More than 100 smart irrigation systems were left exposed online without a password last month, allowing anyone to access and tamper with water irrigation programs for crops, tree plantations, cities, and building complexes. From a report: The exposed irrigation systems were discovered by Security Joes, a small boutique security firm based in Israel. All were running ICC PRO, a top-shelf smart irrigation system designed by Motorola for use with agricultural, turf, and landscape management. Security Joes co-founder Ido Naor told ZDNet last month that companies and city officials had installed ICC PRO systems without changing default factory settings, which don't include a password for the default account. Naor says the systems could be easily identified online with the help of IoT search engines like Shodan. Once attackers locate an internet-accessible ICC PRO system, Naor says all they have to do is type in the default admin username and press Enter to access a smart irrigation control panel. Here, Naor says attackers can pause or stop watering events, change settings, control the water quantity and pressure delivered to pumps, or lock irrigation systems by deleting users.

Read more of this story at Slashdot.

A Georgia county has reverted to matching some absentee ballot signatures to paper backups, rather than an online system, after a ransomware infection spread to part of its election department. From a report: Poll workers in Hall County have since caught up on a backlog of absentee ballots, state officials said, and said there's no danger of the ransomware extending to systems used to cast or count votes. But the infection is the first known example in the 2020 general election of opportunistic criminal hackers incidentally slowing the broader election process, something that federal cybersecurity officials have warned is a strong possibility. But the attack does not indicate any broad effort to tamper with U.S. voting or show systemic vulnerabilities to the U.S. election system. "They switched over to their paper backups, which is required of them," said Jordan Fuchs, Georgia's deputy secretary of state. "It took a little bit of work on their part -- I think they had 11 days of catch-up to do -- and they completed their task," she said.

Read more of this story at Slashdot.

After the U.S. unveiled charges against six members of the Sandworm unit in Russia's military intelligence agency, Wired re-visited "a secret experiment in 2007 proved that hackers could devastate power grid equipment beyond repair — with a file no bigger than a gif." It's an excerpt from the new book SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers which also remembers the late industrial control systems security pioneer Mike Assante: Among [Sandworm's] acts of cyberwar was an unprecedented attack on Ukraine's power grid in 2016, one that appeared designed to not merely cause a blackout, but to inflict physical damage on electric equipment. And when one cybersecurity researcher named Mike Assante dug into the details of that attack, he recognized a grid-hacking idea invented not by Russian hackers, but by the United State government, and tested a decade earlier... [S]creens showed live footage from several angles of a massive diesel generator. The machine was the size of a school bus, a mint green, gargantuan mass of steel weighing 27 tons, about as much as an M3 Bradley tank. It sat a mile away from its audience in an electrical substation, producing enough electricity to power a hospital or a navy ship and emitting a steady roar. Waves of heat coming off its surface rippled the horizon in the video feed's image. Assante and his fellow Idaho National Laboratory researchers had bought the generator for $300,000 from an oil field in Alaska. They'd shipped it thousands of miles to the Idaho test site, an 890-square-mile piece of land where the national lab maintained a sizable power grid for testing purposes, complete with 61 miles of transmission lines and seven electrical substations. Now, if Assante had done his job properly, they were going to destroy it. And the assembled researchers planned to kill that very expensive and resilient piece of machinery not with any physical tool or weapon but with about 140 kilobytes of data, a file smaller than the average cat GIF shared today on Twitter.... Protective relays are designed to function as a safety mechanism to guard against dangerous physical conditions in electric systems. If lines overheat or a generator goes out of sync, it's those protective relays that detect the anomaly and open a circuit breaker, disconnecting the trouble spot, saving precious hardware, even preventing fires... But what if that protective relay could be paralyzed — or worse, corrupted so that it became the vehicle for an attacker's payload...? Black chunks began to fly out of an access panel on the generator, which the researchers had left open to watch its internals. Inside, the black rubber grommet that linked the two halves of the generator's shaft was tearing itself apart. A few seconds later, the machine shook again as the protective relay code repeated its sabotage cycle, disconnecting the machine and reconnecting it out of sync. This time a cloud of gray smoke began to spill out of the generator, perhaps the result of the rubber debris burning inside it... The engineers had just proven without a doubt that hackers who attacked an electric utility could go beyond a temporary disruption of the victim's operations: They could damage its most critical equipment beyond repair... Assante also remembers feeling something weightier in the moments after the Aurora experiment. It was a sense that, like Robert Oppenheimer watching the first atomic bomb test at another U.S. national lab six decades earlier, he was witnessing the birth of something historic and immensely powerful. "I had a very real pit in my stomach," Assante says. "It was like a glimpse of the future."

