OpenAI plans to secure further financial backing from its biggest investor Microsoft as the ChatGPT maker’s chief executive Sam Altman pushes ahead with his vision to create artificial general intelligence (AGI) — computer software as intelligent as humans. From a report: In an interview with the Financial Times, Altman said his company’s partnership with Microsoft’s chief executive Satya Nadella was “working really well” and that he expected “to raise a lot more over time” from the tech giant among other investors, to keep up with the punishing costs of building more sophisticated AI models.

Microsoft earlier this year invested $10bn in OpenAI as part of a “multiyear” agreement that valued the San Francisco-based company at $29bn, according to people familiar with the talks. Asked if Microsoft would keep investing further, Altman said: “I’d hope so.” He added: “There’s a long way to go, and a lot of compute to build out between here and AGI… training expenses are just huge.” Altman said “revenue growth had been good this year,” without providing financial details, and that the company remained unprofitable due to training costs. But he said the Microsoft partnership would ensure “that we both make money on each other’s success, and everybody is happy.”

Read more of this story at Slashdot.

Source: Slashdot – OpenAI Expects ‘To Raise a Lot More Over Time’ From Microsoft, Others To Build ‘Superintelligence’

Rovers and orbiters will continue collecting limited data during a two-week communications pause due to the position of Earth, the Sun, and the Red Planet. From a report: NASA will hold off sending commands to its Mars fleet for two weeks, from Nov. 11 to 25, while Earth and the Red Planet are on opposite sides of the Sun. Called Mars solar conjunction, this phenomenon happens every two years. The missions pause because hot, ionized gas expelled from the Sun’s corona could potentially corrupt radio signals sent from Earth to NASA’s Mars spacecraft, leading to unexpected behaviors.

That’s not to say those robotic explorers are on holiday. NASA’s Perseverance and Curiosity rovers will monitor changes in surface conditions, weather, and radiation as they stay parked. Although momentarily grounded, the Ingenuity Mars Helicopter will use its color camera to study the movement of sand, which poses an ever-present challenge to Mars missions. The Mars Reconnaissance Orbiter and the Odyssey orbiter will continue imaging the surface. And MAVEN will continue collecting data on interactions between the atmosphere and the Sun.

Read more of this story at Slashdot.

Source: Slashdot – NASA’s Mars Fleet Will Still Conduct Science While Lying Low

The Nepal government has decided to impose a ban on TikTok. From a report on the local newspaper Kathmandu Post: A Cabinet meeting on Monday took the decision to ban the Chinese-owned app, citing its negative effects on social harmony. However, when the decision will be brought into force is yet to be ascertained. Although freedom of expression is a basic right, a large section of society has criticised TikTok for encouraging a tendency of hate speech, the government said. In the past four years, 1,647 cases of cyber crime have been reported on the video sharing app.

The Cyber Bureau of the Nepal Police, Ministry of Home Affairs, and representatives of TikTok discussed the issue earlier last week. Monday’s decision is expected to be enforced following the completion of technical preparations. The latest decision has come within days after the government introduced the ‘Directives on the Operation of Social Networking 2023.’ As per the new rule, social media platforms operating in Nepal required to set up their offices in the country.

Read more of this story at Slashdot.

Source: Slashdot – Nepal To Ban TikTok

Australian telecoms provider Optus said on Monday that a massive outage which effectively cut off 40% of the country’s population and triggered a political firestorm was caused by “changes to routing information” after a “routine software upgrade.” From a report: More than 10 million Australians were hit by the 12-hour network blackout at the Singapore Telecommunications-owned telco on Nov. 8, triggering fury and frustration among customers and raising wider concerns about the telecommunications infrastructure.

Optus said in a statement that an initial investigation found the company’s network was affected by “changes to routing information from an international peering network” early that morning, “following a routine software upgrade.” It added: “These routing information changes propagated through multiple layers in our network and exceeded preset safety levels on key routers which could not handle these. This resulted in those routers disconnecting from the Optus IP Core network to protect themselves.” The project to reconnect the routers was so large that “in some cases (it) required Optus to reconnect or reboot routers physically, requiring the dispatch of people across a number of sites in Australia”, it added.

Read more of this story at Slashdot.

