Linux fréttir

AI lowers the bar for cybercrime, Anthropic admits

comment Anthropic, a maker of AI tools, says that AI tools are now commonly used to commit cybercrime and facilitate remote worker fraud.…

Not a disaster recovery option, but good enough for a migration

Microsoft continues to take what's familiar to ordinary users and offer it to enterprises. The latest functionality is Windows Backup for Organizations.…

An anonymous reader quotes a report from The Hill: Republicans on the House Oversight and Government Reform Committee opened a probe into alleged organized efforts to inject bias into Wikipedia entries and the organization's responses. Chair James Comer (R-Ky.) and Rep. Nancy Mace (R-S.C.), chair of the panel's subcommittee on cybersecurity, information technology, and government innovation, on Wednesday sent an information request on the matter to Maryana Iskander, chief executive officer of the Wikimedia Foundation, the nonprofit that hosts Wikipedia. The request, the lawmakers said in the letter (PDF), is part of an investigation into "foreign operations and individuals at academic institutions subsidized by U.S. taxpayer dollars to influence U.S. public opinion." The panel is seeking documents and communications about Wikipedia volunteer editors who violated the platform's policies, as well as the Wikimedia Foundation's efforts to "thwart intentional, organized efforts to inject bias into important and sensitive topics." "Multiple studies and reports have highlighted efforts to manipulate information on the Wikipedia platform for propaganda aimed at Western audiences," Comer and Mace wrote in the letter. They referenced a report from the Anti-Defamation League about anti-Israel bias on Wikipedia that detailed a coordinated campaign to manipulate content related to the Israel-Palestine conflict and similar issues, as well as an Atlantic Council report on pro-Russia actors using Wikipedia to push pro-Kremlin and anti-Ukrainian messaging, which can influence how artificial intelligence chatbots are trained. "[The Wikimedia] foundation, which hosts the Wikipedia platform, has acknowledged taking actions responding to misconduct by volunteer editors who effectively create Wikipedia's encyclopedic articles. The Committee recognizes that virtually all web-based information platforms must contend with bad actors and their efforts to manipulate. Our inquiry seeks information to help our examination of how Wikipedia responds to such threats and how frequently it creates accountability when intentional, egregious, or highly suspicious patterns of conduct on topics of sensitive public interest are brought to attention," Comer and Mace wrote. The lawmakers requested information about "the tools and methods Wikipedia utilizes to identify and stop malicious conduct online that injects bias and undermines neutral points of view on its platform," including documents and records about possible coordination of state actors in editing, the kind of accounts that have been subject to review, and and of the panel's analysis of data manipulation or bias. "We welcome the opportunity to respond to the Committee's questions and to discuss the importance of safeguarding the integrity of information on our platform," a Wikimedia Foundation spokesperson said.

Read more of this story at Slashdot.

Fast-glob is widely used in government, security lab says

A Node.js utility used by thousands of public projects - and more than 30 Department of Defense ones - appears to have a sole maintainer whose online profiles identify him as a Yandex employee living in Russia.…

Feature rolls out to Microsoft 365 Insiders, stashing unnamed files in OneDrive by default

Ever get that sinking feeling when Word crashes before you've made your first save? An application update is set to save the day by automatically enabling autosave to the cloud for new documents, before you've even given them a filename.…

An anonymous reader shares a report: Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple. You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out. The paper also offers a "logit-gap" analysis approach as a potential benchmark for protecting models against such attacks. "Our research introduces a critical concept: the refusal-affirmation logit gap," researchers Tung-Ling "Tony" Li and Hongliang Liu explained in a Unit 42 blog post. "This refers to the idea that the training process isn't actually eliminating the potential for a harmful response -- it's just making it less likely. There remains potential for an attacker to 'close the gap,' and uncover a harmful response after all."

Read more of this story at Slashdot.

Feature bloat, or added value for this JavaScript toolkit?

The Bun team has released version 1.2.21 of its JavaScript bundler and runtime, written in Zig, adding features including built-in drivers for MySQL and SQLite, a YAML parser, and a secrets manager for tools and local development.…

Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon

Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday evening.…

Deforestation has killed more than half a million people in the tropics over the past two decades as a result of heat-related illness, a study has found. The Guardian: Land clearance is raising the temperature in the rainforests of the Amazon, Congo and south-east Asia because it reduces shade, diminishes rainfall and increases the risk of fire, the authors of the paper found. Deforestation is responsible for more than a third of the warming experienced by people living in the affected regions, which is on top of the effect of global climate disruption. About 345 million people across the tropics suffered from this localised, deforestation-caused warming between 2001 and 2020. For 2.6 million of them, the additional heating added 3C to their heat exposure. In many cases, this was deadly. The researchers estimated that warming due to deforestation accounted for 28,330 annual deaths over that 20-year period.

Read more of this story at Slashdot.

No stew on the stove, but plenty of heat as devs compete to flag suspect Medicare data

Seeking to rein in healthcare fraud, the US Centers for Medicare & Medicaid Services (CMS) is seeking explainable AI models that can identify patterns suggestive of malfeasance.…

Don't let it happen to you

Storm-0501, a financially motivated cybercrime crew, recently broke into a large enterprise's on-premises and cloud environments, ultimately exfiltrating and destroying data within the org's Azure environment. The criminals then contacted the victim via a Microsoft Teams account that they'd also compromised in the attack, demanding a ransom payment for the stolen files.…

The FBI and other law enforcement and intelligence agencies around the world warned Wednesday that a Chinese-government hacking campaign that previously penetrated nine U.S. telecommunications companies has expanded into other industries and regions, striking at least 200 American organizations and 80 countries. From a report: The joint advisory was issued with the close allies in the Five Eyes English-language intelligence-sharing arrangement and also agencies from Finland, Netherlands, Poland and the Czech Republic, an unusually broad array meant to demonstrate global resolve against what intelligence officials said is a pernicious campaign that exceeds accepted norms for snooping. "The expectation of privacy here was violated, not just in the U.S., but globally," FBI Assistant Director Brett Leatherman, who heads the bureau's cyber division, told The Washington Post in an interview. Chinese hackers won deep access to major communication carriers in the U.S. and elsewhere, then extracted call records and some law enforcement directives, which allowed them to build out a map of who was calling whom and whom the U.S. suspected of spying, Leatherman said. Prominent politicians in both major U.S. parties were among the ultimate victims.

Read more of this story at Slashdot.