Enlarge (credit: Rosie Struve; Getty Images)

After reports at the end of 2022 that hackers were selling data stolen from 400 million Twitter users, researchers now say that a widely circulated trove of email addresses linked to about 200 million users is likely a refined version of the larger trove with duplicate entries removed. The social network has not yet commented on the massive exposure, but the cache of data clarifies the severity of the leak and who may be most at risk as a result of it.

From June 2021 until January 2022, there was a bug in a Twitter application programming interface, or API, that allowed attackers to submit contact information like email addresses and receive the associated Twitter account, if any, in return. Before it was patched, attackers exploited the flaw to “scrape” data from the social network. And while the bug didn't allow hackers to access passwords or other sensitive information like DMs, it did expose the connection between Twitter accounts, which are often pseudonymous, and the email addresses and phone numbers linked to them, potentially identifying users.

Enlarge (credit: carterdayne | E+ )

Sheela Lalani is one of many small business owners who depend on social platforms to generate extra holiday revenue. Her Instagram shop with unique, artisan-made children’s clothing—adorably modeled by smiling kids who joyfully twirl in her dresses—has attracted nearly 13,000 followers. She recently rolled out her holiday collection, when suddenly any hope of promoting her new clothing to followers was abruptly dashed when Meta deleted her Instagram account. They also disabled her personal Facebook account, her Facebook business page, and her newest Instagram boutique shop profile.

Lalani was dismayed, but then the situation got worse. Despite the disabled accounts, the PayPal account she linked to her social media pages to buy ads to promote her businesses got hit with a $900 charge. She immediately reached out to PayPal to dispute the charge—and is still waiting for a refund—but she also knew that getting PayPal to intervene wouldn’t fix the larger problem. Someone had bought Facebook or Instagram ads with her PayPal account, and she felt she had no way of reporting this behavior to Meta and stopping any future payments because Meta had disabled all of her accounts.

“This is so unfair for business owners and seems criminal,” Lalani told Ars.

Enlarge / The LGP-30 computer, from 1956, that a Redditor found in a basement. (credit: c-wizz )

On Monday, a German Redditor named c-wizz announced that they had found a very rare 66-year-old Librascope LGP-30 computer (and several 1970 DEC PDP-8/e computers) in their grandparents' basement. The LGP-30, first released in 1956, is one of only 45 manufactured in Europe and may be best known as the computer used by "Mel" in a famous piece of hacker lore.

Developed by Stan Frankel at California Institute of Technology in 1954, the LGP-30 (short for "Librascope General Purpose 30") originally retailed for $47,000 (about $512,866 today, adjusted for inflation) and weighed in at 800 pounds. Even so, people considered it a small computer at the time due to its desk-like size (about 44×33×26 inches). According to Masswerk.at , the LGP-30 included 113 vacuum tubes, 1,450 solid-state diodes, and rotating magnetic drum memory —a 6.5-inch diameter and 7-inch long tube rotating at 3,700 RPM—that could store 4,069 31-bit words (equivalent to about 15.8 modern kilobytes).

Along with the main LGP-30 unit, c-wizz found a Flexowriter typewriter-style console (used for input and output with the machine) and what looks like a paper tape reader for external data storage. A few PDP-8/e machines and some related equipment lurked nearby. "There seem to be more modules belonging to the PDP/8E's as well," c-wizz wrote in a Reddit comment. "There is a whole 19-inch rack where all of this is supposed to be mounted in. Maybe I can find some manuals and try to put it all together."

Enlarge (credit: Getty Images)

In January 2019, a researcher disclosed a devastating vulnerability in one of the most powerful and sensitive devices embedded into modern servers and workstations. With a severity rating of 9.8 out of 10, the vulnerability affected a wide range of baseboard management controllers made by multiple manufacturers. These tiny computers soldered into the motherboard of servers allow cloud centers, and sometimes their customers, to streamline the remote management of vast fleets of computers. They enable administrators to remotely reinstall OSes, install and uninstall apps, and control just about every other aspect of the system—even when it's turned off.

Pantsdown, as the researcher dubbed the threat , allowed anyone who already had some access to the server an extraordinary opportunity. Exploiting the arbitrary read/write flaw, the hacker could become a super admin who persistently had the highest level of control for an entire data center.

The industry mobilizes... except for one

Over the next few months, multiple BMC vendors issued patches and advisories that told customers why patching the vulnerability was critical .

Enlarge (credit: Sean Gladwell / Getty Images )

The US and European Union on Tuesday said Russia was responsible for a cyberattack in February that crippled a satellite network in Ukraine and neighboring countries, disrupting communications and a wind farm used to generate electricity.

The February 24 attack unleashed wiper malware that destroyed thousands of satellite modems used by customers of communications company Viasat. A month later, security firm SentinelOne said an analysis of the wiper malware used in the attack shared multiple technical similarities to VPNFilter, a piece of malware discovered on more than 500,000 home and small office modems in 2018. Multiple US government agencies attributed VPNFilter to Russian state threat actors.

Tens of thousands of modems taken out by AcidRain

“Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries,” US Secretary of State Antony Blinken wrote in a statement . “The activity disabled very small aperture terminals in Ukraine and across Europe. This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens.”