerability after being alerted by ESET, with no evidence of Tor Browser exploitation. Meanwhile, Microsoft addressed a Windows vulnerability on November 12 following a report by Google's Threat Analysis Group, indicating potential use in government-backed hacking campaigns.

Interpol arrested 1,006 suspects in Africa during a massive two-month operation, clamping down on cybercrime that left tens of thousands of victims, including some who were trafficked, and produced millions in financial damages, the global police organization said Tuesday. From a report: Operation Serengeti, a joint operation with Afripol, the African Union's police agency, ran from Sept. 2 to Oct. 31 in 19 African countries and targeted criminals behind ransomware, business email compromise, digital extortion and online scams, the agency said in a statement.

Google announced additional modifications to its European search results on Tuesday, following complaints from smaller competitors about traffic losses and amid potential EU antitrust charges under new tech regulations. The changes come as Google attempts to comply with the Digital Markets Act, which prohibits tech giants from favoring their own services and after hotels, airlines, and small retailers reported a 30% decline in direct booking clicks following recent platform adjustments.

Google's legal director Oliver Bethell said the new proposals include expanded search units offering equal formatting between comparison sites and supplier websites, along with new formats for competitors to display prices and images. The company will also test removing hotel map displays in Germany, Belgium, and Estonia. The Alphabet unit faces possible enforcement action from the European Commission, which began investigating potential DMA violations in March. Companies found breaching the regulations could face fines of up to 10% of their annual global revenue.

Brazilian antitrust regulator Cade said this week that Apple must lift restrictions on payment methods for in-app purchases, among other things, as the watchdog moved to proceed with an investigation into a complaint filed by Latin America e-commerce giant MercadoLibre. From a report: MercadoLibre's complaint, filed in 2022 in Brazil and Mexico, accused Apple of imposing a series of restrictions on the distribution of digital goods and in-app purchases, including banning apps from distributing third-party digital goods and services such as movies, music, video games, books and written content.

In the complaint, MercadoLibre criticized the California tech giant for requiring developers that offer digital goods or services within apps to use Apple's own payment system and stopping them from redirecting buyers to their websites. Cade ruled that Apple must allow app developers to add tools so customers can buy their services or products outside the app, such as through the use of hyperlinks to external websites.

Craig Newmark "is alarmed about potential cybersecurity risks in the U.S.," according to Yahoo Finance. The 71-year-old Craigslist founder says "our country is under attack now" in a new interview with Yahoo Finance executive editor Brian Sozzi on his Opening Bid podcast.

But Newmark also revealed what he's doing about it: [H]e started Craig Newmark Philanthropies to primarily invest in projects to protect critical American infrastructure from cyberattacks. He told Sozzi he is now spending $200 million more to address the issue, on top of an initial $100 million pledge revealed in September of this year. He encouraged other wealthy people to join him in the fight against cyberattacks. "I tell people, 'Hey, the people who protect us could use some help. The amounts of money comparatively are small, so why not help out,'" he said... The need for municipalities and other government entities to act rather than react remains paramount, warns Newmark. "I think a lot about this," said Newmark.

"I've started to fund networks of smart volunteers who can help people protect infrastructure, particularly [for] the small companies and utilities across the country who are responsible for most of our electrical and power supplies, transportation infrastructure, [and] food distribution.... A lot of these systems have no protection, so an adversary could just compromise them, saying unless you do what we need, we can start shutting off these things," he continued. Should that happen, recovery "could take weeks and weeks without your water supply or electricity."
A web page at Craig Newmark Philanthropies offers more details Craig was part of the whole "duck and cover" thing, in the 50s and 60s, and realizes that we need civil defense in the cyber domain, "cyber civil defense." This is patriotism, for regular people.

He's committed $100 million to form a Cyber Civil Defense network of groups who are starting to protect the country from cyber threats. Attacks on our power grids, our cyber infrastructure and even the internet-connected gadgets and appliances in our homes are real. If people think that's alarmist, tell them to "Blame Craig." The core of Cyber Civil Defense [launched in 2022] includes groups like Aspen Digital, Global Cyber Alliance, and Consumer Reports, focusing on citizen cyber education and literacy, cyber tool development, and cybersecurity workforce programs aimed at diversifying the growing field.
It's already made significant investments in groups like the Ransomware Task Force and threat watchdog group Shadowserver Foundation...

