Last week, the U.S. Senate introduced a new bill to outlaw the unethical use of AI-generated content and deepfake technology. Called the Content Origin Protection and Integrity from Edited and Deepfaked Media Act (COPIED Act), the bill would "set new federal transparency guidelines for marking, authenticating and detecting AI-generated content, protect journalists, actors and artists against AI-driven theft, and hold violators accountable for abuses." TechSpot reports: Proposed and sponsored by Democrats Maria Cantwell of Washington and Martin Heinrich of New Mexico, along with Republican Marsha Blackburn of Tennessee, the aims to establish enforceable transparency standards in AI development [such a through watermarking]. The legislation also wants to curb unauthorized data use in training models. The senators intend to task the National Institutes of Standards and Technology with developing sensible transparency guidelines should the bill pass. [...] The senators feel that clarifying and defining what is okay and what is not regarding AI development is vital in protecting citizens, artists, and public figures from the harm that misuse of the technology could cause, particularly in creating deepfakes. The text of the bill can be read here.

Read more of this story at Slashdot.

Longtime Slashdot reader fahrbot-bot shares a report from Gizmodo: A team of researchers think they've discovered a cave on the Moon in radar images of the lunar surface, which they posit could be a future site for an established human presence on our rocky satellite. The tunnel is in the Mare Tranquillitatis (Sea of Tranquility) pit, the deepest known pit on the Moon. (If the name is familiar to you, the Sea of Tranquility is where the Apollo 11 mission landed in 1969.) The pit formed due to a lava tube's roof collapse or a collapse of a void structure created by tectonic processes. To look for potential cave structures within the pit, the researchers studied side-looking radar images taken by the Lunar Reconnaissance Orbiter's Mini-RF instrument between 2009 and 2011. The team then conducted 3D radar simulations of potential geometries of the pit and its cave, to determine that the brightness they saw in radar images could be due to subsurface features. Ultimately, the team determined there is a tunnel in the pit that is between 98 feet (30 meters) long and 262ft (80m) long. The tunnel is roughly 148ft (45m) wide and is either flat or inclined with a maximum steepness of 45 degrees. "The exploration of lunar caves through future robotic missions could provide a fresh perspective on the lunar subsurface and yield new insights into the evolution of lunar volcanism," the team wrote in the paper. "Furthermore, direct exploration could confirm the presence of stable subsurface environments shielded from radiation and with optimal temperature conditions for future human utilization." The findings have been published in the journal Nature Astronomy.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TorrentFreak: Just before the weekend, dozens of record labels including UMG, Warner, and Sony, filed a massive copyright infringement lawsuit against Verizon at a New York federal court. In common with previous lawsuits that accused rivals of similar inaction, Verizon Communications Inc., Verizon Services Corp., and Cellco Partnership (dba Verizon Wireless), stand accused of assisting subscribers to download and share pirated music, by not doing enough to stop them. The labels' complaint introduces Verizon as one of the largest ISPs in the country, one that "knowingly provides its high-speed service to a massive community of online pirates." Knowledge of infringement, the labels say, was established at Verizon over a period of several years during which it received "hundreds of thousands" of copyright notices, referencing instances of infringement allegedly carried out by its subscribers. The complaint cites Verizon subscribers' persistent use of BitTorrent networks to download and share pirated music, with Verizon allegedly failing to curtail their activity. "While Verizon is famous for its 'Can you hear me now?' advertising campaign, it has intentionally chosen not to listen to complaints from copyright owners. Instead of taking action in response to those infringement notices as the law requires, Verizon ignored Plaintiffs' notices and buried its head in the sand," the labels write. "Undeterred, infringing subscribers identified in Plaintiffs' notices continued to use Verizon's services to infringe Plaintiffs' copyrights with impunity. Meanwhile, Verizon continued to provide its high-speed service to thousands of known repeat infringers so it could continue to collect millions of dollars from them." Through this lawsuit, which references piracy of songs recorded by artists including The Rolling Stones, Ariana Grande, Bob Dylan, Bruno Mars, Elvis Presley, Dua Lipa, Drake, and others, the labels suggest that Verizon will have no choice but to hear them now. [...] Attached to the complaint, Exhibit A contains a non-exhaustive list of the plaintiffs' copyright works allegedly infringed by Verizon's subscribers. The document is over 400 pages long, with each track listed representing potential liability for Verizon as a willful, intentional, and purposeful contributory infringer, the complaint notes. This inevitably leads to claims based on maximum statutory damages of $150,000 per copyrighted work infringed on Count I (contributory infringement). The statutory maximum of $150,000 per infringed work is also applied to Count II (vicarious infringement), based on the labels' claim that Verizon derived a direct financial benefit from the direct infringements of its subscribers. The labels' complaint can be found here (PDF).

