News

CSO Online reports that North Korea "is actively infiltrating Western companies using skilled IT workers who use fake identities to pose as remote workers with foreign companies, typically but not exclusively in the U.S." Slashdot reader snydeq shares their report, which urges information security officers "to carry out tighter vetting of new hires to ward off potential 'moles' — who are increasingly finding their way onto company payrolls and into their IT systems." The schemes are part of illicit revenue generation efforts by the North Korean regime, which faces financial sanctions over its nuclear weapons program, as well as a component of the country's cyberespionage activities. The U.S. Treasury department first warned about the tactic in 2022. Thosands of highly skilled IT workers are taking advantage of the demand for software developers to obtain freelance contracts from clients around the world, including in North America, Europe, and East Asia. "Although DPRK [North Korean] IT workers normally engage in IT work distinct from malicious cyber activity, they have used the privileged access gained as contractors to enable the DPRK's malicious cyber intrusions," the Treasury department warned... North Korean IT workers present themselves as South Korean, Chinese, Japanese, or Eastern European, and as U.S.-based teleworkers. In some cases, DPRK IT workers further obfuscate their identities by creating arrangements with third-party subcontractors. Christina Chapman, a resident of Arizona, faces fraud charges over an elaborate scheme that allegedly allowed North Korean IT workers to pose as U.S. citizens and residents using stolen identities to obtain jobs at more than 300 U.S. companies. U.S. payment platforms and online job site accounts were abused to secure jobs at more than 300 companies, including a major TV network, a car manufacturer, a Silicon Valley technology firm, and an aerospace company... According to a U.S. Department of Justice indictment, unsealed in May 2024, Chapman ran a "laptop farm," hosting the overseas IT workers' computers inside her home so it appeared that the computers were located in the U.S. The 49-year-old received and forged payroll checks, and she laundered direct debit payments for salaries through bank accounts under her control. Many of the overseas workers in her cell were from North Korea, according to prosecutors. An estimated $6.8 million were paid for the work, much of which was falsely reported to tax authorities under the name of 60 real U.S. citizens whose identities were either stolen or borrowed... Ukrainian national Oleksandr Didenko, 27, of Kyiv, was separately charged over a years-long scheme to create fake accounts at U.S. IT job search platforms and with U.S.-based money service transmitters. "Didenko sold the accounts to overseas IT workers, some of whom he believed were North Korean, and the overseas IT workers used the false identities to apply for jobs with unsuspecting companies," according to the U.S. Department of Justice. Didenko, who was arrested in Poland in May, faces U.S. extradition proceedings... How this type of malfeasance plays out from the perspective of a targeted firm was revealed by security awareness vendor KnowBe4's candid admission in July that it unknowingly hired a North Korean IT spy... A growing and substantial body of evidence suggests KnowBe4 is but one of many organizations targeted by illicit North Korean IT workers. Last November security vendor Palo Alto reported that North Korean threat actors are actively seeking employment with organizations based in the U.S. and other parts of the world... Mandiant, the Google-owned threat intel firm, reported last year that "thousands of highly skilled IT workers from North Korea" are hunting work. More recently, CrowdStrike reported that a North Korean group it dubbed "Famous Chollima" infiltrated more than 100 companies with imposter IT pros. The article notes the infiltrators use chatbots to tailor the perfect resume "and further leverage AI-created deepfakes to pose as real people." And the article includes this quote from a former intelligence analyst for the U.S. Air Force turned cybersecurity strategist at Sysdig. "In some cases, they may try to get jobs at tech companies in order to steal their intellectual property before using it to create their own knock-off technologies." The article closes with its suggested "countermeasures," including live video-chats with prospective remote-work applicants — and confirming an applicant's home address.

Read more of this story at Slashdot.

