Linux fréttir

A ransomware-as-a-service variant called "Medusa" has claimed over 300 victims in "critical infrastructure sectors" (including medical), according to an joint alert from CISA, the FBI, and the Multi-State Information Sharing Analysis Center. And that alert reminds us that Medusa is a globe-spanning operation that recruits third-party affiliates to plant ransomware and negotiate with victims, notes the Register. "Even organizations that have good ransomware recovery regimes, meaning they don't need to unscramble encrypted data as they have good backups and fall-back plans, may consider paying to prevent the release of their stolen data, given the unpleasant consequences that follow information leaks. Medusa actors also set a deadline for victims to pay ransoms and provide a countdown timer that makes it plain when stolen info will be sprayed across the internet. If victims cough up $10,000 in cryptocurrency, the crims push the deadline forward by 24 hours. The advisory reveals one Medusa actor has taken things a step further. "FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid," the advisory states. That separate actor then "requested half of the payment be made again to provide the 'true decryptor'," the advisory states, describing this incident as "potentially indicating a triple extortion scheme." The security groups' advisory stresses that they "do not encourage paying ransoms as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations..." (But "Regardless of whether you or your organization have decided to pay the ransom, FBI, CISA, and MS-ISAC urge you to promptly report ransomware incidents...) Besides updating software and operating systems, the alert makes these recommendations for organizations: Require VPNs (or jump hosts) for remote network access Block remote access from unknown/untrusted origins, and disable unused ports Segment networks to help prevent the spread of ransomware Use a networking monitoring tool to spot and investigate abnormal activity — including lateral movement (using endpoint detection and response tools). Log all network traffic, and monitor it for unauthorized scanning and access attempts. Create recovery plans with encrypted offline backups of sensitive/proprietary data and servers Require multifactor authentication, use strong (and long) passwords, and "consider not requiring frequently recurring password changes, as these can weaken security." (Also audit access control following the principle of least privilege, and watch for new and/or unrecognized accounts.) Disable command-line and scripting activities and permissions.

Read more of this story at Slashdot.

The Washington Post reports: Oceans last year reached their highest levels in three decades — with the rate of global sea level rise increasing around 35% higher than expected, according to a NASA-led analysis published Thursday... Last year's rate of average global sea level rise was 0.23 inches per year, higher than the expected 0.17 inches per year, NASA said in a news release. The rate of global sea level rise follows a trend of rapidly increasing rates over the past 30 years. From 1993 to 2023, the rate of global sea level rise doubled, increasing from 0.08 inches per year to 0.18 inches, another NASA-led study showed. Overall, the global sea level has climbed by 4 inches since 1993. More details from ABC News: Climate change was a major driver to an unexpected level of sea level rise in 2024, according to a new NASA analysis... The majority of the difference between predicted and actual sea level rise was attributed to thermal expansion — or the ocean waters expanding as they warm, researchers said. An unusual amount of ocean warming, combined with meltwater from land-based ice such as glaciers, led to the increase of sea level rise last year, according to NASA. About two-thirds of sea level rise in recent years has resulted from the melting of ice sheets and glaciers, with a third coming from thermal expansion, according to NASA. In 2024, those metrics flipped, with two-thirds of the rise attributed to expanding ocean water and one-third attributed to contributions from melting ice. "With 2024 as the warmest year on record, Earth's expanding oceans are following suit, reaching their highest levels in three decades," said Nadya Vinogradova Shiffer, head of physical oceanography programs and the Integrated Earth System Observatory at NASA... Human-amplified climate change is the primary cause for present-day rising sea levels, climate research shows.

Read more of this story at Slashdot.

