An anonymous reader shared this report from the Associated Press: An investigation into a ransomware attack earlier this month on London hospitals by the Russian group Qilin could take weeks to complete, the country's state-run National Health Service said Friday, as concerns grow over a reported data dump of patient records. Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 attack on NHS provider Synnovis, which provides pathology services primarily in southeast London...

NHS England said Friday that it has been "made aware" that data connected to the attack have been published online. According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth and descriptions of blood tests, on their darknet site and Telegram channel... According to Saturday's edition of the Guardian newspaper, records covering 300 million patient interactions, including the results of blood tests for HIV and cancer, were stolen during the attack.

A website and helpline has been set up for patients affected.

The Linux Foundation's "Open Source Security Foundation" (or OpenSSF) is a cross-industry forum to "secure the development, maintenance, and consumption of the open source software". And now the OpenSSF has launched a new mailing list "which aims to monitor the threat landscape of open-source project vulnerabilities," reports I Programmer, "in order to provide real time alerts to anyone subscribed."

The Record explains its origins: OpenSSF General Manager Omkhar Arasaratnam said that at a recent open source event, members of the community ran a tabletop exercise where they simulated a security incident involving the discovery of a zero-day vulnerability. They worked their way through the open source ecosystem — from cloud providers to maintainers to end users — clearly defining how the discovery of a vulnerability would be dealt with from top to bottom. But one of the places where they found a gap is in the dissemination of information widely.

"What we lack within the open source community is a place in which we can convene to distribute indicators of compromise (IOCs) and threats, tactics and procedures (TTPs) in a way that will allow the community to identify threats when our packages are under attack," Arasaratnam said... "[W]e're going to be standing up a mailing list for which we can share this information throughout the community and there can be discussion of things that are being seen. And that's one of the ways that we're responding to this gap that we saw...." The Siren mailing list will encourage public discussions on security flaws, concepts, and practices in the open source community with individuals who are not typically engaged in traditional upstream communication channels...

Members of the Siren email list will get real-time updates about emerging threats that may be relevant to their projects... OpenSSF has created a signup page for those interested and urged others to share the email list to other open source community members...
OpenSSF ecyosystem strategist Christopher Robinson (also security communications director for Intel) told the site he expects government agencies and security researchers to be involved in the effort. And he issued this joint statement with OpenSSF ecosystem strategist Bennett Pursell: By leveraging the collective knowledge and expertise of the open source community and other security experts, the OpenSSF Siren empowers projects of all sizes to bolster their cybersecurity defenses and increase their overall awareness of malicious activities. Whether you're a developer, maintainer, or security enthusiast, your participation is vital in safeguarding the integrity of open source software.
In less than a month, the mailing list has already grown to over 800 members...

An anonymous reader shared this report from Computer Weekly: Microsoft has admitted to Scottish policing bodies that it cannot guarantee the sovereignty of UK policing data hosted on its hyperscale public cloud infrastructure, despite its systems being deployed throughout the criminal justice sector.

According to correspondence released by the Scottish Police Authority (SPA) under freedom of information (FOI) rules, Microsoft is unable to guarantee that data uploaded to a key Police Scotland IT system — the Digital Evidence Sharing Capability (DESC) — will remain in the UK as required by law. While the correspondence has not been released in full, the disclosure reveals that data hosted in Microsoft's hyperscale public cloud infrastructure is regularly transferred and processed overseas; that the data processing agreement in place for the DESC did not cover UK-specific data protection requirements; and that while the company has the ability to make technical changes to ensure data protection compliance, it is only making these changes for DESC partners and not other policing bodies because "no one else had asked".

The correspondence also contains acknowledgements from Microsoft that international data transfers are inherent to its public cloud architecture. As a result, the issues identified with the Scottish Police will equally apply to all UK government users, many of whom face similar regulatory limitations on the offshoring of data. The recipient of the FOI disclosures, Owen Sayers — an independent security consultant and enterprise architect with over 20 years' experience in delivering national policing systems — concluded it is now clear that UK policing data has been travelling overseas and "the statements from Microsoft make clear that they 100% cannot comply with UK data protection law".