Source: Slashdot – Optus Says Massive Australia Outage Was After Software Upgrade

Press2ToContinue writes: Starting next year, Meta will play the role of a strict schoolteacher for political ads, making them fess up if they’ve used AI to tweak images or sounds. This new ‘honesty policy’ will kick in worldwide on Facebook and Instagram, aiming to prevent voters from being duped by digitally doctored candidates or made-up events. Meanwhile, Microsoft is jumping on the integrity bandwagon, rolling out anti-tampering tech and a support squad to shield elections from AI mischief.

Read more of this story at Slashdot.

Source: Slashdot – Meta’s New Rule: If Your Political Ad Uses AI Trickery, You Must Confess

Nvidia, the world’s most valuable chipmaker, is updating its H100 artificial intelligence processor, adding more capabilities to a product that has fueled its dominance in the AI computing market. From a report: The new model, called the H200, will get the ability to use high-bandwidth memory, or HBM3e, allowing it to better cope with the large data sets needed for developing and implementing AI, Nvidia said Monday. Amazon’s AWS, Alphabet’s Google Cloud and Oracle’s Cloud Infrastructure have all committed to using the new chip starting next year.

The current version of the Nvidia processor — known as an AI accelerator — is already in famously high demand. It’s a prized commodity among technology heavyweights like Larry Ellison and Elon Musk, who boast about their ability to get their hands on the chip. But the product is facing more competition: AMD is bringing its rival MI300 chip to market in the fourth quarter, and Intel claims that its Gaudi 2 model is faster than the H100. With the new product, Nvidia is trying to keep up with the size of data sets used to create AI models and services, it said. Adding the enhanced memory capability will make the H200 much faster at bombarding software with data — a process that trains AI to perform tasks such as recognizing images and speech.

Read more of this story at Slashdot.

Source: Slashdot – Nvidia Upgrades Processor as Rivals Challenge Its AI Dominance

Google is suing scammers who are trying to use the hype around generative AI to trick people into downloading malware, the company has announced. From a report: In a lawsuit filed today in California, the company says individuals believed to be based in Vietnam are setting up social media pages and running ads encouraging users to “download” its generative AI service Bard. The download actually delivers malware to the victims, which steals social media credentials for the scammers to use. “Defendants are three individuals whose identities are unknown who claim to provide, among other things, ‘the latest version’ of Google Bard for download,” the lawsuit reads.

“Defendants are not affiliated with Google in any way, though they pretend to be. They have used Google trademarks, including Google, Google AI, and Bard to lure unsuspecting victims into downloading malware onto their computers.” The lawsuit notes that scammers have specifically used promoted Facebook posts in an attempt to distribute malware. Similar to crypto scams, the lawsuit highlights how interest in an emerging technology can be weaponized against people who may not fully understanding how it operates.

Read more of this story at Slashdot.

Source: Slashdot – Google Fights Scammers Using Bard Hype To Spread Malware

Netflix’s annual virtual event “Geeked Week” pre-announces its biggest upcoming shows. This year Netflix released a trailer for its upcoming adaptation of The Three-Body Problem, and for its new live-action Avatar: The Last Airbender series. (And there’s also going to be some kind of live-action Stranger Things stage show opening in London in December.)

Variety noted the “explosive” new trailer for Zach Snyder’s new “action-packed space opera” Rebel Moon. The film — which will also have a one-week theatrical run in December — takes place in the same universe as Snyder’s Army of the Dead. But instead of being set in Las Vegas, “The story centers on a young woman living on the outskirts of a galaxy who must find a group of warriors to save the galaxy from an invasion from a tyrant.”

The Verge pulled together a good rundown of all the other announcements — one of which involves Neil Gaiman:
Following last year’s The Sandman, Netflix is bringing even more beloved Neil Gaiman characters to the small screen. This time it’s Dead Boy Detectives — which was originally slated to stream on Max — based on a crime-solving duo who made their debut in a Sandman comic in the ’90s. The news was paired with the first trailer for the series, which shows off a pretty fun-looking supernatural whodunit…
Netflix says the new eight-episode series is part of its growing “Sandman universe”… with Gaiman serving as one of the executive producers. [Coming sometime in 2024]
They’re also launching several animated series. Netflix released a short teaser for Terminator: the Anime Series.
An animated new take on Ultraman.
An animated He-Man reboot, Masters of the Universe: Revolution (with Mark Hamill providing the voice of Skeletor).
An adult animated comedy series based on the card game Exploding Kittens. (The Verge writes that its trailer “features god in the body of a cat and a very confounding garage door” — and that there will also be an accompanying mobile game.)
Netflix also has a new Chicken Run movie coming in December with its own tie-in game called Eggstraction.

