Dubai Court Recognizes Crypto As a Valid Salary Payment

The Dubai Court of First Instance has declared that cryptocurrency can be used as a legal form of salary under employment contracts. CoinTelegraph reports: Irina Heaver, a partner at UAE law firm NeosLegal, explained that the ruling in case number 1739 of 2024 shows a shift from the court’s earlier stance in 2023, where a similar claim was denied because the crypto involved lacked precise valuation. Heaver believes this shows a “progressive approach” to integrating digital currencies into the country’s legal and economic framework. Heaver said that the case involved an employee who filed a lawsuit claiming that the employer had not paid their wages, wrongful termination compensation and other benefits. The worker’s employment contract stipulated a monthly salary in fiat and 5,250 in EcoWatt tokens. The dispute stems from the employer’s inability to pay the tokens portion of the employee’s salary in six months.

In 2023, the court acknowledged the inclusion of the EcoWatts tokens in the contract. Still, it did not enforce the payment in crypto, as the employee failed to provide a clear method for valuing the currency in fiat terms. “This decision reflected a traditional viewpoint, emphasizing the need for concrete evidence when dealing with unconventional payment forms,” Heaver said. However, the lawyer said that in 2024, the court “took a step forward,” ruling in favor of the employee and ordering the payment of the crypto salary as per the employment contract without converting it into fiat. Heaver added that the court’s reliance on the UAE Civil Transactions Law and Federal Decree-Law No. 33 of 2021 in both judgments shows the consistent application of legal principles in wage determination.

Read more of this story at Slashdot.

US Fines T-Mobile $60 Million, Its Largest Penalty Ever, Over Unauthorized Data Access

The U.S. Committee on Foreign Investment (CFIUS) fined T-Mobile $60 million, its largest penalty ever, for failing to prevent and report unauthorized access to sensitive data tied to violations of a mitigation agreement from its 2020 merger with Sprint. “The size of the fine, and CFIUS’s unprecedented decision to make it public, show the committee is taking a more muscular approach to enforcement as it seeks to deter future violations,” reports Reuters. From the report: T-Mobile said in a statement that it experienced technical issues during its post-merger integration with Sprint that affected “information shared from a small number of law enforcement information requests.” It stressed that the data never left the law enforcement community, was reported “in a timely manner” and was “quickly addressed.” The failure of T-Mobile to report the incidents promptly delayed CFIUS’ efforts to investigate and mitigate any potential harm to U.S. national security, they added, without providing further details. “The $60 million penalty announcement highlights the committee’s commitment to ramping up CFIUS enforcement by holding companies accountable when they fail to comply with their obligations,” one of the U.S. officials said, adding that transparency around enforcement actions incentivizes other companies to comply with their obligations.

Read more of this story at Slashdot.

National Public Data Confirms Breach Exposing Social Security Numbers

BleepingComputer’s Ionut Ilascu reports: Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with millions of social security numbers and other sensitive personal information. The company states that the breached data may include names, email addresses, phone numbers, social security numbers (SSNs), and postal addresses.

In the statement disclosing the security incident, National Public Data says that “the information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).” The company acknowledges the “leaks of certain data in April 2024 and summer 2024” and believes the breach is associated with a threat actor “that was trying to hack into data in late December 2023.” NPD says they investigated the incident, cooperated with law enforcement, and reviewed the potentially affected records. If significant developments occur, the company “will try to notify” the impacted individuals.

Read more of this story at Slashdot.

IRS Has Loads of Legacy IT, Still Has No Firm Plans To Replace It

The IRS should reopen its Technology Retirement Office to effectively manage the retirement and replacement of legacy systems, according to a Treasury Inspector General for Tax Administration (TIGTA) audit. The Register reports: The report (PDF), from the Treasury Inspector General for Tax Administration (TIGTA), credits the IRS with fully implementing two out of four previous tech modernization recommendations, though argues the other two recommendations were ineffectively implemented. Those failures include the agency’s decision in 2023 to scrap its own Technology Retirement Office, which stood up in 2021 “to strategically reduce the [IRS’ IT] footprint.” Without that office, “there is no enterprise-wide program to identify, prioritize, and execute the updating, replacing, or retiring of legacy systems” at the IRS, the inspector general declared, adding the unit should be reestablished or brought back in some similar form.

The closure of the retirement office, in the eyes of the TIGTA, is part of the IRS’s failure to properly identify and plan for shutting down legacy systems and possibly replacing them with something modern. According to the audit report, the IRS identified 107 of its 334 legacy systems as up for retirement, yet only two of those 107 have specific decommissioning plans. The TIGTA would like to see clear plans for all of those identified systems, and had hoped the retirement office (or similar) would provide them. Then there’s the second incomplete recommendation, which the IG said is the IRS’ failure to properly apply its own definition of a legacy system to all of its tech. […] In its response to the IG report, the IRS said it had largely addressed the two incomplete recommendations, though not entirely as the Inspector General might want.

Read more of this story at Slashdot.

China-Linked Hackers Could Be Behind Cyberattacks On Russian State Agencies, Researchers Say

According to Kaspersky, hackers linked to Chinese threat actors have targeted Russian state agencies and tech companies in a campaign named EastWind. The Record reports: [T]he attackers used the GrewApacha remote access trojan (RAT), an unknown PlugY backdoor and an updated version of CloudSorcerer malware, which was previously used to spy on Russian organizations. The GrewApacha RAT has been used by the Beijing-linked hacking group APT31 since at least 2021, the researchers said, while PlugY shares many similarities with tools used by the suspected Chinese threat actor known as APT27.

According to Kaspersky, the hackers sent phishing emails containing malicious archives. In the first stage of the attack, they exploited a dynamic link library (DLL), commonly found in Windows computers, to collect information about the infected devices and load the additional malicious tools. While Kaspersky didn’t explicitly attribute the recent attacks to APT31 or APT27, they highlighted links between the tools that were used. Although PlugY malware is still being analyzed, it is highly likely that it was developed using the DRBControl backdoor code, the researchers said. This backdoor was previously linked to APT27 and bears similarities to PlugX malware, another tool typically used by hackers based in China.

Read more of this story at Slashdot.

A Species of Lungfish Claims Title of World’s Largest Animal Genome