Quebec-based provider of telephony services VoIP.ms is facing an aggressive Distributed Denial of Service (DDoS) cyber attack, causing a disruption in phone calls and services. The incident began around September 16 and has put a strain on the VoIP provider’s systems, websites, and operations.
VoIP.ms serves over 80,000 customers across 125 countries, many of whom are now facing issues with voice calls.
Voice calls and services disrupted by DDoS attack
Last week, Canadian voice-over-IP service provider VoIP.ms announced that it became aware of an issue that was preventing customers from accessing its website and was working toward a solution. Fast-forward to today: the issue is ongoing and has been attributed to a persistent DDoS attack.
A code execution bug in Apple’s macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn’t fully patched it yet, as tested by Ars.
Those shortcut files can take over your Mac
Independent security researcher Park Minchan has discovered a vulnerability in the macOS that lets threat actors execute commands on your computer. Shortcut files that have the inetloc extension are capable of embedding commands inside. The flaw impacts macOS Big Sur and prior versions.
“A vulnerability in the way macOS processes inetloc files causes it to run commands embedded inside, the commands it runs can be local to the macOS allowing the execution of arbitrary commands by the user without any warning / prompts,” explains Minchan. “Originally, inetloc files are shortcuts to an Internet location, such as an RSS feed or a telnet location; and contain the server address and possibly a username and password for SSH and telnet connections; can be created by typing a URL in a text editor and dragging the text to the Desktop.”
The Bellevue, Wash.-based company is requiring vaccinations in its “badge-controlled” offices and customer service locations through at least March 1, 2022. The policy does not apply to T-Mobile retail locations, where T-Mobile encourages vaccination and requires employees and customers to wear masks if unvaccinated.
T-Mobile has delayed a required return to the office from Sept. 20 to Oct. 25. After that, employees will need special approval to continue working remotely.
“Because we took the step to require vaccinations at our offices, we added extra time from our previously announced September 20 return to office timeframe and extended the date to October 25,” a T-Mobile spokesperson said via email in response to an inquiry from GeekWire. “We are still, however, highly encouraging vaccinated employees to return to the office starting now.”
The spokesperson said, “Employees of course make their own health choices, and can request to continue to work remotely during this timeframe, which will be approved based on their role and circumstances.”
The company will be requiring employees who work in the office to provide proof of vaccination by Oct. 25, and likely sooner, the spokesperson said.
Many companies previously planned to bring employees back to the office on a regular basis this fall, but the rise of the COVID-19 Delta variant thwarted their plans.
Companies including Amazon and Expedia have now pushed their returns to the office back to January 2022. Microsoft, Redfin and others are leaving their timelines open-ended, promising to give employees ample notice when they set new dates.
The policies apply to the broad workforces of those companies. In many cases, individual employees can go into the office if vaccinated.
Seattle-based UX and design firm Blink has been acquired by Mphasis, a publicly-traded IT services giant based in Bangalore, India.
Founded 21 years ago, Blink works with companies such as Amazon, Apple, Microsoft, NASA, and Starbucks. The firm employs more than 130 people across offices in Seattle, Austin, Boston, San Diego, and San Francisco. It has earned $34 million in revenue so far this year, according to CEO and co-founder Karen Clark Cole.
Blink will retain its name following the acquisition, and all employees are staying aboard.
Founded in 1998, Mphasis reported revenue of more than $1.3 billion for its fiscal year ending March 31. It reached a market capitalization of $4.5 billion last year.
In 2016, Blackstone Group acquired a majority stake in the company from Hewlett Packard.
“The acquisition of Blink, consistent with our M&A focus, is in the forefront of providing well researched design and high impact digital experiences to our clients and their end customers,” Mphasis CEO Nitin Rakesh said in a statement.
