LG is still clinging to its dying smartphone business. The company's new CEO, Kwon Bong-seok, (who was appointed just last month!) promised a return to profitability for LG's mobile division by 2021. From a report: "LG Electronics' mobile business is going to be profitable by 2021," Kwon told The Korea Times. "I can say we can make that happen as LG Electronics will expand our mobile lineup and steadily release new ones attached with some wow factors to woo consumers." Kwon didn't share many details on how he plans to resurrect LG's smartphone business, which has lost money for something like 14 quarters in a row now. When asked by the Korea Times, the site said Kwon "only reiterated LG Electronics' plan to expand the phone lineup." LG sold 19 phone models each in 2019 and 2018, according to GSM Arena's database. In 2014, the last time LG Mobile reliably turned a profit, the company produced 44 phone models -- is this correlation or causation?

An anonymous reader quotes a report from Ars Technica: On the heels of the killing of Iranian Revolutionary Guard Corps General Qassem Soleimani by a U.S. MQ-9 Reaper strike on January 2, the U.S. Department of Homeland Security warned of potential cyberattacks against critical infrastructure by Iran. That warning probably didn't apply to the website of the Federal Deposit Library Program, operated by the U.S. Government Printing Office -- which was defaced on January 4 with a pro-Iranian message and an image of a bloodied President Donald Trump being punched by an Iranian fist.

The FDLP website is no stranger to defacement attacks. As a brief analysis of the attack by a security researcher with the Twitter username @sshell_ noted, the site has been defaced twice in the last 10 years -- most recently in 2014, when it was replaced with an electronic dance music video featuring a dancing cat. Based on a fingerprint of the site's files, the site -- based on the Joomla content management system -- had not had its code updated since 2012. And the site had modules that used a version of Joomla's RSForm that had been flagged 11 months ago as being vulnerable to a SQL Injection attack. While the image depicting Trump had no metadata attached to it, another image with text had Exchangeable Image File Format (EXIF) data indicating it had been created with Adobe Photoshop CS 6 for Windows in 2015. As sshell_ noted, the image was used in a defacement reported to the "cybercrime archive" Zone-H by a user identifying themselves as IRAN-CYBER on December 2, 2015. A DHS spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA) said that "there is no confirmation that this was the action of Iranian state-sponsored actors."

Folks at the Massachusetts Institute of Technology (MIT) have developed a new machine learning-based tool that will tell you how fast a code can run on various chips. This will help developers tune their applications for specific processor architectures. From a report: Traditionally, developers used the performance model of compilers through a simulation to run basic blocks -- fundamental computer instruction at the machine level -- of code in order to gauge the performance of a chip. However, these performance models are not often validated through real-life processor performance. MIT researchers developed an AI model called Ithmel by training it to predict how fast a chip can run unknown basic blocks. Later, it was supported by a database called BHive with 300,000 basic blocks from specialized fields such as machine learning, cryptography, and graphics. The team of researchers presented a paper [PDF] at the NeuralIPS conference in December to describe a new technique to measure code performance on various processors. The paper also describes Vemal, a new automatically generating algorithm that can be used to generate compiler optimizations.

An anonymous reader quotes CNET: Security camera startup Wyze has confirmed it suffered a data leak earlier this month that left the personal information for millions of its customers exposed on the internet. No passwords or financial information was exposed, but email addresses, Wi-Fi network IDs and body metrics for 2.4 million customers were left unprotected from Dec. 4 through Dec. 26, the company said Friday.

The data was accidentally left exposed when it was transferred to a new database to make the data easier to query, but a company employee failed to maintain previous security protocols during the process, Wyze co-founder Dongsheng Song wrote in a forum post. "We are still looking into this event to figure out why and how this happened," he wrote...