Slashdot reader Bruce66423 shared this report from the Guardian: Staff have resigned at Starling Bank after its new chief executive demanded thousands of workers attend its offices more frequently, despite lacking enough space to host them.

In his first major policy change since taking over from the UK digital bank's founder, Anne Boden, in March, Raman Bhatia has ordered all hybrid staff — many of whom were in the office only one or two days a week, or on an ad-hoc basis — to travel to work for a minimum of 10 days each month. But the bank, which operates online only, admitted that some of its offices would not be equipped to handle the influx... "We are considering ways in which we can create more space," an email sent by Starling's human resources team and seen by the Guardian said.

Starling has 3,231 staff, the vast majority of whom are in the UK with some also in Dublin. However, the Guardian understands that the bank has only about 900 desks, including 260 at its Cardiff site, 320 in its London headquarters and 155 in Southampton. The bank has a further 160 desks in its newest site in Manchester, where it has signed a 10-year lease to occupy the fifth floor of the Landmark building, which also houses Santander UK and HSBC staff... Some staff have already resigned over the "rushed" announcement, while others have threatened to do so...

The return to office announcement came a month after the Financial Conduct Authority hit Starling with a £29m fine after discovering "shockingly lax" controls that it said left the financial system "wide open to criminals". That included failures in its automated screening system for individuals facing government sanctions.
Starling Bank issued this statement to explain its reasoning. "By bringing colleagues together in person, our aim is to achieve greater collaboration that will benefit our customers as we enter Starling's next phase of growth."

The article also notes that the U.K. supermarket chain Asda "has also toughened its stance, making it compulsory for thousands of workers at its offices in Leeds and Leicester to spend at least three days a week at their desks from the new year."

Neuralink, the brain chip startup founded by Elon Musk, says it has received approval to launch its first clinical trial in Canada for a device designed to give paralysed individuals the ability to use digital devices simply by thinking. Reuters reports: [T]he Canadian study aims to assess the safety and initial functionality of its implant which enables people with quadriplegia, or paralysis of all four limbs, to control external devices with their thoughts. Canada's University Health Network hospital said in a separate statement that its Toronto facility had been selected to perform the complex neurosurgical procedure. Neuralink has successfully implanted the device in two patients in the United States. One of the patients has been using it to play video games and learn how to design 3D objects.

The Register's Simon Sharwood reports: Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it. The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated:

- Ensuring family members can unlock your smartphone or computer in case of emergency;
- Maintain a list of your subscriptions, user IDs and passwords;
- Consider putting those details in a document intended to be made available when your life ends;
- Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.

The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.

An anonymous reader quotes a report from KrebsOnSecurity: The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company employs more than 7,000 people and serves approximately 8,100 financial institutions around the world. A major part of Finastra's day-to-day business involves processing huge volumes of digital files containing instructions for wire and bank transfers on behalf of its clients.

On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra's internally hosted file transfer platform. Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems. "On November 8, a threat actor communicated on the dark web claiming to have data exfiltrated from this platform," reads Finastra's disclosure, a copy of which was shared by a source at one of the customer firms. "There is no direct impact on customer operations, our customers' systems, or Finastra's ability to serve our customers currently," the notice continued. "We have implemented an alternative secure file sharing platform to ensure continuity, and investigations are ongoing." But its notice to customers does indicate the intruder managed to extract or "exfiltrate" an unspecified volume of customer data.

An anonymous reader quotes a report from Ars Technica: Microsoft Flight Simulator 2024 is out today (Xbox/PC, Steam), and it packs in a whole lot of simulation. It's hard to imagine topping the 2020 version, which contained the entire world, at scale, 3D modeled and able to be flown over. It had real-time weather and rather detailed physics. You could theoretically fly a helicopter back to your high school football field and land on it, like 15-year reunion royalty.