Blink grew slowly for years before ramping up. Big corporations recently began knocking on the door, interested in buying Blink. Instead, Clark Cole and co-founder Kelly Franznick launched a strategy to themselves acquire smaller companies, aiming to become the biggest UX business around, Cole told GeekWire last year.
Blink did not raise any outside capital, Cole said.
“Designing products that meet needs, and are friction free, is how we delight customers and enrich their lives with technology,” Clark Cole said in a statement. “We are so thrilled to now have Mphasis’s engineering skills as part of our core, providing end-to-end services for our clients and following our designs through to launch.”
Expedia Group says it will unify its loyalty programs, allowing travelers to accumulate rewards across brands including Expedia, Hotels.com, Orbitz, Vrbo, Travelocity, Hotwire and others.
The announcement results from a longstanding effort inside the Seattle-based online travel giant to simplify and streamline its overall business, including an initiative to bridge its different travel brands with a common technology backend.
The larger effort has been a major focus for Expedia Group CEO Peter Kern since taking over the top executive role last year. Expedia Group Chairman Barry Diller’s previous dissatisfaction with the progress of the initiative was one of the reasons for a shakeup of the company’s top leadership in December 2019.
Expedia Group says it has more than 145 million members across the separate rewards programs currently operated separately by its different brands.
The company said Tuesday morning that the unified program will launch soon, but did not provide a specific date.
“The program will consist of unique member pricing discounts and the ability to earn and redeem rewards across all Expedia Group brands, such as Expedia, Vrbo, Hotels.com, Travelocity, and Orbitz,” the company said in a news release, noting that the new program “will span flights, hotels, vacation rentals, car rentals, cruises, and activities.”
Iowa-based provider of agriculture services NEW Cooperative Inc. has been hit by a ransomware attack, forcing it to take its systems offline. The BlackMatter group that is behind the attack has put forth a $5.9 million ransom demand. The farming cooperative is seen stating the attack could significantly impact the public supply of grain, pork, and chicken if it cannot bring its systems back online.
BlackMatter says it doesn’t hit “critical infrastructure”
Ransomware group BlackMatter has hit NEW Cooperative and is demanding $5.9 million to provide a decryptor, according to screenshots shared online by threat intel analysts.
“Your website says you do not attack critical infrastructure. We are critical infrastructure… intertwined with the food supply chain in the US. If we are not able to recover very shortly, there is going to be very very public disruption to the grain, pork, and chicken supply chain,” a NEW Cooperative representative appears to be telling BlackMatter during a private negotiation chat.
The Bezos Earth Fund pledged $1 billion to conserve and protect vulnerable areas of the world, focusing initially on the Congo Basin, the tropical Andes, and the tropical Pacific Ocean.
Bezos Earth Fund leaders announced the pledge Monday afternoon as part of Amazon founder Jeff Bezos’ prior commitment of $10 billion toward fighting climate change and preserving natural habitats around the world. Grants will preference groups that work closely with local communities and indigenous people, according to Bezos Earth Fund leaders.
“When people hanker for the good old days and glamorize the past, they’re almost always wrong. By most metrics, life is better than it was in the past. Global poverty rates are lower, infant mortality and life expectancies are better, and education rates are much higher,” Bezos said in a statement, echoing a sentiment often expressed by fellow Seattle-area philanthropists Bill Gates and Melinda French Gates.
However, Bezos called the natural world “a notable exception,” saying it is “not better today than it was 500 years ago, when we enjoyed unspoiled forests, clean rivers, and the pristine air of the pre-industrial age.”
He added, “We can and must reverse this anomaly. By coming together with the right focus and ingenuity, we can have both the benefits of our modern lives and a thriving natural world. I hope this commitment inspires others to make their own pledges to protect and conserve nature and help in the fight against climate change. A job this big needs many allies.”
An announcement from the Bezos Earth Fund included statements of support from world leaders including United Nations Deputy Secretary-General Amina Mohammed; British Prime Minister Boris Johnson; Iván Duque Márquez, President of Colombia; John Kerry, U.S. Special Presidential Envoy for Climate.