Among the data exposed in the Wyze leak was the height, weight, gender and other health information for about 140 beta users participating in testing of new hardware, Wyze said.

schwit1 quotes CNET's report on their newly-released "2019 Data Breach Hall of Shame." The biggest recurrent motif among the major data breaches of 2019 wasn't the black-hooded hacker in a dark room, digging into a screen full of green text. It was a faceless set of executives and security professionals under the fluorescent lights of an office somewhere, frantically dialing their attorneys and drafting public relations apologies after leaving the front doors of their servers unlocked in public.

The words "unsecured database" seemed to run on repeat through security journalism in 2019. Every month, another company was asking its customers to change their passwords and report any damage. Cloud-based storage companies like Amazon Web Services and ElasticSearch repeatedly saw their names surface in stories of negligent companies -- in the fields of health care, hospitality, government and elsewhere -- which left sensitive customer data unprotected in the open wilds of the internet, to be bought and sold by hackers who barely had to lift a finger to find it.

And it's not just manic media coverage. The total number of breaches was up 33% over last year, according to research from Risk Based Security, with medical services, retailers and public entities most affected. That's a whopping 5,183 data breaches for a total of 7.9 billion exposed records.

In November, the research firm called 2019 the "worst year on record" for breaches.

Colleges are tracking students' location to enforce attendance, analyze their behavior and assess their mental health. One company calculates a student's "risk score" based on factors such as whether she is going to the library enough. Washington Post reports: When Syracuse University freshmen walk into professor Jeff Rubin's Introduction to Information Technologies class, seven small Bluetooth beacons hidden around the Grant Auditorium lecture hall connect with an app on their smartphones and boost their "attendance points." And when they skip class? The SpotterEDU app sees that, too, logging their absence into a campus database that tracks them over time and can sink their grade. It also alerts Rubin, who later contacts students to ask where they've been. His 340-person lecture has never been so full. "They want those points," he said. "They know I'm watching and acting on it. So, behaviorally, they change." Short-range phone sensors and campuswide WiFi networks are empowering colleges across the United States to track hundreds of thousands of students more precisely than ever before. Dozens of schools now use such technology to monitor students' academic performance, analyze their conduct or assess their mental health.

But some professors and education advocates argue that the systems represent a new low in intrusive technology, breaching students' privacy on a massive scale. The tracking systems, they worry, will infantilize students in the very place where they're expected to grow into adults, further training them to see surveillance as a normal part of living, whether they like it or not. "We're adults. Do we really need to be tracked?" said Robby Pfeifer, a sophomore at Virginia Commonwealth University in Richmond, which recently began logging the attendance of students connected to the campus' WiFi network. "Why is this necessary? How does this benefit us? ... And is it just going to keep progressing until we're micromanaged every second of the day?" This style of surveillance has become just another fact of life for many Americans. A flood of cameras, sensors and microphones, wired to an online backbone, now can measure people's activity and whereabouts with striking precision, reducing the mess of everyday living into trend lines that companies promise to help optimize. The Washington Post includes mention of a Slashdot comment from a user who worries whether anyone will truly know when all this surveillance has gone too far. "Graduates will be well prepared ... to embrace 24/7 government tracking and social credit systems," the Slashdot commenter said. "Building technology was a lot more fun before it went all 1984."

An anonymous reader quotes a report from ZDNet: A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world's most popular web browser. The vulnerabilities, five, in total, are named "Magellan 2.0," and were disclosed today by the Tencent Blade security team. All apps that use an SQLite database are vulnerable to Magellan 2.0; however, the danger of "remote exploitation" is smaller than the one in Chrome, where a feature called the WebSQL API exposes Chrome users to remote attacks, by default.

Just like the original Magellan vulnerabilities, these new variations are caused by improper input validation in SQL commands the SQLite database receives from a third-party. An attacker can craft an SQL operation that contains malicious code. When the SQLite database engine reads this SQLite operation, it can perform commands on behalf of the attacker. In a security advisory published today, the Tencent Blade team says the Magellan 2.0 flaws can lead to "remote code execution, leaking program memory or causing program crashes." All apps that use an SQLite database to store data are vulnerable, although, the vector for "remote attacks over the internet" is not exploitable by default. To be exploitable, the app must allow direct input of raw SQL commands, something that very few apps allow. Thankfully, Google patched all five Magellan 2.0 vulnerabilities in Google Chrome 79.0.3945.79, released two weeks ago.

