An anonymous reader quotes a report from MIT Technology Review: Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto.

These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps -- built by major internet companies like Baidu, Tencent, and iFlytek -- basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.

In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties. Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping. [...] After the researchers got in contact with companies that developed these keyboard apps, the majority of the loopholes were fixed. But a few companies have been unresponsive, and the vulnerability still exists in some apps and phones, including QQ Pinyin and Baidu, as well as in any keyboard app that hasn't been updated to the latest version.

Google is delaying the end of third-party cookies in Chrome -- again. This marks the third time Google pushed back its original deadline set in January 2020, when the company said it would phase out third-party cookies "within two years" to improve internet security. Digiday reports: The announcement was made on Tuesday ahead of quarterly reports from Google and the ever-watchful U.K. Competition and Markets Authority (CMA), keeping tabs on how this whole situation unfolds.

"We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem," according to a statement Google posted on its website for the Privacy Sandbox. "It's also critical that the CMA has sufficient time to review all evidence including results from industry tests, which the CMA has asked market participants to provide by the end of June. Given both of these significant considerations, we will not complete third-party cookie deprecation during the second half of Q4."

Google did not outline a more specific timetable beyond hoping for 2025. [...] "We remain committed to engaging closely with the CMA and ICO and we hope to conclude that process this year," Google's statement read. "Assuming we can reach an agreement, we envision proceeding with third-party cookie deprecation starting early next year." "We welcome Google's announcement clarifying the timing of third-party cookie deprecation. This will allow time to assess the results of industry tests and resolve remaining issues," said a spokesperson from the CMA. "Under the commitments, Google has agreed to resolve our remaining competition concerns before going ahead with third-party cookie deprecation. Working closely with the ICO we expect to conclude this process by the end of 2024."

At the start of the year, Google started purging third-party cookies for one percent of browser traffic.

An anonymous reader quotes a report from Wired: Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Cisco warned that its so-called Adaptive Security Appliances -- devices that integrate a firewall and VPN with other security features -- had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant's gear to compromise government targets globally in a hacking campaign it's calling ArcaneDoor.

The hackers behind the intrusions, which Cisco's security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn't be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group's espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored. "This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor," a blog post from Cisco's Talos researchers reads. Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China's state interests.

Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. "The investigation that followed identified additional victims, all of which involved government networks globally," the company's report reads. In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco's ASA products. One, which it's calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers' malware to maintain its access to the target devices even when they were rebooted or updated. It's not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances. Cisco advises that customers apply its new software updates to patch both vulnerabilities.

A separate advisory (PDF) from the UK's National Cybersecurity Center notes that physically unplugging an ASA device does disrupt the hackers' access. "A hard reboot by pulling the power plug from the Cisco ASA has been confirmed to prevent Line Runner from re-installing itself," the advisory reads.

According to the Wall Street Journal, a deal for IBM to acquire HashiCorp could materialize in the next few days. Shares of HashiCorp jumped almost 20% on the news.

UPDATE 4/24/24: IBM has confirmed the deal valued at $6.4 billion. "IBM will pay $35 per share for HashiCorp, a 42.6% premium to Monday's closing price," reports Reuters. "The acquisition will be funded by cash on hand and will add to adjusted core profit within the first full year of closing, expected by the end of 2024." HashiCorp's shares continued to surge Tuesday on the news. CNBC reports: Developers use HashiCorp's software to set up and manage infrastructure in public clouds that companies such as Amazon and Microsoft operate. Organizations also pay HashiCorp for managing security credentials. Founded in 2012, HashiCorp went public on Nasdaq in 2021. The company generated a net loss of nearly $191 million on $583 million in revenue in the fiscal year ending Jan. 31, according to its annual report. In December, Mitchell Hashimoto, co-founder of HashiCorp, whose family name is reflected in the company name, announced that he was leaving.

Revenue jumped almost 23% during that period, compared with 2% for IBM in 2023. IBM executives pointed to a difficult economic climate during a conference call with analysts in January. The hardware, software and consulting provider reports earnings on Wednesday. Cisco held $9 million in HashiCorp shares at the end of March, according to a regulatory filing. Cisco held early acquisition talks with HashiCorp, according to a 2019 report.