Read more of this story at Slashdot.

A hacking group is donating stolen money to charity in what is seen as a mysterious first for cyber-crime that's puzzling experts. smooth wombat writes: Darkside hackers claim to have extorted millions of dollars from companies, but say they now want to "make the world a better place." In a post on the dark web, the gang posted receipts for $10,000 in Bitcoin donations to two charities. One of them, Children International, says it will not be keeping the money. The move is being seen as a strange and troubling development, both morally and legally. In the blog post on 13 October, the hackers claim they only target large profitable companies with their ransomware attacks. The attacks hold organisations' IT systems hostage until a ransom is paid. They wrote: "We think that it's fair that some of the money the companies have paid will go to charity. No matter how bad you think our work is, we are pleased to know that we helped changed someone's life. Today we sended (sic) the first donations." The cyber-criminals posted the donation along with tax receipts they received in exchange for the 0.88 Bitcoin they had sent to two charities, The Water Project and Children International.

Read more of this story at Slashdot.

Google's Nest Secure alarm system, which was discussed on Slashdot for featuring an unlisted, disabled microphone, has been discontinued by Google, though it will continue functioning. Android Police reports: Google released the Nest Guard in 2017 as a simple security system with motion sensors and a keypad, but it never received an upgrade, even as other Nest devices were updated again and again. The product page for the Nest Guard on the Google Store was updated last week with a 'No longer available' message, possibly indicating it had been discontinued. Google later confirmed to Android Police that the Nest Guard will no longer be sold, but it will continue to work for people who have already bought it.

Read more of this story at Slashdot.

The US Department of Justice has unsealed charges today against six Russian nationals believed to be part of one of Russia's most elite and secretive hacking groups, universally known as Sandworm. From a report: US officials said all six nationals are officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the Russian Army, DOJ officials said today. Under orders from the Russian government, US officials said the six (believed to be part of a much larger group) conducted cyber-attacks on behalf of the Russian government with the intent to destabilize other countries, interfere in their internal politics, and cause havoc and monetary losses. Their attacks span the last decade and include some of the biggest cyber-attacks known to date: Ukrainian Government & Critical Infrastructure (between December 2015 to December 2016), French Elections (April and May 2017), Worldwide Businesses and Critical Infrastructure (aka NotPetya; June 2017), PyeongChang Winter Olympics Hosts, Participants, Partners, and Attendees (December 2017 through February 2018), PyeongChang Winter Olympics IT Systems (aka Olympic Destroyer; 2017 through February 2018), Novichok Poisoning Investigations (April 2018), and Georgian Companies and Government Entities (a 2018 spearphishing campaign targeting a major media company, 2019 efforts to compromise the network of Parliament, and a wide-ranging website defacement campaign in 2019.)

Read more of this story at Slashdot.

"Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code," reports ZDNet. "According to advisories from the npm security team, the three JavaScript libraries opened shells on the computers of developers who imported the packages into their projects." The shells, a technical term used by cyber-security researchers, allowed threat actors to connect remotely to the infected computer and execute malicious operations. The npm security team said the shells could work on both Windows and *nix operating systems, such as Linux, FreeBSD, OpenBSD, and others. All three packages were uploaded on the npm portal in May (first) and September 2018 (last two). Each package had hundreds of downloads since being uploaded on the npm portal. The packages names were: plutov-slack-client nodetest199 nodetest1010 "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer," the npm security team said.

