Ransomware Gang Uses New Zero-Day To Steal Data On 1 Million Patients

Community Health Systems (CHS), one of the largest healthcare providers in the United States with close to 80 hospitals in 16 states, confirmed this week that criminal hackers accessed the personal and protected health information of up to 1 million patients. TechCrunch reports: The Tennessee-based healthcare giant said in a filing with government regulators that the data breach stems from its use of a popular file-transfer software called GoAnywhere MFT, developed by Fortra (previously known as HelpSystems), which is deployed by large businesses to share and send large sets of data securely. Community Health Systems said that Fortra recently notified it of a security incident that resulted in the unauthorized disclosure of patient data. “As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company’s affiliates were exposed by Fortra’s attacker,” according to the filing by Community Health Systems, which was first spotted by DataBreaches.net. The healthcare giant added that it would offer identity theft protection services and notify all affected individuals whose information was exposed, but said there had been no material interruption to its delivery of patient care.

CHS hasn’t said what types of data were exposed and a spokesperson has not yet responded to TechCrunch’s questions. This is CHS’ second-known breach of patient data in recent years. The Russia-linked ransomware gang Clop has reportedly taken responsibility for exploiting the new zero-day in a new hacking campaign and claims to have already breached over a hundred organizations that use Fortra’s file-transfer technology — including CHS. While CHS has been quick to come forward as a victim, Clop’s claim suggests there could be dozens more affected organizations out there — and if you’re one of the thousands of GoAnywhere users, your company could be among them. Thankfully, security experts have shared a bunch of information about the zero-day and what you can do to protect against it. Security researcher Brian Krebs first flagged the zero-day vulnerability in Fortra’s GoAnywhere software on February 2.

“A zero-day remote code injection exploit was identified in GoAnywhere MFT,” Fortra said in its hidden advisory. “The attack vector of this exploit requires access to the administrative console of the application, which in most cases is accessible only from within a private company network, through VPN, or by allow-listed IP addresses (when running in cloud environments, such as Azure or AWS).”

Read more of this story at Slashdot.

Amazon Plans To Eventually ‘Go Big’ On Physical Grocery Stores

Amazon CEO Andy Jassy told the Financial Times that the company intends to “go big” on its brick-and-mortar grocery store business. Engadget reports: Amazon bought Whole Foods in 2017 for $13.7 billion, but the company is far from dominating the grocery market like it has so many other sectors. The company’s physical store division accounts for 3.4 percent of overall business and has grown only around 10 percent since the Whole Foods acquisition. “We’re just still in the early stages,” Jassy told the Financial Times. “We’re hopeful that in 2023, we have a format that we want to go big on, on the physical side. We have a history of doing a lot of experimentation and doing it quickly. And then, when we find something that we like, doubling down on it, which is what we intend to do.”

Many of the layoffs Amazon recently announced were in its grocery division. It has closed several of its Fresh supermarkets and put plans to open new ones on hold as it tries to find a format and formula that works. Jassy noted that many Fresh locations opened in the midst of the COVID-19 pandemic and as such Amazon hasn’t “had a lot of normalcy.” The physical retail business has struggled on other fronts. Almost a year ago, Amazon said it was closing all of its bookstores, 4-star shops and pop-up locations across the US and UK. The aim at the time was to focus more on the grocery side of things as well as physical clothing stores. However, Amazon took a $720 million hit last quarter due to slowing down its grocery expansion plans.

Read more of this story at Slashdot.

KDE Plasma 5.27 Released

Long-time Slashdot reader jrepin writes: Plasma is a popular desktop environment, which is also powering the desktop mode on the Steam Deck hand-held gaming console. Today, KDE Community announced release of KDE Plasma 5.27, a Long Term Support (LTS) release and the final release in the Plasma 5 series which is based on Qt 5.

This release brings a welcome wizard, which will guide you through setting up the desktop, and a new tiling system for KWin window manager, allowing you to set up custom tile layouts and resize adjacent tiled windows simultaneously. The settings for touch-enabled devices such as touchscreens and drawing tablets have been improved and expanded. For those lucky owners of Valve’s Steam Deck gaming console, Discover can now perform system updates from within the desktop. Digital Clock desktop widget can now show the Hebrew calendar in its calendar view, and the Media Player widget is now touch-sensitive. The Bluetooth widget shows the battery status of connected devices when you hover the cursor over it. Those of you who use multiple monitors should benefit greatly from a major overhaul of how Plasma handles them. KDE Plasma now comes with Flatpak permissions settings integrated into the System Settings app.

For details and other new features and improvements be sure to check out the full announcement.

Read more of this story at Slashdot.