An anonymous reader quotes a report from Fortune: Ellen Bagley was delighted when she made her first sale on a popular second-hand clothing app, but just a few minutes later, the thrill turned to shock as the 20-year-old from Linkoping in Sweden discovered she'd been robbed. Everything seemed normal when Bagley received a direct message on the platform, which asked her to verify personal details to complete the deal. She clicked the link, which fired up BankID -- the ubiquitous digital authorization system used by nearly all Swedish adults.After receiving a couple of error messages, she started thinking something was wrong, but it was already too late. Over 10,000 Swedish kronor ($1,000) had been siphoned from her account and the thieves disappeared into the digital shadows. "The fraudsters are so skilled at making things look legitimate," said Bagley, who was born after BankID was created. "It's not easy" to identify scams. Although financial crime has garnered fewer headlines than a surge in gang-related gun violence, it's become a growing risk for the country. Beyond its borders, Sweden is an important test case on fighting cashless crime because it's gone further on ditching paper money than almost any other country in Europe.

Online fraud and digital crime in Sweden have surged, with criminals taking 1.2 billion kronor in 2023 through scams like the one Bagley fell for, doubling from 2021. Law-enforcement agencies estimate that the size of Sweden's criminal economy could amount to as high as 2.5% of the country's gross domestic product. To counter the digital crime spree, Swedish authorities have put pressure on banks to tighten security measures and make it harder on tech-savvy criminals, but it's a delicate balancing act. Going too far could slow down the economy, while doing too little erodes trust and damages legitimate businesses in the process.Using complex webs of fake companies and forging documents to gain access to Sweden's welfare system, sophisticated fraudsters have made Sweden a "Silicon Valley for criminal entrepreneurship," said Daniel Larson, a senior economic crime prosecutor. While the shock of armed violence has grabbed public attention -- the nation's gun-homicide rate tripled between 2012 and 2022 -- economic crime underlies gang activity and needs to be tackled as aggressively, he added. "That has been a strategic mistake," Larson said. "This profit-generating crime is what's fueling organized crime and, in some cases, leads to these conflicts."

Sweden's switch to electronic cash started after a surge of armed robberies in the 1990s, and by 2022, only 8% of Swedes said they had used cash for their latest purchase, according to a central bank survey. Along with neighboring Norway, Sweden has Europe's lowest number of ATMs per capita, according to the IMF. The prevalence of BankID play a role in Sweden's vulnerability. The system works like an online signature. If used, it's considered a done deal and the transaction gets executed immediately. It was designed by Sweden's banks to make electronic payments even quicker and easier than handing over a stack of bills. Since it's original rollout in 2001, it's become part of the everyday Swedish life. On average, the service -- which requires a six-digit code, a fingerprint or a face scan for authentication -- is used more than twice a day by every adult Swede and is involved in everything from filing tax returns to paying for bus tickets.Originally intended as a product by banks for their customers, its use exploded in 2005 after Sweden's tax agency adopted the technology as an identification for tax returns, giving it the government's official seal of approval. The launch of BankID on mobile phones in 2010 increased usage even further, along with public perception that associated cash with criminality.The country's central bank has acknowledged that some of those connotations may have gone too far. "We have to be very clear that there are still honest people using cash," Riksbank Governor Erik Thedeen told Bloomberg.

An anonymous reader quotes a report from TechCrunch: A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum. On Thursday, a hacker put up for sale the alleged stolen data from TEG, claiming to have information of 30 million users, including the full name, gender, date of birth, username, hashed passwords, and email addresses. In late May, TEG-owned ticketing company Ticketek disclosed a data breach affecting Australian customers' data, "which is stored in a cloud-based platform, hosted by a reputable, global third party supplier."

The company said that "no Ticketek customer account has been compromised," thanks to the encryption methods used to store their passwords. TEG conceded, however, that "customer names, dates of birth and email addresses may have been impacted" -- data that would line up with that advertised on the hacking forum. The hacker included a sample of the alleged stolen data in their post. TechCrunch confirmed that at least some of the data published on the forum appears legitimate by attempting to sign up for new accounts using the published email addresses. In a number of cases, Ticketek's website gave an error, suggesting the email addresses are already in use. There's evidence that the company's "cloud-based platform" provider is Snowflake, "which has been at the center of a recent series of data thefts affecting several of its customers, including Ticketmaster, Santander Bank, and others," notes TechCrunch.

