News

Google says it has evidence that Russian government hackers are using exploits that are "identical or strikingly similar" to those previously made by spyware makers Intellexa and NSO Group. From a report: In a blog post on Thursday, Google said it is not sure how the Russian government acquired the exploits, but said this is an example of how exploits developed by spyware makers can end up in the hands of "dangerous threat actors." In this case, Google says the threat actors are APT29, a group of hackers widely attributed to Russia's Foreign Intelligence Service, or the SVR. APT29 is a highly capable group of hackers, known for its long-running and persistent campaigns aimed at conducting espionage and data theft against a range of targets, including tech giants Microsoft and SolarWinds, as well as foreign governments. Google said it found the hidden exploit code embedded on Mongolian government websites between November 2023 and July 2024. During this time, anyone who visited these sites using an iPhone or Android device could have had their phone hacked and data stolen, including passwords, in what is known as a "watering hole" attack. The exploits took advantage of vulnerabilities in the iPhone's Safari browser and Google Chrome on Android that had already been fixed at the time of the suspected Russian campaign. Still, those exploits nevertheless could be effective in compromising unpatched devices.

Read more of this story at Slashdot.

OpenAI and Anthropic will give a U.S. government agency early access to major new model releases under agreements announced on Thursday. From a report: Governments around the world have been pushing for measures -- both legislative and otherwise -- to evaluate the risks of powerful new AI algorithms. Anthropic and OpenAI have each signed a memorandum of understanding to allow formal collaboration with the U.S. Artificial Intelligence Safety Institute, a part of the Commerce Department's National Institute of Standards and Technology. In addition to early access to models, the agreements pave the way for collaborative research around how to evaluate models and their safety as well as methods for mitigating risk. The U.S. AI Safety Institute was set up as part of President Biden's AI executive order.

Read more of this story at Slashdot.

An anti-piracy coalition comprised of major studios in the U.S. and across the globe is claiming victory against Fmovies, a significant streaming operation based in Vietnam. From a report: On Thursday the Alliance for Creativity and Entertainment revealed that it had worked with Hanoi police to shutter Fmovies and affiliated sites, which together made up "the largest pirate streaming operation in the world," according to the organization. With sites including bflixz, flixtorz, movies7, myflixer, and aniwave in addition to Fmovies, the operation attracted more than 6.7 billion visits between January 2023 and June 2024, ACE says. The effort also shut down video hosting provider Vidsrc.to and its affiliated sites, which were "operated by the same suspects," per ACE. Two Vietnamese men were arrested by Hanoi police in connection with Fmovies and have yet to be charged. Charles Rivkin, the chairman and CEO of Hollywood trade group the Motion Picture Association and the chairman of ACE, called the action "a stunning victory for casts, crews, writers, directors, studios, and the creative community across the globe" in a statement. His colleague Larissa Knapp, evp and chief content protection officer for the MPA, said the takedown sent a "powerful deterrent message."

Read more of this story at Slashdot.

The following vulnerabilities have been discovered in the WebKitGTK web engine:

CVE-2024-4558

An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40776

Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40779

Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40780

Huang Xilin dicovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40782

Maksymilian Motyl discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40785

Johan Carlsson discovered that processing maliciously crafted web content may lead to a cross site scripting attack.

CVE-2024-40789

Seunghyun Lee discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40794

Matthew Butler discovered that private Browsing tabs may be accessed without authentication.

https://security-tracker.debian.org/tracker/DSA-5762-1

William Khem-Marquez discovered that Pymatgen, a Python library for materials analysis, could be tricked into running arbitrary code if a malformed CIF file is processed.

