An anonymous reader quotes a report from TechCrunch: U.S. government services contracting giant Maximus has confirmed that hackers exploiting a vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals. Virginia-based Maximus contracts with federal, state and local governments to manage and administer government-sponsored programs, such as Medicaid, Medicare, healthcare reform and welfare-to-work. In an 8-K filing on Wednesday, Maximus confirmed that the personal information of a "significant number" of individuals was accessed by hackers exploiting a zero-day vulnerability in MOVEit Transfer, which the organization uses to "share data with government customers pertaining to individuals who participate in various government programs."

While Maximus hasn't yet been able to confirm the exact number of individuals impacted -- something the company expects to take "several more weeks" -- the organization said it believes hackers accessed the personal data, including Social Security numbers and protected health information, of "at least" 8 to 11 million individuals. If the latter, this would make the breach the largest breach of healthcare data this year -- and the most significant data breach reported as a result of the MOVEit mass-hacks. Maximus has not confirmed which specific types of health data were accessed and has not responded to TechCrunch's questions. In its 8-K filing, the company said it began notifying impacted customers and federal and state regulators, adding that it expects the security incident to cost approximately $15 million to investigate and remediate. Clop, the Russia-linked data extortion group responsible for the MOVEit mass-hacks, claims to have stolen 169 gigabytes of data from Maximus, which it has not yet published. The report notes that "more than 500 organizations have so far been impacted by the MOVEit mass-hacks, exposing the personal information of more than 34.5 million people."

An anonymous reader quotes a report from TorrentFreak: The Electronic Frontier Foundation will award Alexandra Elbakyan, founder of the 'pirate' library Sci-Hub, for her efforts to provide access to scientific knowledge. According to EFF, Elbakyan's site is a vital resource for millions of students and researchers. Some medical professionals have even argued that the site helped to save lives. [...] "When I was working on my research project, I found out that all research papers I needed for work were paywalled. I was a student in Kazakhstan at the time and our university was not subscribed to anything," Alexandra told TorrentFreak years ago. Today, Sci-Hub continues to tear down academic paywalls but that comes at a cost. Sci-Hub has been sued several times and owes millions in damages to major publishers. In addition, Elbakyan also drew the attention of the FBI. Instead of throwing in the towel, Sci-Hub's founder continues to defend her ideals. They're a thorn in the side of major publishers, but on the other side of the debate, Elbakyan reaps praise.

This week, the Electronic Frontier Foundation (EFF) announced that Sci-Hub's founder will receive an award for her accomplishments in advancing access to scientific knowledge. EFF's awards are presented to people who have taken a leading role in the fight for freedom and innovation online. The previous winners include Internet pioneer Vint Cerf, Linux creator Linus Torvalds, and whistleblower Chelsea Manning. According to EFF, Elbakyan deserves the award as her life's work enables millions of people to access scientific knowledge that would otherwise exist beyond their financial reach. EFF also highlights that Elbakyan's work helps to challenge the current academic publishing system, where researchers are used as unpaid workhorses. "Sci-Hub is used by millions of students, researchers, medical professionals, journalists, inventors, and curious people all over the world, many of whom provide feedback saying they are grateful for this access to knowledge," said the EFF.

"Some medical professionals have said Sci-Hub helps save human lives; some students have said they wouldn't be able to complete their education without Sci-Hub's help."

An effort by United States lawmakers to prevent government agencies from domestically tracking citizens without a search warrant is facing opposition internally from one of its largest intelligence services. From a report: Republican and Democratic aides familiar with ongoing defense-spending negotiations in Congress say officials at the National Security Agency (NSA) have approached lawmakers charged with its oversight about opposing an amendment that would prevent it from paying companies for location data instead of obtaining a warrant in court. Introduced by US representatives Warren Davidson and Sara Jacobs, the amendment would prohibit US military agencies from "purchasing data that would otherwise require a warrant, court order, or subpoena" to obtain. The ban would cover more than half of the US intelligence community, including the NSA, the Defense Intelligence Agency, and the newly formed National Space Intelligence Center, among others.

