A now-abandoned USB worm that backdoors connected devices has continued to self-replicate for years since its creators lost control of it and remains active on thousands, possibly millions, of machines, researchers said Thursday. ArsTechnica: The worm -- which first came to light in a 2023 post published by security firm Sophos -- became active in 2019 when a variant of malware known as PlugX added functionality that allowed it to infect USB drives automatically. In turn, those drives would infect any new machine they connected to, a capability that allowed the malware to spread without requiring any end-user interaction. Researchers who have tracked PlugX since at least 2008 have said that the malware has origins in China and has been used by various groups tied to the country's Ministry of State Security.

For reasons that aren't clear, the worm creator abandoned the one and only IP address that was designated as its command-and-control channel. With no one controlling the infected machines anymore, the PlugX worm was effectively dead, or at least one might have presumed so. The worm, it turns out, has continued to live on in an undetermined number of machines that possibly reaches into the millions, researchers from security firm Sekoia reported. The researchers purchased the IP address and connected their own server infrastructure to "sinkhole" traffic connecting to it, meaning intercepting the traffic to prevent it from being used maliciously. Since then, their server continues to receive PlugX traffic from 90,000 to 100,000 unique IP addresses every day.

Captchas that aim to distinguish humans from nefarious bots are demanding more brain power. WSJ: The companies and cybersecurity experts who design Captchas have been doing all they can to stay one step ahead of the bad actors figuring out how to crack them. A cottage industry of third-party Captcha-solving firms -- essentially, humans hired to solve the puzzles all day -- has emerged. More alarmingly, so has technology that can automatically solve the more rudimentary tests, such as identifying photos of motorcycles and reading distorted text. "Software has gotten really good at labeling photos," said Kevin Gosschalk, the founder and CEO of Arkose Labs, which designs what it calls "fraud and abuse prevention solutions," including Captchas. "So now enters a new era of Captcha -- logic based."

That shift explains why Captchas have started to both annoy and perplex. Users no longer have to simply identify things. They need to identify things and do something with that information -- move a puzzle piece, rotate an object, find the specter of a number hidden in a roomscape. Compounding this bewilderment is the addition to the mix of generative AI images, which creates new objects difficult for robots to identify but baffles humans who just want to log in. "Things are going to get even stranger, to be honest, because now you have to do something that's nonsensical," Gosschalk said. "Otherwise, large multimodal models will be able to understand."

The GNOME Foundation, a non-profit organization supporting the GNOME desktop environment, has been operating at a deficit for several years, depleting its financial reserves. Robert McQueen, the foundation's president, has announced plans to increase fundraising efforts in a new blog post.

McQueen adds: As you may be aware, the GNOME Foundation has operated at a deficit (nonprofit speak for a loss -- ie spending more than we've been raising each year) for over three years, essentially running the Foundation on reserves from some substantial donations received 4-5 years ago. The Foundation has a reserves policy which specifies a minimum amount of money we have to keep in our accounts. This is so that if there is a significant interruption to our usual income, we can preserve our core operations while we work on new funding sources. We've now "hit the buffers" of this reserves policy, meaning the Board can't approve any more deficit budgets -- to keep spending at the same level we must increase our income.

U.S. authorities consider DJI a security threat. Congress is weighing legislation to ban it [non-paywalled link], prompting a lobbying campaign from the company, which dominates the commercial and consumer drone markets. The New York Times: DJI is on a Defense Department list of Chinese military companies whose products the U.S. armed forces will be prohibited from purchasing in the future. As part of the defense budget that Congress passed for this year, other federal agencies and programs are likely to be prohibited from purchasing DJI drones as well. The drones -- though not designed or authorized for combat use -- have also become ubiquitous in Russia's war against Ukraine.

The Treasury and Commerce Departments have penalized DJI over the use of its drones for spying on Uyghur Muslims who are held in camps by Chinese officials in the Xinjiang region. Researchers have found that Beijing could potentially exploit vulnerabilities in an app that controls the drone to gain access to large amounts of personal information, although a U.S. official said there are currently no known vulnerabilities that have not been patched. Now Congress is weighing legislation that could kill much of DJI's commercial business in the United States by putting it on a Federal Communications Commission roster blocking it from running on the country's communications infrastructure.