https://security-tracker.debian.org/tracker/DSA-5763-1

An anonymous reader quotes a report from Ars Technica: Too often, new tech product or service launches seem like solutions in search of a problem, but not this one: ESPN is launching software that lets you figure out just where you can watch the specific game you want to see amid an overcomplicated web of streaming services, cable channels, and arcane licensing agreements. Every sports fan is all too familiar with today's convoluted streaming schedules. Launching today on ESPN.com and the various ESPN mobile and streaming device apps, the new guide offers various views, including one that lists all the sporting events in a single day and a search function, among other things. You can also flag favorite sports or teams to customize those views. "At the core of Where to Watch is an event database created and managed by the ESPN Stats and Information Group (SIG), which aggregates ESPN and partner data feeds along with originally sourced information and programming details from more than 250 media sources, including television networks and streaming platforms," ESPN's press release says. ESPN previously offered browsable lists of games like this, but it didn't identify where you could actually watch all the games. There's no guarantee that you'll have access to the services needed to watch the games in the list, though. Those of us who cut the cable cord long ago know that some games -- especially those local to your city -- are unavailable without cable.

Read more of this story at Slashdot.

Yelp has filed an antitrust lawsuit against Google, accusing the search giant of maintaining its local search monopoly by preferencing its own services over competitors, harming competition and reducing quality. "Yelp claims that the way Google directs users toward its own local search vertical from its general search engine results page should be considered illegal tying of separate products to keep rivals from reaching scale," adds The Verge. From the report: Yelp wants the court to order Google to stop the allegedly anticompetitive conduct and to pay it damages. It demanded a jury trial and filed the suit in the Northern District of California, where a different jury found that Google had an illegal monopoly through its app store in its fight against Epic Games. The company was emboldened to bring its own lawsuit against Google after the DOJ's win in its antitrust case about the company's allegedly exclusionary practices around the distribution of search services. Yelp CEO Jeremy Stoppelman told The New York Times that following that decision, "the winds on antitrust have shifted dramatically." Previously, he told the Times, he'd hesitated to bring a suit because of the resources it would require and because he saw it as the government's job to enforce the antitrust laws. "Yelp's claims are not new," Google spokesperson Peter Schottenfels said in a statement. "Similar claims were thrown out years ago by the FTC, and recently by the judge in the DOJ's case. On the other aspects of the decision to which Yelp refers, we are appealing. Google will vigorously defend against Yelp's meritless claims."

Read more of this story at Slashdot.

