An anonymous reader quotes a report from Ars Technica: A newly discovered zeroday in the widely used WinRAR file-compression program has been under exploit for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives. The vulnerability, residing in the way WinRAR processes the ZIP file format, has been under active exploit since April in securities trading forums, researchers from security firm Group IB reported Wednesday. The attackers have been using the vulnerability to remotely execute code that installs malware from families including DarkMe, GuLoader, and Remcos RAT. From there, the criminals withdraw money from broker accounts. The total amount of financial losses and total number of victims infected is unknown, although Group-IB said it has tracked at least 130 individuals known to have been compromised. WinRAR developers fixed the vulnerability, tracked as CVE-2023-38831, earlier this month. "By exploiting a vulnerability within this program, threat actors were able to craft ZIP archives that serve as carriers for various malware families," Group-IB Malware Analyst Andrey Polovinkin wrote. "Weaponized ZIP archives were distributed on trading forums. Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. This vulnerability has been exploited since April 2023."

It's recommended that you update to version 6.23 before using WinRAR again.

Namecheap, in a blog post: At Namecheap, we've consistently stood up for our users by challenging arbitrary domain price increases. As we approach another price increase for .COM and .XYZ domains this September, we wanted to ensure our customers are informed so you can continue to get the best value for your investments. All .COM domain renewals will see an approximate 9% increase. This price increase will happen across registrars, not just Namecheap. The new prices will take effect on September 1st. .XYZ domains will also experience a price increase.

We recommend our existing domain customers renew .COM domains before September to lock in the current rates for the coming year. Prospective registrants should likewise consider registering before the price increase to lock in existing prices. Alternatively, you might consider alternatives to .COM. Depending on the top-level domain, these options could be more budget-friendly

In a Thursday memo, Meta's "Head of People" told employees "that their managers would receive their badge data and that repeated violations of the new three-day-a-week requirement could cause workers to lose their jobs," writes SFGate (citing a report from Insider): In June, the Menlo Park-based firm announced its plan to require that most employees work from an office at least three days each week — it goes into effect Sept. 5... Meta confirmed the update to SFGATE... Goler's note on the return-to-office requirements, Insider reports, reads, "As with other company policies, repeated violations may result in disciplinary action, up to and including a Performance rating drop and, ultimately, termination if not addressed."

As for employees who are grandfathered into a remote work arrangement (the firm bars managers from opening more of these positions), the note lays down a strict policy: If remote employees consistently come into the office more than four times every two months outside major events, they'll be shifted to the three-day-a-week plan.

"We believe that distributed work will continue to be important in the future, particularly as our technology improves," a Meta spokesperson said in a statement sent to SFGATE. "In the near-term, our in-person focus is designed to support a strong, valuable experience for our people who have chosen to work from the office, and we're being thoughtful and intentional about where we invest in remote work."
The article notes that Mark Zuckerberg told The Verge in 2020 that Meta would become "the most forward-leaning company on remote work at our scale," speculating that half the company could be permanently remote within a decade.

"However, in 2023, which Zuckerberg dubbed Meta's 'year of efficiency,' employees have seen a remote-first culture melt away. In March, as the executive announced 10,000 layoffs on top of a huge cut in November, he wrote that early-career engineers do better when they're working in person at least three days a week."

Amazon held an all-hands meeting where Adam Selipsky, head of Amazon's cloud computing business, "wouldn't give employees any data to back up the decision to require workers to come back to the office," reports the Seattle Times.

"But he did have some stories to share, according to an Amazon Web Services employee who attended the all-hands meeting," with one anecdote highlighting "the serendipity" that can happen with a return to the office. For some Amazon employees, "serendipity" isn't enough. Workers who have asked the company to share data have been provided anecdotes and a consistent trope that innovation is more likely to happen in person. That has left some workers feeling demoralized, distracted and undervalued as they struggle to stay focused and motivated, according to interviews and internal communications shared with The Times. An Amazon manager, who is based on the East Coast and asked to speak anonymously to protect their job, said it is "dehumanizing," and feels as if leadership doesn't trust its employees to understand their reasoning. In Slack messages, employees anonymously posted that Amazon's decisions were "dystopian" and creating "just a horrible situation...."

