Astronomers are investigating a star system 100 light-years away with six sub-Neptune planets in near-perfect orbital resonance, piquing the interest of scientists searching for alien technology, or technosignatures. Space.com reports: To be clear, no such evidence was found in the system, dubbed HD 110067. However, the researchers say they're not done looking yet. HD 11067 remains an interesting target for similar observations in the future. In our own tiny pocket of the cosmos, radio waves from satellites and telescopes beaming out in the plane of our solar system, meaning that if somebody outside our solar system watched Earth cross the face of our sun, they'd maybe be able to pick up a signal that coincides with the planet's transit.

HD 110067 is viewed edge on from Earth, so we are seeing the six planets in the plane of their system -- a view that gives us an excellent chance of picking up such a signal if there exists one, study co-author Steve Croft, a radio astronomer working with the life-searching Breakthrough Listen program at the University of California, Berkeley, told Space.com "Our technology in our own solar system has spread outside the habitable zone," Croft told Space.com. So technology-friendly civilization in HD 110067, if any, may have communication relays set up on multiple planets in the system, he said. "Even if it is a negative result, that still tells us something."

When HD 110067's discovery was announced, Croft and his team used the world's largest fully steerable telescope, the Green Bank Telescope (GBT) in West Virginia, and searched the system for signs of alien technology. The researchers looked for signals that were continuously present when the telescope was pointed at the system and absent when directed away, the smoking gun of technosignatures local to HD 110067. But such signals are difficult to distinguish from natural sources of radio waves and humankind's own technological signals, such as radio waves beaming from cell phones connected to Wi-Fi, SpaceX's Starlink satellite network in low Earth orbit. This creates a haystack of signals in which researchers look for a needle of a potential extraterrestrial signal, said Croft. "I should add we don't know if there are needles in the haystack," he said. "We don't really know what the needles look like." The research has been published in the journal Research Notes of the AAS.

Michael Larabel reports via Phoronix: Back in 2022 Cloudflare announced they were ditching Nginx for an in-house, Rust-written software called Pingora. Today Cloudflare is open-sourcing the Pingora framework. Cloudflare announced today that they have open-sourced Pingora under an Apache 2.0 license. Pingora is a Rust async multi-threaded framework for building programmable network services. Pingora has long been used internally within Cloudflare and is capable of sustaining a lot of traffic while now Pingora is being open-sourced for helping to build infrastructure outside of Cloudflare. The Pingora Rust code is available on GitHub.

Over the past four centuries quadrillions of ants have created a strange and turbulent global society that shadows our own. An excerpt from an Aeon article: In their native ranges, these multi-nest colonies can grow to a few hundred metres across, limited by physical barriers or other ant colonies. This turns the landscape to a patchwork of separate groups, with each chemically distinct society fighting or avoiding others at their borders. Species and colonies coexist, without any prevailing over the others. However, for the 'anonymous societies' of unicolonial ants, as they're known, transporting a small number of queens and workers to a new place can cause the relatively stable arrangement of groups to break down. As new nests are created, colonies bud and spread without ever drawing boundaries because workers treat all others of their own kind as allies. What was once a patchwork of complex relationships becomes a simplified, and unified, social system. The relative genetic homogeneity of the small founder population, replicated across a growing network of nests, ensures that members of unicolonial species tolerate each other. Spared the cost of fighting one another, these ants can live in denser populations, spreading across the land as a plant might, and turning their energies to capturing food and competing with other species. Chemical badges keep unicolonial ant societies together, but also allow those societies to rapidly expand.

A federal judge in Texas has granted a temporary order blocking the U.S. government from monitoring the energy usage of cryptocurrency mining operations, stating that the industry had shown it would suffer "irreparable injury" if it was made to comply. The Guardian reports: The US Department of Energy had launched an "eemergency" initiative last month aimed at surveying the energy use of mining operations, which typically use vast amounts of computing power to solve various mathematical puzzles to add new tokens to an online network known as a blockchain, allowing the mining of currency such as bitcoin. The growth of cryptocurrency, and the associated mining of it, has been blamed for a surge in electricity use as data centers have sprung up across the US, even reviving, in some cases, ailing coal plants to help power the mining. [...]