A study found that Canada's 2023 wildfires released 647 megatons of carbon, surpassing the emissions of seven of the ten largest emitting countries, including Germany, Japan, and Russia. "Only China, India and the United States emitted more carbon emissions during that period, meaning that if Canada's wildfires were ranked alongside countries, they would have been the world's fourth largest emitter," adds Reuters. From the report: Typical emissions from Canadian forest fires over the last decade have ranged from 29 to 121 megatons. But climate change, driven by the burning of fossil fuels, is leading to drier and hotter conditions, driving extreme wildfires. The 2023 fires burned 15 million hectares (37 million acres) across Canada, or about 4% of its forests. The findings add to concerns about dependence on the world's forests to act as a long-term carbon sink for industrial emissions when instead they could be aggravating the problem as they catch fire. The worry is that the global carbon budget, or the estimated amount of greenhouse gases the world can continue to emit while holding warming to 1.5 degrees Celsius (2.7 degrees Fahrenheit) above preindustrial levels, is based on inaccurate calculations. [...] The abnormally hot temperatures Canada experienced in 2023 are projected to be common by the 2050s, the study said. This is likely to lead to severe fires across the 347 million hectares (857 million acres) of woodlands that Canada depends on to store carbon. The study has been published in the journal Nature.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Scientific American, written by science journalist Simon Makin: The persistence of memory is crucial to our sense of identity, and without it, there would be no learning, for us or any other animal. It's little wonder, then, that some researchers have called how the brain stores memories the most fundamental question in neuroscience. A milestone in the effort to answer this question came in the early 1970s, with the discovery of a phenomenon called long-term potentiation, or LTP. Scientists found that electrically stimulating a synapse that connects two neurons causes a long-lasting increase in how well that connection transmits signals. Scientists say simply that the "synaptic strength" has increased. This is widely believed to be the process underlying memory. Networks of neural connections of varying strengths are thought to be what memories are made of. In the search for molecules that enable LTP, two main contenders emerged. One, called PKMzeta (protein kinase Mzeta), made a big splash when a 2006 study showed that blocking it erased memories for places in rats. If obstructing a molecule erases memories, researchers reasoned, that event must be essential to the process the brain uses to maintain memories. A flurry of research into the so-called memory molecule followed, and numerous experiments appeared to show that it was necessary and sufficient for maintaining numerous types of memory. The theory had a couple of holes, though. First, PKMzeta is short-lived. "Those proteins only last in synapses for a couple of hours, and in neurons, probably a couple of days," says Todd Sacktor, a neurologist at SUNY Downstate Health Sciences University, who was co-senior author of the 2006 study. "Yet our memories can last 90 years, so how do you explain this difference?" Second, PKMzeta is created in cells as needed, but then it has to find the right synapses. Each neuron has around 10,000 synapses, only a few percent of which are strengthened, says neuroscientist Andre Fenton, the other co-senior author of the 2006 study, who is now at New York University. The strengthening of some synapses and not others is how this mechanism stores information, but how PKMzeta molecules accomplish this was unknown. A new study published in Science Advances by Sacktor, Fenton and their colleagues plugs these holes. The research suggests that PKMzeta works alongside another molecule, called KIBRA (kidney and brain expressed adaptor protein), which attaches to synapses activated during learning, effectively "tagging" them. KIBRA couples with PKMzeta, which then keeps the tagged synapses strengthened. Experiments show that blocking the interaction between these two molecules abolishes LTP in neurons and disrupts spatial memories in mice. Both molecules are short-lived, but their interaction persists. "It's not PKMzeta that's required for maintaining a memory, it's the continual interaction between PKMzeta and this targeting molecule, called KIBRA," Sacktor says. "If you block KIBRA from PKMzeta, you'll erase a memory that's a month old." The specific molecules will have been replaced many times during that month, he adds. But, once established, the interaction maintains memories over the long term as individual molecules are continually replenished. [...] "What seems clear is that there is no single 'memory molecule,'" concludes Scientific American. "Regardless of any competing candidate, PKMzeta needs a second molecule to maintain long-term memories, and there is another that can substitute in a pinch." "There are also some types of memory, such as the association of a location with fear, that do not depend on PKMzeta," the report adds. "Nobody knows what molecules are involved in those cases, and PKMzeta is clearly not the whole story."

Read more of this story at Slashdot.

The Register's Liam Proven reports: Microsoft's in-house professional networking site is moving to Microsoft's in-house Linux. This could mean that big changes are coming for the former CBL-Mariner distro. Ievgen Priadka's post on the LinkedIn Engineering blog, titled Navigating the transition: adopting Azure Linux as LinkedIn's operating system, is the visible sign of what we suspect has been a massive internal engineering effort. It describes some of the changes needed to migrate what the post calls "most of our fleet" from the end-of-life CentOS 7 to Microsoft Azure Linux -- the distro that grew out of and replaced its previous internal distro, CBL-Mariner. This is an important stage in a long process. Microsoft acquired LinkedIn way back in 2016. Even so, as recently as the end of last year, we reported that a move to Azure had been abandoned, which came a few months after it laid off almost 700 LinkedIn staff -- the majority in R&D. The blog post is over 3,500 words long, so there's quite a lot to chew on -- and we're certain that this has been passed through and approved by numerous marketing and management people and scoured of any potentially embarrassing admissions. Some interesting nuggets remain, though. We enjoyed the modest comment that: "However, with the shift to CentOS Stream, users felt uncertain about the project's direction and the timeline for updates. This uncertainty created some concerns about the reliability and support of CentOS as an operating system." [...] There are some interesting technical details in the post too. It seems LinkedIn is running on XFS -- also the RHEL default file system, of course -- with the notable exception of Hadoop, and so the Azure Linux team had to add XFS support. Some CentOS and actual RHEL is still used in there somewhere. That fits perfectly with using any of the RHELatives. However, the post also mentions that the team developed a tool to aid with deploying via MaaS, which it explicitly defines as Metal as a Service. MaaS is a Canonical service, although it does support other distros -- so as well as CentOS, there may have been some Ubuntu in the LinkedIn stack as well. Some details hint at what we suspect were probably major deployment headaches. [...] Some of the other information covers things the teams did not do, which is equally informative. [...]