The House approved the amendment in a floor vote over a week ago during its annual consideration of the National Defense Authorization Act, a "must-pass" bill outlining how the Pentagon will spend next year's $886 billion budget. Negotiations over which policies will be included in the Senate's version of the bill are ongoing. In a separate but related push last week, members of the House Judiciary Committee voted unanimously to advance legislation that would extend similar restrictions against the purchase of Americans' data across all sectors of government, including state and local law enforcement. Known as the "Fourth Amendment Is Not For Sale Act," the bill will soon be reintroduced in the Senate as well by one of its original 2021 authors, Ron Wyden, the senator's office confirmed. "Americans of all political stripes know their Constitutional rights shouldn't disappear in the digital age," Wyden says, adding that there is a "deep well of support" for enshrining protections against commercial data grabs by the government "into black-letter law."

Worldcoin (WLD), the eyeball-scanning crypto project launched by OpenAI's Sam Altman, is being investigated by French data protection regulator CNI for "questionable" practises, the regulator told CoinDesk. From a report: "The legality of this [data] collection seems questionable, as do the conditions for preservation of biometric data," a CNIL spokesperson said in a written statement, referring to Worldcoin's practise of scanning retinas to ensure that no single person can claim crypto rewards twice.

"CNIL has initiated investigations," supporting the work of Bavarian privacy regulators who have primary responsibility under EU law, the spokesperson added. Worldcoin went live on Monday and its cheerleaders say it could spread crypto wider than bitcoin (BTC), but it has drawn the ire of privacy watchdogs in the U.K., where the Information Commissioner's Office has warned that people must freely give consent to the processing of their personal data, and be able to withdraw it without detriment.

An anonymous reader quotes a report from Reuters: The U.S. Senate Commerce Committee approved legislation on Thursday to bar automakers from eliminating AM broadcast radio in new vehicles and require companies like Ticketmaster to put total ticket prices including fees in marketing materials. The AM radio bill and the ticket-pricing bill both had strong bipartisan support and both have companion measures in the House of Representatives. The AM radio bill would direct the Transportation Department to issue regulations mandating AM radio in new vehicles without additional charge. Senators said this year that at least seven automakers have removed AM broadcast radio from their electric vehicles, including Tesla, BMW, and Volkswagen. Ford reversed course in May under pressure from Congress. Lawmakers say losing AM radio undermines a federal system for delivering key public safety information to the public. The National Association of Broadcasters said the bill "will ensure that the tens of millions of AM radio listeners across the country retain access to local news, diverse community programming and emergency information." The Alliance for Automotive Innovation, a trade group representing major automakers, opposed the measure: "This is simply a bill to prop up and give preference to a particular technology that's now competing with other communications options and adapting to changing listenership."

The U.S. Senate Commerce Committee also approved two bills aimed at tightening privacy protections for children online.

An anonymous reader quotes a report from The Verge: Congress is closer than ever to passing a pair of bills to childproof the internet after lawmakers voted to send them to the floor Thursday. The bills -- the Kids Online Safety Act (KOSA) and COPPA 2.0 -- were approved by the Senate Commerce Committee Thursday by a unanimous voice vote. Both pieces of legislation aim to address an ongoing mental health crisis amongst young people that some lawmakers blame social media for intensifying. But critics of the bills have long argued that they have the potential to cause more harm than good, like forcing social media platforms to collect more user information to properly enforce Congress' rules.

KOSA is supposed to establish a new legal standard for the Federal Trade Commission and state attorneys general, allowing them to police companies that fail to prevent kids from seeing harmful content on their platforms. The authors of the bills, Sen. Marsha Blackburn (R-TN) and Richard Blumenthal (D-CT), have said the bill keeps kids from seeing content that glamorizes eating disorders, suicidal thoughts, substance abuse, and gambling. It would also ban kids 13 and under from using social media and require companies to acquire parental consent before allowing children under 17 to use their platforms. At Thursday's markup, Blackburn proposed an amendment to remedy some of the concerns raised by digital rights groups, mainly language requiring platforms to verify the age of their users. Lawmakers approved those changes along with the bill, but the groups fear that platforms would still need to collect more data on all users to live up to the bill's other rules. [...] The other bill lawmakers approved, COPPA 2.0, raises the age of protection under the Children's Online Privacy Protection Act from 13 to 16 years of age, along with similar age-gating restrictions. It also bans platforms from targeting ads to kids. "When it comes to determining the best way to help kids and teens use the internet, parents and guardians should be making those decisions, not the government," Carl Szabo, NetChoice vice president and general counsel, said. "Rather than violating free speech rights and handing parenting over to bureaucrats, we should empower law enforcement with the resources necessary to do its job to arrest and convict bad actors committing online crimes against children."