What could come next? A lot, including a world simulation that Microsoft repeatedly describes as Earth's "full digital twin." There are few, if any, real "reviews" up yet, given the size of the game and seemingly late access for reviewers. As such, I offer up all the notable things packed into this latest release so that those with flight sticks, patience, and a desire to get way up yonder can decide whether to take off. These are the most "notable things" available in this latest release, as highlighted by Ars' Kevin Purdy:

- The file size is much smaller than the 2020 version, totaling "around 30GB"
- You can expect ~5GB an hour of streaming data (up-close data is streamed on demand; flying high-up in the skies uses pre-loaded data)
- AI learning has allowed for "4,000 times more" detail in textures and terrain meshes
- Aircraft and airports you customized or purchased are carried over from 2020 into 2024
- There's a new Career Mode, with 26 different paths
- Animals have more realistic behavior -- e.g. sheep head inside when it's raining, birds migrate, and elephants will be more aware of your flybys
- Flight Simulator 2020 will continue to get support

This week Alphabet CEO Sundar Picahi assured investors that their long-term AI focus and investment (and a "commitment to innovation") "are paying off," reports the Associated Press. Alphabet's stock has already soared 20% this year, and it's "still thriving" as the company "navigates through a pivotal shift to AI and battles regulators..." Alphabet earned $26.3 billion, or $2.12 per share during the most recent quarter, a 34% increase from a year ago. Revenue rose 15% from the same time last year to $88.27 billion... The profits would have been even higher if Google wasn't pouring so much money into building up its AI arsenal in a technological arms race that includes other industry heavyweights Microsoft, Amazon, Apple, Facebook parent Meta Platforms and rising star OpenAI. The AI investments are the primary reason Google's capital expenditures in the past quarter soared 62% from the same time last year to $13.1 billion. The AI spending will likely stay at roughly the same level during the current October-December period, and the rise even higher next year, according to Anat Ashkenazi, Alphabet's chief financial officer.

But Ashkenazi also emphasized the Mountain View, California, company will act on cost-cutting opportunities in other areas to help boost profits. Alphabet already has trimmed its payroll from more than 190,000 worldwide employees early last year to about 181,000 workers now. In an example of how AI can perform tasks that once required human brainpower, Pichai said the technology is now writing more than 25% of the company's new computer coding.
After the results, investors sent Alphabet's stock price up 5% in extended trading, the article points out. "Both Alphabet's profit and revenue increased at a brisker pace than industry analysts anticipated, thanks primarily to a moneymaking machine powered by Google's ubiquitous search engine... [Google's digital search-engine ads earned $49.39 billion, 12% more than the same quarter of 2023.] And Google's cloud division is growing at an even more robust rate, thanks to demand for AI services. The cloud division generated $11.35 billion in revenue during the past quarter, a 35% increase from last year."

And meanwhile over at Microsoft, quarterly sales surged 16% to $65.6 billion, reports the Associated Press. But again, "the company sought to assure investors its huge spending on artificial intelligence is paying off." The company has spent billions of dollars to expand its global network of data centers and other physical infrastructure required to develop AI technology... As a result, AI-related products are now on track to contribute about $10 billion to the company's annual revenue, the "fastest business in our history to reach this milestone," CEO Satya Nadella said on a call with analysts Wednesday. [Though Microsoft "hasn't yet formally reported revenue specifically from AI products," the article notes later, with Microsoft instead saying it's infused AI and Copilot into all its business segments.]
Just in the last quarter, Microsoft spent $20 billion "mostly for its cloud computing and AI needs," the article points out.

But there's still making plenty of money... The software maker also reported an 11% increase in quarterly profit to $24.7 billion, or $3.30 per share, which beat Wall Street expectations for the July-September period... Leading in sales for the quarter was Microsoft's productivity business segment, which includes its Office suite of email and other workplace products, growing 12% to $28.3 billion. Microsoft's cloud-focused business segment grew 20% from the same time last year to $24.1 billion for the three months ending Sept. 30. Its personal computing business, led by its Windows division, grew 17% to $13.2 billion. A big part of that growth came from Microsoft's Xbox video game business, which was boosted by its purchase of game publishing giant Activision Blizzard a year ago.

Eighteen Republican state attorneys general have sued the U.S. Securities and Exchange Commission (SEC) and Chair Gary Gensler on Thursday, challenging the agency's authority to regulate cryptocurrency markets.

