According to a new survey from the Pew Research Center, TikTok is the second most popular source of news for Americans after X, "though most TikTok users don't primarily think of the shortform video app as a news source," notes The Verge. The survey looked at how Facebook, Instagram, TikTok and X play a role in Americans' news diets. From the report: Among TikTok users, only 15 percent say keeping up with the news is a major reason they use the app. Still, 35 percent of those surveyed said they wouldn't have seen the news they get on TikTok elsewhere. And unlike other apps, the news users see on TikTok is just as likely to come from influencers or celebrities as it is from journalists -- and it's far more likely to come from total strangers. (Meanwhile, most Facebook and Instagram users say the news that pops up on their feeds is posted by friends, relatives, or other people they know; on X, users are more likely to see news posted by media outlets or reporters.)

Read more of this story at Slashdot.

Steven Vaughan-Nichols reports via ZDNet: While Linux and open-source software (OSS) are no longer constantly under intellectual property (IP) attacks, the Open Invention Network (OIN) patent consortium still stands guard over its patents. Now, OIN, the largest patent non-aggression community, has expanded its protection once again by updating its Linux System definition. Covering more than just Linux, the Linux System definition also protects adjacent open-source technologies. In the past, protection was expanded to Android, Kubernetes, and OpenStack. The OIN accomplishes this by providing a shared defensive patent pool of over 3 million patents from over 3,900 community members. OIN members include Amazon, Google, Microsoft, and essentially all Linux-based companies. This latest update extends OIN's existing patent risk mitigation efforts to cloud-native computing and enterprise software. In the cloud computing realm, OIN has added patent coverage for projects such as Istio, Falco, Argo, Grafana, and Spire. For enterprise computing, packages such as Apache Atlas and Apache Solr -- used for data management and search at scale, respectively -- are now protected. The update also enhances patent protection for the Internet of Things (IoT), networking, and automotive technologies. OpenThread and packages such as agl-compositor and kukusa.val have been added to the Linux System definition. In the embedded systems space, OIN has supplemented its coverage of technologies like OpenEmbedded by adding the OpenAMP and Matter, the home IoT standard. OIN has included open hardware development tools such as Edalize, cocotb, Amaranth, and Migen, building upon its existing coverage of hardware design tools like Verilator and FuseSoc. Keith Bergelt, OIN's CEO, emphasized the importance of this update, stating, "Linux and other open-source software projects continue to accelerate the pace of innovation across a growing number of industries. By design, periodic expansion of OIN's Linux System definition enables OIN to keep pace with OSS's growth." [...] Looking ahead, Bergelt said, "We made this conscious decision not to include AI. It's so dynamic. We wait until we see what AI programs have significant usage and adoption levels." This is how the OIN has always worked. The consortium takes its time to ensure it extends its protection to projects that will be around for the long haul. The OIN practices patent non-aggression in core Linux and adjacent open-source technologies by cross-licensing their Linux System patents to one another on a royalty-free basis. When OIN signees are attacked because of their patents, the OIN can spring into action.

Read more of this story at Slashdot.