Read more of this story at Slashdot.

Italian Prime Minister Giorgia Meloni plans to revive Italy's nuclear energy sector, focusing on small modular reactors to be operational within a decade. He said that nuclear energy could constitute at least 11% of the country's electricity mix by 2050. Semafor reports: Italy's energy minister told the Financial Times that the government would introduce legislation to support investment in small modular reactors, which could be operational within 10 years. [...] In Italy, concerns about energy security since Russia's invasion of Ukraine have pushed the government to reconsider nuclear power, Bloomberg wrote. Energy minister Pichetto Fratin told the Financial Times he was confident that Italians' historic "aversion" could be overcome, as nuclear technology now has "different levels of safety and benefits families and businesses." In Italy, safety is also top of mind: The Chernobyl tragedy of 1986 was the trigger for it to cease nuclear production in the first place, and the 2011 Fukushima disaster reignited those concerns. As of April, only 51% of Italians approved of nuclear power, according to polls shared by Il Sole 24 Ore. The plan to introduce small modular reactors in Italy could add to the country's history of failure in nuclear energy, a former Italian lawmaker and researcher argued in Italian outlet Il Fatto Quotidiano, writing that these reactors are expensive and produce too little energy to justify an investment in them.They could also become obsolete within the next decade, the timeline for the government to introduce them, Italian outlet Domani added, and be overtaken by nuclear fusion reactors, which are more efficient and have "virtually no environmental impact." Italy's main oil company, Eni, has signed a deal with MIT spinout Commonwealth Fusion System, with the goal of providing the first operational nuclear fusion plant by 2030.

Read more of this story at Slashdot.

Microsoft has quietly announced the first details of its new "SpreadsheetLLM," claiming it has the "potential to transform spreadsheet data management and analysis, paving the way for more intelligent and efficient user interactions." You can read more details about the model in a pre-print paper available here. Jasper Hamill reports via The Stack: One of the problems with using LLMs in spreadsheets is that they get bogged down by too many tokens (basic units of information the model processes). To tackle this, Microsoft developed SheetCompressor, an "innovative encoding framework that compresses spreadsheets effectively for LLMs." "It significantly improves performance in spreadsheet table detection tasks, outperforming the vanilla approach by 25.6% in GPT4's in-context learning setting," Microsoft added. The model is made of three modules: structural-anchor-based compression, inverse index translation, and data-format-aware aggregation. The first of these modules involves placing "structural anchors" throughout the spreadsheet to help the LLM understand what's going on better. It then removes "distant, homogeneous rows and columns" to produce a condensed "skeleton" version of the table. Index translation addresses the challenge caused by spreadsheets with numerous empty cells and repetitive values, which use up too many tokens. "To improve efficiency, we depart from traditional row-by-row and column-by-column serialization and employ a lossless inverted index translation in JSON format," Microsoft wrote. "This method creates a dictionary that indexes non-empty cell texts and merges addresses with identical text, optimizing token usage while preserving data integrity." [...] After conducting a "comprehensive evaluation of our method on a variety of LLMs" Microsoft found that SheetCompressor significantly reduces token usage for spreadsheet encoding by 96%. Moreover, SpreadsheetLLM shows "exceptional performance in spreadsheet table detection," which is the "foundational task of spreadsheet understanding." The new LLM builds on the Chain of Thought methodology to introduce a framework called "Chain of Spreadsheet" (CoS), which can "decompose" spreadsheet reasoning into a table detection-match-reasoning pipeline.