"The massive energy consumption of cryptocurrency mining and its rapid growth in the United States threaten to undermine progress towards achieving climate goals, and threaten grids, communities and ratepayers," said Mandy DeRoche, deputy managing attorney of the clean energy program at Earthjustice. Until now, a lack of publicly available information has only benefited an "industry that has thrived in the shadows," DeRoche added.

The crypto mining industry, however, has claimed it is the victim of a "politically motivated campaign" by Joe Biden's administration and has, for now, succeeded in averting a survey that it contends is unfairly onerous. "This is an attack against legitimate American businesses with the administration feigning an emergency to score political points," said Lee Bratcher, president the Texas Blockchain Council, one of the groups that sued to stop the survey. "The White House has been clear that they desire to 'to limit or eliminate' bitcoin miners from operating in the United States. "Although bitcoin is resilient and cannot be banned, the administration is seeking to make the lives of bitcoin miners, their employees, and their communities too difficult to bear operating in the United States. This is deeply concerning."

The US Supreme Court is hearing oral arguments Monday in two cases that could dramatically reshape social media, weighing whether states such as Texas and Florida should have the power to control what posts platforms can remove from their services. From a report: The high-stakes battle gives the nation's highest court an enormous say in how millions of Americans get their news and information, as well as whether sites such as Facebook, Instagram, YouTube and TikTok should be able to make their own decisions about how to moderate spam, hate speech and election misinformation. At issue are laws passed by the two states that prohibit online platforms from removing or demoting user content that expresses viewpoints -- legislation both states say is necessary to prevent censorship of conservative users.

More than a dozen Republican attorneys general have argued to the court that social media should be treated like traditional utilities such as the landline telephone network. The tech industry, meanwhile, argues that social media companies have First Amendment rights to make editorial decisions about what to show. That makes them more akin to newspapers or cable companies, opponents of the states say. The case could lead to a significant rethinking of First Amendment principles, according to legal experts. A ruling in favor of the states could weaken or reverse decades of precedent against "compelled speech," which protects private individuals from government speech mandates, and have far-reaching consequences beyond social media. A defeat for social media companies seems unlikely, but it would instantly transform their business models, according to Blair Levin, an industry analyst at the market research firm New Street Research.

CNN reports: AT&T is reimbursing customers for the nearly 12-hour network outage on Thursday, the company announced in a news release. The mobile network will issue a $5 credit to "potentially impacted" AT&T Wireless customers, which it says is the "average cost of a full day of service."
The credit will be applied automatically "within 2 bill cycles," according to an announcement at the URL att.com/makeitright. "We recognize the frustration this outage has caused and know we let many of our customers down."

In a much smaller font, they note that the credit "does not apply to AT&T Business, AT&T Prepaid or Cricket.

More from CNN: AT&T had encountered sporadic service interruptions in the days leading up to the outage, including a temporary 911 outage in some parts of the southeast. While regional disruptions to wireless service happen occasionally, prolonged nationwide outages are rare. The Federal Communications Commission confirmed Thursday it was investigating the incident...

Several hours after service was restored, AT&T released an update stating the outage seemed to be the result of an internal issue, not a cybersecurity threat. "Based on our initial review, we believe that today's outage was caused by the application and execution of an incorrect process used as we were expanding our network," the company said.

On Saturday, AT&T reiterated it was taking steps "to prevent this from happening again in the future," but did not elaborate.

Since 2010, billionaire tech investor Peter Thiel has offered to pay about 20 students $100,000 to drop out of school each year "to start companies or nonprofits," reports the Wall Street Journal. His program has now backed 271 people, and this year the applicant pool "is bigger than ever."

So how's it going? Some big successes include Vitalik Buterin, co-founder of Ethereum, the blockchain network; Laura Deming, a key figure in venture investing in aging and longevity; Austin Russell, who runs self-driving technologies company Luminar Technologies; and Paul Gu, co-founder of consumer lending company Upstart...

Thiel and executives of the fellowship acknowledge they have learned painful lessons along the way. Some applicants pursued ambitious ideas that turned out to be unrealistic, for example. "Asteroid mining is great for press releases but maybe we should have pushed back early on," he says. Others were better at applying to be Thiel fellows than they were starting businesses, it turned out... They've also learned that lone geniuses with brilliant ideas aren't usually the kinds of people who can build organizations. "It's a team sport to get something going and build on it, you can't just be a mad genius, you have to have some social skills and emotional intelligence," says Michael Gibson, an early leader of the organization who is co-founder of a venture fund that invests primarily in those who don't have a college degree...