Steep Declines In Data Science Skills Among Fourth- and Eighth-Graders Across America, Study Finds

A new report (PDF) from the Data Science 4 Everyone coalition reveals that data literacy skills among fourth and eighth-grade students have declined significantly over the last decade even as these skills have become increasingly essential in our modern, data-driven society. Phys.Org reports: Based on data from the latest National Assessment of Educational Progress results, the report uncovered several trends that raise concerns about whether the nation’s educational system is sufficiently preparing young people for a world reshaped by the rise of big data and artificial intelligence. Key findings include:

– The pandemic decline is part of a much longer-term trend. Between 2019 and 2022, scores in the data analysis, statistics, and probability section of the NAEP math exam fell by 10 points for eighth-graders and by four points for fourth-graders. Declining scores are part of a longer-term trend, with scores down 17 points for eighth-graders and down 10 points for fourth-graders over the last decade. That means today’s eighth-graders have the data literacy of sixth-graders from a decade ago, and today’s fourth-graders have the data literacy of third-graders from a decade ago.

– There are large racial gaps in scores. These gaps exist across all grade levels but are at times most dramatic in the middle and high school levels. For instance, fourth-grade Black students scored 28 points lower — the equivalent of nearly three grade levels — than their white peers in data analysis, statistics, and probability.

– Data-related instruction is in decline. Every state except Alabama reported a decline or stagnant trend in data-related instruction, with some states — like Maryland and Iowa — seeing double-digit drops. The national share of fourth-grade math teachers reporting “moderate” or “heavy” emphasis on data analysis dropped five percentage points between 2019 and 2022.

Read more of this story at Slashdot.

Arlo’s Security Cameras Will Keep Free Cloud Storage For Existing Customers After All

Security camera company Arlo is reversing course on its controversial decision to apply a retroactive end-of-life policy to many of its popular home security cameras. The Verge reports: On Friday, Arlo CEO Matthew McRae posted a thread on Twitter, announcing that the company will not remove free storage of videos for existing customers and that it is extending the EOL dates for older cameras a further year to 2025. He also committed to sending security updates to these cameras until 2026. The end-of-life policy was due to go into effect January 1st, 2023, and removed a big selling point — seven-day free cloud storage — for many Arlo cams. McRae now says all users with the seven-day storage service will “continue to receive that service uninterrupted.” But he did note that “any future migrations will be handled in a seamless manner,” indicating there are changes coming still.

The thread did not provide details on specific models other than using the Arlo Pro 2 as an example of a camera that will now EOL in 2025 instead of 2024, as previously announced, with security updates continuing until 2026. There was also no update on the plans to remove other features, such as email notifications and E911 emergency calling, or whether “legacy video storage” will remain. The EOL policy applied to the following devices: Arlo Gen 3, Arlo Pro, Arlo Baby, Arlo Pro 2, Arlo Q, Arlo Q Plus, Arlo Lights, and Arlo Audio Doorbell.

Read more of this story at Slashdot.

Valve Is Working On a Major Update For ‘Team Fortress 2’

As Kotaku reported late last week, Valve is preparing a major update for Team Fortress 2. The studio published a rare blog post asking the game’s community to submit new content to the Steam Workshop ahead of May 1st. “The last few Team Fortress summer events have only been item updates. But this year [Valve’s emphasis], we’re planning on shipping a full-on update-sized update — with items, maps, taunts, unusual effects, war paints and who knows what else?!” Valve said. Engadget reports: By our count, the “as as-yet-unnamed, un-themed, but still very exciting summer-situated (but not summer-themed)” update Valve has planned will go down as TF2’s first major content release since the company came out with the Jungle Inferno update in 2017 for the game’s 10-year anniversary. Valve has released smaller updates since then mostly to address the botting problem that made it impossible to play the game, but new content additions have been few and far between.

Read more of this story at Slashdot.

Amazon’s Zoox Robotaxi Now Giving Rides To Employees On Public Roads In California

Amazon-owned autonomous vehicle venture Zoox said on Monday that it is now testing its self-driving robotaxis on public roads in California with passengers on board. CNBC reports: The vehicles have no steering wheel or pedals, and they have bidirectional driving capabilities and four-wheel steering, enabling them to change directions without the need to reverse. Zoox executives said the company began the tests after it received approval from the California Department of Motor Vehicles last week.

The permit is not for all public roads in the state. The tests are currently limited to shuttling Zoox employees on a one-mile public route between two office buildings at the company’s headquarters in Foster City, California, at speeds up to 35 miles an hour. The company hasn’t said how big its test fleet is, but executives have said they have built “dozens” of vehicles, although fewer than 100. Zoox said one of its vehicles completed a test run with employees on board over the weekend.

Read more of this story at Slashdot.

Bing ‘Hallucinated’ the Winner of the Super Bowl Four Days Before it Happened

On Wednesday the Associated Press tested the new AI enhancements to Microsoft’s search engine Bing, asking it “for the most important thing to happen in sports over the past 24 hours — with the expectation it might say something about basketball star LeBron James passing Kareem Abdul-Jabbar’s career scoring record.