The company declined requests from The Times to share any data points that factored into its decision to change the remote work policy. Amazon workers have been asking the company for more information since it announced the change in February. The mandate went into effect in May... Mike Hopkins, senior vice president at Prime Video and Amazon Studios, told employees at another all-hands meeting that the return to office is working, according to a copy of his remarks Amazon shared with The Times. "I don't have data to back it up, but I know it's better...." The East Coast-based manager said they've been less productive since returning to the office. Without any cubicles or assigned workspaces, there is no privacy, they said. Anyone can overhear your phone call or peek at your monitor...

Amazon contends the return has gone well, both for workers and the communities where it operates. In Seattle, Amazon's return to its South Lake Union campus has led to an 82% increase in foot traffic between May and July and an 86% increase in credit card transactions at restaurants in the neighborhood, according to data shared from Amazon.
"Some employees welcomed the return to office mandate, and told The Times they were looking forward to seeing co-workers in person, solidifying a distinction between work and home, and drumming up business for the shops and restaurants around Amazon's campus."

IBM's business research organization (the IBM Institute for Business Value), released results from a new global study. Its conclusion? "The world of work has changed compared to even six months ago." Executives surveyed estimate that 40% of their workforce will need to reskill as a result of implementing AI and automation over the next three years. That could translate to 1.4 billion of the 3.4 billion people in the global workforce, according to World Bank statistics. Respondents also report that building new skills for existing employees is a top talent issue.

Workers at all levels could feel the effects of generative AI, but entry-level employees are expected to see the biggest shift. Seventy-seven percent of executive respondents say entry-level positions are already seeing the effects of generative AI and that will intensify in the next few years. Only 22% of respondents report the same for executive or senior management roles.

AI can open up more possibilities for employees by enhancing their capabilities. In fact, 87% of executives surveyed believe employees are more likely to be augmented than replaced by generative AI. That varies across functions — 97% of executives think employees in procurement are more likely to be augmented than replaced, compared to 93% for employees in risk and compliance, 93% for finance, 77% for customer service and 73% for marketing...

With AI primed to take on more manual and repetitive tasks, employees surveyed report engaging in impactful work is the top factor they care about beyond compensation and job security — more important than flexible work arrangements, growth opportunities and equity. On top of that, nearly half of employees surveyed believe the work they do is far more important than who they work for or who they work with regularly...
ZDNet explains the report's methodology: To find answers to these questions, IBM pulled data from two prior studies, one survey of 3,000 C-level executives across 28 countries and another of 21,000 workers in 22 nations...

According to IBM IBV research, tech adopters who successfully reskill to adapt "technology-driven job changes report a revenue growth rate premium of 15% on average" and those who focus on AI "see a 36% higher revenue growth rate than their peers." "AI won't replace people — but people who use AI will replace people who don't," said IBM in the report.

The new skill paradigm shifts technical skills that were typically prioritized, such as proficiency in STEM, which was the most critical skill in 2016, to the least priority in 2023. The reason is that now tools like ChatGPT allow workers to do more with less knowledge, as noted by the report. Now there is a bigger emphasis on people skills such as team management, the ability to work effectively in team environments, the ability to communicate effectively, and the willingness to be adaptable to change, which all shifted to top the most critical skills required of the workforce in 2023.
The report ultimately suggests HR leaders redesign work and operating models "to shepherd their organizations into the future."

"Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary," reports Bleeping Computer.

"The move has generated a fair amount of push back among developers who worry about its future legal and technical implications, along with a potential for supply chain attacks, should the maintainer account publishing these binaries be compromised." According to the Rust package registry, crates.io, serde has been downloaded over 196 million times over its lifetime, whereas the serde_derive macro has scored more than 171 million downloads, attesting to the project's widespread circulation... The Serde ecosystem consists of data structures that know how to serialize and deserialize themselves along with data formats that know how to serialize and deserialize other things," states the project's website. Whereas, "derive" is one of its macros...

Some Rust developers request that precompiled binaries be kept optional and separate from the original "serde_derive" crate, while others have likened the move to the controversial code change to the Moq .NET project that sparked backlash. "Please consider moving the precompiled serde_derive version to a different crate and default serde_derive to building from source so that users that want the benefit of precompiled binary can opt-in to use it," requested one user. "Or vice-versa. Or any other solution that allows building from source without having to patch serde_derive... Having a binary shipped as part of the crate, while I understand the build time speed benefits, is for security reasons not a viable solution for some library users."