After game developer Nolen Royalty launched his short-lived viral site "One Million Checkboxes" in June. (Any visitor could check or uncheck a box in the grid — which would change how it displayed for every other visitor to the site, in near real-time.) "Within days there were half a million people on the site," he says in a new video, "and people checked over 650 million boxes in the two weeks that I kept the site online." But he also explains how what happened next was even more amazing: He'd stored the state of his one million checkboxes in a million-bit database — 125 kilobytes — and got a surprise after rewriting the backend in Go. Looking at the raw bytes (converted into their value in the 256-character ASCII table)... they spelled out a URL. Had someone hacked into his database? No, the answer was even stranger. Somebody was writing me a message in binary." "Someone was sitting there, checking and unchecking boxes to form numbers that formed letters that spelled out this URL. And they were probably doing this with a bot, to make sure those boxes remained checked and unchecked in exactly the way that they wanted them to." The URL led to a Discord channel, where he found himself talking to the orchestrators of the elaborate prank. And it was then that they asked him: "Have you seen your checkboxes as a 1,000 x 1,000 image yet?" It turns out they'd also input two alternate versions of the same message — one in base64, and one drawn out as a fully-functional QR code. (And some drawings....) "The Discord was full of very sharp teens, and they were writing this message in secret — with tens of thousands of people on the web site — to gather other very sharp teens. And it totally worked. There were 15 people when I joined, over 60 people in the Discord by the time that i left. "I tried to make it hard for them to draw, but... no problem. They found a way. And they started drawing some very cool things. They put a Windows blue-screen-of-death on the site. They put sexy Jake Gyllenhaal gifs on the site. At the end I removed all my rate limits for an hour as a treat, and they did a real-time [animated] Rickroll across the entire site." The video ends with the webmaster explaining why he thought their project was so cool. "As I kid, I spent a lot of time doing dum stuff on the computer, and I didn't get into too much trouble when I, for example, repeatedly crashed my high school mail server. There is no way that I would be doing what I do now without the encouragement of people back then. So providing a playground like this, getting to see what they were doing, provide some encouragement and say, 'Hey this is amazing' — was so special for me. "The people in that Discord are so extraordinarily talented, so creative, so cool, I cannot wait to see what they go on to make." Link via Kottke.org

Read more of this story at Slashdot.

Several items were stolen from a woman's P.O. box. So she mailed herself a package containing an Apple AirTag, according to the Santa Barbara County Sheriff's office: Her mail was again stolen on Monday morning, including the package with the AirTag that she was able to track. It is important to note that the victim did not attempt to contact the suspects on her own... The Sheriff's Office would like to commend the victim for her proactive solution, while highlighting that she also exercised appropriate caution by contacting law enforcement to safely and successfully apprehend the suspects. CNN reports on what the authorities found: The suspected thieves were located in nearby Santa Maria, California, with the victim's mail — including the package containing the AirTag — and other items authorities believe were stolen from more than a dozen victims, according to the sheriff's office. Virginia Franchessca Lara, 27, and Donald Ashton Terry, 37, were arrested in connection with the crime, authorities said. Lara was booked on felonies including possession of checks with intent to commit fraud, fictitious checks, identity theft, credit card theft and conspiracy, and remains held on a $50,000 bail as of Thursday, jail records show. Terry faces felony charges including burglary, possession of checks with intent to commit fraud, credit card theft, identity theft and conspiracy and was held on a $460,000 bail, according to jail records... Authorities said they're working on contacting other victims of theft in this case. Thanks to long-time Slashdot reader schwit1 for sharing the news.

Read more of this story at Slashdot.

The Google Play Store is now rolling out support for downloading up to three Android app updates simultaneously, addressing a long-standing limitation where apps could only be downloaded one at a time. 9to5Google reports: We're seeing simultaneous app update downloads working in the Google Play Store today across multiple devices, and a few of our readers are seeing the same behavior this week as well. It's unclear if this is a server-side change on Google's part or an update to the Play Store itself, but the functionality is much appreciated. As far as we can tell, you can download up to three app updates at once through the Play Store. The apps will start to download, with only anything beyond three showing the "Pending" status that we're all so used to seeing in the Play Store. This matches the App Store on iOS which can also download up to three apps at once. The same limit of three also now applies to new app installs, which was previously limited to two at a time.