The SQLite project also fixed the bugs in a series of patches on December 13, 2019; however, these fixes have not been included in a stable SQLite branch -- which remains v3.30.1, released on December 10.

An anonymous reader quotes a report from Bloomberg: The unprecedented bushfires devastating swathes of Australia have already pumped out more than half of the country's annual carbon dioxide emissions in another setback to the fight against climate change. Fires blighting New South Wales and Queensland have emitted a combined 306 million tons of carbon dioxide since Aug. 1, which is more than half of Australia's total greenhouse gas footprint last year, according to Niels Andela, an assistant research scientist at NASA's Goddard Space Flight Center in Maryland and collaborator with the Global Fire Emissions Database. That compares with the Copernicus Atmosphere Monitoring Service's estimate of 270 million tons in just over four months. "We have been closely monitoring the intensity of the fires and the smoke they emit and when comparing the results with the average from a 17-year period, they are very unusual in number and intensity, especially in New South Wales, for being so early in the fire season," said Mark Parrington, a senior scientist at Copernicus, the European Union's atmosphere observation program.

An anonymous reader quotes a report from Gizmodo: A 22-year-old boss backed by a gangster cabal of "internet buddies" has been thwarted and convicted in their attempt to blackmail Apple, the UK's National Crime Agency reports. In 2017, London-based Kerem Albayrak made Apple an offer they couldn't refuse: deliver $100,000 in iTunes gift cards or $75,000 in cryptocurrency or kiss 319 million iCloud accounts goodbye. On Friday, a court sentenced him to a two year suspended jail term.

On March 12th, 2017, Albayrak, don of hacker syndicate the "Turkish Crime Family," sent Apple Security and several media outlets a YouTube video showing him apparently logging in to two victims' iCloud accounts. The NCA reports that Albayrak had threatened to factory reset the accounts and sell the database vis-a-vis his "internet buddies," boasting to outlets that he'd had access to 300 million accounts (a figure which was later increased to 559 million). They gave Apple until April 7th to fill their demands, Apple Insider has reported. One week and zero gift cards later, they upped their demands and reportedly sent ZDNet a set of 54 sample accounts. ZDNet confirmed their authenticity, though the plot thickened: at least one account had been compromised years prior. Apple and UK authorities ultimately found that the Turkish Crime Family had not, in fact, successfully compromised the network, and concluded that the data came from an unrelated breach of largely defunct third-party services. Albayrak pleaded guilty to one count of blackmail and two counts of unauthorized acts with intent to impair the operation of or prevent/hinder access to a computer. He was handed a two year suspended jail term, 300 hours of unpaid labor, and six months of "electronic curfew" (an ankle bracelet).

More than 267 million Facebook users allegedly had their user IDs, phone numbers and names exposed online, according to a report from Comparitech and security researcher Bob Diachenko. From a report: That info was found in a database that could be accessed without a password or any other authentication, and the researchers believe it was gathered as part of an illegal scraping operation or Facebook API abuse. Dianchenko says he reported the database to the service provider managing the IP address of the server, but the database was exposed for nearly two weeks. In the meantime, he says, the data was posted as a download in a hacker forum. That's a lot of personal data to be floating around in the wild, and as Comparitech notes, it could be used to carry out phishing scams and other foul play.

The log-in credentials for 3,672 Ring camera owners were compromised this week, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras, which are often the same as camera locations, such as "bedroom" or "front door." BuzzFeed News reports: Using the log-in email and password, an intruder could access a Ring customer's home address, telephone number, and payment information, including the kind of card they have, and its last four digits and security code. An intruder could also access live camera footage from all active Ring cameras associated with an account, as well as a 30- to 60-day video history, depending on the user's cloud storage plan. We don't know how this tranche of customer information was leaked. Ring denies any claims that the data was compromised as a part of a breach of Ring's systems. A Ring spokesperson declined to tell BuzzFeed News when it became aware of the leak or whether it affected a third party that Ring uses to provide its services.

