Forgot your password?
Close
typodupeerror

Submission + - Fintech Giant Finastra Investigating Data Breach (krebsonsecurity.com)

Submitted by Anonymous Coward
An anonymous reader writes: The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company employs more than 7,000 people and serves approximately 8,100 financial institutions around the world. A major part of Finastra’s day-to-day business involves processing huge volumes of digital files containing instructions for wire and bank transfers on behalf of its clients.

On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra’s internally hosted file transfer platform. Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems. “On November 8, a threat actor communicated on the dark web claiming to have data exfiltrated from this platform,” reads Finastra’s disclosure, a copy of which was shared by a source at one of the customer firms. “There is no direct impact on customer operations, our customers’ systems, or Finastra’s ability to serve our customers currently,” the notice continued. “We have implemented an alternative secure file sharing platform to ensure continuity, and investigations are ongoing.” But its notice to customers does indicate the intruder managed to extract or “exfiltrate” an unspecified volume of customer data.

Submission + - Jim Zemlin, 'Head Janitor of Open Source,' Makes 20 Years At Linux Foundation (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: When I first met Zemlin, he was the head of the Free Standards Group (FSG). The FSG's main project was the Linux Standard Base (LSB) project. The LSB's goal was to get everyone in the Linux desktop world to agree on standards to ensure compatibility among distributions and their applications. Oh well, some struggles are never-ending. Another group, the Open Source Development Labs (OSDL), was simultaneously working on standardizing enterprise Linux. The two non-profits had the same goal of making Linux more useful and popular, so they agreed to merge. Zemlin was the natural pick to head this new group, which would be called The Linux Foundation.

At the time, he told me: "The combination of the two groups really enables the Linux platform and all the members of the Linux Foundation to work really effectively. I clearly understand what the organization's charter needs to be: We need to provide services that are useful to the community and industry, as well as protect, promote, and continue to standardize the platform." While initially focused on Linux, the Foundation's scope expanded significantly around 2010. Until then, the organization had hosted about a dozen projects related to the Linux operating system. However, as Linux gained dominance in various sectors, including high-performance computing, automotive, embedded systems, mobile devices, and cloud computing, the Linux Foundation started to broaden its horizons. Twenty years after he started leading the FSB, at the Linux Foundation Members Summit, Zemlin recalled how the Foundation became a "foundation of foundations," supporting developers and communities that wanted to leverage open source.

Submission + - IEEE Spectrum: It's Surprisingly Easy to Jailbreak LLM-Driven Robots (ieee.org)

Submitted by DesertNomad
DesertNomad writes: AI chatbots such as ChatGPT and other applications powered by large language models (LLMs) have exploded in popularity, leading a number of companies to explore LLM-driven robots. However, a new study now reveals an automated way to hack into such machines with 100 percent success. By circumventing safety guardrails, researchers could manipulate self-driving systems into colliding with pedestrians and robot dogs into hunting for harmful places to detonate bombs.

Submission + - Digital Domain, AWS Team in Virtual Human Tech Initiative (variety.com)

Submitted by SpzToid
SpzToid writes: Visual effects studio Digital Domain — the company whose credits have ranged from “The Curious Case of Benjamin Button” to “Black Panther: Wakanda Forever” — has teamed up with Amazon Web Services to accelerate the development and global reach of its Autonomous Virtual Human (AVH) technology by migrating it to the cloud and involving AWS' generative AI and machine learning tools.

The company aims to expand the use of its AVH tech in areas including storytelling, customer engagement, and interactive entertainment with real-time virtual human interaction, in industries ranging from entertainment to hospitality and healthcare. Reflecting this work, it introduced prototype virtual human Zoey for such purposes in 2022. The studio’s digital human work for film dates back further, notably with David Fincher’s 2008 fantasy “The Curious Case of Benjamin Button,” for which the company’s work in aging Brad Pitt in reverse earned a VFX Oscar.

Submission + - Attackers Exploit Critical Zimbra Vulnerability Using CC'd Email Addresses (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The vulnerability, tracked as CVE-2024-45519, resides in the Zimbra email and collaboration server used by medium and large organizations. When an admin manually changes default settings to enable the postjournal service, attackers can execute commands by sending maliciously formed emails to an address hosted on the server. Zimbra recently patched the vulnerability. All Zimbra users should install it or, at a minimum, ensure that postjournal is disabled.

