For the first time, two new all-electric passenger trains are operating in the US, which is woefully behind the rest of the world in electrifying its rolling stock. The Verge: The two new trains are operated by Caltrain. California Governor Gavin Newson and House Speaker Emerita Nancy Pelosi were on hand to take the inaugural ride, which took place on Saturday. The trains were put into regular service the following day, running along the route between San Jose and San Francisco.

It's taken almost 20 years since the idea of electric trains was first proposed in California. But officials insisted the new trains will be quieter and faster than the diesel-powered trains in current operation while also providing a better experience for passengers. The two trains will be joined by 17 others that should be in service by mid-September.

[...] It shouldn't come as any shock that the US is lagging behind the rest of the world in introducing electric trains. India is on the cusp of electrifying 100 percent of its rail lines, while China is nearing three-quarters of its network. Over 57 percent of the rail system in the European Union is electric.

"Not many Americans have August 6 circled on their calendars," writes the New York Times, "but it's a day that the Japanese can't forget."

79 years after an atomic bomb attack on Hiroshima, the Times visits a hospital that "continues to treat, on average, 180 survivors — known as hibakusha — of the blasts each day." The bombs killed an estimated 200,000 men, women and children and maimed countless more. In Hiroshima 50,000 of the city's 76,000 buildings were completely destroyed. In Nagasaki nearly all homes within a mile and a half of the blast were wiped out. In both cities the bombs wrecked hospitals and schools. Urban infrastructure collapsed...

[T]he hibakusha and their offspring have formed the backbone of atomic memory. Many see their life's work as informing the wider world about what it's like to carry the trauma, stigma and survivor's guilt caused by the bombs, so that nuclear weapons may never be used again. Their urgency to do so has only increased in recent years. With an average age of 85, the hibakusha are dying by the hundreds each month — just as the world is entering a new nuclear age. Countries like the United States, China and Russia are spending trillions of dollars to modernize their stockpiles. Many of the safeguards that once lowered nuclear risk are unraveling, and the diplomacy needed to restore them is not happening. The threat of another blast can't be relegated to history...

Kunihiko Sakuma [who was 9 months old the day of the attack]: "People died or got sick not just right after the bombing. The reality is, their symptoms are emerging even today, 79 years later. I thought all this was in the past. But as I started talking to survivors, I realized their suffering was ongoing. The atomic bomb is such an inhumane weapon, and the effects of radiation stay with survivors for a very long time. That's why they need our continued support."
The article includes this quote from Keiko Ogura, who was 8 years old at the time of the attack — and still worries she hasn't done enough to abolish the use of nuclear weapons: "As survivors, we cannot do anything but tell our story. 'For we shall not repeat the evil' — this is the pledge of survivors. Until we die, we want to tell our story, because it's difficult to imagine."

Many of the stories are horrifying. But I'll note this one by Seiichiro Mise — who on the day of the atomic bomb attack was 10 years old: "I got married in 1964. At the time, people would say that if you married an atomic bomb survivor, any kids you had would be deformed.

"Two years later, I got a call from the hospital saying my baby had been born. But on my way, my heart was troubled. I'm an atomic bomb victim. I experienced that black rain. So I felt anguished. Usually new parents simply ask the doctor, 'Is it a boy or girl?' I didn't even ask that. Instead, I asked, 'Does my baby have 10 fingers and 10 toes?'

"The doctor looked unsettled. But then he smiled and said it was a healthy boy. I was relieved."
The first U.S. president to visit Hiroshima was Barack Obama in 2016. The article notes he did not issue the official apology many Japanese had hoped for. But he did say "we have a shared responsibility to look directly into the eye of history and ask what we must do differently to curb such suffering again...

"Someday the voices of the hibakusha will no longer be with us to bear witness. But the memory of the morning of Aug. 6, 1945, must never fade."

