Linux fréttir

Three major GDPR violations, including a lack of basic security controls, lead to hefty dent in profits

The French data protection regulator, CNIL, today issued a collective €42 million ($48.9 million) fine to two French telecom companies for GDPR violations stemming from a data breach.…

Support expires for Windows Server 2008, and the codebase released to manufacturing in 2006

Microsoft has quietly maintained support for an OS that's nearly 18 years old, but its time has finally passed - the Windows Vista-powered Windows Server 2008 took its last breath this week.…

After spending years pushing digital payments to combat tax evasion and money laundering, European Union ministers decided in December to ban businesses from refusing cash. The reversal comes as 12% of European businesses flatly refused cash in 2024, up from 4% three years earlier. Over one in three cinemas in the Netherlands no longer accept notes and coins. Cash usage across the euro area dropped from 79% of in-person transactions in 2016 to just 52% in 2024. Sweden leads the digital shift where 90% of purchases now happen digitally and cash represents under 1% of GDP compared to 22% in Japan. The policy change stems from concerns about financial inclusion for elderly and poor populations who struggle with digital systems. Resilience worries also drove the decision after Spaniards facing nationwide power cuts last spring found themselves unable to buy food. European officials worry about dependence on American payment giants Visa and MasterCard. The EU now recommends citizens store enough cash to survive a week without electricity or internet access.

Read more of this story at Slashdot.

New crooks on the block get crafty with blockchain to evade defenses

Researchers at Group-IB say the DeadLock ransomware operation is using blockchain-based anti-detection methods to evade defenders' attempts to analyze their tradecraft.…

The European Union published guidance on December 30 that reclassified nuclear weapons as acceptable investments under its sustainable finance framework, completing a policy change approved in November that narrowed the definition of banned armaments from "controversial" to "prohibited." The shift addresses earlier vagueness that the Commission said hindered efforts to raise $932 billion in defense investments over four years. Under the revised rules, only four weapon categories remain expressly outlawed by a majority of EU states: personnel mines, cluster munitions, and biological and chemical weapons. Nuclear weapons manufacturers avoided exclusion because only Austria, Ireland and Malta signed the Treaty on the Prohibition of Nuclear Weapons, though all EU members support non-proliferation under the Non-Proliferation Treaty. The updated guidance also permits ESG labeling for companies handling depleted uranium for anti-tank ammunition and white phosphorus, which is toxic but not classified as a chemical weapon. European ESG funds currently hold minimal defense stocks, according to Jefferies data. The Commission's notice now makes these investments eligible for funds operating under Article 8 and Article 9 sustainable investment mandates.

Read more of this story at Slashdot.

Investment in datacenters to peak by 2029, place your bets please

The AI-driven datacenter construction frenzy shows no signs of slowing, but neither do concerns that the whole edifice could collapse under the weight of its own hype and mounting investment demands.…

Latest update focuses on hardware acceleration, security tightening, and a handful of quality-of-life tweaks

The latest Firefox is here with some handy changes – most of which differ depending on what OS and type of CPU you run it on.…

An anonymous reader quotes a report from Ars Technica: Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers. The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers' needs for each infected machine. These modules can provide additional stealth and specific tools for reconnaissance, privilege escalation, and lateral movement inside a compromised network. The components can be easily added or removed as objectives change over the course of a campaign. VoidLink can target machines within popular cloud services by detecting if an infected machine is hosted inside AWS, GCP, Azure, Alibaba, and Tencent, and there are indications that developers plan to add detections for Huawei, DigitalOcean, and Vultr in future releases. To detect which cloud service hosts the machine, VoidLink examines metadata using the respective vendor's API. Similar frameworks targeting Windows servers have flourished for years. They are less common on Linux machines. The feature set is unusually broad and is "far more advanced than typical Linux malware," said researchers from Checkpoint, the security firm that discovered VoidLink. Its creation may indicate that the attacker's focus is increasingly expanding to include Linux systems, cloud infrastructure, and application deployment environments, as organizations increasingly move workloads to these environments. "VoidLink is a comprehensive ecosystem designed to maintain long-term, stealthy access to compromised Linux systems, particularly those running on public cloud platforms and in containerized environments," the researchers said in a separate post. "Its design reflects a level of planning and investment typically associated with professional threat actors rather than opportunistic attackers, raising the stakes for defenders who may never realize their infrastructure has been quietly taken over." The researchers note that VoidLink poses no immediate threat or required action since it's not actively targeting systems. However, defenders should remain vigilant.

Read more of this story at Slashdot.

Attack enters second day with major disruption to healthcare provision

Two hospitals in Belgium have cancelled surgeries and transferred critical patients to other facilities after shutting down servers following a cyberattack.…

Travel biz tells customers to change passwords beyond its own services

Eurail has confirmed customer information was stolen in a data breach, according to notification emails sent out this week.…

U-turn leaves questions on costs, funding, and benefits unanswered

The UK government has backed down from making digital ID mandatory for proof of a right to work in the country, adding to confusion over the scheme's cost and purpose.…

Committee raises concerns over delays and loopholes in proposed law

The Science, Innovation and Technology Committee has criticized the UK government's handling of AI nudification tools, saying it is taking too long to ban apps, and that expedited legislation does not encompass multi-purpose platforms used to create nude images.…

Component up 63% since September, more pricey memory coming to a supply chain near you

Enterprise IT infrastructure buyers are bracing for hefty price hikes across servers, storage systems, and networking kit, driven by steep inflation in memory component costs that industry analysts warn will soon cascade through the supply chain.…