Andy Greenberg reports via Wired: More than two months after the start of a ransomware debacle whose impact ranks among the worst in the history of cybersecurity, the medical firm Change Healthcare finally confirmed what cybercriminals, security researchers, and Bitcoin's blockchain had already made all too clear: that it did indeed pay a ransom to the hackers who targeted the company in February. And yet, it still faces the risk of losing vast amounts of customers' sensitive medical data. In a statement sent to WIRED and other news outlets on Monday evening, Change Healthcare wrote that it paid a ransom to a cybercriminal group extorting the company, a hacker gang known as AlphV or BlackCat. "A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure," the statement reads. The company's belated admission of that payment accompanied a new post on its website where it warns that the hackers may have stolen health-related data that would "cover a substantial proportion of people in America."

Cybersecurity and cryptocurrency researchers told WIRED last month that Change Healthcare appeared to have paid that ransom on March 1, pointing to a transaction of 350 bitcoins or roughly $22 million sent into a crypto wallet associated with the AlphV hackers. That transaction was first highlighted in a message on a Russian cybercriminal forum known as RAMP, where one of AlphV's allegedly jilted partners complained that they hadn't received their cut of Change Healthcare's payment. However, for weeks following that transaction, which was publicly visible on Bitcoin's blockchain and which both security firm Recorded Future and blockchain analysis firm TRM Labs told WIRED had been received by AlphV, Change Healthcare repeatedly declined to confirm that it had paid the ransom.

Change Healthcare's confirmation of that extortion payment puts new weight behind the cybersecurity industry's fears that the attack -- and the profit AlphV extracted from it -- will lead ransomware gangs to further target health care companies. "It 100 percent encourages other actors to target health care organizations," Jon DiMaggio, a researcher with cybersecurity firm Analyst1 who focuses on ransomware, told WIRED at the time the transaction was first spotted in March. "And it's one of the industries we don't want ransomware actors to target -- especially when it affects hospitals." Compounding the situation, a conflict between hackers in the ransomware ecosystem has led to a second ransomware group claiming to possess Change Healthcare's stolen data and threatening to sell it to the highest bidder on the dark web. Earlier this month that second group, known as RansomHub, sent WIRED alleged samples of the stolen data that appeared to come from Change Healthcare's network, including patient records and a contract with another health care company.

An anonymous reader quotes a report from Ars Technica: There's a new Linux distro on the scene today, and it's a bit specialized. Its development was led by the automotive electronics supplier Elektrobit, and it's the first open source OS that complies with the automotive industry's functional safety requirements. [...] With Elektrobit's EB corbos Linux for Safety Applications (that sure is a long name), there's an open source Linux distro that finally fits the bill, having just been given the thumbs up by the German organization TUV Nord. (It also complies with the IEC 61508 standard for safety applications.) "The beauty of our concept is that you don't even need to safety-qualify Linux itself," said Moritz Neukirchner, a senior director at Elektrobit overseeing SDVs. Instead, an external safety monitor runs in a hypervisor, intercepting and validating kernel actions.

"When you look at how safety is typically being done, look at communication -- you don't safety-certify the communication specs or Ethernet stack, but you do a checker library on top, and you have a hardware anchor for checking down below, and you insure it end to end but take everything in between out of the certification path. And we have now created a concept that allows us to do exactly that for an operating system," Neukirchner told me. "So in the end, since we take Linux out of the certification path and make it usable in a safety-related context, we don't have any problems in keeping up to speed with the developer community," he explained. "Because if you start it off and say, 'Well, we're going to do Linux as a one-shot for safety,' you're going to have the next five patches and you're off [schedule] again, especially with the security regulation that's now getting toward effect now, starting in July with the UNECE R155 that requires continuous cybersecurity management vulnerability scanning for all software that ends up in the vehicle."

"In the end, we see roughly 4,000 kernel security patches within eight years for Linux. And this is the kind of challenge that you're being put up to if you want to participate in that speed of innovation of an open source community as rich as that of Linux and now want to combine this with safety-related applications," Neukirchner said. Elektrobit developed EB corbos Linux for Safety Applications together with Canonical, and together they will share the maintenance of keeping it compliant with safety requirements over time.