Richard Speed reports via The Register: Privacy campaigner noyb has filed a GDPR complaint regarding Google's Privacy Sandbox, alleging that turning on a "Privacy Feature" in the Chrome browser resulted in unwanted tracking by the US megacorp. The Privacy Sandbox API was introduced in 2023 as part of Google's grand plan to eliminate third-party tracking cookies. Rather than relying on those cookies, website developers can call the API to display ads matched to a user's interests. In the announcement, Google's VP of the Privacy Sandbox initiative called it "a significant step on the path towards a fundamentally more private web." However, according to noyb, the problem is that although Privacy Sandbox is advertised as an improvement over third-party tracking, that tracking doesn't go away. Instead, it is done within the browser by Google itself. To comply with the rules, Google needs informed consent from users, which is where issues start. Noyb wrote today: "Google's internal browser tracking was introduced to users via a pop-up that said 'turn on ad privacy feature' after opening the Chrome browser. In the European Union, users are given the choice to either 'Turn it on' or to say 'No thanks,' so to refuse consent." Users would be forgiven for thinking that 'turn on ad privacy feature' would protect them from tracking. However, what it actually does is turn on first-party tracking. Max Schrems, honorary chairman of noyb, claimed: "Google has simply lied to its users. People thought they were agreeing to a privacy feature, but were tricked into accepting Google's first-party ad tracking. "Consent has to be informed, transparent, and fair to be legal. Google has done the exact opposite." Noyb noted that Google had argued "choosing to click on 'Turn it on' would indeed be considered consent to tracking under Article 6(1)(a) of the GDPR."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Amazon says that it will commit up to $230 million to startups building generative AI-powered applications. The investment, roughly $80 million of which will fund Amazon's second AWS Generative AI Accelerator program, aims to position AWS as an attractive cloud infrastructure choice for startups developing generative AI models to power their products, apps and services. Much of the new tranche -- including the entire portion set aside for the accelerator program -- comes in the form of compute credits for AWS infrastructure, meaning that it can't be transferred to other cloud service providers like Google Cloud and Microsoft Azure. To sweeten the pot, Amazon is pledging that startups in this year's Generative AI Accelerator cohort will gain access to experts and tech from Nvidia, the program's presenting partner. They will also be invited to join the Nvidia Inception program, which provides companies opportunities to connect with potential investors and additional consulting resources. The Generative AI Accelerator program has also grown substantially. Last year's cohort, which had 21 startups, received only up to $300,000 in AWS compute credits, amounting to around a combined $6.3 million investment. "With this new effort, we will help startups launch and scale world-class businesses, providing the building blocks they need to unleash new AI applications that will impact all facets of how the world learns, connects, and does business," Matt Wood, VP of AI products at AWS, said in a statement. Further reading: How Amazon Blew Alexa's Shot To Dominate AI

Read more of this story at Slashdot.

The Ukraine cyber police, supported by information from the Dutch police, arrested a 28-year-old Russian man in Kyiv for aiding Conti and LockBit ransomware operations by making their malware undetectable and conducting at least one attack himself. He was arrested on April 18, 2024, as part of a global law enforcement operation known as "Operation Endgame," which took down various botnets and their main operators. "As the Conti ransomware group used some of those botnets for initial access on breached endpoints, evidence led investigators to the Russian hacker," reports BleepingComputer. From the report: The Ukrainian police reported that the arrested individual was a specialist in developing custom crypters for packing the ransomware payloads into what appeared as safe files, making them FUD (fully undetectable) to evade detection by the popular antivirus products. The police found that the man was selling his crypting services to both the Conti and LockBit cybercrime syndicates, helping them significantly increase their chances of success on breached networks. The Dutch police confirmed at least one case of the arrested individual orchestrating a ransomware attack in 2021, using a Conti payload, so he also operated as an affiliate for maximum profit. "As part of the pre-trial investigation, police, together with patrol officers of the special unit "TacTeam" of the TOR DPP battalion, conducted a search in Kyiv," reads the Ukraine police announcement. "Additionally, at the international request of law enforcement agencies in the Netherlands, a search was conducted in the Kharkiv region." [...] The suspect has already been charged with Part 5 of Article 361 of the Criminal Code of Ukraine (Unauthorized interference in the work of information, electronic communication, information and communication systems, electronic communication networks) and faces up to 15 years imprisonment.

Read more of this story at Slashdot.