Thiel hasn't attempted to build a better education system, which program officials acknowledge has made it harder to develop talent in the program... Thiel fellows say they don't receive much more than funding from the program and have limited contact with Thiel, though access to a network of former Thiel fellows can be useful. "Meeting some of the other members inspires you to think bigger," says Boyan Slat, a 2016 Thiel fellow who is chief executive of The Ocean Cleanup, a Netherlands-based nonprofit developing technologies to remove plastic from oceans. Slat says he has spoken to Thiel "three or four times."

As a result, Thiel and other staffers have concluded they can't grow beyond the 20 or so young people chosen as fellows each year. "If you scale the program," Thiel says, "you will have a lot more people who aren't quite ready, you would then have to be super-confident you can develop them" — which Thiel and his colleagues say they aren't skilled at doing... About a quarter of the Thiel fellows eventually returned to college to finish their degrees, suggesting that even the dropouts see enduring value in higher education.

Thiel says they "got way more out of it by going back" after launching their businesses.

"The other 75% didn't need a college degree," he says.

"If you drive a car in California, you may be in for a payday thanks to a lawsuit alleging privacy violations by a Texas company," report SFGate: The 2021 lawsuit, given class-action status in September, alleges that Digital Recognition Network is breaking a California law meant to regulate the use of automatic license plate readers. DRN, a Fort Worth-based company, uses plate-scanning cameras to create location data for people's vehicles, then sells that data to marketers, car repossessors and insurers.

What's particularly notable about the case is the size of the class. The court has established that if you're a California resident whose license plate data was collected by DRN at least 15 times since June 2017, you're a class member. The plaintiff's legal team estimates that the tally includes about 23 million people, alleging that DRN cameras were mounted to cars on public roads. The case website lets Californians check whether their plates were scanned.

Barring a settlement or delay, the trial to decide whether DRN must pay a penalty to those class members will begin on May 17 in San Diego County Superior Court... The company's cameras scan 220 million plates a month, its website says, and customers can use plate data to "create comprehensive vehicle stories."
A lawyer for the firm representing class members told SFGATE Friday that his team will try to show DRN's business is a "mass surveillance program."

On Wednesday afternoon "a European Space Agency satellite reentered Earth's atmosphere over the North Pacific Ocean..." reports CNN, "and there have been no reports of damage, according to the agency." The agency's Space Debris Office, along with an international surveillance network, monitored and tracked the Earth-observing ERS-2 satellite throughout February to make predictions about the reentry, which occurred at 12:17 p.m. ET Wednesday. The ESA provided continuous live updates on its website. At around 50 miles (80 kilometers) above Earth's surface, the satellite broke apart due to atmospheric drag, and the majority of the fragments were expected to burn up in the atmosphere.

The agency said it was possible that some fragments could reach the planet's surface, but the pieces didn't contain any harmful substances and likely fell into the ocean... The ERS-2 satellite had an estimated mass of 5,057 pounds (2,294 kilograms) after depleting its fuel, according to the agency. "Uncontrolled Atmospheric reentry has long been a common method for disposing of space objects at the end of their mission," said Tim Flohrer, head of the agency's Space Debris Office, in a statement. "We see objects similar in size or larger to ERS-2 reentering the atmosphere multiple times each year."

The Earth-observing ERS-2 satellite first launched on April 21, 1995, and it was the most sophisticated satellite of its kind at the time to be developed and launched by Europe... In 2011, the agency decided to end the satellite's operations and deorbit it, rather than adding to the swirl of space junk orbiting the planet. The satellite executed 66 deorbiting maneuvers in July and August of 2011 before the mission officially concluded later that year on September 11. The maneuvers burned through the rest of the satellite's fuel and decreased its altitude, setting ERS-2's orbit on a trajectory to slowly spiral closer to Earth and reenter the atmosphere within 15 years.

The chances of an individual person being injured by space debris each year are less than 1 in 100 billion, about 1.5 million times lower than the risk of being killed in an accident at home, according to the agency.