Read more of this story at Slashdot.

Source: Slashdot – Netflix Announces Neil Gaiman Series, Zach Snyder Movie, Anime ‘Terminator’ and ‘Exploding Kittens’

There’s already a powerful immunotherapy that “involves engineering a patient’s T cells so they recognize and attack cancer cells,” writes one of America’s top cancer hospitals. The Memorial Sloan Kettering Cancer Center notes that CAR T cell therapy has already begun to revolutionize cancer treatment,” with these “chimeric” T cells “multiplied in a lab and given back to the patient to be a continual fighting force against the cancer.”
But now “New research from the lab of physician-scientist Michel Sadelain, MD, PhD, shows that disrupting a single gene in the CAR T cells can make them more potent and able to fight tumors longer.”
In a paper published in Cancer Discovery, the team demonstrated that disrupting the gene SUV39H1 causes a ripple effect: It restores the expression of multiple genes that help sustain the T cells’ longevity. The researchers showed that this approach improved CAR T cell effectiveness against multiple cancers in mice…

The researchers used the gene-editing tool CRISPR/Cas9 to alter SUV39H1 in human CAR T cells. They placed these modified CAR T cells into mice that had been implanted with either human leukemia cells or prostate cancer cells. For both cancers, the CAR T cells were able to sustain their function without becoming exhausted, leading to tumor elimination. By contrast, mice with unedited CAR T cells did not survive the cancer. “The edited CAR T cells can maintain their anti-cancer effects, even when we challenged them repeatedly by exposing them to new tumors over time,” Dr. Zhao says. “These results suggest that SUV39H1-edited CAR T cells may reduce tumor relapse in patients.”

There did not appear to be serious side effects in the mice, although researchers will need to confirm the safety of this approach in humans. The biotechnology company Mnemo Therapeutics is exploring the possibility of conducting clinical trials based on this research.

Read more of this story at Slashdot.

Source: Slashdot – Cancer Researchers Show CRISPR-Edited CAR T Cells Could Improve Immunotherapy

Cells have a protein receptor that will cause that cell to die — in theory. Unfortunately, “Previous efforts to target this receptor have been unsuccessful,” says Jogender Tushir-Singh, an associate professor in the Department of Medical Microbiology and Immunology at the University of California, Davis.

But he’s now led a team of researchers at the university’s Comprehensive Cancer Center that’s identified a receptor-activating protein section. And more importantly, “now that we’ve identified this epitope, there could be a therapeutic path forward” for targeting that receptor… in tumors.

The findings were published Oct. 14 in the Nature journal Cell Death & Differentiation… Death receptors do precisely what their name implies — when targeted, they trigger programmed cell death of tumor cells. They offer a potential workaround that could simultaneously kill tumor cells and pave the way for more effective immunotherapies and CAR T-cell therapy…
Tushir-Singh and his colleagues knew they might be able to target cancer cells selectively if they found the right epitope. Having identified this specific epitope, he and other researchers can now design a new class of antibodies to selectively bind to and activate Fas to potentially destroy tumor cells specifically.
Singh says their research “sets the stage” to develop antibodies that selectively kill tumor cells.

Read more of this story at Slashdot.

Source: Slashdot – Researchers Identify a ‘Switch’ That Might Someday Kill Tumor Cells

Around 40% of goods entering and leaving Australia are managed by a single ports operator. But from Friday to Monday morning, they were suffering from a cyberattack that had “crippled” their facilities in Melbourne, Sydney, Brisbane and Perth, reports the BBC:
The outage has not affected the supply of goods to major Australian supermarkets, the BBC understands. DP World Australia, a unit of the Dubai state-owned DP World, said its ports resumed operations at 9am local time “following successful tests of key systems overnight”. It added “The company expects that approximately 5,000 containers will move out of the four Australian terminals today….”

DP World said it halted internet connectivity at its ports on Friday to prevent “any ongoing unauthorised access” to its network. Going offline meant trucks had been unable to transport containers in and out of the affected sites. The resumption of service on Monday is the first step towards tackling the attack on its network. DP World said it was still in the process of investigating the disruption and guarding its systems against cyber attacks.

Read more of this story at Slashdot.