Read more of this story at Slashdot.

nickwinlund77 quotes a New York Times opinion piece: In March, several cybercrime groups rushed to reassure people that they wouldn't target hospitals and other health care facilities during the Covid-19 pandemic. The operators of several prominent strains of ransomware all announced they would not target hospitals, and some of them even promised to decrypt the data of health care organizations for free if one was accidentally infected by their malware. But any cybersecurity strategy that relies on the moral compunctions of criminals is doomed to fail, particularly when it comes to protecting the notoriously vulnerable computer systems of hospitals. So it's no surprise that Universal Health Services was hit by ransomware late last month, affecting many of its more than 400 health care facilities across the United States and Britain. Or that clinical trials for a Covid-19 vaccine have been held up by a similar ransomware attack disclosed in early October. Or that loose-knit coalitions of volunteers all over the world are working around the clock to try to protect the computer systems of hospitals that are already straining under the demands of providing patient care during a global pandemic. In the midst of the Covid-19 pandemic, the potential consequences of these cyberattacks are terrifying. Hospitals that have lost access to their databases or had their networks infected by ransomware may not be able to admit patients in need of care or may take longer to provide those patients with the treatment they need, if they switch to relying on paper records... Every hospital and clinic should be re-evaluating their computer networks right now and ramping up the protections they have in place to prevent their services from being interrupted by malware or their sensitive patient data from being stolen.

Read more of this story at Slashdot.

A ransomware gang going by the of Egregor has leaked data it claims to have obtained from the internal networks of two of today's largest gaming companies -- Ubisoft and Crytek. An anonymous reader writes: Data allegedly taken from each company has been published on the ransomware gang's dark web portal on Tuesday. Details about how the Egregor gang obtained the data remain unclear. Ransomware gangs like Egregor regularly breach companies, steal their data, encrypt files, and ask for a ransom to decrypt the locked data. However, in many incidents, ransomware gangs are also get caught and kicked out of networks during the data exfiltration process, and files are never encrypted. Nevertheless, they still extort companies, asking victims for money to not leak sensitive files. Usually, when negotiations break down, ransomware gangs post a partial leak of the stolen files on so-called leak sites. On Tuesday, leaks for both Crytek and Ubisoft were posted on the Egregor portal at the same time, with threats from the ransomware crew to leak more files in the coming days.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Google and Intel are warning of a high-severity Bluetooth flaw in all but the most recent version of the Linux Kernel. While a Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information. The flaw resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. Besides Linux laptops, it's used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later. So far, little is known about BleedingTooth, the name given by Google engineer Andy Nguyen, who said that a blog post will be published "soon." A Twitter thread and a YouTube video provide the most detail and give the impression that the bug provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth. Intel, meanwhile, has issued this bare-bones advisory that categorizes the flaw as privilege-escalation or information-disclosure vulnerability. The advisory assigned a severity score of 8.3 out of a possible 10 to CVE-2020-12351, one of three distinct bugs that comprise BleedingTooth. "Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure," the advisory states. "BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities." Intel, which is a primary contributor to the BlueZ open source project, said that the most effective way to patch the vulnerabilities is to update to Linux kernel version 5.9, which was published on Sunday. Those who can't upgrade to version 5.9 can install a series of kernel patches the advisory links to. Maintainers of BlueZ didn't immediately respond to emails asking for additional details about this vulnerability. Ars Technica points out that since BleedingTooth requires proximity to a vulnerable device, there's not much reason for people to worry about this vulnerability. "It also requires highly specialized knowledge and works on only a tiny fraction of the world's Bluetooth devices," it adds.

Read more of this story at Slashdot.

