PolygamousRanchKid shares a report from CNBC: The hacker group DarkSide claimed on Wednesday to have attacked three more companies, despite the global outcry over its attack on Colonial Pipeline this week, which has caused shortages of gasoline and panic buying on the East Coast of the U.S. Over the past 24 hours, the group posted the names of three new companies on its site on the dark web, called DarkSide Leaks. The information posted to the site includes summaries of what the hackers appear to have stolen but do not appear to contain raw data. DarkSide is a criminal gang, and its claims should be treated as potentially misleading.

The posting indicates that the hacker collective is not backing down in the face of an FBI investigation and denunciations of the attack from the Biden administration. It also signals that the group intends to carry out more ransom attacks on companies, even after it posted a cryptic message earlier this week indicating regret about the impact of the Colonial Pipeline hack and pledging to introduce "moderation" to "avoid social consequences in the future." One of the companies is based in the United States, one is in Brazil and the third is in Scotland. None of them appear to engage in critical infrastructure. Each company appears to be small enough that a crippling hack would otherwise fly under the radar if the hackers hadn't received worldwide notoriety by crippling gasoline supplies in the United States. In a separate report from The Associated Press, the East Coast pipeline company was found to have "atrocious" information management practices and "a patchwork of poorly connected and secured systems," according to an outside audit from three years ago. Slashdot reader wiredmikey shares an excerpt from the report: "We found glaring deficiencies and big problems," said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. "I mean an eighth-grader could have hacked into that system." Colonial said it initiated the restart of pipeline operations on Wednesday afternoon and that it would take several days for supply delivery to return to normal.

The judge overseeing the high-stakes trial between Epic Games and Apple hinted at a compromise that turns on the iPhone maker allowing developers to inform users through their mobile apps that they can buy virtual goods on the web at a cheaper cost. From a report: U.S. District Judge Yvonne Gonzalez Rogers appeared to be looking for middle ground while hearing from economists called by both companies as expert witnesses in a case that threatens to upend the multibillion-dollar marketplace for apps that run on mobile phones around the world.

The judge questioned Apple's App Store rule that blocks developers from including a link or other information in their apps to steer users away from the store to buy virtual goods elsewhere online at a discounted rate. The anti-steering policy is at the heart of Epic's argument that Apple maintains a near-monopoly and juices profits by barring developers from offering alternative payment options in their apps. "What's so bad about it anyway, for consumers to have choice?" Gonzalez Rogers asked Richard Schmalensee, an economist and Massachusetts Institute of Technology professor, who was testifying Wednesday as an expert witness for Apple in the second week of trial in Oakland, California.

Her question drew pushback from Schmalensee, who noted that the U.S. Supreme Court, in a 2018 ruling, threw out a lawsuit that accused American Express of thwarting competition by prohibiting merchants from steering customers to cards with lower fees. "If the app vendor can say, if you press this button you can buy this for less, that means the App Store can't collect its commission," Schmalensee said. That amounts to "undercutting" Apple's App Store sales, he said. Gonzalez Rogers said she didn't think the situations were "factually the same."

An anonymous reader quotes a report from Jalopnik: [R]esearchers at Cornell University, led by Associate Professor of Electrical and Computer Engineering Khurram Afridi, have developed technology that would allow vehicles to be charged on the road while in motion. It would essentially turn U.S. roadways into wireless chargers. Afrindi says he has been working on the tech for the last seven years. Here's how it would work, according to Afrindi via Business Insider: "'Highways would have a charging lane, sort of like a high occupancy lane,' Afridi told Insider. 'If you were running out of battery you would move into the charging lane. It would be able to identify which car went into the lane and it would later send you a bill.' The science behind Afridi's project goes back over 100 years to Nikola Tesla, the inventor who used alternating electric fields to power lights without plugging them in. Afridi's technology would embed special metal plates in the road that are connected to a powerline and a high frequency inverter. The plates will create alternating electric fields that attract and repel a pair of matching plates attached to the bottom of the EV.No need to worry about stopping to charge unless you're down for the night. They have run into a problem, however. They can't seem to find the parts that can handle the high levels of power needed to charge vehicles enough while they are in motion. It would have to be a material that's not only weatherproof but able to withstand high voltage and heat from the passing vehicles."

