RSS 생중계

American hospitals and healthcare organizations would be required to adopt multi-factor authentication (MFA) and other minimum cybersecurity standards under new legislation proposed by a bipartisan group of US senators. From a report: The Health Care Cybersecurity and Resiliency Act of 2024 [PDF], introduced on Friday by US Senators Bill Cassidy (R-Louisiana), Mark Warner (D-Virginia), John Cornyn (R-Texas), and Maggie Hassan (D-New Hampshire), would, among other things, require better coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) around cybersecurity in the healthcare and public health sector. This includes giving HHS a year to implement a cybersecurity incident response plan and update the types of information displayed publicly via the department's breach reporting portal. Currently, all healthcare orgs that are considered "covered entities" under the US Health Insurance Portability and Accountability Act (HIPAA) are required to notify HHS if they are breached. The new law would require breached entities to report how many people were affected by the security incident. It would also mandate that the portal include details on "any corrective action taken against a covered entity that provided notification of a breach" as well as "recognized security practices that were considered" during the breach investigation, plus any other information that the HHS secretary deems necessary.

Read more of this story at Slashdot.

Interpol arrested 1,006 suspects in Africa during a massive two-month operation, clamping down on cybercrime that left tens of thousands of victims, including some who were trafficked, and produced millions in financial damages, the global police organization said Tuesday. From a report: Operation Serengeti, a joint operation with Afripol, the African Union's police agency, ran from Sept. 2 to Oct. 31 in 19 African countries and targeted criminals behind ransomware, business email compromise, digital extortion and online scams, the agency said in a statement.

Read more of this story at Slashdot.

Google announced additional modifications to its European search results on Tuesday, following complaints from smaller competitors about traffic losses and amid potential EU antitrust charges under new tech regulations. The changes come as Google attempts to comply with the Digital Markets Act, which prohibits tech giants from favoring their own services and after hotels, airlines, and small retailers reported a 30% decline in direct booking clicks following recent platform adjustments. Google's legal director Oliver Bethell said the new proposals include expanded search units offering equal formatting between comparison sites and supplier websites, along with new formats for competitors to display prices and images. The company will also test removing hotel map displays in Germany, Belgium, and Estonia. The Alphabet unit faces possible enforcement action from the European Commission, which began investigating potential DMA violations in March. Companies found breaching the regulations could face fines of up to 10% of their annual global revenue.

Read more of this story at Slashdot.

Software company Deno Land has filed a petition with the U.S. Patent and Trademark Office to cancel Oracle's JavaScript trademark, citing trademark abandonment and fraud. The November 22 filing claims Oracle has not sold JavaScript products or services since acquiring the trademark through its 2009 Sun Microsystems purchase. The petition alleges Oracle committed fraud during its 2019 trademark renewal by submitting Node.js website screenshots without authorization. The legal action follows a September open letter from JavaScript creator Brendan Eich, Node.js and Deno creator Ryan Dahl, and other prominent JavaScript developers urging Oracle to relinquish the trademark. The letter has garnered over 14,000 signatures.

Read more of this story at Slashdot.

Arch Linux is popular as a base for other Linux distributions; examples of Arch-derivatives include EndeavourOS, Manjaro, Parabola, and SteamOS. There's one small problem: the control files used to describe how to build packages for Arch Linux have no stated license. That creates a bit of uncertainty about the rights and responsibilities for the downstream derivatives. So far, that doesn't seem to have been a problem, nor has it stopped other projects from assuming that reuse is allowed. However, the Arch project is looking to add some clarity by explicitly assigning a liberal license to its package sources. Currently the project is in the process of reaching out to contributors to see if they have any objections.

An anonymous reader shares a report: The human eye can't really tell the difference between 4K and 8K resolution. Video game console manufacturers, who have built their businesses selling increasingly powerful machines every few years, are grappling with a future where performance improvements are becoming less dramatic. Sony Group launched its PlayStation 5 Pro console in mid-November. The $700 upgraded version of Sony's 2020 gaming machine uses AI to improve games' frame rate while maintaining exceptional image quality -- at least for 82 games that have been enhanced to take advantage of the new specs. That means gamers can see the realistic glint of their metal sword and experience smooth, sword-swinging battle action. But despite all the fancy tech and a $200 price increase over the previous version, reviews so far haven't suggested it's a must-have machine. "It's an improvement, but there's nothing that makes it a complete generation above what the Series X offered," Daniel Ahmad, director of research and insights at Niko Partners, said. "It's a lot more difficult to distinguish the jump between each generation." The number of households with a gaming console hasn't really budged in more than a decade. Many gamers are replacing older machines more slowly, finding the one they already have is good enough.

