Linux fréttir

Roseltorg, Russia's main electronic trading platform for government and corporate procurement, confirmed it was targeted by a cyberattack claimed by the pro-Ukraine hacker group Yellow Drift. The group allegedly deleted 550 terabytes of data, causing significant operational delays and client concerns. The Record reports: The company initially confirmed last Thursday that its services had been temporarily suspended, without providing further details. In a recent Telegram statement, Roseltorg disclosed that it had been targeted by "an external attempt to destroy data and the entire infrastructure of electronic trading." Roseltorg stated that all data and infrastructure affected by the recent attack had been fully restored, and trading systems are expected to resume operations shortly. However, as of the time of writing, the company's website remains offline. Last week, the previously unknown pro-Ukraine hacker group Yellow Drift claimed responsibility for the attack on Roseltorg, stating they had deleted 550 terabytes of data, including emails and backups. As proof, the hackers published screenshots from the platform's allegedly compromised infrastructure on their Telegram channel. "If you support tyranny and sponsor wars, be prepared to return to the Stone Age," the hackers said. The cyberattack on Roseltorg is already impacting clients who rely on the platform's operations, including government agencies, state-owned companies and suppliers. Following the company's announcement, many clients expressed concerns in the comments section, complaining about potential financial losses and delays in the procurement process. Roseltorg said in a statement that once access to the trading systems is reinstated, all deadlines for procedures, including contract signings, will be automatically extended without requiring any requests from users.

Read more of this story at Slashdot.

System to feature hundreds of liquid-cooled Blackwell systems

Nvidia is constructing a 30-megawatt research-and-development supercomputer stuffed with its latest-generation Blackwell GPUs in northern Israel at an estimated cost of half a billion dollars.…

Diamond Comic Distributors, the world's biggest English language comic book distributor, is filing for bankruptcy and scaling its business back in order to survive. The Verge reports: In a letter sent to comics retailers and publishers today, Diamond president Chuck Parker announced that the company has filed for Chapter 11 Bankruptcy and plans to sell off its Alliance Game Distributors arm to Universal in order to "protect the most vital aspects of our business." Founded in 1982 by Stephen A. Geppi (who still serves as CEO), Diamond became a heavyweight in the comics business by securing a number of exclusive distribution agreements with various publishing houses like DC, Marvel, and Image. For decades, Diamond -- which also publishes its Previews magazine showcasing upcoming titles -- was instrumental in bringing comics to market and played a huge role in determining a book's success because of how Previews influenced retailer orders. "This decision was not made lightly, and I understand that this news may be as difficult to hear as it is for me to share," Parker said. "The Diamond leadership team and I have worked tirelessly to avoid this outcome but the financial challenges we face have left us with no other viable option."

Read more of this story at Slashdot.

Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools

GoDaddy has failed to protect its web-hosting platform with even basic infosec tools and practices since 2018, according to the FTC, but the internet giant won’t face any immediate consequences for its many alleged acts of omission.…

An anonymous reader quotes a report from Ars Technica: Lots of startups use Google's productivity suite, known as Workspace, to handle email, documents, and other back-office matters. Relatedly, lots of business-minded webapps use Google's OAuth, i.e. "Sign in with Google." It's a low-friction feedback loop -- up until the startup fails, the domain goes up for sale, and somebody forgot to close down all the Google stuff. Dylan Ayrey, of Truffle Security Co., suggests in a report that this problem is more serious than anyone, especially Google, is acknowledging. Many startups make the critical mistake of not properly closing their accounts -- on both Google and other web-based apps -- before letting their domains expire. Given the number of people working for tech startups (6 million), the failure rate of said startups (90 percent), their usage of Google Workspaces (50 percent, all by Ayrey's numbers), and the speed at which startups tend to fall apart, there are a lot of Google-auth-connected domains up for sale at any time. That would not be an inherent problem, except that, as Ayrey shows, buying a domain allows you to re-activate the Google accounts for former employees if the site's Google account still exists. With admin access to those accounts, you can get into many of the services they used Google's OAuth to log into, like Slack, ChatGPT, Zoom, and HR systems. Ayrey writes that he bought a defunct startup domain and got access to each of those through Google account sign-ins. He ended up with tax documents, job interview details, and direct messages, among other sensitive materials. A Google spokesperson said in a statement: "We appreciate Dylan Ayrey's help identifying the risks stemming from customers forgetting to delete third-party SaaS services as part of turning down their operation. As a best practice, we recommend customers properly close out domains following these instructions to make this type of issue impossible. Additionally, we encourage third-party apps to follow best-practices by using the unique account identifiers (sub) to mitigate this risk."

