DirecTV has agreed to acquire struggling rival Dish Network, creating a satellite TV behemoth with nearly 20 million subscribers. The complex transaction, announced Monday, involves private equity firm TPG acquiring a majority stake in DirecTV from AT&T for $7.6 billion. DirecTV will then purchase Dish for $1 and assume its debt.

The deal provides a lifeline for Dish, which faces $2 billion in debt due November with only $500 million in available cash. EchoStar, Dish's parent company, will retain its wireless spectrum investments and operate independently. Subject to regulatory approval and creditor agreement, the merger is expected to close in late 2025. DirecTV and TPG will provide $2.5 billion to cover Dish's immediate financial needs. The deal's fate remains uncertain, as a similar 2002 merger attempt was blocked on antitrust grounds.

An anonymous reader shared this report from the Washington Post: Look at the top right corner of your phone. You might see an icon with "5G" and another with vertical bars showing the strength of your internet connection. Those symbols don't mean what you think they do.

If your phone shows "5G," you're not necessarily connected to the latest and zippiest cellphone network technology. It might just mean that 5G connections are available nearby. And the bars are a cellular version of a shrug. There is no standard measure of how much signal strength each bar represents. "The connection icon is a lie," said Avi Greengart, president of the technology analysis firm Techsponential...

The good news is you might not need 5G, anyway. Most of the time, your phone calls, texting and web surfing are perfectly fine on the prior generation of wireless technology called 4G or sometimes "LTE." Many phone networks will funnel you over 5G service when it makes a real difference, like if you're on a video call or playing an intense video game.

If you see more specific types of 5G icons, like "5G UW" used by Verizon or "5G UC" if you're on T-Mobile service, Hyers said you're probably connected to a 5G network at that moment. Those extra letters or symbols sometimes indicate types of 5G technology that are capable of faster and more reliable connections, but they aren't always better, depending on your circumstances. Confusingly, AT&T has showed "5G E" icons on phones. That is not 5G service at all.
Here's how major carriers responded to the Post's reporter:

• "AT&T said its '5G' indicators on phones line up with a telecommunications standards organization that established the icon to mean 5G networks are available."

• "Verizon didn't respond to my questions."

• "T-Mobile said for most of its cellphone network, your phone accurately reflects if you're on 5G."

The article suggests setting your phone to just automatically switch to 5G networks when high-bandwidth applications are in use...

Hot on the heels of United Airlines' Starlink announcement, Hawaiian Airlines said it, too, is offering "fast and free Starlink Wi-Fi" across its entire Airbus fleet. CNET reports: Hawaiian Airlines is now the first major carrier to use Elon Musk's satellite internet service, which taps more than 7,000 satellites in low earth orbit to deliver high-speed internet worldwide. "In Starlink's low earth orbit constellation of advanced satellites, the latest of which utilize a revolutionary laser mesh network, we found an ideal solution to ensure reliable, high-speed, low-latency Wi-Fi on transpacific flights," a Hawaiian Airlines representative told CNET. "Working with Starlink has allowed us to offer a fast and consistent in-flight connectivity experience that meets our high standard for guest service."

The company first debuted Starlink on its planes in February on a flight from Honolulu to Long Beach, California. It first struck a deal with Starlink in 2022 and has now completed installation across its entire Airbus fleet, which includes 24 A330 planes and 18 A321neos. Hawaiian Airlines will also deploy the service on its two Boeing 787-9 planes, but not its Boeing 717 aircraft, which are used on shorter flights between the Hawaiian Islands.

"Dozens of Fortune 100 organizations" have unknowingly hired North Korean IT workers using fake identities, generating revenue for the North Korean government while potentially compromising tech firms, according to Google's Mandiant unit. "In a report published Monday [...], researchers describe a common scheme orchestrated by the group it tracks as UNC5267, which has been active since 2018," reports The Record. "In most cases, the IT workers 'consist of individuals sent by the North Korean government to live primarily in China and Russia, with smaller numbers in Africa and Southeast Asia.'" From the report: The remote workers "often gain elevated access to modify code and administer network systems," Mandiant found, warning of the downstream effects of allowing malicious actors into a company's inner sanctum. [...] Using stolen identities or fictitious ones, the actors are generally hired as remote contractors. Mandiant has seen the workers hired in a variety of complex roles across several sectors. Some workers are employed at multiple companies, bringing in several salaries each month. The tactic is facilitated by someone based in the U.S. who runs a laptop farm where workers' laptops are sent. Remote technology is installed on the laptops, allowing the North Koreans to log in and conduct their work from China or Russia.