Read more of this story at Slashdot.

Scientists have finally detected and measured the ambipolar field, a weak electric field surrounding Earth that was first theorized over 60 years ago. "Any planet with an atmosphere should have an ambipolar field," says astronomer Glyn Collinson of NASA's Goddard Space Flight Center. "Now that we've finally measured it, we can begin learning how it's shaped our planet as well as others over time." ScienceAlert reports: Here's how the ambipolar field was expected to work. Starting at an altitude of around 250 kilometers (155 miles), in a layer of the atmosphere called the ionosphere, extreme ultraviolet and solar radiation ionizes atmospheric atoms, breaking off negatively charged electrons and turning the atom into a positively charged ion. The lighter electrons will try to fly off into space, while the heavier ions will try to sink towards the ground. But the plasma environment will try to maintain charge neutrality, which results in the emergence of an electric field between the electrons and the ions to tether them together. This is called the ambipolar field because it works in both directions, with the ions supplying a downward pull and the electrons an upward one. The result is that the atmosphere is puffed up; the increased altitude allows some ions to escape into space, which is what we see in the polar wind. This ambipolar field would be incredibly weak, which is why Collinson and his team designed instrumentation to detect it. The Endurance mission, carrying this experiment, was launched in May 2022, reaching an altitude of 768.03 kilometers (477.23 miles) before falling back to Earth with its precious, hard-won data. And it succeeded. It measured a change in electric potential of just 0.55 volts -- but that was all that was needed. "A half a volt is almost nothing -- it's only about as strong as a watch battery," Collinson says. "But that's just the right amount to explain the polar wind." That amount of charge is enough to tug on hydrogen ions with 10.6 times the strength of gravity, launching them into space at the supersonic speeds measured over Earth's poles. Oxygen ions, which are heavier than hydrogen ions, are also lofted higher, increasing the density of the ionosphere at high altitudes by 271 percent, compared to what its density would be without the ambipolar field. The findings have been published in the journal Nature.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Electrek: The Biden administration has finalized a plan to expand solar on 31 million acres of federal lands in 11 western states. The proposed updated Western Solar Plan is a roadmap for Bureau of Land Management's (BLM) governance of solar energy proposals and projects on public lands. It bumps up the acreage from the 22 million acres it recommended in January, and this plan adds five additional states -- Idaho, Montana, Oregon, Washington, and Wyoming -- to the six states -- Arizona, California, Colorado, Nevada, New Mexico, and Utah -- analyzed in the original plan. It would make the public lands available for potential solar development, putting solar farms closer to transmission lines or on previously disturbed lands and avoiding protected lands, sensitive cultural resources, and important wildlife habitats. [...] BLM surpassed its goal of permitting more than 25 gigawatts (GW) of clean energy projects on public lands earlier in 2024. It's permitted 29 GW of projects on public lands -- enough to power over 12 million homes. The Biden administration set the goal to achieve 100% clean electricity on the US grid by 2035.

Read more of this story at Slashdot.