Colonial Pipeline, operator of the largest U.S. fuel pipeline, said Wednesday it is restarting operations after being shut down for five days due to a cyberattack. NBC News reports: The company shut down its entire operation Friday after its financial computer networks were infected by a Russia-tied hacker gang known as DarkSide, fearing that the hackers could spread to its industrial operations as well. The shutdown led to widespread gasoline shortages and caused temporary price spikes. "Colonial Pipeline initiated the restart of pipeline operations today at approximately 5 p.m. ET," the company said in a statement on its website. "Following this restart, it will take several days for the product delivery supply chain to return to normal."

In Vizio's first public earnings report today, the company revealed that in the first three months of 2021, profits from its Platform+ business -- the part that sells viewer data and advertising space via the SmartCast platform -- were $38.4 million. Engadget reports: As execs said on the call, the company continues to court relationships with brands and agencies, following the same plan laid out six years ago with a business built on its Inscape Automated Content Recognition tech. Its device business (the part that sells TVs, sound bars and the like) had a gross profit of $48.2 million in the same period, up from $32.5 million last year. While the hardware business has significantly more revenue, profits from data and advertising spiked 152 percent from last year, and are quickly catching up.

Vizio did say that hardware profits were affected by products getting stuck at ports due to a shipping glut that has impacted many companies over the last year, buts forecast is that Platform+ revenue and profit will continue to grow in Q2, as device profit margins "trend toward the single digits." Vizio said it now has 13.4 million active SmartCast accounts, with viewers spending 52 percent of their viewing time on SmartCast inputs (the built-in apps, or casting from another device). 34 percent of viewing time went to linear TV, with 7 percent for game consoles or over the top devices. If you have a Vizio TV, you can opt out of anonymized tracking by following these steps.

An anonymous reader quotes a report from ZDNet: The Auditor-General of Western Australia on Wednesday tabled a report into the computer systems used at 50 local government entities, revealing 328 control weakness across the group. It was Auditor-General Caroline Spencer's intention to list the entities, but given the nature of her findings, all case studies included in Local Government General Computer Controls [PDF] omit entity, and system, names.

The report states that none of the 11 entities that the Auditor-General performed capability maturity assessments on met minimum targets. For the remaining 39, general computer controls audits were conducted. The audit probed information security, business continuity, management of IT risks, IT operations, change control, and physical security. Of the 328 control weaknesses, 33 rated as significant and 236 as moderate. Like last year, nearly half of all issues were about information security. The capability assessment results, meanwhile, showed that none of the 11 audited entities met the auditor's expectations across the six control categories, with 79% of the audit results below the minimum benchmark. [...] The report provided six recommendations, one for each of the security types audited. These included implementing appropriate frameworks and management structures, identifying IT risks, and patching.

Rita Liao, reporting for TechCrunch: If you ever bought power banks, water bottles, toys, or other daily goods on Amazon, the chances are your suppliers are from China. Analysts have estimated that the share of Chinese merchants represented 75% of Amazon's new sellers in January, up from 47% the year before, according to Marketplace Pulse, an e-commerce research firm. Chinese sellers are swarming not just Amazon but also eBay, Wish, Shopee and Alibaba's AliExpress. The boom is in part a result of intense domestic competition in China's online retail world, which forces merchants to seek new markets. Traditional exporters are turning to e-commerce, cutting out excessive distributors. Businesses are enchanted by the tale that a swathe of the priciest property in Shenzhen, an expensive city known for its tech and manufacturing, is now owned by people who made a fortune from e-commerce export.

