E-commerce laws and their challenges in Pakistan

The regulation of e-commerce in Pakistan is still in its infancy, with government efforts to develop a framework for e-commerce activities only recently gaining momentum. The legal issues related to online transactions in Pakistan include consumer protection, dispute resolution, and intellectual property rights.

In recent years, the government has taken steps to address these legal issues by establishing the E-Commerce Policy Framework, which aims to provide a comprehensive framework for e-commerce activities in Pakistan. The framework includes provisions for consumer protection, dispute resolution, and intellectual property rights.

However, the lack of a dedicated e-commerce law, coupled with a lack of enforcement, continues to be a major challenge for the regulation of e-commerce in Pakistan. The government has also launched an e-commerce portal, which aims to provide a platform for e-commerce issues.

Online e-commerce in Pakistan is prone to various forms of fraud. This includes phishing scams where fraudsters send fake emails or messages pretending to be from legitimate e-commerce websites or banks to trick users into revealing sensitive information like passwords and credit card details. Another common fraud is the sale of counterfeit products, often at lower prices but of low quality. In addition, there are fake websites that are designed to look like legitimate e-commerce sites to trick users into entering personal and financial information or making purchases.

Payment fraud is another issue where fraudsters trick users into making payments through fake payment gateways or steal payment information during the transaction process. Shipping fraud is also prevalent where fraudsters trick users into paying for goods that are never delivered or are significantly different from what was advertised.

The regulation of e-commerce in Pakistan is still in its early stages and there are several legal issues related to online transactions that need to be addressed. Consumer protection, dispute resolution, and intellectual property rights are among the key areas that need to be addressed to foster the growth of e-commerce in Pakistan. The government has taken steps to address these issues, but more needs to be done in terms of enforcement and implementation of the laws and regulations.

To safeguard against online e-commerce frauds in Pakistan, it is advisable to only shop from reputable and trusted websites, to be cautious of suspicious emails and messages, to use secure payment methods like credit cards with fraud protection, and to keep records of all transactions.

To summarize, the legal framework in Pakistan for countering e-commerce fraud involves multiple laws and regulations. The Electronic Transactions Ordinance (ETO) of 2002 governs the use of electronic transactions in the country and provides a legal framework for e-commerce activities. It includes provisions for protecting personal data, safeguarding against hacking and unauthorized access, and preventing fraud.

Additionally, the Information Technology Act of 2000 provides a legal framework for the use of information technology in Pakistan and includes provisions for protecting electronic records, digital signatures, and intellectual property rights, as well as measures to prevent cybercrime and fraud.

The Consumer Protection Act of 2019 protects consumers against fraud and other forms of exploitation in e-commerce transactions. The Federal Investigation Agency (FIA) Cyber Crime Wing is the government agency responsible for investigating and prosecuting cybercrime, including e-commerce fraud, in Pakistan. These laws and regulations are enforced by various government agencies and individuals, and businesses need to report any incidents of e-commerce fraud and follow best practices for protection.

The e-commerce consumer court in Pakistan is a specialized forum established to address disputes between consumers and e-commerce businesses. The court was created in order to provide consumers with a more accessible and efficient mechanism for resolving disputes, particularly in the rapidly growing online shopping industry.

The court hears cases related to issues such as false advertising, product defects, delivery problems, and payment disputes. Consumers can file a complaint with the court, which is then reviewed by a judge who will make a ruling based on the evidence presented. The court has the power to order the e-commerce business to rectify the situation, compensate the consumer, or take other necessary actions to resolve the dispute. The decision of the court is binding on the parties involved and enforceable through the courts.

Overall, the e-commerce consumer court in Pakistan serves as an important tool for protecting the rights of consumers and promoting fairness and transparency in the online shopping industry. It provides a quick, cost-effective and accessible means for resolving disputes, and helps to build trust between consumers and e-commerce businesses.

The implementation of the aforementioned laws has been slow, and enforcement remains a challenge. Dispute resolution in e-commerce is another important aspect of the regulatory framework.  Intellectual property rights in e-commerce are also a concern in Pakistan. The Copyright Ordinance 1962 and the Trademarks Ordinance 2001 provide a framework for the protection of intellectual property rights in e-commerce. However, the enforcement of these laws remains a challenge.

Pakistan’s legal and regulatory framework for e-commerce is still in the process of development, and there are currently no specific laws governing the sale of goods and services over the internet. Additionally, the lack of a robust infrastructure for online payments and the limited availability of secure shipping options make it difficult for e-commerce businesses to operate in Pakistan. Furthermore, the country’s weak intellectual property laws also pose a challenge for e-commerce businesses, as they are not well-equipped to protect against intellectual property infringement.

The regulation of e-commerce in Pakistan is still in its early stages and there are several legal issues related to online transactions that need to be addressed. Consumer protection, dispute resolution, and intellectual property rights are among the key areas that need to be addressed to foster the growth of e-commerce in Pakistan. The government has taken steps to address these issues, but more needs to be done in terms of enforcement and implementation of the laws and regulations.

Source link

Hidden menace: Scammers have found ways that QR codes can be used to trick victims into sharing personal information and bank details

Never even heard of QR jacking? It’s a cynical new ruse to steal YOUR cash

The UK is set for an unwelcome barrage of new scams as fraudsters exploit QR code technology to steal from unsuspecting victims. The codes are the latest weapon in scammers’ armoury and are being used in a growing number of pernicious ways, fraud experts warn.