A Shanghai flying taxi company says that China's "low altitude" industry is edging ahead of western rivals, thanks to more supportive regulators, technological breakthroughs and cut-throat competition in the Chinese logistics sector. From a report: The total market created by electric vertical take-off and landing, or eVTOL, aircraft is forecast to be worth $1.5tn a year by 2040 in a base-case assessment by Morgan Stanley analysts, with potential customers across airlines, logistics, emergency services, agriculture, tourism and security operations. China's AutoFlight Group won airworthiness certification from the Civil Aviation Administration of China in late March for the design and parts for its unmanned CarryAll aircraft -- a global first for an eVTOL weighing more than 1 tonne being cleared by regulators.

Kellen Xie, AutoFlight vice-president, said that while the company is also seeking similar approvals in Europe, the CAAC has been "quite supportive" of the new industry. "They work longer hours... they are determined to actually speed up the process of bringing this new technology into reality," he said. EVTOL aircraft take off vertically, like helicopters, but then transition into fixed-wing mode for travelling at higher speeds, offering faster and more efficient transport than ground-based options. Analysts point to a labyrinth of regulatory and safety hurdles, but supporters say the technology could fundamentally reshape how humans travel and freight is moved, in a level of disruption akin to the introduction of mass-market cars and commercial airlines. Most eVTOL aircraft are still in the testing stages and vary widely in terms of how fast and high they can fly and how much weight they can carry.

North Korean animators have been secretly working on major international TV shows, including an Amazon superhero series and an upcoming HBO Max children's anime, according to a report by cybersecurity researchers. The findings, detailed in a report by the Stimson Center think tank's 38 North Project and Google-owned security firm Mandiant, provide a glimpse into how North Korea can use skilled IT workers to raise funds for its heavily sanctioned regime.

Researcher Nick Roy discovered a misconfigured cloud server on a North Korean IP address in December, containing thousands of animation files, including cells, videos, and notes discussing ongoing projects. Some images appeared to be from Amazon's "Invincible" and HBO Max's "Iyanu: Child of Wonder." The server, which mysteriously stopped being used at the end of February, likely allowed work to be sent to and from North Korean animators, according to Martyn Williams, a senior fellow on the 38 North Project. U.S. sanctions prohibit companies from working with North Korean entities, but the researchers say it is unlikely that the companies involved were aware of the animators' origins. The report suggests the contracting arrangement was several steps removed from the major producers.

This week the Register spoke to former senior White House cyber policy director A.J. Grotto — who complained it was hard to get even slight concessions from Microsoft: "If you go back to the SolarWinds episode from a few years ago ... [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default. [In the interview he calls it "an epic fight" which lasted 18 months."] [G]iven the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern.
He estimates that Microsoft makes 85% of U.S. government productivity software — and has an even greater share of their operating systems. "Microsoft in many ways has the government locked in, he says in the interview, "and so it's able to transfer a lot of these costs associated with the security breaches over to the federal government."

And about five minutes in, he says, point-blank, that "It's perfectly fair" to consider Microsoft a national security threat, given its dominance "not just within the federal government, but really in sort of the boarder IT marketplace. I think it's fair to say, yeah, that a systemic compromise that affects Microsoft and its products do rise to the level of a national security risk."

He'd like to see the government encourage more competition — to the point where public scrutiny prompts software customers to change their behavior, and creates a true market incentive for better performance...

Long-time Slashdot reader tippen shared this report from the Register: AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.

In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists — Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang — report that OpenAI's GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw. "To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description," the US-based authors explain in their paper. "When given the CVE description, GPT-4 is capable of exploiting 87 percent of these vulnerabilities compared to 0 percent for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit)...."

The researchers' work builds upon prior findings that LLMs can be used to automate attacks on websites in a sandboxed environment. GPT-4, said Daniel Kang, assistant professor at UIUC, in an email to The Register, "can actually autonomously carry out the steps to perform certain exploits that open-source vulnerability scanners cannot find (at the time of writing)."
The researchers wrote that "Our vulnerabilities span website vulnerabilities, container vulnerabilities, and vulnerable Python packages. Over half are categorized as 'high' or 'critical' severity by the CVE description...."

