An anonymous reader quotes a report from Bloomberg: People in a quiet neighborhood in Carthage, a town in Moore County, North Carolina, heard a series of six loud pops a few minutes before 8:00 p.m. on Dec. 3, 2022. A resident named Michael Campbell said he ducked at the sound. Another witness told police they thought they were hearing fireworks. The noise turned out to be someone shooting a rifle at a power substation next door to Campbell's home. The substation, operated by the utility Duke Energy Corp., consists of equipment that converts electricity into different voltages as it's transported to the area and then steered into individual houses. The shots hit the radiator of an electrical transformer, a sensitive piece of technology whose importance would likely be understood only by utility company employees. It began dumping a "vast amount" of oil, according to police reports. A subsequent investigation has pointed to a local right-wing group, one of a wave of attacks or planned attacks on power infrastructure. By 8:10 the lights in Carthage went out. Minutes later, a security alarm went off at a Duke Energy substation 10 miles away, this one protected from view by large pine trees. When company personnel responded, they found that someone had shot its transformer radiator, too. Police found shell casings on the ground at the site and noticed someone had slashed the tires on nearby service trucks. The substations were designed to support each other, with one capable of maintaining service if the other went down. Knocking out both facilities prevented the company from rerouting power. Police described the two incidents as a coordinated attack. About 45,000 families and businesses remained dark for four days. This was a burden for area grocery stores and local emergency services. One woman, 87-year-old Karin Zoanelli, died in the hours after the shooting when the blackout caused her oxygen machine to stop operating. The North Carolina Medical Examiner's office classified the death as a homicide. The attack on Duke's facilities in Moore County remains unsolved, but law enforcement officials and other experts suspect it's part of a rising trend of far-right extremists targeting power infrastructure in an attempt to sow chaos. The most ambitious of these saboteurs hope to usher in societal collapse, paving the way for the violent overthrow of the US government, according to researchers who monitor far-right communities. Damaging the power grid has long been a fixation of right-wing extremists, who have plotted such attacks for many years. They've been getting a boost recently from online venues such as "Terrorgram," a loose network of channels on the social media platform Telegram where users across the globe advocate violent white supremacism. In part, people use Terrorgram to egg one another on -- a viral meme shows a stick figure throwing a Molotov cocktail at electrical equipment. People on the forum have also seized on recent anti-immigration riots in the UK, inciting people there to clash with police. In June 2022, months before the Moore County shootings, users on the forum began offering more practical support in the form of a 261-page document titled "Hard Reset," which includes specific directions on how to use automatic weapons, explosives and mylar balloons to disrupt electricity. One of the document's suggestions is to shoot high-powered firearms at substation transformers.

Read more of this story at Slashdot.

In a letter to the House Judiciary Committee, Meta CEO Mark Zuckerberg expressed regret for not being more vocal about "government pressure" to censor COVID-19-related content. He also acknowledged that Meta shouldn't have demoted a New York Post story about President Biden's family before the 2020 election. The Hill reports: Zuckerberg said senior Biden administration officials "repeatedly pressured" Meta, the parent company of Facebook and Instagram, to "censor" content in 2021. "I believe the government pressure was wrong, and I regret that we were not more outspoken," he wrote to House Judiciary Chair Jim Jordan (R-Ohio). "Like I said to our teams at the time, I feel strongly that we should not compromise our content standards due to pressure from any Administration in either direction -- and we're ready to push back if something like this happens again," Zuckerberg added. The Meta CEO also said the company "shouldn't have demoted" a New York Post story about corruption allegations involving President Biden's family ahead of the 2020 election while waiting for fact-checkers to review it. The social media company has since updated its policies and processes, including no longer demoting content in the U.S. while waiting for fact-checkers, he noted. Zuckerberg also said in Monday's letter that he does not plan to make contributions to local jurisdictions to support election infrastructure this cycle, like he did during the 2020 election. The contributions, which were "designed to be non-partisan," were accused of being unfairly distributed between left-leaning and right-leaning areas and labeled "Zuckerbucks" by Republicans. "Still, despite the analyses I've seen showing otherwise, I know that some people believe this work benefited one party over the other," Zuckerberg said. "My goal is to be neutral and not play a role one way or another -- or to even appear to be playing a role." House Judiciary Republicans touted the letter as a "big win for free speech," writing on X: "Mark Zuckerberg just admitted three things: 1. Biden-Harris Admin 'pressured' Facebook to censor Americans. 2. Facebook censored Americans. 3. Facebook throttled the Hunter Biden laptop story." "Mark Zuckerberg also tells the Judiciary Committee that he won't spend money this election cycle. That's right, no more Zuck-bucks. Huge win for election integrity," it added.

