×

Submission + - US 'Know Your Customer' Proposal Will Put an End to Anonymous Cloud Users (torrentfreak.com)

Submitted by Anonymous Coward
An anonymous reader writes: Late January, the U.S. Department of Commerce published a notice of proposed rulemaking for establishing new requirements for Infrastructure as a Service providers (IaaS) . The proposal boils down to a 'Know Your Customer' regime for companies operating cloud services, with the goal of countering the activities of "foreign malicious actors." Yet, despite an overseas focus, Americans won't be able to avoid the proposal's requirements, which covers CDNs, virtual private servers, proxies, and domain name resolution services, among others. [...] Under the proposed rule, Customer Identification Programs (CIPs) operated by IaaS providers must collect information from both existing and prospective customers, i.e. those at the application stage of opening an account. The bare minimum includes the following data: a customer’s name, address, the means and source of payment for each customer’s account, email addresses and telephone numbers, and IP addresses used for access or administration of the account.

What qualifies as an IaaS is surprisingly broad: "Any product or service offered to a consumer, including complimentary or “trial” offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications. The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications. The term is inclusive of “managed” products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and “unmanaged” products or services, in which the provider is only responsible for ensuring that the product is available to the consumer."

And it doesn’t stop there. The term IaaS includes all ‘virtualized’ products and services where the computing resources of a physical machine are shared, such as Virtual Private Servers (VPS). It even covers ‘baremetal’ servers allocated to a single person. The definition also extends to any service where the consumer does not manage or control the underlying hardware but contracts with a third party for access. “This definition would capture services such as content delivery networks, proxy services, and domain name resolution services,” the proposal reads. The proposed rule, National Emergency with Respect to Significant Malicious Cyber-Enabled Activities, will stop accepting comments from interested parties on April 30, 2024.

Submission + - Stripe To Start Taking Crypto Payments, Starting With USDC Stablecoin (techcrunch.com)

Submitted by Anonymous Coward
An anonymous reader writes: Stripe, the fintech giant, continues to inch its way back into the cryptocurrency market. On Thursday the company announced that it would let customers accept cryptocurrency payments, starting with just one currency in particular, USDC stablecoins, initially only on Solana, Ethereum and Polygon. This will be the first time that Stripe has taken crypto payments since 2018, when it dropped support for Bitcoin due to it being too unstable. Stripe in 2022 tried its first reentry into the crypto market when it announced payouts (but not payments) in USDC, with Twitter as its marquee customer for the service. Thursday’s news has no customer names attached to it.

On Wednesday the company unveiled a long list of other launches, the most significant update being that Stripe, for the very first time, would let customers integrate competing payment providers with Stripe’s other financial services tooling. Thursday’s nod to expanding crypto support is also part of that bigger strategy to open up its walled garden. A brief timeline of Stripe’s dance with crypto underscores the tricky line that Stripe has walked over the years when it comes to cryptocurrency. True to its disruptive roots as a fintech, the company has wanted to be in the middle of the conversation around how blockchain-based technologies will affect financial services. But it runs the risk of subverting its bigger business and positioning as a stable and sensible financial powerhouse if it dabbles too deeply or for too long in periods of instability. The company processed $1 trillion in transactions last year, and it’s still growing; it is currently worth $65 billion on paper.

Submission + - FCC Votes To Restore Net Neutrality Rules (nytimes.com)

Submitted by Anonymous Coward
An anonymous reader writes: The Federal Communications Commission voted on Thursday to restore regulations thatexpand government oversight of broadband providersand aim to protect consumer access to the internet, a move that will reignite a long-running battle over the open internet. Known asnet neutrality, the regulations were first put in place nearly a decade ago under the Obama administration and are aimed at preventing internet service providers like Verizon or Comcast from blocking or degrading the delivery of services from competitors like Netflix and YouTube. The rules were repealed under President Donald J. Trump, and have proved to be a contentious partisan issue over the years while pitting tech giants against broadband providers.