But the get-rich-quick optimism among the cross-border community came to a halt when several top Chinese sellers disappeared from Amazon over the past few days. At least eleven accounts that originate from Greater China were suspended, according to Juozas Kaziukenas, founder of Marketplace Pulse. Several accounts belong to the same parent firms, as it's normal for big sellers, those with more than a million dollars in annual sales, to operate multiple brands on Amazon to optimize sales. TechCrunch has reached out to Mpower and Aukey, whose Amazon stores are gone and were two of the most successful brands native to the American marketplace. In total, the suspended accounts contribute over a billion dollars in gross merchandise value (GMV) to Amazon, said Kaziukenas.

A Slashdot reader shares a report: Amazon has a goal to get rid of a certain percentage of employees every year, and three managers told Insider they felt so much pressure to meet the goal that they hired people to fire them. "We might hire people that we know we're going to fire, just to protect the rest of the team," one manager told Insider. The practice is informally called "hire to fire," in which managers hire people, internally or externally, they intend to fire within a year, just to help meet their annual turnover target, called unregretted attrition (URA). A manager's URA target is the percentage of employees the company wouldn't regret seeing leave, one way or the other.

An anonymous reader quotes a report from Motor1: Roads are lined with unattractive billboards many of us ignore on our daily commutes, but Ford's new tech will make sure we don't miss them anymore. The system works by scanning the billboards, interpreting the information on the sign, and delivering the most useful bits right into the vehicle's display. It sounds invasive and distracting, with a side of Orwellian creepiness tossed on top for good measure. For now, though, this is just a patent application and may never see implementation, but it's not difficult to see how this could be useful to automakers and advertisers. Ford's application says the tech could display an advertiser's products or services, directions to the store, or the phone number.

It's not a stretch to imagine a future where you're driving down the road, and your car sees a sign for your favorite restaurant, prompting you to place an order because the vehicle knows Thursday is take-out night. Cars are only getting infused with more technology designed to assist people in their day-to-day lives, and this would be another avenue to do just that, creating a tailored driving experience. It could also force advertisers to pay Ford to access to its fleet of billboard-scanning-equipped cars, expanding revenue streams beyond the car itself. In a comment to Motor1, Ford says the company submits "patents on new inventions as a normal course of business, but they aren't necessarily an indication of new business or product plans."

eBay is joining the NFT frenzy, telling Reuters today that going forward it will allow the sales of NFTs on its platform, a mainstream embrace that follows billions of dollars in NFT purchases over the past few months. TechCrunch reports: The e-commerce company seems poised to slowly build up sales of digital collectibles on the platform, starting with a smaller group of verified sellers on the platform. "In the coming months, eBay will add new capabilities that bring blockchain-driven collectibles to our platform," eBay exec Jordan Sweetnam told them. eBay has invested heavily in infrastructure for physical collectibles like trading cards, as well as items like sneakers and watches which they help verify for buyers.

Southern California has adopted a new air pollution rule aimed at slashing noxious emissions from warehouse trucks that move goods sold by Amazon and other e-commerce retailers. Ars Technica reports: Diesel pollution from heavy trucks causes everything from asthma to heart attacks, and even Parkinson's disease. Previously, such pollution tended to be concentrated around shipping ports and highways, but the growth of e-commerce has created a new source that is affecting neighborhoods farther inland. There are nearly 34,000 warehouses enclosing 1.17 billion square feet of space in the Los Angeles region alone. The rule, which was adopted late last week by a 9-4 vote of the South Coast Air Quality Management District (AQMD), would cover around 3,300 warehouses that are larger than 100,000 square feet. The rule seeks to reduce the amount of diesel particulate matter and nitrogen oxides produced by trucks serving these facilities. The district covers more than 17 million people, or nearly half the state's population.

