The Linkielist

Linking ideas with the world

The Linkielist

Google pulls plug on Ad blockers such as uBlock Origin by killing Manifest v2

Posted on by

Google’s purge of Manifest v2-based extensions from its Chrome browser is underway, as many users over the past few days may have noticed.

Popular content-blocking add-on (v2-based) uBlock Origin is now automatically disabled for many in the ubiquitous browser as it continues the V3 rollout.

[…]

According to the company, Google’s decision to shift to V3 is all in the name of improving its browser’s security, privacy, and performance. However, the transition to the new specification also means that some extensions will struggle due to limitations in the new API.

In September 2024, the team behind uBlock Origin noted that one of the most significant changes was around the webRequest API, used to intercept and modify network requests. Extensions such as uBlock Origin extensively use the API to block unwanted content before it loads.

[…]

Ad-blockers and privacy tools are the worst hit by the changes, and affected users – because let’s face it, most Chrome users won’t be using an ad-blocker – can switch to an alternative browser for something like the original experience, or they can switch to a different extension which is unlikely to have the same capabilities.

In its post, uBlock recommends a move to Firefox and use of the extension uBlock Origin, a switch to a browser that will support Manifest v2

[…]

Source: Google continues pulling the plug on Manifest v2 • The Register

Generative AI’s Impact on Cybersecurity – Q&A With an Expert

Posted on by

In the ever-evolving landscape of cybersecurity, the integration of generative AI has become a pivotal point of discussion. To delve deeper into this groundbreaking technology and its impact on cybersecurity, we turn to renowned cybersecurity expert Jeremiah Fowler. In this exclusive Q&A session with vpnMentor, Fowler sheds light on the critical role that generative AI plays in safeguarding digital environments against evolving threats.

[…]

Not long ago, it was far easier to identify a phishing attempt, but now that they have AI at their disposal, criminals can personalize their social engineering attempts using realistic identities, well-written content, or even deepfake audio and video. And, as AI models become more intelligent, it will become even harder to distinguish human- from AI-generated content, making it harder for potential victims to detect a scheme.

[…]

There are numerous examples of generative AI being used in recent cyberattacks. The Voice of SecOps report released by Deep Instinct found that 75% of security professionals surveyed saw an increase in cyberattacks in 2023, and that 85% of all attacks that year were powered by generative AI.

[…]

Currently, several malicious generative AI solutions are available on the Dark Web. Two examples of malicious AI tools designed for cybercriminals to create and automate fraudulent activities are FraudGPT and WormGPT. These tools can be used by criminals to easily conduct realistic phishing attacks, carry out scams, or generate malicious code. FraudGPT specializes in generating deceptive content while WormGPT focuses on creating malware and automating hacking attempts.

These tools are extremely dangerous and pose a very serious risk because they allow unskilled criminals with little or no technical knowledge to launch highly sophisticated cyberattacks. With a few command prompts, perpetrators can easily increase the scale, effectiveness, and success rate of their cybercrimes.

[…]

According to the 2023 Microsoft Digital Defense Report, researchers identified several cases where state actors attempted to access and use Microsoft’s AI technology for malicious purposes. These actors were associated with various countries, including Russia, China, Iran, and North Korea. Ironically, each of these countries have strict regulations governing cyberspace, and it would be highly unlikely to conduct large-scale attacks without some level of government oversight. The report noted that malicious actors used generative AI models for a wide range of activities such as spear-phishing, hacking, phishing emails, investigating satellite and radar technologies, and targeting U.S. defense contractors.
Hybrid disinformation campaigns — where state actors or civilian groups combine humans and AI to create division and conflict — have also become a serious risk. There is no better example of this than the Russian troll farms. […]

Earlier this year, fake X (formerly Twitter) accounts — which were actually Russian bots pretending to be real people from the U.S. — were programmed to post pro-Trump content generated by ChatGPT. The whole thing came to a head in June 2024, when the pre-programmed posts started reflecting error messages due to lack of payment.

 

This screenshot shows a translated tweet from X indicating that a bot using ChatGPT was out of credits.

A few months later, the U.S. Department of Justice announced that Russian state media had been paying American far-right social media influencers as much as 10 million USD to echo narratives and messages from the Kremlin in yet another hybrid disinformation campaign.

[…]

The trepidation regarding AI’s role in creating security threats is very real, but some time-tested advice is still valid — keeping software updated, applying patches where needed, and having endpoint security for all connected devices can go a long way. However, as AI becomes more advanced, it will likely make it easier for criminals to identify and exploit more complex vulnerabilities. So, I highly recommend implementing network segmentation too — by isolating individual sections, organizations can effectively limit the spread of malware or restrict unauthorized access to the entire network.

Ultimately, the most important thing is to have continuous monitoring and investigate all suspicious activity.

[…]

One recent example of self-evolving malware that uses AI to constantly rewrite its code is called “BlackMamba“. This is a proof of concept AI-enhanced malware. It was created by researchers from HYAS Labs to test how far it can go. BlackMamba was able to avoid being identified by most sophisticated cybersecurity products, including the leading EDR (Endpoint Detection and Response).

Generative AI is also being used to enhance evasion techniques or generate malicious content. For example, Microsoft researchers were able to get nearly every major AI model to bypass their own restrictions for creating harmful or illegal content. In June 2024, Microsoft published details about what they named “Skeleton Key” — a multi-step process that eventually gets the AI model to provide prohibited content. Additionally, AI-generated tools can bypass traditional cybersecurity defenses (like CAPTCHA) that are intended to filter bot traffic so that (theoretically) only humans can access accounts or content.

Criminals are also using Generative AI to enhance their phishing and social engineering scams.

[…]

The most well-known case to date happened in Hong Kong in early 2024. Criminals used deepfake technology to create a video showing a company’s CEO requesting the CFO to transfer $24.6 million USD. Since there was nothing that suggested that the video was not authentic, the CFO unknowingly transferred the money to the criminals.

[…]

Although AI cannot — and should not — fully replace the human role in the incident response process, it can assist by automating detection, triage, containment, and recovery tasks. Any tools or actions that help reduce response times will also limit the damage caused by cyber incidents. Organizations should integrate these technologies into their security operations and be prepared for AI-enhanced cyberthreats because it is no longer a matter of “if it happens” but “when it happens”.