In a 3-to-2 vote along party lines, the five-member commission appointed by President Biden revived the rules that declare broadband a utility-like service regulated like phones and water. The rules also give the F.C.C. the ability to demand broadband providers report and respond to outages, as well as expand the agency’s oversight of the providers’ security issues. Broadband providers are expected to sue to try to overturn the reinstated rules.

The core purpose of the regulations is to prevent internet service providers from controlling the quality of consumers’ experience when they visit websites and use services online. When the rules were established, Google, Netflix and other online services warned that broadband providers had the incentive to slow down or block access to their services. Consumer and free speech groups supported this view. There have been few examples of blocking or slowing of sites, which proponents of net neutrality say is largely because of fear that the companies would invite scrutiny if they did so. And opponents say the rules could lead to more and unnecessary government oversight of the industry.

Submission + - South Korean military set to ban iPhones over 'security' concerns (straitstimes.com)

Submitted by Kitkoan
Kitkoan writes: South Korea’s military is considering a comprehensive ban on iPhones in military buildings due to increasing concerns about possible leaks of sensitive information through voice recordings, according to multiple sources on April 23.

The sources, a group of ranking officers who wished to speak on condition of anonymity, said that the Air Force headquarters released an internal announcement on the military’s intranet server on April 11, instructing a complete prohibition on any device capable of voice recording and which does not permit third-party apps to control inherent functions, effective June 1, with iPhones cited as items subject to the ban.

According to the document, the decision to ban iPhones in the military came from joint meetings held by the headquarters of the army, navy and air force, located at Gyeryongdae in South Chungcheong province.

Submission + - Ubuntu 24.04 LTS 'Noble Numbat' Officially Released (9to5linux.com) 1

Submitted by prisoninmate
prisoninmate writes: 9to5Linux reports: "Powered by Linux kernel 6.8, Ubuntu 24.04 LTS features the latest GNOME 46 desktop environment, an all-new graphical firmware update tool called Firmware Updater, Netplan 1.0 for state-of-the-art network management, updated Ubuntu font, support for the deb822 format for software sources, increased vm.max_map_count for better gaming, and Mozilla Thunderbird as a Snap by default."

"Ubuntu 24.04 LTS also comes with an updated Flutter-based graphical desktop installer that’s now capable of updating itself and features a bunch of changes like support for accessibility features, guided (unencrypted) ZFS installations, a new option to import autoinstall configurations for templated custom provisioning, as well as new default installation options, such as Default selection (previously Minimal) and Extended selection (previously Normal)."

Submission + - 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks (wired.com)

Submitted by Anonymous Coward
An anonymous reader writes: Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Ciscowarnedthat its so-called Adaptive Security Appliances—devices that integrate a firewall and VPN with other security features—had been targeted by state-sponsored spies who exploited twozero-day vulnerabilitiesin the networking giant's gear to compromise government targets globally in a hacking campaign it's calling ArcaneDoor.

The hackers behind the intrusions, which Cisco's security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn't be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group's espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored. “This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor,” a blog post from Cisco's Talos researchers reads. Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China's state interests.

Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. “The investigation that followed identified additional victims, all of which involved government networks globally,” the company's report reads. In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco's ASA products. One, which it's calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers' malware to maintain its access to the target devices even when they were rebooted or updated. It's not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances.

Submission + - Updating California's Grid For EVs May Cost Up To $20 Billion (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Two researchers at the University of California, Davis—Yanning Li and Alan Jenn—have determined that nearly two-thirds of [California's] feeder lines don't have the capacity that will likely be needed for car charging. Updating to handle the rising demand might set its utilities back as much as 40 percent of the existing grid's capital cost. Li and Jenn aren't the first to look at how well existing grids can handle growing electric vehicle sales; other research has found various ways that different grids fall short. However, they have access to uniquely detailed data relevant to California's ability to distribute electricity (they do not concern themselves with generation). They have information on every substation, feeder line, and transformer that delivers electrons to customers of the state's three largest utilities, which collectively cover nearly 90 percent of the state's population. In total, they know the capacity that can be delivered through over 1,600 substations and 5,000 feeders.[...]