During its earnings call on Monday, Oracle CEO Safra Catz told analysts that it is shutting down its ads business. "In Q4, we decided to exit the advertising business, which had declined to about $300 million in revenue in fiscal year '24," said Catz, according to an earnings transcript. Adweek's Catherine Perloff reports: In August 2022, Business Insider reported that Oracle Advertising made $2 billion in revenue. At the time, revenue was only growing by 2% a year and many employees had been laid off as part of a reorganization in 2022, Business Insider reported. Oracle spent billions on entering the advertising business, acquiring nearly a dozen ad technology companies for over a decade. Notable acquisitions include data firms DataLogix, bought in 2014 for $1.2 billion, and brand safety platform Moat, purchased in 2017 for a reported $850 million. "Oracle's bet on the advertising industry was undermined when Meta [...] shut down its data to third parties including Oracle in 2018, following the Cambridge Analytica scandal," notes Adweek. Europe's GDPR further restricted Oracle's advertising business, leading the company to shut down its 'AddThis' publisher audience tool in 2019, which relied on third-party data.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Singapore's CNA news channel: Kandula Nagaraju, 39, was sentenced to two years and eight months' jail on Monday (Jun 10) for one charge of unauthorized access to computer material. Another charge was taken into consideration for sentencing. His contract with NCS was terminated in October 2022 due to poor work performance and his official last date of employment was Nov 16, 2022. According to court documents, Kandula felt "confused and upset" when he was fired as he felt he had performed well and "made good contributions" to NCS during his employment. After leaving NCS, he did not have another job in Singapore and returned to India. Between November 2021 and October 2022, Kandula was part of a 20-member team managing the quality assurance (QA) computer system at NCS. NCS is a company that offers information communication and technology services. The system that Kandula's former team was managing was used to test new software and programs before launch. In a statement to CNA on Wednesday, NCS said it was a "standalone test system." It consisted of about 180 virtual servers, and no sensitive information was stored on them. After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorized access to the system using the administrator login credentials. He did so on six occasions between Jan 6 and Jan 17, 2023. In February that year, Kandula returned to Singapore after finding a new job. He rented a room with a former NCS colleague and used his Wi-Fi network to access NCS' system once on Feb 23, 2023. During the unauthorized access in those two months, he wrote some computer scripts to test if they could be used on the system to delete the servers. In March 2023, he accessed NCS' QA system 13 times. On Mar 18 and 19, he ran a programmed script to delete 180 virtual servers in the system. His script was written such that it would delete the servers one at a time. The following day, the NCS team realized the system was inaccessible and tried to troubleshoot, but to no avail. They discovered that the servers had been deleted. [...] As a result of his actions, NCS suffered a loss of $679,493.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Intercept: The Mozilla Foundation,the entity behind the web browser Firefox, is blocking various censorship circumvention add-ons for its browser, including ones specifically to help those in Russia bypass state censorship. The add-ons were blocked at the request of Russia's federal censorship agency, Roskomnadzor -- the Federal Service for Supervision of Communications, Information Technology, and Mass Media -- according to a statement by Mozilla to The Intercept. "Following recent regulatory changes in Russia, we received persistent requests from Roskomnadzor demanding that five add-ons be removed from the Mozilla add-on store," a Mozilla spokesperson told The Intercept in response to a request for comment. "After careful consideration, we've temporarily restricted their availability within Russia. Recognizing the implications of these actions, we are closely evaluating our next steps while keeping in mind our local community." Developers of digital tools designed to get around censorship began noticing recently that their Firefox add-ons were no longer available in Russia. On June 8, the developer of Censor Tracker, an add-on for bypassing internet censorship restrictions in Russia and other former Soviet countries, made a post on the Mozilla Foundation's discussion forums saying that their extension was unavailable to users in Russia. The developer of another add-on, Runet Censorship Bypass, which is specifically designed to bypass Roskomnadzor censorship, posted in the thread that their extension was also blocked. The developer said they did not receive any notification from Mozilla regarding the block. Two VPN add-ons, Planet VPN and FastProxy -- the latter explicitly designed for Russian users to bypass Russian censorship -- are also blocked. VPNs, or virtual private networks, are designed to obscure internet users' locations by routing users' traffic through servers in other countries. "It's a kind of unpleasant surprise because we thought the values of this corporation were very clear in terms of access to information, and its policy was somewhat different," said Stanislav Shakirov, the chief technical officer of Roskomsvoboda, a Russian open internet group. "And due to these values, it should not be so simple to comply with state censors and fulfill the requirements of laws that have little to do with common sense."

Read more of this story at Slashdot.