QR – or ‘Quick Response’ – codes are small, jumbled boxes of black and white squares, which operate much like a barcode. When used legitimately, they can be very useful. You simply point the camera on your smartphone at a QR code (such as those in your Mail on Sunday) and it directs you to a website automatically without you having to tap the details into your browser.

The use of QR codes has grown since the pandemic, when they became a popular way for smartphone users to share contact information and vaccination status with restaurants and other venues.

But scammers have found ways that QR codes can be used to trick victims into sharing personal information and bank details.

Nick Hunn, a strategist at the technology company WiFore Wireless Consulting, says: ‘Criminals love QR codes as, for the moment, people have confidence in them. Also, because they are new and hard to fathom, people assume they are safe.

Hidden menace: Scammers have found ways that QR codes can be used to trick victims into sharing personal information and bank details

Hidden menace: Scammers have found ways that QR codes can be used to trick victims into sharing personal information and bank details

‘But accessing a QR code is like clicking on an unsolicited email attachment – and you could be opening a can of worms. They should be treated with caution.’

QR code scams operate in a number of ways. Here are some to watch out for:


This is when fraudsters stick a fake QR code over a genuine one to snare unsuspecting victims.

For example, a fake QR code can be put on a parking meter, electric charging point or even on a restaurant menu. The unsuspecting victim uses the code to access what is presumed to be a genuine website to pay for parking, car charging or for a meal.

However, although the website may look authentic, it has been set up by scammers. When the victim enters their bank details to make a payment, this information is quickly siphoned off by the scammer and used to steal money from the victim’s bank account.

Alternatively, the scammer may use this personal information to trick the victim at a later date. They may phone and pretend to be from their bank – and knowing the victim’s personal information gives their story an air of legitimacy.

Some motorists on the Isle of Wight fell prey to this crime last year when a fake QR code was stuck on parking meters in a council car park. The code sent car owners to a fake website that asked them to tap in their details to pay for the parking spot. Payments were then siphoned off by crooks.

It is hard to discern a fake QR code from a real one, which is a key reason why people are especially vulnerable.

But Stephen Burke, product director at the cyber security company Titan HQ, believes a careful look at the placing of the code offers clues as to whether it might be a fraud.

He says: ‘Always take a close look at any QR code to see if there are signs it has been plastered over a genuine one, perhaps on different paper or is peeling off.’ Always scrutinise websites accessed by a QR code before entering personal information. Look out for signs it may be a fake, such as bad graphics or misspelling. Only click on websites that have an ‘https’ as the beginning of the address as this means it is more likely to be safe from hacking. If in doubt, shut the webpage accessed by the QR code and look up the website directly by typing the correct web address into your browser.


This is when a scammer sends an email containing a QR code purporting to be from a genuine organisation such as a high street bank, the taxman or from an online retailer such as Amazon. The crook has made up a story to encourage you to use the QR code. For example, they could claim that you can use the code to enter a competition, take advantage of a special offer or buy a product. But when the victim uses the QR code, it takes them to a bogus website where any personal information they input can be harvested by the fraudster.

Burke says one of the most common versions doing the rounds is scammers sending emails pretending to be from a bank and claiming that they are updating their security process.

Burke says: ‘Fraudsters explain that the bank is doing away with their current security system such as two-factor authentication – and upgrading to use QR codes instead.’

The QR code takes the victim to a website where they are asked to input the security codes or password used to access their online banking to set up the new security system. The crook then uses this information to log on to the bank account and steal savings.

Burke adds: ‘Everyone finds authentication codes and remembering different passwords a headache – so it is easy to fall for the scam as it not only sounds believable but makes logging in easier and more appealing.’


Warning: Security expert Stephen Burke

Warning: Security expert Stephen Burke

Parcel delivery firms increasingly use QR codes to interact with their customers – a trend that is being exploited by scammers.

For example, if you miss a parcel delivery, genuine firms will often put a note through your letterbox containing a QR code to scan to reschedule the delivery.

But scammers can also mock up fake notes containing QR codes that lead to bogus websites.

The fake website may be used to harvest private data or charge a fake ‘shipping fee’.

Zulfikar Ramzan, chief scientist at cyber security firm Aura Labs, explains that thieves might even send a gift in the post, purporting to be from Amazon or another online shop. The parcel will contain a QR code, which claims to offer information about how to return it or find out more information.

‘Scan it and you will be directed to a website that tries to capture your personal information,’ he says.

‘Never scan links if you are unsure where they have come from and, instead, visit the genuine company’s website.’


Criminals have also developed a way to use QR codes to download malware software on to your computer or smartphone.

Malware is like a computer virus, which, when installed on your device, can be used to plunder your personal information.

Be careful when downloading a QR code app if it asks you to install a software ‘update’ after scanning. If you are in any doubt about its legitimacy, refuse installation and shut down any web pages the QR code has opened.

I was scammed by fake code at a charging point 

Tony Fuller was targeted by QR code crooks when he tried to pay to charge up his electric car at a charging point in Camden, North London.

The retired teacher, of Winsham in Somerset, says: ‘I drove to visit my son in London and found a charging point just 50 metres from his flat, which seemed very handy.

‘The instructions on the charging point screen told me to ‘scan the QR code below’. There was nothing suspicious-looking about it. When I scanned the code, the charging company’s logo came up along with a payment screen.

Shock: Tony Fuller's account had been hacked by crooks

Shock: Tony Fuller’s account had been hacked by crooks

‘But when I entered my bank details to pay, the whole system simply froze.’ Tony said that he was not suspicious but simply abandoned his attempt to pay using the QR code link and, instead, logged into the charging company’s website directly.