Read more of this story at Slashdot.

OW2, the non-profit international consortium dedicated to developing open-source middleware, published an open letter to the European Commission today. They're urging the European Union to continue funding free software after noticing that the Next Generation Internet (NGI) programs were no longer mentioned in Cluster 4 of the 2025 Horizon Europe funding plans. OW2 argues that discontinuing NGI funding would weaken Europe's technological ecosystem, leaving many projects under-resourced and jeopardizing Europe's position in the global digital landscape. The letter reads, in part: NGI programs have shown their strength and importance to support the European software infrastructure, as a generic funding instrument to fund digital commons and ensure their long-term sustainability. We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure. Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organizations. Previous Cluster 4 allocated 27 millions euros to: - "Human centric Internet aligned with values and principles commonly shared in Europe"; - "A flourishing internet, based on common building blocks created within NGI, that enables better control of our digital life"; - "A structured eco-system of talented contributors driving the creation of new internet commons and the evolution of existing internet commons." In the name of these challenges, more than 500 projects received NGI funding in the first 5 years, backed by 18 organizations managing these European funding consortia.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: During an interview with Sequoia Capital's Training Data podcast published last Tuesday, Microsoft CTO Kevin Scott doubled down on his belief that so-called large language model (LLM) "scaling laws" will continue to drive AI progress, despite some skepticism in the field that progress has leveled out. Scott played a key role in forging a $13 billion technology-sharing deal between Microsoft and OpenAI. "Despite what other people think, we're not at diminishing marginal returns on scale-up," Scott said. "And I try to help people understand there is an exponential here, and the unfortunate thing is you only get to sample it every couple of years because it just takes a while to build supercomputers and then train models on top of them." LLM scaling laws refer to patterns explored by OpenAI researchers in 2020 showing that the performance of language models tends to improve predictably as the models get larger (more parameters), are trained on more data, and have access to more computational power (compute). The laws suggest that simply scaling up model size and training data can lead to significant improvements in AI capabilities without necessarily requiring fundamental algorithmic breakthroughs. Since then, other researchers have challenged the idea of persisting scaling laws over time, but the concept is still a cornerstone of OpenAI's AI development philosophy. Scott's comments can be found around the 46-minute mark.

Read more of this story at Slashdot.

On July 12, 1999, the last Morse code message was sent from a Bay Area radio station, marking the end of an era. Every July 12, the Historic KPH Maritime Radio Receiving Station in Point Reyes revives the golden age of maritime radio, with volunteers exchanging Morse code messages worldwide. The Mercury News reports: Friday's "Night of Nights" event, which commemorates the long-gone stations and the skilled radiotelegraph operators who linked ships to shore, starts at 5:01 p.m. -- precisely one minute after the 1999 message ended. Operators will keep working until 11 p.m. "We're carrying on," said historical society president Richard Dillman, 80, who learned Morse code as a boy. "Morse code is not dead." The event, based at KPH's stations that are now part of the wild and windswept Point Reyes National Seashore, northwest of San Francisco, is not open to the public. But amateur radio operators around the world can participate by sending messages and exchanging greetings. The operating frequencies of the historical society's amateur station, under the call sign K6KPH, are 3550, 7050, 14050, 18097.5 and 21050. Radiogrammed messages arrive from as far away as New Zealand and Europe, rich with memories of rewarding careers or poignant tributes to lost loved ones. "Dear dad, we love you and we miss you so much," said one. The station uses the original historic KPH transmitters, receivers, antennas and other equipment, carefully repaired and restored by the society's experts. [...] All over the Pacific coast, stations closed. KPH's receiving headquarters -- an Art Deco cube built between 1929 and 1931, its entrance framed by a tunnel of cypress trees -- was acquired by the National Park Service in 1999. Its transmission station is located on a windswept bluff in Bolinas. [Historical society president Richard Dillman] and friend Tom Horsfall resolved to repair, restore and operate KPH as a way to honor the men and women who for 100 years had served ships in the North Pacific and Indian Ocean. "It was a brotherhood," said Dillman. "There was camaraderie -- a love of Morse code and the ability to do a job well." [...] They pitched their ambitious plan to the National Park Service. "At first, I was skeptical about their proposal," said Don Neubacher, the Seashore's former Superintendent. "But over time, I realized the Maritime Radio Historical Society, led by Richard Dillman, was a gift for the National Park Service." "I was impressed by the overwhelming knowledge of early wireless and ship-to-shore communication," he said, "and their lifelong commitment to saving this critical piece of Point Reyes history." With a dozen society volunteers from all over the Bay Area -- all over the age of 60, self-described "radio squirrels" -- they went to work. They meet on Saturday mornings over coffee and breakfast "services" dubbed "The Church of the Continuous Wave," sometimes ogling over radio schematics. Then, for a few hours, they broadcast news and weather.