The bill, which has bipartisan support, has been met with a muscular lobbying campaign by DJI. The company is hoping that Americans like Mr. Nordfors who use its products will help persuade lawmakers that the United States has nothing to fear -- and much to gain -- by keeping DJI drones flying. "DJI presents an unacceptable national security risk, and it is past time that drones made by Communist China are removed from America," Representative Elise Stefanik, Republican of New York and one of the bill's primary sponsors, said in an emailed statement this month.

Some Android-powered TVs can expose the contents of users' email inboxes if an attacker has physical access to the TV. Google initially told the office of Senator Ron Wyden that the issue, which is a quirk of how software is installed on these TVs, was expected behavior, but after being contacted by 404 Media, Google now says it is addressing the issue. From the report: The attack is an edge case but one that still highlights how the use of Google accounts, even on products that aren't necessarily designed for browsing user data, can expose information in unusual ways, including TVs in businesses or ones that have been resold or given away.

"My office is mid-way through a review of the privacy practices of streaming TV technology providers. As part of that inquiry, my staff discovered an alarming video in which a YouTuber demonstrated how with 15 minutes of unsupervised access to an Android TV set top box, a criminal could get access to private emails of the Gmail user who set up the TV," Senator Ron Wyden told 404 Media in a statement.

Europe is less hard-working, less ambitious, more regulated and more risk-averse than the US, according to the boss of Norway's giant oil fund, with the gap between the two continents only getting wider. FT: Nicolai Tangen, chief executive of the $1.6tn fund, told the Financial Times it was "worrisome" that American companies were outpacing their European rivals [non paywalled link] on innovation and technology, leading to vast outperformance of US shares in the past decade. "There's a mindset issue in terms of acceptance of mistakes and risks. You go bust in America, you get another chance. In Europe, you're dead," he said, adding that there was also a difference in "the general level of ambition. We are not very ambitious. I should be careful about talking about work-life balance, but the Americans just work harder."

His views are significant as the oil fund is one of the largest single investors in the world, owning on average 1.5 per cent of every listed company globally and 2.5 per cent of every European equity. Its US holdings have increased in the past decade while its European ones have declined. US shares account for almost half of all its equities compared with 32 per cent in 2013. The leading European country -- the UK -- represented 15 per cent of its equity portfolio a decade ago but just 6 per cent last year.

Tutao, known for the encrypted email service Tuta Mail, has filed a Digital Markets Act (DMA) complaint to the EU over an alleged de-ranking in Google Search. From a report: Google Search rankings are all too familiar to search engine optimization (SEO) specialists charged with ensuring web pages rise to the top of search results. In the case of Tutao's products -- Tuta Mail and Tuta Calendar -- all was going well until the beginning of March 2024, when the company claims tuta.com was abruptly de-ranked in Google Search. Rather than being displayed as a search result of thousands of keywords, the count dropped to the hundreds, the developer alleges.

Matthias Pfau, co-founder of Tuta Mail, said: "This reduction in Google Search took us by surprise as we did not change anything on our website during that time. We tried to reach out to Google about this issue, but were met with radio silence." Google denies the claims. It told The Reg: "Search ranking updates absolutely do not aim to preference Google products, or any other particular website. The email provider in question is easily accessible globally on Search. We appreciate the feedback and will look into how we can ensure Search continues to return the most helpful, relevant results."

Tuta Mail's Pfau claims a change in results mean that when a user searches for "encrypted email," Tuta's products no longer show up. However, he went on to allege that if you search for "Tuta" or "Tutanota," the company appears in the results.

An anonymous reader shares a report: With Windows 11 24H2 all geared up to have AI-intensive applications, Microsoft has added a code that will warn you if your PC does not meet the hardware requirements, according to code dug up by Twitter/X sleuth Albacore. The warning will be displayed as a watermark so you know that you cannot use certain AI-powered built-in apps because of an unsupported CPU.