He says: ‘It was only when I checked my bank account that I discovered a couple of small payments had been taken out – but with no reference to what they were for.

‘I told my bank immediately to cancel any further payments as I fear crooks were testing the water to see if they could access my account before taking larger amounts.’


Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.

Source link

Tiana’s Bayou Adventure Attraction Queue Story

Disney has revealed new storyline details for Tiana’s Bayou Adventure, the reimagined Splash Mountain at Magic Kingdom and Disneyland. This shares all of the details, ‘company’ concept art, and commentary about the backstory of the attraction and Imagineering’s use of storytelling.

As previously shared, the reimagined ride will be named Tiana’s Bayou Adventure, and will bring guests into the world of Walt Disney Animation Studios’ film The Princess and the Frog. According to the company, Tiana’s Bayou Adventure will open at Magic Kingdom in Walt Disney World and Disneyland in California in late 2024.

During the D23 Expo in Anaheim last year, Walt Disney Imagineering shared more details about the reimagined ride, including a model showcasing how Splash Mountain would be transformed. See our Photos & Video of the Tiana’s Bayou Adventure Model, which offers a comprehensive look at the new exterior, queue, and on-ride details that’ll be added to the attraction as it becomes Tiana’s Bayou Adventure. (Note: that is specifically the Disneyland version of Splash Mountain. Minor changes, like the queue and log ride vehicles, are expected to differ.)

The latest backstory that Walt Disney Imagineering has shared concerns the queue for Tiana’s Bayou Adventure. At a young age, Tiana developed a deep passion for cooking, and began to dream of one day owning her own business. Her father, James, taught her that good food brings folks together. During Tiana’s Bayou Adventure, we’re going to see where life has taken her following the success of Tiana’s Palace, a restaurant she had dreamed of owning and worked hard to accomplish.

Walt Disney Imagineering is creating an original, next chapter story for Tiana. Within the queue, guests will discover that she continues to grow her business with Tiana’s Foods, which is an employee-owned cooperative. Combining her talents with those of the local community, Tiana has transformed an aging salt mine and built a beloved brand.

The endeavor began when Tiana purchased the salt mine and the area surrounding the large salt dome from which it operated. With the help of her mother Eudora, Naveen, Louis, and fellow owners of the cooperative, Tiana revived the old salt mine and the surrounding land. In so doing, she grew a wide array of vegetables, herbs, and spices for her recipes.

This elaborate enterprise has turned the aging salt mine into a space that has come alive. Complete with a boutique farm and both a working and teaching kitchen, Tiana’s Foods is where Tiana and her colleagues create all sorts of new products that they are bringing to the world, including a line of original hot sauces.

Tiana wants to give a big thanks to her family and friends and the entire community for all the support they’ve given her by throwing an amazing party during Mardi Gras season. When it turns out there’s been a bit of a mix-up with the party preparations, Tiana invites us to meet her at Tiana’s Foods to help with the missing ingredient for the party.

When we arrive, we may see that Tiana spruced up the company’s facilities with vibrant art from local artists. Food for the party is being prepared and beignets are being loaded into crates for the celebration. All kinds of preparations are underway for the journey into the bayou with Tiana, along with new and familiar friends from the animated film.

Tiana’s Bayou Adventure picks up where the movie’s story left off. Tiana continues bringing people together with Tiana’s Foods, another treasured meeting place to spend time together and celebrate a diverse community. Tiana is also working with cooperative members to teach gardening and cooking to children of all ages, and inspiring other women to run successful businesses as the brand grows nationwide.

With the Tiana’s Foods backstory of the reimagined ride established, let’s turn to commentary offering our thoughts on how this sets the table for Tiana’s Bayou Adventure, plus various ranting about the obsession with story and so forth…

Our Commentary

I have a love-hate relationship with backstory. I love that Imagineering writes extensively to inform their storytelling, and you can find pages upon pages of internal lore and information about attractions old and new. Based on what I’ve seen, this phenomenon began during the Eisner era–you can find backstory for Pleasure Island, Typhoon Lagoon, and other additions from the late 1980s and early 1990s.

Although fans might think otherwise, Imagineering’s obsession with story is not a new thing. Fans simply have greater access to it, and usually before ever experiencing the attraction, because it’s used as marketing in the lead-up to new rides debuting. Perhaps WDI is employing more show writers as a result; I don’t know. It’s still nothing new.

When backstory becomes something for guests to stumble upon in queues, throughout lands, and elsewhere, it can be a great enhancement to the experience. At its best, backstory informs what’s already there, providing added texture and richness to what could be readily understood by context cues, visuals, etc. This type of backstory is basically icing on a cake that tastes pretty great without icing–meaning that it wasn’t necessary to begin with.

I hate backstory when it’s necessary to explain away deficiencies, and engages in storytelling that would come as a surprise to the average visitor. If the backstory causes a reevaluation of the ride or land, it’s not good–it’s bad. That means the thing itself cannot stand on its own, or is at odds with its backstory.

The infamous example of this is Dino-Rama, with its “lipstick on a pig” backstory. As I’ve ranted dozens of times, that land is not good, it’s a dumpster fire. Some fans just love it because they are part of the in-group that supposedly “gets” Dino-Rama and why it’s “actually” good. (It is not.)

This is something I cover at length in Tom’s Top 7: Backstories at Walt Disney World. I won’t belabor the point here–if you’re interested in good and bad backstory at Walt Disney World, that article covers it.