Read more of this story at Slashdot.

Last week, Senior Advisor on AI Governance at the Center for Democracy & Technology, Kevin Bankston, took to X to report that Google's Gemini AI was caught summarizing his private tax return on Google Drive without his permission. "Despite attempts to disable the feature, Bankston found that Gemini's continued to operate in Google Drive, raising questions about Google's handling of user data and privacy settings," writes TechRadar's Craig Hale. From the report: After failing to find the right controls to disable Gemini's integration, the Advisor asked Google's ChatGPT-rivalling AI chatbot on two occasions to pinpoint the settings. A second, more detailed response still brought no joy: "Gemini is *not* in Apps and services on my dashboard (1st option), and I didn't have a profile pic in the upper right of the Gemini page (2nd)." With help from another X user, Bankston found the control, which was already disabled, highlighting either a malfunctioning control or indicating that further settings are hidden elsewhere. However, previous Google documentation has confirmed that the company will not use Google Workspace data to train or improve its generative AI services or to feed targeted ads. Bankston theorizes that his previous participation in Google Workspace Labs might have influenced Gemini's behavior. The Gemini side panel in Google Drive for PDFs can be closed if a user no longer wishes to access generative AI summaries.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Verge: A federal appeals court has agreed to halt the reinstatement of net neutrality rules until August 5th, while the court considers whether more permanent action is justified. It's the latest setback in a long back and forth on net neutrality -- the principle that internet service providers (ISPs) should not be able to block or throttle internet traffic in a discriminatory manner. The Federal Communications Commission has sought to achieve this by reclassifying ISPs under Title II of the Communications Act, which gives the agency greater regulatory oversight. The Democratic-led agency enacted net neutrality rules under the Obama administration, only for those rules to be repealed under former President Donald Trump's FCC. The current FCC, which has three Democratic and two Republican commissioners, voted in April to bring back net neutrality. The 3-2 vote was divided along party lines. Broadband providers have since challenged the FCC's action, which is potentially more vulnerable after the Supreme Court's recent decision to strike down Chevron deference -- a legal doctrine that instructed courts to defer to an agency's expert decisions except in a very narrow range of circumstances. Bloomberg Intelligence analyst Matt Schettenhelm said in a report prior to the court's ruling that he doesn't expect the FCC to prevail in court, in large part due to the demise of Chevron. A panel of judges for the Sixth Circuit Court of Appeals said in an order that a temporary "administrative stay is warranted" while it considers the merits of the broadband providers' request for a permanent stay. The administrative stay will be in place until August 5th. In the meantime, the court requested the parties provide additional briefs about the application of National Cable & Telecommunications Association v. Brand X Internet Services to this lawsuit.

