Binance forced to briefly halt transactions following $100 million blockchain hack

Binance temporarily suspended fund transfers and other transactions on Thursday night after it discovered an exploit on its Smart Chain (BSC) blockchain network. Early reports said hackers stole cryptocurrency equivalent to more than $500 million, but Binance chief executive Changpeng Zhao said that the company estimates the breach’s impact to be between $100 million and $110 million. A total of $7M had already been frozen.

The cryptocurrency exchange also assured users on Reddit that their funds are safe. As Zhao explained, an exploit on the BSC Token Hub cross-chain bridge, which enables the transfer of cryptocurrency and digital assets like NFTs from one blockchain to another, “resulted in extra BNB” or Binance Coin. That could mean the bad actors minted new BNBs and then moved an equivalent of around $100 million off the blockchain instead of stealing people’s actual funds. According to Bleeping Computer, the hacker quickly spread the stolen cryptocurrency in attempts of converting it to other assets, but it’s unclear if they had succeeded. 

Zhao said the issue has been contained. The Smart Chain network has also started running again — with fixes to stop hackers from getting in — so users might be able to resume their transactions soon. Cross-chain bridge hacks have become a top security risk recently, and this incident is but one of many. Blockchain analyst firm Chainalysis reported back in August that an estimated total of $2 billion in cryptocurrency was stolen across 13 cross-chain bridge hacks. Approximately 69 percent of that amount had been stolen this year alone. 

FCC will start kicking voice providers out of its robocall database

Telecoms slow to adopt anti-robocall measures could soon face stiff punishment in the US. The Federal Communications Commission (FCC) now plans to remove seven voice service providers from its Robocall Mitigation Database for failing to comply with required anti-spam efforts, such as implementing STIR/SHAKEN call authentication to prevent spoofing. The companies have 14 days to “show cause” why they shouldn’t be removed. If they don’t, all their customers will be blocked from making calls. Effectively, their voice businesses are finished.

The companies include Akabis, Cloud4, Global UC, Horizon Technology, Morse Communications, Sharon Telephone and SW Arkansas. In all cases, the companies failed to share their anti-robocall plans even after the FCC warned them about violations. The FCC noted that STIR/SHAKEN is necessary for any provider with an IP-based network, and those without IP still have to show that they’re mitigating illegal robocalls.

The FCC required that all carriers use STIR/SHAKEN by the end of June 2021. Major carriers like AT&T and Verizon (Engadget’s former owner) were quick to adopt the technology. Small providers received extensions, but only so long as they detailed how they’d limit robocalls.

Removals aren’t likely to significantly stem the tide of spam calls. However, the FCC’s move (along with a campaign from state attorneys general) could discourage telecoms that either skimp on anti-robocall defenses or knowingly profit from scammers and telemarketers.

ABC, ESPN and other Disney networks go dark on Dish and Sling TV

Disney-owned channels including local ABC stations, ESPN, FX and 17 others are no longer available on Dish Network and Sling TV. Dish says Disney wanted almost $1 billion more to extend their carriage contract, which expired at 3AM ET on October 1st. As a result, Dish had to remove Disney’s channels from both platforms for the time being. As is usually the case in these situations, both sides are blaming each other for the blackout.

Dish claimed it offered Disney a contract extension, but said the latter rejected the proposal and walked away from the negotiating table. “We were not able to reach a mutual renewal agreement with Disney and without a contract in place we are legally required to remove their channels from our service,” Dish said in a statement.

Dish has accused Disney of holding “viewers hostage for negotiation leverage.” It claimed that Disney wanted Dish to insert ESPN and ESPN2 into packages that don’t currently include sports channels. In addition, it said Disney wanted to upend a policy that allows Dish subscribers to remove local channels and save money. “Now Disney wants to take this away by forcing most Dish customers in their ABC markets to pay for local channels,” Dish said.

On the flip side, Disney claimed it didn’t receive a fair offer to keep the likes of ESPN and National Geographic on Dish and Sling TV. “After months of negotiating in good faith, Dish has declined to reach a fair, market-based agreement with us for continued distribution of our networks,” Disney told Variety in a statement. “The rates and terms we are seeking reflect the marketplace and have been the foundation for numerous successful deals with pay-TV providers of all types and sizes across the country. We’re committed to reaching a fair resolution, and we urge Dish to work with us in order to minimize the disruption to their customers.”