At this point, the backstory for Tiana’s Bayou Adventure could go either way. I don’t read the above details about Tiana’s Foods and think, “this is brilliant, I cannot wait to see how the story is resolved!” The thing is, I’m totally fine with that. Splash Mountain had/has a very long queue, and I think the case could be made that although beautiful, it passed up stage-setting opportunities that could’ve enhanced the attraction. (Not that it needed to do this–it was a classic attraction, regardless.)

One of the things I loved about Splash Mountain was all of the critters, totally unrelated to the story being told, that inhabited Chickapin Hill. Why were they there? What was their deal? They were not just anonymous animals that spontaneously gathered to watch Brer Rabbit’s attempt kidnapping.

In fact, the alligator band–The Swamp Boys–had a concert poster in the queue. It would’ve been great to know more about these critters, even if wholly immaterial to the attraction itself. While wholly unnecessary, it would’ve been added color, world-building details for the eager fan. (I also vividly recall inspecting all of the birdhouses as a kid, wondering who/what lived inside.)

I can’t say the Tiana’s Foods backstory does much for me. To the contrary, I actively dislike it and wish it were something different that actually “hooked” me. However, I’ve also learned not to criticize backstory prematurely. In this internet era, fans are thirsty for a constant trickle of information, and Disney largely obliges us. In the 1980s and 1990s, backstory leaked out after the fact, and was judged against the finished attraction, land, etc. Now, it comes out ahead of time and is judged on its own.

My big lesson about prematurely judging backstory came via the recent reimagining of Jungle Cruise. I’ll admit that I rolled my eyes at a lot of the backstory for that, and I was frankly concerned that Imagineering was getting way too heavy-handed with story for the sake of story on a ride that really didn’t need it. My fear was that it would bog down the attraction, overwhelm guests, and come across as contrived. There was just so much story in the lead-up to the reimagining.

The end result with Jungle Cruise was very different from that. Those backstory details are peppered around the queue, and there for the discovery of guests. That’s an asset, as it gives guests something to engage in that previously basic and sometimes very long standby line. You can uncover nuggets of information that illuminate and connect to other adventurous experiences, but are not the least bit necessary to enjoying the attraction.

As for the ride itself, the big change to Jungle Cruise is that they added a plethora of primates. It might as well be called Jungle Cruise: Monkey Madness. I’m sorry, but if you dislike that, you’re distinctly unpatriotic. Monkeys doing ape antics are awesome, and that’s just a fact. For all of the hand-wringing about changing Jungle Cruise, the end result is basically just that–more monkeys. Other stuff did change for ‘contemporary audiences,’ but the big discernible thing is the monkeys. It was a big win for lovers of simian shenanigans, which should be everyone.

With Tiana’s Bayou Adventure, the detail I’ve zeroed in on is the line that “there’s been a bit of a mix-up with the party preparations, Tiana invites us to meet her at Tiana’s Foods to help with the missing ingredient for the party.” I could be wrong, but this strikes me as an obvious MacGuffin. For those who aren’t fans of Alfred Hitchcock or Pulp Fiction (why not?), a MacGuffin is an seemingly-significant item that advances the plot and motivates the characters, but ends up being irrelevant or unimportant. Muppet Haunted Mansion also uses this device, cleverly calling it The Great MacGuffin.

In any case, “the missing ingredient” could be an ideal MacGuffin because it would allow Tiana and guests to encounter a bunch of different animals–the current critters in Splash Mountain, like The Swamp Boys, that were created for the attraction and are totally divorced from the source material–and sing or do whatever with them. Given the short turnaround time and concept we’ve already seen, I’ve already gone on record to say that I think a lot of what’s inside Splash Mountain is staying up, and I’m going to double down on that here.

We already know that Tiana’s Bayou Adventure will pick up the story of The Princess and the Frog after the final kiss, joining Tiana and Louis on a musical adventure as they prepare for their first-ever Mardi Gras performance. During this celebration, guests will hear original music inspired by songs from the film. Tiana is leading the way and guests will be able to encounter old friends and make new friends along the way as well.

Encountering “new friends” strongly suggests to me that at least some of the original characters from Splash Mountain will be making appearances. In order to make that work, the attraction necessarily needs to be set after the movie. Regrettably, The Swamp Boys were not featured in The Princess and the Frog.

Of course, that’s merely speculation on my part, and could be totally wrong. Even if it is, my perspective on this still stands–that the missing ingredient is most likely a MacGuffin. The Tiana’s Foods angle could be played up in the queue for the astute observer, but wholly immaterial to the ride itself.

Given the “musical adventure” preparing for Mardi Gras while encountering friends setup, that seems like a strong possibility. Otherwise, there is going to be a lot–too much–story being told throughout the ride. As much as Imagineering loves “story” these days, I don’t think they’ll make that mistake.

Many fans have wondered why Tiana’s Bayou Adventure isn’t simply revisiting the story of The Princess and the Frog, its villains and music. After all, that could make sense with the existing ‘pacing’ of Splash Mountain and its climactic lift hill. This is a fair point, and definitely seems like the less risky approach.

With that said, I vehemently (but respectfully) disagree with those of you who think that. I am very glad that Tiana’s Bayou Adventure is not simply a “book report” style attraction. Retelling the movie in CliffNotes fashion often falls flat, and makes the guest feel like passive observers rather than active participants.

This is something Imagineer Tony Baxter has ranted against for years, and you’ve probably heard his thoughts on it if you’ve heard him speak at a D23 event or on a podcast. If he’s truly an advisor on Tiana’s Bayou Adventure, I suspect he would’ve pushed hard against the reimagined ride doing that.