Read more of this story at Slashdot.

An anonymous reader quotes a report from DefenseScoop: A group of NATO countries are set to begin implementing a new project aimed at improving the alliance's ability to quickly share intelligence gathered by space-based assets operated by both member nations and the commercial sector. Seventeen NATO members signed a memorandum of understanding for the Alliance Persistence Surveillance from Space (APSS) program as part of the annual NATO summit being held in Washington this week, the alliance announced Tuesday. Members will now move into a five-year implementation phase of the project, during which allies will contribute more than $1 billion "to leverage commercial and national space assets, and to expand advanced exploitation capacities," according to a press release. The United States is one of the nations signed onto the initiative, as well as Belgium, Canada, Denmark, Finland, France, Germany, Greece, Hungary, Italy, Luxembourg, the Netherlands, Norway, Poland, Romania, Sweden and Turkey, according to a NATO source. The transatlantic organization created APSS last year with the intent to establish a "virtual constellation" -- dubbed Aquila -- comprising both national and commercial space systems, sensors and data that can be used by NATO's command structure and other allies. The project is considered "the largest multinational investment in space-based capabilities" in the alliance's history, and is set to increase NATO's ability "to monitor activities on the ground and at sea with unprecedented accuracy and timeliness," a press release stated. Participating nations will be able to use their own space systems, provide tools for intelligence collection and analysis, or purchase space-based data gathered by commercial constellations. "Integrating and exploiting data from space effectively has been a growing challenge over time," a NATO press release stated. "By leveraging latest technologies from industry, APSS will help advance NATO's innovation agenda and offer a new platform to engage with the growing space industry." The APSS project is part of the larger implementation of NATO's overarching space policy adopted in 2019, which officially recognized space as a new operational domain. Since then, the alliance has worked to bolster its presence in space -- including the establishment of a NATO Space Centre in 2020 and approval of an official Space Branch within the Allied Command Transformation in June.

Read more of this story at Slashdot.

Researchers from Cornell University have developed a novel urine collection and filtration system for spacesuits, designed to improve hygiene and comfort for astronauts during long spacewalks. This new system, inspired by the 'stillsuits' from the Dune franchise, recycles urine into potable water using a vacuum-based external catheter and a forward-reverse osmosis unit. It's expected to be tested for use in upcoming NASA moon and Mars missions. Phys.Org reports: [Researchers] have now designed a urine collection device, including an undergarment made of multiple layers of flexible fabric. This connects to a collection cup (with a different shape and size for women and men) of molded silicone, to fit around the genitalia. The inner face of the collection cup is lined with polyester microfiber or a nylon-spandex blend, to draw urine away from the body and towards the inner cup's inner face, from where it is sucked by a vacuum pump. A RFID tag, linked to an absorbent hydrogel, reacts to moisture by activating the pump. Once collected, the urine is diverted to the urine filtration system, where it gets recycled with an efficiency of 87% through a two-step, integrated forward and reverse osmosis filtration system. This uses a concentration gradient to remove water from urine, plus a pump to separate water from salt. The purified water is then enriched in electrolytes and pumped into the in-suit drink bag, again available for consumption. Collecting and purifying 500ml of urine takes only five minutes. The system, which integrates control pumps, sensors, and a liquid-crystal display screen, is powered by a 20.5V battery with a capacity of 40 amp-hours. Its total size is 38 by 23 by 23 cm, with a weight of approximately eight kilograms: sufficiently compact and light to be carried on the back of a spacesuit. Now that the prototype is available, the new design can be tested under simulated conditions, and subsequently during real spacewalks. The design has been published in the journal Frontiers in Space Technology.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Constellation Energy is in talks with the Pennsylvania governor's office and state lawmakers to help fund a possible restart of part of its Three Mile Island power facility, the site of a nuclear meltdown in the 1970s, three sources familiar with the discussions said on Tuesday. The conversations, which two sources described as "beyond preliminary," signal that Constellation is advancing plans to revive part of the southern Pennsylvania nuclear generation site, which operated from 1974 to 2019. The nuclear unit Constellation is considering restarting is separate from the one that melted down. The sources said that a shut Michigan nuclear plant, which was recently awarded a $1.5 billion conditional loan to restart from the administration of U.S. President Joe Biden, could serve as a private-public sector blueprint for Three Mile Island. The sources asked not to be named due to the sensitivity of the discussions. "Though we have determined it would be technically feasible to restart the unit, we have not made any decision on a restart as there are many economic, commercial, operational and regulatory considerations remaining," Constellation spokesperson Dave Snyder said in an email. Snyder did not comment on the specifics of discussions about reopening the Pennsylvania site. Last month, Constellation told Reuters that it had cleared an engineering study of Three Mile Island, though it was unknown if the Baltimore, Maryland-based energy company would move forward with plans to reopen the site. Constellation also said that given the current premium placed on nuclear energy, acquiring other sites was generally off the table and the company would instead look to expand its existing fleet. The Three Mile Island unit that could be restarted is different to the site's unit 2, which experienced a partial meltdown in 1979 in the most famous commercial nuclear accident in U.S. history. The report notes that "no U.S. nuclear power plant has been reopened after shutting." A restart will not only be costly, but it will be challenged over safety and environmental concerns.