Workers typically asked for their work laptops to be sent to different addresses than those listed on their resumes, raising the suspicions of companies. Mandiant said it found evidence that the laptops at these farms are connected to a "keyboard video mouse" device or multiple remote management tools including LogMeIn, GoToMeeting, Chrome Remote Desktop, AnyDesk, TeamViewer and others. "Feedback from team members and managers who spoke with Mandiant during investigations consistently highlighted behavior patterns, such as reluctance to engage in video communication and below-average work quality exhibited by the DPRK IT worker remotely operating the laptops," Mandiant reported.

In several incident response engagements, Mandiant found the workers used the same resumes that had links to fabricated software engineer profiles hosted on Netlify, a platform often used for quickly creating and deploying websites. Many of the resumes and profiles included poor English and other clues indicating the actor was not based in the U.S. One characteristic repeatedly seen was the use of U.S-based addresses accompanied by education credentials from universities outside of North America, frequently in countries such as Singapore, Japan or Hong Kong. Companies, according to Mandiant, typically don't verify credentials from universities overseas. Further reading: How Not To Hire a North Korean IT Spy

Evan Prodromou, co-author of the ActivityPub protocol, has launched The Social Web Foundation to address the challenges of the ActivityPub ecosystem and foster the growth of the Fediverse. The foundation aims to support developers, organizations, and governments through advocacy, educational materials, and infrastructure, while maintaining a decentralized approach to improving the social web. We Distribute reports: "I wish I would've started it five years ago," Evan explains in a call, "We're seeing growth of ActivityPub in the commercial sector, we want to help guide that work, especially for devs that don't know how to engage with the Fediverse, or the work that happens in private spaces. As we're seeing a lot of growth, it's important to help push that growth forward, we're really filling in the crack no other organization is doing." The foundation launches with a dedicated team of three: Evan Prodromou is the Research Director, Mallory Knodel serves as the Executive Director, and Tom Coates acts as Product Director. The trio brings a wealth of knowledge regarding protocol development, open source development, technology policy, and product development for the Web.

In terms of fulfilling its goals, the organization has a few specific areas of focus: People, Policy, Protocol, and Plumbing. The SWF has deemed these areas as critical to their mission statement, and will start with these core focuses. [...] At launch, The Social Web Foundation has announced 12 partner organizations, who serve as a pool of knowledge, resources, and stakeholders. The majority of these entities are either building for the Fediverse directly, or providing infrastructure and services indirectly. Aside from Meta being an early supporter, one surprise is the inclusion of The Ford Foundation, a social justice organization dedicated to supporting next-generation solutions for the social good. At time of launch, the SWF will have access to more than 20 dedicated advisors, who will guide the organization on current problem areas their own efforts are facing, and provide insights on how to move forward and make progress. "The Fediverse is too big and too diverse for anyone to claim to speak for the Fediverse. That's not what we want to do or who we want to be," Evan says, "We may do things that people on the network disagree with, like encouraging media organizations to join the network, but what we want to do is help the mission of growing and improving the Fediverse over time."

As of September 11th, Russia has blocked access to OONI Explorer, citing concerns over circumvention tools. This block affects Russian users' ability to access not only circumvention data but also the extensive dataset on global internet censorship that OONI provides. From a blog post: OONI Explorer is one of the largest open datasets on internet censorship around the world. We first launched this web platform back in 2016 with the goal of enabling researchers, journalists, and human rights defenders to investigate internet censorship based on empirical network measurement data that is contributed by OONI Probe users worldwide. Every day, we publish new measurements from around the world in real-time.