Security experts told BuzzFeed News that the format of the leaked data -- which includes username, password, camera name, and time zone in a standardized format -- suggests it was taken from a company database. They said data obtained via credential stuffing -- when previously-compromised emails and passwords are used to get access to other accounts -- would likely not display Ring-specific data like camera names or time zone. BuzzFeed News was alerted to the leak by a security researcher, who claimed he used a web crawler to search the internet for any data leaks pertaining to Ring accounts. The security researcher found the list of compromised credentials posted anonymously on a text storage site. "Ring has not had a data breach. Our security team has investigated these incidents and we have no evidence of an unauthorized intrusion or compromise of Ring's systems or network," a Ring spokesperson said. "It is not uncommon for bad actors to harvest data from other company's data breaches and create lists like this so that other bad actors can attempt to gain access to other services."

Guillaume Lample and Francois Charton, at Facebook AI Research in Paris, say they have developed an algorithm that can calculate integrals and solve differential equations. MIT Technology Review reports: Neural networks have become hugely accomplished at pattern-recognition tasks such as face and object recognition, certain kinds of natural language processing, and even playing games like chess, Go, and Space Invaders. But despite much effort, nobody has been able to train them to do symbolic reasoning tasks such as those involved in mathematics. The best that neural networks have achieved is the addition and multiplication of whole numbers. For neural networks and humans alike, one of the difficulties with advanced mathematical expressions is the shorthand they rely on. For example, the expression x^3 is a shorthand way of writing x multiplied by x multiplied by x. In this example, "multiplication" is shorthand for repeated addition, which is itself shorthand for the total value of two quantities combined.

Enter Lample and Charton, who have come up with an elegant way to unpack mathematical shorthand into its fundamental units. They then teach a neural network to recognize the patterns of mathematical manipulation that are equivalent to integration and differentiation. Finally, they let the neural network loose on expressions it has never seen and compare the results with the answers derived by conventional solvers like Mathematica and Matlab. The first part of this process is to break down mathematical expressions into their component parts. Lample and Charton do this by representing expressions as tree-like structures. The leaves on these trees are numbers, constants, and variables like x; the internal nodes are operators like addition, multiplication, differentiate-with-respect-to, and so on. [...] Trees are equal when they are mathematically equivalent. For example, 2 + 3 = 5 = 12 - 7 = 1 x 5 are all equivalent; therefore their trees are equivalent too. These trees can also be written as sequences, taking each node consecutively. In this form, they are ripe for processing by a neural network approach called seq2seq.

The next stage is the training process, and this requires a huge database of examples to learn from. Lample and Charton create this database by randomly assembling mathematical expressions from a library of binary operators such as addition, multiplication, and so on; unary operators such as cos, sin, and exp; and a set of variables, integers, and constants, such as [pi] and e. They also limit the number of internal nodes to keep the equations from becoming too big. [...] Finally, Lample and Charton put their neural network through its paces by feeding it 5,000 expressions it has never seen before and comparing the results it produces in 500 cases with those from commercially available solvers, such as Maple, Matlab, and Mathematica. The comparisons between these and the neural-network approach are revealing. "On all tasks, we observe that our model significantly outperforms Mathematica," say the researchers. "On function integration, our model obtains close to 100% accuracy, while Mathematica barely reaches 85%." And the Maple and Matlab packages perform less well than Mathematica on average. The paper, called "Deep Learning For Symbolic Mathematics," can be found on arXiv.

