Yahoo! tries! again! with! 3 billion! email! account! theft! payout!

In brief Google on Friday pledged to update its location history system so that visits to medical clinics and similarly sensitive places are automatically deleted.

In this post-Roe era of America, there is concern that cops and other law enforcement will demand the web giant hand over information about its users if they are suspected of breaking the law by seeking an abortion.

Google keeps a log of its users whereabouts, via its Location History functionality, and provides some controls to delete all or part of those records, or switch it off. Now, seemingly in response to the above concerns and a certain US Supreme Court decision, we're told Google's going to auto-delete some entries.

The US FBI issued a warning on Tuesday that it was has received increasing numbers of complaints relating to the use of deepfake videos during interviews for tech jobs that involve access to sensitive systems and information.

The deepfake videos include a video image or recording convincingly manipulated to misrepresent someone as the "applicant" for jobs that can be performed remotely. The Bureau reports the scam has been tried on jobs for developers, "database, and software-related job functions". Some of the targeted jobs required access to customers' personal information, financial data, large databases and/or proprietary information.

"In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually," said the FBI in a public service announcement.

China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns.

In its announcement of the investigation, the China Cyberspace Administration (CAC) said:

A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Secureworks.

The China-backed group, which Secureworks labels Bronze Starlight, has been active since mid-2021. It uses an HUI loader to install ransomware, such as LockFile, AtomSilo, Rook, Night Sky and Pandora. But cybersecurity firm Secureworks asserts that ransomware is probably just a distraction from the true intent: cyber espionage.

"The ransomware could distract incident responders from identifying the threat actors' true intent and reduce the likelihood of attributing the malicious activity to a government-sponsored Chinese threat group," the company argues.

Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. 

While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat. 

Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident. 

Yahoo Japan has revealed that it plans to go passwordless, and that 30 million of its 50 million monthly active users have already stopped using passwords in favor of a combination of FIDO and TXT messages.

A case study penned by staff from Yahoo Japan and Google's developer team, explains that the company started work on passwordless initiatives in 2015 but now plans to go all-in because half of its users employ the same password on six or more sites.

The web giant also sees phishing as a significant threat, and has found that a third of customer inquiries relate to lost credentials.

Appian has been awarded more than $2 billion in damages from Pegasystems for "trade secret misappropriation."

It's an eyewatering sum, and came in a verdict received from a jury in the Circuit Court for Fairfax County, Virginia following a seven-week trial.

Appian is all about building apps and workflows rapidly with its low-code platform. The Pega platform is similarly concerned with speedy software building with a low-code approach. However, it appears that one party was a bit too interested in the other, resulting in a violation of the Virginia Computer Crimes Act and a misappropriation of Appian's trade secrets.

The US Ninth Circuit Court of Appeals on Wednesday affirmed the 2019 conviction and sentencing of Carsten Igor Rosenow for sexually exploiting children in the Philippines – and, in the process, the court may have blown a huge hole in internet privacy law.

The court appears to have given US government agents its blessing to copy anyone's internet account data without reasonable suspicion of wrongdoing – despite the Fourth Amendment's protection against unreasonable searches and seizures. UC Berkeley School of Law professor Orin Kerr noted the decision with dismay.

"Holy crap: Although it was barely mentioned in the briefing, the CA9 just held in a single sentence, in a precedential opinion, that internet content preservation isn't a seizure," he wrote in a Twitter post. "And TOS [Terms of Service] eliminate all internet privacy."

Infosec outfit Cybereason says it's discovered a multi-year – and very successful – Chinese effort to steal intellectual property.

The company has named the campaign "Operation CuckooBees" and attributed it, with a high degree of confidence, to a Beijing-backed advanced persistent threat-slinger going by Winnti – aka APT 41, BARIUM, and Blackfly.

Whatever the group is called, it uses several strains of malware and is happy to construct complex chains of activity. In the attack Cybereason claims to have spotted, Winnti starts by finding what Cybereason has described as "a popular ERP solution" that had "multiple vulnerabilities, some known and some that were unknown at the time of the exploitation."

After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.

Coelho, 21, who allegedly used the mistaken moniker "Omnipotent" among others, according to the US indictment unsealed on Monday in the Eastern District of Virginia, is currently awaiting the outcome of UK legal proceedings to extradite him to the United States.

The six-count US indictment [PDF] charges Coelho with conspiracy, access device fraud, and aggravated identity theft following from his alleged activities as the chief administrator of RaidForums, an online market for compromised or stolen databases containing personal and financial information.