TechCrunch's Sarah Perez reports: Apple is standing by its decision to terminate the Apple Developer Account of Appstun, a mobile app company created by one of Apple's own Worldwide Developer Conference 2021 student winners. According to an announcement published on Appstun's website, Apple moved to terminate the developer's account after multiple rejections of its app that Apple says violates its App Store guidelines. Apple's decision to shut down the developer's account was recently highlighted on X by Apple critic and 37signals co-owner and CTO David Heinemeier Hansson, where he celebrated how much better web developers had it, noting they could run their businesses without the involvement of big tech gatekeepers. "No fear on [sic] capricious rejections that might suddenly kill the business overnight," he remarked. Appstun co-founder Batuhan Karababa says that he and the other co-founder had been trying to work with Apple over the App Store rejections. (Karababa tells us that he's only the formal founder on paper.) "We responded transparently and collaborated with Apple to ensure our app doesn't violate any guidelines. However, as the process continued, we began to face rejection for the issue that we thought we had already resolved in previous submissions. Apple didn't find our solution good enough," according to the announcement on Appstun's website. The company went back and forth with App Review, receiving multiple rejections over an app for designing Apple Watch faces. In addition to a more standard watch face, Appstun also came up with a workaround that would allow it to offer more highly customizable watch faces. But these weren't actually watch faces in the traditional sense, but rather custom images and animations that run independently of the App Watch face system. Essentially, the app would take over the screen showing an image that was similar to a watch face, allowing Appstun to offer more customization. Of course, running a custom animation in this way could drain the Apple Watch battery faster. Apple was also concerned that customers wouldn't understand that they weren't running a normal watch face, and that Appstun deceived them by suggesting that's what it was offering. Though Appstun added notifications to its app that these were not real watch faces, in an attempt to placate App Review, Apple instead decided to terminate the company's developer account after repeated back-and-forth. The company pleaded on its website for any help in getting its developer account restored. According to Apple, there's more to this story, and it thinks it made the correct decision. The iPhone maker said Appstun's app repeatedly tried to mislead users into thinking that it offered features and functionality that it didn't support and also marketed the app with deceptive ads, leading to negative app ratings and reviews. [...] Apple pointed to its guideline 5.6 -- a developer code of conduct -- that warns developers that "repeated manipulative or misleading behavior or other fraudulent conduct will lead to your removal from the Apple Developer Program."

Read more of this story at Slashdot.

Denise Prudhomme, a 60-year-old Wells Fargo employee, was found dead at her desk four days after clocking in. Apparently, nobody noticed her body because of the secluded location of her cubicle and the fact that many employees were working remotely. VICE reports: Prudhomme last scanned into her office job in Tempe, Arizona, at 7 AM on Friday, and her body was reportedly discovered at 4:55 PM on Tuesday, August 20. Her coworkers did pick up that something weird was going on. They detected a weird smell but assumed it was some kind of plumbing issue. Prudhomme's cubicle was on the third floor of the building, tucked away from any main thoroughfares that employees would use to travel between departments. On top of that, most employees at the Tempe Wells Fargo location worked remotely, significantly cutting down the chance of someone finding her body. Tempe police and the Maricopa County Medical Examiner didn't detect any signs of foul play, but the woman's official cause of death remains to be seen. Wells Fargo has said that they're going to look into their internal procedures to make sure employees receive some kind of check-in to make sure they're not, you know, dead.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials. The order, issued by a judge in Ohio's Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city's data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group's dark web site, which is accessible to anyone with a TOR browser. Columbus Mayor Andrew Ginther said on August 13 that a "breakthrough" in the city's forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them "unusable" to the thieves. Ginther went on to say the data's lack of integrity was likely the reason the ransomware group had been unable to auction off the data. Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years. On Thursday, the city of Columbus sued Ross (PDF) for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him "interacting" with them and required special expertise and tools. The suit went on to challenge Ross alerting reporters to the information, which ii claimed would not be easily obtained by others. "Only individuals willing to navigate and interact with the criminal element on the dark web, who also have the computer expertise and tools necessary to download data from the dark web, would be able to do so," city attorneys wrote. "The dark web-posted data is not readily available for public consumption. Defendant is making it so." The same day, a Franklin County judge granted the city's motion for a temporary restraining order (PDF) against Ross. It bars the researcher "from accessing, and/or downloading, and/or disseminating" any city files that were posted to the dark web. The motion was made and granted "ex parte," meaning in secret before Ross was informed of it or had an opportunity to present his case.