By 2025, only about 7 percent of the feeders will experience periods of overload. By 2030, that figure will grow to 27 percent, and by 2035—only about a decade away—about half of the feeders will be overloaded. Problems grow a bit more slowly after that, with two-thirds of the feeders overloaded by 2045, a decade after all cars sold in California will be EVs. At that point, total electrical demand will be close to twice the existing capacity. The problems aren't evenly distributed, though. They appear first in high-population areas like the Bay Area. And throughout this period, most of the problems are in feeders that serve residential and mixed-use neighborhoods. The feeders that serve neighborhoods that are primarily business-focused don't see the same coordinated surge in demand that occurs as people get home from work and plug in; they're better able to serve the more erratic use of charging stations at office complexes and shopping centers. In terms of the grid, residential services will need to see their capacity expand by about 16 gigawatts by 2045. Public chargers will need nine gigawatts worth of added capacity by the same point. The one wild card is direct current fast charging. Eliminating fast chargers entirely would reduce the number of feeders that need upgrades by 12 percent. Converting all public stations to DC fast charging, in contrast, would boost that number by 15 percent. So the details of the upgrades that will be needed will be very sensitive to the impatience of EV drivers.

Paying for the necessary upgrades will be pricey, but there's a lot of uncertainty here. Li and Jenn came up with a range of anywhere between $6 billion and $20 billion. They put this in context in two ways. The total capital invested in the existing grid is estimated to be $51 billion, so the cost of updating it could be well over a third of its total value. At the same time, the costs will be spread out over decades and only total up to (at most) three times the grid's annual operation and maintenance costs. So in any one year, the costs shouldn't be crippling. All that might be expected to drive the cost of electricity up. But Li and Jenn suggest that the greater volume of electricity consumption will exert a downward pressure on prices (people will pay more overall but pay somewhat less per unit of electricity). Based on a few economic assumptions, the researchers conclude that this would roughly offset the costs of the necessary grid expansion, so the price per unit of electricity would be largely static.

Submission + - No More Refunds After 100 Hours: Steam Closes Early Access Playtime Loophole (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: "Early Access" was once a novel, quirky thing, giving a select set of Steam PC games a way to involve enthusiastic fans in pre-alpha-level play-testing and feedback. Now loads of games launch in various forms of Early Access, in a wide variety of readiness. It's been a boon for games like Baldur's Gate 3, which came a long way across years of Early Access. Early Access, and the "Advanced Access" provided for complete games by major publishers for "Deluxe Editions" and the like, has also been a boon to freeloaders. Craven types could play a game for hours and hours, then demand a refund within the standard two hours of play, 14 days after the purchase window of the game's "official" release. Steam-maker Valve has noticed and, as of Tuesday night, updated its refund policy.

"Playtime acquired during the Advanced Access period will now count towards the Steam refund period," reads the update. In other words: Playtime is playtime now, so if you've played more than two hours of a game in any state, you don't get a refund. That closes at least one way that people could, with time-crunched effort, play and enjoy games for free in either Early or Advanced access.

Submission + - Veteran PC game celebrates 40th anniversary (github.io)

Submitted by sfraggle
sfraggle writes: Biplane shoot-'em up is celebrating 40 years today since its first release back in 1984. The game is one of the oldest PC games still in active development today, originating as an MS-DOS game for the original IBM PC. The 40th anniversary site has a detailed history of how the game was written as a tech demo for the now-defunct Imaginet networking system. There is also a video interview with its original authors.

Submission + - Generative AI Arrives In the Gene Editing World of CRISPR (nytimes.com)

Submitted by Anonymous Coward
An anonymous reader writes: Generative A.I. technologies can writepoetry and computer programsor createimages of teddy bearsandvideos of cartoon charactersthat look like something from a Hollywood movie. Now, new A.I. technology is generating blueprints for microscopic biological mechanisms that can edit your DNA, pointing to a future when scientists can battle illness and diseases with even greater precision and speed than they can today. Described in aresearch paper published on Mondayby a Berkeley, Calif., startup called Profluent, the technology is based on the same methods that drive ChatGPT, the online chatbot thatlaunched the A.I. boom after its release in 2022. The company is expected to present the paper next month at the annual meeting of the American Society of Gene and Cell Therapy.