Users pointed out how the change could impact entities that are "legally not allowed to redistribute pre-compiled binaries, by their own licenses," specifically mentioning government-regulated environments.
The official response from Serde's maintainer: "The precompiled implementation is the only supported way to use the macros that are published in serde_derive. If there is implementation work needed in some build tools to accommodate it, someone should feel free to do that work (as I have done for Buck and Bazel, which are tools I use and contribute significantly to) or publish your own fork of the source code under a different name.

"Separately, regarding the commentary above about security, the best path forward would be for one of the people who cares about this to invest in a Cargo or crates.io RFC around first-class precompiled macros so that there is an approach that would suit your preferences; serde_derive would adopt that when available."

A critical vulnerability (CVE-2023-40477) has been patched in WinRAR, enabling remote attackers to execute arbitrary code by luring victims into opening a specially crafted RAR file. The severity rating is only 7.8 though due to user deception being necessary. BleepingComputer reports: The vulnerability was discovered by researcher "goodbyeselene" of Zero Day Initiative, who reported the flaw to the vendor, RARLAB, on June 8th, 2023. "The specific flaw exists within the processing of recovery volumes," reads the security advisory released on ZDI's site. "The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer."

RARLAB released WinRAR version 6.23 on August 2nd, 2023, effectively addressing CVE-2023-40477. Therefore, WinRAR users are strongly advised to apply the available security update immediately. Apart from the RAR4 recovery volumes processing code fix, version 6.23 addresses an issue with specially crafted archives leading to wrong file initiation, which is also considered a high-severity problem.

An anonymous reader quotes a report from BleepingComputer: Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich. FIDO2 is the second major version of the Fast IDentity Online authentication standard, and FIDO2 keys are used for passwordless authentication and as a multi-factor authentication (MFA) element. Google explains that a quantum-resistant FIDO2 security key implementation is a crucial step towards ensuring safety and security as the advent of quantum computing approaches and developments in the field follow an accelerating trajectory.

To protect against quantum computers, a new hybrid algorithm was created by combining the established ECDSA algorithm with the Dilithium algorithm. Dilithium is a quantum-resistant cryptographic signature scheme that NIST included in its post-quantum cryptography standardization proposals, praising its strong security and excellent performance, making it suitable for use in a wide array of applications. This hybrid signature approach that blends classic and quantum-resistant features wasn't simple to manifest, Google says. Designing a Dilithium implementation that's compact enough for security keys was incredibly challenging. Its engineers, however, managed to develop a Rust-based implementation that only needs 20KB of memory, making the endeavor practically possible, while they also noted its high-performance potential.

The hybrid signature schema was first presented in a 2022 paper (PDF) and recently gained recognition at the ACNS (Applied Cryptography and Network Security) 2023, where it won the "best workshop paper" award. This new hybrid implementation is now part of the OpenSK, Google's open-source security keys implementation that supports the FIDO U2F and FIDO2 standards. The tech giant hopes that its proposal will be adopted by FIDO2 as a new standard and supported by major web browsers with large user bases. The firm calls the application of next-gen cryptography at the internet scale "a massive undertaking" and urges all stakeholders to move quickly to maintain good progress on that front.

An anonymous reader shares a report: Google and some of its Chromebook partners decided to try making "gaming Chromebooks" a thing late last year. These machines included some gaming laptop features like configurable RGB keyboards and high refresh rate screens, but because they still used integrated GPUs, they were meant mostly for use with streaming services like Nvidia's GeForce Now and Microsoft's Xbox Cloud Gaming. But there were also apparently plans for some gaming Chromebooks with the power to play more games locally. Earlier this year, 9to5Google spotted developer comments earlier this year pointing to a Chromebook board (codenamed Hades) that would have included a dedicated GeForce RTX 4050 GPU like the one found in some Windows gaming notebooks. This board would have served as a foundation that multiple PC makers could have used to build Chromebooks. But these models apparently won't be seeing the light of day anytime soon. Developer comments spotted by About Chromebooks this week indicate that the Hades board (plus a couple of other Nvidia-equipped boards, Agah and Herobrine) has been canceled, which means that any laptops based on that board won't be happening.

