Linux fréttir

Hackers working for governments were responsible for the majority of attributed zero-day exploits used in real-world cyberattacks last year, per new research from Google. From a report: Google's report said that the number of zero-day exploits -- referring to security flaws that were unknown to the software makers at the time hackers abused them -- had dropped from 98 exploits in 2023 to 75 exploits in 2024. But the report noted that of the proportion of zero-days that Google could attribute -- meaning identifying the hackers who were responsible for exploiting them -- at least 23 zero-day exploits were linked to government-backed hackers. Among those 23 exploits, 10 zero-days were attributed to hackers working directly for governments, including five exploits linked to China and another five to North Korea.

Read more of this story at Slashdot.

Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable

RSAC Russia used to be considered America's biggest adversary online, but over the past couple of years China has taken the role, and is proving highly effective at it.…

A former Disney employee who hacked into the company's servers to alter its restaurant menus, including falsifying allergen information and printing profane language, has been sentenced to three years in prison. From a report: Michael Scheuer, a Florida resident, was sentenced last week in federal court and ordered to pay nearly $690,000 in restitution, with most of that going to Disney. He pled guilty in January to one count of computer fraud and one count of aggravated identity theft. "Scheuer remains remorseful and apologetic to his former co-workers. We are grateful that the judge heard all of our arguments and mitigation when fashioning a sentence that was half of what the government was seeking," said David Haas, Scheuer's lawyer, in a statement to CNN. Scheuer worked as a menu production manager for Disney and was fired last June for misconduct, according to the original complaint. He had access to, and also used, secure internal servers for creating and publishing menus for all of Disney's restaurants as part of his job at the company.

Read more of this story at Slashdot.

The OS refresh brings Ryzen AI and Arrow Lake compatibility

Fresh from their respective bunkers, OpenBSD 7.7 and a new version of Plan 9 fork 9Front have dropped, bringing hardened security, obscure charm, and, oddly enough, artwork from the same designer.…

Top voices warn that political retaliation puts democracy and national defense at risk

The Electronic Frontier Foundation (EFF) and numerous infosec leaders are lobbying US President Donald Trump to drop his enduring investigation into Chris Krebs, claiming that targeting the former CISA boss amounts to bullying.…

Longtime Slashdot reader me34point5 writes: OpenBSD quietly released the new version (7.7) of its "secure by default" operating system. This is the 58th release. Changes include improved hardware and VMM support, along with many kernel improvements. This release brings several specific improvements, including performance boosts on ARM64, Arm SVE support, AMD SEV virtualization enhancements, better low-memory handling on i386, and improved suspend/hibernate and SMP performance. It also updates graphics drivers with support for AMD Ryzen IA 300, Radeon RX 9070, and Intel Arrow Lake, along with expanded hardware support for MediaTek SoCs. A full list of changes can be found here.

Read more of this story at Slashdot.

The good news: everyone's using it. The bad news: have you seen how they're using it?

OpenLogic's 2025 State of Open Source Report offers a slightly different perspective on modern corporate adoption of FOSS – and it's not a reassuring one.…

Artificial intelligence is helping Beijing's goons break in faster and stay longer

RSAC The biggest threat to US critical infrastructure, according to FBI Deputy Assistant Director Cynthia Kaiser, can be summed up in one word: "China."…

An anonymous reader shares a report: Amazon doesn't want to shoulder the blame for the cost of President Donald Trump's trade war. So the e-commerce giant will soon show how much Trump's tariffs are adding to the price of each product, according to a person familiar with the plan. The shopping site will display how much of an item's cost is derived from tariffs -- right next to the product's total listed price.

Read more of this story at Slashdot.

'We thought it was a really obvious way to build a processor and everybody would be doing it'

It is 40 years since the first Arm processor was powered up, and the UK's Centre for Computing History (CCH) celebrated in style, with speakers to mark the event, hardware on show, and a countdown to the anniversary.…