The way the South Coast AQMD is approaching warehouse-related pollution is novel. Rather than attempting to control traffic flow to and from the facilities, the regulator will require warehouse owners to take various steps to reduce pollution in the area. That could include buying electric or fuel-cell trucks, adding solar panels to the building roofs, or installing air filters at nearby homes, hospitals, and schools. Each of these measures is assigned a point value, and warehouse operators must achieve a certain total to offset the emissions from their truck traffic. If they cannot meet the goal through mitigation measures, they can pay a fee instead. South Coast AQMD is phasing in compliance depending on the size of the facility. Warehouses that are over 250,000 square feet must meet their goals by June 30, 2022. Warehouses over 150,000 square feet must comply by the same day the following year, and those over 100,000 square feet get until June 30, 2024. Amazon's typical warehouses, for example, range in size from 600,000 to 1 million square feet. [...] The new rule is expected to save 150 to 300 lives and prevent 2,500 to 5,800 asthma attacks between 2022 and 2031. Overall, the public health benefits could be as large as $2.7 billion over the same timeframe.

New submitter TheCowSaysMoo writes: Gas stations from Florida to Virginia began running dry and prices at the pump jumped on Tuesday as the shutdown of the biggest U.S. fuel pipeline by hackers extended into a fifth day and sparked panic buying by motorists. About 7.5% of gas stations in Virginia and 5% in North Carolina had no fuel on Tuesday as demand jumped 20%, tracking firm GasBuddy said. Prices rose to their highest in more than six years, and Georgia suspended sales tax on gas until Saturday to ease the strain on consumers. North Carolina declared an emergency. Colonial Pipeline has forecast that it will not substantially restore operations of the 5,500-mile pipeline network that supplies nearly half of the East Coast's fuel until the end of the week. The company preventively shut the pipeline on Friday after hackers locked its computers and demanded ransom, underscoring the vulnerability of U.S. energy infrastructure to cyberattack.

Alphabet's Google plans to double the size of its team studying artificial-intelligence ethics in the coming years, as the company looks to strengthen a group that has had its credibility challenged by research controversies and personnel defections. From a report: Vice President of Engineering Marian Croak said at The Wall Street Journal's Future of Everything Festival that the hires will increase the size of the responsible AI team that she leads to 200 researchers. Additionally, she said that Alphabet Chief Executive Sundar Pichai has committed to boost the operating budget of a team tasked with evaluating code and product to avert harm, discrimination and other problems with AI. "Being responsible in the way that you develop and deploy AI technology is fundamental to the good of the business," Ms. Croak said. "It severely damages the brand if things aren't done in an ethical way." Google announced in February that Ms. Croak would lead the AI ethics group after it fired the division's co-head, Margaret Mitchell, for allegedly sharing internal documents with people outside the company. Ms. Mitchell's exit followed criticism of Google's suppression of research last year by a prominent member of the team, Timnit Gebru, who says she was fired because of studies critical of the company's approach to AI. Mr. Pichai pledged an investigation into the circumstances around Ms. Gebru's departure and said he would seek to restore trust.

Facebook was ordered to stop collecting German users' data from its WhatsApp unit, after a regulator in the nation said the company's attempt to make users agree to the practice in its updated terms isn't legal. From a report: Johannes Caspar, who heads Hamburg's privacy authority, issued a three-month emergency ban, prohibiting Facebook from continuing with the data collection. He also asked a panel of European Union data regulators to take action and issue a ruling across the 27-nation bloc. The new WhatsApp terms enabling the data scoop are invalid because they are intransparent, inconsistent and overly broad, he said. "The order aims to secure the rights and freedoms of millions of users which are agreeing to the terms Germany-wide," Caspar said in a statement on Tuesday. "We need to prevent damage and disadvantages linked to such a black-box-procedure." The order strikes at the heart of Facebook's business model and advertising strategy. It echoes a similar and contested step by Germany's antitrust office attacking the network's habit of collecting data about what users do online and merging the information with their Facebook profiles. That trove of information allows ads to be tailored to individual users -- creating a cash cow for Facebook.

