Bots Buy Up Raspberry Pi Products | Avast

Adafruit, a distributor of Raspberry Pi single board computers, has mandated that certain new purchases can only be completed with the use of two-factor authentication. The new requirement is due to reselling schemes that use bots to buy up the last of the products. Raspberry Pi chief Eben Upton told ZDNet that this kind of automated purchasing is typical when supplies are short, as opportunists try to profit from the situation by clearing the market, then reselling the products at a marked-up cost. Users intending to purchase “certain high-demand items” from Adafruit will now need to have a verified Adafruit account with two-factor authentication enabled. 

“This is an interesting use of 2FA – not to protect users from ID Theft, but to make sure it’s a real user behind the purchase,” commented Avast Security Evangelist Luis Corrons. “This is not the first time we’ve seen bots being used this way, either. When PlayStation 5 and Xbox Series were launched, the demand was much higher than the supply, and some groups used bots to acquire any and all units in order to resell them later at a higher price.” Currently, 1GB, 2GB, 4GB, and 8GB Raspberry Pi variants are all sold out at Adafruit. 

Apple services experience massive outage

On Monday, many Apple services went down for several hours, including Apple Music, iCloud, iMessage, Apple Maps, Apple Card, Apple TV+, the App Store, FaceTime, Siri, and more. The outage was both consumer-facing and internal, as Apple’s own infrastructure was affected, causing Apple Store employees to resort to pen and paper to keep the stores running. Apple suffered a smaller outage last month, but it was nowhere near the scale of Monday’s issues, which affected over 29 Apple services. Apple’s System Status page now reports all outages and issues resolved. For more, see Ars Technica

Lapsus$ hacking group steals Microsoft source code

Microsoft confirmed on its blog this week that the Lapsus$ hacking group had exfiltrated portions of Microsoft source code. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our…