Roku TV owners are complaining that motion smoothing is "suddenly enabled on their TVs with no way to turn it off," reports The Verge. From the report: Contributors on Reddit and in Roku's community forum reported seeing the change on TCL TVs running on Roku OS 13, as did a few staffers on The Verge. However, for others who have access to "Expert" picture settings, the same update is in place without a change, and the settings to control it are still available. For some people experiencing the problem, they said this is the first time their TV offered Roku's motion smoothing feature at all and that there's nowhere in any menu (either the standard settings or the picture settings available while watching TV) to turn it off. The update notes for Roku OS 13 mention a new "Roku Smart Picture" feature that will optimize based on the content being watched, so there may be a bug there. However, people in older threads have reported similar issues with some Roku devices before. A Roku community moderator responded on the forum that the team is looking into the incident. Roku also offered its typical instructions for disabling the settings, which involves clicking the Star button on the remote during playback and heading to the Action Smoothing submenu under Advanced Picture Settings. [...] Naturally, a lot of people who work in film and television aren't a fan. Star Wars: The Last Jedi director Rian Johnson once went so far as to say it makes "movies look like liquid diarrhea."

Read more of this story at Slashdot.

Kent, Wash.-based Stoke Space successfully completed the first hot-fire test of its reusable Nova launch vehicle's first-stage engine, which reached 350,000 hp in under a second during a two-second test on June 5. GeekWire reports: During the two-second test, the engine ramped up to its target starting power level, producing the equivalent of 350,000 hp in less than a second, and held that power level until shutdown. At full power, the full-flow staged combustion engine is designed to produce over 100,000 pounds of thrust. The rocket engine was designed and manufactured in just 18 months. The medium-lift Nova rocket's first-stage booster will be powered by seven of the engines. Stoke successfully conducted a vertical-takeoff-and-landing test flight of its reusable second stage last September. Since then, the company has been focusing on first-stage development. For the rest of this year, Stoke expects to continue maturing its engine and vehicle design while scaling operations for orbital launch. Stoke Space said last year that it was targeting 2025 for its first orbital test flight -- but that timetable depends on progress in the development program.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: Chemical and manufacturing groups sued the federal government late Monday (Warning: source paywalled; alternative source) over a landmark drinking-water standard that would require cleanup of so-called forever chemicals linked to cancer and other health risks. The industry groups said that the government was exceeding its authority under the Safe Drinking Water Act by requiring that municipal water systems all but remove six synthetic chemicals, known by the acronym PFAS, that are present in the tap water of hundreds of millions of Americans. The Environmental Protection Agency has said that the new standard, put in place in April, will prevent thousands of deaths and reduce tens of thousands of serious illnesses. The E.P.A.'s cleanup standard was also expected to prompt a wave of litigation against chemical manufacturers by water utilities nationwide trying to recoup their cleanup costs. Utilities have also challenged the stringent new standard, questioning the underlying science and citing the cost of filtering the toxic chemicals out of drinking water. In a joint filing late Monday, the American Chemistry Council and National Association of Manufacturers said the E.P.A. rule was "arbitrary, capricious and an abuse of discretion." The petition was filed in the Court of Appeals for the District of Columbia. In a separate petition, the American Water Works Association and the Association of Metropolitan Water Agencies said the E.P.A. had "significantly underestimated the costs" of the rule. Taxpayers could ultimately foot the bill in the form of increased water rates, they said. PFAS, a vast class of chemicals also called per- and polyfluoroalkyl substances, are widespread in the environment. They are commonly found in people's blood, and a 2023 government study of private wells and public water systems detected PFAS chemicals in nearly half the tap water in the country. Exposure to PFAS has been associated with developmental delays in children, decreased fertility in women and increased risk of some cancers, according to the E.P.A. [...] The E.P.A. estimates that it would cost water utilities about $1.5 billion annually to comply with the rule, though utilities have said the costs could be twice that amount. Further reading: Lawyers To Plastic Makers: Prepare For 'Astronomical' PFAS Lawsuits

Read more of this story at Slashdot.