Longtime Slashdot reader Rei writes: In a blog post today, Bluesky, the social media network founded by Jay Graber, announced that they have finally opened to federation. Users can now operate their own PDS (backend) servers. How to do so is discussed on the developers' blog and a new Discord channel for PDS administrators.

As the blog notes, there are key differences between the AT Protocol/Bluesky federation and ActivityPub/Mastodon federation, including: global conversation (rather than local-server based with remote content only brought in from follows); a decentralized user account not bound to a specific host; user-composable moderation lists not inherently tied to a specific server, offsetting the need for defederation; user-composable feeds/algorithms, not tied to servers; and full account portability, without the need to be initiated by your server, protecting users from rogue admins or servers that disappear.

Despite the difference, a number of projects, such as Bridgy-Fed, plan to bridge Bluesky and Mastodon together, with all of Bluesky appearing as a single Mastodon server on ActivityPub, and Mastodon users being translated to a decentralized identifier (DID) for AT Protocol (atproto) calls.

An anonymous reader quotes a report from CNN Business: AT&T's network went down for many of its customers across the United States Thursday morning, leaving customers unable to place calls, text or access the internet. By a little after 3 pm ET, roughly 11 hours after reports of the outage first emerged, the company said that it had restored service to all impacted customers. "We have restored wireless service to all our affected customers. We sincerely apologize to them," AT&T said in a statement. The company added that it is "taking steps to ensure our customers do not experience this again in the future."

The Federal Communications Commission confirmed Thursday afternoon that it is investigating the outage. The White House says federal agencies are in touch with AT&T about network outages but that it doesn't have all the answers yet on what exactly led to the interruptions. Although Verizon and T-Mobile customers reported some network outages, too, they appeared far less widespread. T-Mobile and Verizon said their networks were unaffected by AT&T's service outage and customers reporting outages may have been unable to reach customers who use AT&T.

Thursday morning, more than 74,000 AT&T customers reported outages on digital-service tracking site DownDetector, with service disruptions beginning around 4 am ET. That's not a comprehensive number: It tracks only self-reported outages. Reports had been rising steadily throughout the morning but leveled off in the 9 am ET hour. By 12:30 pm ET, the DownDetector data showed some 25,000 AT&T customers still reporting outages. By 2 pm ET, fewer than 5,000 customers were still reporting issues. Earlier Thursday, AT&T acknowledged that it had a widespread outage but did not provide a reason for the system failure. By late morning, AT&T said most of its network was back online, and it confirmed Thursday afternoon that service was fully restored. According to an anonymous industry source, the issue for the outage appears to be related to how cellular services hand off calls from one network to the next, a process known as peering. They said there's no indication that it was the result of a cyberattack or other malicious activity.

The FCC confirmed that it is investigating the incident. "We are aware of the reported wireless outages, and our Public Safety and Homeland Security Bureau is actively investigating," the FCC said in a statement posted on X. "We are in touch with AT&T and public safety authorities, including FirstNet, as well as other providers."

U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement, the company said it was "experiencing a network interruption related to a cyber security issue." From a report: "Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact," Change Healthcare wrote on its status page. "The disruption is expected to last at least through the day."

The incident began early on Tuesday morning on the U.S. East Coast, according to the incident tracker. The specific nature of the cybersecurity incident was not disclosed. Most of the login pages for Change Healthcare were inaccessible or offline when TechCrunch checked at the time of writing. Michigan local newspaper the Huron Daily Tribune is reporting that local pharmacies are experiencing outages due to the Change Healthcare cyberattack.

Microsoft is developing a new network card that could improve the performance of its Maia AI server chip and potentially reduce the company's reliance on chip designer Nvidia, The Information reported on Tuesday. Reuters: Microsoft CEO Satya Nadella has tapped Pradeep Sindhu, who co-founded networking gear developer Juniper Networks, to spearhead the network card effort, the report said citing a person with knowledge of the matter. Microsoft acquired Sindhu's server chip startup, Fungible, last year. The new network card is similar to Nvidia's ConnectX-7 card, which the chip developer sells alongside its graphic processor units (GPUs), the report added. The equipment could take more than a year to develop and, if successful, could lessen the time it takes for OpenAI to train its models on Microsoft servers as well as make the process less expensive, according to the report.