Today, OONI Explorer hosts more than 2 billion network measurements collected from 27 thousand distinct networks in 242 countries and territories since 2012. Out of all countries, OONI Probe users in Russia contribute the second largest volume of measurements (following the U.S, where OONI Probe users contribute the most measurements out of any country). This has enabled us to study various cases of internet censorship in Russia, such as the blocking of Tor, the blocking of independent news media websites, and how internet censorship in Russia changed amid the war in Ukraine.

In this report, we share OONI data on the blocking of OONI Explorer in Russia.

Hackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in recent months in pursuit of sensitive information, WSJ reported Wednesday, citing people familiar with the matter. From the report: The hacking campaign, called Salt Typhoon by investigators, hasn't previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing's massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe.

In Salt Typhoon, the actors linked to China burrowed into America's broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack. Last week, U.S. officials said they had disrupted a network of more than 200,000 routers, cameras and other internet-connected consumer devices that served as an entry point into U.S. networks for a China-based hacking group called Flax Typhoon. And in January, federal officials disrupted Volt Typhoon, yet another China-linked campaign that has sought to quietly infiltrate a swath of U.S. critical infrastructure.

"The cyber threat posed by the Chinese government is massive," said Christopher Wray, the Federal Bureau of Investigation's director, speaking earlier this year at a security conference in Germany. "China's hacking program is larger than that of every other major nation, combined." U.S. security officials allege that Beijing has tried and at times succeeded in burrowing deep into U.S. critical infrastructure networks ranging from water-treatment systems to airports and oil and gas pipelines. Top Biden administration officials have issued public warnings over the past year that China's actions could threaten American lives and are intended to cause societal panic. The hackers could also disrupt the U.S.'s ability to mobilize support for Taiwan in the event that Chinese leader Xi Jinping orders his military to invade the island.

Microsoft giveth and Microsoft taketh away, as administrators using Windows Server Update Services (WSUS) will soon find out. From a report: Windows Server 2025 remains in preview, but Microsoft has been busy letting users know what is set for removal and what will be deprecated in the release. WSUS fits into the latter category -- still there for now, but no longer under active development. This is a big deal for many administrators who rely on the feature to deploy and manage the distribution of updates and features in an enterprise environment.

It'll even work on a network disconnected from the internet -- download the patches to a connected computer, stick them on some removable media, import the patches to a WSUS server on the disconnected network, and away you go. A tame administrator told El Reg: "We are migrating to Intune. It's a lot more complicated than WSUS, and it takes a lot longer to get set up."

"Such is progress!" he sighed. Microsoft's advice is, unsurprisingly, to migrate to cloud tools. As well as the aforementioned Intune, there is also Windows Autopatch for client update management or Azure Update Manager for server update management. And there are plenty of third-party tools out there too, such as Ansible. Microsoft's announcement has attracted comment. One user said: "Congratulations, you just made centralized automated patching subject to internal politics and budget constraints. "I survived the era of Melissa, SQL Slammer, and other things that were solved when we no longer had to choose between paid patch management or trusting admins of every server to do the right thing. For those of you that did not live through that, buckle up!"

The Department of Justice has filed an antitrust lawsuit against Visa, alleging that the financial services firm has an illegal monopoly over debit network markets and has attempted to unlawfully crush competitors, including fintech companies like PayPal and Square. From a report: The lawsuit follows a multiyear investigation of Visa which the company disclosed in 2021. "We allege that Visa has unlawfully amassed the power to extract fees that far exceed what it could charge in a competitive market," Attorney General Merrick Garland said in a statement. "Merchants and banks pass along those costs to consumers, either by raising prices or reducing quality or service. As a result, Visa's unlawful conduct affects not just the price of one thing -- but the price of nearly everything."

Visa makes more than $7 billion a year in payment processing fees alone, and more than 60 percent of debit transactions in the United States run on Visa's network, the complaint claims. The government alleges that Visa's market dominance is partly due to the "web of exclusionary agreements" it imposes on businesses and banks. Visa has also attempted to "smother" competitors -- including smaller debit networks and newer fintech companies -- the complaint alleges. Visa executives allegedly feel particularly threatened by Apple, which the company has described as an "existential threat," the DOJ claims.

