RSS 생중계

Three employees at cybersecurity companies spent years moonlighting as criminal hackers, launching their own ransomware attacks in a plot to extort millions of dollars from victims around the country, US prosecutors alleged in court filings. From a report: Ryan Clifford Goldberg, a former incident response supervisor at Sygnia Consulting, and Kevin Tyler Martin, who was a ransomware negotiator for DigitalMint, were charged with working together to hack five businesses starting in May 2023. In one instance, they, along with a third person, received a ransom payment of nearly $1.3 million worth of cryptocurrency from a medical device company based in Tampa, Florida, according to prosecutors. The trio worked in a part of the cybersecurity industry that has sprung up to help companies negotiate with hackers to unfreeze their computer networks -- sometimes by paying ransom. They are also accused of sharing their illicit profits with the developers of the type of ransomware they allegedly used on their victims. DigitalMint informed some customers about the charges last week, according to a document seen by Bloomberg News. The other person who was allegedly involved in the scheme was also a ransomware negotiator at the same firm as Martin but wasn't charged, according to court records. The person wasn't identified in court records, nor were the companies that were the defendants' former employers. Sygnia confirmed Goldberg had worked there. Martin last year gave a talk at a law school, which listed him as an employee of DigitalMint.

Read more of this story at Slashdot.

Amazon has sent a cease-and-desist letter to Perplexity AI demanding that the AI search startup stop allowing its AI browser agent, Comet, to make purchases online for users. From a report: The e-commerce giant is accusing Perplexity of committing computer fraud by failing to disclose when its AI agent is shopping on a user's behalf, in violation of Amazon's terms of service, according to people familiar with the letter sent on Friday. The document also said Perplexity's tool degraded the Amazon shopping experience and introduced privacy vulnerabilities, said the people, who spoke on condition of anonymity to discuss internal matters. In response, Perplexity said Amazon is bullying a smaller competitor with a rival AI agent shopping product. The clash between Amazon and Perplexity offers an early glimpse into a looming debate over how to handle the proliferation of so-called AI agents that field more complex tasks online for users, including shopping. Like OpenAI and Alphabet's Google, Perplexity has pushed to rethink the traditional web browser around AI, with the goal of having it streamline more actions for users, such as drafting emails and conducting research.

Read more of this story at Slashdot.

Apple is preparing to enter the low-cost laptop market for the first time, developing a budget Mac aimed at luring away customers from Chromebooks and entry-level Windows PCs. Bloomberg News: The new device -- designed for students, businesses and casual users -- will target people who primarily browse the web, work on documents or conduct light media editing, according to people familiar with the matter. [...] Apple plans to sell the new machine for well under $1,000 by using less-advanced components. The laptop will rely on an iPhone processor and a lower-end LCD display. The screen will also be the smallest of any current Mac, coming in at slightly below the 13.6-inch one used in the MacBook Air. This would mark the first time that Apple has used an iPhone processor in a Mac, rather than a chip designed specifically for a computer. But internal tests have shown that the smartphone chip can perform better than the Mac-optimized M1 used in laptops as recently as a few years ago.

Read more of this story at Slashdot.

Speaking of Australia, its government has introduced content quotas on global streamers. From a report: The rules require Netflix, Prime Video and the other global streamers with more than one million Australian subscribers to spend 10% of their total Australian expenditure -- or 7.5% of their revenues -- on local originals, whether they are dramas, children's shows, docs, or arts and educational programs. Following the announcement, the legislation will be introduced into the Australian parliament. Australia's Labor government has long planned to being in the quotas as part of its Revive cultural policy, but months and months of delays had left the local industry wondering how committed their political leaders were to the plan. Global streamers have broadly rejected the necessity of quotas, claiming their local investment in content and jobs offsets them.

Read more of this story at Slashdot.