Fortune reports that Crowdstrike "is enjoying a moment of strange cultural cachet at the annual Black Hat security conference, as throngs of visitors flock to its booth to snap selfies and load up on branded company shirts and other swag." (Some attendees "collectively shrugged at the idea that Crowdstrike could be blamed for a problem with a routine update that could happen to any of the security companies deeply intertwined with Microsoft Windows.") Others pointed out that Microsoft should take their fair share of the blame for the outage, which many say was caused by the design of Windows in its core architecture that leads to malware, spyware and driver instability. "Microsoft should not be giving any third party that level of access," said Eric O'Neill, a cybersecurity expert, attorney and former FBI operative. "Microsoft will complain, well, it's just the way that the technology works, or licensing works, but that's bullshit, because this same problem didn't affect Linux or Mac. And Crowdstrike caught it super-early."
Their article notes that Crowdstrike is one of this year's top sponsors of the conference. Despite its recent missteps, Crowdstrike had one of the biggest booths, notes TechCrunch, and "As soon as the doors opened, dozens of attendees started lining up." They were not all there to ask tough questions, but to pick up T-shirts and action figures made by the company to represent some of the nation-state and cybercriminal grups it tracks, such as Scattered Spider, an extortion racket allegedly behind last year's MGM Resorts and Okta cyberattacks; and Aquatic Panda, a China-linked espionage group.

"We're here to give you free stuff," a CrowdStrike employee told people gathered around a big screen where employees would later give demos. A conference attendee looked visibly surprised. "I just thought it would be dead, honestly. I thought it would be slower over there. But obviously, people are still fans, right?"

For CrowdStrike at Black Hat, there was an element of business as usual, despite its global IT outage that caused widespread disruption and delays for days — and even weeks for some customers. The conference came at the same time as CrowdStrike released its root cause analysis that explained what happened the day of the outage. In short, CrowdStrike conceded that it messed up but said it's taken steps to prevent the same incident happening again. And some cybersecurity professionals attending Black Hat appeared ready to give the company a second chance....

TechCrunch spoke to more than a dozen conference attendees who visited the CrowdStrike booth. More than half of attendees we spoke with expressed a positive view of the company following the outage. "Does it lower my opinion of their ability to be a leading-edge security company? I don't think so," said a U.S. government employee, who said he uses CrowdStrike every day.
Although TechCrunch does note that one engineer told his parent company they might consider Crowdstrike competitor Sophos...

Longtime Slashdot reader schwit1 shares a report from Ars Technica: The upper stage from a Chinese rocket that launched a batch of Internet satellites Tuesday has broken apart in space, creating a debris field of at least 700 objects in one of the most heavily-trafficked zones in low-Earth orbit. US Space Command, which tracks objects in orbit with a network of radars and optical sensors, confirmed the rocket breakup Thursday. Space Command initially said the event created more than 300 pieces of trackable debris. The military's ground-based radars are capable of tracking objects larger than 10 centimeters (4 inches). Later Thursday, LeoLabs, a commercial space situational awareness company, said its radars detected at least 700 objects attributed to the Chinese rocket. The number of debris fragments could rise to more than 900, LeoLabs said. The culprit is the second stage of China's Long March 6A rocket, which lifted off Tuesday with the first batch of 18 satellites for a planned Chinese megaconstellation that could eventually number thousands of spacecraft. The Long March 6A's second stage apparently disintegrated after placing its payload of 18 satellites into a polar orbit.

Space Command said in a statement it has "observed no immediate threats" and "continues to conduct routine conjunction assessments to support the safety and sustainability of the space domain." According to LeoLabs, radar data indicated the rocket broke apart at an altitude of 503 miles (810 kilometers) at approximately 4:10 pm EDT (20:10 UTC) on Tuesday, around 13-and-a-half hours after it lifted off from northern China. At this altitude, it will take decades or centuries for the wispy effect of aerodynamic drag to pull the debris back into the atmosphere. As the objects drift lower, their orbits will cross paths with SpaceX's Starlink Internet satellites, the International Space Station and other crew spacecraft, and thousands more pieces of orbital debris, putting commercial and government satellites at risk of collision.

Stressing science education, China is outpacing other countries in research fields like battery chemistry, crucial to its lead in electric vehicles. From a report: China's domination of electric cars, which is threatening to start a trade war, was born decades ago in university laboratories in Texas, when researchers discovered how to make batteries with minerals that were abundant and cheap. Companies from China have recently built on those early discoveries, figuring out how to make the batteries hold a powerful charge and endure more than a decade of daily recharges. They are inexpensively and reliably manufacturing vast numbers of these batteries, producing most of the world's electric cars and many other clean energy systems.