According to Forbes, Google has sent 1,494 device identifiers to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) to help them investigate arsons carried out across Milwaukee, Wisconsin, throughout 2018 and 2019. "The requests, outlined in two search warrants obtained by Forbes, demanded to know which specific Google customers were located in areas covering 29,387 square meters (or 3 hectares) during a total of nine hours for the four separate incidents," the report says. "Unbeknownst to many Google users, if they have 'location history' turned on, their whereabouts are stored by the tech giant in a database called SensorVault." From the report: To investigators, this kind of "geofence" demand is useful, allowing them to go through the data trove provided by Google, look for devices of interest such as a known suspect's phone and ask for more personal information on the user of that mobile. But it's also the kind of search that's been making pro-privacy folk anxious over the last year. Such data grabs, also referred to as "reverse location searches," see the police give Google a timeframe and an area on Google Maps within which to find every Google user within. Google then looks through its SensorVault database of user locations, taken from devices running the tech giant's services like Google Maps or anything that requires the "location history" feature be turned on. The police then look through the list, decide which devices are of interest to the investigation and ask for subscriber information that includes more detailed data such as name, email address, when they signed up to Google services and which ones they used.

It's unclear whether or not Google handed over any identifying information, but to Jerome Greco, a public defender in the Digital Forensics Unit of the Legal Aid Society, it's a sign that geofence warrants are overly broad and endanger user privacy. "The number of phones identified in that area shows two key points," he tells Forbes. "One, it demonstrates a sample of how many people's minute-by-minute movements Google is precisely tracking. "Two, it shows the unconstitutional nature of reverse location search warrants because they inherently invade the privacy of numerous people, who everyone agrees are unconnected to the crime being investigated, for the mere possibility that it may help identify a suspect." For what it's worth, Forbes did obtain a search warrant that indicates Google is trying to fight back against overly broad government requests, "but still appears to be handing over innocent people's information as well as legitimate suspect data."

Anil Dash: We don't even notice it anymore -- "link in bio." It's a pithy phrase, usually found on Instagram, which directs an audience to be aware that a pertinent web link can be found on that user's profile. Its presence is so subtle, and so pervasive, that we barely even noticed it was an attempt to kill the web. Links on the web are incredibly powerful. There are decades of theory behind the role of hyperlinks in hypertext -- did you know in most early versions, links were originally designed to be two-way? You'd be able to see every page on the web that links to this one. But even in the very simple form that we've ended up with on the World Wide Web for the last 30 years, links are incredibly powerful, opening up valuable connections between unexpected things.

For a closed system, those kinds of open connections are deeply dangerous. If anyone on Instagram can just link to any old store on the web, how can Instagram -- meaning Facebook, Instagram's increasingly-overbearing owner -- tightly control commerce on its platform? If Instagram users could post links willy-nilly, they might even be able to connect directly to their users, getting their email addresses or finding other ways to communicate with them. Links represent a threat to closed systems. Here's the thing, though: people like links. So closed systems have to present a pressure release valve. Hashtags are a great way out. They use the semiotics of links (early versions of hashtags on social platforms were really barely more than automated links to a search for a particular term) but are also constrained by the platforms they live on. A hashtag is easier to gather into a database, to harvest, to monetize. It's much easier, sure, but it also doesn't have all the messiness of a real link. Instagram doesn't have to worry that clicking on its hashtags will accidentally lead people to Twitter, or vice versa.

"The crime scene DNA sequencing company Verogen announced yesterday that they've acquired the genomics database and website GEDmatch," reports The Verge. "GEDmatch was primarily used by genealogists until 2018, when police, the FBI, and a forensic genealogist identified the suspected Golden State Killer by tying crime scene DNA to relatives who had uploaded their genetic information to the site. Since then, the platform has helped identify around 70 people accused of violent crimes." From the report: The acquisition makes the relationship between the company and law enforcement explicit, but raises uncomfortable questions for users and experts about data privacy and the future direction of the platform. In response to privacy concerns, the company changed its terms and conditions last spring to only allow law enforcement access to data if users actively opted in. But until now, interaction with law enforcement was still a secondary function to the platform.