Read more of this story at Slashdot.

Mozilla has announced the release of Firefox 133.0. Notable in this release is the addition of a new anti-tracking feature, Bounce Tracking Protection, which detects trackers based on redirect behavior and automatically purges their cookies and site data to thwart tracking. The release also includes various security fixes and more.

An anonymous reader shares a report: Softbank-backed online shopping site Meesho has rolled out what it claims is the first GenAI-powered voice bot among Indian e-commerce firms for customer support, paring down some expenses by 75%. Meesho has more than 160 million customers in India, with 80% of them in smaller cities, towns and villages. [...] The Bengaluru-based e-commerce startup said Tuesday its AI bot currently handles 60,000 customer calls daily in English and Hindi. The startup, which also counts Elevation and Prosus among its backers, plans to add support for six more Indian languages.

Read more of this story at Slashdot.

Security updates have been issued by Debian (pypy3), Fedora (chromium, cobbler, and libsoup3), Oracle (kernel), SUSE (glib2, govulncheck-vulndb, javapackages-tools, xmlgraphics-batik, xmlgraphics- commons, xmlgraphics-fop, libblkid-devel, opentofu, php8, postgresql, postgresql16, postgresql17, thunderbird, traefik, and ucode-intel), and Ubuntu (needrestart and rapidjson).

Brazilian antitrust regulator Cade said this week that Apple must lift restrictions on payment methods for in-app purchases, among other things, as the watchdog moved to proceed with an investigation into a complaint filed by Latin America e-commerce giant MercadoLibre. From a report: MercadoLibre's complaint, filed in 2022 in Brazil and Mexico, accused Apple of imposing a series of restrictions on the distribution of digital goods and in-app purchases, including banning apps from distributing third-party digital goods and services such as movies, music, video games, books and written content. In the complaint, MercadoLibre criticized the California tech giant for requiring developers that offer digital goods or services within apps to use Apple's own payment system and stopping them from redirecting buyers to their websites. Cade ruled that Apple must allow app developers to add tools so customers can buy their services or products outside the app, such as through the use of hyperlinks to external websites.

Read more of this story at Slashdot.

A Stanford study of over 50,000 software engineers across hundreds of companies has found that approximately 9.5% of engineers perform minimal work while drawing full salaries, potentially costing tech companies billions annually. The research showed the issue is most prevalent in remote work settings, where 14% of engineers were classified as "ghost engineers" compared to 6% of office-based staff. The study evaluated productivity through analysis of private Git repositories and simulated expert assessments of code commits. Major tech companies could be significantly impacted, with IBM estimated to have 17,100 underperforming engineers at an annual cost of $2.5 billion. Across the global software industry, the researchers estimate the total cost of underperforming engineers could reach $90 billion, based on a conservative 6.5% rate of "ghost engineers" worldwide.

Read more of this story at Slashdot.

Blue Yonder, a Panasonic subsidiary specializing in AI-driven supply chain solutions, experienced a recent ransomware attack that impacted many of its customers. "Among its 3,000 customers are high-profile organizations like DHL, Renault, Bayer, Morrisons, Nestle, 3M, Tesco, Starbucks, Ace Hardware, Procter & Gamble, Sainsbury, and 7-Eleven," reports BleepingComputer. From the report: On Friday, the company warned that it was experiencing disruptions to its managed services hosting environment due to a ransomware incident that occurred the day before, on November 21. "On November 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident," reads the announcement. "Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols." Blue Yonder claims it has detected no suspicious activity in its public cloud environment and is still processing multiple recovery strategies. [...] As expected, this has impacted clients directly, as a spokesperson for UK grocery store chain Morrisons has confirmed to the media they have reverted to a slower backup process. Sainsbury told CNN that it had contingency plans in place to overcome the disruption. A Saturday update informed customers that the restoration of the impacted services continued, but no specific timelines for complete restoration could be shared yet. Another update published on Sunday reiterated the same, urging clients to monitor the customer update page on Blue Yonder's website over the coming days.