Batteries are just one example of how China is catching up with -- or passing -- advanced industrial democracies in its technological and manufacturing sophistication. It is achieving many breakthroughs in a long list of sectors, from pharmaceuticals to drones to high-efficiency solar panels. Beijing's challenge to the technological leadership that the United States has held since World War II is evidenced in China's classrooms and corporate budgets, as well as in directives from the highest levels of the Communist Party.

A considerably larger share of Chinese students major in science, math and engineering than students in other big countries do. That share is rising further, even as overall higher education enrollment has increased more than tenfold since 2000. Spending on research and development has surged, tripling in the past decade and moving China into second place after the United States. Researchers in China lead the world in publishing widely cited papers in 52 of 64 critical technologies, recent calculations by the Australian Strategic Policy Institute reveal.

China's rapid deployment of robotaxis is raising concerns among the country's 7 million ride-hailing drivers, who fear job losses as autonomous vehicles hit the streets, according to a Reuters report. At least 19 Chinese cities are conducting robotaxi trials, with seven approving tests without human monitors. Baidu's Apollo Go plans to deploy 1,000 vehicles in Wuhan by year-end and operate in 100 cities by 2030. The push for self-driving technology aligns with President Xi Jinping's call for "new productive forces," but contrasts sharply with the more cautious approach in the United States. As robotaxi fleets proliferate, some drivers worry about their livelihoods, with one Wuhan driver predicting "everyone will go hungry."

An anonymous reader quotes a report originally published by Business Insider: A Chinese state-backed company has launched its first 18 satellites in its bid to build a vast orbital network aimed at rivaling Starlink, according to local media. The launch on Monday by Shanghai Spacecom Satellite Technology involved 18 satellites and one rocket, per The China Securities Journal, which is run by state news agency Xinhua. According to the outlet, the rocket lifted off from the Taiyuan satellite and missile launch center in Shanxi province.

These satellites mark the first step in the company's effort to create a 15,000-strong network of Low Earth Orbit satellites, which the firm has dubbed the "Thousand Sails Constellation." The company said it plans to reach that final tally by 2030, per The China Securities Journal. Domestic media has widely called the project the Chinese version of Starlink, which runs about 6,000 satellites. Elon Musk has said that he plans to eventually host a network of 42,000 satellites.

The Thousand Sails Constellation, also known as the G60 project, is one of three planned major satellite networks in the country. Each is expected to field 10,000 or more satellites. Most are anticipated to orbit between 200 and 1,200 miles above the Earth's surface, which is also where Starlink satellites are generally found. The three constellations, along with dozens of ambitious space projects from other Chinese firms, have been fueled by a recent push from the central government to loop the private sector into its science and technology goals.

Chinese scientists discovered water molecules in lunar samples brought back by the Chang'e 5 moon probe, marking the first time whole H2O molecules were found in lunar material. The findings have been published in Nature Astronomy. Smithsonian Magazine reports: The team used X-ray diffraction to analyze the grains of moon soil, in which they found a lunar mineral dubbed ULM-1 whose mass is made up of more than 40 percent water and also includes ammonia. "This is a new form of water stored on the moon," Xiaolong Chen, co-author of the study and physics researcher at the Chinese Academy of Sciences, tells New Scientist's Alex Wilkins.

In the words of CNN's Jessie Yeung, water on the moon is nothing new. Though the samples brought back by the U.S. Apollo missions seemed to show that the moon was dry and lifeless, a recent study suggests that water or hydroxyl may be trapped in glass beads on the moon's surface -- and solar winds could turn the hydroxyl (chemical formula OH) into H2O, according to Yeung. And both American and Indian spacecrafts separately registered what is believed to be water on the moon's surface. This recent discovery, however, marks the first time scientists have found whole molecules of H2O in lunar samples. The findings suggest that "water molecules can persist in sunlit areas of the moon in the form of hydrated salts," the authors write in the study.