Submission + - IBM aims to buy Hashicorp (reuters.com)

Submitted by Anonymous Coward
An anonymous reader writes: Allegedly IBM is close to a deal to buy out Hashicorp, Reuters reports.

Submission + - What Comes After OLED? Meet QDEL (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Quantum dots are already moving in the premium display category, particularly through QD-OLED TVs and monitors. The next step could be QDEL, short for "quantum dot electroluminescent," also known as NanoLED, screens. Not to be confused with the QLED (quantum light emitting diode) tech already available in TVs, QDEL displays don't have a backlight. Instead, the quantum dots are the light source. The expected result is displays with wider color spaces than today's QD-OLEDs (quantum dot OLEDs) that are also brighter, more affordable, and resistant to burn-in. It seems like QDEL is being eyed as one of the most potentially influential developments for consumer displays over the next two years. If you’re into high-end display tech, QDEL should be on your radar.

You may know QDEL as NanoLED because that's what Nanosys, a quantum dot supplier developing the technology, calls it. QDEL has gone by other names, such as QLED—before Samsung claimed that acronym for LCD-LED TVs that use quantum dots. You may also see QDEL referred to as QD-EL, QD-LED, or EL-QD. As the alphabet soup suggests, there are still some things to finalize with this tech. This article will mostly use the term QDEL, with occasional references to NanoLED. If none of those names sound familiar, it's probably because you can't buy any QDEL products yet. Suppliers suggest that could change in the next few years; Nanosys is targeting 2026 for commercial availability. [...]

Today's OLED screens use OLED material as their light source, with QD-OLED specifically applying quantum dots to convert the light into color. In QLED, the light source is a white backlight; QDEL displays apply electricity directly to quantum dots, which then generate light. QDEL uses a layer of quantum dots sandwiched between an anode and cathode to facilitates the flow of electricity into the quantum dots. QDEL displays have pixels made of a red quantum dot subpixel, green quantum dot subpixel, and—differing from today's QLED and QD-OLED displays—blue quantum dot subpixel. QDEL displays use the same quantum dot cores that QD-OLED and QLED products use, [Jeff Yurek, Nanosys' VP of marketing] told me, adding, "The functionalization of the outer layer of the [quantum dots] needs to be changed to make it compatible with each display architecture, but the cores that do the heavy lifting are pretty much the same across all of these."

Because QDEL pixels make their own light and can therefore turn off completely, QDEL displays can deliver the same deep blacks and rich contrast that made OLED popular. But with the use of direct-view quantum dots, stakeholders are claiming the potential for wider color gamuts than we've seen in consumer displays before. With fewer layers and parts, there are also implications for QDEL product pricing, longevity, and even thinness. [...] The fact that quantum dots are already being successfully applied to LCD-LED and OLED screens is encouraging for future QDEL products. QDEL stakeholders claim that the tech could bring efficiencies like lower power consumption and higher brightness than OLED. (Research using a prototype device has recorded quantum dot light-emitting diodes reaching 614,000 nits. Of course, those aren't the type of results you should expect to see in a real-life consumer product.) There's also hope that QDEL could eventually last longer than OLED, especially since QDEL doesn't rely on organic materials that can cause burn-in.

Submission + - Driving Dystopia: Connected Vehicle Data Now Up For Grabs By Intel Agencies (thetruthaboutcars.com)

Submitted by schwit1
schwit1 writes: Connected vehicles now appear to be on the table as a new vector for government surveillance. On Saturday, President Joe Biden signed a bill that reauthorizes Section 702 of the Foreign Intelligence Surveillance Act after the Senate passed it late on Friday (60-34).

The bill saw overwhelming support from Democrat legislators and sufficient Republican backing to be pushed through. Any amendments floated that were intended to shield American citizens from getting scooped up in the net without the government first procuring a warrant were struck down while it was still moving through the House earlier in the week.

Section 702 of FISA is supposed to be a way to quickly gather intel on the communications of foreign individuals. However, it’s long been criticized as being repeatedly abused as a way to push through warrantless spying and the latest incarnation seems to be written to do exactly that. While reauthorization was still under consideration in Congress, Rep. Anna Paulina Luna (R-FL) argued that FISA had been improperly used over 278,000 times by the federal government, often violating the rights of U.S. citizens.