The Xplora 4 smartwatch, made by Chinese outfit Qihoo 360 Technology Co, and marketed to children under the Xplora brand in the US and Europe, can covertly take photos and record audio when activated by an encrypted SMS message, says Norwegian security firm Mnemonic. The Register reports: This backdoor is not a bug, the finders insist, but a deliberate, hidden feature. Around 350,000 watches have been sold so far, Xplora says. Exploiting this security hole is non-trivial, we note, though it does reveal the kind of remotely accessible stuff left in the firmware of today's gizmos. "The backdoor itself is not a vulnerability," said infosec pros Harrison Sand and Erlend Leiknes in a report on Monday. "It is a feature set developed with intent, with function names that include remote snapshot, send location, and wiretap. The backdoor is activated by sending SMS commands to the watch." The researchers suggest these smartwatches could be used to capture photos covertly from its built-in camera, to track the wearer's location, and to conduct wiretapping via the built-in mic. They have not claimed any such surveillance has actually been done. The watches are marketed as a child's first phone, we're told, and thus contain a SIM card for connectivity (with an associated phone number). Parents can track the whereabouts of their offspring by using an app that finds the wearer of the watch. Xplora contends the security issue is just unused code from a prototype and has now been patched. But the company's smartwatches were among those cited by Mnemonic and Norwegian Consumer Council in 2017 for assorted security and privacy concerns. With the appropriate Android intent, an incoming encrypted SMS message received by the Qihoo SMS app could be directed through the command dispatcher in the Persistent Connection Service to trigger an application command, like a remote memory snapshot. Exploiting this backdoor requires knowing the phone number of the target device and its factory-set encryption key. This data is available to those to Qihoo and Xplora, according to the researchers, and can be pulled off the device physically using specialist tools. This basically means ordinary folks aren't going to be hacked, either by the manufacturer under orders from Beijing or opportunistic miscreants attacking gizmos in the wild, though it is an issue for persons of interest. It also highlights the kind of code left lingering in mass-market devices.

Read more of this story at Slashdot.

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside. From a report: In general, the jailbreak community haven't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the T2 chip, launched in 2017, created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass. On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to run Linux on the T2 or play Doom on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like System Integrity Protection and Secure Boot and install malware. Combined with another T2 vulnerability that was publicly disclosed in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain FileVault encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware. "The T2 is meant to be this little secure black box in Macs -- a computer inside your computer, handling things like Lost Mode enforcement, integrity checking, and other privileged duties," says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. "So the significance is that this chip was supposed to be harder to compromise -- but now it's been done."

Read more of this story at Slashdot.

The Washington Post reports: In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world's largest botnet — one used also to drop ransomware, which officials say is one of the top threats to the 2020 election. U.S. Cyber Command's campaign against the Trickbot botnet, an army of at least 1 million hijacked computers run by Russian-speaking criminals, is not expected to permanently dismantle the network, said four U.S. officials, who spoke on the condition of anonymity because of the matter's sensitivity. But it is one way to distract them at least for a while as they seek to restore operations. U.S. Cyber Command also "stuffed millions of bogus records about new victims into the Trickbot database — apparently to confuse or stymie the botnet's operators," reports security researcher Brian Krebs: Alex Holden, chief information security officer and president of Milwaukee-based Hold Security, has been monitoring Trickbot activity before and after the 10-day operation. Holden said while the attack on Trickbot appears to have cut its operators off from a large number of victim computers, the bad guys still have passwords, financial data and reams of other sensitive information stolen from more than 2.7 million systems around the world. Holden said the Trickbot operators have begun rebuilding their botnet, and continue to engage in deploying ransomware at new targets. "They are running normally and their ransomware operations are pretty much back in full swing," Holden said. "They are not slowing down because they still have a great deal of stolen data." Holden added that since news of the disruption first broke a week ago, the Russian-speaking cybercriminals behind Trickbot have been discussing how to recoup their losses, and have been toying with the idea of massively increasing the amount of money demanded from future ransomware victims.

Read more of this story at Slashdot.