Read more of this story at Slashdot.

OpenAI is close to a breakthrough with a new project called "Strawberry," which aims to enhance its AI models with advanced reasoning abilities. Reuters reports: Teams inside OpenAI are working on Strawberry, according to a copy of a recent internal OpenAI document seen by Reuters in May. Reuters could not ascertain the precise date of the document, which details a plan for how OpenAI intends to use Strawberry to perform research. The source described the plan to Reuters as a work in progress. The news agency could not establish how close Strawberry is to being publicly available. How Strawberry works is a tightly kept secret even within OpenAI, the person said. The document describes a project that uses Strawberry models with the aim of enabling the company's AI to not just generate answers to queries but to plan ahead enough to navigate the internet autonomously and reliably to perform what OpenAI terms "deep research," according to the source. This is something that has eluded AI models to date, according to interviews with more than a dozen AI researchers. Asked about Strawberry and the details reported in this story, an OpenAI company spokesperson said in a statement: "We want our AI models to see and understand the world more like we do. Continuous research into new AI capabilities is a common practice in the industry, with a shared belief that these systems will improve in reasoning over time." On Tuesday at an internal all-hands meeting, OpenAI showed a demo of a research project that it claimed had new human-like reasoning skills, according to Bloomberg, opens new tab. An OpenAI spokesperson confirmed the meeting but declined to give details of the contents. Reuters could not determine if the project demonstrated was Strawberry. OpenAI hopes the innovation will improve its AI models' reasoning capabilities dramatically, the person familiar with it said, adding that Strawberry involves a specialized way of processing an AI model after it has been pre-trained on very large datasets. Researchers Reuters interviewed say that reasoning is key to AI achieving human or super-human-level intelligence.

Read more of this story at Slashdot.

