A new patent granted to Apple suggests the company could use satellite communications for more than just getting help in an emergency. 9to5Mac reports: Emergency SOS via Satellite was one of the headline features of September's Apple event -- so much so that the Far Out event name referenced it. The service launched in the US and Canada last month, and was yesterday extended to the UK, France, Germany, and Ireland. More countries will follow. A patent granted on the same day the service expanded to more countries suggests that Apple satellite plans may extend beyond text, and beyond emergency use.

Patently Apple spotted it: "Satellite communications data conveyed by transceivers #28 and antenna radiators #30 may include media data (e.g., streaming video, television data, satellite radio data, etc.), voice data (e.g., telephone voice data), internet data, and/or any other desired data." Apple has currently committed $450M to support the satellite communications feature, a reasonably sizeable amount of money even by Apple standards for a service that will be of use to a tiny fraction of iPhone owners. But if it's the start of something more, then the investment could look rather modest.

U.S. prosecutors on Wednesday said they have charged eight individuals in a securities fraud scheme, alleging they reaped about $114 million from by using Twitter and Discord to manipulate stocks. Reuters reports: The eight men allegedly purported to be successful traders on the social media platforms and then engaged in a so-called "pump and dump" scheme by hyping particular stocks to their followers with the intent to dump them once prices had risen, according to prosecutors in the Southern District of Texas.

The U.S. Securities and Exchange Commission (SEC) said it has filed related civil charges against the defendants in the scheme, claiming that seven of the defendants used Twitter and Discord to boost stocks. It said the eighth was charged with aiding and abetting the scheme with his podcast. The individuals charged were Texas residents Edward Constantinescu, Perry Matlock, John Rybarczyk and Dan Knight, along with California residents Gary Deel and Tom Cooperman, Stefan Hrvatin of Miami and Mitchell Hennessey of Hoboken, New Jersey.

An anonymous reader shares a report: In mid-2020, FTX's chief engineer made a secret change to the cryptocurrency exchange's software. He tweaked the code to exempt Alameda Research, a hedge fund owned by FTX founder Sam Bankman-Fried, from a feature on the trading platform that would have automatically sold off Alameda's assets if it was losing too much borrowed money. In a note explaining the change, the engineer, Nishad Singh, emphasized that FTX should never sell Alameda's positions. "Be extra careful not to liquidate," Singh wrote in the comment in the platform's code, which it showed he helped author. Reuters reviewed the code base, which has not been previously reported.

The exemption allowed Alameda to keep borrowing funds from FTX irrespective of the value of the collateral securing those loans. That tweak in the code got the attention of the U.S. Securities and Exchange Commission, which charged Bankman-Fried with fraud on Tuesday. The SEC said the tweak meant Alameda had a "virtually unlimited line of credit." Furthermore, the billions of dollars that FTX secretly lent to Alameda over the next two years didn't come from its own reserves, but rather were other FTX customers' deposits, the SEC said.

The auto-liquidation exemption written into FTX code allowed Alameda to continually increase its line of credit until it "grew to tens of billions of dollars and effectively became limitless," the SEC complaint said. It was one of two ways that Bankman-Fried diverted customer funds to Alameda. The other was a mechanism whereby FTX customers deposited over $8 billion in traditional currency into bank accounts secretly controlled by Alameda. These deposits were reflected in an internal account on FTX that was not tied to Alameda, which concealed its liability, the complaint said.

The U.S. Supreme Court on Monday asked the Biden administration to weigh in on song-lyric website Genius' attempt to revive a lawsuit over Google's alleged theft of its work. From a report: The justices are considering whether to hear ML Genius Holdings LLC's bid to overturn a U.S. appeals court's ruling that its case against Google LLC was preempted by federal copyright law. The Supreme Court often asks for the solicitor general's input on cases in which the U.S. government may have an interest.

Genius, formerly known as Rap Genius, keeps a database of song lyrics and annotations maintained by volunteers. It sued Google and its partner LyricFind in New York state court in 2019 for allegedly posting its lyric transcriptions at the top of Google search results without permission. Genius argued Google violated its terms of service by stealing its work and reposting it on Google webpages, decreasing traffic to Genius' site. The 2nd U.S. Circuit Court of Appeals in March affirmed a decision to dismiss the case, finding Genius' breach-of-contract claims were based on copyright concerns and should have been brought under copyright law.

An anonymous reader quotes a report from KrebsOnSecurity: On Dec. 10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members. The FBI's InfraGard program is supposed to be a vetted Who's Who of key people in private sector roles involving both cyber and physical security at companies that manage most of the nation's critical infrastructures -- including drinking water and power utilities, communications and financial services firms, transportation and manufacturing companies, healthcare providers, and nuclear energy firms. "InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks," the FBI's InfraGard fact sheet reads.

KrebsOnSecurity contacted the seller of the InfraGard database, a Breached forum member who uses the handle "USDoD" and whose avatar is the seal of the U.S. Department of Defense. USDoD said they gained access to the FBI's InfraGard system by applying for a new account using the name, Social Security Number, date of birth and other personal details of a chief executive officer at a company that was highly likely to be granted InfraGard membership. The CEO in question -- currently the head of a major U.S. financial corporation that has a direct impact on the creditworthiness of most Americans -- did not respond to requests for comment. USDoD told KrebsOnSecurity their phony application was submitted in November in the CEO's name, and that the application included a contact email address that they controlled -- but also the CEO's real mobile phone number. "When you register they said that to be approved can take at least three months," USDoD said. "I wasn't expected to be approve[d]." But USDoD said that in early December, their email address in the name of the CEO received a reply saying the application had been approved. While the FBI's InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email. "If it was only the phone I will be in [a] bad situation," USDoD said. "Because I used the person['s] phone that I'm impersonating."

USDoD said the InfraGard user data was made easily available via an Application Programming Interface (API) that is built into several key components of the website that help InfraGard members connect and communicate with each other. USDoD said after their InfraGard membership was approved, they asked a friend to code a script in Python to query that API and retrieve all available InfraGard user data. "InfraGard is a social media intelligence hub for high profile persons," USDoD said. "They even got [a] forum to discuss things." USDoD acknowledged that their $50,000 asking price for the InfraGard database may be a tad high, given that it is a fairly basic list of people who are already very security-conscious. Also, only about half of the user accounts contain an email address, and most of the other database fields -- like Social Security Number and Date of Birth -- are completely empty. [...] While the data exposed by the infiltration at InfraGard may be minimal, the user data might not have been the true end game for the intruders. USDoD said they were hoping the imposter account would last long enough for them to finish sending direct messages as the CEO to other executives using the InfraGuard messaging portal.