Rare Earths Norway has discovered Europe's largest proven deposit of rare earth elements in the Fen Carbonatite Complex, positioning Norway as a key player in Europe's effort to reduce reliance on China's rare earths supply. CNBC reports: Rare Earths Norway said in a June 6 statement that its Fen Carbonatite Complex in the southeast of the country boasts 8.8 million metric tons of total rare earth oxides (TREOs) with a reasonable prospect for economic extraction. Within the TREOs, which are considered vital to the global shift away from fossil fuels, the company says there is an estimated 1.5 million metric tons of magnet-related rare earths which can be used in electric vehicles and wind turbines. The discovery eclipses a massive rare earths deposit found last year in neighboring Sweden. One of the aims of the Critical Raw Materials Act is to extract at least 10% of the European Union's annual demand for rare earths by 2030 and Rare Earths Norway says it hopes to contribute to that goal. Rare Earths Norway said the rare earths deposit in Telemark, roughly 210 kilometers (130 miles) southwest of Oslo, is likely to underscore Norway's position as an integral part of Europe's rare earth and critical raw material value chain.

Read more of this story at Slashdot.

Following in the European Union's footsteps, Japan's parliament has enacted a law on Wednesday that will prohibit big tech from blocking third-party app stores. AppleInsider reports: The intention of the bill is that it will facilitate competition and reduce app prices. Japan's government reportedly believes that Apple and Google are a duopoly, and that they charge developers high fees that are then passed on to users. Big tech companies with App Stores will also prohibit companies from prioritizing their own services. Google is likely to be hit hardest by this. Violators will initially be fined up to 20% of the domestic revenue of the specific service that broke the law. The fee can increase to 30%, if the behavior continues. The Japanese government's Fair Trade Commission (FTC) will choose which firms to apply it to. Companies that will be regulated will be required to submit compliance reports annually. While it hasn't been explicitly said that Apple and Google must comply, It seems certain that the announcement that they'll be held to the provisions is imminent. The Japan FTC isn't expected to add any Japanese firms to the list. The law likely won't take effect until the end of 2025.

Read more of this story at Slashdot.

Intel has begun ferrying around 20 "super loads" across Ohio for the construction of its new $28 billion Ohio One Campus. The extensive planning and coordination required for these shipments are expected to cause road closures and delays during the nine days of transport. Tom's Hardware reports: Intel's new campus coming to New Albany, OH, is in heavy construction, and around 20 super loads are being ferried across Ohio's roads by the Ohio Department of Transportation after arriving at a port of the Ohio River via barge. Four of these loads, including the one hitting the road now, weigh around 900,000 pounds -- that's 400 metric tons, or 76 elephants. The super loads were first planned for February but were delayed due to the immense planning workload. Large crowds are estimated to accumulate on the route, potentially slowing it even further. Intel's 916,000-pound shipment is a "cold box," a self-standing air-processor structure that facilitates the cryogenic technology needed to fabricate semiconductors. The box is 23 feet tall, 20 feet wide, and 280 feet long, nearly the length of a football field. The immense scale of the cold box necessitates a transit process that moves at a "parade pace" of 5-10 miles per hour. Intel is taking over southern Ohio's roads for the next several weeks and months as it builds its new Ohio One Campus, a $28 billion project to create a 1,000-acre campus with two chip factories and room for more. Calling it the new "Silicon Heartland," the project will be the first leading-edge semiconductor fab in the American Midwest, and once operational, will get to work on the "Angstrom era" of Intel processes, 20A and beyond. The Ohio Department of Transportation has shared a timetable for how long this process will take.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: On Wednesday, Stability AI released weights for Stable Diffusion 3 Medium, an AI image-synthesis model that turns text prompts into AI-generated images. Its arrival has been ridiculed online, however, because it generate images of humans in a way that seems like a step backward from other state-of-the-art image-synthesis models like Midjourney or DALL-E 3. As a result, it can churn out wild anatomically incorrect visual abominations with ease. A thread on Reddit, titled, "Is this release supposed to be a joke? [SD3-2B]" details the spectacular failures of SD3 Medium at rendering humans, especially human limbs like hands and feet. Another thread titled, "Why is SD3 so bad at generating girls lying on the grass?" shows similar issues, but for entire human bodies. AI image fans are so far blaming the Stable Diffusion 3's anatomy fails on Stability's insistence on filtering out adult content (often called "NSFW" content) from the SD3 training data that teaches the model how to generate images. "Believe it or not, heavily censoring a model also gets rid of human anatomy, so... that's what happened," wrote one Reddit user in the thread. The release of Stable Diffusion 2.0 in 2023 suffered from similar problems in depicting humans accurately, and AI researchers soon discovered that censoring adult content that contains nudity also severely hampers an AI model's ability to generate accurate human anatomy. At the time, Stability AI reversed course with SD 2.1 and SD XL, regaining some abilities lost by excluding NSFW content. "It works fine as long as there are no humans in the picture, I think their improved nsfw filter for filtering training data decided anything humanoid is nsfw," wrote another Redditor. Basically, any time a prompt hones in on a concept that isn't represented well in its training dataset, the image model will confabulate its best interpretation of what the user is asking for. And sometimes that can be completely terrifying. Using a free online demo of SD3 on Hugging Face, we ran prompts and saw similar results to those being reported by others. For example, the prompt "a man showing his hands" returned an image of a man holding up two giant-sized backward hands, although each hand at least had five fingers.