"The original intent of the Foreign Intelligence Surveillance Act was to be able to gather information on bad foreign actors," she said. "However, as we have seen over the years, the program has been abused to spy on American citizens in direct violation of American liberty and the 4th Amendment. The FISA court found that the federal government violated its own rules over 278,000 times."

Senator Ron Wyden (D-OR) likewise opposed the bill, stating it effectively forced any business or person who has the ability to record or store electronic communications to spy on behalf of the federal intelligence agencies. In fact, the bill itself states “any other service provider who has access to equipment that is being or may be used to transmit or store wire or electronic communication” is now legally obligated to comply with clandestine communications monitoring on behalf of said agencies. Wyden claimed that would include “anyone with access to a server, a wire, a cable box, a Wi-Fi router, a phone, or a computer.”

It would also include automakers, who now possess some of the world’s largest data centers that compile the immense amount of information produced by today’s connected cars — many of which now incorporate in-cabin microphones and expansive camera arrays. All of that is now appears to be up for grabs, along with the vehicle's positional data and any calls or text made while using it. Moreover, without any need for warrants, there would be no record of who is being spied on or on what grounds. Intelligence agencies can effectively deputize any business or individual for an impromptu surveillance program and then force them to remain quiet about it.

Submission + - Linux Can Finally Run Your Car's Safety Systems and Driver-Assistance Features (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: There's a new Linux distro on the scene today, and it's a bit specialized. Its development was led by the automotive electronics supplier Elektrobit, and it's the first open source OS that complies with the automotive industry's functional safety requirements. [...] With Elektrobit's EB corbos Linux for Safety Applications (that sure is a long name), there's an open source Linux distro that finally fits the bill, having just been given the thumbs up by the German organization TUV Nord. (It also complies with the IEC 61508 standard for safety applications.) "The beauty of our concept is that you don't even need to safety-qualify Linux itself," said Moritz Neukirchner, a senior director at Elektrobit overseeing SDVs. Instead, an external safety monitor runs in a hypervisor, intercepting and validating kernel actions.

"When you look at how safety is typically being done, look at communication—you don't safety-certify the communication specs or Ethernet stack, but you do a checker library on top, and you have a hardware anchor for checking down below, and you insure it end to end but take everything in between out of the certification path. And we have now created a concept that allows us to do exactly that for an operating system," Neukirchner told me. "So in the end, since we take Linux out of the certification path and make it usable in a safety-related context, we don't have any problems in keeping up to speed with the developer community," he explained. "Because if you start it off and say, 'Well, we're going to do Linux as a one-shot for safety,' you're going to have the next five patches and you're off [schedule] again, especially with the security regulation that's now getting toward effect now, starting in July with the UNECE R155 that requires continuous cybersecurity management vulnerability scanning for all software that ends up in the vehicle."

"In the end, we see roughly 4,000 kernel security patches within eight years for Linux. And this is the kind of challenge that you're being put up to if you want to participate in that speed of innovation of an open source community as rich as that of Linux and now want to combine this with safety-related applications," Neukirchner said. Elektrobit developed EB corbos Linux for Safety Applications together with Canonical, and together they will share the maintenance of keeping it compliant with safety requirements over time.

Submission + - Telegram a 'huge' problem for Ukraine; intel chief (thepressunited.com)

Submitted by Anonymous Coward
An anonymous reader writes: Telegram poses a “huge problem” for Ukraine and must be legally forced to do away with anonymous channels, Kiev’s top spy Kirill Budanov said in an interview with the BBC published on Monday.

Submission + - California lawmakers approve bill to make you show ID for online porn (sacbee.com) 1

Submitted by sarren1901
sarren1901 writes: Look at online porn? Soon, you might have to provide a credit card or government ID in order to do so. Both Democratic and Republican lawmakers on the Assembly Privacy and Consumer Protection Committee last week sided with conservative religious organizations against LGBTQ, reproductive health and civil liberty advocacy groups and voted unanimously in favor of AB 3080, a bill by Assemblyman Juan Alanis, R-Modesto, that would require pornographic websites “to take reasonable steps to ensure” that only adults are looking at them.