Generative AI can help cybersecurity by creating realistic risk scenarios for both training and penetration testing.

[…]

what are the future risks of AI providers having vulnerabilities or data exposures?

According to researchers at Wiz they found 2 non-password protected databases that contained just under 1 million records. AI models will generate a massive amount of data and that needs to be stored somewhere. It makes sense that you would have a database full of learning content, monitoring and error logs, and chat responses, theoretically this should have been segregated from the administrative production environment or have additional access controls to prevent an unauthorized intrusion. This vulnerability allowed researchers to access administrative and operational data and the fact that anyone with an Internet connection could have potentially manipulated commands or code scripts should be a major concern to the DeepSeek organization and its users. Additionally, exposing secret keys or other internal access credentials is an open invitation for disaster and what I would consider a worse case scenario. This is a prime example of how important it will be for AI developers to secure and protect the data of their users and the internal backend code of their products.

[…]

Source: Generative AI’s Impact on Cybersecurity – Q&A With an Expert

Bybit Loses $1.5B in Hack of single cold wallet

Posted on by

Cryptocurrency exchange Bybit has experienced $1.46 billion worth of “suspicious outflows,” according to blockchain sleuth ZachXBT.

The wallet in question appears to have sent 401,346 ETH ($1.1 billion) as well as several other iterations of staked ether (stETH) to a fresh wallet, which is now liquidating mETH and stETH on decentralized exchanges, etherscan shows. The wallet has sold around $200 million worth of stETH so far.

[…]

Bybit CEO Ben Zhou wrote on X that a hacker “took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address.”

“Please rest assured that all other cold wallets are secure. All withdrawals are normal,” he added.

“My sources confirm it’s a security incident,” ZachXBT added on Telegram.

$1.46 billion would equate to the largest cryptocurrency hack of all time in dollar terms, with $470 million being lost in the Mt Gox Hack, $530 million in the 2018 hack of CoinCheck, and $650 million in the Ronin Bridge exploit.

BTC and ETH dropped more than 1.5% and 2%, respectively, following the transfers.

Source: Bybit Loses $1.5B in Hack but Can Cover Loss, CEO Confirms

So we find out a few things:

Bybit security staff are absolute idiots:

  • keeping that amount of currency in ONE wallet
  • having that wallet connected to the internet

These guys are rolling on so much money they are like a small country and can cover losses like these quite easily.

Apple Says ‘No’ to UK Backdoor Order, Will Just Disable E2E Cloud Encryption Instead

Posted on by

Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law enforcement to access the cloud data of any iPhone user around the world under the guise of national security.

[…]

Following Apple’s decision to pull E2E cloud encryption from the UK, the company on Friday told Bloomberg that “enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before” and that it “remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.”

The UK order asked Apple for access to global user data under the country’s Investigatory Powers Act, a law that grants officials the authority to compel companies to remove encryption under a “technical capability notice.”

[…]

“Security officials asked not only that Apple allow the UK government access to UK residents’ encrypted cloud storage, but that the UK government get access to any Apple user’s encrypted cloud storage,” said David Ruiz, an online privacy expert at Malwarebytes. “To demand access to the world’s data is such a brazen, imperialist maneuver that I’m surprised it hasn’t come from, well, honestly, the US. This may embolden other countries, particularly those in the ‘Five Eyes,’ to make a similar demand of Apple.” Ruiz questioned what this means for the UK’s privacy guarantees with the US.

Law enforcement is always looking for new ways to conduct surveillance under the guise of protecting the public—Edward Snowden famously revealed a dragnet of surveillance created after 9/11 that pulled in data on individuals domestic and abroa. But once the genie is taken out of the proverbial bottle, it is hard to put it back, and the capabilities can end up in the wrong hands. Police already have access to plenty investigative powers, privacy advocates say, and the public should be very cautious about giving them more that could be ripe for abuse.

[…]

With today’s move, Apple is essentially saying that it would rather pull the E2E encryption altogether and inform customers they will be less safe, rather than build an open door for the UK government. It is a shrewd, gigachad move by Apple even though consumers there will no longer have the same amount of security as others around the globe. iCloud encryption is important as the service has in the past been a target of hackers who penetrated the accounts of celebrities to steal their nudes and post them online in a scandal that was called “the Fappening.”

[…]

Source: Apple Says ‘No’ to UK Backdoor Order, Will Disable E2E Cloud Encryption Instead

So, no security or privacy for those in the UK then.

External Li supply reshapes Li deficiency and lifetime limit of batteries

Posted on by

Lithium (Li) ions are central to the energy storing functionality of rechargeable batteries1. Present technology relies on sophisticated Li-inclusive electrode materials to provide Li ions and exactingly protect them to ensure a decent lifetime2. Li-deficient materials are thus excluded from battery design, and the battery fails when active Li ions are consumed3. Our study breaks this limit by means of a cell-level Li supply strategy. This involves externally adding an organic Li salt into an assembled cell, which decomposes during cell formation, liberating Li ions and expelling organic ligands as gases. This non-invasive and rapid process preserves cell integrity without necessitating disassembly

[…]

As a proof-of-concept, we demonstrated a 3.0 V, 1,192 Wh kg−1 Li-free cathode, chromium oxide, in the anode-less cell, as well as an organic sulfurized polyacrylonitrile cathode incorporated in a 388 Wh kg−1 pouch cell with a 440-cycle life. These systems exhibit improved energy density, enhanced sustainability and reduced cost compared with conventional Li-ion batteries. Furthermore, the lifetime of commercial LiFePO4 batteries was extended by at least an order of magnitude. With repeated external Li supplies, a commercial graphite|LiFePO4 cell displayed a capacity retention of 96.0% after 11,818 cycles.

Source: External Li supply reshapes Li deficiency and lifetime limit of batteries | Nature

HP buys Humane’s AI pins, will brick them in 10 days. Like with their VR hardware, HP likes turning hardware into sustainable junk.

Posted on by

AI hardware startup Humane has given its users just ten (10!) days notice that their Pins will be disconnected. In a note to its customers, the company said AI Pins will “continue to function normally” until 12PM PT on February 28. On that date, users will lose access to essentially all of their device’s features, including but not limited to calling, messaging, AI queries and cloud access. The FAQ does note that you’ll still be able to check on your battery life, though.