Read more of this story at Slashdot.

GOG.com, a European digital distribution platform known for offering DRM-free video games, announced they've joined the European Federation of Game Archives, Museums and Preservation Projects (EFGAMP). From the release: "GOG was created with video game preservation in mind," said Maciej Golebiewski, Managing Director at GOG. "Classic games and the mission to safeguard them for future generations have always been at the core of our work. Over the past decade, we've honed our expertise in this area. The GOG Preservation Program, which ensures compatibility for over 100 games and delivers hundreds of enhancements, is just one example of this commitment. We were thrilled to see the Program warmly received not only by our players but also by our partners and the gaming industry as a whole." Golebiewski further explained that GOG's role in preservation extends beyond its platform. He highlighted, "As a European company, we feel a responsibility to lead in preserving gaming heritage. Joining EFGAMP reinforces this commitment. Our next step is to expand institutional collaboration with museums and governmental and non-governmental organizations worldwide. We hope our experience will contribute meaningfully to their efforts. We are also discussing exciting new game preservation projects, which we look forward to sharing soon."

Read more of this story at Slashdot.

Right after one of its drones crashed into an aircraft fighting California wildfires? Great timing

Drone maker DJI has decided to scale back its geofencing restrictions, meaning its software won't automatically stop operators from flying into areas flagged as no-fly zones. …

Independent developer Sebastian Vogelsang is building a photo-sharing app for the decentralized social network Bluesky, leveraging its AT Protocol and his earlier app, Skeets. The app, called Flashes, will offer features like photo and short video posts while integrating seamlessly with Bluesky. TechCrunch reports: When launched, Flashes could tap into growing consumer demand for alternatives to Big Tech's social media monopoly. [...] To make this work, Flashes simply filters Bluesky's existing timeline for posts with photos and video posts. (In the future, Vogelsang also plans to add metadata to Flashes' posts so Bluesky users would have a way to keep their feeds on Bluesky's main app from being flooded with photo posts if that became a problem.) Flashes didn't take too long to build because it was able to reuse Skeets' existing code. The app will also be able to market to Skeets' existing user base, who have now downloaded the app some 30,500 times to date. Vogelsang says he's now working to integrate subscription-based features from both his apps so users don't have to pay twice for the premium features, like Skeets' bookmarks, drafts, muting, rich push notifications, and others specific to Flashes. (Both apps are free to use without a subscription, we should note.) Later, Vogelsang says he wants to launch a video-only app, too, called Blue Screen. At launch, Flashes will support photo posts of up to four images and videos of up to 1 minute in length, just like Bluesky. Users who post to Flashes will also have their posts appear on Bluesky and comments on those posts will also feed back into the app as if it were just another Bluesky client. It will also support Bluesky's direct messages. The developer expects to be able to launch Flashes to the public in a matter of weeks with a TestFlight beta arriving ahead of that. Interested users can follow Flashes' account on Bluesky for further updates. Flashes could satiate the growing demand for alternatives to Big Tech's social media monopoly, especially after Meta CEO Mark Zuckerberg announced that he will end fact-checking on its platforms.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TorrentFreak: In 'piracy' associated circles, Z-Library has one of the most followed Telegram channels of all. The shadow library's official channel amassed over 630,000 subscribers over the years, who were among the first to read site announcements and other key updates. Z-Library previously had some of its messages removed due to copyright infringement. While it didn't upload or directly link to infringing material on Telegram, rightsholders allegedly complained about the links that were posted to the Z-Library website. In response, Z-Library chose to no longer include links to its own homepage on Telegram. Instead, it referred users to Wikipedia and Reddit, where the links were still available. The same copyright awareness was visible at Anna's Archive, a popular shadow library search engine. This channel was also careful not to post direct links to infringing material. After all, sharing or uploading copyrighted books would undoubtedly lead to trouble. Despite the reported caution, the channels of both Z-Library and Anna's Archive are no longer accessible today. Messages posted by these accounts were purged "due to copyright infringement", as shown below. Telegram didn't limit its action to removing posts; the channels are now entirely inaccessible. Those trying to access the channels in the Telegram app receive a pop-up message stating they are "unavailable due to copyright infringement." The simultaneous removal of both channels suggests they are linked to the same complaint or decision. The specific complaint and alleged copyright infringements remain unclear.

Read more of this story at Slashdot.

Incoming Trump FTC chair dissents, calling suit 'hasty' and 'deeply imprudent,' so will it stick?