Personally, I will take the potential gamble of the “missing ingredient” narrative device and something fresh. This approach does have higher potential risk than simply retelling the movie, but it also has greater potential reward.

Ultimately, it’s interesting to hear details about Tiana’s Foods and how that’ll play out in the queue for Tiana’s Bayou Adventure. Even though the broad strokes of this story does absolutely nothing for me, it also doesn’t worry me. There’s a lot of backstory that I wouldn’t care for if only reading a synopsis, and yet, works well in its actual setting and for the purposes of establishing a backdrop or jumping off point for the attraction itself.

My hope is that this is the case with Tiana’s Foods. I’d personally prefer the queue become a Spinal Tap-style documentary about how Princess Tiana met The Swamp Boys, helped reinvent the group, and they all became the first female-led boy band. (The plot of the ride could be a caper about their disappeared drummer!)

That is, sadly, not what we are getting. The Tiana’s Foods setup not appealing to me at this point also doesn’t mean it’ll be poorly done or uninteresting. I’m in full ‘wait and see’ mode with Tiana’s Bayou Adventure. It’s a high stakes project, and both Imagineering and company executives undoubtedly understand this and are going to do everything in their power to ensure that the end result delivers.

Planning a Walt Disney World trip? Learn about hotels on our Walt Disney World Hotels Reviews page. For where to eat, read our Walt Disney World Restaurant Reviews. To save money on tickets or determine which type to buy, read our Tips for Saving Money on Walt Disney World Tickets post. Our What to Pack for Disney Trips post takes a unique look at clever items to take. For what to do and when to do it, our Walt Disney World Ride Guides will help. For comprehensive advice, the best place to start is our Walt Disney World Trip Planning Guide for everything you need to know!


Thoughts on the Tiana’s Foods backstory for the queue? Disappointed that the backstory isn’t a Spinal Tap-style documentary about The Swamp Boys and Tiana? Do you agree or disagree that the missing ingredient is likely a MacGuffin? How much of the current attraction (e.g. random musical critter AAs) are you expecting to appear in the reimagined version? Excited for Tiana’s Bayou Adventure? Expectations regarding the Splash Mountain reimagining timeline? Think they can finish it by late 2024? Keep the comments civil, as this is not the place for politically-charged arguing, culture wars, antagonism, personal attacks, or cheap shots. We will be heavy-handed in deleting any comments that cross the line, irrespective of viewpoint. You are not going to change anyone’s mind via the comments section on this blog, nor are you going to change Disney’s priorities. If you wish to shout your outrage into the internet abyss, that’s why Facebook was invented.

Source link

Massive Ransomware Campaign Targets VMware ESXi Servers

Vulnerability Patched in 2021 Still Haunts Admins at Over 300 Organizations

A massive automated ransomware campaign is targeting VMware ESXi hypervisors around the world, warns CERT-FR, the French government’s computer emergency readiness team that’s part of the National Cybersecurity Agency of France.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

The attack exploiting a heap-overflow vulnerability in VMware ESXi tracked as CVE-2021-21974 was patched in February 2021. The vulnerability affects the Service Location Protocol service and allows an attacker to remotely exploit arbitrary code.

VMware’s ESXi is a hypervisor, meaning it’s designed to run virtual machines. VMware first issued a warning and patch for the flaw in February 2021, saying it was discovered and reported by Mikhail Klyuchnikov of Moscow-based security firm Positive Technologies.

VMware designated the vulnerability as “critical,” meaning it could be used by attackers to remotely execute any code they wanted on a vulnerable system and take full control of it.

“On February 3, 2023, CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them. The systems currently targeted would be ESXi hypervisors in version 6.x and prior to 6.7,” according to CERT-FR.

A spokesperson for VMware tells Information Security Media Group that a ransomware variant dubbed ESXiArgs appears to be exploiting CVE-2021-21974, a two-year-old vulnerability for which patches were made available in VMware’s security advisory on February 23, 2021.

“Security hygiene is a key component of preventing ransomware attacks, and customers who are running versions of ESXi impacted by CVE-2021-21974 and have not yet applied the patch, should take action as directed in the advisory,” the spokesperson says.

CERT-FR recommends applying the workaround proposed by the VMware that suggests disabling the SLP service on ESXi hypervisors that have not been updated.

The agency also warns that applying patches only is not enough, as the attacker may have already exploited the vulnerability and dropped malicious code. VMware recommends performing a system scan to detect any signs of compromise.

French cloud computing and hosting giant OVH also released an advisory Friday and warned its users about the current wave of attacks targeting ESXi servers.

“No OVHcloud managed services are impacted by this attack; however, since a lot of customers are using this operating system on their own servers, we provide this post as a reference in support to help them in their remediation,” says Julien Levrard, chief information security officer at OVH.

Levrard says attacks are being detected globally with a focus on Europe, and he assumes the attackers are likely the operators behind Nevada ransomware strain.

On Saturday, a Shodan search showed that the spread is extensive and a total of at least 327 organization are affected, according to Darkfeed, a ransomware monitoring service provider platform.

“The most targeted system is from France on OVH cloud and Hetzner hosting. But they have hit other hosting and cloud companies around the world,” Darkfeed says on Twitter.

SingCERT, Singapore’s Computer Emergency Response Team on Saturday also released an advisory and warned users about the ongoing ransomware campaign.

“Users and administrators of affected product versions are advised to upgrade to the latest versions immediately. As a precaution, a full system scan should also be performed to detect any signs of compromise. Users and administrators are also advised to assess if the ransomware campaign-targeted port 427 can be disabled without disrupting operations,” the SingCERT advisory says.