Humane is encouraging its users to download any stored data before February 28, as it plans on permanently deleting “all remaining customer data” at the same time as switching its servers off.

[…]

Today’s discontinuation announcement was brought about by the acquisition of Humane by HP, which is buying the company’s intellectual property for $116 million but clearly has no interest in its current hardware business

[…]

Source: All of Humane’s AI pins will stop working in 10 days

GameStop CEO Scapegoats DEI for Company Troubles. So much for diamondhands then.

Posted on by

GameStop CEO Ryan Cohen took to X on Tuesday to blame wokeness and DEI for the retail chain’s impending exit from Canada and France. The company, which managed to survive the pandemic thanks to the infamous memestock frenzy, has closed more than 700 stores since 2020 as more game distribution moves digital.

In a release, GameStop said that “as part of an evaluation of its international assets,” the company, “intends to pursue a sale of its operations in France and Canada.” Shortly thereafter, Cohen took to X with his comments on “wokeness” and “DEI.”

“Email M&A@gamestop.com if you’re interested in buying GameStop Canada or Micromania France,” Cohen wrote. “High taxes, Liberalism, Socialism, Progressivism, Wokeness, and DEI included at no additional cost if you buy today.”

[…]

Source: GameStop CEO Scapegoats DEI for Company Troubles

Microcomb chips help pave the way for thousand times more accurate GPS systems

Posted on by

Today, our mobile phones, computers, and GPS systems can give us very accurate time indications and positioning thanks to the over 400 atomic clocks worldwide. All sorts of clocks — be it mechanical, atomic or a smartwatch — are made of two parts: an oscillator and a counter. The oscillator provides a periodic variation of some known frequency over time while the counter counts the number of cycles of the oscillator. Atomic clocks count the oscillations of vibrating atoms that switch between two energy states with very precise frequency.

Most atomic clocks use microwave frequencies to induce these energy oscillations in atoms. In recent years, researchers in the field have explored the possibility of using laser instead to induce oscillations optically. Just like a ruler with a great number of ticks per centimeter, optical atomic clocks make it possible to divide a second into even more time fractions, resulting in thousands of times more accurate time and position indications.

“Today’s atomic clocks enable GPS systems with a positional accuracy of a few meters. With an optical atomic clock, you may achieve a precision of just a few centimeters.

[…]

The core of the new technology, described in a recently published research article in Nature Photonics, are small, chip-based devices called microcombs. Like the teeth of a comb, microcombs can generate a spectrum of evenly distributed light frequencies.

“This allows one of the comb frequencies to be locked to a laser frequency that is in turn locked to the atomic clock oscillation,” says Minghao Qi.

[…]

the minimal size of the microcomb makes it possible to shrink the atomic clock system significantly while maintaining its extraordinary precision,”

[…]

Another major obstacle has been achieving simultaneously the “self-reference” needed for the stability of the overall system and aligning the microcomb’s frequencies exactly with the atomic clock’s signals.

“It turns out that one microcomb is not sufficient, and we managed to solve the problem by pairing two microcombs, whose comb spacings, i.e. frequency interval between adjacent teeth, are close but with a small offset, e.g. 20 GHz. This 20 GHz offset frequency will serve as the clock signal that is electronically detectable. In this way, we could get the system to transfer the exact time signal from an atomic clock to a more accessible radio frequency, ”

[…]

“Photonic integration technology makes it possible to integrate the optical components of optical atomic clocks, such as frequency combs, atomic sources and lasers, on tiny photonic chips in micrometer to millimeter sizes, significantly reducing the size and weight of the system,” says Dr. Kaiyi Wu.

The innovation could pave the way for mass production, making optical atomic clocks more affordable and accessible for a range of applications in society and science. The system that is required to “count” the cycles of an optical frequency requires many components besides the microcombs, such as modulators, detectors and optical amplifiers. This study solves an important problem and shows a new architecture, but the next steps are to bring all the elements necessary to create a full system on a chip.

[…]

Source: Microcomb chips help pave the way for thousand times more accurate GPS systems | ScienceDaily

Meta slashes staff and their stock options, but it’s ok: executives’ annual bonuses just went from 75% base salary to 200% and stock is around 2000% of salary

Posted on by

After another round of mass layoffs and reports of slashed stock options for remaining employees, Meta has like clockwork opted to reward its top executives with a substantial bonus increase.

The Facebook giant revealed in a government filing that its Compensation, Nominating and Governance Committee (CNGC) approved a target annual bonus increase for its top executive officers bar CEO Mark Zuckerberg. The bonus was raised from 75 percent of base salary to a whopping 200 percent, effective with the 2025 annual performance period.

[…]

According to Meta’s April 2024 proxy statement [PDF], CTO Andrew Bosworth’s base salary was $945,000. His actual eligible earnings were slightly lower due to the timing of his raise. However, factoring in a 75 percent target bonus and Meta’s 150 percent company performance multiplier for 2023, his total bonus payout amounted to about $1.05 million.

Assuming Bosworth’s salary remains the same, and Meta’s company performance percentage stays at 150 percent in 2025, the new 200 percent target bonus would push his bonus to nearly $3 million. That’s before any stock-based compensation and other add-ons. And he’s not even the highest-paid member of Meta’s named executive team.

For balance’s sake, and some might find this hard to swallow but, $3 million annual cash compensation for a CTO in Bosworth’s position is about right for Silicon Valley; it’s nothing outrageous, relatively speaking. The vast majority of his pay package is in shares; in 2023 for instance, he was awarded more than $20 million in stock. The salary, like for many in his role, is the cherry on top of an enormous cake.

[…]

Some of that bonus cash, though, might be coming from Meta’s latest round of layoffs, which saw around 3,700 people – about five percent of its workforce – axed this month. The cut reportedly targeted low performers, and followed a year in which the biz reported a net income of $62.36 billion, a 59 percent year-over-year increase.

This comes reports surfaced this week that Meta has cut back on its yearly distribution of stock options by 10 percent to most staff, though we do note that the corp’s share price has climbed 10 percent in the past month, and 46 percent for the past year.

[…]

Source: Meta executives’ annual bonuses just got a bit bigger • The Register

The economics of greed – gut the company and grab the money. In the meantime blame people for drinking Starbucks coffee that they can’t pay their rent.