Source: Slashdot – Australia Ports Operator Recovers From Two-Day ‘Crippling’ After Cyber-Attack

MacRumors writes that the second beta of iOS 17.2 “adds a new feature that allows an iPhone 15 Pro or âOEiPhone 15 ProâOE Max to record Spatial Video” — that is, in the immersive 3D format for the yet-to-be-released Apple Vision Pro (where it can be viewed in the “Photos” app):

Spatial Video recording can be enabled by going to the Settings app, tapping into the Camera section, selecting Formats, and toggling on “Spatial Video for âOEApple Vision ProâOE…” Spatial Videos taken with an âOEiPhone 15 ProâOE can be viewed on the âOEiPhoneâOE as well, but the video appears to be a normal video and not a Spatial Video.
Tech blogger John Gruber got to test the technology, watching the videos on a (still yet-to-be-released) Vision Pro headset. “I’m blown away once again,” he wrote, calling the experience “astonishing.”

“Before my demo, I provided Apple with my eyeglasses prescription, and the Vision Pro headset I used had appropriate corrective lenses in place. As with my demo back in June, everything I saw through the headset looked incredibly sharp…”
The Vision Pro experience is highly dependent upon foveated rendering, which Wikipedia succinctly describes as “a rendering technique which uses an eye tracker integrated with a virtual reality headset to reduce the rendering workload by greatly reducing the image quality in the peripheral vision (outside of the zone gazed by the fovea)…” It’s just incredible, though, how detailed and high resolution the overall effect is…

Plain old still photos look amazing. You can resize the virtual window in which you’re viewing photos to as large as you can practically desire. It’s not merely like having a 20-foot displayâ — âa size far more akin to that of a movie theater screen than a television. It’s like having a 20-foot display with retina quality resolution, and the best brightness and clarity of any display you’ve ever used… And then there are panoramic photos… Panoramic photos viewed using Vision Pro are breathtaking. There is no optical distortion at all, no fish-eye look. It just looks like you’re standing at the place where the panoramic photo was takenâ — âand the wider the panoramic view at capture, the more compelling the playback experience is. It’s incredible…

As a basic rule, going forward, I plan to capture spatial videos of people, especially my family and dearest friends, and panoramic photos of places I visit. It’s like teleportation… When you watch regular (non-spatial) videos using Vision Pro, or view regular still photography, the image appears in a crisply defined window in front of you. Spatial videos don’t appear like that at all. I can’t describe it any better today than I did in June: it’s like watchingâ — âand listening toâ — âa dream, through a hazy-bordered portal opened into another world…

Nothing you’ve ever viewed on a screen, however, can prepare you for the experience of watching these spatial videos, especially the ones you will have shot yourself, of your own family and friends. They truly are more like memories than videos… [T]he ones I shot myself were more compelling, and took my breath away… Prepare to be moved, emotionally, when you experience this.

Read more of this story at Slashdot.

Source: Slashdot – iOS Beta Adds ‘Spatial Video’ Recording. Blogger Calls Them ‘Astonishing’, ‘Breathtaking’, ‘Compelling’

“In an open-air warehouse in California’s Central Valley, 40-foot-tall racks hold hundreds of trays filled with a white powder that turns crusty as it absorbs carbon dioxide from the sky,” reports the New York Times.

“The start-up that built the facility, Heirloom Carbon Technologies, calls it the first commercial plant in the United States to use direct air capture, which involves vacuuming greenhouse gases from the atmosphere.”

Another plant is operating in Iceland, and some scientists say the technique could be crucial for fighting climate change. Heirloom will take the carbon dioxide it pulls from the air and have the gas sealed permanently in concrete, where it can’t heat the planet. To earn revenue, the company is selling carbon removal credits to companies paying a premium to offset their own emissions. Microsoft has already signed a deal with Heirloom to remove 315,000 tons of carbon dioxide from the atmosphere.

The company’s first facility in Tracy, California, which opens Thursday, is fairly small. The plant can absorb a maximum of 1,000 tons of carbon dioxide per year, equal to the exhaust from about 200 cars. But Heirloom hopes to expand quickly. “We want to get to millions of tons per year,” said Shashank Samala, the company’s chief executive. “That means copying and pasting this basic design over and over.”