"A now-deleted post on Snowflake's website from January 2023 was titled: 'TEG Personalizes Live Entertainment Experiences with Snowflake.' In 2022, consulting company Altis published a case study (PDF) detailing how the company, working with TEG, 'built a modern data platform for ingesting streaming data into Snowflake.'"

TikTok revealed it offered the U.S. government a "kill switch" in 2022 to address data protection and national security concerns, allowing the government to shut down the platform if it violated certain rules. The disclosure was made as it began its legal fight against legislation that will require ByteDance to divest TikTok's U.S. assets or face a ban. The BBC reports: "This law is a radical departure from this country's tradition of championing an open Internet, and sets a dangerous precedent allowing the political branches to target a disfavored speech platform and force it to sell or be shut down," they argued in their legal submission. They also claimed the US government refused to engage in any serious settlement talks after 2022, and pointed to the "kill switch" offer as evidence of the lengths they had been prepared to go.

TikTok says the mechanism would have allowed the government the "explicit authority to suspend the platform in the United States at the US government's sole discretion" if it did not follow certain rules. A draft "National Security Agreement", proposed by TikTok in August 2022, would have seen the company having to follow rules such as properly funding its data protection units and making sure that ByteDance did not have access to US users' data. The "kill switch" could have been triggered by the government if it broke this agreement, it claimed.

In a letter - first reported by the Washington Post - addressed to the US Department of Justice, TikTok's lawyer alleges that the government "ceased any substantive negotiations" after the proposal of the new rules. The letter, dated 1 April 2024, says the US government ignored requests to meet for further negotiations. It also alleges the government did not respond to TikTok's invitation to "visit and inspect its Dedicated Transparency Center in Maryland." Further reading: TikTok Says US Ban Inevitable Without a Court Order Blocking Law

Apple is withholding a raft of new technologies from hundreds of millions of consumers in the European Union, citing concerns posed by the bloc's regulatory attempts to rein in Big Tech. From a report: The company announced Friday it would block the release of Apple Intelligence, iPhone Mirroring and SharePlay Screen Sharing from users in the EU this year, because the Digital Markets Act allegedly forces it to downgrade the security of its products and services.

"We are concerned that the interoperability requirements of the DMA could force us to compromise the integrity of our products in ways that risk user privacy and data security," Apple said in a statement. Under the DMA, Apple is expected to receive a formal warning from EU regulators over how it allegedly blocks apps from steering users to cheaper subscription deals on the web -- a practice for which it received a $1.9 billion fine from Brussels regulators earlier this year.

The Kremlin said on Friday that a U.S. decision to ban sales of Kaspersky's software was a typical move by Washington to stifle foreign competition with American products. From a report: The Biden administration on Thursday said it would ban the sale of antivirus software made by Russia's Kaspersky Lab in the United States, citing what it said was the Kremlin's influence over the company which poses a significant security risk. [...] Kremlin spokesman Dmitry Peskov said that Kaspersky was a "very competitive" company on international markets and that Washington's decision to restrict its sales was a "favourite technique of unfair competition from the United States."

An anonymous reader quotes a report from ZDNet: At SUSECon in Berlin, SUSE, a global Linux and cloud-native software leader, announced significant enhancements across its entire Linux distribution family. These new capabilities focus on providing faster time-to-value and reduced operational costs, emphasizing the importance of choice in today's complex IT landscape. SUSE Linux Enterprise Server (SLES) 15 Service Pack (SP) 6 is at the heart of these upgrades. This update future-proofs IT workloads with a new Long Term Service (LTS) Pack Support Core. How long is long-term? Would you believe 19 years? This gives SLES the longest-term support period in the enterprise Linux market. Even Ubuntu, for which Canonical recently extended its LTS to 12 years, doesn't come close.

