news aggregator

Good old machine learning, not LLMs, are what’s really paying for Zuck’s genAI splurge

Believe it or not, Meta's AI investments made a meaningful difference to its advertising business in Q2 — it's just that those models aren't the kind that's got everyone, including the Social Network, plowing tens of billions of dollars a year into datacenters.…

Hackers from the group UNC2891 attempted a high-tech bank heist by physically planting a 4G-enabled Raspberry Pi inside a bank's ATM network, using advanced malware hidden with a never-before-seen Linux bind mount technique to evade detection. "The trick allowed the malware to operate similarly to a rootkit, which uses advanced techniques to hide itself from the operating system it runs on," reports Ars Technica. Although the plot was uncovered before the hackers could hijack the ATM switching server, the tactic showcased a new level of sophistication in cyber-physical attacks on financial institutions. The security firm Group-IB, which detailed the attack in a report on Wednesday, didn't say where the compromised switching equipment was located or how attackers managed to plant the Raspberry Pi. Ars Technica reports: To maintain persistence, UNC2891 also compromised a mail server because it had constant Internet connectivity. The Raspberry Pi and the mail server backdoor would then communicate by using the bank's monitoring server as an intermediary. The monitoring server was chosen because it had access to almost every server within the data center. As Group-IB was initially investigating the bank's network, researchers noticed some unusual behaviors on the monitoring server, including an outbound beaconing signal every 10 minutes and repeated connection attempts to an unknown device. The researchers then used a forensic tool to analyze the communications. The tool identified the endpoints as a Raspberry Pi and the mail server but was unable to identify the process names responsible for the beaconing. The researchers then captured the system memory as the beacons were sent. The review identified the process as lightdm, a process associated with an open source LightDM display manager. The process appeared to be legitimate, but the researchers found it suspicious because the LightDM binary was installed in an unusual location. After further investigation, the researchers discovered that the processes of the custom backdoor had been deliberately disguised in an attempt to throw researchers off the scent. [Group-IB Senior Digital Forensics and Incident Response Specialist Nam Le Phuong] explained: "The backdoor process is deliberately obfuscated by the threat actor through the use of process masquerading. Specifically, the binary is named "lightdm", mimicking the legitimate LightDM display manager commonly found on Linux systems. To enhance the deception, the process is executed with command-line arguments resembling legitimate parameters -- for example, lightdm -- session child 11 19 -- in an effort to evade detection and mislead forensic analysts during post-compromise investigations. These backdoors were actively establishing connections to both the Raspberry Pi and the internal Mail Server."

Read more of this story at Slashdot.

fjo3 shares a report from the Associated Press: The Trump administration announced it is launching a new program that will allow Americans to share personal health data and medical records across health systems and apps run by private tech companies, promising that will make it easier to access health records and monitor wellness. More than 60 companies, including major tech companies like Google, Amazon and Apple as well as health care giants like UnitedHealth Group and CVS Health, have agreed to share patient data in the system. The initiative will focus on diabetes and weight management, conversational artificial intelligence that helps patients, and digital tools such as QR codes and apps that register patients for check-ins or track medications. Officials at the Centers for Medicare and Medicaid Services, who will be in charge of maintaining the system, have said patients will need to opt in for the sharing of their medical records and data, which will be kept secure. Those officials said patients will benefit from a system that lets them quickly call up their own records without the hallmark difficulties, such as requiring the use of fax machines to share documents, that have prevented them from doing so in the past. Popular weight loss and fitness subscription service Noom, which has signed onto the initiative, will be able to pull medical records after the system's expected launch early next year. That might include labs or medical tests that the app could use to develop an AI-driven analysis of what might help users lose weight, CEO Geoff Cook told The Associated Press. Apps and health systems will also have access to their competitors' information, too. Noom would be able to access a person's data from Apple Health, for example. "Right now you have a lot of siloed data," Cook said.

Read more of this story at Slashdot.

Hang in there, it's early days, insists CEO Andy Jassy

Amazon CEO Andy Jassy insists "AI will change every customer experience," but it's making investors nervous.…

The SEC has launched "Project Crypto" to overhaul outdated securities regulations for a blockchain-based future, aiming to support tokenized assets, crypto trading, and "super apps." "To achieve President Trump's vision of making America the crypto capital of the world, the SEC must holistically consider the potential benefits and risks of moving our markets from an off-chain environment to an on-chain one," SEC chair Paul Atkins said at the "American Leadership in the Digital Finance Revolution" conference on Thursday. "I have directed the Commission staff to update antiquated agency rules and regulations to unleash the potential of on-chain software systems in our securities markets ... Federal securities laws have always assumed the involvement of intermediaries that require regulation, but this does not mean that we should interpose intermediaries for the sake of forcing intermediation where the markets can function without them." CNBC reports: Atkins, the SEC chair, highlighted "super apps" (such as one Coinbase introduced two weeks ago) as a priority of his chairmanship, noting the need to allow the apps to thrive with an "efficient licensing structure," rather than subject to multiple regulatory authorities. So-called super apps like WeChat and Alipay -- which bundle several different services and functionalities into a single mobile app -- have long been viewed as the holy grail of financial technology by the industry. They're central to everyday life in China but haven't been successfully replicated in the West. Meta Platforms and X have made attempts to realize that vision, integrating payments, messaging and social content, among other functions. Atkins also said the Trump administration will work to prevent "innovative" companies from being driven offshore by burdensome regulations, and said the SEC "will encourage our nation's builders rather than constrain them with red tape and one-size-fits-all rules."

Read more of this story at Slashdot.

US Army Sec appears to fold under pressure from far-right conspiracy theorist

comment Jen Easterly has weighed in on the US Army Secretary firing her from a prestigious West Point teaching post a day after the US Military Academy announced the appointment.…