Andrew Feinberg, writing for Slate: If you wanted to design a financial channel that would cause investors to underperform the stock market, you'd create CNBC, NBC's financial counterpart that runs on cable news and ostensibly tries to make viewers better investors. You'd make it sober and rational (well, there is Jim Cramer, but we'll get to him later), no need to feature anyone foaming at the mouth about stocks that could triple in six months or worried Cassandras warning that it's time to sell everything and burrow underground. And yet, you'd ensure that viewers stay engaged by keeping them on edge, worried and confused about what might happen next. Anxiety, you'd discover, is your friend, viewer hypervigilance your bread and butter.

In other words, CNBC makes viewers nervous in a very specific way. Nervous that they're about to lose money in a market downturn. Nervous that they might miss a hot trend or stock. Or uncertain that they're in the right sectors. Then an "expert" comes on and says, "Hey, you're in the wrong sectors -- it's time to leave tech for industrials, financials, and health care." In its sober, rational way, the network creates a sense of urgency. Although its tone is never like that of an infomercial, sometimes the message is similar. Act now. The problem is, hypervigilance is probably the worst quality most investors can have. "Sit on your ass," the late Charlie Munger advised investors, emphasizing that when it comes to investing, less is more. Feeling nervous leads to excessive trading. And "all the evidence shows that individual investors do worse the more they trade," says Jay Ritter, professor of finance at the University of Florida's Warrington College of Business. "Buying and selling something based on what you see on CNBC is not likely to be a successful strategy."

Capital One is buying Discover Financial (non-payalled source) in a deal that would marry two of the largest credit-card companies in the U.S. WSJ: The all-stock deal could be announced Tuesday, according to people familiar with the matter. Discover has a market value of $28 billion, and the takeover would be expected to value it at a premium to that. Buying Discover will give Capital One, a credit-card lender with a market value of a little over $52 billion, a network that would vastly increase its power in the payments ecosystem.

Card networks are critical to enabling transactions and setting fees that merchants pay when consumers shop with credit cards. Though much smaller than Visa and Mastercard, Discover is one of the few competitors to those companies in the U.S. and it is one of a small number of card issuers that also has a payments network. Capital One, the ninth-largest bank in the country and a major credit-card issuer, uses Visa and Mastercard for most of its cards. The bank plans to switch at least some of its cards to the Discover network, while continuing to use Visa and Mastercard on others. Those larger networks have more merchant acceptance abroad than Discover does. Update: Capital One has proposed to pay $35.3 billion for Discover in an all-stock deal.

The FBI is "laser focused" on Chinese efforts to insert malicious software code into computer networks in ways that could disrupt critical US infrastructure, according to the agency's director Christopher Wray. From a report: Wray said he was acutely concerned about "pre-positioning" of malware. He said the US recently disrupted a Chinese hacking network known as Volt Typhoon that targeted American infrastructure including the electricity grid and water supply, and other targets around the world. "We're laser focused on this as a real threat and we're working with a lot of partners to try to identify it, anticipate it and disrupt it," Wray said on Sunday after attending the Munich Security Conference.

"I'm sober and clear minded about what we're up against...We're always going to have to be kind of on the balls of our feet." Wray said Volt Typhoon was just the tip of the iceberg and was one of many such efforts by the Chinese government. The US has been tracking Chinese pre-positioning operations for well over a decade, but Wray told the security conference that they had reached "fever pitch." He said China was increasingly inserting "offensive weapons within our critical infrastructure poised to attack whenever Beijing decides the time is right."

His comments are the latest FBI effort to raise awareness about Chinese espionage that ranges from traditional spying and intellectual property theft to hacking designed to prepare for possible future conflict. Last October, Wray and his counterparts from the Five Eyes intelligence-sharing network that includes the US, UK, Canada, Australia and New Zealand held their first public meeting in an effort to focus the spotlight on Chinese espionage. Wray said the US campaign was having an impact and that people were increasingly attuned to the threat, particularly compared with several years ago when he sometimes met scepticism.

"After years of rapid expansion, California's booming EV market may be showing signs of fatigue," reports the Los Angeles Times, "as high vehicle prices, unreliable charging networks and other consumer headaches appear to dampen enthusiasm for zero-emission vehicles.