Read more of this story at Slashdot.

mmell writes: Regular Slashdot users will certainly be aware of the saga unfolding between the country of Brazil and X. Reuters has already reported that what I have to relay here will come as no surprise to Elon Musk, but reporting on CNN confirms that Brazilian Justice Alexandre de Moraes has ordered X to suspend operations in Brazil until X names a representative to appear on X's behalf in Brazilian Courts. Is this the end of X or some brilliant Machiavellian ploy on the part of Elon Musk? Only time and the informed and spirited debate of the users here at /. can be sure. Here's a recap of the saga, as told by X's Grok-2 chatbot: The Beginning: Alexandre de Moraes, a Brazilian Supreme Court Justice with a reputation for tackling misinformation, especially around elections, found himself at odds with Elon Musk, the space-faring, electric-car magnate turned social media mogul. The conflict kicked off when Moraes ordered X to block certain accounts in Brazil, part of his broader crackdown on what he deemed as misinformation. The Escalation: Musk, never one to shy away from a fight, especially when it involves what he perceives as free speech issues, declared on X that he would not comply with Moraes' orders. This defiance wasn't just a tweet; it was a digital declaration of war. Musk accused Moraes of overstepping his bounds, betraying the constitution, and even likened him to Darth Vader in a less than flattering comparison. Moraes, not amused, opened an investigation into Musk for obstruction of justice, accusing him of inciting disobedience and disrespecting Brazil's sovereignty. The stakes were raised with fines of around $20,000 per day for each reactivated account, and threats of arresting X employees in Brazil. The Drama Unfolds: The internet, as it does, had a field day. Posts on X ranged from Musk supporters calling Moraes a dictator to others backing Moraes, arguing he was defending democracy against foreign billionaires. The conflict became a global spectacle, with Musk's posts drawing international attention, comparing the situation to a battle for free speech versus censorship. Musk, in true Musk fashion, didn't just stop at defiance. He shared all of Moraes' demands publicly, suggesting users use VPNs, and even hinted at closing X's operations in Brazil, which eventually happened, citing the need to protect staff safety. The Latest Chapter: Recently, X announced the closure of its operations in Brazil, a move seen as the culmination of this legal and ideological battle. Musk framed it as a stand against what he saw as an assault on free speech, while critics viewed it as an overreaction or a strategic retreat.

Read more of this story at Slashdot.

The Pidgin messaging app removed the ScreenShareOTR plugin from its third-party plugin list after it was found to be used to install keyloggers, information stealers, and malware targeting corporate networks. BleepingComputer reports: The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for both Windows and Linux versions of Pidgin. According to ESET, the malicious plugin was configured to infect unsuspecting users with DarkGate malware, a powerful malware threat actors use to breach networks since QBot's dismantling by the authorities. [...] Those who installed it are recommended to remove it immediately and perform a full system scan with an antivirus tool, as DarkGate may be lurking on their system. After publishing our story, Pidgin's maintainer and lead developer, Gary Kramlich, notified us on Mastodon to say that they do not keep track of how many times a plugin is installed. To prevent similar incidents from happening in the future, Pidgin announced that, from now on, it will only accept third-party plugins that have an OSI Approved Open Source License, allowing scrutiny into their code and internal functionality.

Read more of this story at Slashdot.