This is a developing story and it will be further updated.

Source link

Fraud set to be upgraded as a threat to national security

Fraud is to be reclassified as a threat to national security under government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

The move came as the Government prepares to unveil its new fraud strategy this month following savage criticism of the police for ignoring its impact on victims

Calls for a swift response

Just one in 1,000 offences are solved, with constabularies devoting fewer than 2,000 officers, 0.8 per cent of the workforce, to investigating it in 2021.

The task of revamping the police response has been handed to Chief Superintendent Nik Adams, the commander co-ordinating economic and cyber crime at the City of London Police, the lead force for fraud in England and Wales.

In an interview with The Telegraph, he highlighted the devastating impact of the crime, citing data which show that fraud put the lives of at least 300 people a year at risk.

“This is a staggering figure,” he said. “The details of 300 people a year are passed urgently to their local police force to institute a sort of equivalent to a 999 safeguarding response because somebody is at such crisis point, they’re potentially a risk of suicide and self-harm, as a result of that criminality.” 

Possible revamp of Action Fraud

A central part of the revamp will be an overhaul of Action Fraud, the much-criticised body based at City of London Police. Ministers and policing chiefs are still debating whether its reputation is so battered that it needs to be renamed.

Ch Supt Adams admitted that the current technology “doesn’t do what we want it to do”, with too much intelligence analysis of complex scams still done manually and taking longer than officers wanted.

As part of a £30 million government cash injection, a new artificial intelligence computer system is being built to act as a “super brain” to analyse and “join the dots” on all fraud in the UK to identify the criminals behind it. It is expected to be launched next year.

Ch Supt Adams said: “There is huge investment going into a new action fraud system to take on board calls and crimes. An immense investment into the analytical capability that sits behind that and an immense investment into the victim care service that has been built over a number of years now.” 

He said that fraud scams were now so sophisticated and global that a victim could, for example, believe they were being conned by a US soldier, when in fact it was a criminal acting out of Ghana.

“We hope the technology will be better at scraping all that digital information to join the dots, recognise patterns and therefore prioritise certain investigations in a more streamlined, effective way in future,” he said.

‘Economic crime teams’ set up

All fraud will be reported to Action Fraud or its rebranded version, which will help determine whether it is so big and serious that the investigation should be led by the National Crime Agency, new reinforced regional police teams or local forces.

Ten regional fraud squads, known as “economic crime teams”, have been set up with 96 of the 118 officers recruited so far. They replicate the structure of the 10 regional organised crime units.

“We’ll get the most serious and complex cases managed at a regional level, whilst also doing all of that work to support local police force economic crime teams to make sure that they’re equipped and capable of delivering local investigations,” said Ch Supt Adams.

He said that already, even with the current system, 90 per cent of all fraud investigations were completed within two years, cutting the time victims had to wait for justice from “five, seven, 10 years”.

Ch Supt Adams said that improved banking technology now spotted 65 per cent of unauthorised payment scams, but this had led to an “exponential” rise in more sophisticated grooming frauds.

This saw criminals harvesting personal data over weeks or months, which provided them with the “perceived legitimacy” to inveigle their way into people’s lives.

“Our effort needs to be in dismantling those sorts of elaborate operations and investing immense amounts in the sorts of campaigns to raise awareness of victims about how that manipulation might manifest itself,” he said.

Criminals diversifying into fraud

Ch Supt Adams added that criminals were increasingly diversifying into fraud because of higher risks from traditional crimes such as burglary. 

“Why would you now, as a criminal, go out at four o’clock in the morning and try and break into somebody’s house whilst they’re sleeping, with all of the forensic risks and opportunities and the minimal gain that you get from each individual crime?

“Why would you engage in that sort of activity when you can go onto a web platform and buy a tool that allows you to send out hundreds of phishing text messages to people

“You only need a few people to respond to those through that technology in order to give you the opportunities to make a significant amount of money.”

Source link

Daniel R Deakin

GeForce RTX 4090 hits Steam’s latest hardware survey hard as Radeon RX 7000 series yet to register an entry

As always, Nvidia completely dominates the PC video card usage chart that is produced in Steam’s monthly hardware and software survey. For January 2023, Team Green has apparently secured 75.03% of user share, leaving just 15.31% for AMD and 9.42% for Intel. Nvidia also holds a powerful grip over the overall graphics card percentage use table and the percentage monthly change table, with the pricey GeForce RTX 4090 providing the company with yet another strong entry.

In its first appearance in the Steam survey, the GeForce RTX 4090 managed to gain +0.24% of user share, enough to put it into second place in the monthly mover chart. Only the GeForce RTX 3060 Laptop GPU enjoyed higher take-up for the month, with +0.44%. In contrast, the highest discrete part from Team Red listed here (not including the “AMD Radeon Graphics” entries) was the Radeon RX 6700 XT that attracted just +0.06% of the survey base.

The RTX 4090 was released in October 2022 at a recommended retail price of US$1,599, but it wasn’t long before prices started increasing as gamers wanted to get their hands on one of the most powerful graphics cards available. Unsurprisingly, there is no space for the RTX 4080 card in the chart, with consumers turning away from a product that was priced at US$1,199 but seemingly didn’t offer the performance that justified the price. Meanwhile, AMD’s Radeon RX 7000 series boards are nowhere to be seen.