"For the first time in more than a decade, electric vehicle sales dropped significantly in the last half of 2023..." Sales of all-electric cars and light trucks in California had started off strong in 2023, rising 48% in the first half of the year compared with a year earlier. By that time, California EV sales numbered roughly 190,807 — or slightly more than a quarter of all EV sales in the nation, according to the California New Car Dealers Assn. But it's what happened in the second half of last year though that's generating jitters. Sales in the third quarter fell by 2,840 from the previous period — the first quarterly drop for EVs in California since the Tesla Model S was introduced in 2012. And the fourth quarter was even worse: Sales dropped 10.2%, from 100,151 to 89,933...

Propelled by the sales success of Tesla, and boosted by electric vehicles from other automakers entering the market, consumer acceptance of EVs had seemed like a given until recently. In fact, robust sales growth is a key assumption in the state's zero-emission vehicle plan... Under the no-gas mandate, zero-emission vehicles must account for 35% of all new vehicle sales by model year 2026.... Nationally, EV sales growth also has slowed as automakers such as Ford and General Motors cut back — at least temporarily — on EV and battery production plans. Hertz, the rental car giant, is also pulling back on plans to shift heavily toward EVs. Hertz several years ago announced plans to buy 100,000 Teslas but is now selling off its EV fleet.

Corey Cantor, EV analyst at Bloomberg BNEF, an energy research firm, said that although recent sales figures are worrisome, there's plenty of momentum behind the EV transition, as evidenced by government mandates around the globe and massive investments by motor vehicle manufacturers and their suppliers. Those investments total $616 billion globally over five years, according to consulting firm AlixPartners.
But EVs haven't reached "price parity" with gas-powered engines, the article points out, so just 7.6% of the vehicles sold last year in the U.S. were electric — while in California, the market share for EVS was 20.1%.

The article also quantifies concerns about reliability of California's public charging system, which "according to studies from academic researchers and market analysts, can be counted on to malfunction at least 20% of the time." After $1 billion in state money for charger companies, the state's Energy Commission will now also start collecting reliability statistics, according to the article. But the article also cites wait times at the chargers. "Even if they were reliable, there aren't enough chargers to go around. EV sales have outpaced public charger installation."

Some good news? The federal government is spending $5 billion nationally to put fast chargers on major highways at 50-mile intervals. California will receive $384 million. Seven major automakers have also teamed up to build a North American charging network of their own, called Ionna. The joint venture plans to install at least 30,000 chargers — which would be open to any EV brand — at stations that will provide restrooms, food service and retail stores on site or nearby.

"We're currently witnessing a rapid expansion in the abuse of these new AI tools by bad actors," writes Microsoft VP Brad Smith, "including through deepfakes based on AI-generated video, audio, and images.

"This trend poses new threats for elections, financial fraud, harassment through nonconsensual pornography, and the next generation of cyber bullying." Microsoft found its own tools being used in a recently-publicized episode, and the VP writes that "We need to act with urgency to combat all these problems."

Microsoft's blog post says they're "committed as a company to a robust and comprehensive approach," citing six different areas of focus:

• A strong safety architecture. This includes "ongoing red team analysis, preemptive classifiers, the blocking of abusive prompts, automated testing, and rapid bans of users who abuse the system... based on strong and broad-based data analysis."

• Durable media provenance and watermarking. ("Last year at our Build 2023 conference, we announced media provenance capabilities that use cryptographic methods to mark and sign AI-generated content with metadata about its source and history.")

• Safeguarding our services from abusive content and conduct. ("We are committed to identifying and removing deceptive and abusive content" hosted on services including LinkedIn and Microsoft's Gaming network.)

• Robust collaboration across industry and with governments and civil society. This includes "others in the tech sector" and "proactive efforts" with both civil society groups and "appropriate collaboration with governments."

• Modernized legislation to protect people from the abuse of technology. "We look forward to contributing ideas and supporting new initiatives by governments around the world."

• Public awareness and education. "We need to help people learn how to spot the differences between legitimate and fake content, including with watermarking. This will require new public education tools and programs, including in close collaboration with civil society and leaders across society."