Read more of this story at Slashdot.

Three former Backpage executives, including co-founder Michael Lacey, were sentenced to prison for promoting prostitution and laundering money while disguising their activities as a legitimate classified business. The Associated Press reports: A jury convicted Lacey, 76, of a single count of international concealment money laundering last year, but deadlocked on 84 other prostitution facilitation and money laundering charges. U.S. District Judge Diane Humetewa later acquitted Lacey of dozens of charges for insufficient evidence, but he still faces about 30 prostitution facilitation and money laundering charges. Authorities say the site generated $500 million in prostitution-related revenue from its inception in 2004 until it was shut down by the government in 2018. Lacey's lawyers say their client was focused on running an alternative newspaper chain and wasn't involved in day-to-day operations of Backpage. But Humetewa told Lacey during Wednesday's sentencing he was aware of the allegations against Backpage and did nothing. "In the face of all this, you held fast," Humetewa said. "You didn't do a thing." Two other Backpage executives, Chief Financial Officer John Brunst and Executive Vice President Scott Spear, also were convicted last year and were each sentenced on Wednesday to 10 years in prison. The judge ordered Lacey and the two executives to report to the U.S. Marshals Service in two weeks to start serving their sentences.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the BBC: South Korea's president has urged authorities to do more to "eradicate" the country's digital sex crime epidemic, amid a flood of deepfake pornography targeting young women. Authorities, journalists and social media users recently identified a large number of chat groups where members were creating and sharing sexually explicit "deepfake" images -- including some of underage girls. Deepfakes are generated using artificial intelligence, and often combine the face of a real person with a fake body. South Korea's media regulator is holding an emergency meeting in the wake of the discoveries. The spate of chat groups, linked to individual schools and universities across the country, were discovered on the social media app Telegram over the past week. Users, mainly teenage students, would upload photos of people they knew -- both classmates and teachers -- and other users would then turn them into sexually explicit deepfake images. The discoveries follow the arrest of the Russian-born founder of Telegram, Pavel Durov, on Saturday, after it was alleged that child pornography, drug trafficking and fraud were taking place on the encrypted messaging app. South Korean President Yoon Suk Yeol on Tuesday instructed authorities to "thoroughly investigate and address these digital sex crimes to eradicate them." "Recently, deepfake videos targeting an unspecified number of people have been circulating rapidly on social media," President Yoon said at a cabinet meeting. "The victims are often minors and the perpetrators are mostly teenagers." To build a "healthy media culture," President Yoon said young men needed to be better educated. "Although it is often dismissed as 'just a prank,' it is clearly a criminal act that exploits technology to hide behind the shield of anonymity," he said. The Guardian notes that making sexually explicit deepfakes with the intention of distributing them is punishable by five years in prison or a fine of $37,500. Further reading: 1 in 10 Minors Say Their Friends Use AI to Generate Nudes of Other Kids, Survey Finds (Source: 404 Media)

Read more of this story at Slashdot.

SpaceX's Falcon 9 rocket has been grounded by the FAA for the second time in less than two months following the failed landing of a first-stage booster, which was destroyed in a fireball after its 23rd flight. Spaceflight Now reports: The booster, serial number B1062 in the SpaceX fleet, suffered a hard landing, at the tail end of its record-setting 23rd flight. It was consumed in a fireball on the deck of the drone ship 'A Shortfall of Gravitas', which was stationed in the Atlantic Ocean about 250 miles east of Charleston, South Carolina. The mishap was the first booster landing failure since February 2021. In a statement on Wednesday, the Federal Aviation Administration said that while no public injuries or public property damage was reported, "The FAA is requiring an investigation." The FAA made a similar declaration following a Falcon 9 upper-stage failure on July 12 during the Starlink 9-3 mission, which resulted in the loss of 20 satellites. Following that incident, SpaceX rockets did not return to flight until the Starlink 10-9 mission, on July 27. [...] The booster failure came the same week that SpaceX had to twice delay a launch attempt of the Polaris Dawn astronaut mission, first due to a helium leak and then for recovery weather at the end of the mission. The Polaris Dawn crew remain in quarantine for now, according to social media posts from Isaacman, but the timing of the next launch attempt is uncertain. In addition to landing weather concerns and resolving the FAA investigation, there is also the matter of launch pad availability.