Read more of this story at Slashdot.

Samsung Electronics said it will provide Tizen OS updates for its newer TVs for at least seven years, starting with models released in March this year and some 2023 models. Business Korea reports: [Yoon Seok-woo, President of Samsung Electronics' Visual Display Business Division] emphasized that the seven-year free upgrade for Tizen applied to AI TVs would help Samsung widen the market share gap with Chinese competitors. Tizen, an in-house developed OS, has been applied to over 270 million Samsung smart TVs as of last year, making it the world's largest smart TV platform and a key player in leading the Internet of Things (IoT) era. "AI TV will act as the hub of the AI home, connecting other AI appliances like refrigerators and air conditioners," Yoon explained. "We will expand the AI home era by enabling users to monitor and control peripheral devices through the TV even when it is off or when the user is away." This connectivity is a key differentiator from Chinese competitors, according to Yoon. In the first half of this year, Samsung Electronics maintained the top spot in the global TV market with a 28.8% market share by revenue. However, the combined market share of Chinese companies TCL and Hisense has reached 22.1%, indicating fierce competition.

Read more of this story at Slashdot.

Telegram founder and CEO Pavel Durov was arrested Saturday night by French authorities on allegations that his social media platform was being used for child pornography, drug trafficking and organized crime. The move sparked debate over free speech worldwide from prominent anti-censorship figures including Elon Musk, Robert F. Kennedy. Jr. and Edward Snowden. However, "the immediate freakout came from Russia," reports Politico. "That's because Telegram is widely used by the Russian military for battlefield communications thanks to problems with rolling out its own secure comms system. It's also the primary vehicle for pro-war military bloggers and media -- as well as millions of ordinary Russians." From the report: "They practically detained the head of communication of the Russian army," Russian military blogger channel Povernutie na Z Voine said in a Telegram statement. The blog site Dva Mayora said that Russian specialists are working on an alternative to Telegram, but that the Russian army's Main Communications Directorate has "not shown any real interest" in getting such a system to Russian troops. The site said Durov's arrest may actually speed up the development of an independent comms system. Alarmed Russian policymakers are calling for Durov's release. "[Durov's] arrest may have political grounds and be a tool for gaining access to the personal information of Telegram users," the Deputy Speaker of the Russian Duma Vladislav Davankov said in a Telegram statement. "This cannot be allowed. If the French authorities refuse to release Pavel Durov from custody, I propose making every effort to move him to the UAE or the Russian Federation. With his consent, of course." Their worry is that Durov may hand over encryption keys to the French authorities, allowing access to the platform and any communications that users thought was encrypted. French President Emmanuel Macron said Monday that the arrest of Durov was "in no way a political decision." The Russian embassy has demanded that it get access to Durov, but the Kremlin has so far not issued a statement on the arrest. "Before saying anything, we should wait for the situation to become clearer," said Kremlin spokesperson Dmitry Peskov. However, officials and law enforcement agencies were instructed to clear all their communication from Telegram, the pro-Kremlin channel Baza reported. "Everyone who is used to using the platform for sensitive conversations/conversations should delete those conversations right now and not do it again," Kremlin propagandist Margarita Simonyan said in a Telegram post. "Durov has been shut down to get the keys. And he's going to give them."

Read more of this story at Slashdot.