On Tuesday, Security researcher Ivan Kwiatkowski first reported the in-the-wild attacks, which he described as “mass exploitation.” He said the malicious emails were sent by the IP address 79.124.49[.]86 and, when successful, attempted to run a file hosted there using the tool known as curl. Researchers from security firm Proofpoint took to social media later that day to confirm the report. On Wednesday, security researchers provided additional details that suggested the damage from ongoing exploitation was likely to be contained. As already noted, they said, a default setting must be changed, likely lowering the number of servers that are vulnerable. [...]

Proofpoint has explained that some of the malicious emails used multiple email addresses that, when pasted into the CC field, attempted to install a webshell-based backdoor on vulnerable Zimbra servers. The full cc list was wrapped as a single string and encoded using the base64 algorithm. When combined and converted back into plaintext, they created a webshell at the path: /jetty/webapps/zimbraAdmin/public/jsp/zimbraConfig.jsp. Proofpoint went on to say: “Once installed, the webshell listens for inbound connection with a pre-determined JSESSIONID Cookie field; if present, the webshell will then parse the JACTION cookie for base64 commands. The webshell has support for command execution via exec or download and execute a file over a socket connection.”

Submission + - JuiceBox EV Chargers To Be Bricked In North America (juiceboxnorthamerica.com)

Submitted by ae4ax
ae4ax writes: North American buyers of JuiceBox EVSEs (chargers) received an email today declaring the imminent closure of Enel X Way USA, LLC, the maintainers of the software infrastructure behind their EVSEs. Customer support has already shut down, and apps will be deactivated and removed by October 11, 2024. The company claims economic headwinds from lackluster EV sales and high interest rates as the motivation for the closure. Enel X Way properties outside North America are not affected, they say.

Submission + - Clearview AI fined by Dutch agency for facial recognition database (reuters.com)

Submitted by AmiMoJo
AmiMoJo writes: U.S. facial recognition company Clearview AI has been fined 30.5 million euros ($33.7 million) for building what Dutch data protection watchdog DPA said on Tuesday was an illegal database. DPA also issued an additional order, imposing a penalty of up to 5 million euros on Clearview for non-compliance.

Submission + - Harmful "nudify" websites used Google, Apple, and Discord sign-on systems (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Major technology companies, including Google, Apple, and Discord, have been enabling people to quickly sign up to harmful ‘undress’ websites, which use AI to remove clothes from real photos to make victims appear to be ‘nude’ without their consent. More than a dozen of these deepfake websites have been using login buttons from the tech companies for months.

On multiple occasions, tech companies and payment providers have taken action against AI services allowing people to generate nonconsensual images or video after media reports about their activities. Clare McGlynn, a professor of law at Durham University who has expertise in the legal regulation of pornography and sexual violence and abuse online, says Big Tech platforms are enabling the growth of undress websites and similar websites by not proactively taking action against them.

"What is concerning is that these are the most basic of security steps and moderation that are missing or not being enforced,” McGlynn says of the sign-in systems being used, adding that it is "wholly inadequate" for companies to react when journalists or campaigners highlight how their rules are being easily dodged. "It is evident that they simply do not care, despite their rhetoric, McGlynn says. “Otherwise they would have taken these most simple steps to reduce access."

Submission + - Shrinkwrap "Contract" Found at Costco on... Collagen Peptides 1

Submitted by ewhac
ewhac writes: The user Wraithe on the Mastodon network is reporting that a bottle of Vital Proteins(TM) collagen peptides purchased at Costco came with a shrinkwrap contract. Collagen peptides are often used as an anti-aging nutritional supplement. The top of the Vital Proteins bottle has a pull-to-open seal. Printed on the seal is the following: "Read This: By opening and using this product, you agree to be bound by our Terms and Conditions, fully set forth at vitalproteins.com/tc, which includes a mandatory arbitration agreement. If you do not agree to be bound, please return this product immediately."

So-called "shrinkwrap contracts" have been the subject of controversy and derision for decades since their first widespread appearance in the 1970's, attempting to alter the terms of sale after the fact, impose unethical and onerous restrictions on the purchaser, and absolving the vendor of all liability. Most such contracts appear on items involving copyrighted works (computer software, or any item containing computer software). The alleged "validity" of such contracts supposedly proceeds from the (alleged) need that the item requires a copyright license from the vendor to use (because the right to use/read/listen/view/execute is somehow not concomitant with purchase), and that the shrinkwrap contract furnishes such license.

The application of such a contract to a good where copyright has no scope, however, is something new. The alleged contract itself governs consumers' use of, "the VitalProteins.com website and any other applications, content, products, and services (collectively, the “Service”)...," contains the usual we're-not-responsible-for-anything indemnification paragraph, and unilaterally removes your right to seek redress in court of law and imposes binding arbitration involving any disputes that may arise between the consumer and the company. Indeed, the arbitration clause is the first numbered section in the alleged contract. Consumers of collagen peptide supplements (or, indeed, any nutritional supplement) may want to consider carefully before giving their money to a company that is trying to immunize itself from lawsuits.