An anonymous reader quotes a report from Ars Technica: When Google announced that trackers would be able to tie in to its 3 billion-device Bluetooth tracking network at its Google I/O 2023 conference, it also said that it would make it easier for people to avoid being tracked by trackers they don't know about, like Apple AirTags. Now Android users will soon get these "Unknown Tracker Alerts." Based on the joint specification developed by Google and Apple, and incorporating feedback from tracker-makers like Tile and Chipolo, the alerts currently work only with AirTags, but Google says it will work with tag manufacturers to expand its coverage.

For now, if an AirTag you don't own "is separated from its owner and determined to be traveling with you," a notification will tell you this and that "the owner of the tracker can see its location." Tapping the notification brings up a map tracing back to where it was first seen traveling with you. Google notes that this location data "is always encrypted and never shared with Google." Further into the prompts, you can make the tracker play a sound, "without the owner of the tracker knowing," Google says. If you bring the tracker to the back of your phone (presumably within NFC range), some trackers may provide their serial number and information about their owner, "like the last four digits of their phone number." Google indicates it will also link to information about how to physically disable a tracker. Finally, Google is offering a manual scan feature, if you're suspicious that your Android phone isn't catching a tracker or want to see what's nearby. The alerts are rolling out through a Google Play services update to devices on Android 6.0 and above over the coming weeks. Google is working to finish the joint tracking specification "by the end of this year."

The company added: "At this time, we've made the decision to hold the rollout of the Find My Device network until Apple has implemented protections for iOS."

An hours-long discussion on Capitol Hill captured the intensifying public interest in the unexplained and how authorities investigate such reports. From a report: A small group of House lawmakers called Wednesday for greater transparency in the government's reporting on encounters with unidentified phenomena, in an unusual congressional hearing featuring the testimony of UFO witnesses. But the hearing, which one freshman Democrat remarked was the most bipartisan discussion he'd seen in his seven months on Capitol Hill, oscillated between statements of concern about the potential national security threat posed by unknown objects flying close to U.S. military aircraft and more extreme allusions to government conspiracies to hide the existence of alien lifeforms. Convened by a House Oversight subcommittee, the hours-long discussion captured the intensifying public interest in the unexplained and what federal authorities are doing to document and investigate such reports.

"We're not bringing little green men or flying saucers into the hearing -- sorry to disappoint about half y'all," Rep. Tim Burchett (R-Tenn.) said. "We're just going to get to the facts. We're going to uncover the cover up." In response to reported encounters by Navy pilots, the U.S. military and the intelligence community have sought to more closely analyze such incidents. The sightings, including some that are believed to be drones or unmanned craft -- like the Chinese surveillance airship shot down in U.S. airspace earlier this year -- have fueled concerns that American adversaries could have developed new technologies that pose a threat to U.S. security. The Pentagon has implemented new policies meant to encourage military personnel to come forward if they see something unusual so it can be investigated and accounted for, and last year established what it calls the All-domain Anomaly Resolution Office to further study such reports. NASA has undertaken a similar independent initiative.

Binance, its founder Changpeng Zhao and the crypto exchange's former Chief Compliance Officer Samuel Lim plan to seek the dismissal of a Commodity Futures Trading Commission lawsuit. From a report: The response to the CFTC complaint is due July 27 and the defendants intend to submit motions to dismiss, according to a court filing on Monday. They also sought permission to exceed a 15-page limit on supporting briefs, citing the complexity of the case and the number of arguments they anticipate making. The CFTC in March alleged that Binance and CEO Zhao, also known as CZ, routinely broke US derivatives rules as the firm grew to be the world's largest digital-asset trading platform.

Binance should have registered with the agency years ago and continues to violate the CFTC's rules, the regulator said at the time. The crypto platform previously described the CFTC lawsuit as "unexpected and disappointing." The US Securities & Exchange Commission last month accused Binance and Zhao of mishandling customer funds, misleading investors and regulators, and breaking securities rules. Binance has said that it intends to defend its platform "vigorously."