404 Media: Apple has removed a number of AI image generation apps from the App Store after 404 Media found these apps advertised the ability to create nonconsensual nude images, a sign that app store operators are starting to take more action against these types of apps.

Overall, Apple removed three apps from the App Store, but only after we provided the company with links to the specific apps and their related ads, indicating the company was not able to find the apps that violated its policy itself.

Apple's action comes after we reported on Monday that Instagram advertises nonconsensual AI nude apps. By browsing Meta's Ad Library, which archives ads on its platform, when they ran, on what platforms, and who paid for them, we were able to find ads for five different apps, each with dozens of ads. Two of the ads were for web-based services, and three were for apps on the Apple App Store. Meta deleted the ads when we flagged them. Apple did not initially respond to a request for comment on that story, but reached out to me after it was published asking for more information. On Tuesday, Apple told us it removed the three apps on its App Store.

Sam Altman of OpenAI and the chief executives of Nvidia, Microsoft and Alphabet are among technology-industry leaders joining a new federal advisory board focused on the secure use of AI within U.S. critical infrastructure, in the Biden administration's latest effort to fill a regulatory vacuum over the rapidly proliferating technology. From a report: The Artificial Intelligence Safety and Security Board is part of a government push to protect the economy, public health and vital industries from being harmed by AI-powered threats, U.S. officials said. Working with the Department of Homeland Security, it will develop recommendations for power-grid operators, transportation-service providers and manufacturing plants, among others, on how to use AI while bulletproofing their systems against potential disruptions that could be caused by advances in the technology.

In addition to Nvidia's Jensen Huang, Microsoft's Satya Nadella, Alphabet's Sundar Pichai and other leaders in AI and technology, the panel of nearly two dozen consists of academics, civil-rights leaders and top executives at companies that work within a federally recognized critical-infrastructure sector, including Kathy Warden, chief executive of Northrop Grumman, and Delta Air Lines Chief Executive Ed Bastian. Other members are public officials, such as Maryland Gov. Wes Moore and Seattle Mayor Bruce Harrell, both Democrats.

Jonathan M. Gitlin reports Ars Technica: Honda announced today that it will spend $11 billion to expand its electric vehicle manufacturing presence in North America. The Japanese automaker already has a number of factories in the US, Mexico, and Canada, and it's this last one that will benefit from the expansion, with four EV-related plants planned for Ontario. Honda says it has begun evaluating requirements for what it's calling an "innovative and environmentally responsible" EV factory and a standalone EV battery plant in Alliston, Ontario, which is already home to Honda's two existing Canadian manufacturing facilities.

Additionally, the automaker wants to set up another two sites as joint ventures. One will be a plant that processes cathode active materials and their precursors -- the various elements like nickel and manganese that are combined with lithium in lithium-ion batteries -- set up in a partnership with POSCO Future M, a South Korean battery material and chemical company. (POSCO is already working with General Motors on another joint venture battery precursor material facility in Betancour, Quebec, that is supposed to become operational in 2026.) A second joint venture will be a partnership with Asahi Kasei, which will manufacture battery separators, the material that keeps the anode and cathode apart. The locations of these two joint ventures have not yet been announced.

Honda thinks it will be able to start making EVs in Ontario in 2028 and says the assembly plant will have the capacity to build 240,000 EVs per year. Meanwhile, the battery plant is planned to have an annual output of 36 GWh.

An anonymous reader quotes a report from Tom's Hardware: TSMC announced its leading-edge 1.6nm-class process technology today, a new A16 manufacturing process that will be the company's first Angstrom-class production node and promises to outperform its predecessor, N2P, by a significant margin. The technology's most important innovation will be its backside power delivery network (BSPDN). Just like TSMC's 2nm-class nodes (N2, N2P, and N2X), the company's 1.6nm-class fabrication process will rely on gate-all-around (GAA) nanosheet transistors, but unlike the current and next-generation nodes, this one uses backside power delivery dubbed Super Power Rail. Transistor and BSPDN innovations enable tangible performance and efficiency improvements compared to TSMC's N2P: the new node promises an up to 10% higher clock rate at the same voltage and a 15%-20% lower power consumption at the same frequency and complexity. In addition, the new technology could enable 7%-10% higher transistor density, depending on the actual design.