Endesa says payment info stolen after alleged crook boasted of 1 TB-plus haul

Spanish energy giant Endesa is warning customers about a data breach after a cybercrim claimed to have walked off with a vast cache of personal information allegedly tied to more than 20 million people.…

NASA and the U.S. Department of Energy plan to deploy a nuclear fission reactor on the Moon by 2030 to provide continuous, long-duration power for lunar bases, science missions, and future Mars exploration. space & defense reports: NASA said fission surface power will provide a critical capability for long-duration missions by delivering continuous, reliable electrical power independent of sunlight, lunar night cycles or extreme temperature conditions. Unlike solar-based systems, a nuclear reactor could operate for years without refuelling, supporting habitats, science payloads, resource utilisation systems and surface mobility. NASA Administrator Jared Isaacman said achieving long-term human presence on the Moon and future missions to Mars will require new approaches to power generation. He said closer collaboration with the Department of Energy is essential to delivering the capabilities needed to support sustained exploration and infrastructure development beyond Earth orbit. The fission surface power system is expected to produce safe, efficient and scalable electrical power, forming a foundational element of NASA's Moon-to-Mars architecture. Continuous power availability is seen as a key enabler for permanent lunar bases, in-situ resource utilisation and expanded scientific operations in permanently shadowed regions. Further reading: You Can Now Reserve a Hotel Room On the Moon For $250,000

Read more of this story at Slashdot.

When salty coastal air meets memory errors in one of Portugal's rail ticket machines

Bork!Bork!Bork! It's back to the railways of Portugal for today's bork. Remember how we called Windows 2000 the unkillable cockroach of the IT world? Seems it's been upset by software peeking at memory where it shouldn't.…

Thelasko shares a report from Forbes: We have not seen this before. Iran's digital blackout has now deployed military jammers, reportedly supplied by Russia, to shut down access to Starlink Internet. This is a game-changer for the Plan-B connectivity frequently used by protesters and anti-regime activists when ordinary access to the internet is stopped. "Despite reports that tens of thousands of Starlink units are operating inside Iran," says Iran Wire, "the blackout has also reached satellite connections." It is reported that about 30 percent of Starlink's uplink and downlink traffic was (initially) disrupted," quickly rising "to more than 80 percent" within hours. The Times of Israel reports "the deployment of (Starlink) receivers is now far greater in Iran" than during previous blackouts. "That's despite the government never authorizing Starlink to function, making the service illegal to possess and use." "While it's not clear how Starlink's service was being disrupted in Iran," The Times says, "some specialists say it could be the result of jamming of Starlink terminals that would overpower their ability to receive signals from the satellites." Multiple reports suggest Russia's military technology may be responsible. Channel 4 News describes Russia's activities as a "technological race with Starlink," which it says "is known to deploy trucks which deploy radio noise to disrupt satellite signals." Simon Migliano, Head of Research at Top10VPN.com, said "Iran's current nationwide blackout is a blunt instrument intended to crush dissent," and this comes at a stark cost to the country, underpinning the regime's desperation. "This 'kill switch' approach comes at a staggering price, draining $1.56 million from Iran's economy every single hour the internet is down." He added: "Iranian authorities have proven they are prepared to weaponize connectivity, even at a tremendous domestic cost. We are looking at losses already exceeding $130 million. If the 2019 shutdown is any indicator, the regime could maintain this digital siege for days, prioritizing control over their own economic stability."

Read more of this story at Slashdot.

AI upstart also upscales its Labs to find the next frontier

The Python Software Foundation (PSF) has an extra $1.5 million heading its way, after AI upstart Anthropic entered into a partnership aimed at improving security in the Python ecosystem.…

One payload out of fifteen survived and sent home some useful data

India’s Space Research Organisation (ISRO) has commenced an investigation into the failure of a PSLV launcher.…

An anonymous reader quotes a report from the Guardian: High-profile studies reporting the presence of microplastics throughout the human body have been thrown into doubt by scientists who say the discoveries are probably the result of contamination and false positives. One chemist called the concerns "a bombshell." Studies claiming to have revealed micro and nanoplastics in the brain, testes, placentas, arteries and elsewhere were reported by media across the world, including the Guardian. There is no doubt that plastic pollution of the natural world is ubiquitous, and present in the food and drink we consume and the air we breathe. But the health damage potentially caused by microplastics and the chemicals they contain is unclear, and an explosion of research has taken off in this area in recent years. However, micro- and nanoplastic particles are tiny and at the limit of today's analytical techniques, especially in human tissue. There is no suggestion of malpractice, but researchers told the Guardian of their concern that the race to publish results, in some cases by groups with limited analytical expertise, has led to rushed results and routine scientific checks sometimes being overlooked. The Guardian has identified seven studies that have been challenged by researchers publishing criticism in the respective journals, while a recent analysis listed 18 studies that it said had not considered that some human tissue can produce measurements easily confused with the signal given by common plastics. There is an increasing international focus on the need to control plastic pollution but faulty evidence on the level of microplastics in humans could lead to misguided regulations and policies, which is dangerous, researchers say. It could also help lobbyists for the plastics industry to dismiss real concerns by claiming they are unfounded. While researchers say analytical techniques are improving rapidly, the doubts over recent high-profile studies also raise the questions of what is really known today and how concerned people should be about microplastics in their bodies.

Read more of this story at Slashdot.