When Amazon releases its revamped AI Alexa update in October, it'll be powered by Anthropic's Claude AI models due to performance issues with its in-house AI. Reuters reports: Amazon plans to charge $5 to $10 a month for its new "Remarkable" version of Alexa as it will use powerful generative AI to answer complex queries, while still offering the "Classic" voice assistant for free, Reuters reported in June. But initial versions of the new Alexa using in-house software simply struggled for words, sometimes taking six or seven seconds to acknowledge a prompt and reply, one of the people said. That's why Amazon turned to Claude, an AI chatbot developed by startup Anthropic, as it performed better than the online retail giant's own AI models, the people said. "Amazon uses many different technologies to power Alexa," a company spokeswoman said in a statement in response to detailed Reuters questions for this story. "When it comes to machine learning models, we start with those built by Amazon, but we have used, and will continue to use, a variety of different models - including (Amazon AI model) Titan and future Amazon models, as well as those from partners - to build the best experience for customers," the spokeswoman said. Amazon has typically eschewed relying on technology it hasn't developed in-house so it can ensure it has full control of the user experience, data collection and direct relationships with customers.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Gizmodo: Thousands of Tennesseans were illegally denied Medicaid and other benefits due to programming and data errors in an algorithmic system the state uses to determine eligibility for low-income residents and people with disabilities, a U.S. District Court judge ruled this week. The TennCare Connect system -- built by Deloitte and other contractors for more than $400 million -- is supposed to analyze income and health information to automatically determine eligibility for benefits program applicants. But in practice, the system often doesn't load the appropriate data, assigns beneficiaries to the wrong households, and makes incorrect eligibility determinations, according to the decision (PDF) from Middle District of Tennessee Judge Waverly Crenshaw Jr. "When an enrollee is entitled to state-administered Medicaid, it should not require luck, perseverance, and zealous lawyering for him or her to receive that healthcare coverage," Crenshaw wrote in his opinion. The decision was a result of a class action lawsuit filed in 2020 on behalf of 35 adults and children who were denied benefits. [...] ]Crenshaw found that TennCare Connect did not consider whether applicants were eligible for all available programs before it terminated their coverage. Deloitte was a major beneficiary of the nationwide modernization effort, winning contracts to build automated eligibility systems in more than 20 states, including Tennessee and Texas. Advocacy groups have asked (PDF) the Federal Trade Commission to investigate Deloitte's practices in Texas, where they say thousands of residents are similarly being inappropriately denied life-saving benefits by the company's faulty systems.

Read more of this story at Slashdot.

Intel is working with investment bankers to help navigate the most difficult period in its 56-year history, Bloomberg reports, citing people familiar with the matter. From the report: The company is discussing various scenarios, including a split of its product-design and manufacturing businesses, as well as which factory projects might potentially be scrapped, said the people, who asked not to be identified because the deliberations are private. Morgan Stanley and Goldman Sachs, Intel's longtime bankers, have been providing advice on the possibilities, which could also include potential M&A, the people said. The discussions have only grown more urgent since the Santa Clara, California-based company delivered a grim earnings report this month, which sent the shares plunging to their lowest level since 2013.

Read more of this story at Slashdot.

New submitter meisdug writes: A new feature has been submitted for inclusion in Linux 6.12, allowing the display of a QR code when a kernel panic occurs using the DRM Panic handler. This QR code can capture detailed error information that is often missed in traditional text-based panic messages, making it more user-friendly. The feature, written in Rust, is optional and can be enabled via a specific build switch. This implementation follows similar ideas from other operating systems and earlier discussions in the Linux community.

Read more of this story at Slashdot.

An anonymous reader shares a report: It's been a burning question for months -- are Intel's laptop chips susceptible to the same permanent damage that can potentially lay 24 different flagship desktop chips low? Today, Intel has finally confirmed: its 13th and 14th Gen laptop chips do not seem to have an instability issue. And the company claims they are definitely not affected by the too-high voltage issue, which it's now calling "Vmin Shift Instability." While Intel maintains that Vmin Shift Instability is not necessarily the root cause or only cause of the crashes -- it's still investigating -- Intel spokesperson Thomas Hannaford now tells The Verge that laptop chips basically aren't affected at all.

Read more of this story at Slashdot.

