Twilio Hackers Breached Over 130 Organizations During Months-Long Hacking Spree

The hackers that breached Twilio earlier this month also compromised more than 130 other organizations during their hacking spree that netted the credentials of close to 10,000 employees. TechCrunch: Twilio’s recent network intrusion allowed the hackers to access the data of 125 Twilio customers and companies — including end-to-end encrypted messaging app Signal — after tricking employees into handing over their corporate login credentials and two-factor codes from SMS phishing messages that purported to come from Twilio’s IT department. At the time, TechCrunch learned of phishing pages impersonating other companies, including a U.S. internet company, an IT outsourcing company and a customer service provider, but the scale of the campaign remained unclear.

Now, cybersecurity company Group-IB says the attack on Twilio was part of a wider campaign by the hacking group it’s calling “0ktapus,” a reference to how the hackers predominantly target organizations that use Okta as a single sign-on provider. Group-IB, which launched an investigation after one of its customers was targeted by a linked phishing attack, said in findings shared with TechCrunch that the vast majority of the targeted companies are headquartered in the U.S. or have U.S.-based staff. The attackers have stolen at least 9,931 user credentials since March, according to Group-IB’s findings, with more than half containing captured multi-factor authentication codes used to access a company’s network.

Read more of this story at Slashdot.

Google Tracks 39 Types of Personal Data, Apple Tracks 12

New research claims that of five major Big Tech firms, Google tracks more private data about users than any other — and Apple tracks the least. AppleInsider reports: Apple has previously introduced App Tracking Transparency specifically to protect the privacy of users from other companies. However, a new report says that Apple is also avoiding doing any more tracking itself than is needed to run its services. According to StockApps.com, Apple “is the most privacy-conscious firm out there.” “Apple only stores the information that is necessary to maintain users’ accounts,” it continues. “This is because their website is not as reliant on advertising revenue as are Google, Twitter, and Facebook.”

The StockApps.com report does not list what it describes as the “data points” that Big Tech firms collect for every user. However, it says they include location details, browser history, activity on third-party websites, and in Google’s case, also emails in Gmail. It also doesn’t detail its methodology, but does say that it used marketing firm digitalinformationworld to investigate Apple, Amazon, Facebook, Google, and Twitter. Of these five, Google reportedly tracks 39 separate data points per user, while Apple tracks only 12. Unexpectedly, Facebook is stated as tracking only 14 data points, while Amazon tracks 23, and Twitter tracks 24.

Read more of this story at Slashdot.

MyFitnessPal Paywalls Barcode Scanner That Made Counting Calories Easy

The popular nutrition and weight loss app MyFitnessPal is moving its free barcode scanning feature behind the paywall. The Verge reports: For years, users with free accounts have been able to use this tool to scan food barcodes for easy logging and tracking of daily calorie intake, but the company recently announced that beginning October 1st, a premium account will be required. MyFitnessPal’s daily calorie counting is a key component of the app, with the barcode scanner offering a shortcut to finding nutritional value for a specific food item in the app’s vast database of food. Much of that database is user-generated, with both free and premium users able to add any food by entering the nutrition facts and barcode off a label. Once October 1st rolls around, free users will still be able to search the database for their food entries, but the barcode scanner will cost $19.99 per month or $79.99 for an annual plan, along with other premium features. And any new users that create a free account on or after September 1st will be shut out from scanning barcodes even earlier unless they pay. “By losing the barcode scanner, MyFitnessPal is doing its users an egregious disservice,” writes The Verge’s Antonio G. Di Benedetto. “Losing weight and being cognizant of what you eat is hard enough.”

“MyFitnessPal is obviously looking to maximize profits, but if the popular r/loseit subreddit is any indication, many users may consider switching to competing apps like Cronometer, Loseit, or Macros over this loss.”

Read more of this story at Slashdot.

Devs Make Progress Getting MacOS Venture Running On Unsupported, Decade-Old Macs

An anonymous reader quotes a report from Ars Technica: Skirting the official macOS system requirements to run new versions of the software on old, unsupported Macs has a rich history. Tools like XPostFacto and LeopardAssist could help old PowerPC Macs run newer versions of Mac OS X, a tradition kept alive in the modern era by dosdude1’s patchers for Sierra, High Sierra, Mojave, and Catalina. For Big Sur and Monterey, the OpenCore Legacy Patcher (OCLP for short) is the best way to get new macOS versions running on old Macs. It’s an offshoot of the OpenCore Hackintosh bootloader, and it’s updated fairly frequently with new features and fixes and compatibility for newer macOS versions. The OCLP developers have admitted that macOS Ventura support will be tough, but they’ve made progress in some crucial areas that should keep some older Macs kicking for a little bit longer.

