Zillow CEO Jeremy Wacksman "recently told Entrepreneur magazine that almost five years of remote work has 'been fantastic for us,'" writes the Seattle Times. Zillow shifted to allowing people to work fully remote during the pandemic. It's been a recruiting and retention tool for Zillow as they "now see four times the number of job applicants for every job we have versus what we did before the pandemic," Wacksman said.

While Zillow still lists its corporate headquarters as Seattle, the company bills itself as "cloud-headquartered," with remote workers and satellite offices. Wacksman's comments are backed by serious real estate moves the company has made over the past five years. An annual report detailing Zillow's financial results for 2024 shows its Seattle headquarters and offices across the country are shrinking. In 2019, Zillow had 386,275 square feet of office space in Seattle after steadily gobbling up floors of the Russell Investments Center downtown over the prior five years. The company reported it had 113,470 square feet in Seattle at the end of 2024... The company has drastically cut costs by shedding offices. Zillow's total leasing costs reached $54 million in 2022 and dropped to $34 million last year... It expects those costs to decrease even further, to $18 million by 2029. Zillow is also taking advantage of subleasing some of its office space and expects $26 million in sublease income between 2025 and 2030...

Zillow's financial results from last year suggest the workforce has been productive while logging in from home. The company reported Tuesday that it beat Wall Street expectations for the last three months of 2024 with a quarterly revenue of $554 million. Wacksman said in a news release Tuesday that 2024 was a "remarkable year for Zillow," as it reached its goal of double-digit revenue growth.

A ransomware-as-a-service variant called "Medusa" has claimed over 300 victims in "critical infrastructure sectors" (including medical), according to an joint alert from CISA, the FBI, and the Multi-State Information Sharing Analysis Center.

And that alert reminds us that Medusa is a globe-spanning operation that recruits third-party affiliates to plant ransomware and negotiate with victims, notes the Register. "Even organizations that have good ransomware recovery regimes, meaning they don't need to unscramble encrypted data as they have good backups and fall-back plans, may consider paying to prevent the release of their stolen data, given the unpleasant consequences that follow information leaks. Medusa actors also set a deadline for victims to pay ransoms and provide a countdown timer that makes it plain when stolen info will be sprayed across the internet. If victims cough up $10,000 in cryptocurrency, the crims push the deadline forward by 24 hours.

The advisory reveals one Medusa actor has taken things a step further. "FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid," the advisory states. That separate actor then "requested half of the payment be made again to provide the 'true decryptor'," the advisory states, describing this incident as "potentially indicating a triple extortion scheme."
The security groups' advisory stresses that they "do not encourage paying ransoms as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations..." (But "Regardless of whether you or your organization have decided to pay the ransom, FBI, CISA, and MS-ISAC urge you to promptly report ransomware incidents...)

Besides updating software and operating systems, the alert makes these recommendations for organizations:

• Require VPNs (or jump hosts) for remote network access

• Block remote access from unknown/untrusted origins, and disable unused ports

• Segment networks to help prevent the spread of ransomware

• Use a networking monitoring tool to spot and investigate abnormal activity — including lateral movement (using endpoint detection and response tools). Log all network traffic, and monitor it for unauthorized scanning and access attempts.

• Create recovery plans with encrypted offline backups of sensitive/proprietary data and servers

• Require multifactor authentication, use strong (and long) passwords, and "consider not requiring frequently recurring password changes, as these can weaken security." (Also audit access control following the principle of least privilege, and watch for new and/or unrecognized accounts.)

• Disable command-line and scripting activities and permissions.

With Microsoft ending free security updates for Windows 10 in October, millions of PCs that don't meet Windows 11's hardware requirements face an uncertain fate... Charities that refurbish and distribute computers to low-income individuals must choose between providing soon-to-be-insecure Windows 10 machines, transitioning to Linux -- despite usability challenges for non-tech-savvy users -- or recycling the hardware, contributing to ewaste. Tom's Hardware reports: So how bad will it really be to run an end-of-lifed Windows 10? Should people worry? [Chester Wisniewski, who serves as Director and Global Field CISO for Sophos, a major security services company] and other experts I talked to are unequivocal. You're at risk. "To put this in perspective, today [the day we talked] was Patch Tuesday," he said. "There were 57 vulnerabilities, 6 of which have already been abused by criminals before the fixes were available. There were also 57 in February and 159 in January. Windows 10 and Windows 11 largely have a shared codebase, meaning most, if not all, vulnerabilities each month are exploitable on both OSs. These will be actively turned into digital weapons by criminals and nation-states alike and Windows 10 users will be somewhat defenseless against them."