Britain's National Centre for Gaming Disorders has treated 67 people over the age of 40 since opening in 2019. The oldest patient was a 72-year-old woman with a smartphone gaming obsession. Britons over 65 spent more than three hours a day online on smartphones, computers and tablets last year, according to Ofcom. They spent more than five and a half hours watching broadcast television. Over-65s are more likely than under-25s to own tablets, smart televisions, e-readers, and desktop and laptop computers, a seven-country survey by GWI found. Nearly a fifth of 55- to 64-year-olds own a games console. Ipsit Vahia, who heads the Technology and Ageing Laboratory at McLean Hospital, part of Harvard Medical School, said some older adults are increasingly living their lives through their phones the way teenagers or adolescents sometimes do. A 2022 study in South Korea estimated that 15% of those aged 60-69 were at risk of phone addiction. A meta-analysis published in April of studies on more than 400,000 older adults found that over-50s who regularly used digital devices had lower rates of cognitive decline than those who did not.

Read more of this story at Slashdot.

An anonymous reader shares a report: Before the potential of the internet was appreciated around the world, nations that understood its importance managed to scoop outsized allocations of IPv4 addresses, actions that today mean many users in the rest of the world are more likely to find their connections throttled or blocked. So says Cloudflare, which last week published research that recalls how once the world started to run out of IPv4 addresses, engineers devised network address translation (NAT) so that multiple devices can share a single IPv4 address. NAT can handle tens of thousands of devices, but carriers typically operate many more. Internetworking wonks therefore developed Carrier-Grade NAT (CGNAT), which can handle over 100 devices per IPv4 address and scale to serve millions of users. That's useful for carriers everywhere, but especially valuable for carriers in those countries that missed out on big allocations of IPv4 because their small pool of available number resources means they must employ CGNAT to handle more users and devices. Cloudflare's research suggests carriers in Africa and Asia use CGNAT more than those on other continents. Cloudflare worried that could be bad for individual netizens. "CGNATs also create significant operational fallout stemming from the fact that hundreds or even thousands of clients can appear to originate from a single IP address," wrote Cloudflare researchers Vasilis Giotsas and Marwan Fayed. "This means an IP-based security system may inadvertently block or throttle large groups of users as a result of a single user behind the CGNAT engaging in malicious activity. Blocking the shared IP therefore penalizes many innocent users along with the abuser."

Read more of this story at Slashdot.

Version 6.18 of the Incus container and virtual-machine management system has been released. Notable changes in this release include new configuration keys for providing credentials to systemd, BPF token delegation, VirtIO support for sound cards, the ability to export ISO volumes, improvements to the IncusOS command-line utility, and more.

AWS today announced Fastnet, a subsea fiber-optic cable that will link Maryland's Eastern Shore to County Cork, Ireland. The project marks Amazon's first wholly-owned subsea cable system after previously participating in similar ventures through consortiums. The cable will carry data at speeds exceeding 320 terabits per second. Amazon did not disclose construction costs but expects the system to begin operations in 2028. The company is burying the cable roughly one and a half meters deep across the ocean floor. Installers will bore a horizontal tunnel from shore to shore. Amazon has added protective steel wiring to guard against ship anchors and deliberate sabotage.

Read more of this story at Slashdot.

Julia is a modern programming language that is of particular interest to scientists due to its high performance combined with language features such as Lisp-style macros, an advanced type system, and multiple dispatch. We last looked at Julia in January on the occasion of its 1.11 release. Early in October Julia 1.12 appeared, bringing a handful of quality-of-life improvements for Julia programmers, most notably support, though still experimental and limited, for the creation of binaries.

Dick Cheney, who served four Republican presidents and became one of the most powerful and controversial vice presidents in American history as an architect of the post-9/11 war on terror, died at 84. His family said he died from complications of pneumonia and cardiac and vascular disease. Cheney served as vice president under George W. Bush for two terms beginning in 2001 and relentlessly advocated for the 2003 invasion of Iraq. Many Americans came to view the war as a strategic and humanitarian disaster. The conflict had far-reaching policy and political consequences that helped turn the public against intervention and upheaved Republican politics. Cheney continued to defend the invasion long after leaving office in 2009. He had heart disease for most of his life and underwent a transplant in 2012. That allowed him to live to see his daughter Liz Cheney follow in his political footsteps to become a House GOP leader. Before serving as vice president, Cheney was defense secretary under George H.W. Bush and chief of staff to Gerald Ford at age 34.

Read more of this story at Slashdot.