The announcement took many in the genetics and genealogy community by surprise, and many genealogists are leaving the platform. "There have simply been too many changes, all of them in the direction of making their data the product rather than the website a service," said lawyer and genealogist Judy Russell in an email to The Verge. GEDmatch users were prompted to accept new terms and conditions indicating the platform's new ownership, and could either agree and enter the site, or remove their data from the platform. Verogen will still allow users to keep their data from any use by law enforcement, CEO Brett Williams told BuzzFeed News, maintaining the opt-in approach. "It will be interesting to see in the future if the new owners will implement policy changes that will increase the number of individuals available for law enforcement searching," says James Hazel, postdoctoral fellow at the Center for Genetic Privacy and Identity in Community Settings at Vanderbilt University. The report notes, however, that "opt-in is not a foolproof system for data protection." Last month, a Florida detective announced at a police convention that he had obtained a warrant to penetrate GEDmatch and search its full database of nearly one million users.

Using a divide-and-conquer approach that leverages the power of compressed sensing, computer scientists from Rice University and Amazon have shown they can slash the amount of time and computational resources it takes to train computers for product search and similar "extreme classification problems" like speech translation and answering general questions. Tech Xplore reports: In tests on an Amazon search dataset that included some 70 million queries and more than 49 million products, Shrivastava, Medini and colleagues showed their approach of using "merged-average classifiers via hashing," (MACH) required a fraction of the training resources of some state-of-the-art commercial systems. "Our training times are about 7-10 times faster, and our memory footprints are 2-4 times smaller than the best baseline performances of previously reported large-scale, distributed deep-learning systems," said Shrivastava, an assistant professor of computer science at Rice. Medini, a Ph.D. student at Rice, said product search is challenging, in part, because of the sheer number of products. "There are about 1 million English words, for example, but there are easily more than 100 million products online."

MACH takes a very different approach [than current training algorithms]. Shrivastava describes it with a thought experiment randomly dividing the 100 million products into three classes, which take the form of buckets. "I'm mixing, let's say, iPhones with chargers and T-shirts all in the same bucket," he said. "It's a drastic reduction from 100 million to three." In the thought experiment, the 100 million products are randomly sorted into three buckets in two different worlds, which means that products can wind up in different buckets in each world. A classifier is trained to assign searches to the buckets rather than the products inside them, meaning the classifier only needs to map a search to one of three classes of product. [...] In their experiments with Amazon's training database, Shrivastava, Medini and colleagues randomly divided the 49 million products into 10,000 classes, or buckets, and repeated the process 32 times. That reduced the number of parameters in the model from around 100 billion to 6.4 billion. And training the model took less time and less memory than some of the best reported training times on models with comparable parameters, including Google's Sparsely-Gated Mixture-of-Experts (MoE) model, Medini said. He said MACH's most significant feature is that it requires no communication between parallel processors. In the thought experiment, that is what's represented by the separate, independent worlds. The research will be presented this week at the 2019 Conference on Neural Information Processing Systems (NeurIPS 2019) in Vancouver.

An anonymous reader shares a report: Verizon, which bought Yahoo in 2017, has suspended email addresses of archivists who are trying to preserve 20 years of content that will be deleted permanently in a few weeks. As Verizon announced in October, the company intends to wipe all content from Yahoo Groups. As of December 14, all previously posted content on the site will be permanently removed. The mass deletion includes files, polls, links, photos, folders, database, calendar, attachments, conversations, email updates, message digests, and message histories that was uploaded to Yahoo servers since pre-Google 1990s. Verizon planned to allow users to download their own data from the site's privacy dashboard, but apparently it has a problem with the work of The Archive Team who wants to save content to upload it to the non-profit Internet Archive, which runs the popular Wayback Machine site.

