110K Domains Targeted in ‘Sophisticated’ AWS Cloud Extortion Campaign

Sonos CEO Says the Old App Can’t Be Rereleased

The old Sonos app won’t be making a return to replace the buggy new version. According to Sonos CEO Patrick Spence, rereleasing the old app would make things worse now that updated software has already been sent out to the company’s speakers and cloud infrastructure. The Verge reports: In a Reddit AMA response posted Tuesday, Sonos CEO Spence says that he was hopeful “until very recently” that the company could rerelease the app, confirming a report from The Verge that the company was considering doing so. […] Since the new app was released on May 7th, Spence has issued a formal apology and announced in August that the company would be delaying the launch of two products “until our app experience meets the level of quality that we, our customers, and our partners expect from Sonos.” “The trick of course is that Sonos is not just the mobile app, but software that runs on your speakers and in the cloud too,” writes Spence in the Reddit AMA. “In the months since the new mobile app launched we’ve been updating the software that runs on our speakers and in the cloud to the point where today S2 is less reliable & less stable then what you remember. After doing extensive testing we’ve reluctantly concluded that re-releasing S2 would make the problems worse, not better. I’m sure this is disappointing. It was disappointing to me.”

Read more of this story at Slashdot.

App Store VP Departs As Apple Prepares Organizational Changes

According to Bloomberg’s Mark Gurman (paywalled), App Store vice president Matt Fischer is departing the company in October as Apple prepares for organizational changes in response to regulatory pressure. MacRumors reports: Apple plans to split its App Store group into two teams, one that handles the App Store and a second team that oversees alternative app distribution. As of earlier this year, Apple has supported iOS app downloads from alternative app stores and from websites in the European Union, a change that the company had to make to comply with the Digital Markets Act. To handle ongoing compliance with EU regulations for app distribution and alternative payment methods, App Store chief Phil Schiller is changing the App Store’s hierarchy.

Fischer joined Apple in 2003 to oversee iTunes marketing, but he has served as the vice president of the App Store since 2010. In an email to Apple employees today, Fischer said that he had been thinking about leaving Apple for some time, and the reorganization provided the right opportunity. With Fischer leaving, App Store senior director Carson Oliver will oversee the App Store, and Ann Thai, a director who oversees App Store features, will head up the team that handles alternative app distribution.

Read more of this story at Slashdot.

‘Something Has Gone Seriously Wrong,’ Dual-Boot Systems Warn After Microsoft Update

Ars Technica’s Dan Goodwin writes: Last Tuesday, loads of Linux usersâ”many running packages released as early as this year — started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: “Something has gone seriously wrong.” The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don’t load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday. […]

With Microsoft maintaining radio silence, those affected by the glitch have been forced to find their own remedies. One option is to access their EFI panel and turn off secure boot. Depending on the security needs of the user, that option may not be acceptable. A better short-term option is to delete the SBAT Microsoft pushed out last Tuesday. This means users will still receive some of the benefits of Secure Boot even if they remain vulnerable to attacks that exploit CVE-2022-2601. The steps for this remedy are outlined here (thanks to manutheeng for the reference).

Read more of this story at Slashdot.

Toyota Confirms Breach After Stolen Data Leaks On Hacking Forum

Toyota confirmed a breach of its network after 240GB of data, including employee and customer information, was leaked on a hacking forum by a threat actor. The company has not provided details on how or when the breach occurred. BleepingComputer reports: ZeroSevenGroup (the threat actor who leaked the stolen data) says they breached a U.S. branch and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information. They also claim to have collected network infrastructure information, including credentials, using the open-source ADRecon tool that helps extract vast amounts of information from Active Directory environments.

“We have hacked a branch in United States to one of the biggest automotive manufacturer in the world (TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB,” the threat actor claims. “Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords.” While Toyota hasn’t shared the date of the breach, BleepingComputer found that the files had been stolen or at least created on December 25, 2022. This date could indicate that the threat actor gained access to a backup server where the data was stored. “We are aware of the situation. The issue is limited in scope and is not a system wide issue,” Toyota told BleepingComputer. The company added that it’s “engaged with those who are impacted and will provide assistance if needed.”

Read more of this story at Slashdot.