Amazon "seized and destroyed" over 2 million counterfeit products that sellers sent to Amazon warehouses in 2020 and "blocked more than 10 billion suspected bad listings before they were published in our store," the company said in its first "Brand Protection Report." Ars Technica reports: In 2020, "we seized and destroyed more than 2 million products sent to our fulfillment centers and that we detected as counterfeit before being sent to a customer," Amazon's report said. "In cases where counterfeit products are in our fulfillment centers, we separate the inventory and destroy those products so they are not resold elsewhere in the supply chain," the report also said. Third-party sellers can also ship products directly to consumers instead of using Amazon's shipping system. The 2 million fakes found in Amazon fulfillment centers would only account for counterfeit products from sellers using the "Fulfilled by Amazon" service.

The counterfeit problem got worse over the past year. "Throughout the pandemic, we've seen increased attempts by bad actors to commit fraud and offer counterfeit products," Amazon VP Dharmesh Mehta wrote in a blog post yesterday. Amazon's new report was meant to reassure legitimate sellers that their products won't be counterfeited. While counterfeits remain a problem for unsuspecting Amazon customers, the e-commerce giant said that "fewer than 0.01 percent of all products sold on Amazon received a counterfeit complaint from customers" in 2020. Of course, people may buy and use counterfeit products without ever realizing they are fake or without reporting it to Amazon, so that percentage may not capture the extent of the problem.

Harley-Davidson on Monday launched an all-electric motorcycle brand "LiveWire," the latest effort by the company to ramp up bets on the rapidly growing electric-vehicle market. Reuters reports: Named after Harley's first electric motorbike, which was unveiled in [2014], the "LiveWire" division is slated to launch its first branded motorcycle in July. The company had said in February it would create a separate electric vehicle-focused division, as it aims to attract the next generation of younger and more environmentally conscious riders. "We are seizing the opportunity to lead and define the market in EV," Chief Executive Officer Jochen Zeitz said in a statement on Monday. "LiveWire also plans to innovate and develop technology that will be applicable to Harley-Davidson electric motorcycles in the future." "There's a new logo and a new 'virtual' headquarters, with engineering teams stationed in Silicon Valley and Milwaukee," notes The Verge. "LiveWire will work with Harley-Davidson dealerships as an independent brand, with a blend of digital and physical retail formats."

An anonymous reader quotes a report from The Guardian: Electric cars and vans will be cheaper to produce than conventional, fossil fuel-powered vehicles by 2027, and tighter emissions regulations could put them in pole position to dominate all new car sales by the middle of the next decade, research has found. By 2026, larger vehicles such as electric sedans and SUVs will be as cheap to produce as petrol and diesel models, according to forecasts from BloombergNEF, with small cars reaching the threshold the following year. The falling cost of producing batteries for electric vehicles, combined with dedicated production lines in carmarkers' plants, will make them cheaper to buy, on average, within the next six years than conventional cars, even before any government subsidies, BloombergNEF found.

The new study, commissioned by Transport & Environment, a Brussels-based non-profit organization that campaigns for cleaner transport in Europe, predicts new battery prices will fall by 58% between 2020 and 2030 to $58 per kilowatt hour. A reduction in battery costs to below $100 per kWh, is viewed as an important step towards greater take-up of fully electric vehicles, and would largely remove the financial appeal of hybrid electric vehicles, which combine a battery with a conventional engine.

Several Apple suppliers may have used forced labor in China, according to The Information. From a report: Working with two human rights groups, the publication identified seven companies that supplied products or services to Apple and supported forced labor programs, according to statements made by the Chinese government. The programs target the country's Muslim minority population, particularly Uyghurs living in Xinjiang. Six of the seven suppliers were said to participate in work programs operated by the Chinese government, The Information reports, which human rights groups describe as frequently offering cover for forced labor. Workers can be jailed for refusing to join the work programs, the report says, and those enrolled in the programs are often moved far from their homes. One of the suppliers operated in Xinjiang, the region of China predominantly populated by Uyghurs and where the most egregious human rights violations have reportedly taken place. The companies supplied Apple with antennas, cables, and coatings, among other products and services, according to The Information.