Alphabet's Google violated a software developer's patent rights with its remote-streaming technology and must pay $338.7 million in damages, a federal jury in Waco, Texas decided on Friday. From a report: The jury found that Google's Chromecast and other devices infringe patents owned by Touchstream Technologies related to streaming videos from one screen to another. Google spokesperson Jose Castaneda said on Monday that the company will appeal the verdict and has "always developed technology independently and competed on the merits of our ideas." Touchstream attorney Ryan Dykal said on Monday that Touchstream was pleased with the verdict. New York-based Touchstream, which also does business as Shodogg, said in its 2021 lawsuit that founder David Strober invented technology in 2010 to "move" videos from a small device like a smartphone to a larger device like a television.

The New York Times points out that so-called "shadow libraries," like Library Genesis, Z-Library or Bibliotik, "are obscure repositories storing millions of titles, in many cases without permission — and are often used as A.I. training data." A.I. companies have acknowledged in research papers that they rely on shadow libraries. OpenAI's GPT-1 was trained on BookCorpus, which has over 7,000 unpublished titles scraped from the self-publishing platform Smashwords. To train GPT-3, OpenAI said that about 16 percent of the data it used came from two "internet-based books corpora" that it called "Books1" and "Books2." According to a lawsuit by the comedian Sarah Silverman and two other authors against OpenAI, Books2 is most likely a "flagrantly illegal" shadow library.

These sites have been under scrutiny for some time. The Authors Guild, which organized the authors' open letter to tech executives, cited studies in 2016 and 2017 that suggested text piracy depressed legitimate book sales by as much as 14 percent.

Efforts to shut down these sites have floundered. Last year, the F.B.I., with help from the Authors Guild, charged two people accused of running Z-Library with copyright infringement, fraud and money laundering. But afterward, some of these sites were moved to the dark web and torrent sites, making it harder to trace them. And because many of these sites are run outside the United States and anonymously, actually punishing the operators is a tall task.

Tech companies are becoming more tight-lipped about the data used to train their systems.

Forbes' senior writer on cybersecurity writes on the "warrantless monitoring of citizens en masse" in the United States.

Here's how county police armed with a "powerful new AI tool" identified the suspicious driving pattern of a grey Chevy owned by David Zayas: Searching through a database of 1.6 billion license plate records collected over the last two years from locations across New York State, the AI determined that Zayas' car was on a journey typical of a drug trafficker. According to a Department of Justice prosecutor filing, it made nine trips from Massachusetts to different parts of New York between October 2020 and August 2021 following routes known to be used by narcotics pushers and for conspicuously short stays. So on March 10 last year, Westchester PD pulled him over and searched his car, finding 112 grams of crack cocaine, a semiautomatic pistol and $34,000 in cash inside, according to court documents. A year later, Zayas pleaded guilty to a drug trafficking charge.

The previously unreported case is a window into the evolution of AI-powered policing, and a harbinger of the constitutional issues that will inevitably accompany it... Westchester PD's license plate surveillance system was built by Rekor, a $125 million market cap AI company trading on the NASDAQ. Local reporting and public government data reviewed by Forbes show Rekor has sold its ALPR tech to at least 23 police departments and local governments across America, from Lauderhill, Florida to San Diego, California. That's not including more than 40 police departments across New York state who can avail themselves of Westchester County PD's system, which runs out of its Real-Time Crime Center... It also runs the Rekor Public Safety Network, an opt-in project that has been aggregating vehicle location data from customers for the last three years, since it launched with information from 30 states that, at the time, were reading 150 million plates per month. That kind of centralized database with cross-state data sharing, has troubled civil rights activists, especially in light of recent revelations that Sacramento County Sheriff's Office was sharing license plate reader data with states that have banned abortion...

The ALPR market is growing thanks to a glut of Rekor rivals, including Flock, Motorola, Genetec, Jenoptik and many others who have contracts across federal and state governments. They're each trying to grab a slice of a market estimated to be worth at least $2.5 billion... In pursuit of that elusive profit, the market is looking beyond law enforcement to retail and fast food. Corporate giants have toyed with the idea of tying license plates to customer identities. McDonalds and White Castle have already begun using ALPR to tailor drive-through experiences, detecting returning customers and using past orders to guide them through the ordering process or offer individualized promotion offers. The latter restaurant chain uses Rekor tech to do that via a partnership with Mastercard.
A senior staff attorney at the ACLU tells Forbes that "The scale of this kind of surveillance is just incredibly massive."