[…] First, while macOS doesn’t technically include system files for pre-AVX2 Intel CPUs, Apple’s Rosetta 2 software does still include those files, since Rosetta 2 emulates the capabilities of a pre-AVX2 x86 CPU. By extracting and installing those files in Ventura, you can re-enable support on Ivy Bridge and older CPUs without AVX2 instructions. And this week, Grymalyuk showed off another breakthrough: working graphics support on old Metal-capable Macs, including machines as old as the 2014 5K iMac, the 2012 Mac mini, and even the 2008 cheese grater-style Mac Pro tower. The OCLP team still has other challenges to surmount, not least of which will involve automating all of these hacks so that users without a deep technical understanding of macOS’s underpinnings can continue to set up and use the bootloader. Grymalyuk still won’t speculate about a timeframe for official Ventura support in OCLP. But given the progress that has been made so far, it seems likely that people with 2012-and-newer Macs should still be able to run Ventura on their Macs without giving up graphics acceleration or other important features.

Read more of this story at Slashdot.

Apple’s Repair Program Creates ‘Excruciating Gauntlet of Hurdles’, iFixit Says

On Monday, Apple expanded its DIY repair program to include MacBook Air and MacBook Pro laptops equipped with M1 chips (including the Pro and Max). At least, in theory. The repairability experts at iFixit, who regularly dissect Apple’s gadgets, have taken a look at the new program, and their outlook is…mixed. iFixit’s Sam Goldheart writes that the new MacBook Pro guides “threw us for a loop.” The issue: the documentation “makes MacBook Pros seem less repairable” than they have been in the past. From a report: The repair manual for replacing the 14-inch MacBook Pro’s battery, for example, is a whole 162 pages long. (One of the first steps, of course, is “Read the entire manual first.”) The reason the guide is so long, it turns out, is that replacing these batteries isn’t just a matter of popping the battery out. A user needs to replace the entire top case and keyboard in order to replace the battery. Needless to say, it is unusual for a laptop battery replacement to require a full-computer teardown.

And then, as Goldheart points out, there’s the matter of the money. The “top case with battery” part that you’ll need to purchase for the 2020 and 2021 MacBook Pro models is not cheap — after rooting around Apple’s store, Verge editor Sean Hollister found that you can expect to pay well upwards of $400 for the top case with battery after the repair credit. “Apple is presenting DIY repairers with a excruciating gauntlet of hurdles: read 162 pages of documentation without getting intimidated and decide to do the repair anyway, pay an exorbitant amount of money for an overkill replacement part, decide whether you want to drop another 50 bucks on the tools they recommend, and do the repair yourself within 14 days, including completing the System Configuration to pair your part with your device,” Goldheart writes in summary. “Which makes us wonder, does Apple even want better repairability?”

Read more of this story at Slashdot.

Quest VR Owners Have New Meta Logins To Use Instead of Facebook

Meta will now allow users of its Quest VR headsets to log in with a new Meta account instead of a Facebook account, the company announced on Tuesday. The Verge reports: The company had said in July that this change would be rolling out in August, and it marks a shift from an unpopular policy announced in 2020 that required users to log in to their headsets with a Facebook account instead of a separate Oculus account. Users can create Meta accounts through the Meta mobile app using an email address, Facebook account, or Instagram account. Once you create a Meta account, you’ll need to set up a linked Meta Horizon social profile that will be used in VR. As with Facebook accounts before, you’ll need one of these accounts to use a Quest headset.

“Our new Meta account structure gives you more flexibility and control, letting you choose how you do and don’t show up — and whether Facebook and / or Instagram is part of your experience in VR and other surfaces where you use your Meta Horizon profile,” Meta says in its blog post. If you want to set up a Meta account, the company has instructions in the blog post and in a video. If you are still using an Oculus account, you’ll be able to do so until January 1st, 2023. After that date, you’ll need to make a Meta account. The company says the option to make a Meta account and a Meta Horizon profile is rolling out now, so if you aren’t able to just yet, you should be given the option soon.

Read more of this story at Slashdot.

China Punishes 27 People Over ‘Tragically Ugly’ Illustrations In Maths Textbook

Chinese authorities have punished 27 people over the publication of a maths textbook that went viral over its “tragically ugly” illustrations. The Guardian reports: A months-long investigation by a ministry of education working group found the books were “not beautiful,” and some illustrations were “quite ugly” and did not “properly reflect the sunny image of China’s children.” The mathematics books were published by the People’s Education Press almost 10 years ago, and were reportedly used in elementary schools across the country. But they went viral in May after a teacher published photos of the illustrations inside, including people with distorted faces and bulging pants, boys pictures grabbing girls’ skirts and at least one child with an apparent leg tattoo.

Social media users were largely amused by the illustrations, but many also criticized them as bringing disrepute and “cultural annihilation” to China, speculating they were the deliberate work of western infiltrators in the education sector. Related hashtags were viewed billions of times, embarrassing the Communist party and education authorities who announced a review of all textbooks “to ensure that the textbooks adhere to the correct political direction and value orientation.”

In a lengthy statement released on Monday, the education authorities said 27 individuals were found to have “neglected their duties and responsibilities” and were punished, including the president of the publishing house, who was given formal demerits, which can affect a party member’s standing and future employment. The editor-in-chief and the head of the maths department editing office were also given demerits and dismissed from their roles. The statement said the illustrators and designers were “dealt with accordingly” but did not give details. They and their studios would no longer be engaged to work on textbook design or related work, it said. The highly critical statement found a litany of issues with the books, including critiquing the size, quantity and quality of illustrations, some of which had “scientific and normative problems.”

Read more of this story at Slashdot.