The once-celebrated partnership between OpenAI's Sam Altman and Microsoft's Satya Nadella is deteriorating amid fundamental disagreements over computing resources, model access, and AI capabilities, according to WSJ. The relationship that Altman once called "the best partnership in tech" has grown strained as both companies prepare for independent futures. Tensions center on several critical areas: Microsoft's provision of computing power, OpenAI's willingness to share model access, and conflicting views on achieving humanlike intelligence. Altman has expressed confidence OpenAI can build models with humanlike intelligence soon -- a milestone Nadella publicly dismissed as "nonsensical benchmark hacking" during a February podcast. The companies retain significant leverage over each other. Microsoft can block OpenAI's conversion to a for-profit entity, potentially costing the startup billions if not completed this year. Meanwhile, OpenAI's board can trigger contract clauses preventing Microsoft from accessing its most advanced technology. After Altman's brief ouster in 2023 -- dubbed "the blip" within OpenAI -- Nadella pursued an "insurance policy" by hiring DeepMind co-founder Mustafa Suleyman for $650 million to develop competing models. The personal relationship has also cooled, with the executives now communicating primarily through scheduled weekly calls rather than frequent text exchanges.

Read more of this story at Slashdot.

FBI and others list how to spot NK infiltrators, but AI will make it harder

RSAC Concerned a new recruit might be a North Korean stooge out to steal intellectual property and then hit an org with malware? There is an answer, for the moment at least.…

HMRC kicks off procurement to modernize customer service after scathing reports

The UK's tax collector plans to appoint a new CRM vendor to manage its vast interactions with citizens over their tax affairs.…

'When we look at the economic outcomes, it really has not moved the needle'

Instead of depressing wages or taking jobs, generative AI chatbots like ChatGPT, Claude, and Gemini have had almost no wage or labor impact so far – a finding that calls into question the huge capital expenditures required to create and run AI models.…

Amazon successfully launched the first 27 satellites for its Project Kuiper internet constellation, kicking off a major effort to compete with Starlink by deploying over 1,600 satellites by mid-2026. It company is investing $10 billion in Kuiper and plans to begin commercial service later this year. CNBC reports: "We had a nice smooth countdown, beautiful weather, beautiful liftoff, and Atlas V is on its way to orbit to take those 27 Kuiper satellites, put them on their way and really start this new era in internet connectivity," Caleb Weiss, a systems engineer at ULA, said on the livestream following the launch. The satellites are expected to separate from the rocket roughly 280 miles above Earth's surface, at which point Amazon will look to confirm the satellites can independently maneuver and communicate with its employees on the ground. [...] In his shareholder letter earlier this month, Amazon CEO Andy Jassy said Kuiper will require upfront investment at first, but eventually the company expects it to be "a meaningful operating income and ROIC business for us." ROIC stands for return on invested capital. Investors will be listening for any commentary around further capex spend on Kuiper when Amazon reports first-quarter earnings after the bell on Thursday. A livestream can be found here.

Read more of this story at Slashdot.

They’re sorry/not sorry for testing if bots can change minds by pretending to be a trauma counselor or a victim of sexual abuse

Researchers from the University of Zurich have admitted to secretly posting AI-generated material to popular Subreddit r/changemyview in the name of science.…

An anonymous reader quotes a report from Wired: Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers' exposure to government surveillance and the likelihood of being caught up in police investigations. A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of "connected cars," with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement's knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies -- not the law -- determine driver privacy. "Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera," one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. "If the vehicle has an active subscription," they add, "it does create more data." The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely. One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data -- revealing its location -- roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead. [...] Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car's systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.

Read more of this story at Slashdot.

One launch down, 80-plus to go, for a pittance compared to planned AWS spending

Amazon’s first attempt to hoist production versions of its Project Kuiper broadband-beaming satellites appears to have succeeded.…

Who could possibly be behind this attack on an ethnic minority China despises?

Researchers at Canada’s Citizen Lab have spotted a phishing campaign and supply chain attack directed at Uyghur people living outside China, and suggest it’s an example of Beijing’s attempts to target the ethnic minority group.…

Oracle engineers mistakenly triggered a five-day software outage at a number of Community Health Systems hospitals, causing the facilities to temporarily return to paper-based patient records. From a report: CHS told CNBC that the outage involving Oracle Health, the company's electronic health record (EHR) system, affected "several" hospitals, leading them to activate "downtime procedures." Trade publication Becker's Hospital Review reported that 45 hospitals were hit. The outage began on April 23, after engineers conducting maintenance work mistakenly deleted critical storage connected to a key database, a CHS spokesperson said in a statement. The outage was resolved on Monday, and was not related to a cyberattack or other security incident. CHS is based in Tennessee and includes 72 hospitals in 14 states, according to the medical system's website.

Read more of this story at Slashdot.