Nvidia Drops Support for PhysX on Its RTX 50-Series Cards

Posted on by

Earlier this week, Nvidia confirmed in its official forums that “32-bit CUDA applications are deprecated on GeForce RTX 50 series GPUS.” The company’s support page for its “Support plan for 32-bit CUDA” notes that some 32-bit capabilities were removed from CUDA 12.0 but does not mention PhysX. Effectively, the 50 series cards cannot run any game with PhysX as developers originally intended. That’s ironic, considering Nvidia originally pushed this tech back in the early 2010s to sell its GTX range of GPUs.

PhysX is a GPU-accelerated physics system that allows for more realistic physics simulations in games without putting pressure on the CPU. This included small particle effects like fog or smoke and cloth movement.

[…]

a game like Batman: Arkham City […] with an Nvidia RTX 5070 Ti, and when you try to enable hardware-accelerated physics in settings, you’ll receive a note reading, “Your hardware does not support Nvidia Hardware Accelerated PhysX. Performance will be reduced without dedicated hardware.” [ …] The in-game benchmark shows that with the hardware accelerated physics setting enabled on the RTX 5070 Ti, I saw a hit of 65 average FPS compared to the setting off, from 164 to 99. The difference in ambiance without the setting enabled is striking.

[…]

In other games, like Borderlands 2, it simply grays out the PhysX option in settings. As one Reddit user found, you can force it through editing the game files, but that will result in horrible framerate drops even when shooting a gun at a wall. It’s not what the game makers intended. If you want to play these older games in their prime, your best option is to plug a separate, older GeForce GPU into the system and run 32-bit PhysX games exclusively on that card.

[…]

we see Nvidia deprecating its own hardware capabilities, hurting games that are little more than a decade old

[…]

Source: Nvidia Drops Support for PhysX on Its RTX 50-Series Cards

Amazon Is Making It Harder to Move Your E-Books Around

Posted on by

Amazon is once again demonstrating that buying things in today’s world does not mean you actually own them. The company is closing a loophole that enabled owners of Kindle books to strip them of their anti-piracy protection and take them elsewhere.

Some avid digital books enthusiasts prefer other e-reading applications to Amazon’s Kindle—perhaps because another e-reader has a better color screen or other features not present on Kindle. The “Download & transfer via USB” tool was an old Kindle feature that allowed owners of e-books purchased through Amazon to be downloaded and transferred to another Kindle without using WiFi or Bluetooth. Clever individuals found that some older e-books used a file format with security measures that are easy to circumvent, meaning they could use the tool alongside other hacks to successfully transfer their books elsewhere. Now, books purchased through Amazon are effectively stuck there.

[…]

A standard security format would enable books to be transferred while protecting copyrights, but Amazon does not have an incentive to go with that.

That has, of course, been great for Amazon. The company was early into the e-book industry and the Kindle is synonymous with e-books; it accounts for 70% of the market. If you have a large collection of books you have purchased on Kindle, you kind of have to stay in its ecosystem. Furthermore, some books are only available on Amazon’s marketplace, and the company will always match the price of competing marketplaces since it really makes its money off the ads littering the site these days. While Amazon does have a monopoly in digital books, it would likely argue it is not a monopoly in the broader book category as Barnes and Noble sees a resurgence in popularity.

Users on sites like Reddit have shared workarounds over the years to take their purchased books elsewhere, but it has been something of a cat-and-mouse game, with successive updates by Amazon closing loopholes.

[…]

 

Source: Amazon Is Making It Harder to Move Your E-Books Around

Brake pad dust can be more toxic than exhaust emissions, study says

Posted on by

Microscopic particles emitted from brake pads can be more toxic than those emitted in diesel vehicle exhaust, a study has found.

This research shows that even with a move to electric vehicles, pollution from cars may not be able to be eradicated.

The researchers found that a higher concentration of copper in some commonly used brake pads was associated with increased harmful effects on sensitive cells from people’s lungs, as a result of particles being breathed in.

Exposure to pollution generated by cars, vans and lorries has been previously been linked to an increased risk of lung and heart disease. While past attention has mainly concentrated on exhaust emissions, particles are also released into the air from tyre, road and brake pad wear.

These emissions are largely unregulated by legislation and the study found that these “non-exhaust” pollution sources are now responsible for the majority of vehicle particulate matter emissions in the UK and parts of Europe, with brake dust the main contributor among them.

Dr James Parkin, from the University of Southampton and lead author of the study published in the journal Particle and Fibre Toxicology, said: “People generally associate pollution from cars as being from exhaust pipes and think of electric vehicles as having zero emissions. However, electric vehicles still produce particulate matter due to friction and wear of the road, tyres, and brakes.

[…]

Results showed that of the four types of brake pads, non-asbestos organic pads were the most potent at inducing inflammation and other markers of toxicity, and were found to be more toxic to human lung cells than diesel exhaust particles. Ceramic pads were the second most toxic.

Dr Ian Mudway, senior lecturer at the school of public health at Imperial College London, said that while the research appeared sound it was premature to conclude that emissions from brake pad wear were worse than diesel exhaust.

He said: “Too many variables remain uncontrolled: brake disc types [a highly varied category], diesel exhaust particle composition, and chosen endpoints, among others. While this paper focuses on brakes, tyre wear and road dust resuspension should also be considered. This has significant policy implications, as it suggests that policies solely targeting exhaust emissions will not fully mitigate the risks of traffic-related pollutants.”

The project supervisor Prof Matthew Loxham said this was “a fair comment” but said the brake wear particles were generated on a test rig according to a standard braking cycle, different types and speed of braking, which is used for brake testing, “therefore one would expect the particles to be representative of general real world brake wear particles”.

“Although there may well be differences to the particles from each of these sources caused by changes in braking or engine parameters, I think it would be fair to hypothesise that these differences would be rather less than the differences due to the individual sources,” he said.

[…]

Source: Brake pad dust can be more toxic than exhaust emissions, study says | Automotive emissions | The Guardian

Eating from plastic (takeout) containers can increase heart failure risk

Posted on by

Eating from plastic takeout containers may significantly increase the chance of congestive heart failure, a new study finds, and researchers suspect they have identified why: changes to gut biome cause inflammation that damages the circulatory system.