Read more of this story at Slashdot.

The U.S. is preparing to impose new sanctions targeting 200 Chinese chipmakers and potentially restricting the export of High Bandwidth Memory (HBM). The move is intended to further hinder China's semiconductor and AI advancements. Tom's Hardware reports: The update sheds light on the Biden administration's recent efforts to impose stricter regulations on chip manufacturers in China. The latest swarm of sanctions reportedly targets roughly 200 Chinese firms. US companies are prohibited from exporting select technologies or products to the targeted firms. The report suggests that the US Department of Commerce aims to push these new regulations before the Thanksgiving break - or November 28. Neither the Department of Commerce nor the Chamber of Commerce responded to Reuters' request for comments. Moreover, another wave of sanctions is set to follow in December - targeting the export of HBM (High Bandwidth Memory) - primarily to choke China's advance in the AI domain. The impacts of these restrictions are materializing given that Huawei's Kirin SoCs and Ascend AI accelerators will reportedly remain stuck at 7nm technology until 2026 as SMIC fails to procure cutting-edge Extreme Ultraviolet (EUV) machines from ASML.

Read more of this story at Slashdot.

An asteroid named 2024 PT5, recently exhibiting "mini moon" behavior around Earth, may have been a boulder that was blasted off the moon by an impacting, crater-forming asteroid," reports the Associated Press. The 33-foot space rock is expected to pass safely near Earth in January, when it will be closely observed. From the report: While not technically a moon -- NASA stresses it was never captured by Earth's gravity and fully in orbit -- it's "an interesting object" worthy of study. The astrophysicist brothers who identified the asteroid's "mini moon behavior," Raul and Carlos de la Fuente Marcos of Complutense University of Madrid, have collaborated with telescopes in the Canary Islands for hundreds of observations so far. Currently more than 2 million miles (3.5 million kilometers) away, the object is too small and faint to see without a powerful telescope. It will pass as close as 1.1 million miles (1.8 million kilometers) of Earth in January, maintaining a safe distance before it zooms farther into the solar system while orbiting the sun, not to return until 2055. That's almost five times farther than the moon. [...] NASA will track the asteroid for more than a week in January using the Goldstone solar system radar antenna in California's Mojave Desert, part of the Deep Space Network.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TheGamer: With thousands of cards available in Pokemon's "Pokemon Trading Card Game," it can be hard to remember what is what. After all, since first debuting in the mid 1990s to coincide with the games of the same name, the popular collectible has been going strong ever since, with new releases constantly filling store shelves. That said, one avid Pokemon fan took it upon themselves to archive the card game's unique artwork. After hundreds of hours of work, over 23,000 cards have been archived, along with an additional 2,000 pieces of artwork. The end result is one of the best fan creations around. Meet Twitter user pkm_jp, who devoted hundreds of hours to learning how to program in order to make their dream of a one-stop shop of all available card art a reality. "I remember the joy of getting the first set page working, displaying a small collection of cards," they wrote on Twitter. "I knew it was just the beginning." The site, artofpkm.com, "is dedicated to bringing artists and fans together," the created said on X (formerly Twitter). They note that there is still "lots of artwork still to be added and labeled," among other features such as "custom lists, voting, and a proper blog."

Read more of this story at Slashdot.

Microsoft is retiring its "Get Licensing Ready" website, a resource for software licensing education. Going forward, content licensing will be located at microsoft.com/licensing. The Register also notes Microsoft's plans to enhance learning with AI tools, though specifics for licensing applications remain unclear. From the report: Software licensing is notoriously labyrinthine, so resources like the site Microsoft will close -- Get Licensing Ready -- can be very handy. Today, the site offers over 50 training modules plus documentation. But Microsoft has decided not to keep it around in its current form. Indeed, visitors to the site currently see a pop-up that explains "Microsoft will be ending support for licensing certifications through this platform and phasing out the Get Licensing Ready resource." The site's "retirement" date is January 1. Users have until December 1 to complete any active modules and download certificates. If you're a user of the site, get cracking: Redmond warns it is "unable to provide copies of certification after December 31st, 2024." An email alias dedicated to the site will also go away on New Year's Day. A Microsoft spokesperson told The Register the software megalith "remains committed to supporting licensing knowledge and solution-building for our partners and customers" -- in part with "new AI capabilities to further enhance learning and engagement."