An anonymous reader shares a report from Technology Review: The Massachusetts Audubon Society has long managed its land in western Massachusetts as crucial wildlife habitat. Nature lovers flock to these forests to enjoy bird-watching and quiet hikes, with the occasional bobcat or moose sighting. But in 2015, the conservation nonprofit presented California's top climate regulator with a startling scenario: It could heavily log 9,700 acres of its preserved forests over the next few years. The group raised the possibility of chopping down hundreds of thousands of trees as part of its application to take part in California's forest offset program.

The program allows forest owners like Mass Audubon to earn so-called carbon credits for preserving trees. Each credit represents a ton of CO2. California polluters, such as oil companies, buy these credits so that they can emit more CO2 than they'd otherwise be allowed to under state law. Theoretically, the exchange should balance out emissions to prevent an overall increase in CO2 in the atmosphere. The Air Resources Board accepted Mass Audubon's project into its program, requiring the nonprofit to preserve its forests over the next century instead of heavily logging them. The nonprofit received more than 600,000 credits in exchange for its promise. The vast majority were sold through intermediaries to oil and gas companies, records show. On paper, the deal was a success. The fossil fuel companies were able to emit more CO2 while abiding by California's climate laws. Mass Audubon earned enough money to acquire additional land for preservation, and to hire new staff working on climate change. But it didn't work out as well for the climate.

A ransomware attack affecting a pipeline that supplies 45% of the fuel supplies for the Eastern U.S. has now led U.S. president Biden to declare a regional emergency providing "regulatory relief" to expand fuel delivery by other routes.

Axios reports: Friday night's cyberattack is "the most significant, successful attack on energy infrastructure" known to have occurred in the U.S., notes energy researcher Amy Myers Jaffe, per Politico. It follows other significant cyberattacks on the federal government and U.S. companies in recent months... 5,500 miles of pipeline have been shut down in response to the attack.
The BBC reports: Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer... Colonial Pipeline said it is working with law enforcement, cyber-security experts and the Department of Energy to restore service. On Sunday evening it said that although its four mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational...

Independent oil market analyst Gaurav Sharma told the BBC there is a lot of fuel now stranded at refineries in Texas. "Unless they sort it out by Tuesday, they're in big trouble," said Sharma. "The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York..." The temporary waiver issued by the Department of Transportation enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline's capacity, Mr Sharma warned.
UPDATE (5/10): "On Monday, U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not been disrupted," reports the Associated Press, "and the company said it was working toward 'substantially restoring operational service' by the weekend."

CNN reports that a criminal group originating from Russia named DarkSide "is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official. DarkSide typically targets non-Russian speaking countries, the source said... Bloomberg and The Washington Post have also reported on DarkSide's purported involvement in the cyberattack..."

If so, NBC News adds some sobering thoughts: Although Russian hackers often freelance for the Kremlin, early indications suggest this was a criminal scheme — not an attack by a nation state, the sources said. But the fact that Colonial had to shut down the country's largest gasoline pipeline underscores just how vulnerable American's cyber infrastructure is to both criminals and national adversaries, such as Russia, China and Iran, experts say. "This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe," said Andrew Rubin, CEO and co-founder of Illumio, a cyber security firm...

If the culprit turns out to be a Russian criminal group, it will underscore that Russia gives free reign to criminal hackers who target the West, said Dmitri Alperovitch, co-founder of the cyber firm CrowdStrike and now executive chairman of a think tank, the Silverado Policy Accelerator. "Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cyber crime," he said.
Citing multiple sources, the BBC reports that DarkSide "infiltrated Colonial's network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet... "

The BBC also shares some thoughts from Digital Shadows, a London-based cyber-security firm that tracks global cyber-criminal groups to help enterprises limit their exposure online: Digital Shadows thinks the Colonial Pipeline cyber-attack has come about due to the coronavirus pandemic — the rise of engineers remotely accessing control systems for the pipeline from home. James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.

He says it is possible for anyone to look up the login portals for computers connected to the internet on search engines like Shodan, and then "have-a-go" hackers just keep trying usernames and passwords until they get some to work.

"We're seeing a lot of victims now, this is seriously a big problem now," said Mr Chappell.