The novel two part, peer-reviewed study from Chinese researchers adds to mounting evidence of the risks associated with eating from plastic, and builds on previous evidence linking plastic chemicals to heart disease.

The authors used a two-part approach, first looking into the frequency with which over 3,000 people in China ate from plastic takeout containers, and whether they had heart disease. They then exposed rats to plastic chemicals in water that was boiled and poured in carryout containers to extract chemicals.

plastic utensils-02
Reduce, reuse, refuse: tips to cut down plastic use in your kitchen
Read more

“The data revealed that high-frequency exposure to plastics is significantly associated with an increased risk of congestive heart failure,” the authors wrote.

Plastic can contain any of about 20,000 chemicals, and many of them, such as BPA, phthalates and Pfas, present health risks. The chemicals are often found in food and food packaging, and are linked to a range of problems from cancer to reproductive harm.

While researchers in the new paper didn’t check which specific chemicals were leaching from the plastic, they noted the link between common plastic compounds and heart disease, and a previous link between gut biome and heart disease.

They put boiling water in the containers for one, five or 15 minutes because plastic chemicals leach at much higher rates when hot contents are placed in containers – the study cited previous research that found as many as 4.2m microplastic particles per sq cm can leach from plastic containers that are microwaved.

The authors then gave rats the water contaminated with leachate to drink for several months, then analyzed the gut biome and metabolites in the feces. It found notable changes.

“It indicated that ingestion of these leachates altered the intestinal microenvironment, affected gut microbiota composition, and modified gut microbiota metabolites, particularly those linked to inflammation and oxidative stress,” the authors wrote.

fruits are wrapped in plastic on shelves in a store
Thousands of toxins from food packaging found in humans – research
Read more

They then checked the rats’ heart muscle tissue and found it had been damaged. The study did not find a statistical difference in the changes and damage among rats that were exposed to water that had been in contact with plastic for one minute versus five or fifteen.

The study does not make recommendations on how consumers can protect themselves. But public health advocates say to avoid microwaving or adding hot food to plastic containers at home, or cooking anything in plastic. Replacing plastic utensils or packaging at home with glass, wood or stainless steel alternatives is also helpful.

It is more difficult to avoid plastic when getting carryout. One can bring their own glass packaging or transfer food to glass packaging when one gets home.

Source: Eating from plastic takeout containers can increase heart failure risk – study | US news | The Guardian

Zypher’s speech model can clone your voice with 5s of audio

Posted on by

Palo Alto-based AI startup Zyphra unveiled a pair of open text-to-speech (TTS) models this week said to be capable of cloning your voice with as little as five seconds of sample audio. In our testing, we generated realistic results with less than half a minute of recorded speech.

Founded in 2021 by Danny Martinelli and Krithik Puthalath, the startup aims to build a multimodal agent system called MaiaOS. To date, these efforts have seen the release of its Zamba family of small language models, optimizations such as tree attention, and now the release of its Zonos TTS models.

Measuring at 1.6 billion parameters in size each, the models were trained on more than 200,000 hours of speech data, which includes both neutral-toned speech such as audiobook narration, and “highly expressive” speech. According to the upstart’s release notes for Zonos, the majority of its data was in English but there were “substantial” quantities of Chinese, Japanese, French, Spanish, and German. Zyphra tells El Reg this data was acquired from the web and was not obtained from data brokers.

[…]

Zyphra offers a demo environment where you can play with its Zonos models, along with paid API access and subscription plans on their website. But, if you’re hesitant to upload your voice to a random startup’s servers, getting the model running locally is relatively easy.

We’ll go into more detail on how to set that up in a bit, but first, let’s take a look at how well it actually works in the wild.

To test it out, we spun up Zyphra’s Zonos demo locally on an Nvidia RTX 6000 Ada Generation graphics card. We then uploaded 20- to 30-second clips of ourselves reading a random passage of text, and fed that into the Zonos-v0.1 transformer and hybrid models along with a 50 or so word text prompt, leaving all hyperparameters to their defaults. The goal is to have the trained model predict your voice, and output it as an audio file, from the provided sample recordings and prompt.

Using a 24-second sample clip, we were able to achieve a voice clone good enough to fool close friends and family — at least on first blush. After revealing that the clip was AI generated, they did note that the pacing and speed of the speech did feel a little off, and that they believed they would have caught on to the fact the audio wasn’t authentic given a longer clip.

[…]

If you’d like to use Zonos to clone your own voice, deploying the model is relatively easy, assuming you’ve got a compatible GPU and some familiarity with Linux and containerization.

[…]

Source: Zypher’s speech model can clone your voice with 5s of audio • The Register

Gravy Analytics sued for data breach containing location data of millions of smartphones

Posted on by

Gravy Analytics has been sued yet again for allegedly failing to safeguard its vast stores of personal data, which are now feared stolen. And by personal data we mean information including the locations of tens of millions of smartphones, coordinates of which were ultimately harvested from installed apps.

A complaint [PDF], filed in federal court in northern California yesterday, is at least the fourth such lawsuit against Gravy since January, when an unidentified criminal posted screenshots to XSS, a Russian cybercrime forum, to support claims that 17 TB of records had been pilfered from the American analytics outfit’s AWS S3 storage buckets.

The suit this week alleges that massive archive contains the geo-locations of people’s phones.

Gravy Analytics subsequently confirmed it suffered some kind of data security breach, which was discovered on January 4, 2025, in a non-compliance report [PDF] filed with the Norwegian Data Protection Authority and obtained by Norwegian broadcaster NRK.

Three earlier lawsuits – filed in New Jersey on January 14 and 30, and in Virginia on January 31 in the US – make similar allegations.

Gravy Analytics and its subsidiary Venntel were banned from selling sensitive location data by the FTC in December 2024, under a proposed order [PDF] to resolve the agency’s complaint against the companies that was finalized on January 15, 2025.

The FTC complaint alleged the firms “used geofencing, which creates a virtual geographical boundary, to identify and sell lists of consumers who attended certain events related to medical conditions and places of worship and sold additional lists that associate individual consumers to other sensitive characteristics.”