Microsoft unveiled detailed security reforms Monday, five months after CEO Satya Nadella pledged to prioritize cybersecurity following major breaches. The 25-page Secure Future Initiative report [PDF] outlines technical and governance changes addressing criticisms in an April 2024 Cyber Safety Review Board report that deemed Microsoft's security culture "inadequate."

Microsoft said it implemented significant security upgrades to its Entra ID and Microsoft Account systems, introducing Azure-managed hardware security modules for access token signing keys. The company has also purged 5.75 million inactive tenants to minimize potential attack vectors and adopted a new testing system with secure defaults to prevent legacy-related security issues. Concurrently, Microsoft has enhanced its network tracking capabilities, now monitoring over 99 percent of its physical network through a centralized inventory system, which aids in firmware compliance and logging.

Internal security measures have been tightened, with engineering teams facing stricter access controls. Personal access tokens are now limited to seven days, SSH access has been disabled for internal engineering repositories, and access to critical engineering systems has been restricted to fewer groups. Additionally, Microsoft has extended its audit log retention period to a minimum of two years, bolstering its ability to investigate and respond to potential security incidents.

In the antitrust trial alleging Google had an ad-selling monopoly, "government lawyers have said some of their strongest evidence is in Google's own internal communications," reports the Wall Street Journal: [In 2010] a new crop of ad-tech companies were threatening Google's bottom line. "One way to make sure we don't get further behind in the market is picking up the one with the most traction and parking it somewhere..." [wrote YouTube Chief Executive Neal Mohan, who previously ran Google's display-ads business]. Google ended up buying one such company, AdMeld, for $400 million in 2011. Google shut down AdMeld two years later, after incorporating some of the startup's technology into its ad exchange, known commonly as AdX.

The Justice Department argued that AdMeld was part of a larger trend: Google acquiring nascent rivals to corner the market and then locking customers into using its products by conditioning access to one software tool on them paying for another... In a 2016 email introduced by the government, Google executive Jonathan Bellack asked colleagues: "Is there a deeper issue with us owning the platform, the exchange, and a huge network? The analogy would be if Goldman or Citibank owned the NYSE [New York Stock Exchange]...." The Justice Department also cited a 2018 email from another then-executive, Chris LaSala, who raised concerns internally over the 20% cut that Google takes from many of its AdX customers, saying Google was extracting "irrationally high rent" from users. "I don't think there is 20% of value in comparing two bids," wrote LaSala. "AdX is not providing additional liquidity to the market. It is simply running the auction."

Another former Google executive, Eisar Lipkovitz, testified that Google's omnipresence in ad-tech gives rise to conflicts of interest. Lipkovitz was rebuffed when he tried to get Google to lower the cut it took from AdX, he testified in a prerecorded deposition. The Justice Department finished presenting its case on Friday. Other witnesses included Google customers. One was Stephanie Layser, a former News Corp executive, who said she felt she had no choice but to use Google technology because the search giant has such market power that switching to another ad server would have meant losing out on millions in advertising revenue.
Google's lawyer countered that "There will be no witness in this case who can say with clarity where this industry is going in the next five years."

Or, as the Wall Street Journal puts it, "It makes no sense to focus on display ads, Google argues, when the industry is shifting to apps, social media and streaming services. Far from monopolizing the space, Google is actually losing ground, Google lawyer Karen Dunn said in her opening trial statement..."

The Washington Post reports that electric vehicles made by General Motors now can use Tesla's Superchargers. (GM's charger adapters "will first be made available to customers in the United States, followed by availability for Canadian customers later this year.") The Post writes that the move "expands the number of vehicles compatible with the North American Charging Standard developed by Tesla" — and also marks "another step forward for efforts to settle on a universal public charger network for battery-powered cars and trucks in the U.S.

