Slashdot

Dictionary.com abruptly deleted all user accounts and saved word lists from its premium apps without notice or refunds, leaving long-time logophiles "devastated." "The company deleted all accounts, as well as the only ways to use Dictionary.com without seeing ads -- even if you previously paid for an ad-free experience," reports Ars Technica. From the report: Dictionary.com offers a free dictionary through its website and free Android and iOS apps. It used to offer paid-for mobile apps, called Dictionary.com Pro, that let users set up accounts, use the app without ads, and enabled other features (like grammar tips and science and rhyming dictionaries) that are gone now. Dictionary.com's premium apps also let people download an offline dictionary (its free apps used to let you buy a downloadable dictionary as a one-time purchase), but offline the dictionaries aren't available anymore. About a year ago, claims of Dictionary.com's apps being buggy surfaced online. We also found at least one person claiming that they were unable to buy an ad-free upgrade at that time. Reports of Dictionary.com accounts being deleted and the apps not working as expected, and with much of its content removed, started appearing online about two months ago. Users reported being unable to log in and access premium features, like saved words. Soon after, Dictionary.com's premium apps were removed from Google Play and Apple's App Store. The premium version was available for download for $6 as recently as March 23, per the Internet Archive's Wayback Machine.

Read more of this story at Slashdot.

The House passed a bipartisan bill regulating stablecoins which now heads to President Trump's desk as part of his push to make the U.S. the "crypto capital of the world." Two other crypto-related bills -- one defining digital asset market structure and another banning a U.S. central bank digital currency -- were also approved by the House but face uncertain futures in the Senate amid partisan tensions and concerns over Trump's personal financial ties to crypto ventures. CNBC reports: The stablecoin bill, passed on a 308-122 vote, sets initial guardrails and consumer protections for the cryptocurrency, which is tied to a stable asset, often the U.S. dollar, to reduce price volatility. It passed the Senate with bipartisan support in June. "Around the world, payment systems are undergoing a revolution," said House Financial Services Chair French Hill of Arkansas as lawmakers debated the stablecoin legislation Thursday morning. Hill said the bill will "ensure American competitiveness and strong guardrails for our consumers." After Trump declared it "crypto week," the bills were stalled for more than a day amid disagreements among House Republicans about how to combine the legislation. In the end, GOP leaders put the three bills for a separate votes, leaving the fate of the other two bills unclear in the Senate. The internal dissent could foreshadow challenges ahead for the more sweeping crypto legislation that Trump has demanded and the industry has poured millions into advancing. The stablecoin measure is seen by lawmakers and the industry as a step toward adding legitimacy and consumer trust to a rapidly growing sector. Treasury Secretary Scott Bessent said in June that the legislation could help that currency "grow into a $3.7 trillion market by the end of the decade." The bill outlines requirements for stablecoin issuers, including compliance with U.S. anti-money laundering and sanctions laws, and mandates that issuers hold reserves backing the cryptocurrency. Without such a framework, Republicans on the Senate Banking Committee in a statement warned, "consumers face risks like unstable reserves or unclear operations from stablecoin issuers." After the votes, House Republicans strongly urged the Senate to take up the second bill, which would create a new market structure for cryptocurrency.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Record: Threat actors are stealing sensitive data from organizations by breaching end-of-life appliances made by cybersecurity company SonicWall. Incident responders from Google Threat Intelligence Group (GTIG) and Mandiant said on Wednesday that they have uncovered an ongoing campaign by an unidentified threat group that leverages credentials and one-time password (OTP) seeds stolen during previous intrusions -- allowing the hackers to regain access to organizations even after security updates are installed. [...] The campaign is targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances. Google explained that the malware the hackers are using removes log entries, making it difficult to figure out how they initially gained access to a system. Google said the campaign extends beyond the incidents they investigated directly and added that SonicWall has "confirmed reports of other impacted organizations." The company noted that SonicWall updated an advisory for a bug tracked as CVE-2024-38475 in light of Google's findings. "As an added security measure, we strongly advise customers to reset the OTP (One-Time Password) binding for all users. This step ensures that any potentially compromised or stale OTP secrets are invalidated, thereby mitigating unauthorized access risks," SonicWall said in the update to the advisory.. One novel aspect of the campaign is the use of a backdoor called OVERSTEP, which modifies the SonicWall appliance's boot process to maintain persistent access, steal sensitive credentials and conceal the malware's own components. Incident responders struggled to track other activities by the hackers because OVERSTEP allowed them to delete logs and largely cover their tracks. OVERSTEP is specifically designed for SonicWall SMA 100 series appliances, according to Google. In addition to CVE-2024-38475, Google and Mandiant experts floated several potential vulnerabilities the hackers may have used to gain initial access, including CVE-2021-20038, CVE-2024-38475, CVE-2021-20035, CVE-2021-20039 and, CVE-2025-32819. Beyond those, Google theorized that the hackers may have used an unknown zero-day vulnerability to deploy the malware on targeted SonicWall SMA appliances.

Read more of this story at Slashdot.

Russian lawmakers passed sweeping new legislation allowing authorities to fine individuals simply for searching and accessing content labeled "extremist" via VPNs. The Washington Post reports: Russia defines "extremist materials" as content officially added by a court to a government-maintained registry, a running list of about 5,500 entries, or content produced by "extremist organizations" ranging from "the LGBT movement" to al-Qaeda. The new law also covers materials that promote alleged Nazi ideology or incite extremist actions. Until now, Russian law stopped short of punishing individuals for seeking information online; only creating or sharing such content is prohibited. The new amendments follow remarks by high-ranking officials that censorship is justified in wartime. Adoption of the measures would mark a significant tightening of Russia's already restrictive digital laws. The fine for searching for banned content in Russia would be about a $65, while the penalty for advertising circumvention tools such as VPN services would be steeper -- $2,500 for individuals and up to $12,800 for companies. Previously, the most significant expansion of Russia's restrictions on internet use and freedom of speech occurred shortly after the February 2022 full-scale invasion of Ukraine, when sweeping laws criminalized the spread of "fake news" and "discrediting" the Russian military. The new amendment was introduced Tuesday and attached to a mundane bill on regulating freight companies, according to documents published by Russia's lower house of parliament, the State Duma.

Read more of this story at Slashdot.

The Verge's Emma Roth reports: The News/Media Alliance, a trade association behind major news publishers, announced that it has "successfully secured" the removal of 12ft.io, a website that helped users bypass paywalls online. The trade association says 12ft.io's webhost took down the site on July 14th "following the News/Media Alliance's efforts." 12ft.io -- or 12 Foot Ladder -- also allowed users to view webpages without ads, trackers, or pop-ups by disguising a user's browser as a web crawler, giving them unfettered access to a webpage's contents. Software engineer Thomas Millar says he created the site when he realized "8 of the top 10 links on Google were paywalled" when doing research during the pandemic. [...] In its announcement, News/Media Alliance says 12ft.io "offered illegal circumvention technology" that allowed users to access copyrighted content without paying for it. The organization adds that it will take "similar actions" against other sites that let users get around paywalls. The News Media Alliance recently called Google's AI Mode "theft." (Like many chatbots, Google's AI Mode eliminates the need to visit a website, starving publishers of the pageviews they need to be compensated for their work.) "Publishers commit significant resources to creating the best and most informative content for consumers, and illegal tools like 12ft.io undermine their ability to financially support that work through subscriptions and ad revenue," News/Media Alliance president and CEO Danielle Coffey said in the press release. "Taking down paywall bypassers is an essential part of ensuring we have a healthy and sustainable information ecosystem."

Read more of this story at Slashdot.