However, this should not be seen as a flop for Team Red just yet, as the Radeon RX 7900 XT and Radeon RX 7900 XTX were only launched in mid-December. However, just as the GeForce RTX 40 series has had its issues (melting 12VHPWR cables), it appears the Radeon RX 7000 series also has some teething problems, with AMD’s own reference boards producing throttling-inducing temperatures and being overly noisy to boot. The Nvidia GeForce GTX 1650 remains the overall chart champion with user share of 6.27% in January.

Buy the MSI Gaming GeForce RTX 4090 card on Amazon

Source link

Here’s why Santa Ana Councilmembers Lopez and Phan should be recalled – Orange County Register

A recent Orange County Register editorial criticized the proposed recall of Santa Ana City Council members Jessie Lopez and Thai Phan, wrongly painting it as simply a political grudge by the Santa Ana Police Officers Association and their President Gerry Serrano. This is untrue, and as chair of the recall campaign, I’d like to spell out the numerous reasons Santa Ana voters should recall Phan and Lopez.

We are seeking to recall Lopez and Phan for their part in advancing extreme policies that harmful to our neighborhoods and undermine the strides Santa Ana has been making in improving our quality of life. Their palpable hostility to law enforcement is one aspect of their destructive record — but there is more.

Lopez and Phan provided the votes to enact a badly crafted rent control ordinance that goes far beyond existing state law. It is the most radical city rent control measure in California.

This measure is  like a neon sign to housing providers warning them not to invest in Santa Ana and building more affordable housing. Data and studies have proven over and over that in reality, rent control ultimately leads to higher rents, disinvestment in rental housing stock and higher levels of crime.

They also passed an ordinance making it far more difficult to evict tenants who not only refuse to pay their rent, but whose behavior intimidates other tenants and creates a dangerous living environment for working families.

Lopez and Phan voted to triple building fees and mandate higher labor costs, driving up the cost of building housing in Santa Ana by as much as 40%. That is a recipe for less affordable housing for Santa Ana families.

Their hostility to enterprise is matched by hostility toward policing that threatens to undo hard-won gains in the fight against crime. For example, they voted to repeal to city’s 30-year old ban on street cruising, impeding our police department’s ability to combat the associated criminal activity. Lopez and Phan opposed an ordinance to cite the spectators who throng to and encourage street take-overs and street racing. They want to stop our police from enforcing “minor” offense. Turning a blind eye to “minor” law breaking encourages greater law breaking.

Public safety is one of residents’ top concerns. Lopez and Phan pay lip service to putting more cops on the street but then fail to support the funding necessary to make it happen. They falsely claim the SAPOA opposes a Police Oversight Commission. This is nonsense. Last year, every SAPOA-supported council candidate endorsed creating such a body. But law-abiding residents oppose creating an oversight commission that is really a Trojan horse that Lopez’s and Phan’s supporters can use to undermine and harass our police force.

Source link

What happened to Hunter Moore’s ‘Is Anyone Up’? Revenge porn czar banned on social media sites

LOS ANGELES, CALIFORNIA: Last year, Netflix released a documentary, titled ‘The Most Hated Man on the Internet‘, narrating the story of how Hunter Moore, who described himself as a “professional life ruiner”, and his website, “Is Anyone Up?”, was brought down. The “revenge porn” website created in 2010 ran successfully for two years, helping Moore earn thousands of dollars every month and victimizing over 40 people before it was finally brought down.


The 2022 Netflix documentary borrows its title from a Rolling Stone article that described Moore as the most hated man on the internet. It follows the story of how the mother of one of Moore’s website’s victims took it upon herself to fight and bring down the internet’s most hated man, who had managed to ruin several lives using loopholes in the legal framework, claiming that his website was protected by the same laws as Facebook was. 


Where is Gary Glitter now? Pedo pop star could be living near 10 schools and housing estate with busy playgrounds

What happened to Tiwana Turner? High school teacher hospitalized after brutal attack by student

What happened to Hunter Moore’s website, ‘Is Anyone Up’?

Hunter Moore was arguably the man who gave birth to the practice of revenge porn, through his website, IsAnyoneUp.com. Even though the practice of leaking nude and sexually explicit images of people by their exes as revenge had existed in the past, it scaled up in popularity after 2010. “Revenge porn” was the business model Moore’s website followed — anyone could upload explicit content of someone else without their consent and to make matters worse for the victims, more often than not, their details were shared along with their nude videos or pictures, linking their other social media handles to it. 


The ridicule and humiliation that the victims faced due to the website’s content only boosted Moore’s morale, it was as if he was enjoying a sadistic pursuit while earning thousands of dollars off of it. As per The Rolling Stone article that gave him the name “the most hated man on the internet”, Moore responded to cease-and-desist letters with a simple “LOL.” He had been permanently banned from Facebook, received death threats, got stabbed by a ballpoint pen, was blocked by PayPal, and even targeted by hacker group Anonymous; however, claiming that his site was protected by the Communications Decency Act of 1996, just like Facebook, Moore continued his site. The 1996 act did not allow websites to be held accountable for user­-submitted content.

However, his notoriety came to an end in less than two years, after his desire to expand his site’s content reach led him to hack, and the FBI took matters into their own hands. The mother of one of Moore’s victims, Charlotte Laws, conducted a two-year-long investigation compiling evidence from over 40 victims and gave it to the FBI. In 2012, he, along with a hacker named Charles Evens, came under the federal agency’s radar, and the same year, Moore sold his website to Bullyville.com, an anti-bullying group run by former Marine James McGibney. All pornographic material has been removed from the website and users visiting it are redirected to Bullyville.com.


Where is Hunter Moore now?    