Stephen Wolfram, renowned mathematician and computer scientist, is calling for philosophers to engage with critical questions surrounding AI as the technology's advancement raises complex ethical and societal issues. Wolfram, creator of Mathematica and Wolfram Alpha, argues that the tech industry's approach to AI development often lacks philosophical rigor. "Sometimes in the tech industry, when people talk about how we should set up this or that thing with AI, some may say, 'Well, let's just get AI to do the right thing.' And that leads to, 'Well, what is the right thing?'" He sees parallels between current AI challenges and foundational questions in philosophy, citing discussions on AI guardrails and the potential for AI to significantly impact society as examples where philosophical inquiry is crucial. The scientist, who earned his doctorate at 20, suggests that philosophers may be better equipped than scientists to tackle the paradigm shifts AI presents. Wolfram's call comes as AI's growing influence raises ethical concerns across industries, urging an interdisciplinary approach to address these emerging challenges.

Read more of this story at Slashdot.

Microsoft has retracted or clarified its statement regarding the deprecation of Windows Control Panel, according to changes made to a support document. The original text, which stated that the Control Panel was "in the process of being deprecated in favor of the Settings app," has been revised. The new version now indicates that "many of the settings in Control Panel are in the process of being migrated to the Settings app." This modification came after widespread media coverage of the initial announcement. It remains unclear whether this change reflects a shift in Microsoft's plans or a correction of an erroneous statement.

Read more of this story at Slashdot.

The Register's Iain Thomson reports: The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General. Drives containing national security data, Foreign Intelligence Surveillance Act information and documents classified as Secret were routinely unlabeled, opening the potential for it to be either lost or stolen, the report [PDF] addressed to FBI Director Christopher Wray states. Ironically, this lack of identification might be considered a benefit, given the lax security at the FBI's facility used to destroy such media after they have been finished with. The OIG report notes that it found boxes of hard drives and removable storage sitting open and unattended for "days or even weeks" because they were only sealed once the boxes were full. This potentially allows any of the 395 staff and contractors with access to the facility to have a rummage around. To deal with this, the FBI is installing wire cages to lock away storage media. In December, the bureau said it would install a video surveillance system at the evidence destruction storage facility to tighten security. As of June this year, it was still processing the paperwork to do so. The OIG also found that FBI agents aren't tracking hard drives and removable storage sent into the central office and the destruction facility. Typically, seized computers are tagged for tracking, but as a cost-saving measure, agents are advised to send in media storage devices containing national security information without the chassis. While there is a requirement to tag removable storage, there isn't the same requirement for internal hard drives. [...] The FBI has assured the regulator that it has the problem in hand and has drafted a Physical Control and Destruction of Classified and Sensitive Electronic Devices and Material Policy Directive, which will require data to be marked up and destroyed safely. The agency says this policy is in the final editing stage and will be issued as soon as possible.

Read more of this story at Slashdot.

An anonymous reader quotes a report from CBC.ca: Prime Minister Justin Trudeau announced Monday Canada will impose punitive tariffs on Chinese-made electric vehicles -- copying a similar initiative that the U.S. is already pursuing to stop a flood of what's been described as unfairly state-subsidized cars. Trudeau made the announcement at the federal cabinet retreat in Halifax where ministers are meeting to craft a strategy for the year ahead -- the last year before an expected federal election in October 2025. Amid industry pressure to copy the U.S. program, Trudeau said a 100 percent surtax will be levied on all Chinese-made EVs, effective Oct. 1. The tariff would effectively double the price of imported vehicles, as it is expected most of the tax would be passed on to consumers. Ottawa is following through now, Trudeau said, to "level the playing field for Canadian workers" and allow Canada's nascent EV industry to compete at home, in North America and globally. The tariff will apply to electric and certain hybrid passenger automobiles, trucks, buses and delivery vans. Chinese brands like BYD are not a major player in Canada's EV market right now but imports from China have exploded in recent years as Tesla switched from U.S. factories for its Canadian sales to its manufacturing plant in Shanghai. The new tariff will apply to those Shanghai-made Teslas that are sold in Canada -- a development that is expected to force the U.S. automaker to supply the Canadian market with vehicles made at one if its other plants in the U.S. or Europe instead. "Unfortunately, Canada made a decision today that will result in fewer affordable electric vehicles for Canadians, less competition and more climate pollution," said Joanna Kyriazis, director of public affairs at Clean Energy Canada. "Not only could today's announcement have a chilling effect on future EV sales, it could drive up EV prices and slow adoption in the near-term as well," Kyriazis said. Flavio Volpe, the president of the Automotive Parts Manufacturers' Association who lobbied Ottawa to follow through with matching the U.S. tariffs, responded: "Sure, what the Chinese are doing is selling us green products that help fulfill some of our EV mandates, but they do it in a regulatory environment where they forgo any stewardship of the environment," he said. Deputy Prime Minister Chrystia Freeland added that the Chinese industry is "built on abysmal labour standards and it is built on abysmal environmental standards."