An anonymous reader shared this report from BleepingComputer: A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. Also tracked as Evasive Panda, Daggerfly, and StormCloud, this cyber-espionage group has been active since at least 2012, targeting organizations across mainland China, Hong Kong, Macao, Nigeria, and various Southeast and East Asian countries.

On Friday, Volexity threat researchers revealed that the Chinese cyber-espionage gang had exploited insecure HTTP software update mechanisms that didn't validate digital signatures to deploy malware payloads on victims' Windows and macOS devices... To do that, the attackers intercepted and modified victims' DNS requests and poisoned them with malicious IP addresses. This delivered the malware to the targets' systems from StormBamboo's command-and-control servers without requiring user interaction.
Volexity's blog post says they observed StormBamboo "targeting multiple software vendors, who use insecure update workflows..." and then "notified and worked with the ISP, who investigated various key devices providing traffic-routing services on their network. As the ISP rebooted and took various components of the network offline, the DNS poisoning immediately stopped."

BleepingComputer notes that "âAfter compromising the target's systems, the threat actors installed a malicious Google Chrome extension (ReloadText), which allowed them to harvest and steal browser cookies and mail data."

Apple reported a new June quarter revenue record of $85.8 billion, up 5 percent from a year ago, fueled largely by new iPad sales. iPad "saw the biggest category increase for the quarter, up from $5.8 billion to $7.2 billion year-over-year," reports TechCrunch. It helped counter slowed iPhone revenue, "which dropped from $39.7 billion to $39.3 billion year-on-year." From the report: In spite of a drop for the quarter, iPhone remained Apple's most important category by a wide margin, followed by service, which includes software offerings like iCloud, Apple TV+ and Apple Music. That category continued to grow, up to $24.2 billion from $21.2 billion over the same three-month period last year. Much of the iPhone slowdown can be attributed to the greater China region. Overall, the region dropped from $15.8 billion to $14.7 billion for the quarter. Canalys figures from last week show a marked decline in iPhone sales, down 6.7% from 10.4 million to 9.7 million for the quarter, Reuters reported.

The drop in Apple's third-largest region (behind the Americas and Europe) had a clear impact on the company's bottom line. The company aggressively discounted iPhone prices in China starting in May, as competition intensified from domestic rivals. The strategy resulted in strong iPhone sales that month, up close to 40% from a year prior. [...] Q3 marked the second consecutive quarter decline for global iPhone sales. The news puts additional pressure on the generative AI strategy that the company laid out at WWDC in June.

According to China's National Energy Administration (NEA), wind and solar energy have collectively eclipsed coal in capacity for the first time ever. By 2026, analysts forecast solar power alone will surpass coal as the country's primary energy source, with a cumulative capacity exceeding 1.38 terawatts (TW) -- 150 gigawatts (GW) more than coal. Oil Pricereports: This shift stems from a growing emphasis on cleaner energy sources and a move away from fossil fuels for the nation. Despite coal's early advantage, with around 50 GW of annual installations before 2016, China has made substantial investments to expand its renewable energy infrastructure. Since 2020, annual installations of wind and solar energy have consistently exceeded 100 GW, three to four times the capacity additions for coal. This momentum has only gathered pace since then, with last year seeing China set a record with 293 GW of wind and solar installations, bolstered by gigawatt-scale renewable hub projects from the NEA's first and second batches connected to the country's grid.

China's coal power sector is moving in the opposite direction. Last year, approximately 40 GW of coal power was added, but this figure plummeted to 8 GW in the first half of 2024, according to our estimates. Despite the expansion of renewable energy under supportive policies, the government has implemented stricter restrictions on new coal projects to meet carbon reduction goals. Efforts are now focused on phasing out smaller coal plants, upgrading existing ones to reduce emissions and enforcing more stringent standards for new projects. As a result, the annual capacity addition gap between coal and clean energy has widened dramatically, reaching a 16-fold difference in the first half of 2024.