So, in short, even though Windows 10 has been around since 2015, there are still massive security holes being patched. Even within the past few weeks, dozens of vulnerabilities were fixed by Microsoft. So what's a charity to do when these updates are running out and clients will be left vulnerable? "What we decided to do is one year ahead of the cutoff, we discontinued Windows 10," said Casey Sorensen, CEO of PCs for People, one of the U.S.'s largest non-profit computer refurbishers. "We will distribute Linux laptops that are 6th or 7th gen. If we distribute a Windows laptop, it will be 8th gen or newer." Sorensen said that any PC that's fifth gen or older will be sent to an ewaste recycler.

[...] Sorensen, who founded the company in 1998, told us that he's comfortable giving clients computers that run Linux Mint, a free OS that's based on Ubuntu. The latest version of Mint, version 22.1, will be supported until 2029. "Ten years ago if we distributed Linux, they would be like what is it," he said. But today, he notes that many view their computers as windows to the Internet and, for that, a user-friendly version of Linux is acceptable. Further reading: Is 2025 the Year of the Linux Desktop?

Apple is planning a new AirPods feature that allows the earbuds to live-translate an in-person conversation into another language, Bloomberg reports, citing people with knowledge of the matter. From the report: The capability will be offered as part of an AirPods software upgrade due later this year, said the people, who asked not to be identified because the effort is private. It will be tied to iOS 19, the upcoming update to Apple's mobile-device operating system.

Windows Defender has begun identifying WinRing0 -- a kernel-level driver used by numerous hardware monitoring applications -- as malicious software, causing widespread functionality issues for affected tools. The driver, which provides low-level hardware access necessary for reading fan speeds, controlling RGB lighting, and monitoring system components, is being quarantined due to potential security vulnerabilities that could be exploited by malware.

WinRing0 gained popularity among developers because it's one of only two freely available Windows drivers capable of accessing the SMBus registers needed for hardware monitoring functions. The affected applications include Fan Control, OpenRGB, MSI Afterburner, LibreHardwareMonitor, and multiple others that rely on this driver to communicate with system hardware.

The GSM Association has released new specifications for RCS messaging incorporating end-to-end encryption (E2EE) based on the Messaging Layer Security protocol, six months after iOS 18 introduced RCS compatibility.

The specifications ensure messages remain secure between Android and iOS devices, making RCS "the first large-scale messaging service to support interoperable E2EE between client implementations from different providers," said GSMA Technical Director Tom Van Pelt.

The system combines E2EE with SIM-based authentication to strengthen protection against scams and fraud. Apple confirmed it "helped lead a cross industry effort" on the standard and will implement support in future software updates without specifying a timeline. Google's RCS implementation has featured default E2EE since early 2024.

In late 2023, the FBI alerted the Littleton Electric Light and Water Departments (LELWD) that it had been breached by a Chinese-state-sponsored hacking group for over 300 days. With the help of cybersecurity firm Dragos and Department of Energy-funded sensors, LELWD confirmed the intrusion, identified the hackers' movements, and ultimately restructured its network to remove them. PCMag reports: At the time, LELWD had been installing sensors from cybersecurity firm Dragos with the help of Department of Energy grants awarded by the American Public Power Association (APPA). "The sensors helped LELWD confirm the extent of the malicious activity on the system and pinpoint when and where the attackers were going on the utility's networks," the APPA said last year. Today, Dragos released a case study (PDF) about the hack, which it blamed on Voltzite, a "sophisticated threat group...that overlaps with Volt Typhoon."

The call from the FBI forced Dragos "to deploy quickly and bypass the planned onboarding timeline" for the LELWD, it says. It discovered that Volt Typhoon "had persistent access to LELWD's network." Hackers were looking for specific data related to [operational technology] operating procedures and spatial layout data relating to energy grid operations," Dragos tells SecurityWeek. In the end, Dragos confirmed the compromised systems did not contain "customer-sensitive data," and LEWLD changed their network architecture to kick Volt Typhoon out, the case study says. Groups like Volt Typhoon, "don't always go for high-profile targets first," said Ensar Seker, Chief Security Officer at SOCRadar. "Small, underfunded utilities can serve as low-hanging fruit, allowing adversaries to test tactics, develop footholds, and pivot toward larger targets."