The Disney networks that Dish had to remove from its platforms are ESPN, ESPN2, ESPNU, ESPNews, ESPN Deportes, Disney Channel, Disney Jr., Disney XD, Freeform, FX, FXX, FXM, National Geographic, Nat Geo Wild, Nat Geo Mundo, ACC Network, SEC Network, Longhorn Network and Baby TV. Dish also had to jettison local ABC stations in Chicago; Fresno, California; Houston; Los Angeles; New York City; Philadelphia; Raleigh, North Carolina; and San Francisco.

This is the second time in the space of a year that Disney’s channels have gone dark on a major live TV streaming service. YouTube TV lost access to them last December over a carriage fee dispute with Disney. The standoff didn’t last long, however, as the likes of ESPN and local ABC channels returned the next day.

Dish has also had battles with other media giants. HBO and Cinemax vanished from Dish and Sling TV in 2018. The channels, and HBO Max, became available on Dish again last year after it reached an agreement with WarnerMedia, which is now part of Warner Bros. Discovery. However, the channels and HBO Max still aren’t available on Sling TV.

Here are the new features Amazon is adding to Alexa

While new gadgets tend to dominate Amazon’s annual Devices and Services Event, the company still has a few upgrades planned for its ubiquitous digital assistant. So here are all the fresh features and skills Amazon is planning to add to Alexa. 

For people trying to shop for a new outfit, the Echo Show is getting an AI-based skill that allows it to more easily search for clothes using a customer’s references or specific characteristics. For example, Amazon says you can ask things like “Alexa, show me the one-shoulder top.” Amazon explained the skill was created using the Alexa Teacher Model, which was trained using images and captions sourced from the company’s product database. 

In the car, Alexa is also getting a new Roadside Assistance feature that will connect you with an agent in case you need do something like calling a tow truck or get help changing a flat tire. On top of that, BMW is expanding its partnership with Amazon, with BMW announcing plans to build its next-generation voice assistant using the Alexa Custom Assistant solution. BMW’s goal is to support more natural language controls that are easy to use while driving. 

Alexa is also getting integration with the new Halo Rise, allowing it to do things like automatically turn off your lights when you get in bed or play your favorite song to help you wake up in the morning. Amazon will also be adding the Fire TV experience to the Echo Show 15, so users will be able to watch all their favorite shows or purchased content on a smaller screen. There’s also a new Alexa Voice Remote Pro for Fire TVs, that allows you to more easily switch between various inputs, control routines and use your voice to find the remote if you lose it thanks to the controller’s built-in speaker. 

Meanwhile for Disney fans, Amazon is adding a new “Hey Disney” command that gives anyone with a Kids+ subscription access to immersive entertainment experiences featuring big-name Disney characters. 

Follow all of the news from Amazon’s event right here!

Amazon announces Echo Studio and Echo Dot speakers with improved audio

Amazon has revealed new Echo speakers, although they don’t look much different on the outside. Once the centerpiece of the company’s Alexa lineup, Amazon didn’t debut a new “regular” model last year. In 2020, it unveiled a completely redesigned Echo with a spherical shape instead of its previous cylindrical construction. The “regular” Echo isn’t getting a tune-up this time around either. Instead, the company says it has improved the audio performance of both the high-end Echo Studio and the compact Echo Dot while keeping the same overall design for both.

The retooled Echo Studio comes with new spatial audio processing that improves on Amazon’s previous 3D sound technology. The company says we can expect better stereo sound with “greater, width, clarity and presence.” The frequency range also got an update with increased mid-range clarity and deeper bass. The company’s high-end speaker now comes in a white color option and the updated version will ship October 20th for $200

Echo Dot
Amazon

For the Echo Dot, which Amazon says is the world’s bestselling smart speaker, the company has improved the audio as well. Amazon explains that it redesigned the interior to fit a larger speaker while keeping the device the same size as the previous model. The new driver offers twice the bass and clearer vocals over the last Echo Dot, according to the company. Amazon has also updated the Echo Dot with Clock so that the display can show information like artists, song titles and snooze timers. New accelerometers and sensors should improve touch controls as well — on both models. The Echo Dot will be available for $50 while the clock version is $60, and both are available for pre-order today and shipping October 20th. There are also two new options for Echo Dot Kids — dragon and owl — that will be available for $60 when they ship October 20th. 

Amazon also announced today that it has packed Eero mesh WiFi tech in its speakers. This means that compatible Echo models can serve as range extenders, adding up to 1,000 square feet of internet coverage per device.

Follow all of the news from Amazon’s event right here!