Codeweavers took to its official forums today to announce the release of CrossOver 23.0.0, the new version of its software that aims to make emulating Windows software and games easier on macOS, Linux, and ChromeOS systems. From a report: CrossOver 23 has updated to Wine 8.0.1, and it's loaded with improvements across all its platforms. The most notable, though, is the addition of DirectX 12 support under macOS via VKD3D and MoltenVK. This marks the first time most Mac users have had access to software that relies on DirectX 12; previously, only DirectX 11 was supported, and that went for other software solutions like Parallels, too. This new release adds "initial support" for geometry shaders and transforms feedback on macOS Ventura. Codeweavers claims that will address a lot of problems with "missing graphics or black screens in-game" in titles like MechWarrior 5: Mercenaries, Street Fighter V, Tekken 7, and Octopath Traveler.

The White House ordered federal agencies to shore up their cybersecurity after agencies have lagged in implementing a key executive order President Joe Biden issued in 2021. From a report: Multiple federal departments and agencies have, as of the end of June, "failed to fully comply" with critical security practices prescribed by the executive order, "leaving the U.S. Government exposed to malicious cyber intrusions and undermining the example the Government must set for adequate cybersecurity practices," national security adviser Jake Sullivan said in a memo to Cabinet secretaries this week.

Sullivan asked senior officials from across the departments to ensure they achieve "full compliance" with the executive order's security requirements by the end of the year. His memo is addressed to agencies outside of the Pentagon. "This morning the National Security Advisor shared a memo with federal departments and agencies to ensure their cyber infrastructure is compliant with the President's Executive Order to improve the nation's cybersecurity," a National Security Council spokesperson told CNN. "As we've said, the Biden-Harris Administration has had a relentless focus on strengthening the cybersecurity of nation's most critical sectors since day one, and will continue to work to secure our cyber defenses."

A phishing campaign has targeted a notable energy company in the U.S., bypassing email security filters to slip malicious QR codes into inboxes. BleepingComputer reports: Roughly one-third (29%) of the 1,000 emails attributed to this campaign targeted a large US energy company, while the remaining attempts were made against firms in manufacturing (15%), insurance (9%), technology (7%), and financial services (6%). According to Cofense, who spotted this campaign, this is the first time that QR codes have been used at this scale, indicating that more phishing actors may be testing their effectiveness as an attack vector. Cofense did not name the energy company targeted in this campaign but categorized them as a "major" US-based company.

Cofense says the attack begins with a phishing email that claims the recipient must take action to update their Microsoft 365 account settings. The emails carry PNG or PDF attachments featuring a QR code the recipient is prompted to scan to verify their account. The emails also state that the target must complete this step in 2-3 days to add a sense of urgency. The threat actors use QR codes embedded in images to bypass email security tools that scan a message for known malicious links, allowing the phishing messages to reach the target's inbox.

To evade security, the QR codes in this campaign also use redirects in Bing, Salesforce, and Cloudflare's Web3 services to redirect the targets to a Microsoft 365 phishing page. Hiding the redirection URL in the QR code, abusing legitimate services, and using base64 encoding for the phishing link all help evade detection and get through email protection filters.

An anonymous reader quotes a report from Ars Technica: Home buyers, sellers, real estate agents, and listing websites throughout the US have been stymied for five days by a cyberattack on a California company that provides a crucial online service used to track home listings. The attack, which commenced last Wednesday, hit Rapottoni, a software and services provider that supplies Multiple Listing Services to regional real estate groups nationwide. Better known as MLS, it provides instant access to data on which homes are coming to the market, purchase offers, and sales of listed homes. MLS has become essential for connecting buyers to sellers and to the agents and listing websites serving them.

"If you're an avid online refresher on any real estate website, you may have noticed a real nosedive in activity the last couple of days," Peg King, a realty agent in California's Sonoma County, wrote in an email newsletter she sent clients on Friday. "Real estate MLS systems across the country have been unusable since Wednesday after a massive cyberattack against major MLS provider, Rapattoni Corporation. This means that real estate markets (like ours!) can't list new homes, change prices, mark homes as pending/contingent/sold, or list open houses."