Thanks to long-time Slashdot reader Geek_Cop for sharing the article.

Gizmodo reports: Thousands of top Russian officials and state employees have reportedly been banned from using iPhones and other Apple products over concerns they could serve as surreptitious spying tools for Western intelligence agencies...

Russia's trade minister, according to a Financial Times report, said the new ban will take effect Monday, July 17. The move affects a variety of Apple products from iPhones, iPads, and laptops, and builds off of similar restrictions already put in place by the digital development ministry and state-owned defense conglomerate Rostec. Kremlin officials also advised staff working on Vladimir Putin's 2024 presidential re-election campaign against using a variety of US-developed smartphones over similar espionage conveners earlier this year...

Russian intelligence officials last month accused the US National Security Agency of hacking into thousands of Russian-owned iPhones and targeting the phones of foreign diplomats based in Russia... To be clear, Russian officials still haven't provided any clear evidence proving the alleged US conspiracy. Apple has also publicly denied the claims and recently told the Times it "has never worked with any government to build a backdoor into any Apple product, and never will."
The Financial Times got a skeptical response to that from Dmitry Medvedev, deputy head of Russia's Security Council and one of the country's fiercest hardliners. "When a big tech compan...â.âclaims it does not co-operate with the intelligence community — either it lies shamelessly or it is about to [go bust]."

Thanks to Slashdot reader dovthelachma for sharing the news.

The major gaming platform Roblox has suffered a major data breach, leading to the release of personal information including addresses from those who attended the Roblox Developer Conference between 2017-2020. PCGamer reports: The leak contains almost 4,000 names, phone numbers, email addresses, dates of birth, and physical addresses. Such identifying information is gold dust for bad actors, and raises serious questions about the data security of one of the largest gaming platforms around. The website haveibeenpwned says the original breach date was 18 December 2020, with the information becoming available on 18 July 2023, with a total of 3,943 compromised accounts. The site notes that as well as all the above information, the leak even includes each individual's t-shirt size.

The implications of this for those affected are identity theft and scams, with the quantity of data especially worrying: this is basically all you need to effectively impersonate someone. Beyond the above statement, Roblox has made no further comment, and it's likely that the ramifications of this will continue to unfold for some time, especially if anyone on the list is indeed targeted. Anyone concerned should search on haveibeenpwned and enable two-factor authentication on all accounts (as well as keeping an especially close eye on bank transactions for a while). Troy Hunt, the engineer behind haveibeenpwned, said the leak was posted in 2021 but according to an unnamed source didn't spread outside of niche Roblox communities, while at the time the company did not publicly disclose the leak or alert anyone affected. The leak then appeared on a public forum a few days ago. "Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of a subset of our creator community," said a Roblox spokesperson to PC Gamer. "We engaged independent experts to support the investigation led by our information security team. Those who are impacted will receive an email communicating the next steps we are taking to support them. We will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors."

An anonymous reader quotes a report from Ars Technica: A few months ago, the developers behind the Wii/GameCube emulator Dolphin said they were indefinitely postponing a planned Steam release, after Steam-maker Valve received a request from Nintendo to take down the emulator's "coming soon" page. This week, after consulting with a lawyer, the team says it has decided to abandon its Steam distribution plans altogether. "Valve ultimately runs the store and can set any condition they wish for software to appear on it," the team wrote in a blog post on Thursday. "In the end, Valve is the one running the Steam storefront, and they have the right to allow or disallow anything they want on said storefront for any reason."

The Dolphin team also takes pains to note that this decision was not the result of an official DMCA notice sent by Nintendo. Instead, Valve reached out to Nintendo to ask about the planned Dolphin release, at which point a Nintendo lawyer cited the DMCA in asking Valve to take down the page. At that point, the Dolphin team says, Valve "told us that we had to come to an agreement with Nintendo in order to release on Steam... But given Nintendo's long-held stance on emulation, we find Valve's requirement for us to get approval from Nintendo for a Steam release to be impossible. Unfortunately, that's that." "As for Nintendo, this incident just continues their existing stance towards emulation," the post continues. "We don't think that this incident should change anyone's view of either company."