Fast Company hackers sent out obscene push notifications to Apple News users

Fast Company readers who subscribe to updates from the business publication via Apple News have received a couple of obscene push notifications with racial slurs on Tuesday night. The messages caught a lot of users off guard — they truly could induce a spit take if you weren’t expecting them — and people took to Twitter to post screenshots. In a statement, Fast Company has told Engadget that its Apple News account was hacked and was used to send “obscene and racist” push notifications.” It added that the breach was related to another hack that happened on Sunday afternoon and that it has gone as far as shutting down the whole FastCompany.com domain for now.

The publication said:

“Fast Company’s content management system account was hacked on Tuesday evening. As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart. The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved. Tuesday’s hack follows an apparently related hack of FastCompany.com that occurred on Sunday afternoon, when similar language appeared on the site’s home page and other pages. We shut down the site that afternoon and restored it about two hours later. Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down.”

Apple has addressed the situation in tweet, confirming that the website has been hacked and that it has suspended Fast Company’s account:

At the moment, Fast Company’s website loads a “404 Not Found” page. Before it was taken down, though, the bad actors managed to post a message detailing how they were able to infiltrate the publication, along with a link to a forum where stolen databases are made available for other users. They said that Fast Company had a default password for WordPress that was much too easy to crack and used it for a bunch of accounts, including one for an administrator. From there, they were able to grab authentication tokens, Apple News API keys, among other access information. The authentication keys, in turn, gave them the power to grab the names, email addresses and IPs of a bunch of employees.

A user called “Thrax” posted in the forum they linked on the publication’s website, announcing that they were releasing a database containing 6,737 employee records. These include employees’ emails, password hashes for some of them and unpublished drafts, among other information. They weren’t able to get their hands on customer records, though, most likely because they’re kept in a separate database.

Update 09/27/22 11:43PM ET: Edited the post to add Fast Company’s new and more detailed statement.

‘The Witcher: Blood Origin’ debuts December 25th on Netflix

The Witcher: Blood Origin, a prequel to Netflix’s live-action adaptation of Andrzej Sapkowski’s fantasy novel series, will debut on December 25th, the streamer announced today during its Tudum event. Netflix also revealed that English actress Minnie Driver (Good Will Hunting, Starstruck) is part of the cast. Driver will narrate the events of the series and may even appear in The Witcher, which will return next summer. Driver said her character plays a pivotal part “in connecting Blood Origin’s past with The Witcher’s future.”       

Set thousands of years before the story of Geralt and Ciri, Blood Origin will center on the Conjunction of the Spheres, the moment in the Witcher universe where humans, elves and monsters all come to inhabit the fantasy world of the series. Actress Michelle Yeoh stars as Scian, the elven protagonist of the tale. Originally slated to run six episodes, Blood Origin will instead be four episodes long. 

The best video streaming services in 2022

The number of video streaming services available has increased dramatically over the past few years as everyone, including Apple, Disney and ESPN, decides they want a piece of the pie. The days when Netflix was your only option are long gone now, and w…

Uber claims hack came from Lapsus$, the group behind Microsoft and T-Mobile attacks

Uber believes it has identified the team behind last week’s hack, and the name will sound all too familiar. In an update on the breach, Uber said the perpetrator was affiliated with Lapsus$, the hacking group that has targeted tech firms like Microsoft, Samsung and T-Mobile. The same intruder might also have been responsible for the Rockstar hack that leaked Grand Theft Auto VI, Uber said.

It’s also clearer just how the culprit may have accessed Uber’s internal systems. The attacker likely bought the contractor’s login details on the dark web after they’d been exposed through a malware-infected computer. Two-factor authentication initially prevented the hacker from getting in, but the contractor accepted an authentication request — that was enough to help the invader compromise employee accounts and, in turn, abuse company apps like Google Workspace and Slack.

As before, Uber stressed that the hacker didn’t access public-facing systems or user accounts. The codebase also remains untouched. While those responsible did compromise Uber’s bug bounty program, any vulnerability reports involved have been “remediated.” Uber contained the hack by limiting compromised accounts, temporarily disabling tools and resetting access to services. There’s also extra monitoring for unusual activity.

The incident update suggests the damage to Uber is relatively limited. However, it also indicates that Lapsus$ is still hacking high-profile targets despite arrests. It also underscores major tech companies’ continued vulnerability to hacks. In this case, one wrong move by a contractor was all it took to disrupt Uber’s operations.