"It could also allay some GM customers' concerns about a lack of charging options." The new changes take effect immediately, along with sales of the GM-approved power adapters... The deal makes roughly 17,800 Tesla Superchargers available to drivers of GM-manufactured vehicles such as the Chevy Bolt, Cadillac Lyriq and Silverado EV, with the help of an adapter that costs $225... GM estimates that the partnership with Tesla contributes to an overall network of 231,800 fast chargers across the United States available to drivers of its vehicles. GM is also part of IONNA, a joint venture of eight automakers that plans to build at least 30,000 high-powered chargers nationwide.
GM's statement calls it "a move that will help accelerate fast and convenient charging options for current and future EV drivers." And the move comes 15 months after GM announced it was adopting the standard — a move followed within weeks by similar announcements from Rivian, Ford, Volvo, Nissan, Hyundai and Kia. "Ford and Rivian have started distributing adapters for their EVs," the Washington Post points out, "while others, such as BMW, Honda, Hyundai and Mercedes-Benz have promised to start making their vehicles compatible this year or next."

"Knowing we will now have access to Tesla Supercharger locations means that range anxiety has now virtually evaporated..." argues a Chevy owner at CleanTechnica: This is mostly good news for drivers of electric cars from GM. Tesla and The General have been bitter enemies in the past, with GM opposing Tesla's direct sales model in many states. The once fierce battle has cooled in recent years, but GM essentially won by keeping Tesla from selling direct to the public in several US states, including its new home of Texas. Nevertheless, the two companies are now cooperating, which is a bonus for drivers...

Despite some niggling concerns, this is a big deal for EV drivers in North America. Tesla Superchargers are the gold standard in the industry today. There are fast, reliable, and always located in clean, well-lit places where restrooms and fresh foods are available. This could very well change the conversation about electric cars to the point where by the time GM, Ford, and Stellantis get their plug-in hybrids into showrooms, the demand for them will have shrunk considerably.
One GM executive says in this week's statement that "GM's ongoing efforts to help accelerate the expansion of public charging infrastructure is an integral part of our commitment to an all-electric future."

The administrators of Great Britain's power grid admit that it's often unable to use energy-storage batteries due to old computer systems and an old network with "not enough cables", according to the Financial Times — though the system operator says they're making progress after upgrading their system last December: The company has plans to lower the rate at which batteries are sidelined to single figures by early next year [said Craig Dyke, from National Grid's electricity system operator], calling current levels "higher than where we want them to be". Dyke's comments came in response to a letter from four leading battery storage groups which said National Grid's "electricity system operator" or ESO division was making the country's power costlier and dirtier by failing to use their technology properly. "Consumers are paying more, clean renewable energy is being wasted, and fossil fuel generation is being used instead," they said... depriving them of revenue and undermining investor confidence.
While the U.K. has the world's second-largest offshore wind market, the article notes that when the system operator can't send its power where it's needed, "the ESO pays wind farms in one place to switch off... and can also need to pay gas-fired power plants in another area to turn on. These payments add up to hundreds of millions of pounds each year, and the costs are passed on to household and business energy bills."

"Use of battery storage abroad has soared in places such as California, where batteries soak up solar power during the day and regularly supply a fifth of the state's power in the evening..."

Thanks to long-time Slashdot reader AmiMoJo for sharing the article.

X's struggles in Brazil got this update from the Guardian Wednesday: In a statement tweeted from X's global government affairs account, the company said the restoration of service was an "inadvertent and temporary" side-effect of switching network providers.
But Friday "After defying court orders in Brazil for three weeks, Mr. Musk's social network, X, has capitulated," writes the New York Times. "In a court filing on Friday night, the company's lawyers said that X had complied with orders from Brazil's Supreme Court in the hopes that the court would lift a block on its site."

"The company's lawyers said X had complied with the court's orders — blocking designated accounts, paying fines, and naming a new formal representative in the country," writes TechCrunch (citing reporting by the New York Times): In a filing of its own, the Supreme Court reportedly responded by telling X it had not provided the proper paperwork and giving it five days to do so....

X came back online in Brazil earlier this week, although Cloudflare CEO Matthew Prince told TechCrunch that the timing of the company's recent switch to Cloudflare infrastructure is just a "coincidence." During the ban, Brazilian users sought out social media alternatives, leading to dramatic growth at Bluesky and Tumblr.
The New York Times believes "The moment showed how, in the yearslong power struggle between tech giants and nation-states, governments have been able to keep the upper hand."