America's top consumer watchdog has sued tractor maker John Deere for monopolizing tech repair services for its machinery, though whether the lawsuit will survive the pending presidential transition remains to be seen. …

Change Healthcare has hidden its data breach notification webpage from search engines using "noindex" code, TechCrunch found, making it difficult for affected individuals to find information about the massive healthcare data breach that compromised over 100 million people's medical records last year. The UnitedHealth subsidiary said Tuesday it had "substantially" completed notifying victims of the February 2024 ransomware attack. The cyberattack caused months of healthcare disruptions and marked the largest known U.S. medical data theft.

Read more of this story at Slashdot.

We are only seeing 'the tip of the iceberg,' Easterly warns

Beijing's Salt Typhoon cyberspies had been seen in US government networks before telcos discovered the same foreign intruders in their own systems, according to CISA boss Jen Easterly.…

LinkedIn has unveiled an AI-powered "Job Match" feature to discourage users from applying to positions they aren't qualified for, aiming to address recruitment inefficiencies in a tight job market. The tool, the Microsoft-owned firm said, analyzes users' experience against job requirements to provide detailed qualification summaries, going beyond basic keyword matching. Premium subscribers will receive more granular match data.

Read more of this story at Slashdot.

Half the number of roles axed, and yes – you can keep blaming AI

The IT jobs market has shrunk for a second year in a row, says tech consultancy Janco Associates, but at least things weren't as bad in 2024 as they were in 2023.…

New Jersey Governor Phil Murphy called for a statewide ban on cellphones in K-12 classrooms during his State of the State address on Tuesday, citing concerns over student distraction and mental health. The Democratic governor, in his final year in office, also proposed full salary payments for state workers using parental leave and expanded full-day pre-K programs across the state. The cellphone initiative follows similar restrictions in seven other states, including California and Florida. A Pew Research poll showed 68% of U.S. adults support classroom phone bans, with 72% of teachers calling the devices a major distraction. "Mobile devices are fueling a rise in cyberbullying and making it incredibly difficult for our kids to learn," Murphy told state legislators.

Read more of this story at Slashdot.

You may not need to go full Juggalo for the sake of privacy

Researchers at cyber-defense contractor PeopleTec have found that facial recognition algorithms' focus on specific areas of the face opens the door to subtler surveillance avoidance strategies.…

The U.S. Federal Trade Commission sued Deere & Co on Wednesday for allegedly monopolizing the repair market for its farm equipment by forcing farmers to use authorized dealers, driving up costs and causing service delays. The lawsuit, joined by Illinois and Minnesota, claims Deere maintains complete control over equipment repairs by restricting access to essential software to its dealer network. The action seeks to make repair tools available to equipment owners and independent mechanics. FTC Chair Lina Khan said repair restrictions can be "devastating for farmers" who depend on timely repairs during harvest.

Read more of this story at Slashdot.

Executives and researchers leading Meta's AI efforts obsessed over beating OpenAI's GPT-4 model while developing Llama 3, according to internal messages unsealed by a court in one of the company's ongoing AI copyright cases, Kadrey v. Meta. From a report: "Honestly... Our goal needs to be GPT-4," said Meta's VP of Generative AI, Ahmad Al-Dahle, in an October 2023 message to Meta researcher Hugo Touvron. "We have 64k GPUs coming! We need to learn how to build frontier and win this race." Though Meta releases open AI models, the company's AI leaders were far more focused on beating competitors that don't typically release their model's weights, like Anthropic and OpenAI, and instead gate them behind an API. Meta's execs and researchers held up Anthropic's Claude and OpenAI's GPT-4 as a gold standard to work toward. The French AI startup Mistral, one of the biggest open competitors to Meta, was mentioned several times in the internal messages, but the tone was dismissive. "Mistral is peanuts for us," Al-Dahle said in a message. "We should be able to do better," he said later.

Read more of this story at Slashdot.

Don't believe the hype? GPU maker jumps on the bandwagon anyway

A week after Nvidia chief Jensen Huang demolished the market valuations of listed quantum computing brands by saying the technology is 20 years away from being useful, the GPU maker has confirmed it is hosting a quantum computing day.…

Chinese drone maker DJI has removed software restrictions that previously prevented its drones from flying over sensitive areas in the United States, including airports, wildfires, and government buildings like the White House, replacing them with dismissible warnings. The policy shift comes amid rising U.S. distrust of Chinese drones and follows a recent incident where a DJI drone disrupted firefighting efforts in Los Angeles. The company defended the change, saying drone regulations have matured with the FAA's new Remote ID tracking requirement, which functions like a digital license plate.

Read more of this story at Slashdot.