[…]

Source: Gravy Analytics soaks up another sueball over data breach • The Register

U.K. orders Apple to let it spy on users’ encrypted Data in Secret Order – guess they didn’t learn from the Chinese hack of the US telco system then

Posted on by
Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.
The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies.
[…]
Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.
The office of the Home Secretary has served Apple with a document called a technical capability notice, ordering it to provide access under the sweeping U.K. Investigatory Powers Act of 2016, which authorizes law enforcement to compel assistance from companies when needed to collect evidence, the people said.
The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.
Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
In March, when the company was on notice that such a requirement might be coming, it told Parliament: “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”
The Home Office said Thursday that its policy was not to discuss any technical demands. “We do not comment on operational matters, including for example confirming or denying the existence of any such notices,” a spokesman said.
[…]
At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022. It had sought to offer it several years earlier but backed off after objections from the FBI during the first term of President Donald Trump, who pilloried the company for not aiding in the arrest of “killers, drug dealers and other violent criminal elements.” The service is an available security option for Apple users in the United States and elsewhere.
While most iPhone and Mac computer users do not go through the steps to enable it, the service offers enhanced protection from hacking and shuts down a routine method law enforcement uses to access photos, messages and other material. iCloud storage and backups are favored targets for U.S. search warrants, which can be served on Apple without the user knowing.
[…]
Google would be a bigger target for U.K. officials, because it has made the backups for Android phones encrypted by default since 2018. Google spokesman Ed Fernandez declined to say whether any government had sought a back door, but implied none have been implemented. “Google can’t access Android end-to-end encrypted backup data, even with a legal order,” he said.
Meta also offers encrypted backups for WhatsApp. A spokesperson declined to comment on government requests but pointed to a transparency statement on its website saying that no back doors or weakened architecture would be implemented.
If the U.K. secures access to the encrypted data, other countries that have allowed the encrypted storage, such as China, might be prompted to demand equal backdoor access, potentially prompting Apple to withdraw the service rather than comply.
[…]

Source: U.K. orders Apple to let it spy on users’ encrypted accounts – The Washington Post

See also: Phone Metadata Suddenly Not So ‘Harmless’ When It’s The FBI’s Data Being Harvested

and In massive U-turn, FBI Warns Americans to Start Using Encrypted Messaging Apps, after discovering the problem with backdoors

Stellantis Introduces Pop-Up Ads in Vehicles, Bombarding your Jeep, Dodge, Chrysler display every time you stop

Posted on by

Car technology is supposed to make driving safer, smoother, and more enjoyable. But Stellantis, the parent company of Jeep, Dodge, Chrysler, and Ram, seems to have taken a different approach—one that prioritizes ad revenue over user experience.

In a move that has left drivers both frustrated and bewildered, Stellantis has introduced full-screen pop-up ads on its infotainment systems. Specifically, Jeep owners have reported being bombarded with advertisements for Mopar’s extended warranty service. The kicker? These ads appear every time the vehicle comes to a stop

[…]

One Jeep 4xe owner recently shared their frustration on an online forum, detailing how these pop-ups disrupt the driving experience. Stellantis, responding through their “JeepCares” representative, confirmed that these ads are part of the contractual agreement with SiriusXM and suggested that users simply tap the “X” to dismiss them.

[…]

A Symptom of a Bigger Problem: Subscription Fatigue

The automotive industry is heading into murky waters with the increasing push toward subscription-based features. BMW tried charging for heated seats. Mercedes locked performance boosts behind a paywall. Now, Stellantis has decided to monetize its infotainment screens with intrusive advertising.

It’s a trend that consumers are growing increasingly tired of. New vehicles already come with a hefty price tag—averaging $48,700 in 2024—so the expectation is that premium pricing should come with a premium experience, not one riddled with ads and additional fees. Instead of making customers feel like valued buyers, automakers are making them feel like they’re merely users in an ad-supported ecosystem.

The Off-Roading Community’s Response: “AdBlock for Jeeps?”

The off-roading community has always been passionate about modifying their vehicles, but no one expected that “blocking ads” would become a must-have Jeep upgrade. Some tech-savvy drivers are already exploring ways to disable these pop-ups permanently, with discussions surfacing about potential software hacks or third-party solutions to remove intrusive in-car advertising.

[…]

Source: Stellantis Introduces Pop-Up Ads in Vehicles, Sparking Outrage Among Owners – TechStory

Buy now, pay later installment payments increase retail spending, study finds

Posted on by

[…]Buy now, pay later (BNPL) is an increasingly popular payment method, allowing customers to spread payment into interest-free installments over a few weeks or months. Worldwide BNPL spending was $316 billion in 2023 and is expected to grow to $450 billion by 2027. With major retailers such as Walmart and H&M partnering with BNPL providers like Affirm, Klarna, and Afterpay, over 45 million U.S. customers have adopted this payment method.

When customers choose BNPL installments at the checkout of a participating retailer, the bill is paid in full by the BNPL provider to the retailer. Customers pay the BNPL provider for the first installment at the time of purchase and repay the remaining interest-free installments over a short time period.

However, despite the growing popularity of BNPL installment payments, little is known about their impact on retail sales.

In this new study, the researchers use transactional data from a major U.S. retailer and find that BNPL installment payments boost spending. By allowing customers to pay for purchases in smaller, interest-free installments, BNPL boosts both the number of purchases and the average amount spent.

The study compares BNPL installment payments to upfront and delayed lump sum payments. BNPL consistently boosts spending across various products (e.g., party supplies, apparel, flights, mugs, coffee pods) and number of installments (e.g., three installments, four installments, six installments).

[…]

This research offers actionable insights for various stakeholders:

  • Consumers can benefit by using BNPL installments as a tool for managing expenses by making them feel more in control of their budgets and less financially constrained.
  • Retail managers should consider integrating BNPL options to boost sales. Ang says that “Retailers benefit because adoption of installment payments leads to more frequent purchases and larger basket amounts. The difference is significant, with an increase in purchase incidence of approximately 9% and a relative increase in purchase amounts of approximately 10%.”
  • Policymakers need to be aware of the significant impact BNPL has on consumer spending to ensure regulations that protect consumers while fostering financial flexibility.
  • Societal stakeholders, including consumer advocates, should monitor BNPL’s growing influence to promote responsible practices.

Understanding the benefits and potential risks associated with BNPL is crucial as this payment method continues to reshape the retail landscape.