You may ask yourself, "Why 19 years?" SUSE General Manager of Business Critical Linux (BCL) Rick Spencer, explained in an interview that the reason is that on 03:14:08 Greenwich Mean Time (GMT, aka Coordinated Universal Time) Tuesday, January 19, 2038, we reach the end of computing time. Well, not really, but Linux, and all the other Unix-based operating systems, including some versions of MacOS, reach what's called the Epoch. That's when the time-keeping code in 32-bit Unix-based operating systems reaches the end of the seconds it's been counting since the beginning of time -- 00:00:00 GMT on January 1, 1970, as far as Linux and Unix systems are concerned -- and resets to zero. Just like the Y2K bug, that means that all unpatched 32-bit operating systems and software will have fits. The Linux kernel itself had the problem fixed in 2020's Linux 5.6 kernel, but many other programs haven't dealt with it. Until then, though, if you're still running SLES 15 SP6, you'll be covered. I strongly suggest upgrading before then, but if you want to stick with that distro to the bitter end, you can. The new SLES also boasts enhanced security features like confidential computing support with encryption in memory, utilizing Intel TDX and AMD SEV processors, along with remote attestation via SUSE Manager. Additionally, SLES for SAP Applications 15 SP6 offers a secure and reliable platform for running mission-critical SAP workloads, incorporating innovations from Trento to help system administrators avoid infrastructure issues.

Kraken, one of the largest cryptocurrency exchanges in the world, has accused a trio of security researchers of discovering a critical bug, expoliting it to steal millions in digital cash, then using stolen funds to extort the exchange for more. The Register: The exchange wrote about the issue yesterday, saying the exploit allowed some users "to artificially increase the value of their Kraken account balance without fully completing a deposit." Kraken chief security officer Nicholas Percoco said on X that the researchers didn't provide any details in their bug bounty report, but that his team discovered the bug within an hour. According to Percoco, the issue derived from a recent UX change that would credit client accounts before assets actually cleared to create an artificial sense of real-time cryptocurrency trades. "This UX change was not thoroughly tested against this specific attack vector," Percoco admitted on X.

imply reporting the bug would have been enough for a sizable bounty, Percoco added. The researcher who disclosed the vulnerability, who Kraken didn't name "because they didn't comply with any [bug bounty] industry expectations," didn't stop there, however. According to Percoco, the analyst behind the find shared it with a couple of coworkers, who then exploited the vulnerability to withdraw nearly $3 million from the platform. Kraken noted that the funds stolen in this way were from the Kraken treasury and weren't client assets.

An anonymous reader shares a report: CDK Global, the company that provides management software for nearly 15,000 car dealerships in North America, is down for a second day following a cyberattack, according to a report from Automotive News. The outage has left car dealerships across North America unable to access the internal systems used to track car sales, view customer information, schedule maintenance, and more.

On Wednesday, CDK Global told dealerships that it's "investigating a cyber incident" and "proactively shut all systems down" while addressing the issue. However, as reported by Automotive News, CDK Global restored its systems shortly after, only to shut them down hours later due to "an additional cyber incident."

The U.S. Senate has passed a bill to accelerate the deployment of nuclear energy capacity, including by speeding permitting and creating new incentives for advanced nuclear reactor technologies. From a report: Expanding nuclear power has broad bipartisan support, with Democrats seeing it as critical to decarbonizing the power sector to fight climate change and Republicans viewing it as a way to ensure reliable electricity supply and create jobs. A version of the bill had already passed in the House of Representatives and it will now go to President Joe Biden for a signature to become law. It passed the Senate 88-2 votes.

"In a major victory for our climate and American energy security, the U.S. Senate has passed the ADVANCE Act with overwhelming, bipartisan support," said Senator Tom Carper, a Democrat, who is Chairman of the Senate Environment and Public Works Committee. "Today, we sent the ADVANCE Act to the president's desk because Congress worked together to recognize the importance of nuclear energy to America's future and got the job done," said Republican Shelley Moore Capito, a ranking member of the committee.

A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. From a report: As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft's account security team. Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn't reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it.