"Yahoo banned all the email addresses that the Archive Team volunteers had been using to join Yahoo Groups in order to download data," reported the Yahoo Groups Archive Team. "Verizon has also made it impossible for the Archive Team to continue using semi-automated scripts to join Yahoo Groups -- which means each group must be rejoined one by one, an impossible task (redo the work of the past four weeks over the next 10 days)."

A former Oracle employee filed a lawsuit against the database giant on Tuesday claiming that he was forced out for refusing to lie about the functionality of the company's software. The civil complaint, filed on behalf of plaintiff Tayo Daramola in U.S. District Court in San Francisco, contends that Oracle violated whistleblower protections under the Sarbanes-Oxley Act and the Dodd-Frank Act, the RICO Act, and the California Labor Code.

According to the court filing, Daramola, a resident of Montreal, Canada, worked for Oracle's NetSuite division from November 30, 2016 through October 13, 2017. He served as a project manager for an Oracle cloud service known as the Cloud Campus BookStore initiative and dealt with US customers. Campus bookstores, along with ad agencies, and apparel companies are among the market segments targeted by Oracle and NetSuite. Daramola's clients are said to have included the University of Washington, the University of Oregon, the University of Texas at Austin, Brigham Young University and the University of Southern California.

The problem, according to the complaint, is that Oracle was asking Daramola to sell vaporware -- a charge the company denies. "Daramola gradually became aware that a large percentage of the major projects to which he was assigned were in 'escalation' status with customers because Oracle had sold his customers software products it could not deliver, and that were not functional," the complaint says. Daramola realized that his job "was to ratify and promote Oracle's repeated misrepresentations to customers" about the capabilities of its software, "under the premise of managing the customer's expectations." The ostensible purpose of stringing customers along in this manner was to buy time so Oracle could actually implement the capabilities it was selling, the court filing states.

As Daramola saw it, his job as project manager thus required him to participate "in a process of affirmative misrepresentation, material omission, and likely fraud."
"We don't agree with the allegations," Oracle told The Register "and intend to vigorously defend the matter."

The article also notes that in 2016 Oracle faced another whistleblower lawsuit, this one brought by a former senior finance manager at Oracle who'd said her bosses directed her to inflate the company's cloud sales. Oracle settled that lawsuit "while denying any wrongdoing."

A group of filmmakers have sued the State Department for making visa applicants hand over details about their social media accounts. "The lawsuit argues that the requirement unconstitutionally discourages applicants from speaking online -- and, conversely, discourages people who post political speech from trying to enter the U.S.," reports The Verge. From the report: This lawsuit, filed by the Doc Society and the International Documentary Association, challenges the decision on First Amendment grounds. It calls the registration system "the cornerstone of a far reaching digital surveillance regime" that makes would-be visitors provide "effectively a live database of their personal, creative, and political activities online" -- which the government can monitor at any time, long after the application process has been completed. Applicants must even disclose accounts that they use pseudonymously, and if U.S. authorities fail to keep that information secure, it could potentially endanger people who are trying to avoid censorship from a repressive foreign government.

The plaintiffs in this lawsuit say that some non-U.S. members have begun deleting social media content or stopped expressing themselves online because they're afraid it will complicate their ability to enter the U.S. Others have decided to stop working in the country because they don't want to reveal their social media accounts. "The Registration Requirement enables the government to compile a database of millions of people's speech and associations, which it can cross-reference to glean more information about any given visa applicant," warns the suit. And "the government's indefinite retention of information collected through the Registration Requirement further exacerbates the requirement's chilling effect because it facilitates surveillance into the future."

The Microsoft threat research team scanned all Microsoft user accounts and found that 44 million users were employing usernames and passwords that leaked online following security breaches at other online services. From a report: The scan took place between January and March 2019. Microsoft said it scanned user accounts using a database of over three billion leaked credentials, which it obtained from multiple sources, such as law enforcement and public databases. The scan effectively helped Microsoft identify users who reused the same usernames and passwords across different online accounts. The 44 million total included Microsoft Services Accounts (regular user accounts), but also Azure AD accounts.