Read more of this story at Slashdot.

According to a new survey from Bitkom, cybercrime and other acts of sabotage have cost German companies around $298 billion in the past year, up 29% on the year before. Reuters reports: Bitkom surveyed around 1,000 companies from all sectors and found that 90% expect more cyberattacks in the next 12 months, with the remaining 10% expecting the same level of attacks. Some 70% of companies that were targeted attributed the attacks to organised crime, the survey found, adding 81% of companies reported data theft, including customer data, access data and passwords, as well as intellectual property such as patents. Around 45% of companies said they could attribute at least one attack to China, up from 42% in the previous year. Attacks blamed on Russia came in second place at 39%. The increase in attacks has prompted companies to allocate 17% of their IT budget to digital security, up from 14% last year, but only 37% said they had an emergency plan to react to security incidents in their supply chain, the survey showed.

Read more of this story at Slashdot.

Google announced that it will reintroduce AI image generation capabilities through its Gemini tool, with early access to the new Imagen 3 generator available for select users in the coming days. The company pulled the feature shortly after it launched in February when users discovered historical inaccuracies and questionable responses. CNBC reports: "We've worked to make technical improvements to the product, as well as improved evaluation sets, red-teaming exercises and clear product principles," [wrote Dave Citron, a senior director of product on Gemini, in a blog post]. Red-teaming refers to a practice companies use to test products for vulnerabilities. Citron said Imagen 3 doesn't support photorealistic identifiable individuals, depictions of minors or excessively gory, violent or sexual scenes. "Of course, as with any generative AI tool, not every image Gemini creates will be perfect, but we'll continue to listen to feedback from early users as we keep improving," Citron wrote. "We'll gradually roll this out, aiming to bring it to more users and languages soon."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Threads is deepening its ties to the fediverse, also known as the open social web, which powers services like X alternative Mastodon, Pixelfed, PeerTube, Flipboard and other apps. On Wednesday, Meta announced that users on Threads will be able to see fediverse replies on other posts besides their own. In addition, posts that originated through the Threads API, like those created via third-party apps and scheduling services, will now be syndicated to the fediverse. The latter had previously been announced via an in-app message informing users that API posts would be shared to the fediverse starting on August 28. [...] Since June, users have been able to see fediverse replies on their posts if they enabled fediverse sharing in the app's settings. Once enabled, the sharing option allows users to syndicate their posts across the wider social web and then see how people on other services have responded. Now users will be able to see the fediverse replies on other people's posts, too. This immediately brings more content into Threads, even without a sizable increase in Threads users. A Meta engineer suggested testing the feature by viewing the replies of larger accounts, like YouTuber Marques Brownlee (@mkbhd), for example. Here, you'll notice a new section that shows how many "fediverse replies" are available above the replies posted to Threads itself. It's worth noting that you have to tap or click on the "fediverse replies" section to actually view what's being said on other servers and by who. Currently, Threads users can like the replies from other servers, but they can't yet reply to them, as the feature is still in beta and under development.

Read more of this story at Slashdot.