Heirloom’s technology hinges on a simple bit of chemistry: Limestone, one of the most abundant rocks on the planet, forms when calcium oxide binds with carbon dioxide. In nature, that process takes years. Heirloom speeds it up. At the California plant, workers heat limestone to 1,650 degrees Fahrenheit in a kiln powered by renewable electricity. Carbon dioxide is released from the limestone and pumped into a storage tank. The leftover calcium oxide, which looks like flour, is then doused with water and spread onto large trays, which are carried by robots onto tower-high racks and exposed to open air. Over three days, the white powder absorbs carbon dioxide and turns into limestone again. Then it’s back to the kiln and the cycle repeats. “That’s the beauty of this, it’s just rocks on trays,” Mr. Samala, who co-founded Heirloom in 2020, said.

The hard part, he added, was years of tweaking variables like particle size, tray spacing and moisture to speed up absorption… In future projects, Heirloom also plans to pump carbon dioxide into underground storage wells, burying it.
The company received funding from Microsoft’s Climate Innovation Fund and Bill Gates’ Breakthrough Energy Ventures, according to Bloomberg, which adds that Heirloom’s technology will later “be deployed at a major hub in Louisiana the government expects will remove 1 million tons of CO2 a year by the end of the decade.”

The New York Times notes there was also federal funding, something that’s been fueling the ambitions of hundreds of carbon-capture startups. “The science is clear,” says America’s Energy Secretary. “Cutting back carbon emissions through renewable energy alone won’t stop the damage from climate change. Direct air capture technology is a game-changing tool that gives us a shot at removing the carbon pollution that has been building in the atmosphere since the Industrial Revolution.”

Read more of this story at Slashdot.

Source: Slashdot – America’s First Commercial Carbon-Sucking Facility Opens in California

Greek economist/politician Yanis Varoufakis “was briefly Greek finance minister in 2015,” remembers the Conversation. Now his new book asks the question, “What killed capitalism,” with the title’s first word providing an answer.
“Techno-feudalism.”

Varoufakis argues that we no longer live in a capitalist society… “Today, capitalist relations remain intact, but techno-feudalist relations have begun to overtake them,” writes Varoufakis. Traditional capitalists, he proposes, have become “vassal capitalists”. They are subordinate and dependent on a new breed of “lords” — the Big Tech companies — who generate enormous wealth via new digital platforms. A new form of algorithmic capital has evolved — what Varoufakis calls “cloud capital” — and it has displaced “capitalism’s two pillars: markets and profits”.

Markets have been “replaced by digital trading platforms which look like, but are not, markets”. The moment you enter amazon.com “you exit capitalism” and enter something that resembles a “feudal fief”: a digital world belonging to one man and his algorithm, which determines what products you will see and what products you won’t see. If you are a seller, the platform will determine how you can sell and which customers you can approach. The terms in which you interact, share information and trade are dictated by an “algo” that “works for [Jeff Bezos’] bottom line”…

Access to the “digital fief” comes at the cost of exorbitant rents. Varoufakis notes that many third-party developers on the Apple store, for example, pay 30% “on all their revenues”, while Amazon charges its sellers “35% of revenues”. This, he argues, is like a medieval feudal lord sending round the sheriff to collect a large chunk of his serfs’ produce because he owns the estate and everything within it.
There is “no disinterested invisible hand of the market” here. The Big Tech platforms are exempted from free-market competition.

And in the meantime, users are unknowingly training their algorithms for them — so “In this interaction, we are all high-tech ‘cloud serfs’… [T]he ‘cloud capital’ we are generating for them all the time increases their capacity to generate yet more wealth, and thus increases their power — something we have only begun to realise.”
Approximately 80% of the income of traditional capitalist conglomerates go to salaries and wages, according to Varoufakis, while Big Tech’s workers, in contrast, collect “less than 1% of their firms’ revenues”… For Varoufakis, we are not just living through a tech revolution, but a tech-driven economic revolution. He challenges us to come to terms with just what has happened to our economies — and our societies — in the era of Big Tech and Big Finance.

Thanks to Slashdot reader ZipNada for sharing the article.

Read more of this story at Slashdot.

Source: Slashdot – Is Capitalism Dead? Yanis Varoufakis Argues Capitalists are Now Vassals to ‘Techno-Feudalists’

Images and information from social media (and other online sources) are being used by AI to create “create convincing and personalized scam calls, texts and emails,” writes the Palm Beach Post, citing a warning from Florida’s consumer watchdog agency.