A 2023 red team exercise by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at an unnamed federal agency exposed critical security failings, including unpatched vulnerabilities, inadequate incident response, and weak credential management, leading to a full domain compromise. According to The Register's Connor Jones, the agency failed to detect or remediate malicious activity for five months. From the report: According to the agency's account of the exercise, the red team was able to gain initial access by exploiting an unpatched vulnerability (CVE-2022-21587 - 9.8) in the target agency's Oracle Solaris enclave, leading to what it said was a full compromise. It's worth noting that CVE-2022-21587, an unauthenticated remote code execution (RCE) bug carrying a near-maximum 9.8 CVSS rating, was added to CISA's known exploited vulnerability (KEV) catalog in February 2023. The initial intrusion by CISA's red team was made on January 25, 2023. "After gaining access, the team promptly informed the organization's trusted agents of the unpatched device, but the organization took over two weeks to apply the available patch," CISA's report reads. "Additionally, the organization did not perform a thorough investigation of the affected servers, which would have turned up IOCs and should have led to a full incident response. About two weeks after the team obtained access, exploit code was released publicly into a popular open source exploitation framework. CISA identified that the vulnerability was exploited by an unknown third party. CISA added this CVE to its Known Exploited Vulnerabilities Catalog on February 2, 2023." [...] After gaining access to the Solaris enclave, the red team discovered they couldn't pivot into the Windows part of the network because missing credentials blocked their path, despite enjoying months of access to sensitive web apps and databases. Undeterred, CISA managed to make its way into the Windows network after carrying out phishing attacks on unidentified members of the target agency, one of which was successful. It said real adversaries may have instead used prolonged password-praying attacks rather than phishing at this stage, given that several service accounts were identified as having weak passwords. After gaining that access, the red team injected a persistent RAT and later discovered unsecured admin credentials, which essentially meant it was game over for the agency being assessed. "None of the accessed servers had any noticeable additional protections or network access restrictions despite their sensitivity and critical functions in the network," CISA said. CISA described this as a "full domain compromise" that gave the attackers access to tier zero assets -- the most highly privileged systems. "The team found a password file left from a previous employee on an open, administrative IT share, which contained plaintext usernames and passwords for several privileged service accounts," the report reads. "With the harvested Lightweight Directory Access Protocol (LDAP) information, the team identified one of the accounts had system center operations manager (SCOM) administrator privileges and domain administrator privileges for the parent domain. "They identified another account that also had administrative permissions for most servers in the domain. The passwords for both accounts had not been updated in over eight years and were not enrolled in the organization's identity management (IDM)." From here, the red team realized the victim organization had trust relationships with multiple external FCEB organizations, which CISA's team then pivoted into using the access they already had. The team "kerberoasted" one partner organization. Kerberoasting is an attack on the Kerberos authentication protocol typically used in Windows networks to authenticate users and devices. However, it wasn't able to move laterally with the account due to low privileges, so it instead used those credentials to exploit a second trusted partner organization. Kerberoasting yielded a more privileged account at the second external org, the password for which was crackable. CISA said that due to network ownership, legal agreements, and/or vendor opacity, these kinds of cross-organizational attacks are rarely tested during assessments. However, SILENTSHIELD assessments are able to be carried out following new-ish powers afforded to CISA by the FY21 National Defense Authorization Act (NDAA), the same powers that also allow CISA's Federal Attack Surface Testing (FAST) pentesting program to operate. It's crucial that these avenues are able to be explored in such exercises because they're routes into systems adversaries will have no reservations about exploring in a real-world scenario. For the first five months of the assessment, the target FCEB agency failed to detect or remediate any of the SILENTSHIELD activity, raising concerns over its ability to spot genuine malicious activity. CISA said the findings demonstrated the need for agencies to apply defense-in-depth principles. The cybersecurity agency recommended network segmentation and a Secure-by-Design commitment.

Read more of this story at Slashdot.

Mark Tyson reports via Tom's Hardware: The German Navy is searching for a new storage system to replace the aging 8-inch (20cm) floppy disks which are vital to the running of its Brandenburg class F123 frigates. According to an official tender document, the ideal answer to the German Navy's problems would be a drop-in floppy disk replacement based upon a storage emulation system, reports Golem.de. Germany's Brandenburg class F123 frigates were commissioned in the mid 1990s, so it is understandable that floppy disks were seen as a handy removable storage medium. These drives are part of the frigates' data acquisition system and, thus "central to controlling basic ship functions such as propulsion and power generation," according to the source report. The F123s are specialized in submarine hunting, and they are also being upgraded in terms of the weapon systems and weapon control systems. Swedish company Saab is the general contractor for the F123 modernizations. It won't be trivial to replace three decades old computer hardware seamlessly, while retaining the full functionality of the existing floppies. However, we note that other companies have wrestled similar problems in recent years. Moreover, there are plenty of emulator enthusiasts using technologies for floppy emulation solutions like Gotek drives which can emulate a variety of floppy drive standards and formats. There are other workable solutions already out there, but it all depends on who the German Navy chooses to deliver the project.