Read more at: https://www.sacbee.com/news/po...

Submission + - Fedora Linux 40 Officially Released (9to5linux.com)

Submitted by prisoninmate
prisoninmate writes: Fedora Linux 40 distribution has been officially released and it’s now available for download powered by the latest Linux 6.8 kernel series and featuring the GNOME 46 and KDE Plasma 6 desktop environments, reports 9to5Linux:

"Powered by the latest and greatest Linux 6.8 kernel series, the Fedora Linux 40 release ships with the GNOME 46 desktop environment for the flagship Fedora Workstation edition and the KDE Plasma 6 desktop environment for the Fedora KDE Spin, which defaults to the Wayland session as the X11 session was completely removed."

"Fedora Linux 40 also includes some interesting package management changes, such as dropping Delta RPMs and disabling support in the default configuration of DNF / DNF5. It also changes the DNF behavior to no longer download filelists by default. However, this release doesn’t ship with the long-awaited DNF5 package manager."

"For AMD GPUs, Fedora Linux 40 ships with AMD ROCm 6.0 as the latest release of AMD’s software optimized for AI and HPC workload performance, which enables support for the newest flagship AMD Instinct MI300A and MI300X datacenter GPUs."

Submission + - Government Surveillance Keeps Us Safe (nytimes.com)

Submitted by Anonymous Coward
An anonymous reader writes: This is an extraordinarily dangerous time for the United States and our allies. Israel’s unpreparedness on Oct. 7 shows that even powerful nations can be surprised in catastrophic ways. Fortunately, Congress, in a rare bipartisan act, voted early Saturday to reauthorize a key intelligence power that provides critical information on hostile states and threats ranging from terrorism to fentanyl trafficking.

Civil libertarians argued that the surveillance bill erodes Americans’ privacy rights and pointed to examples when American citizens got entangled in investigations. Importantly, the latest version of the bill adds dozens of legal safeguards around the surveillance in question — the most expansive privacy reform to the legislation in its history. The result preserves critical intelligence powers while protecting Americans’ privacy rights in our complex digital age.

At the center of the debate is the Foreign Intelligence Surveillance Act. Originally passed in 1978, it demanded that investigators gain an order from a special court to surveil foreign agents inside the United States. Collecting the communications of foreigners abroad did not require court approval.

Submission + - Windows vulnerability reported by the NSA exploited to install Russian malware (arstechnica.com)

Submitted by echo123
echo123 writes: Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday.

When Microsoft patched the vulnerability in October 2022—at least two years after it came under attack by the Russian hackers—the company made no mention that it was under active exploitation. As of publication, the company’s advisory still made no mention of the in-the-wild targeting. Windows users frequently prioritize the installation of patches based on whether a vulnerability is likely to be exploited in real-world attacks.

On Monday, Microsoft revealed that a hacking group tracked under the name Forest Blizzard has been exploiting CVE-2022-38028 since at least June 2020—and possibly as early as April 2019. The threat group—which is also tracked under names including APT28, Sednit, Sofacy, GRU Unit 26165, and Fancy Bear—has been linked by the US and the UK governments to Unit 26165 of the Main Intelligence Directorate, a Russian military intelligence arm better known as the GRU. Forest Blizzard focuses on intelligence gathering through the hacking of a wide array of organizations, mainly in the US, Europe, and the Middle East.

Microsoft representatives didn't respond to an email asking why the in-the-wild exploits are being reported only now.

Monday’s advisory provided additional technical details:

Read the rest at ArsTechnica.

Submission + - Voyager 1 is sending data back to Earth for the first time in 5 months (cnn.com)

Submitted by Tony Isaac
Tony Isaac writes: Voyager 1 is once again communicating back to Earth and appears to be functioning normally. Kudos to those NASA engineers who figured out how to diagnose that a chip was defective, and rewrite its code to avoid using that chip entirely! I can just imagine what kind of spaghetti code that is by now, but they figured out how to get it to work. I guess V'ger isn't quite here yet!

Slashdot Top Deals