In an older version of the scam, a caller would greet “Grandma” or “Grandpa” before saying, “It’s me — I know I sound funny because I have a cold,” and then make an urgent plea for money to get out of a scrap… Using audio and video clips found online, the con artist can clone the voice of a family member to make the call more compelling…

Listen for clues to a con like incorrect or mispronounced names or unfamiliar terms of endearment. The pressure to act quickly and to keep the call a secret are all timeless hallmarks of a scam, the agency notes. Detailed instructions on how to deliver funds in a form that is hard to recover — wired funds, a gift card or pay app — are also indications of a ripoff in the making.
The consumer watchdog agency suggests this precaution. “Encourage family members to set their social media pages to private.”
Thanks to long-time Slashdot reader SonicSpike for sharing the article.

Read more of this story at Slashdot.

Source: Slashdot – AI-Generated Voice Deepfakes are Being Used in Scams

Despite a six-episode Ms. Marvel miniseries on Disney+, audiences aren’t turning out now to see the 16-year-old superhero’s team-up with Captain Marvel on the big screen.
The Marvels earned $47 million in its opening weekend, reports Deadline, “the lowest ever for Disney’s Marvel Cinematic Universe,” and $110 million worldwide, “which is also a bottom rung for the MCU and below the $140M we were forecasting.”

In regards to U.S. admissions, The Marvels came in per EntTelligence at 3.3M compared to other superhero bombs, The Flash’s 3.9M and Eternals’ 5.5M. By all accounts and by all sources, it’s a disastrous result for a $200 million Marvel Studios movie… Months ago, who would have thought that Universal/Blumhouse’s Five Nights at Freddys two weeks ago in a day-and-date debut on Peacock would post a higher opening at the box office ($80M) than The Marvels…?

The Marvels meltdown isn’t about superhero fatigue. It’s about Disney’s overexposure of the Marvel Cinematic Universe brand on Disney+, and those moth holes are beginning to show: Keep what’s meant for the cinema in cinemas, and keep what’s meant for in-homes in the home. Meaning, this whole crossover streaming-into-film master plan isn’t working, nor is it really connected in a jaw-dropping way.. The Marvels — with its crossover streaming series blah-blah — looks like it was built to be seen in homes, not to get audiences off the couch.

Read more of this story at Slashdot.

Source: Slashdot – Despite Lead-in On Disney+, ‘The Marvels’ Bombs at Box Office

SysAid’s system management software has “a vulnerability actively being exploited to deploy Clop ransomware,” according to SiliconAngle:

The warning came from Microsoft Corp.’s Threat Intelligence team, which wrote on X that it had discovered the exploitation of a zero-day vulnerability in SysAid’s IT support software that’s being exploited by the Lace Tempest ransomware gang.

Lace Tempest first emerged earlier this year from its attacks involving the MOVEit Transfer and GoAnywhere MFT. This group has been characterized by its sophisticated attack methods, often exploiting zero-day vulnerabilities to infiltrate organizations’ systems to deploy ransomware and exfiltrate sensitive data…
In a blog post, SysAid said that the vulnerability, tracked as CVE-2023-47246, was first discovered on Novembers 2 and is a path traversal vulnerability leading to code execution within the SysAid on-prem software… “Given the scale and impact of the MOVEit breach, which was considered one of the largest in recent history, the potential for the SysAid vulnerability to reach similar levels of disruption is not inconceivable, though several factors would influence this outcome,” Craig Jones, vice president of security operations at managed detection and response provider Ontinue Inc., told SiliconANGLE. “The MOVEit breach, exploited by the Clop ransomware group, impacted over 1,000 organizations and more than 60 million individuals,” Jones explained. “Comparatively, SysAid claims more than 5,000 customers across various industries globally. The potential damage from the SysAid vulnerability would depend on factors such as how widespread the exploitation is, how quickly the patch is applied and the sensitivity of the accessed data.”

SysAid’s blog post confirms the zero-day vulnerability, and says they’ve begun “proactively communicating with our on-premise customers to ensure they could implement a mitigation solution we had identified…”

“We urge all customers with SysAid on-prem server installations to ensure that your SysAid systems are updated to version 23.3.36, which remediates the identified vulnerability, and conduct a comprehensive compromise assessment of your network…”
The attacker uploaded a WAR archive containing a WebShell and other payloads into the webroot of the SysAid Tomcat web service [which] provided the attacker with unauthorized access and control over the affected system.Subsequently, the attacker utilized a PowerShell script, deployed through the WebShell, to execute a malware loader named user.exe on the compromised host, which was used to load the GraceWire trojan…
After this initial access and the deployment of the malware, the attacker utilized a second PowerShell script to erase evidence associated with the attacker’s actions from the disk and the SysAid on-prem server web logs… Given the severity of the threat posed, we strongly recommend taking immediate steps according to your incident response playbook and install any patches as they become available.