Data from giant project show how withdrawn research propagates through the literature. Nature: In January, a review paper about ways to detect human illnesses by examining the eye appeared in a conference proceedings published by the Institute of Electrical and Electronics Engineers (IEEE) in New York City. But neither its authors nor its editors noticed that 60% of the papers it cited had already been retracted. The case is one of the most extreme spotted by a giant project to find papers whose results might be in question because they cite retracted or problematic research. The project's creator, computer scientist Guillaume Cabanac at the University of Toulouse in France, shared his data with Nature's news team, which analysed it to find the papers that most heavily cite retracted work yet haven't themselves been withdrawn. "We are not accusing anybody of doing something wrong. We are just observing that in some bibliographies, the references have been retracted or withdrawn, meaning that the paper may be unreliable," Cabanac says. He calls his tool a Feet of Clay Detector, referring to an analogy, originally from the Bible, about statues or edifices that collapse because of their weak clay foundations. The IEEE paper is the second-highest on the list assembled by Nature, with 18 of the 30 studies it cites withdrawn. Its authors didn't respond to requests for comment, but IEEE integrity director Luigi Longobardi says that the publisher didn't know about the issue until Nature asked, and that it is investigating. Cabanac, a research-integrity sleuth, has already created software to flag thousands of problematic papers in the literature for issues such as computer-written text or disguised plagiarism. He hopes that his latest detector, which he has been developing over the past two years and describes this week in a Comment article in Nature, will provide another way to stop bad research propagating through the scientific literature -- some of it fake work created by 'papermill' firms.

Read more of this story at Slashdot.

An anonymous reader shares a report: While people in Asia are spending more time in the office, workers in the US and UK are not, according to a new report from XY Sense, a company that uses sensors to track office occupancy in more than 40,000 workspaces. While office space utilization -- the share of used spaces within an office out of all available space -- in the Asia-Pacific region grew 10 percentage points last quarter to 41%, that rate stayed at 28% in North America and declined in the UK. The so-called return to the office has been much slower in the US than abroad, partly because of factors like longer commute times, larger homes, and cultural individualism here. Office utilization in North America is about half what it was pre-pandemic, according to XY Sense. When people do go into the office, meeting spaces are much more in demand. On average, time spent using collaborative spaces like conference rooms (4 hours a day) was 54% higher than individual desks (2.6 hours), and lack of communal space has become a big pain point for companies. Meanwhile XY Sense found that half of office desks were utilized for less than one hour per day, while 30% were never used at all.

Read more of this story at Slashdot.

An anonymous reader shares a report: Following the arrest of Telegram CEO and co-founder Pavel Durov Saturday, the 39-year-old billionaire, Drov has been indicted on multiple charges after appearing in front of a Paris Court on Wednesday. He has been indicted on charges of Complicity in the administration of an online platform to enable an illicit transaction, by an organized gang. This charge carries a maximum penalty of 10 years imprisonment and a fine of $555,000. He was also indicted on charges of refusal to communicate at the request of authorities; Complicity in the offenses in particular of making available without legitimate reason a program or data designed to an attack on an automated data processing system, organized gang dissemination of images of minors of a child pornography nature, drug trafficking, organized gang fraud, criminal conspiracy with a view to committing crimes or offenses; Laundering of crimes or offenses by organized games; Provision of cryptology services aimed at ensuring confidentiality functions without compliant declaration. Durov has been placed under judicial supervision with an obligation to provide a deposit of 5 million euros and he must report to the police station twice a week and is banned from leaving France. From earlier today: Telegram CEO Released By Police, Transferred To Court For Possible Indictment.

Read more of this story at Slashdot.

OpenAI is in talks to raise several billion dollars in a new funding round that would value the startup behind ChatGPT above $100 billion, WSJ reported Wednesday, citing sources. From the report: Venture-capital firm Thrive Capital is leading the round and will invest about $1 billion, according to people familiar with the matter. Microsoft is also expected to put in money. The new funding round would be the biggest infusion of outside capital into OpenAI since Microsoft invested around $10 billion in January 2023. Since then, an arms race has developed in Silicon Valley to build the most advanced artificial-intelligence systems in an effort to dominate an industry many say will revolutionize the economy. OpenAI was last valued at $86 billion late last year, when employees sold existing shares. Thrive, a New York-based firm founded 15 years ago by Josh Kushner, already has a close relationship with OpenAI and its chief executive, Sam Altman. It has put several hundred million dollars into the startup since last year.

Read more of this story at Slashdot.