AMD said on Tuesday it was looking into claims that company data was stolen in a hack by a cybercriminal organization called "Intelbroker". "The alleged intrusion, which took place in June 2024, reportedly resulted in the theft of a significant amount of sensitive information, spanning across various categories," reports Hackread. From the report: In a recent post on Breach Forums, IntelBroker detailed the extent of the compromised data. The hacker claims to have accessed information related to the following records: ROMs, Firmware, Source code, Property files, Employee databases, Customer databases, Financial information, Future AMD product plans, and Technical specification sheets. The hacker is selling the data exclusively for XMR (Monero) cryptocurrency, accepting a middleman for transactions. He advises interested buyers to message him with their offers.

The reputation of IntelBroker in the cybersecurity community is one of significant concern, given the scale and sensitivity of the targeted entities in previous hacks. The hacker's past exploits include breaches of: Europol, Tech in Asia, Space-Eyes, Home Depot, Facebook Marketplace, U.S. contractor Acuity Inc., Staffing giant Robert Half, Los Angeles International Airport, and Alleged breaches of HSBC and Barclays Bank. Although the hacker's origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the T-Mobile data breaches.

An anonymous reader quotes a report from The Register: Asda is transferring more than 100 internal IT workers to Indian outsourcing company TCS as it labors to meet deadlines to move away from IT systems supported by previous owner Walmart by the end of the year. According to documents seen by The Register, a collective consultation for a staff transfer under TUPE -- an arrangement by which employment rights are protected under UK law -- begins today (June 17). The UK's third-largest supermarket expects affected staff to meet line managers from June 24, while the transfer date is set for September 16. Contractors will be let go at the end of their current contracts. Asda employs around 5,000 staff in its UK offices. Between 130 and 135 members of the IT team have entered the collective consultation to move to TCS.

The move came as private equity company TDR Capital gained majority ownership of the supermarket group. It was acquired from Walmart by the brothers Mohsin and Zuber Issa and TDR Capital in February 2021 at a value of 6.8 billion pounds. The US retail giant retained "an equity investment." Project Future is a massive shift in the retailer's IT function. It is upgrading a legacy ERP system from SAP ECC -- run on-prem by Walmart -- to the latest SAP S/4HANA in the Microsoft Azure cloud, changing the application software, infrastructure, and business processes at the same time. Other applications are also set to move to Azure, including ecommerce and store systems, while Asda is creating an IT security team for the first time -- the work had previously been carried out by its US owner.

Asda signed up to SAP's "RISE" program in a deal to lift, shift, and transform its ERP system -- a vital plank in the German vendor's strategy to get customers to the cloud -- in December 2021. But the project has already been beset by delays. The UK retailer had signed a three-year deal with Walmart in February 2021 to continue to support its existing system, but was forced to renegotiate to extend the arrangement, saying it planned to move away from the legacy systems before the end of 2024. Although one insider told El Reg that deadline was "totally unachievable," the Walmart deal extends to September 2025, giving the UK retailer room to accommodate further delays without renegotiating the contract.

Asda has yet to migrate a single store to the new infrastructure. The first -- Yorkshire's Otley -- is set to go live by the end of June. One insider pointed out that project managers were trying to book resources from the infrastructure team for later this year and into the next, but, as they were set to transfer to TCS, the infrastructure team did not know who would be doing the work or what resources would be available. "They have a thousand stores to migrate and they're going to be doing that with an infrastructure team who have their eyes on the door. They'll be very professional, but they're not going above and beyond and doing on-call they don't have to do," the insider said.

Bipartisan agreement on government internet subsidies seems unlikely as Democrats and Republicans propose conflicting bills to reauthorize the FCC's spectrum auctions. The Democratic bill aims to fund the now-defunct Affordable Connectivity Program, while the Republican version does not. "While some Republicans supported earlier efforts to extend the subsidy program, those efforts did not go through in time to keep it from ending," notes The Verge. From the report: The Senate Commerce Committee canceled a Tuesday morning markup meeting in which it was set to consider the Spectrum and National Security Act, led by committee chair Maria Cantwell (D-WA). When she introduced it in April, Cantwell said the bill would provide $7 billion to continue funding the Affordable Connectivity Program (ACP), the pandemic-era internet subsidy for low-income Americans that officially ran out of money and ended at the end of May. The main purpose of the bill is to reauthorize the Federal Communications Commission's authority to run auctions for spectrum. The proceeds from spectrum auctions are often used to fund other programs. In addition to the ACP, Cantwell's bill would also fund programs including incentives for domestic chip manufacturing and a program that seeks to replace telecommunications systems that have been deemed national security concerns. The markup was already postponed several times before.