Mozilla is urging Firefox users to update their browsers to version 128 or later (or ESR 115.13 for extended support users) before March 14, 2025, to avoid security risks and add-on disruptions caused by the expiration of a key root certificate. "On 14 March a root certificate (the resource used to prove an add-on was approved by Mozilla) will expire, meaning Firefox users on versions older than 128 (or ESR 115) will not be able to use their add-ons," warns a Mozilla blog post. "We want developers to be aware of this in case some of your users are on older versions of Firefox that may be impacted." BleepingComputer reports: A Mozilla support document explains that failing to update Firefox could expose users to significant security risks and practical issues, which, according to Mozilla, include:

- Malicious add-ons can compromise user data or privacy by bypassing security protections.
- Untrusted certificates may allow users to visit fraudulent or insecure websites without warning.
- Compromised password alerts may stop working, leaving users unaware of potential account breaches.

It is noted that the problem impacts Firefox on all platforms, including Windows, Android, Linux, and macOS, except for iOS, where there's an independent root certificate management system. Mozilla says that users relying on older versions of Firefox may continue using their browsers after the expiration of the certificate if they accept the security risks, but the software's performance and functionality may be severely impacted.

An anonymous reader shares a report: Citigroup plans to dramatically reduce its reliance on IT contractors and hire thousands of employees for IT as the lender grapples with regulatory punishments over data governance and deficient controls. Citigroup's head of technology Tim Ryan told staff in recent weeks that the bank aims to cut back external contractors to 20% of those working in IT from the current 50%, according to an internal presentation to employees seen by Reuters.

The briefing did not give a precise time horizon for the changes. As part of the overhaul, Citi will replenish the ranks by hiring more staff, and aims to have 50,000 employees in technology, up from 48,000 in 2024, the presentation showed. "Citi is growing our internal technology capabilities to support our strategy to improve safety and soundness, enable revenue growth and drive efficiencies," Citi said in a statement to Reuters.

Several Asian airlines have tightened restrictions on portable battery chargers amid growing concerns about fire risks, following a January blaze that destroyed an Air Busan aircraft in South Korea. South Korean airlines now require passengers to keep portable chargers within arm's reach rather than in overhead bins, a rule implemented March 1 to ease public anxiety, according to the Transportation Ministry. Taiwan's EVA Air and China Airlines have banned using or charging power banks on flights but still allow them in overhead compartments.

Thai Airways announced a similar ban last Friday, citing "incidents of in-flight fires on international airlines." Battery-related incidents on U.S. airlines have increased from 32 in 2016 to 84 last year, with portable chargers identified as the most common culprit, according to Federal Aviation Administration data. The International Civil Aviation Organization has banned lithium-ion batteries from cargo holds since 2016, though no industry standard exists for regulating power banks.

Microsoft is ending support of its Remote Desktop app for Windows on May 27th. From a report: If you use the Remote Desktop app to connect to Windows 365, Azure Virtual Desktop, or Microsoft Dev Box machines then you'll have to transition to the Windows app instead.

The new Windows app, which launched in September, includes multimonitor support, dynamic display resolutions, and easy access to cloud PCs and virtual desktops. Microsoft says "connections to Windows 365, Azure Virtual Desktop, and Microsoft Dev Box via the Remote Desktop app from the Microsoft Store will be blocked after May 27th, 2025."

The Ballista botnet is actively exploiting a high-severity remote code execution flaw (CVE-2023-1389) in TP-Link Archer AX-21 routers, infecting over 6,000 devices primarily in Brazil, Poland, the UK, Bulgaria, and Turkey. Tom's Hardware reports: According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.

Ballista's most recent exploitation attempt was February 17, 2025 and Cato CTRL first detected it on January 10, 2025. Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico.

Abstract of a paper published on Journal of Hospitality and Tourism Management:The adoption of digital menus accessed through quick response (QR) codes has witnessed a notable upsurge. Despite potential benefits for restaurant operators, the nuanced effects of QR code menus on customer behavior and experience remain relatively unknown. This research investigates the influence of menu presentation (QR code vs. traditional) on customer loyalty. In two studies, we find that QR code menus diminish customer loyalty (compared to traditional menus) due to perceived inconvenience. This effect is further moderated by customers' need for interaction. Our work is timely in highlighting the negative impact of perceptions of inconvenience on technology adoption.

Businesses, governments, and researchers continue to struggle with extracting usable data from PDF files, despite AI advances. These digital documents contain valuable information for everything from scientific research to government records, but their rigid formats make extraction difficult.

"PDFs are a creature of a time when print layout was a big influence on publishing software," Derek Willis, a lecturer in Data and Computational Journalism at the University of Maryland, told ArsTechnica. This print-oriented design means many PDFs are essentially "pictures of information" requiring optical character recognition (OCR) technology.