Submission + - Legendary Comedian and Commodore PET Owner Bob Newhart Dead at 94

Submitted by theodp
theodp writes: Bob Newhart, whose stammering, deadpan unflappability carried him to stardom as a standup comedian and later in television and movies, has died at age 94. He remains best known for the television shows, "The Bob Newhart Show" (1972-78) and "Newhart" (1982-90), both of which were built around his persona as a reasonable man put-upon by crazies. A younger crowd may remember Newhart from his roles in the movie "Elf" (2003) and TV's "The Big Bang Theory" (2013-18).

Less known about Newhart is that he was an early Commodore PET owner, recalling for the LA Times in 2001: "I remember leafing through a copy of Popular Science magazine and seeing an ad for a Commodore computer that had 8- or 16 kilobytes. It had an awful-looking screen, and it was $795. I thought I’d better get one because I had sons who were going to be in high school and might want to know about computers. Later, I moved up to the 64 KB model and thought that was silly because it was more memory than I would ever possibly need. I got them for the kids and then found I was fascinated by them. The first ones had tape drives. You would get a program like a word processor, put the tape in and then walk away for about a half an hour while the computer loaded it. But the first time I used a spell checker and it corrected a word, I thought, 'We are getting close to God here."

Submission + - Southwest Airlines Outdated Computers Keep Company Running (yahoo.com)

Submitted by Thelasko
Thelasko writes: Nearly every flight in the U.S. is grounded right now following a CrowdStrike system update error that’s affecting everything from travel to mobile ordering at Starbucks — but not Southwest Airlines flights. Southwest is still flying high, unaffected by the outage that’s plaguing the world today, and that’s apparently because it’s using Windows 3.1.

Submission + - SPAM: The Future of Real Estate in Singapore: Trends to Watch in 2024

Submitted by Edwin88
Edwin88 writes: Looking ahead to 2024, several key trends are set to shape the future of real estate in Singapore:

1. Sustainable Development: There's a growing emphasis on sustainability, with developers incorporating green building designs and energy-efficient technologies. Expect more eco-friendly features like solar panels and rainwater harvesting systems.

2. Smart Technology Integration:The rise of smart homes and buildings continues, enhancing convenience and energy management for residents. Features like IoT (Internet of Things) devices, automated systems, and smart security are becoming standard.

3. Mixed-Use Developments: There's a trend towards mixed-use developments that integrate residential, commercial, and recreational spaces. This concept fosters live-work-play environments, reducing commute times and enhancing community interactions.

4. Adaptation to Remote Work: The shift towards remote work is influencing real estate demands. Homebuyers seek properties with dedicated home office spaces, and developers are designing flexible workspaces within residential complexes.

5. Urban Redevelopment Projects: Major urban redevelopment projects like the Greater Southern Waterfront and Paya Lebar Airbase redevelopment are expected to transform Singapore's landscape. These initiatives create new opportunities for residential, commercial, and recreational developments.

6. Affordable Housing Initiatives: The government continues to prioritize housing affordability, with policies and incentives aimed at first-time homebuyers and middle-income families. This includes grants, subsidies, and incentives for developers to build more affordable housing options.

7. Aging Population Considerations: As Singapore's population ages, there's an increasing demand for elderly-friendly housing and healthcare facilities. Developers are focusing on designing age-appropriate housing with accessibility features and proximity to healthcare services.

8.Digital Transformation in Real Estate Transactions: The adoption of digital platforms and technologies for property transactions is accelerating. Blockchain for transparent transactions, virtual property viewings, and AI-powered analytics for market predictions are becoming mainstream.

9.Impact of Government Policies: Continued monitoring of government policies, including cooling measures and regulations on foreign ownership, will influence market dynamics and investment decisions in the real estate sector.

10. Resilience and Flexibility: Building resilience and flexibility into real estate strategies will be critical amid economic uncertainties and global challenges. Investors and developers will focus on adaptable designs and sustainable practices to future-proof their investments.