Cantwell blamed Sen. Ted Cruz (R-TX), the top Republican on the Senate Commerce Committee, for standing in the way of the legislation. "We had a chance to secure affordable broadband for millions of Americans, but Senator Cruz said 'no,'" Cantwell said in a statement late Monday. "He said 'no' to securing a lifeline for millions of Americans who rely on the Affordable Connectivity Program to speak to their doctors, do their homework, connect to their jobs, and stay in touch with loved ones -- including more than one million Texas families." In remarks on the Senate floor on Tuesday, Cantwell said her Republican colleagues on the committee offered amendments to limit the ACP funding in the bill. She said the ACP shouldn't be a partisan issue and stressed the wide range of Americans who've relied on the program for high-speed connections, including elderly people living on fixed incomes and many military families. "I hope my colleagues will stop with obstructing and get back to negotiating on important legislation that will deliver these national security priorities and help Americans continue to have access to something as essential as affordable broadband," she said.

Cruz has his own spectrum legislation with Sen. John Thune (R-SD) that would reauthorize the FCC's spectrum auction authority, with a focus on expanding commercial access to mid-band spectrum, commonly used for 5G. But it doesn't have the same ACP funding mechanism. Some large telecom industry players prefer Cruz's bill, in part because it allows for exclusive licensing. Wireless communications trade group CTIA's SVP of government affairs, Kelly Cole, told Fierce Network that the Cruz bill "is a better approach because it follows the historical precedent set by prior bipartisan legislation to extend the FCC's auction authority." But other tech groups like the Internet Technology Industry Council (ITI), which represents companies including Amazon, Apple, Google, and Meta, support Cantwell's bill, in part because of the programs it seeks to fund.

SUSE, a Luxembourg-based open-source company, is launching a new vendor- and LLM-agnostic generative AI platform called SUSE AI solutions. The company aims to leverage the potential of AI to gain a stronger foothold in the U.S. market, where it has struggled to establish brand recognition compared to competitors like Red Hat and Canonical. SUSE CEO Dirk-Peter van Leeuwen believes that the open-source model provides infinite potential for enterprise customers, offering support, security, and long-term stability. The company's recent fork of CentOS has attracted a significant number of users, and its portfolio, including Kubernetes service Rancher and security service Neuvector, positions SUSE well in a market where enterprises are looking to consolidate platforms. Despite ownership changes over the years, SUSE remains committed to expanding its presence in the U.S. market.

An anonymous reader shares a report: IT asset management platform Lansweeper has dispensed a warning for enterprise administrators everywhere. Exactly how old is that Microsoft SQL Server on which your business depends? According to chief strategy officer Roel Decneut, the biz scanned just over a million instances of SQL Server and found that 19.8 percent were now unsupported by Microsoft. Twelve percent were running SQL Server 2014, which is due to drop out of extended support on July 9 -- meaning the proportion will be 32 percent early next month.

For a fee, customers can continue receiving security updates for SQL Server 2014 for another three years. Still, the finding underlines a potential issue facing users of Microsoft's flagship database: Does your business depend on something that should have been put out to pasture long ago? While Microsoft is facing a challenge in getting users to make the move from Windows 10 to Windows 11, admins are facing a similar but far less publicized issue. Sure, IT professionals are all too aware of the risks of running business-critical processes on outdated software, but persuading the board to allocate funds for updates can be challenging.

An anonymous reader quotes a report from The Guardian: Kilifi County's white sandy beaches have made it one of Kenya's most popular tourist destinations. Hotels and beach bars line the 165 mile-long (265km) coast; fishers supply the district's restaurants with fresh seafood; and visitors spend their days boating, snorkelling around coral reefs or bird watching in dense mangrove forests. Soon, this idyllic coastline will host Kenya's first nuclear plant, as the country, like its east African neighbour Uganda, pushes forward with atomic energy plans. The proposals have sparked fierce opposition in Kilifi. In a building by Mida Creek, a swampy bayou known for its birdlife and mangrove forests, more than a dozen conservation and rights groups meet regularly to discuss the proposed plant.