Despite the disappointing result for the Steam release, the Dolphin team is adamant that "we do not believe that Dolphin is in any legal danger." That's despite the emulator's inclusion of the Wii Common Key, which could run afoul of the DMCA's anti-circumvention provisions. The Dolphin Team notes that the Wii Common Key has been freely shared across the Internet since its initial discovery and publication in 2008. And while that key has been in the Dolphin code base since 2009, "no one has really cared," the team writes. [...] With what they believe is a firm legal footing, the team writes that Dolphin development will continue away from Steam, but including a number of UI and quality of life features originally designed for the Steam release. Meanwhile, emulators like RetroArch and the innovative 3dSen continue to be available on Steam, with no immediate sign of a further crackdown from Valve or Nintendo.

The hack of Microsoft's cloud that resulted in the compromise of government emails was an example of a traditional espionage threat, a senior National Security Agency official said. From a report: Speaking at the Aspen Security Forum, Rob Joyce, the director of cybersecurity at the N.S.A., said the United States needed to protect its networks from such espionage, but that adversaries would continue to try to secretly extract information from each other. "It is China doing espionage," Mr. Joyce said. "It is what nation-states do. We have to defend against it, we need to push back against it. But that is something that happens."

The hackers took emails from senior State Department officials including Nicholas Burns, the U.S. ambassador to China. The theft of Mr. Burns's emails was earlier reported by The Wall Street Journal and confirmed by a person familiar with the matter. Daniel J. Kritenbrink, the assistant secretary of state for East Asia, also had his email hacked, a U.S. official said. The emails of Commerce Secretary Gina Raimondo were also obtained in the hack, which was discovered in June by State Department cybersecurity experts scouring user logs for unusual activity. Microsoft later determined that Chinese hackers had obtained access to email accounts a month earlier.

Top AI companies including OpenAI, Alphabet and Meta Platforms have made voluntary commitments to the White House to implement measures such as watermarking AI-generated content to help make the technology safer, the Biden administration said on Friday. From a report: The companies -- which also include Anthropic, Inflection, Amazon.com and OpenAI partner Microsoft -- pledged to thoroughly test systems before releasing them and share information about how to reduce risks and invest in cybersecurity.

The move is seen as a win for the Biden administration's effort to regulate the technology which has experienced a boom in investment and consumer popularity. Since generative AI, which uses data to create new content like ChatGPT's human-sounding prose, became wildly popular this year, lawmakers around the world began considering how to mitigate the dangers of the emerging technology to national security and the economy.

According to a new study from online game development platform School XYZ, the exodus of major international video game publishers from Russia led to a sharp rise in the number of video gamers playing pirates games. TorrentFreak reports: Almost seven out of ten video gamers (69%) said they'd played at least one pirated copy in 2022, and more than half (51%) said that they're now pirating more than they did in 2021. As first reported by the Russian news outlet Vedomosti (paywall), the study was conducted across all regions of Russia and took into account all unlicensed game formats, in most cases downloaded from torrent sites. While over a quarter of respondents (27%) said they'd pirated three PC games in 2022, and 20% confessed to pirating more than 10, other figures from the study are more positive. Of the 31% of gamers who reported pirating nothing in 2022, all said that they were opposed to piracy. Just 7% of gamers admitted to buying no games at all in 2022, meaning that 93% bought at least one piece of legitimate content.

According to Alexander Kuzmenko, the former editor of Russian videogame magazine and gaming website Igromania (Game Mania), it's not just the departure of publishers including Sony, Microsoft, and Nintendo causing problem for gamers. When platforms like Steam and GOG, known for their ease of access, stopped supporting Russian bank cards, barriers appeared in a previously frictionless system. Yegor Tomsky, CEO at Watt Studio, agrees that buying content has become much more difficult. "Players are used to buying games on Steam in one click, and now, to buy a game, you need to perform the same actions as when downloading a pirated version, so everyone chooses to save money," Tomsky says.