Read more of this story at Slashdot.

Source: Slashdot – A SysAid Vulnerability Is Being Used To Deploy Clop Ransomware, Warns Microsoft

Wednesday nearly half of Australia was left without internet or phone service after the country’s second largest telecommunications company experienced a service outage affecting 10 million people.

But that’s not Optus’s only problem, according to this report from the Guardian:

Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack — which resulted in the personal information of about 10 million customers being exposed — after a judge rejected the telco’s legal privilege claim. After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack.

Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner, and a class action case in the federal court. As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public…

It came as the embattled CEO faces pressure over the company’s handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines. The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.

Read more of this story at Slashdot.

Source: Slashdot – Optus Loses Court Bid To Keep Report Into Cause of 2022 Cyber-Attack a Secret

This week the Council of the European Union made an announcement. “With a view to ensuring a trusted and secure digital identity for all Europeans, the Council presidency and European Parliament representatives reached today a provisional agreement on a new framework for a European digital identity (eID).”

The proposed new framework would also require member states “to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification.”

“With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity,” said Nadia Calviño, acting Spanish first vice-president and minister for economy and digitalisation.
From the announcement:

The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication. Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, diplomas, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets with a click of a button on their mobile phone.

The new European digital identity wallets will enable all Europeans to access online services with their national digital identification, which will be recognised throughout Europe, without having to use private identification methods or unnecessarily sharing personal data. User control ensures that only information that needs to be shared will be shared…

The revised law clarifies the scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.
“When finalised, the text will be submitted to the member statesâ(TM) representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EUâ(TM)s Official Journal and enter into force.”

Read more of this story at Slashdot.

Source: Slashdot – ‘Provisional Agreement’ Reached on eID, a ‘Digital Identity for All Europeans’

Started in 2013, “Hour of Code” is an annual tradition started by the education non-profit Code.org (which provides free coding lessons to schools). Its FAQ describes the December event for K-12 students as “a worldwide effort to celebrate computer science, starting with 1-hour coding activities,” and over 100 million schoolkids have participated over the years.

This year’s theme will be “Creativity With AI,” and the “computer vision” lesson includes a short video (less than 7 minutes) featuring a Tesla Autopilot product manager from its computer vision team. “I build self-driving cars,” they say in the video. “Any place where there can be resources used more efficiently I think is a place where technology can play a role. But of course one of the best, impactful ways of AI, I hope, is through self-driving cars.” (The video then goes on to explain how lots of training data ultimately generates a statistical model, “which is just a fancy way of saying, a guessing machine.”)

The 7-minute video is part of a larger lesson plan (with a total estimated time of 45 minutes) in which students tackle a fun story problem. If a sports arena’s scoreboard is showing digital numbers, what series of patterns would a machine-vision system have to recognize to identify each digit. (Students are asked to collaborate in groups.) And it’s just one of seven 45-minute lessons, each one accompanied by a short video. (The longest video is 7 minutes and 28 seconds, and all seven videos, if watched back-to-back, would run for about 31 minutes.)

Not all the lessons involve actual coding, but the goal seems to be familiarizing students (starting at the 6th grade level) with artificial intelligence of today, and the issues it raises. The second-to-last lesson is titled “Algorithmic Bias” — with a video including interviews with an ethicist at Open AI and professor focused on AI from both MIT and Stanford. And the last lesson — “Our AI Code of Ethics” — challenges students to assemble documents and videos on AI-related “ethical pitfalls,” and then pool their discoveries into an educational resource “for AI creators and legislators everywhere.”

This year’s installment is being billed as “the largest learning event in history.” And it’s scheduled for the week of December 4 so it coincides with “Computer Science Education Week” (a CS-education event launched in 2009 by the Association for Computing Machinery, with help from partners including Intel, Microsoft, Google, and the National Science Foundation).

Read more of this story at Slashdot.

Source: Slashdot – How ‘Hour of Code’ Will Teach Students About Issues with AI