"Kana nuclear!" Phyllis Omido, an award-winning environmentalist who is leading the protests, tells one such meeting. The Swahili slogan means "reject nuclear", and encompasses the acronym for the Kenya Anti-Nuclear Alliance who say the plant will deepen Kenya's debt and are calling for broader public awareness of the cost. Construction on the power station is expected to start in 2027, with it due to be operational in 2034. "It is the worst economic decision we could make for our country," says Omido, who began her campaign last year. A lawsuit filed in the environmental court by lawyers Collins Sang and Cecilia Ndeti in July 2023 on behalf of Kilifi residents, seeks to stop the plant, arguing that the process has been "rushed" and was "illegal", and that public participation meetings were "clandestine". They argue the Nuclear Power and Energy Agency (Nupea) should not proceed with fixing any site for the plant before laws and adequate safeguards are in place. Nupea said construction would not begin for years, that laws were under discussion and that adequate public participation was being carried out. Hearings are continuing to take place.

In November, people in Kilifi filed a petition with parliament calling for an inquiry. The petition, sponsored by the Centre for Justice Governance and Environmental Action (CJGEA), a non-profit founded by Omido in 2009, also claimed that locals had limited information on the proposed plant and the criteria for selecting preferred sites. It raised concerns over the risks to health, the environment and tourism in the event of a nuclear spill, saying the country was undertaking a "high-risk venture" without proper legal and disaster response measures in place. The petition also flagged concerns over security and the handling of radioactive waste in a nation prone to floods and drought. The senate suspended (PDF) the inquiry until the lawsuit was heard. "If we really have to invest in nuclear, why can't [the government] put it in a place that does not cause so much risk to our ecological assets?" says Omido. "Why don't they choose an area that would not mean that if there was a nuclear leak we would lose so much as a country?" Peter Musila, a marine scientist who monitors the impacts of global heating on coral reefs, fears that a nuclear power station will threaten aquatic life. The coral cover in Watamu marine national reserve, a protected area near Kilifi's coast, has improved over the last decade and Musila fears progress could be reversed by thermal pollution from the plant, whose cooling system would suck large amounts of water from the ocean and return it a few degrees warmer, potentially killing fish and the micro-organisms such as plankton, which are essential for a thriving aquatic ecosystem. "It's terrifying," says Musila, who works with the conservation organisation A Rocha Kenya. "It could wreak havoc." Nupea, for its part, "published an impact assessment report last year that recommended policies be put in place to ensure environmental protections, including detailed plans for the handling of radioactive waste; measures to mitigate environmental harm, such as setting up a nuclear unit in the national environment management authority; and emergency response teams," notes the Guardian. "It also proposed social and economic protections for affected communities, including clear guidelines on compensation for those who lose their livelihoods, or are displaced from their land, when the plant is set up."

"Nupea said a power station could create thousands of jobs for Kenyans and said it had partnered with Kilifi universities to start nuclear training programs that would enable more residents to take up jobs at the plant. Wilfred Baya, assistant director for energy for Kilifi county, says the plant could also bring infrastructural development and greater electricity access to a region which suffers frequent power cuts."

Cybercriminals are demanding payments of between $300,000 and $5 million apiece from as many as 10 companies breached in a campaign that targeted Snowflake customers, according to a security firm helping with the investigation. From a report: The hacking scheme has entered a "new stage" as the gang looks to profit from the most valuable information it has stolen, said Austin Larsen, a senior threat analyst at Google's Mandiant security business, which helped lead Snowflake's inquiry. That includes auctioning companies' data on illegal online forums to try to pressure them into making payments, he said.

"We anticipate the actor to continue to attempt to extort victims," Larsen said. Snowflake, a cloud-based data analytics firm, said on June 2 that hackers had launched a "targeted" effort directed against Snowflake users that used single-factor authentication techniques. The company declined to comment on any specific customers.