“Instead, it confidently spouted a false but detailed account of the upcoming Super Bowl — days before it’s actually scheduled to happen.”

“It was a thrilling game between the Philadelphia Eagles and the Kansas City Chiefs, two of the best teams in the NFL this season,” Bing said. “The Eagles, led by quarterback Jalen Hurts, won their second Lombardi Trophy in franchise history by defeating the Chiefs, led by quarterback Patrick Mahomes, with a score of 31-28.” It kept going, describing the specific yard lengths of throws and field goals and naming three songs played in a “spectacular half time show” by Rihanna.

Unless Bing is clairvoyant — tune in Sunday to find out — it reflected a problem known as AI “hallucination” that’s common with today’s large language-learning models. It’s one of the reasons why companies like Google and Facebook parent Meta had been reluctant to make these models publicly accessible.

Read more of this story at Slashdot.

US Military Shoots Down Fourth Flying Object Near Michigan

The U.S. military shot down another high-altitude object Sunday, reports CNN — this one flying
“The operation marks the third day in a row that an unidentified object was shot down over North American airspace.”
Democratic Rep. Elissa Slotkin of Michigan said Sunday that the operation to down the object over Lake Huron was carried out by pilots from the U.S. Air Force and the National Guard…. The object was flying at 20,000 feet over Michigan’s Upper Peninsula and was about to go over Lake Huron when it was neutralized, a senior administration official told CNN on Sunday.

The object was “octagonal” with strings hanging off and no discernable payload, according to the official and another source briefed on the matter. While the U.S. has no indication that the object had surveillance capabilities, that has not been ruled out yet.

Why have so many flying objects been spotted in the last week? The Washington Post says the Chinese spy balloon and subsequently-spotted objects “have changed how analysts receive and interpret information from radars and sensors, a U.S. official said Saturday.”
The official, speaking on the condition of anonymity because of the sensitivity of the issue, said that sensory equipment absorbs a lot of raw data, and filters are used so humans and machines can make sense of what is collected. But that process always runs the risk of leaving out something important, the official said.

“We basically opened the filters,” the official added, much like a car buyer unchecking boxes on a website to broaden the parameters of what can be searched. That change does not yet fully answer what is going on, the official cautioned, and whether stepping back to look at more data is yielding more hits — or if these latest incursions are part of a more deliberate action by an unknown country or adversary….

The official said the current U.S. assessment is the objects are not military threats.

Read more of this story at Slashdot.

Electric Vehicles Could Match Gas-Powered Cars on Price This Year

This year in America some electric cars could become “as cheap as or cheaper than cars with internal combustion engines,” reports the New York Times, citing figures from the International Council on Clean Transportation, a research and advocacy group.
Prices are likely to continue trending lower as Tesla, General Motors, Ford Motor and their battery suppliers ramp up new factories, reaping the cost savings that come from mass production. New electric vehicles from companies like Volkswagen, Nissan and Hyundai will add to competitive pressure…. Falling prices for materials like lithium and cobalt have also helped. The price of lithium used in batteries has fallen 20% from its peak in November, though the metal still costs more than twice as much as it did at the end of 2021. Cobalt has fallen by more than half since May, in part because carmakers are selling some models that do not require it, reducing demand. New lithium mines are beginning to produce ore, which could keep a lid on prices…

As electric-vehicle sales soar — rising 66% in the United States last year to 810,000, according to Kelley Blue Book — automakers are getting better at making them…. Auto executives say that they are finding it is easier and cheaper to design and build new electric models than gasoline-powered ones. The battery cells made by Ultium, for example, are part of a collection of components that can be mixed and matched in many types of vehicles. Carmakers have long used the same platforms in multiple models, but the strategy works even better with electric vehicles because the cars have far fewer parts than internal combustion vehicles. The Ultium platform cuts the time needed to develop a new vehicle by almost two years, Dan Nicholson, vice president of electrification at GM, said at a Federal Reserve Bank of Chicago conference in January. As a result, GM will be able to introduce three Chevrolet electric vehicles this year: the Equinox, a Silverado pickup truck and a Blazer SUV. “That’s how we get the economies of scale,” Nicholson said.

The article cite’s legislation passed last year subsidizing battery manufacturers, which “could cut the cost of making electric vehicles by as much as $9,000,” as well as the legislation’s tax credits for cars priced below $55,000.
But besides making it cheaper to purchase an electric car, “the car will need less maintenance,” the article points out, “and the electricity to power it will cost less than the gasoline used by its combustion engine equivalent.”
Thanks to long-time Slashdot reader 140Mandak262Jamuna for sharing the article.

Read more of this story at Slashdot.