Read more of this story at Slashdot.

OpenAI said in a letter that it supports California bill AB 3211, which requires tech companies to label AI-generated content. Reuters reports: San Francisco-based OpenAI believes that for AI-generated content, transparency and requirements around provenance such as watermarking are important, especially in an election year, according to a letter sent to California State Assembly member Buffy Wicks, who authored the bill. "New technology and standards can help people understand the origin of content they find online, and avoid confusion between human-generated and photorealistic AI-generated content," OpenAI Chief Strategy Officer Jason Kwon wrote in the letter, which was reviewed by Reuters. AB 3211 has already passed the state Assembly by a 62-0 vote. Earlier this month it passed the senate appropriations committee, setting it up for a vote by the full state Senate. If it passes by the end of the legislative session on Aug. 31, it would advance to Governor Gavin Newsom to sign or veto by Sept. 30.

Read more of this story at Slashdot.

Apple is expected to launch the iPhone 16 lineup on September 9th, 2024, at 1PM ET / 10AM PT. The tech giant sent out invitations to the event today with the tagline: "It's Glowtime" -- a reference to the redesigned Siri with Apple Intelligence. The Verge reports: The big change to the iPhone 16 and 16 Plus is expected to be a switch to a vertically aligned camera system on the back. (If the final phones look like what we've seen on iPhone 16 dummy units, I'm already a big fan of this change.) The iPhone 16 Pro and 16 Pro Max phones might get bigger screens but are rumored to keep Apple's familiar three-camera layout. Those phones could also come in a new bronze color. All four iPhone 16 models are expected to have the Action Button, which was exclusive to the Pro line with the iPhone 15. Apple's new iPhones may also have a new button dedicated to capturing photos and videos, but it's unclear if that will be a Pro-exclusive feature or will be available on the regular iPhone 16 models as well. AI and the company's Apple Intelligence features will likely be a big part of Apple's event, too.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Financial Times: Ikea is taking on the likes of eBay, Craigslist, and Gumtree with a peer-to-peer marketplace for customers to sell secondhand furniture to each other. Ikea Preowned will be tested in Madrid and Oslo until the end of the year with the aim of rolling out the buying and selling platform globally, according to Jesper Brodin, chief executive of Ingka, the main operator of Ikea stores. [...] Ikea has had a small offering under which it buys used furniture from customers and resells it in store. But the new platform is more ambitious, aiming to tackle the secondhand market for customers selling directly to each other -- an area where Brodin estimates Ikea has a higher market share than in new furniture sales. Customers enter their product, their own pictures, and a selling price, while Ikea's own artificial intelligence-enabled database brings in its own promotional images and measurements. The buyer collects the furniture directly from the seller, who has the option of receiving money or a voucher from Ikea with a 15 percent bonus. "Very often there is a monopoly or oligopoly on platforms that operate," said Brodin, talking about eBay or digital classified ad services such as Gumtree in the UK and Finn in Norway. Finn has 8,700 items from Ikea listed in Oslo alone. Early offerings on Ikea Preowned include large items such as sofas for up to $670 (600 euros) and wardrobes for $500 (450 euros) as well as smaller items such as a toilet roll holder for $4.50 (4 euros). Listings are free, but Brodin said Ikea could eventually charge "a symbolic fee, a humble fee." He added: "We're going to verify the full scope including the economics. If a lot of people use the offer to get a discount with Ikea -- it's a good way to reconnect with customers. I am very curious. I think it makes business sense." Ikea has previously tested selling its new furniture on third-party platforms such as Alibaba's Tmall in China, but the Preowned platform marks its first foray into secondhand marketplaces. It also dovetails with the retailer's wish to become "circular and climate positive" by 2030.