Although I'm curious about that missing paperwork...

An anonymous reader quotes a report from Bloomberg: Walmart customers will soon have the option to pay directly from their bank accounts with instant transfers for online purchases. The enhanced feature is a flash point in the escalating tensions between merchants and the card networks setting the fees for payment processing. The world's largest retailer has offered pay-by-bank through Walmart Pay since earlier this year. Until now, the transactions were akin to digital checks and took roughly three days to finalize when being processed through The Automated Clearing House, the same network often used for bill payments or paycheck deposits. Soon, customers opting for pay-by-bank transactions will see the purchase reflected in their bank account balance instantly -- and Walmart will receive the funds immediately. [...]

Walmart's upgraded pay-by-bank offering will be rolled out in 2025. The transactions will occur over bank technology provider Fiserv's NOW Network, which integrates with The Clearing House's Real Time Payments network and the Federal Reserve's FedNow. Until now, large retailers hesitated to launch real time payment options because many banks were not connected to an instant settlement system, meaning their customers would not be able to use the product. NOW Network aims to connect to as many banks as possible to reach 100% of deposit accounts by combining its own network with RTP and FedNow. The instant pay-by-bank product will be available for online checkout on Walmart.com. The Bentonville, Arkansas-based retailer already has customers set up a profile when they shop online. If they opt to add pay-by-bank as a payment option on their profile, they will enter their bank login credentials to connect their account. Fiserv's AllData platform connects with their bank clients and vendors including Plaid, MX, Akoya and Finicity to link and authenticate consumer accounts. With this instant pay-by-bank product, consumers will avoid stacked pending transactions, which can open them up to the risk of overdraft or non-sufficient fund fees from their bank. "When the transaction processes as a real time payment, customers get immediate access to see that payment come through, I see it hit my account and I can properly budget," said Jamie Henry, vice president of emerging payments at Walmart. "It's not as if I've got this phantom payment out there that's going to take place a couple days down the road."

Joe_Dragon shares a report: Four more large Internet service providers told the US Supreme Court this week that ISPs shouldn't be forced to aggressively police copyright infringement on broadband networks. While the ISPs worry about financial liability from lawsuits filed by major record labels and other copyright holders, they also argue that mass terminations of Internet users accused of piracy "would harm innocent people by depriving households, schools, hospitals, and businesses of Internet access."

The legal question presented by the case "is exceptionally important to the future of the Internet," they wrote in a brief filed with the Supreme Court on Monday. The amici curiae brief was filed by Altice USA (operator of the Optimum brand), Frontier Communications, Lumen (aka CenturyLink), and Verizon. The brief supports cable firm Cox Communications' attempt to overturn its loss in a copyright infringement lawsuit brought by Sony. Cox petitioned the Supreme Court to take up the case last month.

Sony and other music copyright holders sued Cox in 2018, claiming it didn't adequately fight piracy on its network and failed to terminate repeat infringers. A US District Court jury in the Eastern District of Virginia ruled in December 2019 that Cox must pay $1 billion in damages to the major record labels. Cox won a partial victory when the US Court of Appeals for the 4th Circuit vacated the $1 billion verdict, finding that Cox wasn't guilty of vicarious infringement because it did not profit directly from infringement committed by users of its cable broadband network. But the appeals court affirmed the jury's finding of willful contributory infringement and ordered a new damages trial.

Coming soon: Amazon sellers duking it out on TV to get their wares prime placement at the world's largest online retailer. Think "Shark Tank" meets Home Shopping Network. From a report: The e-commerce giant plans to introduce a new competition show next month in which entrepreneurs pitch their products to a studio audience as well as to judges including Amazon executives and celebrities like Goop founder Gwyneth Paltrow and designer Christian Siriano. Finalists will have their inventions sold in a new Amazon "Buy It Now" online store, and the winner of each episode will earn $20,000.