Traditional OCR systems have existed since the 1970s but struggle with complex layouts and poor-quality scans. New AI language models from companies like Google and Mistral now attempt to process documents more holistically, with varying success. "Right now, the clear leader is Google's Gemini 2.0 Flash Pro Experimental," Willis notes, while Mistral's recent OCR solution "performed poorly" in tests.

A critical root certificate expiring on March 14, 2025 will disable extensions and potentially break DRM-dependent streaming services for Firefox users running outdated browsers. Users must update to at least Firefox 128 or ESR 115.13+ to maintain functionality across Windows, macOS, Linux, and Android platforms.

The expiration additionally compromises security infrastructure, including blocklists for malicious add-ons, SSL certificate revocation lists, and password breach notifications. Even those on legacy operating systems (Windows 7/8/8.1, macOS 10.12â"10.14) must update to minimum ESR 115.13+.

The Register's Simon Sharwood reports: The body that runs New Zealand's public health system uses a single Excel spreadsheet as the primary source of data to consolidate and manage its finances, which aren't in great shape perhaps due to the sheet's shortcomings. The spreadsheet-using agency is Health New Zealand (HNZ) which was established in 2022 to replace 20 district health boards in the expectation it would be more cost-effective and deliver more consistent services. The org has a budget of $NZ28 billion ($16 billion) and advised lawmakers it would stay within it for FY 23.24.

That prediction was incorrect and HNZ blew its budget, leading to a review of its finances that last week delivered a damming report [PDF] that found the org lost "control of the critical levers that drive financial outcomes" and had an "inability to identify and respond to the disconnect between expenditure and revenue." The Deloitte-penned report also found an Excel spreadsheet was the "primary data file used by HNZ to manage its financial performance" and was used for "consolidation, journals, business-critical reporting, and analysis."

The report also noted five big problems with the sheet used at HNZ:
- Financial information was often 'hard-coded,' making it difficult to trace to the source or have updated data flow through.
- Errors such as incorrectly releasing accruals or double-up releases were not picked up until following periods.
- Changes to prior periods and FTE errors in district financial reporting Excel submissions, would not flow through to consolidated file.
- The spreadsheet can be easy to manipulate information as there is limited tracking to source information where information is not flowing directly from accounting systems.
- It is highly prone to human error, such as accidental typing of a number or omission of a zero.
Relying on the spreadsheet also meant Health NZ moved slowly: The report found "monthly financial reporting usually took 12-15 days to consolidate and five days to analyze."

Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves. From a report: Discovered by Microsoft Threat Intelligence late last year, the campaign saw pirate vid-streaming websites embed malvertising redirectors to generate pay-per-view or pay-per-click revenue from malvertising platforms. "These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub" according to Microsoft's threat research team.

GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths. Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."

AmiMoJo writes: In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing last week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.

On March 6, federal prosecutors in northern California said they seized approximately $24 million worth of cryptocurrencies that were clawed back following a $150 million cyberheist on Jan. 30, 2024. The complaint refers to the person robbed only as 'Victim-1,' but according to blockchain security researcher ZachXBT the theft was perpetrated against Chris Larsen, the co-founder of the cryptocurrency platform Ripple.

ZachXBT was the first to report on the heist, of which approximately $24 million was frozen by the feds before it could be withdrawn. This week's action by the government merely allows investigators to officially seize the frozen funds. But there is an important conclusion in this seizure document: It basically says the U.S. Secret Service and the FBI agree with the findings of the LastPass breach story published here in September 2023.

smooth wombat writes: In what can only be described as a no-brainer, Volkswagen has announced it will have once again have physical buttons in all its vehicles. As Andreas Mindt, design chief at the company said, removing buttons was "a mistake".

"From the ID 2all onwards, we will have physical buttons for the five most important functions -- the volume, the heating on each side of the car, the fans and the hazard light -- below the screen," he explained, adding: "It's not a phone: it's a car."

This doesn't mean touch screens are set to disappear on new Volkswagens, just that drivers will now have the option of physical controls for their most used day-to-day tasks. The new controls are set to make their debut in the ID.2all, a small, budget EV set to debut in Europe.

1Password has introduced a 'nearby items' feature, allowing users to tag credentials with physical locations so the relevant information automatically surfaces when users are near those locations. Engadget reports: Location information can be added to any new or existing item in a 1Password vault. The app has also been updated with a map view for setting and viewing the locations of your items. In the blog post announcing the feature, the company cited examples such as door codes for a workplace, health records at a doctor's office, WiFi access at the gym and rewards membership information for local shops as potential uses for location data.

Privacy and security are paramount for a password manager, and 1Password confirmed that a user's location coordinates are only used locally and do not leave the device. Nearby items is available to 1Password customers starting today.