Thanks to long-time Slashdot reader theodp for sharing the article

An anonymous reader quotes a report from BleepingComputer: A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. The new malware, spotted by Group-IB, is part of a malware suite developed by the Chinese threat group known as 'GoldFactory,' which is responsible for other malware strains such as 'GoldDigger', 'GoldDiggerPlus,' and 'GoldKefu.' Group-IB says its analysts observed attacks primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam. However, the techniques employed could be effective globally, and there's a danger of them getting adopted by other malware strains. [...]

For iOS (iPhone) users, the threat actors initially directed targets to a TestFlight URL to install the malicious app, allowing them to bypass the normal security review process. When Apple remove the TestFlight app, the attackers switched to luring targets into downloading a malicious Mobile Device Management (MDM) profile that allows the threat actors to take control over devices. Once the trojan has been installed onto a mobile device in the form of a fake government app, it operates semi-autonomously, manipulating functions in the background, capturing the victim's face, intercepting incoming SMS, requesting ID documents, and proxying network traffic through the infected device using 'MicroSocks.'

Group-IB says the Android version of the trojan performs more malicious activities than in iOS due to Apple's higher security restrictions. Also, on Android, the trojan uses over 20 different bogus apps as cover. For example, GoldPickaxe can also run commands on Android to access SMS, navigate the filesystem, perform clicks on the screen, upload the 100 most recent photos from the victim's album, download and install additional packages, and serve fake notifications. The use of the victims' faces for bank fraud is an assumption by Group-IB, also corroborated by the Thai police, based on the fact that many financial institutes added biometric checks last year for transactions above a certain amount.

An anonymous reader quotes a report from Wired: We already know thatOpenAI's chatbots can pass the bar exam without going to law school. Now, just in time for the Oscars, a new OpenAI app called Sora hopes to master cinema without going to film school. For now a research product, Sora is going out to a few select creators and a number of security experts who will red-team it for safety vulnerabilities. OpenAI plans to make it available to all wannabe auteurs at some unspecified date, but it decided to preview it in advance. Other companies, from giants like Google to startups likeRunway, have already revealed text-to-video AI projects. But OpenAI says that Sora is distinguished by its striking photorealism -- something I haven't seen in its competitors -- and its ability to produce longer clips than the brief snippets other models typically do, up to one minute. The researchers I spoke to won't say how long it takes to render all that video, but when pressed, they described it as more in the "going out for a burrito" ballpark than "taking a few days off." If the hand-picked examples I saw are to be believed, the effort is worth it.

OpenAI didn't let me enter my own prompts, but it shared four instances of Sora's power. (None approached the purported one-minute limit; the longest was 17 seconds.) The first came from a detailed prompt that sounded like an obsessive screenwriter's setup: "Beautiful, snowy Tokyo city is bustling. The camera moves through the bustling city street, following several people enjoying the beautiful snowy weather and shopping at nearby stalls. Gorgeous sakura petals are flying through the wind along with snowflakes." The result is a convincing view of what is unmistakably Tokyo, in that magic moment when snowflakes and cherry blossoms coexist. The virtual camera, as if affixed to a drone, follows a couple as they slowly stroll through a streetscape. One of the passersby is wearing a mask. Cars rumble by on a riverside roadway to their left, and to the right shoppers flit in and out of a row of tiny shops.

It's not perfect. Only when you watch the clip a few times do you realize that the main characters -- a couple strolling down the snow-covered sidewalk -- would have faced a dilemma had the virtual camera kept running. The sidewalk they occupy seems to dead-end; they would have had to step over a small guardrail to a weird parallel walkway on their right. Despite this mild glitch, the Tokyo example is a mind-blowing exercise in world-building. Down the road, production designers will debate whether it's a powerful collaborator or a job killer. Also, the people in this video -- who are entirely generated by a digital neural network -- aren't shown in close-up, and they don't do any emoting. But the Sora team says that in other instances they've had fake actors showing real emotions. "It will be a very long time, if ever, before text-to-video threatens actual filmmaking," concludes Wired. "No, you can't make coherent movies by stitching together 120 of the minute-long Sora clips, since the model won't respond to prompts in the exact same way -- continuity isn't possible. But the time limit is no barrier for Sora and programs like it to transform TikTok, Reels, and other social platforms."

"In order to make a professional movie, you need so much expensive equipment," says Bill Peebles, another researcher on the project. "This model is going to empower the average person making videos on social media to make very high-quality content."

Further reading: OpenAI Develops Web Search Product in Challenge To Google