Read more of this story at Slashdot.

A new bill introduced by Sen. Peter Welch (D-Vt) aims to make it easier for human creators to find out if their work was used without permission to train artificial intelligence. NBC News reports: The Transparency and Responsibility for Artificial Intelligence Networks (TRAIN) Act would enable copyright holders to subpoena training records of generative AI models, if the holder can declare a "good faith belief" that their work was used to train the model. The developers would only need to reveal the training material that is "sufficient to identify with certainty" whether the copyright holder's works were used. Failing to comply would create a legal assumption -- until proven otherwise -- that the AI developer did indeed use the copyrighted work. [...] In a news release, Welch said the TRAIN Act has been endorsed by several organizations -- including the Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA), the American Federation of Musicians, and the Recording Academy -- as well as major music labels -- including Universal Music Group, Warner Music Group and Sony Music Group.

Read more of this story at Slashdot.

9to5Google's Ben Schoon reports: Google has introduced a new feature on iOS that injects links on third-party websites that take users back to Google Search. Recently, Google announced new "Page Annotations" within the Google app on iOS. This feature, as Google explains, "extracts interesting entities from the webpage and highlights them in line." Effectively, it creates links on a website that you've opened through Google's browser that the website's owner did not put there. The links, when clicked, then perform a search on Google for that subject and open the search in a pop-up window on top of the third-party website. The feature, Google says, will offer an opt-out for website owners through a form. It's pointed out by SERoundTable that opting out can take up to 30 days, while the feature is live now. Further reading: US Says Google Is an Ad Tech Monopolist, in Closing Arguments

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: The Supreme Court signaled it may take up a case that could determine whether Internet service providers must terminate users who are accused of copyright infringement. In an order (PDF) issued today, the court invited the Department of Justice's solicitor general to file a brief "expressing the views of the United States." In Sony Music Entertainment v. Cox Communications, the major record labels argue that cable provider Cox should be held liable for failing to terminate users who were repeatedly flagged for infringement based on their IP addresses being connected to torrent downloads. There was a mixed ruling at the US Court of Appeals for the 4th Circuit as the appeals court affirmed a jury's finding that Cox was guilty of willful contributory infringement but reversed a verdict on vicarious infringement "because Cox did not profit from its subscribers' acts of infringement." That ruling vacated a $1 billion damages award and ordered a new damages trial. Cox and Sony are both seeking a Supreme Court review. Cox wants to overturn the finding of willful contributory infringement, while Sony wants to reinstate the $1 billion verdict. The Supreme Court asking for US input on Sony v. Cox could be a precursor to the high court taking up the case. For example, the court last year asked the solicitor general to weigh in on Texas and Florida laws that restricted how social media companies can moderate their platforms. The court subsequently took up the case and vacated lower-court rulings, making it clear that content moderation is protected by the First Amendment.

Read more of this story at Slashdot.

A new rule passed in Texas requiring cryptocurrency miners using the grid maintained by the Energy Reliability Council of Texas (ERCOT) to register and report key details about their facilities. CoinTelegraph reports: Under the Public Utilities Commission of Texas (PUCT) rule (PDF), passed on Nov. 21, Bitcoin miners must share the location, ownership information and demand for electricity of their facilities with the state agency. Miners have only one working day after the date their facility connects to the ERCOT grid to register and must renew every calendar year on or before March 1. ERCOT is an independent system operator representing 90% of the state's electric load. According to PUCT Chairman Thomas Gleeson, the new rule was designed to help manage the power grid as more mining facilities come online. "To ensure the ERCOT grid is reliable and meets the electricity needs of all Texans, the PUCT and ERCOT need to know the location and power needs of virtual currency miners," he said. Bitcoin miners who fail to register under the PUCT rule will face a Class A violation, which can result in up to $25,000 in daily fines.

Read more of this story at Slashdot.