More information: Stijn Maesen et al, Buy Now, Pay Later: Impact of Installment Payments on Customer Purchases, Journal of Marketing (2024). DOI: 10.1177/00222429241282414

Source: Buy now, pay later installment payments increase retail spending, study finds

NASA Demonstrates Software ‘Brains’ Shared Across Satellite Swarms

Posted on by

[…] Distributed Spacecraft Autonomy (DSA), allows individual spacecraft to make independent decisions while collaborating with each other to achieve common goals – all without human input.

NASA researchers have achieved multiple firsts in tests of such swarm technology as part of the agency’s DSA project. Managed at NASA’s Ames Research Center in California’s Silicon Valley, the DSA project develops software tools critical for future autonomous, distributed, and intelligent swarms that will need to interact with each other to achieve complex mission objectives.

[…]

Distributed space missions rely on interactions between multiple spacecraft to achieve mission goals. Such missions can deliver better data to researchers and ensure continuous availability of critical spacecraft systems.

[…]

Distributing autonomy across a group of interacting spacecraft allows for all spacecraft in a swarm to make decisions and is resistant to individual spacecraft failures.

The DSA team advanced swarm technology through two main efforts: the development of software for small spacecraft that was demonstrated in space during NASA’s Starling mission, which involved four CubeSat satellites operating as a swarm to test autonomous collaboration and operation with minimal human operation, and a scalability study of a simulated spacecraft swarm in a virtual lunar orbit.

Experimenting With DSA in Low Earth Orbit

The team gave Starling a challenging job: a fast-paced study of Earth’s ionosphere – where Earth’s atmosphere meets space – to show the swarm’s ability to collaborate and optimize science observations. The swarm decided what science to do on their own with no pre-programmed science observations from ground operators.

“We did not tell the spacecraft how to do their science,” said Adams. “The DSA team figured out what science Starling did only after the experiment was completed. That has never been done before and it’s very exciting!”

The accomplishments of DSA onboard Starling include the first fully distributed autonomous operation of multiple spacecraft, the first use of space-to-space communications to autonomously share status information between multiple spacecraft, the first demonstration of fully distributed reactive operations onboard multiple spacecraft, the first use of a general-purpose automated reasoning system onboard a spacecraft, and the first use of fully distributed automated planning onboard multiple spacecraft.

During the demonstration, which took place between August 2023 and May 2024, Starling’s swarm of spacecraft received GPS signals that pass through the ionosphere and reveal interesting – often fleeting – features for the swarm to focus on. Because the spacecraft constantly change position relative to each other, the GPS satellites, and the ionospheric environment, they needed to exchange information rapidly to stay on task.

Each Starling satellite analyzed and acted on its best results individually. When new information reached each spacecraft, new observation and action plans were analyzed, continuously enabling the swarm to adapt quickly to changing situations.

[…]

The DSA lunar Position, Navigation, and Timing study demonstrated scalability of the swarm in a simulated environment. Over a two-year period, the team ran close to one hundred tests of more complex coordination between multiple spacecraft computers in both low- and high-altitude lunar orbit and showed that a swarm of up to 60 spacecraft is feasible.

The team is further developing DSA’s capabilities to allow mission operators to interact with even larger swarms – hundreds of spacecraft – as a single entity.

[…]

Source: NASA Demonstrates Software ‘Brains’ Shared Across Satellite Swarms   – NASA

Unions Sue to Block Elon Musk’s Access to Americans’ Tax and Benefits Records

Posted on by

A coalition of labor organizations representing federal workers and retirees has sued the Department of the Treasury to block it from giving the newly created Department of Government Efficiency, controlled by Elon Musk, access to the federal government’s sensitive payment systems.

After forcing out a security official who opposed the move, Treasury Secretary Scott Bessent granted DOGE workers access to the system last week, according to The New York Times. Despite its name, DOGE is not a government department but rather an ad-hoc group formed by President Trump purportedly tasked with cutting government spending.

The labor organizations behind the lawsuit filed Monday argue that Bessent broke federal privacy and tax confidentiality laws by giving unauthorized DOGE workers, including people like Musk who are not government employees, the ability to view the private information of anyone who pays taxes or receives money from federal agencies.

With access to the Treasury systems, DOGE representatives can potentially view the names, social security numbers, birth dates, mailing addresses, email addresses, and bank information of tens of millions of people who receive tax refunds, social security and disability payments, veterans benefits, or salaries from the federal government, according to the lawsuit.

“The scale of the intrusion into individuals’ privacy is massive and unprecedented,” according to the complaint filed by the Alliance for Retired Americans, the American Federation of Government Employees, and the Service Employees International Union.

[…]

In their lawsuit, the labor organizations argue that federal law prohibits the disclosure of taxpayer information to anyone except Treasury employees who require it for their official duties unless the disclosure is authorized by a specific law, which DOGE’s access to the system is not. DOGE’s access also violates the Privacy Act of 1974, which prohibits disclosure of personal information to unauthorized people and lays out strict procedures for changing those authorizations, which the Trump administration has not followed, according to the suit.

The plaintiffs have asked the Washington, D.C. district court to grant an injunction preventing unauthorized people from accessing the payment systems and to rule the Treasury’s actions unlawful.

Source: Unions Sue to Block Elon Musk’s Access to Americans’ Tax and Benefits Records

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more in a browser

Posted on by

Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail.

The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips’ use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program.

A new direction

The Apple silicon affected takes speculative execution in new directions. Besides predicting control flow CPUs should take, it also predicts the data flow, such as which memory address to load from and what value will be returned from memory.

The most powerful of the two side-channel attacks is named FLOP. It exploits a form of speculative execution implemented in the chips’ load value predictor (LVP), which predicts the contents of memory when they’re not immediately available. By inducing the LVP to forward values from malformed data, an attacker can read memory contents that would normally be off-limits. The attack can be leveraged to steal a target’s location history from Google Maps, inbox content from Proton Mail, and events stored in iCloud Calendar.

SLAP, meanwhile, abuses the load address predictor (LAP). Whereas LVP predicts the values of memory content, LAP predicts the memory locations where instruction data can be accessed. SLAP forces the LAP to predict the wrong memory addresses. Specifically, the value at an older load instruction’s predicted address is forwarded to younger arbitrary instructions. When Safari has one tab open on a targeted website such as Gmail, and another open tab on an attacker site, the latter can access sensitive strings of JavaScript code of the former, making it possible to read email contents.