Read more of this story at Slashdot.

An anonymous reader shares a report: OpenAI lacks advanced security and customer support. It's just a research company, not an established cloud provider. The ChatGPT-maker is not focused enough on corporate customers. These are just some of the talking points Amazon Web Services' salespeople are told to follow when dealing with customers using, or close to buying, OpenAI's products, according to internal sales guidelines obtained by Business Insider. Other talking points from the documents include OpenAI's lack of access to third-party AI models and weak enterprise-level contracts. AWS salespeople should dispel the hype around AI chatbots like ChatGPT, and steer the conversation toward AWS's strength of running the cloud infrastructure behind popular AI services, the guidelines added. [...] The effort to criticize OpenAI is also unusual for Amazon, which often says it's so customer-obsessed that it pays little attention to competitors. This is the latest sign that suggests Amazon knows it has work to do to catch up in the AI race. OpenAI, Microsoft, and Google have taken an early lead and could become the main platforms where developers build new AI products and tools. Though Amazon created a new AGI team last year, the company's existing AI models are considered less powerful than those made by its biggest competitors. Instead, Amazon has prioritized selling AI tools like Bedrock, which gives customers access to third-party AI models. AWS also offers cloud access to in-house AI chips that compete with Nvidia GPUs, with mixed results so far.

Read more of this story at Slashdot.

Pavel Durov, the Russian-born billionaire co-founder of the Telegram messaging app, was arrested in France in connection with an investigation into criminal activity on the platform and a lack of cooperation with law enforcement, prosecutors announced on Monday. From a report: Durov, who has French citizenship, was detained at Le Bourget airport, just outside Paris, on Saturday evening after arriving from Azerbaijan on his private jet. His surprise arrest has sparked debate over free speech worldwide and led to an outcry in Moscow. The Paris prosecutor Laure Beccuau said the investigation concerned crimes related to illicit transactions, child sexual abuse, fraud and the refusal to communicate information to authorities. Earlier in the day the French president, Emmanuel Macron, gave the first confirmation that Durov had been arrested as part of a judicial inquiry in relation to Telegram. "In a state governed by the rule of law, freedoms are upheld within a legal framework, both on social media and in real life, to protect citizens and respect their fundamental rights," Macron wrote on X, adding that the arrest was "in no way a political decision." "It is up to the judiciary, in full independence, to enforce the law," he said. A senior official at Ofmin, a French agency set up last year to prevent violence against children, said Durov's arrest was linked to Telegram's failure to properly fight crime on the app, including the spread of child sexual abuse material.

Read more of this story at Slashdot.

Car buyers are increasingly skeptical of advanced automotive technologies, a new JD Power survey reveals. The study found that while drivers appreciate practical innovations like blind spot monitoring, they see little value in features such as automatic parking systems and passenger-side infotainment screens. The survey measured user experiences with new vehicle technologies. Results show that systems partially automating driving tasks had low perceived usefulness, aligning with recent Insurance Institute for Highway Safety data indicating no safety improvements from such features. The survey identified AI-based smart climate control as popular among users. However, facial recognition, fingerprint scanners, and gesture controls were largely viewed negatively.

Read more of this story at Slashdot.

