The nonprofit arm of Mozilla, maker of the web browser Firefox, has laid off 30% of its staff and wound up its advocacy division. The news was broken by Zack Whittaker at TechCrunch, who reports that the foundation had close to 120 people working for it at the time of the layoffs. — Read the rest

DMARC is an anti-email-spoofing tool that mail-server administrators can enable; it's designed to reject emails with forged return addresses.

T-Mobile today admitted that a recent "criminal hack" accessed personal data of some prepaid wireless customers' accounts.

Security researchers at Purdue and U. of Iowa confirm what many security experts have long feared: there are serious security weaknesses in 5G that undermine the promised security and privacy protections.

Another data security disaster for 'food delivery on demand' startup DoorDash, and it's not their first. The company confirms a data breach, and says sensitive information belonging to 4.9 million individual customers, delivery workers, and merchants — all stolen by hackers.

A number of malicious websites that were recently reported to have been secretly hacking into iPhones over a two-year period were in fact targeting Uyghur Muslims, Zack Whittaker of TechCrunch reports today.

The US is increasingly rejecting entry to people because of content sent to those persons by others, on social media and messaging apps.

The Justice Department today announced indictments for 80 individuals on charges they ran a massive business email and money laundering scam that operated in part out of Southern California.

DoJ's 145-page indictment was unsealed Thursday, and charges 80 named individuals with conspiracy to commit mail and bank fraud, plus aggravated identity theft and money laundering. — Read the rest

One of the wonderful and terrible things about the internet is how it allows people seeking others with hard-to-find traits to find them: advertisers can find people thinking about buying a refrigerator; people who think they might be trans can find others in the same boat and make common cause; people with the same rare disease can form support groups, and Nazis can find sociopaths to march through the streets of Charlottesville carrying tiki torches and chanting "Jews will not replace us."

IBM's ridiculously named X-Force Red have documented a new attack vector they've dubbed "Warshipping": they mailed a sub-$100 custom, wifi-enabled low-power PC with a cellular radio to their target's offices.

ISPs in the UK are required to censor a wide swathe of content: what began as a strictly limited, opt-in ban on depictions of the sexual abuse of children has been steadily expanded to a mandatory ban on "extreme" pornography, "terrorist content," copyright and trademark infringement, and then there's the on-again/off-again ban on all porn sites unless they keep a record of the identity of each user and the porn they request. — Read the rest

The security firm Cybereason says that it has identified a likely state-sponsored attack on ten global mobile phone networks that they have attributed to "the Chinese-affiliated threat actor APT10," which has been "underway for years."

A massive database hosted on Amazon Web Services (AWS) for Mumbai-based internet company Chtrbox that contained contact info for millions of Instagram accounts for influencers, celebrities and brands has been discovered leaked online.

Writing on Techcrunch, Zack Whittaker (previously) calls out the timeworn phrase "we take your privacy and security seriously," pointing out that this phrase appears routinely in company responses to horrific data-breaches, and it generally accompanied by conduct that directly contradicts it, such as stonewalling and minimizing responsibility for breaches and denying their seriousness. — Read the rest

Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) — a giant, San Diego-based SMS gateway company — had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service.

Transparency reports are standard practice across the tech industry, disclosing the nature, quantity and scope of all the law enforcement requests each company receives in a given year.

Donalddaters.com is an app for people who want to have sex with white supremacists; it launched today and promptly leaked all 1600 of its users' data: "users' names, profile pictures, device type, their private messages — and access tokens, which can be used to take over accounts."

If you're the kind of parent who wants to spy on everything your kids do, you can force them to install an app like Teensafe, which only works if your kid doesn't use two-factor authentication; you have to give it your kid's device ID and password, so if that data leaks, it would allow anyone to break into your kid's cloud and plunder all their private data.

The only thing worse than driving a car with defective brakes is unknowingly driving a car with defective brakes — and learning about them the hard way.

Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International.