While Rapattoni has referred to the incident as a cyberattack, it has been widely reported that the event is a ransomware attack, in which criminals gain unauthorized access to a victim's network, encrypt or download crucial data and demand payment in exchange for decrypting the data or promising not to publish it. Rapattoni has so far not said publicly what sort of attack shut it down or other details. Rapattoni has yet to say whether personal information has been compromised. [...] Not all regional listing services are affected because some use data vendors other than Rapattoni. The damage the outage is causing to agents, buyers, renters, and sellers could get worse unless services are restored in the next few days. On Sunday, Rapattoni wrote: "We are continuing to investigate the nature and scope of the cyberattack that has caused a system outage and we are working diligently to get systems restored as soon as possible. All technical resources at our disposal are continuing to work around the clock through the weekend until this matter is resolved. We still do not have an ETA at this time, but we will continue to update you and keep you informed of our efforts."

Long lines have formed at ATMs around Ireland tonight as a cash machine glitch is allowing customers to withdraw more cash than they have in their accounts. Independent.ie reports: The fault with the online app allows people who have no money in their account to transfer up to 500 euros into a Revolut account. Some people claimed they were able to get access to 1,000 eros, but the bank insisted the daily withdrawal limit is 500 euros. Once people use their Bank of Ireland app to transfer the funds to Revolut they can then withdraw the cash from the Revoult account through any ATM.

Huge queues at ATMs in Dublin, Limerick, Dundalk and other parts of the country were reported this evening as people took advantage of the screw-up to withdraw cash from their Revolut accounts. There were reports in Dundalk of gardai (the state police force of the Irish Republic) having to control crowds at ATMs in the town. The frenzied withdrawal of cash was despite warnings on social media that there is no such thing as free cash and the money will have to be repaid. The bank said in a statement: "We are working on a technical issue that is impacting a number of our services including our mobile app and 365Online. We are working to fix this as quickly as possible and apologize to customers for any inconvenience caused."

"We would like to remind customers that if they transfer or withdraw funds -- including over their normal limits -- this money will be debited from their account," the bank added. "While we are conscious customers may not be able to check their balance at this time, they should not withdraw or transfer funds if they are likely to become overdrawn."

US Representative Don Bacon said he is among those whose emails were hacked in an espionage campaign that Microsoft has attributed to China. From a report:Bacon, a Republican from Nebraska and a strong advocate for US military support to Taiwan, posted on social media that the FBI had notified him that the Chinese Communist Party hacked into his personal and campaign emails over the course of a month, from May 15 to June 16. "The CCP hackers utilized a vulnerability in the Microsoft software, and this was not due to 'user error,'" he wrote on X, the social media platform formerly known as Twitter.

Bacon, a member of the House Armed Services Committee, received an email from Microsoft indicating he may have been hacked and advising him to change his password on June 16, according to Maggie Sayers, Bacon's press secretary. She said that following subsequent notification from the FBI that he had been hacked, Bacon determined emails relating to political strategy, fundraising and personal banking information may have been breached. As a former US Air Force intelligence officer, he is careful to avoid writing sensitive emails relating to China and Taiwan, she said.

Long-time Slashdot reader destinyland shares a report from BleepingComputer: The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members. Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service's Discord server, with over 14,000 members.

Yesterday, a person known as 'Akhirah' began offering the Discord.io database for sale on the new Breached hacking forums. As proof of the theft, the threat actor shared four user records from the database. The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID. "This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address," Discord.io explained about the leaking of Discord IDs.

Some iPhone 14 and iPhone 14 Pro owners have complaints reminiscent of the bad old days of "batterygate," reporting that with less than a year of service on the clock, their phones are already reporting more battery degradation than expected. From a report: Sam Kohl of AppleTrack tweeted in July that his iPhone 14 Pro had already dropped to a maximum capacity of 90 percent, a much faster dropoff than previous iPhones he'd owned, and the thread shows many other people with the same experience. Kohl followed up with a video posted yesterday about the issue, saying it makes it hard for him to recommend the phone, especially considering how much it costs with a price of $999.

Officially, Apple says iPhone batteries should "retain up to 80 percent of its original capacity at 500 complete charge cycles." The iPhone 15 series is expected to launch soon, and recent rumors have claimed those devices will see a battery size increase of 10 - 18 percent compared to current devices. He's not the only one seeing these kinds of numbers. Verge alum and Wall Street Journal senior tech columnist Joanna Stern wrote in her newsletter just this week that her iPhone 14 Pro is showing 88 percent battery capacity. Around The Verge, reports are mixed, with two 14 Pros down to 93 and 91 percent and another at 97 percent. In previous years, most haven't seen a drop in reported capacity until two years of use, at least.