As the Russian economy faces huge difficulties directly linked to the invasion of Ukraine, some fear that game piracy rates are heading towards the 90%+ mark last seen around two decades ago. People everywhere are trying to save money and according to Konstantin Sakhnov, co-founder of Vengeance Games, overseas game publishers may see lost profits reach $200-$300 million. A report from Kommersant published today indicates that local companies are also feeling the pain. According to data published by job search platform HH.ru, during the first half of 2023 the number of vacancies for video game developers in Russia plummeted 38%.

Researchers have warned that leaked information from a ransomware attack on hardware-maker Gigabyte two years ago may contain critical zero-day vulnerabilities that pose a significant risk to the computing world. The vulnerabilities were found in firmware made by AMI for BMCs (baseboard management controllers), which are small computers integrated into server motherboards allowing remote management of multiple computers. These vulnerabilities, which can be exploited by local or remote attackers with access to Redfish remote management interfaces, could lead to unauthorized access, remote code execution, and potential physical damage to servers. Ars Technica reports: Until the vulnerabilities are patched using an update AMI published on Thursday, they provide a means for malicious hackers -- both financially motivated or nation-state sponsored -- to gain superuser status inside some of the most sensitive cloud environments in the world. From there, the attackers could install ransomware and espionage malware that runs at some of the lowest levels inside infected machines. Successful attackers could also cause physical damage to servers or indefinite reboot loops that a victim organization can't interrupt. Eclypsium warned such events could lead to "lights out forever" scenarios.

The researchers went on to note that if they could locate the vulnerabilities and write exploits after analyzing the publicly available source code, there's nothing stopping malicious actors from doing the same. And even without access to the source code, the vulnerabilities could still be identified by decompiling BMC firmware images. There's no indication malicious parties have done so, but there's also no way to know they haven't. The researchers privately notified AMI of the vulnerabilities, and the company created firmware patches, which are available to customers through a restricted support page. AMI has also published an advisory here.

An anonymous reader quotes a report from PBS: An IRS plan to test drive a new electronic free-file tax return system next year has got supporters and critics of the idea mobilizing to sway the public and Congress over whether the government should set up a permanent program to help people file their taxes without needing to pay somebody else to figure out what they owe. On one side, civil society groups this week launched a coalition to promote the move toward a government-run free-file program. On the other, tax preparation firms like Intuit -- the parent company of TurboTax -- and H&R Block have been pouring millions into trying to stop the idea cold. The advocacy groups are exponentially out-monied.

An April AP analysis found that overall, Intuit, H&R Block, and other private companies and advocacy groups for large tax preparation businesses, as well as proponents in favor of electronic free file, have reported spending $39.3 million since 2006 to lobby on "free-file" and other matters. Federal law doesn't require domestic lobbyists to itemize expenses by specific issue, so the sums are not limited to free-file. Intuit spent at least $25.6 million since 2006 on lobbying, H&R Block about $9.6 million and the conservative Americans for Tax Reform roughly $3 million. In contrast, the NAACP has spent $140,000 lobbying on "free-file" since 2006 and Public Citizen has spent $110,000 in the same time frame. "What we have on our side is public opinion," said Igor Volsky, executive director of the liberal Groundwork Action advocacy group. Volsky's organization and leaders from Public Citizen, the Center for the Study of Social Policy, Code for America, the Economic Security Project and others launched the "Coalition for Free and Fair Filing" on Wednesday. The group's mission is to "ensure all U.S. taxpayers can easily file tax returns and get the tax credits they deserve by safeguarding and expanding" the new IRS program. "The overwhelming majority of people demand a free-file option," Volsky said. "Now the question for us is how do you channel that into effective political pressure."

The IRS in May released a report that said most taxpayers are interested in filing their taxes directly to the IRS for free, and concurrently announced plans to launch the pilot program for the 2024 filing season. The goal is to test a direct file system that will help the IRS decide whether to move forward with a more permanent program. That idea has faced the immediate threat of budget cuts from congressional Republicans. Republicans on the House Appropriations Committee in June proposed a budget rider that would prohibit funds to be used for the IRS to create a government-run tax preparation software, unless approved by a group of House and Senate committees. The move "safeguards the IRS from an obvious conflict of interest where the tax collector becomes the tax preparer," the bill's summary states.