Security updates have been issued by Debian (dcmtk, geographiclib, gimp, pure-ftpd, and ruby-rack), Fedora (dotnet9.0), Oracle (expat, kernel, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (git, mariadb:10.5, multiple packages, osbuild-composer, pcs, sssd, and tigervnc), SUSE (kernel and redis), and Ubuntu (google-guest-agent).

Amazon's data-center expansion turned Umatilla, Oregon into an unlikely nerve center for American infrastructure investment. The community of roughly 8,000 residents has seen home prices double and local government budgets surge from $7 million in 2011 to a hundred and $44 million in the past fiscal year. Yesenia Leon-Tejeda, a Realtor and daughter of Mexican-born farmhands who once worked 12-hour shifts at a distribution center, is now on pace to close 35 deals this year. Federal data shows investment in software and information-processing equipment drove most of America's GDP growth in the first half of 2025. Goldman Sachs estimated that roughly 72% of all server-farm capacity sat in just 1% of counties as of July. The region's hydroelectric dams and cheap power attracted Amazon Web Services more than a decade ago. Growth has brought rising costs for housing and child care. Political tensions over spending erupted this year when Mayor Caden Sipe sued the city manager and council members.

Read more of this story at Slashdot.

Version 1.0 of the Capability Hardware Extension to RISC-V for IoT (CHERIoT) specification has been released. CHERIoT is a hardware-software system for secure embedded devices, and the specification provides a full description of the ISA and its intended use by CHERIoT RTOS. David Chisnall has written a blog post about the release that explains its significance as well as plans for CHERIoT 2.0 and beyond:

The last change that we made to the ISA was in December 2024, so we are confident that this is a stable release that we can support in hardware for a long time. This specification was implemented by the 1.0 release of CHERIoT Ibex and by CHERIoT Kudu (which has not yet had an official release). These two implementations demonstrate that the ISA scales from three-stage single-issue pipelines to six-stage dual-issue pipelines, roughly the same range of microarchitectures supported by Arm's M profile.

We at SCI have the first of our ICENI chips, which use the CHERIoT Ibex core, on the way back from the fab now and will be scaling up to mass production in the new year. I am not allowed to speak for other folks building CHERIoT silicon, but I expect 2026 to be an exciting year for the CHERIoT project!

An anonymous reader quotes a report from TechCrunch: U.S. prosecutors have charged two rogue employees of a cybersecurity company that specializes in negotiating ransom payments to hackers on behalf of their victims with carrying out ransomware attacks of their own. Last month, the Department of Justice indicted Kevin Tyler Martin and another unnamed employee, who both worked as ransomware negotiators at DigitalMint, with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five U.S.-based companies. Prosecutors also charged a third individual, Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, as part of the scheme. The three are accused of hacking into companies, stealing their sensitive data, and deploying ransomware developed by the ALPHV/BlackCat group. [...] According to an FBI affidavit filed in September, the rogue employees received more than $1.2 million in ransom payments from one victim, a medical device maker in Florida. They also targeted several other companies, including a Virginia-based drone maker and a Maryland-headquartered pharmaceutical company.

Read more of this story at Slashdot.

Longtime Slashdot reader sinij shares a report from Car and Driver: Sales of electric vehicles surged in September as shoppers rushed to take advantage of the $7500 federal EV tax credit before it disappeared at the end of the month. With the government subsidies now gone, EV sales were expected to take a hit in October. While only a few automakers still report sales on a monthly basis, the results we do have do not paint a rosy picture for EVs in a post-tax credit world. The Korean automakers were hit particularly hard by the loss of the tax credit. The Hyundai Ioniq 5, which was the fifth-best-selling EV through the third quarter of this year, experienced a 63 percent drop, moving 1642 units in October 2025, down from 4498 in 2024. Its platform-mates saw similar declines. The Kia EV6 moved just 508 units, down 71 percent versus the same month the year before, while the luxurious Genesis GV60 only found 93 buyers, a 54 percent slide year over year. Things were even worse at Honda. While the Acura ZDX was recently discontinued after just a single model year, the related Honda Prologue remains on sale but registered just 806 units, down 81 percent from 4130 sales in October 2024. [...] Obviously, this isn't the full picture, as several major players -- including General Motors, Toyota, Nissan, and Volkswagen -- only release sales reports on a quarterly basis, and others, such as Tesla and Rivian, don't break out individual sales at all. But with four of the top 10 bestselling EVs through Q3 all showing noteworthy declines in October, it spells trouble for the EV market at large. The end-of-year sales figures will provide a much clearer picture of whether October was just a blip or the start of a much more widespread problem for EV sales.