After being arrested by the FBI, Moore was indicted in a federal court in California on January 23, 2014, on charges of conspiracy, unauthorized access to a protected computer, and aggravated identity theft, as reported by Esquire. He was forced to dismantle the archives he owned for his website’s database. On February 18, 2015, Moore entered a guilty plea with the Central District of California U.S. Attorney’s Office, admitting to aggravated identity theft and aiding and abetting in the unauthorized access of a computer. 

On December 2, 2015, Moore was sentenced to two and a half years in federal prison, followed by three years of supervised release. He was released on May 2017 and lives a quiet life outside the public eye. Moore has also been permanently banned from every social media platform. 

Source link


Big Tech companies to cut costs after $77 billion in profits evaporate | Economy and Business

Mark Zuckerberg has called 2023 “the year of efficiency.” The founder and CEO of Meta is not alone. This week’s earnings calls and analyst conferences for the five largest US tech companies were filled with talk of austerity and cost-cutting. These are not companies that are doing poorly – Microsoft, Alphabet (Google), Meta (Facebook) and Amazon earned a combined $243 billion in 2022. However, that figure is 24% lower than in 2021. From one year to the next, $77 billion in profits evaporated.

Every one of these companies except Apple has resorted to massive job cuts. The other four companies have announced 51,000 layoffs after a hiring binge in previous years. In addition, companies are cutting back on investments, rationalizing office space, canceling unprofitable projects, and more.

The earnings season has served up a steady stream of bad news. Meta experienced its first annual decline in sales in 2022. Amazon, which had not lost money since 2014, returned to the red after years of relentless profit growth. Alphabet saw its advertising revenue decline for the second time in its history (the first was early in the Covid-19 pandemic). Apple had supply problems due to Chinese factory shutdowns, ending its record profit streak. Microsoft’s profit dropped after growing at the slowest pace since 2016 in the latter half of 2022.

All have taken a big hit due to the strong dollar. These are global companies operating worldwide, and a large part of their revenues and profits come from abroad. With an appreciating US currency, earnings in other currencies are translated into fewer dollars, the currency in which they report their financial statements.

For Big Tech, costs have been rising faster than revenues. Uncertainty about the global economy, which is expected to grow more slowly in 2023, and a potential recession in the United States due to the Federal Reserve’s interest rate hikes are threatening revenue growth. It’s time to tighten belts.

Meta Platforms was the first of the big five to announce massive layoffs and implemented the largest proportionate workforce reduction (11,000 employees, 13% of its workforce). But Meta also had the most convincing austerity message for investors. On February 2, its share price jumped 23% on the stock market after it announced a buyback plan and lowered its 2023 cost forecast by $5 billion and its investment forecast by $4 billion.

After two years of record earnings, the company ended 2022 with a 1% drop in revenue and a 41% drop in profit, to $23.2 billion. Meta has been hurt by erosion in the digital advertising market, stricter privacy rules imposed by Apple, and competition from TikTok. Moreover, its big bet on the metaverse has produced billions in losses and accounting provisions for restructuring costs.

Alphabet, the owner of Google, had four consecutive years of record profits, peaking at $76 billion in 2021. In 2022, its earnings dropped by 21%, although revenues increased by nearly 10% to a new high of $282 billion. In the latter half of 2022, Alphabet suffered from a decline in advertising revenue and a sharp slowdown in growth, in addition to foreign exchange impacts.

CEO Sundar Pichai and CFO Ruth Porat mentioned Alphabet’s revised “cost structure” when they presented Alphabet’s 2022 results. The company has announced 12,000 layoffs for 2023, equivalent to 6% of its 190,000 employees, after hiring 33,734 people in 2022 and 71,000 over the past three years.

Amazon’s first losing year in almost a decade was primarily due to its 17% stake in electric car maker Rivian, which has recently plummeted in value. The company posted a loss of $12.7 billion in 2022 after four consecutive years of record profits and earnings of $11.8 billion in 2021. But the e-commerce giant is facing other problems as well. Operating income is falling due to losses abroad and the lower profitability of the US market. Amazon Web Services, its profitable cloud computing division, has also started to slow down. The company has significantly reduced its workforce over the past year, beyond the 18,000 layoffs it announced.

Microsoft and Apple were the best at protecting their bottom lines, although they have not gone unscathed by the industry’s troubles. Microsoft regained its position as the second-largest US company in terms of profits after being surpassed by Alphabet in 2021. Still, it posted earnings of $67.45 billion in 2022, 5% less than the previous year. The decline is mainly due to the strength of the dollar and layoff severance payments for 10,000 employees, about 5% of the workforce. However, its profit decline accelerated in the second half of calendar year 2022 (the first half of the 2022 fiscal year) due to slowing revenue growth.

Apple remains the undisputed Big Tech profit leader but weakened as the year progressed, suffering its first revenue decline in three and a half years during the last quarter of 2022 (the first quarter of its new fiscal year). Strict Covid-19 restrictions in China weighed down Apple’s sales when the company couldn’t get enough of its flagship product, the iPhone, to customers during the holiday season. This caused a 5% drop in Apple’s revenue to $117 billion and a 13.4% drop in profit to $29.9 billion during the crucial final quarter of 2022. Due to this setback, Apple’s 2022 revenue grew by only 2.4%, and its profit fell by 5%.

For the first time in at least a decade, all five major US tech companies experienced profit declines in 2022, primarily because of strategy shifts and operational miscues. But 2022 may also signal the end of a golden era of revenue and earnings growth for the entire industry.

Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition

Source link