"A new four-lane highway cutting through tens of thousands of acres of protected Amazon rainforest is being built for the COP30 climate summit," reports the BBC, "in the Brazilian city of Belém." The highway will ease traffic into the city, which will host over 50,000 people at the conference this November: The state government touts the highway's "sustainable" credentials, but some locals and conservationists are outraged at the environmental impact... Along the partially built road, lush rainforest towers on either side — a reminder of what was once there. Logs are piled high in the cleared land which stretches more than 13km (8 miles) through the rainforest into Belém. Diggers and machines carve through the forest floor, paving over wetland to surface the road which will cut through a protected area... The road leaves two disconnected areas of protected forest. Scientists are concerned it will fragment the ecosystem and disrupt the movement of wildlife... The state government of Pará had touted the idea of this highway, known as Avenida Liberdade, as early as 2012, but it had repeatedly been shelved because of environmental concerns. Now a host of infrastructure projects have been resurrected or approved to prepare the city for the COP summit. But on the bright side, Adler Silveira, the state government's infrastructure secretary, said the highway would have wildlife crossings for animals to pass over, as well as climate-friendly bike lanes and solar-powered lighting...

Read more of this story at Slashdot.

"Why can't we each have our own AI software that runs locally," asks long-time Slashdot reader BrendaEM — and that doesn't steal the work of others. Imagine a powerful-but-locally-hosted LLM that "doesn't spy... and no one else owns it." We download it, from souce-code if you like, install it, if we want. And it assists: us... No one gate-keeps it. It's not out to get us... And this is important: because no one owns it, the AI software is ours and leaks no data anywhere — to no one, no company, for no political nor financial purpose. No one profits — but you! Their longer original submission also asks a series of related questions — like why can't we have software without AI? (Along with "Why is AMD stamping AI on local-processors?" and "Should AI be crowned the ultimate hype?") But this question seems to be at the heart of their concern. "What future will anyone have if anything they really wanted to do — could be mimicked and sold by the ill-gotten work of others...?" "Could local, open-source, AI software be the only answer to dishearten billionaire companies from taking and selling back to their customers — everything we have done? Could we not...instead — steal their dream?!" Share your own thoughts and answers in the comments. Where are the open-source, local-only AI solutions?

Read more of this story at Slashdot.

"For the first time in history, a privately operated lunar lander has captured images of a total eclipse from the Moon's surface," reports Daily Galaxy. While the Athena lunar lander tipped over and ended its mission, elsewhere on the moon Firefly Aerospace's Blue Ghost lunar lander "continues to beam home incredible imagery," writes Space.com, and since its landing on March 2 "has been sending us stunning photos and videos..." A new video of Blue Ghost's moon-side view captures the eerie red light on the moon (caused by sunlight refracting through the atmosphere over the edges of the earth). "Blue Ghost turns red!" Firefly writes on their mission updates page. A SpaceX photographer also captured the eclipse as it happened over a Falcon 9 rocket waiting to launch to the International Space Station, in a remarkable time-lapse photograph. And Space.com collects more interesting lunar-eclipse photos taken from around the world, including Appin, Scotland; Canberra, Australia; and Palm Springs, California...

Read more of this story at Slashdot.

Long-time Slashdot reader BenFenner writes: For the third time in recent memory, CloudFlare has blocked large swaths of niche browsers and their users from accessing web sites that CloudFlare gate-keeps. In the past these issues have been resolved quickly (within a week) and apologies issued with promises to do better. (See 2024-03-11, 2024-07-08, and 2025-01-30.) This time around it has been over six weeks and CloudFlare has been unable or unwilling to fix the problem on their end, effectively stalling any progress on the matter with various tactics including asking browser developers to sign overarching NDAs. That last link is an update posted today by Pale Moon's main developer: Our current situation remains unchanged: CloudFlare is still blocking our access to websites through the challenges, and the captcha/turnstile continues to hang the browser until our watchdog terminates the hung script after which it reloads and hangs again after a short pause (but allowing users to close the tab in that pause, at least). To say that this upsets me is an understatement. Other than deliberate intent or absolute incompetence, I see no reason for this to endure. Neither of those options are very flattering for CloudFlare. I wish I had better news. In a comment, Slashdot reader BenFenner shares a list posted by Pale Moon's developer of reportedly affected browsers: Pale MoonBasiliskWaterfoxFalkonSeaMonkeyVarious Firefox ESR flavorsThorium (on some systems)Ungoogled ChromiumK-MeleonLibreWolfMyPal 68Otter browser Slashdot reader Z00L00K speculates that "this is some kind of anti-bot measure that fails. I suspect that the reason for them wanting a NDA to be signed is to prevent ways to circumvent the anti-bot measures..."

Read more of this story at Slashdot.