Millions of Australians just got official permission to ignore their bosses outside of working hours, thanks to a new law enshrining their "right to disconnect." From a report: The law doesn't strictly prohibit employers from calling or messaging their workers after hours. But it does protect employees who "refuse to monitor, read or respond to contact or attempted contact outside their working hours, unless their refusal is unreasonable," according to the Fair Work Commission, Australia's workplace relations tribunal. That includes outreach from their employer, as well as other people "if the contact or attempted contact is work-related." The law, which passed in February, took effect on Monday for most workers and will apply to small businesses of fewer than 15 people starting in August 2025. It adds Australia to a growing list of countries aiming to protect workers' free time. "It's really about trying to bring back some work-life balance and make sure that people aren't racking up hours of unpaid overtime for checking emails and responding to things at a time when they're not being paid," said Sen. Murray Watt, Australia's minister for employment and workplace relations. The law doesn't give employees a complete pass, however.

Read more of this story at Slashdot.

To build the massive datacenters generative AI requires, major companies like Amazon and Microsoft "are going nuclear," reports CIO magazine. AWS: Earlier this year, AWS paid $650 million to purchase Talen Energy's Cumulus Data Assets, a 960-megawatt nuclear-powered data center on site at Talen's Susquehanna, Pennsylvania, nuclear plant, with additional data centers planned — pending approval by the Nuclear Regulatory Agency... In addition to its purchase of the Cumulus data center, AWS will have access to nuclear energy as part of a 10-year Power Purchase Agreement (PPA) from the Susquehanna site. Microsoft: Last year, Constellation signed a deal giving Microsoft the rights to receive up to 35% of its power from nuclear sources in addition to its existing solar and wind purchases from Constellation for Microsoft's Boydton, Va., data center. Microsoft has also signed a nuclear carbon credits deal with Ontario Power Generation for its operations in Canada. The broader industry: Many of the deals under discussion are with existing nuclear power providers for hyperscalars [large-scale datacenters] to access energy or to employ small module nuclear reactors (SMRs) with smaller carbon footprints that will be annexed to existing nuclear power plants. Nucor, Oklo, Rolls-Royce SMR, Westinghouse Electric, Moltex Energy, Terrestrial Energy, General Electric, Hitachi Nuclear Energy, and X-energy are among the roster of companies with SMRs under development to meet the growing needs of AI data centers... One energy analyst does not expect nuclear SMRs to be operational until 2030, yet he and many others acknowledge the need for sustainable, carbon-free alternatives to electricity, wind, and solar is very pressing. "Today's electric grids are struggling to keep up with demand, even as datacenter companies are planning huge new additions to their fleets to power generative AI applications. As a result, companies like Google, Amazon, and Microsoft are increasingly taking matters into their own hands and getting creative. They are now looking at on-site nuclear-based SMRs, and even fusion reactors," says Peter Kelly-Detwiler, principal of Northbridge Energy Partners. "This global arms race for power arose pretty quickly, and it's like nothing we have ever seen before." Thanks to Slashdot reader snydeq for sharing the news.

Read more of this story at Slashdot.