Read more of this story at Slashdot.

In a new blog post, Adobe said it has updated its terms of service to clarify that it won't train AI on customers' work. The move comes after a week of backlash from users who feared that an update to Adobe's ToS would permit such actions. The clause was included in ToS sent to Creative Cloud Suite users, which claimed that Adobe "may access, view, or listen to your Content through both automated and manual methods -- using techniques such as machine learning in order to improve our Services and Software and the user experience." The Verge reports: The new terms of service are expected to roll out on June 18th and aim to better clarify what Adobe is permitted to do with its customers' work, according to Adobe's president of digital media, David Wadhwani. "We have never trained generative AI on our customer's content, we have never taken ownership of a customer's work, and we have never allowed access to customer content beyond what's legally required," Wadhwani said to The Verge. [...] Adobe's chief product officer, Scott Belsky, acknowledged that the wording was "unclear" and that "trust and transparency couldn't be more crucial these days." Wadhwani says that the language used within Adobe's TOS was never intended to permit AI training on customers' work. "In retrospect, we should have modernized and clarified the terms of service sooner," Wadhwani says. "And we should have more proactively narrowed the terms to match what we actually do, and better explained what our legal requirements are." "We feel very, very good about the process," Wadhwani said in regards to content moderation surrounding Adobe stock and Firefly training data but acknowledged it's "never going to be perfect." Wadhwani says that Adobe can remove content that violates its policies from Firefly's training data and that customers can opt out of automated systems designed to improve the company's service. Adobe said in its blog post that it recognizes "trust must be earned" and is taking on feedback to discuss the new changes. Greater transparency is a welcome change, but it's likely going to take some time to convince scorned creatives that it doesn't hold any ill intent. "We are determined to be a trusted partner for creators in the era ahead. We will work tirelessly to make it so."

Read more of this story at Slashdot.

