Month: February 2020

Enlarge (credit: Glen Dillon)

A US-based natural gas facility shut down operations for two days after sustaining a ransomware infection that prevented personnel from receiving crucial real-time operational data from control and communication equipment, the Department of Homeland Security said on Tuesday.

Tuesday’s advisory from the DHS’s Cybersecurity and Infrastructure Security Agency, or CISA, didn’t identify the site except to say that it was a natural gas-compression facility. Such sites typically use turbines, motors, and engines to compress natural gas so it can be safely moved through pipelines.

The attack started with a malicious link in a phishing email that allowed attackers to pivot from the facility’s IT network to the facility’s OT network, which is the operational technology hub of servers that control and monitor physical processes of the facility. With that, both the IT and OT networks were infected with what the advisory described as “commodity ransomware.”

Enlarge / A customer looks at a Huawei smartphone in a Huawei store in Moscow. (credit: Sergei Karpukhin / TASS via Getty Images)

A federal judge has slapped down a Huawei lawsuit that sought to overturn a ban on federal agencies buying Huawei telecommunications gear. Congress passed the legislation, part of the military's 2019 appropriations bill, out of concern that the Chinese government could infiltrate Huawei-based networks.

Huawei had argued that the law was unconstitutional under the Constitution's ban on bills of attainder. The federal government argued that was nonsense. On Tuesday, Texas federal Judge Amos Mazzant sided with the government.

The Constitution prohibits Congress from imposing "bills of attainder"—legislation that singles out individuals for punishment without trial. This was an infamous practice in Great Britain in the decades before the American Revolution. Huawei argued that it was a "person" under US law and hence entitled to this protection.

Enlarge / CD Projekt Red's official update image is a bad choice for showing off the huge updates. Why not a massive GOG logo instead? (credit: CD Projekt Red)

In bringing The Witcher 3 to Nintendo Switch late last year, the porting team at Saber Interactive already pulled off an impressive feat. This week, the developer went one step further with the port's biggest patch yet, and the included quality-of-life changes just elevated its value—especially for the game's fans on PC.

The Thursday patch was hinted at by Saber in late January in a tweet that has since been deleted, and after launching exclusively in Korea in the wee hours of the morning, it began rolling out across the globe through Thursday. While CD Projekt Red has yet to release a comprehensive list of patch notes about smaller bug fixes and tweaks, two of its biggest changes are front-and-center in the opening menus: cross-save support, and an overhauled "post-processing" list of toggles.

• 

  A new "cloud saves" menu in The Witcher 3's Switch version. Pick your preferred PC platform of choice.

The former only works with the game's PC version, but you're in luck whether you've purchased the game via GOG or Steam. Choose either storefront, then enter your username and password in a Web interface to confirm that you want to connect your Switch copy with your PC version. Doing this allows you to either upload or download a single save file with either service, since both support cloud saves by default. CDPR's official update includes two warnings for longtime PC players: the Switch version will only recognize save files whose names haven't been manually edited, and any saves that contain metadata from modded versions of the game could affect Switch performance.

Enlarge / Apple CEO Tim Cook looks on as the iPhone X goes on sale at an Apple Store on November 3, 2017 in Palo Alto, California. (credit: Justin Sullivan/Getty Images)

Apple published a note to investors this week saying that it will miss its quarterly guidance for the next quarter because of the impact the COVID-19 coronavirus has had on supply lines and Chinese consumer demand. The note says that Apple expects "worldwide iPhone supply will be temporarily constrained" and that Apple and its partners may not be able to make enough iPhones to meet demand around the world.

During the company's last quarterly earnings call on January 28, it already gave an unusually large guidance range because of concerns about the health crisis, but the situation seems to be worse than Apple predicted. Several manufacturing facilities that assemble Apple products in China have been shut down amidst the Chinese government's efforts to contain the virus, and the investor note says that, while those facilities are now coming back online, they're still behind schedule.

"While our iPhone manufacturing partner sites are located outside the Hubei province—and while all of these facilities have reopened—they are ramping up more slowly than we had anticipated," Apple says.

Enlarge / An Amazon Ring security camera on display during an unveiling event on Thursday, Sept. 20, 2018. (credit: Andrew Burton | Bloomberg | Getty Images)

Ring, Amazon's line of cloud-connected home surveillance equipment, faced a high-profile series of camera hacks late last year. That string of breaches—though traumatic for the families that were targeted—has at least finally led to one silver lining: increased security for user accounts.

Two-factor authentication of some kind is now mandatory for all accounts, Ring announced today. Every device owner and authorized user will have to enter a one-time, six-digit code, sent through email or SMS, in order to log in to a Ring account.

While email and SMS are not necessarily the most secure forms of two-factor authentication out there, either is a sight better than what Ring had been mandating before, which was nothing. The ease with which bad actors were able to access huge numbers of Ring cameras, take control of them, and harass homeowners with them was in large part due to weak security on those Ring accounts.