The most important innovation of TSMC's A16 process, which was unveiled at the company's North American Technology Symposium 2024, is the introduction of the Super Power Rail (SPR), a sophisticated backside power delivery network (BSPDN). This technology is tailored specifically for AI and HPC processors that tend to have both complex signal wiring and dense power delivery networks. Backside power delivery will be implemented into many upcoming process technologies as it allows for an increase in transistor density and improved power delivery, which affects performance. Meanwhile, there are several ways to implement a BSPDN. TSMC's Super Power Rail plugs the backside power delivery network to each transistor's source and drain using a special contact that also reduces resistance to get the maximum performance and power efficiency possible. From a production perspective, this is one of the most complex BSPDN implementations and is more complex than Intel's Power Via. Volume production of A16 is slated for the second half of 2026. "Therefore, actual A16-made products will likely debut in 2027," notes the report. "This timeline positions A16 to potentially compete with Intel's 14A node, which will be Intel's most advanced node at the time."

Alphabet has reported first quarter results that topped analysts' estimates with soaring profits in its cloud division. It also announced its first-ever dividend. CNBC shares the results: Earnings per share: $1.89 vs. $1.51 per share expected by LSEG
Revenue: $80.54 billion vs. $78.59 billion expected by LSEG

Wall Street is also watching several other numbers in the report:

YouTube advertising revenue: $8.09 billion vs. $7.72 billion expected, according to StreetAccount.
Google Cloud revenue: $9.57 billion vs. $9.35 billion expected, according to StreetAccount.
Traffic acquisition costs (TAC): $12.95 billion $12.74 billion expected, according to StreetAccount.

Alphabet's revenue increased 15% from $69.79 billion a year earlier, the fastest rate of growth since early 2022. Alphabet said its board approved a cash dividend of 20 cents per share to be paid on June 17, to stockholders of record as of June 10. The company said it "intends to pay quarterly cash dividends in the future."

Seagate has joined Western Digital in increasing the prices of hard drives, with rising demand due to the huge data requirements of AI taking the blame. AI is also behind a rapid growth in orders for Enterprise solid state drives. From a report: One of the big three makers of traditional rotating hard disk drives, Seagate informed customers that it is increasing prices effective immediately for new orders, but also for any changes to orders that are "over and above" previously committed volumes. This was disclosed in a letter from the company seen by analyst Trendforce, and comes just a couple of weeks after rival manufacturer Western Digital sent out a similar letter to customers informing them of price hikes.

According to Trendforce, the cause of the issue is two-fold: rising demand for high-capacity HDD products driven by the current craze for all things AI, and reduced production by hard drive manufacturers that means they are unable to meet the demand, leading to soaring prices. The rising demand comes from AI training requiring huge volumes of data: OpenAI's GPT-3 model is said to have been trained using 45TB of data, which may have been surpassed for newer models. And while flash-based SSDs boast high-speed and low-latency, storing everything in flash would still be costly. Seagate launched a 30TB hard drive line last year. Hard drive production was cut by as much as 20 percent over the last two years or so because of falling orders during the pandemic, and now manufacturers are unprepared for a sudden uptick in demand.

Microsoft releases one of the most popular versions of MS-DOS as open source today. stikves shares a post:Ten years ago, Microsoft released the source for MS-DOS 1.25 and 2.0 to the Computer History Museum, and then later republished them for reference purposes. This code holds an important place in history and is a fascinating read of an operating system that was written entirely in 8086 assembly code nearly 45 years ago.

Today, in partnership with IBM and in the spirit of open innovation, we're releasing the source code to MS-DOS 4.00 under the MIT license. There's a somewhat complex and fascinating history behind the 4.0 versions of DOS, as Microsoft partnered with IBM for portions of the code but also created a branch of DOS called Multitasking DOS that did not see a wide release.