Airliners carry a variety of computer systems that could become vulnerable to hackers and U.S. regulators haven't imposed adequate counter measures, a government watchdog report concluded. From a report: The Federal Aviation Administration hasn't prioritized cyber risks, developed a cybersecurity training program or conducted testing of potentially vulnerable systems, the Government Accountability Office said in a report issued Friday. "Until FAA strengthens its oversight program, based on assessed risks, it may not be able to ensure it is providing sufficient oversight to guard against evolving cybersecurity risks facing avionics systems in commercial airplane," the GAO report said. Commercial aircraft carry increasingly sophisticated computer systems, including wireless networks, seat-back entertainment, position broadcasts and devices that automatically transmit data to the ground.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: For months, Apple's corporate network was at risk of hacks that could have stolen sensitive data from potentially millions of its customers and executed malicious code on their phones and computers, a security researcher said on Thursday. Sam Curry, a 20-year-old researcher who specializes in website security, said that, in total, he and his team found 55 vulnerabilities. He rated 11 of them critical because they allowed him to take control of core Apple infrastructure and from there steal private emails, iCloud data, and other private information. Apple promptly fixed the vulnerabilities after Curry reported them over a three-month span, often within hours of his initial advisory. The company has so far processed about half of the vulnerabilities and committed to paying $288,500 for them. Once Apple processes the remainder, Curry said, the total payout might surpass $500,000. "If the issues were used by an attacker, Apple would've faced massive information disclosure and integrity loss," Curry said in an online chat a few hours after posting a 9,200-word writeup titled We Hacked Apple for 3 Months: Here's What We Found. "For instance, attackers would have access to the internal tools used for managing user information and additionally be able to change the systems around to work as the hackers intend." An Apple representative issued a statement that said: "At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats. As soon as the researchers alerted us to the issues they detail in their report, we immediately fixed the vulnerabilities and took steps to prevent future issues of this kind. Based on our logs, the researchers were the first to discover the vulnerabilities so we feel confident no user data was misused. We value our collaboration with security researchers to help keep our users safe and have credited the team for their assistance and will reward them from the Apple Security Bounty program."

Read more of this story at Slashdot.

Brian Krebs writes via KrebsOnSecurity.com: There's an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today's attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. One of the most common ways such access is monetized these days is through ransomware, which holds a victim's data and/or computers hostage unless and until an extortion payment is made. But in most cases, there is a yawning gap of days, weeks or months between the initial intrusion and the deployment of ransomware within a victim organization. That's because it usually takes time and a good deal of effort for intruders to get from a single infected PC to seizing control over enough resources within the victim organization where it makes sense to launch the ransomware. This includes pivoting from or converting a single compromised Microsoft Windows user account to an administrator account with greater privileges on the target network; the ability to sidestep and/or disable any security software; and gaining the access needed to disrupt or corrupt any data backup systems the victim firm may have. Each day, millions of malware-laced emails are blasted out containing booby-trapped attachments. If the attachment is opened, the malicious document proceeds to quietly download additional malware and hacking tools to the victim machine. From there, the infected system will report home to a malware control server operated by the spammers who sent the missive. At that point, control over the victim machine may be transferred or sold multiple times between different cybercriminals who specialize in exploiting such access. These folks are very often contractors who work with established ransomware groups, and who are paid a set percentage of any eventual ransom payments made by a victim company.

Read more of this story at Slashdot.

A security flaw in a hi-tech chastity belt for men made it possible for hackers to remotely lock all the devices in use simultaneously. The BBC reports: Qiui's Cellmate Chastity Cage is sold online for about $190 and is marketed as a way for owners to give a partner control over access to their body. Pen Test Partners believe about 40,000 devices have been sold based on the number of IDs that have been granted by its Guangdong-based creator. The cage wirelessly connects to a smartphone via a Bluetooth signal, which is used to trigger the device's lock-and-clamp mechanism. But to achieve this, the software relies on sending commands to a computer server used by the manufacturer. The security researchers said they discovered a way to fool the server into disclosing the registered name of each device owner, among other personal details, as well as the co-ordinates of every location from where the app had been used. In addition, they said, they could reveal a unique code that had been assigned to each device. These could be used to make the server ignore app requests to unlock any of the identified chastity toys, they added, leaving wearers locked in. The sex toy's app has been fixed by its Chinese developer after a team of UK security professionals flagged the bug. They have also published a workaround. This could be useful to anyone still using the old version of the app who finds themselves locked in as a result of an attacker making use of the revelation. Any other attempt to cut through the device's plastic body poses a risk of harm.

Read more of this story at Slashdot.