"Kang and his colleagues computed the cost to conduct a successful LLM agent attack and came up with a figure of $8.80 per exploit"

SiliconANGLE reports that to help organizations detect vulnerabilities earlier, Red Hat has "announced updates to its Trusted Software Supply Chain that enable organizations to shift security 'left' in the software supply chain." Red Hat announced Trusted Software Supply Chain in May 2023, pitching it as a way to address the rising threat of software supply chain attacks. The service secures software pipelines by verifying software origins, automating security processes and providing a secure catalog of verified open-source software packages. [Thursday's updates] are aimed at advancing the ability for customers to embed security into the software development life cycle, thereby increasing software integrity earlier in the supply chain while also adhering to industry regulations and compliance standards.

They start with a new tool called Red Hat Trust Artifact Signer. Based on the open-source Sigstore project [founded at Red Hat and now part of the Open Source Security Foundation], Trust Artifact Signer allows developers to sign and verify software artifacts cryptographically without managing centralized keys, to enhance trust in the software supply chain. The second new release, Red Hat Trusted Profile Analyzer, provides a central source for security documentation such as Software Bill of Materials and Vulnerability Exploitability Exchange. The tool simplifies vulnerability management by enabling proactive identification and minimization of security threats.

The final new release, Red Hat Trusted Application Pipeline, combines the capabilities of the Trusted Profile Analyzer and Trusted Artifact Signer with Red Hat's internal developer platform to provide integrated security-focused development templates. The feature aims to standardize and accelerate the adoption of secure development practices within organizations.
Specifically, Red Hat's announcement says organizations can use their new Trust Application Pipeline feature "to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations."

An anonymous reader shared this report from the Washington Post: U.S. government officials were scrambling Friday night to prevent what they fear could be a significant loss of access to critical national security information, after two major U.S. communications providers said they would stop complying with orders under a controversial surveillance law that is set to expire at midnight, according to five people familiar with the matter.

One communications provider informed the National Security Agency that it would stop complying on Monday with orders under Section 702 of the Foreign Intelligence Surveillance Act, which enables U.S. intelligence agencies to gather without a warrant the digital communications of foreigners overseas — including when they text or email people inside the United States. Another provider suggested that it would cease complying at midnight Friday unless the law is reauthorized, according to the people familiar with the matter, who spoke on the condition of anonymity to discuss sensitive negotiations.

The companies' decisions, which were conveyed privately and have not previously been reported, have alarmed national security officials, who strongly disagree with their position and argue that the law requires the providers to continue complying with the government's surveillance orders even after the statute expires. That's because a federal court this month granted the government a one-year extension to continue intelligence collection.
UPDATE (4/20/2024): US Passes Bill Reauthorizing 'FISA' Surveillance for Two More Years.

China ordered Apple to remove some of the world's most popular chat messaging apps from its app store in the country, the latest example of censorship demands on the iPhone seller in the company's second-biggest market. WSJ: Meta's WhatsApp and Threads as well as messaging platforms Signal, Telegram and Line were taken off the Chinese App Store Friday [non-paywalled link]. Apple said it was told to remove certain apps because of national security concerns, without specifying which. "We are obligated to follow the laws in the countries where we operate, even when we disagree," an Apple spokesperson said in a statement.

These messaging apps, which allow users to exchange messages and share files individually and in big groups, combined have more than three billion users globally. They can only be accessed in China through virtual private networks that take users outside China's Great Firewall, but are still commonly used. Beijing has often viewed such platforms with caution, concerned that these apps could be used by its citizens to spread negative content and organize demonstrations or social movements. Much of the news China censors at home often makes it beyond the Great Firewall through such channels.

schwit1 shares a report from Reuters: Chinese government-linked hackers have burrowed into U.S. critical infrastructure and are waiting "for just the right moment to deal a devastating blow," FBI Director Christopher Wray said on Thursday. An ongoing Chinese hacking campaign known as Volt Typhoon has successfully gained access to numerous American companies in telecommunications, energy, water and other critical sectors, with 23 pipeline operators targeted, Wray said in a speech at Vanderbilt University.