Read more of this story at Slashdot.

Australia's new "solar sharer" program will give households in NSW, south-east Queensland, and South Australia at least three hours of free solar power each day starting in 2026 -- even for those without rooftop panels. Other areas will potentially follow in 2027. The Guardian reports: The government said Australians could schedule appliances such as washing machines, dishwashers and air conditioners and charge electric vehicles and household batteries during this time. The solar sharer scheme would be implemented through a change to the default market offer that sets the maximum price retailers can charge customers for electricity in parts of the country. The climate change and energy minister, Chris Bowen, said the program would ensure "every last ray of sunshine was powering our homes" instead of some solar energy being wasted. Australians have installed more than 4m solar systems and there is regularly cheap excess generation in the middle of the day. Part of the rationale for the program is that it could shift demand for electricity from peak times -- particularly early in the evening -- to when it is sunniest. This could help minimize peak electricity prices and reduce the need for network upgrades and intervention to ensure the power grid was stable.

Read more of this story at Slashdot.

An anonymous reader quotes a report from CNN: An Antarctic glacier shrunk by nearly 50% in just two months, the fastest retreat recorded in modern history, according to a new study -- and the way it retreated could have big implications for global sea level rise. The Hektoria Glacier, roughly the size of Philadelphia, is on the Antarctic Peninsula, a spindly chain of mountains sticking off the continent like a thumb pointing toward South America. It is one of the fastest warming regions on Earth. Grounded glaciers like Hektoria, which rest on the seabed and don't float, generally retreat no more than a few hundred meters a year. But between November and December 2022, Hektoria retreated by 5 miles, according to the study published Monday in the journal Nature Geoscience. [...] Understanding more about why this happened is vital; if larger glaciers retreat at similar rates, it could have "catastrophic implications for sea level rise," the authors wrote in a statement accompanying the report. Antarctica holds enough ice to raise global sea level by around 190 feet. Models show that the latest time this kind of ice plain melting occurred was between about 15,000 and 19,000 years ago, "during a period of warming that ended the last Ice Age," notes the report. "[W]e hadn't seen it play out live before, certainly not at this rate," said Naomi Ochwat, a study co-author and postdoctoral associate at the University of Colorado Boulder.

Read more of this story at Slashdot.

Bruce66423 shares a report from the Los Angeles Times: The board of the Los Angeles Department of Water and Power on Tuesday approved a controversial plan to convert part of the city's largest natural gas-fired power plant into one that also can burn hydrogen. In a 3-0 vote, the DWP board signed off on the final environmental impact report for an $800-million modernization of Units 1 and 2 of the Scattergood Generating Station in Playa del Rey. The power plant dates to the late 1950s and both units are legally required to be shut down by the end of 2029. In their place, the DWP will install new combined-cycle turbines that are expected to operate on a mixture of natural gas and at least 30% hydrogen with the ultimate goal of running entirely on hydrogen as more supply becomes available. The hydrogen burned at Scattergood is supposed to be green, meaning it is produced by splitting water molecules through a process called electrolysis. Hydrogen does not emit planet-warming carbon dioxide when it is burned, unlike natural gas. [...] Although burning hydrogen does not produce CO2, the high-temperature combustion process can emit nitrogen oxides, or NOx, a key component of smog. [...] [T]he approved plan contains no specifics about where the hydrogen will come from or how it will get to the site. "The green hydrogen that would supply the proposed project has not yet been identified," the environmental report says. Industry experts and officials said the project will help drive the necessary hydrogen production. "Burning hydrogen produced by 'excess' solar or wind power is a means of energy storage," adds Slashdot reader Bruce66423. "The hard question is whether it's the best solution to the storage problem given that other solutions appear to be emerging that would require less infrastructure investment (think pipes to move the hydrogen to the plant and tanks to store it for later use)."