Pakistani businesses say internet disruptions this month have harmed their businesses [non-paywalled link] and unsettled investors at a time when the country is counting on the information technology sector to help break a cycle of economic crises and bailouts. From a report: The warnings from executives, investors and a leading IT organisation come as internet watchdogs have reported a marked slowdown in connection speeds and service interruptions to applications such as WhatsApp, the Meta-owned messaging platform that is widely used in the country. Nadeem Elahi, managing director for TRG, a venture capital firm that operates Pakistan's biggest outsourcing services provider, said internet connectivity was "by far the worst it has been in the last 12 months." "If we want to be a global business processing operation destination, then 100 per cent reliable connectivity is essential for customers," he said, estimating that the quality of connection had degraded by 30 to 40 per cent. Technology is one of Pakistan's few standout sectors, and Islamabad is relying on software developers and IT freelancers to help lift the country out of a chronic foreign exchange rut that has sent it to the IMF for support two dozen times. IT exports rose 24 per cent to $3.2bn, an all-time high, in the 12 months to the end of June, according to the State Bank of Pakistan.

Read more of this story at Slashdot.

For decades drugmakers have taken a more-is-more model when dosing cancer drugs in clinical trials. U.S. regulators want them to reconsider that approach. From a report: Companies with cancer drugs in clinical trials must strike a balance between doses high enough to thwart tumors, but low enough to avoid intolerable side effects. For years, Food and Drug Administration officials have expressed concern that cancer drug doses are often too high, leading to unnecessary side effects. An FDA program launched in 2021, Project Optimus, requires companies to re-examine how they set doses of cancer treatments. This typically involves larger clinical trials to test doses to find those that optimally balance safety and efficacy. Entrepreneurs support the aim, but some fear the initiative will add time and cost to drug development, putting startups at a further disadvantage to larger competitors. [...] The FDA says it encourages drugmakers to discuss dosing plans with the agency and that new medications can still be brought to patients quickly.

Read more of this story at Slashdot.

An anonymous reader shares a report: When French prosecutors charged Pavel Durov, the chief executive of the messaging app Telegram, with a litany of criminal offenses on Wednesday, one accusation stood out to Silicon Valley companies. Telegram, French authorities said in a statement, had provided cryptology services aimed at ensuring confidentiality without a license. In other words, the topic of encryption was being thrust into the spotlight. The cryptology charge raised eyebrows at U.S. tech companies including Signal, Apple and Meta's WhatsApp, according to three people with knowledge of the companies. These companies provide end-to-end encrypted messaging services and often stand together when governments challenge their use of the technology, which keeps online conversations between users private and secure from outsiders. But while Telegram is also often described as an encrypted messaging app, it tackles encryption differently than WhatsApp, Signal and others. So if Mr. Durov's indictment turned Telegram into a public exemplar of the technology, some Silicon Valley companies believe that could damage the credibility of encrypted messaging apps writ large, according to the people, putting them in a tricky position of whether to rally around their rival. Encryption has been a long-running point of friction between governments and tech companies around the world. For years, tech companies have argued that encrypted messaging is crucial to maintain people's digital privacy, while law enforcement and governments have said that the technology enables illicit behaviors by hiding illegal activity. The debate has grown more heated as encrypted messaging apps have become mainstream. Signal has grown by tens of millions of users since its founding in 2018. Apple's iMessage is installed on the hundreds of millions of iPhones that the company sells each year. WhatsApp is used by more than two billion people globally.

Read more of this story at Slashdot.

A new AI model being developed by Google could make diagnosing tuberculosis and other respiratory ailments as easy as recording a voice note. From a report: Google is training one of its foundational AI models to listen for signs of disease using sound signals, like coughing, sneezing, and sniffling. This tech, which would work using people's smartphone microphones, could revolutionize diagnoses for communities where advanced diagnostic tools are difficult to come by. The tech giant is collaborating with Indian respiratory health care AI startup, Salcit Technologies. The tech, which was introduced earlier this year as Health Acoustic Representations, or HeAR, is what's known as a bioacoustic foundation model. HeAR was then trained on 300 million pieces of audio data, including 100 million cough sounds, to learn to pick out patterns in the sounds. Salcit is then using this AI model, in combination with its own product Swaasa, which uses AI to analyze cough sounds and assess lung health, to help research and improve early detection of TB based solely on cough sounds.

Read more of this story at Slashdot.