The lawsuit, led by Kentucky Attorney General Russell Coleman, alleges the SEC has exceeded its statutory powers by attempting to assume broad regulatory control over digital assets without congressional authorization. The complaint argues the agency's actions infringe on states' rights to develop their own cryptocurrency regulations and harm consumers by imposing ill-fitting federal securities laws on digital assets.

Speaking at a legal conference Thursday, Gensler defended the agency's approach, citing consistent court support for SEC enforcement actions in cryptocurrency cases. The regulatory landscape appears set for change following President-elect Trump's victory. Trump, who previously dismissed cryptocurrency as a "scam," has pledged to make the U.S. the "crypto capital of the planet" and remove Gensler.

An anonymous reader quotes a report from Bloomberg: The Australian government plans to enact laws requiring big tech firms to protect its citizens online, the latest move by the center-left Labor administration to crack down on social media including through age limits and curbs on misinformation. Communications Minister Michelle Rowland announced the government's plan for a legislated Digital Duty of Care in Australia on Wednesday night, saying it aligned with similar laws in the UK and European Union. "It is now time for industry to show leadership, and for social media to recognize it has a social responsibility," Rowland said in a speech in Sydney announcing the measures. It would "keep users safe and help prevent online harms."

In response to the laws, Facebook and Instagram operator Meta Platforms Inc. called for the restrictions to be handled by app stores, such as those run by Google and Apple Inc., rather than the platforms themselves. The government has ignored those requests, but has yet to announce what fines companies would face or what age verification information will need to be provided. At the same time, Albanese has moved forward controversial laws to target misinformation and disinformation online, which opponents have labeled an attack on freedom of speech. Earlier this month, Albanese said the government would legislate for a ban on social media for children under 16, a policy the government says is world-leading. "Social media is doing harm to our kids and I'm calling time on it," Albanese told a news conference.

Each day leading up through the 16th (the official day Half-Life 2 was launched), Ars Technica will be publishing a new article looking back at the game and its impact. Here's an excerpt from an article published today by Ars Technica's Kyle Orland: When millions of eager gamers first installed Half-Life 2 20 years ago, many, if not most, of them found they needed to install another piece of software alongside it. Few at the time could imagine that piece of companion software -- with the pithy name Steam -- would eventually become the key distribution point and social networking center for the entire PC gaming ecosystem, making the idea of physical PC games an anachronism in the process.

While Half-Life 2 wasn't the first Valve game released on Steam, it was the first high-profile title to require the platform, even for players installing the game from physical retail discs. That requirement gave Valve access to millions of gamers with new Steam accounts and helped the company bypass traditional retail publishers of the day by directly marketing and selling its games (and, eventually, games from other developers). But 2004-era Steam also faced a vociferous backlash from players who saw the software as a piece of nuisance DRM (digital rights management) that did little to justify its existence at the time. In honor of the anniversary, Orbifold Studios released a new Half-Life 2 RTX trailer. "[T]his is a remastering project that leverages the technologies of NVIDIA's RTX Remix and has the blessing of the original developer, Valve," reports Wccftech. "Orbifold Studios, a team of experienced modders, was founded specifically to bring this project to fruition." It's unclear when exactly this project will be finished.

Nvidia is also giving away a custom Half-Life 2 themed RTX 480 Super Founders Edition.

Washington Post: The Consumer Financial Protection Bureau has taken steps to place Google under formal federal supervision, an extraordinary move that could subject the technology giant to the regular inspections and other rigorous monitoring that the government imposes on major banks.

Google has fiercely resisted the idea over months of highly secretive talks, according to two people familiar with the discussions, who spoke on the condition of anonymity to describe them -- setting up what may ultimately be a major legal clash with vast implications for the CFPB's powers in the digital age.

The exact scope of the CFPB's concerns is not clear, and its order does not appear to be final. The political fate of the bureau's work under Director Rohit Chopra is also in doubt, as the watchdog agency braces for potentially significant changes to its leadership and agenda with the return of President-elect Donald Trump to the White House.

Formed in the aftermath of the 2008 financial crisis, the CFPB has broad powers to protect consumers from unfair, deceptive or predatory financial practices. That includes the ability to place certain firms under supervision, a status that can afford regulators direct access to the company's internal records to ensure their activities are sound -- and seek fixes if they are not.