A software company supporting hundreds of clinical trials — including coronavirus vaccine trials — has been hit by a ransomware attack that "has slowed some of those trials over the past two weeks," reports the New York Times. Employees "discovered that they were locked out of their data by ransomware..." eResearchTechnology (ERT) said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper. Among those hit were IQVIA, the contract research organization helping manage AstraZeneca's Covid vaccine trial, and Bristol Myers Squibb, the drugmaker leading a consortium of companies to develop a quick test for the virus. ERT has not said how many clinical trials were affected, but its software is used in drug trials across Europe, Asia and North America. It was used in three-quarters of trials that led to drug approvals by the Food and Drug Administration last year, according to its website. On Friday, Drew Bustos, ERT's vice president of marketing, confirmed that ransomware had seized its systems on September 20. As a precaution, Mr. Bustos said, the company took its systems offline that day, called in outside cybersecurity experts and notified the Federal Bureau of Investigation. "Nobody feels great about these experiences, but this has been contained," Mr. Bustos said. He added that ERT was starting to bring its systems back online on Friday and planned to bring remaining systems online over the coming days... One of ERT's clients, IQVIA, said it had been able to limit problems because it had backed up its data. Bristol Myers Squibb also said the impact of the attack had been limited, but other ERT customers had to move their clinical trials to move to pen and paper. The Times notes it's just one of "more than a thousand ransomware attacks on American cities, counties and hospitals over the past 18 months." Other interesting details from the article: ERT's vice president of marketing "declined to say whether the company paid its extortionists, as so many companies hit by ransomware now do." The attack follows what NBC News calls "one of the largest medical cyberattacks in United States history," taking down the computer systems of Universal Health Services at over 400 locations. "In May, the FBI and the Department of Homeland Security warned that Chinese government spies were actively trying to steal American clinical research through cybertheft... More than a dozen countries have redeployed military and intelligence hackers to glean what they can about other nations' responses, according to security researchers." Two companies working on a coronavirus vaccine — Pfizer and Johnson & Johnson — emphasized to the Times that they weren't affected by ERT's issues, with a Pfizer spokesperson stressing they're not even using ERT's software.

Read more of this story at Slashdot.

According to a Netflix support document, an Apple T2 Security chip is required to stream Netflix in 4K HDR on a Mac. "What that hardware requirement means is that only recent Macs have the ability to play UHD content from Netflix," reports Engadget. From the report: Here's the full list of T2-equipped Macs: 2018 or later MacBook Pro, 2018 or later MacBook Air, 2018 Mac mini, 2019 Mac Pro, iMac Pro and 2020 iMac. If you're not sure whether your Mac has the necessary hardware, you can find out by following the steps Apple details on its website. The Verge suggests the requirement could have something to do with the T2 chip's ability to process HEVC encoded videos. On its webpage for the iMac, Apple says the coprocessor can transcode HEVC video up to twice as fast as its previous generation T1 chip. If Netflix is encoding streams using HEVC, that could explain the requirement. Whatever the case, we've reached out to both Apple and Netflix for more information, and we'll update this article when we hear back from them. There are some other requirements too. In addition to having a T2-equipped Mac, you'll need macOS Big Sur, a Premium Netflix subscription, and the Safari browser -- other browsers will limit you to 720p on a Mac.

Read more of this story at Slashdot.

Krebs on Security: Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. In its advisory, the Treasury's Office of Foreign Assets Control (OFAC) said "companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations." As financial losses from cybercrime activity and ransomware attacks in particular have skyrocketed in recent years, the Treasury Department has imposed economic sanctions on several cybercriminals and cybercrime groups, effectively freezing all property and interests of these persons (subject to U.S. jurisdiction) and making it a crime to transact with them. A number of those sanctioned have been closely tied with ransomware and malware attacks, including the North Korean Lazarus Group; two Iranians thought to be tied to the SamSam ransomware attacks; Evgeniy Bogachev, the developer of Cryptolocker; and Evil Corp, a Russian cybercriminal syndicate that has used malware to extract more than $100 million from victim businesses.

Read more of this story at Slashdot.