By staying informed about these trends and adapting strategies accordingly, stakeholders in Singapore's real estate market can position themselves for success amidst evolving market conditions and opportunities. For more details, see [spam URL stripped]
Link to Original Source

Submission + - Apple Says No To PC Emulators On iOS (theverge.com)

Submitted by Anonymous Coward
An anonymous reader writes: Apple might finally allow retro video game emulators on the App Store, but this month, the company rejected submissions of iDOS 3, a new version of the popular DOS emulator, and UTM SE, an app that lets you emulate operating systems like Windows on iOS. In both instances, Apple said the new releases violate guideline 4.7 of the App Review Guidelines, which is the one that allows for retro game emulators. Chaoji Li, the developer of iDOS 3, shared some of Apple’s reasoning for the rejection with The Verge. “The app provides emulator functionality but is not emulating a retro game console specifically,” according to Apple’s notice. “Only emulators of retro game consoles are appropriate per guideline 4.7." "When I asked what changes I should make to be compliant, they had no idea, nor when I asked what a retro game console is,” Li said in a blog post. “It’s still the same old unreasonable answer along the line of ‘we know it when we see it.'"

UTM posted about its rejection on X. "The App Store Review Board determined that ‘PC is not a console’ regardless of the fact that there are retro Windows / DOS games for the PC that UTM SE can be useful in running," according to the post. UTM also noted that Apple is barring UTM SE from being notarized for third-party app stores because the app apparently violated guideline 2.5.2. That rule states that apps have to be self-contained and can’t execute code "which introduces or changes features or functionality of the app, including other apps." Apple typically hasn’t allowed just-in-time (JIT) compilation. However, and somewhat confusingly, UTM said that UTM SE doesn’t include just-in-time compilation. Additionally, Apple clarified that guideline 4.7, which allows apps to offer “certain software that is not embedded in the binary,” is “an exception that only applies to App Store apps” but isn’t one that UTM SE qualifies for, UTM said in a follow-up post.

Submission + - Colorado Law To Ban Everyday Products With PFAS (theguardian.com)

Submitted by Anonymous Coward
An anonymous reader writes: A new law coming into effect in Colorado in July is banning everyday products that intentionally contain toxic “forever chemicals," including clothes, cookware, menstruation products, dental floss and ski wax – unless they can be made safer. Under the legislation, which takes effect on 1 July, many products using per- and poly-fluoroalkyl substances – or PFAS chemicals linked to cancer risk, lower fertility and developmental delays – will be prohibited starting in 2026. By 2028, Colorado will also ban the sale of all PFAS-treated clothes, backpacks and waterproof outdoor apparel. The law will also require companies selling PFAS-coated clothing to attach disclosure labels.

The initial draft of state senate bill 81, introduced in 2022, included a full ban on PFAS beginning in 2032. But that measure was written out after facing opposition. Colorado has already passed a measure requiring companies to phase out PFAS in carpets, furniture, cosmetics, juvenile products, some food packaging and those used in oil and gas production. The incoming law’s diluted version illustrates the challenges lawmakers have in regulating chemicals that are used to make products waterproof, nonstick or resistant to staining. Manufacturers say the products, at best, will take time to make with a safer replacement – or at worst, are not yet possible to get made in such fashion. [...]

In Colorado, state senator Lisa Cutter, one of the sponsors of the new law there, has said she still wants a complete ban on PFAS but acknowledges the problems. “As much as I want PFAS to go away forever and forever, there are going to be some difficult pivots,” she told the outlet. They include balancing the potential cost to consumers in making products PFAS-free. Cutter told CBS News that it was “really hard” challenging lobbying groups that “spent a lot of money ensuring that these chemicals can continue being put into our products and make profits." Cutter had been accused of stifling innovation and industry. She said she believed companies could be successful while also looking out for the communities they serve. “Certainly, there are cases where it’s not plausible right away to gravitate away from them, but we need to be moving in that direction,” Cutter said. “Our community shouldn’t have to pay the price for their health.”

Submission + - Hacking Millions of Modems (and Investigating Who Hacked My Modem) (samcurry.net)

Submitted by Addos
Addos writes: This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've executed commands and modified the settings of millions of modems, accessed any business customer's PII, and gained essentially the same permissions of an ISP support team.

Cox is the largest private broadband provider in the United States, the third-largest cable television provider, and the seventh largest telephone carrier in the country. They have millions of customers and are the most popular ISP in 10 states.

An example attack scenario would've looked like the following:

Search for a Cox business target through the exposed APIs using their name, phone number, email address, or account number
Retrieve their full account PII via querying the returned UUID from step one including device MAC addresses, email, phone number, and address
Query their hardware MAC address to retrieve Wifi password and connected devices
Execute arbitrary commands, update any device property, and takeover victim accounts
There were over 700 exposed APIs with many giving administrative functionality (e.g. querying the connected devices of a modem). Each API suffered from the same permission issues where replaying HTTP requests repeatedly would allow an attacker to run unauthorized commands.

Slashdot Top Deals

Some people only open up to tell you that they're closed.

Close