If you have Spotify's soon-to-be-bricked Car Thing, there are a few ways you can give it a new lease on life. YouTuber Dammit Jeff has showcased modifications to Car Thing that makes the device useful as a desktop music controller, customizable shortcut tool, or a simple digital clock. Ars Technica's Kevin Purdy reports: Spotify had previously posted the code for its uboot and kernel to GitHub, under the very unassuming name "spsgsb" and with no announcement (as discovered by Josh Hendrickson). Jeff has one idea why the streaming giant might not have made much noise about it: "The truth is, this thing isn't really great at running anything." It has half a gigabyte of memory, 4GB of internal storage, and a "really crappy processor" (Amlogic S905D2 SoC) and is mostly good for controlling music.

How do you get in? The SoC has a built-in USB "burning mode," allowing for a connected computer, running the right toolkit, to open up root access and overwrite its firmware. Jeff has quite a few issues getting connected (check his video description for some guidance), but it's "drag and drop" once you're in. Jeff runs through a few of the most popular options for a repurposed Car Thing:

- DeskThing, which largely makes Spotify desk-friendly, but adds a tiny app store for weather (including Jeff's own WeatherWave), clocks, and alternate music controls
- GlanceThing, which keeps the music controls but also provides some Stream-Deck-like app-launching shortcuts for your main computer.
- Nocturne, currently invite-only, is a wholly redesigned Spotify interface that restores all its Spotify functionality.

Apple was notified by the European Union that its geo-blocking practices are potentially in breach of consumer protection rules, adding to the iPhone maker's regulatory issues in the bloc. From a report: Apple's App Store, iTunes Store and other media services unlawfully discriminate against European customers based on their place of residence, according to a European Commission statement on Tuesday.

The notification comes as Apple is facing the first-ever fine under the Digital Markets Act, or DMA, for failing to allow app developers to steer users to cheaper deals, Bloomberg News reported last week. That penalty is set to come months after the Cupertino, California-based company was hit with a $1.9 billion fine for similar abuses under the bloc's traditional competition rules.

The geo-locating investigation was conducted together with a network of national consumer authorities and found Apple media services only allow users to use payment cards issued in the countries they registered their Apple accounts, according to the statement. The App Store also blocks users from downloading apps offered in other countries, the investigation found.

Qwant, France's privacy-focused search engine, and Ecosia, a Berlin-based not-for-profit search engine that uses ad revenue to fund tree planting and other climate-focused initiatives, are joining forces on a joint venture to develop their own European search index. TechCrunch: The pair hopes this move will help drive innovation in their respective search engines -- including and especially around generative AI -- as well as reducing dependence on search indexes provided by tech giants Microsoft (Bing) and Google. Both currently rely on Bing's search APIs while Ecosia also uses Google's search results. Rising API costs are one clear motivator for the move to shrink this Big Tech dependency, with Microsoft massively hiking prices for Bing's search APIs last year.

Neither Ecosia nor Qwant will stop using Bing or Google altogether. However, they aim to diversify the core tech supporting their services with their own index. It will lower their operational costs, and serve as a technical base to fuel their own product development as GenAI technologies take up a more central role in many consumer-facing digital services. Both search engines have already dabbled in integrating GenAI features. Expect more on this front, although they aren't planning to develop AI model development themselves. They say they will continue to rely on API access to major platforms' large language models (LLMs) to power these additions. The pair is also open to other European firms joining in with their push for more tech stack sovereignty -- at least as fellow customers for the search index, as they plan to license access via an API. Other forms of partnership could be considered too, they told TechCrunch.

Cryptocurrency backers continue to bid up Bitcoin prices, pushing the digital token to a new high of about $84,000 on Monday. The New York Times: The cryptocurrency has surged since Election Day, on investor hopes that President-elect Donald J. Trump and his appointees would be friendlier to the industry after the Biden administration's aggressive enforcement of securities law that targeted several crypto companies.

Cryptocurrencies have become a major component of the so-called Trump trade. Bitcoin exchange-traded funds, which got the regulatory green light to trade this year, have been booming over the past week. Crypto-related companies have also jumped in value: Riot Platforms, a Bitcoin miner, is up 68 percent since Election Day and Coinbase, a crypto exchange, is up 69 percent over the same period.