The funding for conservation is part of what the Bezos Earth Fund calls its three-part Nature strategy. Future parts will focus on landscape restoration and transformation of the food system.
A prior round of funding went largely to well-funded, established environmental organizations, illustrating one challenge of the sheer scale of the Bezos Earth Fund: there are few organizations capable of managing and spending funds effectively at that level.
Bezos has pledged to fully allocate the $10 billion fund by 2030, the target date for the United Nations’ Sustainable Development Goals.
Climate Week is kicking off Monday in New York City and major companies including Amazon and Microsoft as well as Bill Gates’ Breakthrough Energy are sharing news of their efforts to decarbonize.
Climate Week is hosted in part by the United Nations and includes forums and events where business, governments and organizations discuss and share climate initiatives and goals.
Amazon today announced that an additional 86 companies have joined its Climate Pledge, a nonbinding agreement to become net-zero carbon by 2040, which is a decade ahead of the target set by the Paris Agreement. That brings the total participation to more than 200 organizations worldwide.
If the signatories meet that goal, by cutting emissions 10 years faster they will prevent nearly 2 billion metric tons of carbon emissions from being released — which is equal to 5.4% of current global annual emissions, according to a release by Amazon. Climate Pledge, which the Seattle-based tech titan launched two years ago, is one of the top sponsors of Climate Week.
“I believe that now, more than ever, companies like Amazon have an obligation to lead the fight for our planet,” said Amazon CEO Andy Jassy in a statement.
Microsoft, which is also a Climate Pledge participate, had its own announcement today. The Redmond, Wash.-based company is donating $100 million to Breakthrough Energy Catalyst.
“This is the decade of action and those of us who can afford to move faster and go further, should,” said Lucas Joppa, Microsoft’s chief environmental officer, in a blog post announcing the news.
Breakthrough Energy Catalyst is an initiative that’s part of the larger Breakthrough Energy effort. The program is pursuing public-private partnerships to develop technology to cut carbon emissions. Its initial focus areas include direct air capture of carbon, green hydrogen fuel, long duration energy storage and sustainable aviation fuel.
Breakthrough Energy in turn announced its other private sector partners in addition to Microsoft, which are American Airlines, steel and mining giant ArcelorMittal, Bank of America, global investment powerhouse BlackRock, Boston Consulting Group and General Motors. The new investments reportedly exceed $1 billion, according to Bloomberg.
Epik has now confirmed that an “unauthorized intrusion” did in fact occur into its systems. The announcement follows last week’s incident of hacktivist collective Anonymous leaking 180 GB of data stolen from online service provider Epik. To mock the company’s initial response to the data breach claims, Anonymous had altered Epik’s official knowledge base, as reported by Ars.
Epik is a domain registrar and web services provider known to serve right-wing clients, some of which have been turned down by more mainstream IT providers due to the objectionable and sometimes illicit content hosted by the clients. Epik’s clients have included the Texas GOP, Parler, Gab, and 8chan, among others.
Epik hack impacts millions of non-customers, too
Turns out, the leaked data dump contains 15,003,961 email addresses belonging to both Epik’s customers and non-customers, and not everyone is pleased with the news. This occurred as Epik had scraped WHOIS records of domains, even those not owned by the company, and stored these records. In doing so, the contact information of those who have never transacted with Epik directly was also retained in Epik’s systems.
SushiSwap’s chief technology officer says the company’s MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi’s newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network.
Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own “digital tokens” on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.
Attacker steals $3 million in Ethereum via one GitHub commit
In a Twitter thread today, SushiSwap CTO Joseph Delong announced that an auction on MISO launchpad had been hijacked via a supply chain attack. An “anonymous contractor” with the GitHub handle AristoK3 and access to the project’s code repository had pushed a malicious code commit that was distributed on the platform’s front end.