An investigation has determined that "Chinese state actors" were responsible for a 2021 cyberattack on Germany's national office for cartography, officials in Berlin said Wednesday. From a report: The Chinese ambassador was summoned to the Foreign Ministry for a protest for the first time in decades. Foreign Ministry spokesperson Sebastian Fischer said the German government has "reliable information from our intelligence services" about the source of the attack on the Federal Agency for Cartography and Geodesy, which he said was carried out "for the purpose of espionage."

"This serious cyberattack on a federal agency shows how big the danger is from Chinese cyberattacks and spying," Interior Minister Nancy Faeser said in a statement. "We call on China to refrain from and prevent such cyberattacks. These cyberattacks threaten the digital sovereignty of Germany and Europe." Fischer declined to elaborate on who exactly in China was responsible. He said a Chinese ambassador was last summoned to the German Foreign Ministry in 1989 after the Tiananmen Square crackdown.

Russian lawmakers passed a bill on Tuesday that will allow businesses to use crypto currencies in international trade, as part of efforts to skirt Western sanctions imposed after Russia's invasion of Ukraine. From a report: The law is expected to go into force in September, and Russian central bank Governor Elvira Nabiullina, one of the backers of the new law, said the first transactions in cryptocurrencies will take place before the end of the year. Russia has faced significant delays in international payments with major trading partners such as China, India and the United Arab Emirates after banks in those countries, under pressure from Western regulators, became more cautious.

"We are taking a historic decision in the financial sphere," the head of the Duma lower house of parliament, Anatoly Aksakov, told lawmakers. Under the new law, the central bank will create a new "experimental" infrastructure for cryptocurrency payments. Details of the infrastructure have yet to be announced.

China has proposed issuing "cyberspace IDs" to its citizens in order to protect their personal information, regulate the public service for authentication of cyberspace IDs, and accelerate the implementation of the trusted online identity strategy. The Register reports: The ID will take two forms: one as a series of letter and numbers, and the other as an online credential. Both will correspond to the citizen's real-life identity, but with no details in plaintext -- presumably encryption will be applied. A government national service platform will be responsible for authenticating and issuing the cyberspace IDs. The draft comes from the Ministry of Public Security and the Cyberspace Administration of China (CAC). It clarifies that the ID will be voluntary -- for now -- and eliminate the need for citizens to provide their real-life personal information to internet service providers (ISPs). Those under the age of fourteen would need parental consent to apply.

China is one of the few countries in the world that requires citizens to use their real names on the internet. [...] Relying instead on a national ID means "the excessive collection and retention of citizens' personal information by internet service providers will be prevented and minimized," reasoned Beijing. "Without the separate consent of a natural person, an internet platform may not process or provide relevant data and information to the outside without authorization, except as otherwise provided by laws and administrative regulations," reads the draft.

In a Washington Post op-ed last week, OpenAI CEO Sam Altman emphasized the urgent need for the U.S. and its allies to lead the development of "democratic AI" to counter the rise of "authoritarian AI" models (source paywalled; alternative source). He outlined four key steps for this effort: enhancing security measures, expanding AI infrastructure, creating commercial diplomacy policies, and establishing global norms for AI development and deployment. Fortune reports: He noted that Russian President Vladimir Putin has said the winner of the AI race will "become the ruler of the world" and that China plans to lead the world in AI by 2030. Not only will such regimes use AI to perpetuate their own hold on power, but they can also use the technology to threaten others, Altman warned. If authoritarians grab the lead in AI, they could force companies in the U.S. and elsewhere to share user data and use the technology to develop next-generation cyberweapons, he said. [...]

"While identifying the right decision-making body is important, the bottom line is that democratic AI has a lead over authoritarian AI because our political system has empowered U.S. companies, entrepreneurs and academics to research, innovate and build," Altman said. Unless the democratic vision prevails, the world won't be cause to maximize the technology's benefits and minimize its risks, he added. "If we want a more democratic world, history tells us our only choice is to develop an AI strategy that will help create it, and that the nations and technologists who have a lead have a responsibility to make that choice -- now."

The Justice Department has ramped up the case to ban TikTok, saying in a court filing Friday that allowing the app to continue operating in its current state could result in voter manipulation in elections. From a report: The filing was made in response to a TikTok lawsuit attempting to block the government's ban. The Justice Department warned that the app's algorithm and parent company ByteDance's alleged ties to the Chinese government could be used for a "secret manipulation" campaign.