China is developing the "ability to physically wreak havoc on our critical infrastructure at a time of its choosing," Wray said at the 2024 Vanderbilt Summit on Modern Conflict and Emerging Threats. "Its plan is to land low blows against civilian infrastructure to try to induce panic." Wray said it was difficult to determine the intent of this cyber pre-positioning which was aligned with China's broader intent to deter the U.S. from defending Taiwan. [...] Wray said China's hackers operated a series of botnets - constellations of compromised personal computers and servers around the globe - to conceal their malicious cyber activities. Private sector American technology and cybersecurity companies previously attributed Volt Typhoon to China, including reports by security researchers with Microsoft and Google. China's Embassy in Washington said in a statement: "Some in the US have been using origin-tracing of cyberattacks as a tool to hit and frame China, claiming the US to be the victim while it's the other way round, and politicizing cybersecurity issues."

U.S. telecom provider Frontier Communications shut down its systems after a cybercrime group breached some of its IT systems in a recent cyberattack. BleepingComputer reports: Frontier is a leading U.S. communications provider that provides gigabit Internet speeds over a fiber-optic network to millions of consumers and businesses across 25 states. After discovering the incident, the company was forced to partially shut down some systems to prevent the threat actors from laterally moving through the network, which also led to some operational disruptions. Despite this, Frontier says the attackers could access some PII data, although it didn't disclose if it belonged to customers, employees, or both.

"On April 14, 2024, Frontier Communications Parent, Inc. [..] detected that a third party had gained unauthorized access to portions of its information technology environment," the company revealed in a filing with the U.S. Securities and Exchange Commission on Thursday. "Based on the Company's investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information." Frontier now believes that it has contained the breach, has since restored its core IT systems affected during the incident, and is working on restoring normal business operations.

An anonymous reader shares a report: A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime. The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for "know your customer" checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions.The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm. A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

An anonymous reader quotes a report from Ars Technica: The US AI Safety Institute -- part of the National Institute of Standards and Technology (NIST)—has finally announced its leadership team after much speculation. Appointed as head of AI safety is Paul Christiano, a former OpenAI researcher who pioneered a foundational AI safety technique called reinforcement learning from human feedback (RLHF), but is also known for predicting that "there's a 50 percent chance AI development could end in 'doom.'" While Christiano's research background is impressive, some fear that by appointing a so-called "AI doomer," NIST may be risking encouraging non-scientific thinking that many critics view as sheer speculation.

There have been rumors that NIST staffers oppose the hiring. A controversial VentureBeat report last month cited two anonymous sources claiming that, seemingly because of Christiano's so-called "AI doomer" views, NIST staffers were "revolting." Some staff members and scientists allegedly threatened to resign, VentureBeat reported, fearing "that Christiano's association" with effective altruism and "longtermism could compromise the institute's objectivity and integrity." NIST's mission is rooted in advancing science by working to "promote US innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life." Effective altruists believe in "using evidence and reason to figure out how to benefit others as much as possible" and longtermists that "we should be doing much more to protect future generations," both of which are more subjective and opinion-based. On the Bankless podcast, Christiano shared his opinions last year that "there's something like a 10-20 percent chance of AI takeover" that results in humans dying, and "overall, maybe you're getting more up to a 50-50 chance of doom shortly after you have AI systems that are human level." "The most likely way we die involves -- not AI comes out of the blue and kills everyone -- but involves we have deployed a lot of AI everywhere... [And] if for some reason, God forbid, all these AI systems were trying to kill us, they would definitely kill us," Christiano said.