An anonymous reader quotes a report from TechCrunch: Millions of Americans had their sensitive medical and health information stolen after hackers exploiting a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM. Colorado's Department of Health Care Policy and Financing (HCPF), which is responsible for administering Colorado's Medicaid program, confirmed on Friday that it had fallen victim to the MOVEit mass-hacks, exposing the data of more than four million patients.

In a data breach notification (PDF) to those affected, Colorado's HCPF said that the data was compromised because IBM, one of the state's vendors, "uses the MOVEit application to move HCPF data files in the normal course of business." The letter states that while no HCPF or Colorado state government systems were affected by this issue, "certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor." These files include patients' full names, dates of birth, home addresses, Social Security numbers, Medicaid and Medicare ID numbers, income information, clinical and medical data including lab results and medication, and health insurance information. HCPF says about 4.1 million individuals are affected.

IBM has yet to publicly confirm that it was affected by the MOVEit mass-hacks, and an IBM spokesperson did not respond to a request for comment by TechCrunch. The breach of IBM's MOVEit systems also impacted Missouri's Department of Social Services (DSS), though the number of affected individuals is not yet known. More than six million people live in Missouri state. In a data breach notification posted last week, Missouri's DSS said: "IBM is a vendor that provides services to DSS, the state agency that provides Medicaid services to eligible Missourians. The data vulnerability did not directly impact any DSS systems, but impacted data belonging to DSS." DSS says that the data accessed may include an individual's name, department client number, date of birth, possible benefit eligibility status or coverage, and medical claims information.

A bomb threat against Caesars Forum, the main venue for this week's DEF CON hacking convention, led to the halls being cleared on Saturday evening and the building searched by fire crews and police officers. The Register reports: The timing was very bad, coming in the evening of the main party night for the event. The conference Goons, the red-shirted volunteers who serve as guides and organizers, were praised by attendees for managing the evacuation with aplomb, but when it became clear that the search for the suspect device was going to be hard to find, the DEC CON team cancelled the evening's festivities at Caesars, to the disappointment of thousands.

"Last night we were asked to evacuate the building due to a report of a suspicious package. Local police and fire departments conducted a thorough investigation and ultimately determined that the package was safe," the organizers said. "They also conducted additional sweeps of the building as a precaution before allowing our team to return and prepare for today's con. We are working quickly to keep the original schedule on track, but please check here for additional updates before arriving at DEF CON." The event kicked off on August 10 and wrapped up by August 13.

Presumably the hoax caller thought of themselves as a merry prankster, rather than the selfish idiot who ruined everyone's night - particularly the timing for those in the Track Four hall who were enjoying 2001: A Space Odyssey and who were forced to miss the crucial last 10 minutes of the movie. While tricks and pranks are something of a tradition, they only get respect if they are clever and intricate, not some fool showing they could use a telephone. It's not like security at the show wasn't heavy enough. The event was patrolled regularly by security guards in body armor with handguns, tasers, the occasional police dog, and a host of other equipment that was a bit of an overkill for a bunch of peaceable hackers. Dubbed by some as "Gravy SEALs," by the end of the show they were visibly warming up, and this hack saw several of them accepting stickers from attendees.

In 2015, popular Grand Theft Auto V mod FiveM was banned by Rockstar after the gaming giant alleged that FiveM's work "contains code designed to facilitate piracy." Eight years later, Rockstar is taking a decidedly different tone in announcing that Cfx.re -- the mod team behind FiveM and a similar mod for Red Dead Redemption 2 -- is now "officially a part of Rockstar Games." ArsTechnica: With no apparent sense of irony, Rockstar said in a Friday blog post announcing the acquisition that it has "watched with excitement as Rockstar's creative community have found new ways to expand the possibilities of Grand Theft Auto V and Red Dead Redemption 2, particularly through the creation of dedicated roleplay servers."

But that statement ignores the distinct lack of excitement Rockstar exhibited when it barred the Rockstar Social Club accounts of many FiveM modders and others associated with promoting the project back in 2015. "Our policy on such violations of our terms of service are clear, and the individuals involved in its creation have had their Social Club accounts suspended," the company said at the time.