"Among other things, it would allow a foreign government to illicitly interfere with our political system and political discourse, including our elections...if, for example, the Chinese government were to determine that the outcome of a particular American election was sufficiently important to Chinese interests," the filing said. Under a law passed in April, TikTok has until January 2025 to find a new owner or it will be banned in the U.S. The company is suing to have that law overturned, saying it violates the company's First Amendment rights. The Justice Department disputed those claims. "The statute is aimed at national-security concerns unique to TikTok's connection to a hostile foreign power, not at any suppression of protected speech," officials wrote.

Former U.S. president Donald Trump spoke at Nashville's Bitcoin Conference on Saturday.

But he wasn't the only one there making headlines, according to a local newspaper called the Tennesseean: Republican Sens. Cynthia Lummis and Tim Scott pledged their resolute support for the cryptocurrency industry at Nashville's Bitcoin2024 conference Friday — moments before whistleblower and political dissident Edward Snowden warned attendees to be wary of politicians trying to win them over. "Cast a vote, but don't join a cult," Snowden said. "They are not our tribe. They are not your personality. They have their own interests, their own values, their own things that they're chasing. Try to get what you need from them, but don't give yourself to them."

Snowden didn't call out any politicians specifically, but the conference has drawn national attention for its robust lineup of legislators including former President Donald Trump, independent presidential nominee Robert F. Kennedy Jr, former presidential candidate Vivek Ramaswamy and a number of other senators. "Does this feel normal to you?" Snowden said. "When you look at the candidates, when you look at the dynamics, even the people on stage giving all the speeches, I'm not saying they're terrible at all, but it's a little unusual. The fact that they're here is a little unusual...."

Two key tenets of Bitcoin are transparency and decentralization, which means anyone can view all Bitcoin transactions on a public ledger. Snowden said this kind of metadata could be dangerous in the wrong hands, especially with artificial intelligence innovations making it easier to collect. "It is fantasy to imagine they're not doing this," he said.... He added that other countries like China or Russia could be collecting this same data. Snowden said he's afraid the collection of transaction data could happen across financial institutions and ultimately be used against the customers.
Also speaking was RFK Jr — who asked why Snowden hadn't already been pardoned, along with Julian Assange and Ross Ulbricht, when Donald Trump was president (as Kennedy promised to do). According to USA Today, Kennedy promised more than just creating a strategic reserve of Bitcoin worth more than half a trillion dollars: Kennedy also pledged to sign an executive order directing the IRS to treat Bitcoin as an eligible asset for 1031 Exchange into real property — making transactions unreportable and by extension nontaxable — which prompted a roar of approval from the crowd.
Though Trump's appearance also ended with a promise to have the government create a "strategic national bitcoin stockpile," NBC News notes that Trump "stopped short of offering many details." Immediately following Trump's remarks, Senator Cynthia Lummis, R-Wyo., said she would introduce a bill to create the reserve. However, the price of bitcoin fell slightly in the wake of Trump's remarks Saturday, perhaps reflecting crypto traders' unmet expectations for a more definitive commitment on the reserve idea from the presidential candidate...

Shortly after his morning remarks, Bitcoin Magazine reported that a group of Democratic representatives and candidates had sent a letter to the Democratic National Committee urging party leaders to be more supportive of crypto...

On Saturday, the Financial Times reported [presidential candidate Kamala] Harris had approached top crypto companies seeking a "reset" of relations, citing unnamed sources.
Ironically, in the end one conference attendee ended up telling Bloomberg that "It doesn't really matter who the president is. I don't really care much about it, because Bitcoin will do its thing regardless."

Open AI models that allow developers to customize them with few restrictions are more likely to promote competition, FTC Chair Lina Khan said, weighing in on a key debate within the industry. From a report: "There's tremendous potential for open-weight models to promote competition," Khan said Thursday in San Francisco at startup incubator Y Combinator. "Open-weight models can liberate startups from the arbitrary whims of closed developers and cloud gatekeepers."