As head of AI safety, Christiano will seemingly have to monitor for current and potential risks. He will "design and conduct tests of frontier AI models, focusing on model evaluations for capabilities of national security concern," steer processes for evaluations, and implement "risk mitigations to enhance frontier model safety and security," the Department of Commerce's press release said. Christiano has experience mitigating AI risks. He left OpenAI to found the Alignment Research Center (ARC), which the Commerce Department described as "a nonprofit research organization that seeks to align future machine learning systems with human interests by furthering theoretical research." Part of ARC's mission is to test if AI systems are evolving to manipulate or deceive humans, ARC's website said. ARC also conducts research to help AI systems scale "gracefully." "In addition to Christiano, the safety institute's leadership team will include Mara Quintero Campbell, a Commerce Department official who led projects on COVID response and CHIPS Act implementation, as acting chief operating officer and chief of staff," reports Ars. "Adam Russell, an expert focused on human-AI teaming, forecasting, and collective intelligence, will serve as chief vision officer. Rob Reich, a human-centered AI expert on leave from Stanford University, will be a senior advisor. And Mark Latonero, a former White House global AI policy expert who helped draft Biden's AI executive order, will be head of international engagement."

Gina Raimondo, US Secretary of Commerce, said in the press release: "To safeguard our global leadership on responsible AI and ensure we're equipped to fulfill our mission to mitigate the risks of AI and harness its benefits, we need the top talent our nation has to offer. That is precisely why we've selected these individuals, who are the best in their fields, to join the US AI Safety Institute executive leadership team."

An anonymous reader quotes a report from Futurism: In a new blog post from LastPass, the password management firm used by countless personal and corporate clients to help protect their login information, the company explains that someone used AI voice-cloning tech to spoof the voice of its CEO in an attempt to trick one of its employees. As the company writes in the post, one of its employees earlier this week received several WhatsApp communications -- including calls, texts, and a voice message -- from someone claiming to be its CEO, Karim Toubba. Luckily, the LastPass worker didn't fall for it because the whole thing set off so many red flags. "As the attempted communication was outside of normal business communication channels and due to the employee's suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency)," the post reads, "our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally."

While this LastPass scam attempt failed, those who follow these sorts of things may recall that the company has been subject to successful hacks before. In August 2022, as a timeline of the event compiled by the Cybersecurity Dive blog detailed, a hacker compromised a LastPass engineer's laptop and used it to steal source code and company secrets, eventually getting access to its customer database -- including encrypted passwords and unencrypted user data like email addresses. According to that timeline, the clearly-resourceful bad actor remained active in the company's servers for months, and it took more than two months for LastPass to admit that it had been breached. More than six months after the initial breach, Toubba, the CEO, provided a blow-by-blow timeline of the months-long attack and said he took "full responsibility" for the way things went down in a February 2023 blog post.

At Amazon's annual cloud conference in 2016, the company captured the crowd's attention by driving an 18-wheeler onstage. Andy Jassy, now Amazon's CEO, called it the Snowmobile, and said the company would be using the truck to help customers speedily transfer data to Amazon Web Services facilities. Less than eight years later, the semi is out of commission. From a report: As of March, AWS had removed Snowmobile from its website, and the Amazon unit has stopped offering the service, CNBC has confirmed. The webpage devoted to AWS' "Snow family" of products now directs users to its other data transport services, including the Snowball Edge, a 50-pound suitcase-sized device that can be equipped with fast solid-state drives, and the smaller Snowcone.

An AWS spokesperson said in an emailed statement that the company has introduced more cost-effective options for moving data. Clients had to deal with power, cooling, networking, parking and security when they used the Snowmobile service, the spokesperson said.

404 Media: An online service is scraping Discord servers en masse, archiving and tracking users' messages and activity across servers including what voice channels they join, and then selling access to that data for as little as $5. Called Spy Pet, the service's creator says it scrapes more than ten thousand Discord servers, and besides selling access to anyone with cryptocurrency, is also offering the data for training AI models or to assist law enforcement agencies, according to its website.

The news is not only a brazen abuse of Discord's platform, but also highlights that Discord messages may be more susceptible to monitoring than ordinary users assume. Typically, a Discord user's activity is spread across disparate servers, with no one entity, except Discord itself, able to see what messages someone has sent across the platform more broadly. With Spy Pet, third-parties including stalkers or potentially police can look up specific users and see what messages they've posted on various servers at once. "Have you ever wondered where your friend hangs out on Discord? Tired of basic search tools like Discord.id? Look no further!" Spy Pet's website reads. It claims to be tracking more than 14,000 servers, 600 million users, and includes a database of more than 3 billion messages.