Read more of this story at Slashdot.

A new class-action lawsuit accuses Spotify of allowing billions of fraudulent Drake streams generated by bots between 2022 and 2025, allegedly inflating his royalties at the expense of other artists. "Spotify pays streaming royalties using a 'pro-rata' model based on an artist's market share," notes Consequence. "Each month, revenue from subscriptions and ads is collected into a single, fixed 'pot' of money, which is then distributed to rights holders based on their percentage of the platform's total streams. Because this pot is fixed, an artist who artificially inflates their numbers through bots would dilute the value of every legitimate stream. This allows them to take a larger share of the pot than they earned, effectively siphoning royalties that should have gone to other artists." From the report: According to Rolling Stone, the lawsuit alleges bot use is a widespread problem on Spotify. However, Drake is the only example named, based on "voluminous information" which the company "knows or should know" that proves a "substantial, non-trivial percentage" of his approximately 37 billion streams were "inauthentic and appeared to be the work of a sprawling network of Bot Accounts." The complaint claims this alleged fraudulent activity took place between "January 2022 and September 2025," with an examination of "abnormal VPN usage" revealing at least 250,000 streams of Drake's song "No Face" during a four-day period in 2024 were actually from Turkey "but were falsely geomapped through the coordinated use of VPNs to the United Kingdom in [an] attempt to obscure their origins." Other notable allegations in the lawsuit are that "a large percentage" of accounts were concentrated in areas where the population could not support such a high volume of streams, including those with "zero residential addresses." The suit also points to "significant and irregular uptick months" for Drake's songs long after their release, as well as a "slower and less dramatic" downtick in streams compared to other artists. Noting a "staggering and irregular" streaming of Drake's music by individuals, the suit also claims there are a "massive amount of accounts" listening to his songs "23 hours a day." Less than 2% of those users account for "roughly 15 percent" of his streams. "Drake's music accumulated far higher total streams compared to other highly streamed artists, even though those artists had far more 'users' than Drake," the lawsuit concludes.

Read more of this story at Slashdot.

concertina226 shares a report from The Register: [A massive power outage in April left tens of millions across Spain, Portugal, and parts of France without electricity for hours due to cascading grid failures, exposing how fragile and interconnected Europe's energy infrastructure is. The incident, though not a cyberattack, reignited concerns about the vulnerability of aging, fragmented, and insecure operational technology systems that could be easily exploited in future cyber or ransomware attacks.] This headache is one the European Commission is focused on. It is funding several projects looking at making electric grids more resilient, such as the eFort framework being developed by cybersecurity researchers at the independent non-profit Netherlands Organisation for Applied Scientific Research (TNO) and the Delft University of Technology (TU Delft). TNO's SOARCA tool is the first ever open source security orchestration, automation and response (SOAR) platform designed to protect power plants by automating the orchestration of the response to physical attacks, as well as cyberattacks, on substations and the network, and the first country to demo it will be the Ukraine this year. At the moment, SOAR systems only exist for dedicated IT environments. The researchers' design includes a SOAR system in each layer of the power station: the substation, the control room, the enterprise layer, the cloud, or the security operations centre (SOC), so that the SOC and the control room work together to detect anomalies in the network, whether it's an attacker exploiting a vulnerability, a malicious device being plugged into a substation, or a physical attack like a missile hitting a substation. The idea is to be able to isolate potential problems and prevent lateral movement from one device to another or privilege escalation, so an attacker cannot go through the network to the central IT management system of the electricity grid. [...] The SOARCA tool is underpinned by CACAO Playbooks, an open source specification developed by the OASIS Open standards body and its members (which include lots of tech giants and US government agencies) to create standardized predefined, automated workflows that can detect intrusions and changes made by malicious actors, and then carry out a series of steps to protect the network and mitigate the attack. Experts largely agree the problem facing critical infrastructure is only worsening as years pass, and the more random Windows implementations that are added into the network, the wider the attack surface is. [...] TNO's Wolthuis said the energy industry is likely to be pushed soon to take action by regulators, particularly once the Network Code on Cybersecurity (NCCS), which lays out rules requiring cybersecurity risk assessments in the electricity sector, is formalized.

Read more of this story at Slashdot.