"Open-weight" models disclose what an AI model picked up and was tweaked on during its training process. That allows developers to better customize them and makes them more accessible to smaller companies and researchers. But critics have warned that open models carry an increased risk of abuse and could potentially allow companies from geopolitical rivals like China to piggyback off the technology. Khan's comments come as the Biden administration is considering guidance on the use and safety of open-weight models.

In a blog post on Tuesday, security firm KnowBe4 revealed that a remote software engineer hire was a North Korean threat actor using a stolen identity and AI-augmented images. "Detailing a seemingly thorough interview process that included background checks, verified references and four video conference-based interviews, KnowBe4 founder and CEO Stu Sjouwerman said the worker avoided being caught by using a valid identity that was stolen from a U.S.-based individual," reports CyberScoop. "The scheme was further enhanced by the actor using a stock image augmented by artificial intelligence." From the report: An internal investigation started when KnowBe4's InfoSec Security Operations Center team detected "a series of suspicious activities" from the new hire. The remote worker was sent an Apple laptop, which was flagged by the company on July 15 when malware was loaded onto the machine. The AI-filtered photo, meanwhile, was flagged by the company's Endpoint Detection and Response software. Later that evening, the SOC team had "contained" the fake worker's systems after he stopped responding to outreach. During a roughly 25-minute period, "the attacker performed various actions to manipulate session history files, transfer potentially harmful files, and execute unauthorized software," Sjouwerman wrote in the post. "He used a [single-board computer] raspberry pi to download the malware." From there, the company shared its data and findings with the FBI and with Mandiant, the Google-owned cyber firm, and came to the conclusion that the worker was a fictional persona operating from North Korea.

KnowBe4 said the fake employee likely had his workstation connected "to an address that is basically an 'IT mule laptop farm.'" They'd then use a VPN to work the night shift from where they actually reside -- in this case, North Korea "or over the border in China." That work would take place overnight, making it appear that they're logged on during normal U.S. business hours. "The scam is that they are actually doing the work, getting paid well, and give a large amount to North Korea to fund their illegal programs," Sjouwerman wrote. "I don't have to tell you about the severe risk of this." Despite the intrusion, Sjouwerman said "no illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems." He chalked up the incident to a threat actor that "demonstrated a high level of sophistication in creating a believable cover identity" and identified "weaknesses in the hiring and background check processes."

An anonymous reader quotes a report from The Guardian: The prestigious Hugo awards for science fiction and fantasy writing has revealed that almost 400 votes -- about 10% of all votes cast in this year's awards -- were fraudulently paid for to help one finalist win. The Hugo administration subcommittee, which tallies the votes for the annual awards, issued a statement on Monday saying that they had determined that 377 votes had been cast by individuals with "obvious fake names and/or other disqualifying characteristics." These included voters with almost identical surnames, with just one letter changed and placed in alphabetical order, and some whose names were "translations of consecutive numbers."

The voting pattern was "startlingly and obviously different" to anything the members of the current Hugo administration subcommittee had ever seen, and most of the votes favored one finalist, who the subcommittee called "Finalist A." "We have no evidence that Finalist A was at all aware of the fraudulent votes being cast for them, let alone in any way responsible for the operation. We are therefore not identifying them," the subcommittee said. Only members of the World Science Fiction Society (WSFS) can nominate works for the Hugos and vote on finalists, which costs a minimum of 45 pounds each year. Based on the Hugo administration subcommittee's tally, paying for 377 memberships would have cost at least $22,000. The Hugo administration subcommittee said they received "a confidential report that at least one person had sponsored the purchase of WSFS memberships by large numbers of individuals, who were refunded the cost of membership after confirming that they had voted as the sponsor wished." The subcommittee said the finalist has not been disqualified but didn't win their category without the invalid votes.

"We want to reassure 2024 Hugo voters that the ballots cast were counted fairly," their statement said. "Most of all, we want to assure the winners of this year's Hugos that they have won fair and square, without any arbitrary or unexplained exclusion of votes or nominees and without any possibility that their award had been gained through fraudulent means."

In February, the Hugo awards came under fire over censorship accusations that it was excluding several authors at its event in China.