“There are hardware and software measures to ensure that two open webpages are isolated from each other, preventing one of them from (maliciously) reading the other’s contents,” the researchers wrote on an informational site describing the attacks and hosting the academic papers for each one. “SLAP and FLOP break these protections, allowing attacker pages to read sensitive login-protected data from target webpages. In our work, we show that this data ranges from location history to credit card information.”

[…]

The following Apple devices are affected by one or both of the attacks:

• All Mac laptops from 2022–present (MacBook Air, MacBook Pro)
• All Mac desktops from 2023–present (Mac Mini, iMac, Mac Studio, Mac Pro)
• All iPad Pro, Air, and Mini models from September 2021–present (Pro 6th and 7th generation, Air 6th gen., Mini 6th gen.)
• All iPhones from September 2021–present (All 13, 14, 15, and 16 models, SE 3rd gen.)

[…]

Source: Apple chips can be hacked to leak secrets from Gmail, iCloud, and more – Ars Technica

AI-assisted works can get finally copyright with enough human creativity, says US copyright office

Posted on by

Artists can copyright works they made with the help of artificial intelligence, according to a new report by the U.S. Copyright Office that could further clear the way for the use of AI tools in Hollywood, the music industry and other creative fields.

The nation’s copyright office, which sits in the Library of Congress and is not part of the executive branch, receives about half a million copyright applications per year covering millions of individual works. It has increasingly been asked to register works that are AI-generated.

And while many of those decisions are made on a case-by-case basis, the report issued Wednesday clarifies the office’s approach as one based on what the top U.S. copyright official describes as the “centrality of human creativity” in authoring a work that warrants copyright protections.

“Where that creativity is expressed through the use of AI systems, it continues to enjoy protection,” said a statement from Register of Copyrights Shira Perlmutter, who directs the office.

An AI-assisted work could be copyrightable if an artist’s handiwork is perceptible. A human adapting an AI-generated output with “creative arrangements or modifications” could also make it fall under copyright protections.

[…]

Source: AI-assisted works can get copyright with enough human creativity, says US copyright office | AP News

Astronomers Call for Global Ban on Space Advertising Before It’s Too Late

Posted on by

In a statement adopted in October 2024, the American Astronomical Society declared that humankind’s scientific understanding of the universe is under threat from space activities, including the proliferation of satellite constellations, space debris, and radio- and electromagnetic interference. Of note is the potential for a space-based eyesore: giant billboards hanging out in low Earth orbit.

“It is the position of the American Astronomical Society that obtrusive space advertising should be prohibited by appropriate international convention, treaty, or law,” the statement read.

Congress already prohibits domestic launches of any “payload containing any material to be used for the purposes of obtrusive space advertising,” in which obtrusive space advertising is defined as “advertising in outer space that is capable of being recognized by a human being on the surface of the Earth without the aid of a telescope or other technological device.”

“The US federal ban on obtrusive space advertising is a critical bulwark against an insidious fouling of the natural sky by private interests,” said James Lowenthal, an astronomer at Smith College and member of the AAS’ Committee for the Protection of Astronomy and the Space Environment (COMPASSE), in an email to Gizmodo. “That ban recognizes that the sky belongs to everyone, and must be protected for all humans now and in the future.”

“But the ban applies only to US launches; other countries could approve launches of ‘space billboards’ from their soil that would be visible from around the world,” Lowenthal added. “That’s why an international ban is critical.”

[…]

Source: Astronomers Call for Global Ban on Space Advertising Before It’s Too Late

WhatsApp says journalists and civil society members were targets of Israeli spyware

Posted on by

Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday.

The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised”.

It is not clear who was behind the attack. Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks.

Experts said the targeting was a “zero-click” attack, which means targets would not have had to click on any malicious links to be infected.

WhatsApp declined to disclose where the journalists and members of civil society were based, including whether they were based in the US.

Paragon has a US office in Chantilly, Virginia. The company has faced recent scrutiny after Wired magazine in October reported that it had entered into a $2m contract with the US Immigration and Customs Enforcement’s homeland security investigations division.

[…]

A person close to the company told the Guardian that Paragon had 35 government customers, that all of them could be considered democratic, and that Paragon did not do business with countries, including some democracies, that have previously been accused of abusing spyware. The person said that included Greece, Poland, Hungary, Mexico and India.

Paragon’s spyware is known as Graphite and has capabilities that are comparable to NSO Group’s Pegasus spyware. Once a phone is infected with Graphite, the operator of the spyware has total access to the phone, including being able to read messages that are sent via encrypted applications like WhatsApp and Signal.

The company, which was founded by the former Israeli prime minister Ehud Barak, has been the subject of media reports in Israel recently, after it was reported that the group was sold to a US private equity firm, AE Industrial Partners, for $900m.

[…]

Source: WhatsApp says journalists and civil society members were targets of Israeli spyware | WhatsApp | The Guardian

US healthcare provider data breach impacts 1 million patients

Posted on by

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data.

The non-profit organization provides primary medical, dental, and mental health services to more than 145,000 active patients.

CHC said in a Thursday filing with Maine’s attorney general that unknown attackers gained access to its network in mid-October 2024, a breach discovered more than two months later, on January 2, 2025.

While the threat actors stole files containing patients’ personal and health information belonging to 1,060,936 individuals, the healthcare organization says they didn’t encrypt any compromised systems and that the security breach didn’t impact its operations.

[…]

Depending on the affected patient, the attackers stole a combination of:

  • personal (names, dates of birth, addresses, phone numbers, emails, Social Security numbers) or
  • health information (medical diagnoses, treatment details, test results, and health insurance.

A CHC spokesperson was not immediately available when BleepingComputer reached out for more details on the incident.

While CHC said the hackers didn’t encrypt any of its systems, more ransomware operations have switched tactics to become data theft extortion groups in recent years.

[…]

In response to this surge of massive healthcare security breaches, the U.S. Department of Health and Human Services (HHS) proposed updates to HIPAA (short for Health Insurance Portability and Accountability Act of 1996) in late December to secure patients’ health data.

Source: US healthcare provider data breach impacts 1 million patients