The European Union on Wednesday said it would impose higher tariffs on Chinese electric vehicle imports, which it found benefit "heavily from unfair subsidies" and pose a "threat of economic injury" to EV producers in Europe. CNBC reports: On a preliminary basis, the European Commission, the executive arm of the EU, concluded that the battery-electric vehicles value chain in China "benefits from unfair subsidization" and pronounced that it is in the EU's interest to impose "provisional countervailing duties" on BEV imports from China. The additional tariffs are the result of an EU probe that began in October. The duties are currently provisional, but will be introduced from July 4 in the event of unfruitful talks with Chinese authorities to reach a resolution, the commission said in a statement. Definitive measures will be placed within four months of the imposition of provisional duties. [...] The bloc is imposing a 38.1% tariff on battery-electric vehicle producers who did not cooperate with its investigation, and a lower 21% duty on carmakers in the Asian country who complied but have not been "sampled." The commission also disclosed a set of individual tariffs, which [Valdis Dombrovskis, the EU commissioner for trade, said] are linked to their cooperation with the probe and with the amount of information they supplied. Rates are lower for those companies who shared details, he added. Main Chinese BEV producer BYD was struck with a 17.4% tariff, with Geely slapped with a 20% duty. The EU has also imposed its 38.1% tariff on autos firm SAIC. All three producers were sampled in the EU probe, which is ongoing. Meanwhile, taxes on imported Chinese EVs in the United States are set to quadruple from 25% to 100%, starting this year.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Record: The revelation earlier this year that General Motors had been selling driver behavior patterns to data brokers -- who in turn packaged and resold it to insurers -- has led at least one of two major data brokers to shut down its related product. That data broker, Verisk, disclosed last month that it has stopped accepting data from car makers and no longer sells the information to insurers, according to the organization Privacy4Cars, which received the response after sending the data broker an inquiry. "Verisk received driving data from vehicles manufactured by General Motors, Honda, and Hyundai and may have provided a Driving Behavior Data History Report ("Report") to insurers upon request, as a service provider to such insurers, that included certain data provided by these manufacturers," the Verisk response to Privacy4Cars said. "Please note that Verisk no longer receives this data from these automakers to generate Reports and also no longer provides Reports to insurers," the statement added. While Verisk has stopped selling car company-provided driver behavior patterns to insurers, LexisNexis Risk Solutions continues to prominently promote its driver behavior data product for insurers despite the mounting backlash from state governments, federal officials and consumer groups. LexisNexis Risk Solutions' Telematics OnDemand page remains online, boasting that it is "bringing automakers and insurance carriers together." "By partnering directly with automotive OEMs, LexisNexis is able to turn connected car data into tangible driving behavior insights that can be leveraged within insurance carriers' existing workflows," the page says. Much of LexisNexis Risk Solutions' work remains shrouded in secrecy.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Hackers working for the Chinese government gained access to more than 20,000 VPN appliances sold by Fortinet using a critical vulnerability that the company failed to disclose for two weeks after fixing it, Netherlands government officials said. The vulnerability, tracked as CVE-2022-42475, is a heap-based buffer overflow that allows hackers to remotely execute malicious code. It carries a severity rating of 9.8 out of 10. A maker of network security software, Fortinet silently fixed the vulnerability on November 28, 2022, but failed to mention the threat until December 12 of that year, when the company said it became aware of an "instance where this vulnerability was exploited in the wild." On January 11, 2023 -- more than six weeks after the vulnerability was fixed -- Fortinet warned a threat actor was exploiting it to infect government and government-related organizations with advanced custom-made malware. Netherlands government officials wrote in Monday's report: Since the publication in February, the MIVD has continued to investigate the broader Chinese cyber espionage campaign. This revealed that the state actor gained access to at least 20,000 FortiGate systems worldwide within a few months in both 2022 and 2023 through the vulnerability with the identifier CVE-2022-42475 . Furthermore, research shows that the state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet announced the vulnerability. During this so-called 'zero-day' period, the actor alone infected 14,000 devices. Targets include dozens of (Western) governments, international organizations and a large number of companies within the defense industry. The state actor installed malware at relevant targets at a later date. This gave the state actor permanent access to the systems. Even if a victim installs security updates from FortiGate, the state actor continues to have this access. It is not known how many victims actually have malware installed. The Dutch intelligence services and the NCSC consider it likely that the state actor could potentially expand its access to hundreds of victims worldwide and carry out additional actions such as stealing data. Even with the technical report on the COATHANGER malware, infections from the actor are difficult to identify and remove. The NCSC and the Dutch intelligence services therefore state that it is likely that the state actor still has access to systems of a significant number of victims.

Read more of this story at Slashdot.