Read more of this story at Slashdot.

Southwest Airlines has signed a deal with Archer Aviation to develop plans for an on-demand eVTOL (electric vertical takeoff and landing) service in California. The Verge reports: The service will operate using Archer's battery-powered, four-passenger, tilt-rotor Midnight aircraft, which are designed to take off and land vertically from a landing strip like a helicopter. As part of the deal, the aircraft will get access to 14 California airports where Southwest operates. [...] Archer claims that trips that normally take 60-90 minutes by car can be done in 10-20 minutes in the company's air taxis. Archer came out of stealth in spring 2020 after having poached key talent from Wisk and Airbus' Vahana project. (That fact spurred a lawsuit from Wisk for alleged trade secret theft, which was finally settled last year.) The company has a $1 billion order from United Airlines for its eVTOL aircraft and a deal to mass-produce its eVTOL craft with global automaker Stellantis. Archer recently received a Part 135 air carrier certification from the Federal Aviation Administration, which the company will need to operate an on-demand air taxi service. Archer has said it plans on launching before the end of 2025. [...] As part of the deal, Archer will work with Southwest and its partners on the development of an air taxi network across California. That includes the unions of Southwest employees, like the Southwest Airlines Pilots Association.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: John Binns, a U.S. citizen who has been incarcerated in Turkey, is linked to the massive data breach of metadata belonging to nearly all of AT&T's customers that the telecommunications giant announced on Friday, three sources independently told 404 Media. [...] As 404 Media reported in January, Binns has already been indicted for allegedly breaking into T-Mobile in 2021 and selling stolen data on more than 40 million people. Now, he is allegedly connected to the latest breach against AT&T, which the company said it detected in April. The AT&T data was lifted from a Snowflake instance, a data warehousing tool, AT&T told 404 Media. Snowflake has been at the center of a series of massive and high profile breaches, including Ticketmaster and Santander. In a blog post published in June which covered a threat actor targeting Snowflake instances, cybersecurity company Mandiant said the threat actor, which it dubs UNC5537, "comprises members based in North America, and collaborates with an additional member in Turkey." In its breach announcement, AT&T said authorities had already apprehended one of the people involved in the breach. Binns was recently arrested and detained in Turkey, The Desk reported in May. That report, which is the last public information about his whereabouts, says he was detained following an extradition request from the U.S. Before he was arrested, Binns told 404 Media in January that he had "reasons to not be concerned" about being extradited.

Read more of this story at Slashdot.

Amazon's AI chatbot Rufus is now live for all U.S. customers. Engadget's Lawrence Bonk reports: So what does it do? It's an Amazon chatbot so it helps with shopping. You can ask for lists of recommended products and ask what specific products do and stuff like that. I've tooled around with it a bit this morning and it seems fine, though a bit boring. I will say that I cross-referenced some of the recommended products with the web version and Rufus does not automatically list promoted items, at least for now. It spit out a seemingly random list of well-reviewed products on several occasions. That's fine by me, though I'm not about to buy something based on the word of a one-day old chatbot. You can also ask specific questions about products, but the answers seem to be pulled directly from the descriptions. As any regular Amazon customer knows, some of these descriptions are accurate and others aren't. The chatbot is tied to your personal account, so it can answer questions about upcoming deliveries and the like. Amazon says that the bot has been trained on its product catalog, along with customer reviews, community Q&As and public information found throughout the web. However, it hasn't disclosed what websites it pulled that public information from and to what end. It didn't even confirm that these were retail-adjacent websites. You can try Rufus by updating to the latest version of the Amazon Shopping app. It'll be available in the bottom navigation bar with a typical AI icon consisting of bubbles and sparkles/stars.

Read more of this story at Slashdot.