The show is the retailer's latest attempt to marry content and commerce. Persuading consumers to shop through Internet-enabled televisions has long been a goal of traditional entertainment companies, but getting viewers to scan the QR code can be difficult. By creating shows that highlight its sellers and their products, Amazon has a better shot at getting viewers to shop -- especially younger audiences who are already doing this on apps like TikTok, said Bernstein analyst Mark Shmulik. "This feels more elegant than QR codes," Shmulik said of Amazon's new game show. Over the past few years, Amazon has introduced ads with QR codes in about 100 shows and movies, including "The Summer I Turned Pretty," "The Boys" and, more recently, NFL football games.

Late last month, Brazilian Justice Alexandre de Moraes ordered X to suspend operations in Brazil after a months-long dispute with X owner Elon Musk. The conflict centered on Musk's refusal to appoint a legal representative in the country and his refusal to take down disinformation and far-right accounts. However, on Wednesday, X bypassed the court-ordered block by utilizing third-party cloud services, allowing many Brazilian users to access the platform without the need for a virtual private network (VPN). From a report: The number of Brazilians accessing X is unknown, according to [Abrint, the Brazilian Association of Internet and Telecommunications Providers]. "I believe the change was probably intentional. Why would X use a third-party service that ends up being slower than its own?" said Basilio Perez, a board member at Abrint.

Any revised order from Brazil's national telecommunications agency Anatel, which is responsible for implementing the court ruling, will need to be more specific, because blocking cloud access is complex and may jeopardize government agencies and financial services providers, Perez said.

Anatel has identified the problem and is working to first notify content delivery network providers, followed by telecom companies to block access again to X in Brazil, according to a person familiar with the situation. The same person said it is not clear how long it will take for the providers to comply with the order...

In a statement tweeted from X's global government affairs account, the company said the restoration of service was an "inadvertent and temporary" side-effect of switching network providers.

The Register's Jessica Lyons reports: Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server. In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer. It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks; those with shadow IT deployments; and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.

This particular company, which Dwyer declined to name, makes components for public and private aerospace organizations and other critical sectors, including oil and gas. The intrusion has been attributed to an unnamed People's Republic of China team, whose motivation appears to be espionage and blueprint theft. It's worth noting the Feds have issued multiple security alerts this year about Beijing's spy crews including APT40 and Volt Typhoon, which has been accused of burrowing into American networks in preparation for destructive cyberattacks.

After discovering China's agents within its network in August, the manufacturer alerted local and federal law enforcement agencies and worked with government cybersecurity officials on attribution and mitigation, we're told. Binary Defense was also called in to investigate. Before being caught and subsequently booted off the network, the Chinese intruders uploaded a web shell and established persistent access, thus giving them full, remote access to the IT network -- putting the spies in a prime position for potential intellectual property theft and supply-chain manipulation. If a compromised component makes it out of the supply chain and into machinery in production, whoever is using that equipment or vehicle will end up feeling the brunt when that component fails, goes rogue, or goes awry.

"The scary side of it is: With our supply chain, we have an assumed risk chain, where whoever is consuming the final product -- whether it is the government, the US Department of the Defense, school systems â" assumes all of the risks of all the interconnected pieces of the supply chain," Dwyer told The Register. Plus, he added, adversarial nations are well aware of this, "and the attacks continually seem to be shifting left." That is to say, attempts to meddle with products are happening earlier and earlier in the supply-chain pipeline, thus affecting more and more victims and being more deep-rooted in systems. Breaking into a classified network to steal designs or cause trouble is not super easy. "But can I get into a piece of the supply chain at a manufacturing center that isn't beholden to the same standards and accomplish my goals and objectives?" Dwyer asked. The answer, of course, is yes. [...]

An anonymous reader shares a report: LinkedIn is using its users' data for improving the social network's generative AI products, but has not yet updated its terms of service to reflect this data processing, according to posts from various LinkedIn users and a statement from the company to 404 Media. Instead, the company says it will update its terms "shortly." The move is unusual in that LinkedIn appears to have gone ahead with training AI on its users' data, even creating a new option in its settings, without updating its terms of service, which is traditionally one of the main documents that can explain how users' data is collected or used.