America's Department of Energy has three R&D labs, according to Wikipedia, one of which is Sandia National Labs. And that New Mexico-based lab has just announced that "A milestone in quantum sensing is drawing closer, promising exquisitely accurate, GPS-free navigation." with research into "a motion sensor so precise it could minimize the nation's reliance on global positioning satellites." Until recently, such a sensor — a thousand times more sensitive than today's navigation-grade devices — would have filled a moving truck. But advancements are dramatically shrinking the size and cost of this technology. For the first time, researchers from Sandia National Laboratories have used silicon photonic microchip components to perform a quantum sensing technique called atom interferometry, an ultra-precise way of measuring acceleration. It is the latest milestone toward developing a kind of quantum compass for navigation when GPS signals are unavailable. The team published its findings and introduced a new high-performance silicon photonic modulator — a device that controls light on a microchip — as the cover story in the journal Science Advances... The new modulator is the centerpiece of a laser system on a microchip. Rugged enough to handle heavy vibrations, it would replace a conventional laser system typically the size of a refrigerator... Besides size, cost has been a major obstacle to deploying quantum navigation devices. Every atom interferometer needs a laser system, and laser systems need modulators. "Just one full-size single-sideband modulator, a commercially available one, is more than $10,000," said Sandia scientist Jongmin Lee. Miniaturizing bulky, expensive components into silicon photonic chips helps drive down these costs. "We can make hundreds of modulators on a single 8-inch wafer and even more on a 12-inch wafer," Kodigala said. And since they can be manufactured using the same process as virtually all computer chips, "This sophisticated four-channel component, including additional custom features, can be mass-produced at a much lower cost compared to today's commercial alternatives, enabling the production of quantum inertial measurement units at a reduced cost," Lee said. As the technology gets closer to field deployment, the team is exploring other uses beyond navigation. Researchers are investigating whether it could help locate underground cavities and resources by detecting the tiny changes these make to Earth's gravitational force. They also see potential for the optical components they invented, including the modulator, in LIDAR, quantum computing, and optical communications. Thanks to Slashdot reader schwit1 for sharing the news.

Read more of this story at Slashdot.

SecurityWeek reports: A significant backdoor in millions of contactless cards made by China-based Shanghai Fudan Microelectronics Group allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world. French security services firm Quarkslab has made an eye-popping discovery... Although the backdoor requires just a few minutes of physical proximity to an affected card to conduct an attack, an attacker in a position to carry out a supply chain attack could execute such attacks instantaneously at scale, researcher Philippe Teuwen explained in a paper. Thanks to Slashdot reader wiredmikey for sharing the article.

Read more of this story at Slashdot.

A university in Taiwan was breached with "a previously unseen backdoor (Backdoor.Msupedge) utilizing an infrequently seen technique," Symantec reports. The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic... The code for the DNS tunneling tool is based on the publicly available dnscat2 tool. It receives commands by performing name resolution... Msupedge not only receives commands via DNS traffic but also uses the resolved IP address of the C&C server (ctl.msedeapi[.]net) as a command. The third octet of the resolved IP address is a switch case. The behavior of the backdoor will change based on the value of the third octet of the resolved IP address minus seven... The initial intrusion was likely through the exploit of a recently patched PHP vulnerability (CVE-2024-4577). The vulnerability is a CGI argument injection flaw affecting all versions of PHP installed on the Windows operating system. Successful exploitation of the vulnerability can lead to remote code execution. Symantec has seen multiple threat actors scanning for vulnerable systems in recent weeks. To date, we have found no evidence allowing us to attribute this threat and the motive behind the attack remains unknown. More from The Record: Compared to more obvious methods like HTTP or HTTPS tunneling, this technique can be harder to detect because DNS traffic is generally considered benign and is often overlooked by security tools. Earlier in June, researchers discovered a campaign by suspected Chinese state-sponsored hackers, known as RedJuliett, targeting dozens of organizations in Taiwan, including universities, state agencies, electronics manufacturers, and religious organizations. Like many other Chinese threat actors, the group likely targeted vulnerabilities in internet-facing devices such as firewalls and enterprise VPNs for initial access because these devices often have limited visibility and security solutions, researchers said. Additional coverage at The Hacker News. Thanks to Slashdot reader joshuark for sharing the article.

Read more of this story at Slashdot.

Long-time Slashdot reader UnderAttack explains: A blog post at the SANS Internet Storm Center suggests that OpenAI actions are being abused to scan for WordPress vulnerabilities. Honeypot sensors at the Storm Center detected scans for URLs targeting WordPress that originated exclusively from OpenAI systems. The URLs requested all pages including the pattern '%%target%%', which may indicate that the scan is meant to include additional path components but the expansion of the template failed. The scans were not only identified by the unique user agent but also by the origin IP addresses matching addresses OpenAI published as being used for OpenAI actions. OpenAI actions allow OpenAI to connect to external APIs. Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu, wrote that OpenAI seems to be scanning random IP addresses — including honeypots.

Read more of this story at Slashdot.