LastPass Says Home Computer of DevOps Engineer Was Hacked

wiredmikey shares a report from SecurityWeek: Password management software firm LastPass says one of its DevOps engineers had a personal home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. LastPass on Monday fessed up a “second attack” where an unnamed threat actor combined data stolen from an August breach with information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated attack. […]

LastPass worked with incident response experts at Mandiant to perform forensics and found that a DevOps engineer’s home computer was targeted to get around security mitigations. The attackers exploited a remote code execution vulnerability in a third-party media software package and planted keylogger malware on the employee’s personal computer. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault,” the company said. “The threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups,” LastPass confirmed. LastPass originally disclosed the breach in August 2022 and warned that “some source code and technical information were stolen.”

SecurityWeek adds: “In January 2023, the company said the breach was far worse than originally reported and included the theft of account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.”

Read more of this story at Slashdot.

Webb Telescope’s Discovery of Massive Early Galaxies Still Defies Prior Understanding of Universe

Pennsylvania State University has an announcement. “Six massive galaxies discovered in the early universe are upending what scientists previously understood about the origins of galaxies in the universe.”

“These objects are way more massiveâ than anyone expected,” said Joel Leja, assistant professor of astronomy and astrophysics at Penn State, who modeled light from these galaxies. “We expected only to find tiny, young, baby galaxies at this point in time, but we’ve discovered galaxies as mature as our own in what was previously understood to be the dawn of the universe.”

Using the first dataset released from NASA’s James Webb Space Telescope, the international team of scientists discovered objects as mature as the Milky Way when the universe was only 3% of its current age, about 500-700 million years after the Big Bang…. In a paper published February 22 in Nature, the researchers show evidence that the six galaxies are far more massive than anyone expected and call into question what scientists previously understood about galaxy formation at the very beginning of the universe. “The revelation that massive galaxy formation began extremely early in the history of the universe upends what many of us had thought was settled science,” said Leja. “We’ve been informally calling these objects ‘universe breakers’ — and they have been living up to their name so far.”

Leja explained that the galaxies the team discovered are so massive that they are in tension with 99% of models for cosmology. Accounting for such a high amount of mass would require either altering the models for cosmology or revising the scientific understanding of galaxy formation in the early universe — that galaxies started as small clouds of stars and dust that gradually grew larger over time. Either scenario requires a fundamental shift in our understanding of how the universe came to be, he added. “We looked into the very early universe for the first time and had no idea what we were going to find,” Leja said. “It turns out we found something so unexpected it actually creates problems for science. It calls the whole picture of early galaxy formation into question.”
“My first thought was we had made a mistake and we would just find it and move on with our lives,” Leja says in the statement. “But we have yet to find that mistake, despite a lot of trying.”

“While the data indicates they are likely galaxies, I think there is a real possibility that a few of these objects turn out to be obscured supermassive black holes. Regardless, the amount of mass we discovered means that the known mass in stars at this period of our universe is up to 100 times greater than we had previously thought. Even if we cut the sample in half, this is still an astounding change.”

Phys.org got a more detailed explantion from one of the paper’s co-authors:
It took our home galaxy the entire life of the universe for all its stars to assemble. For this young galaxy to achieve the same growth in just 700 million years, it would have had to grow around 20 times faster than the Milky Way, said Labbe, a researcher at Australia’s Swinburne University of Technology. For there to be such massive galaxies so soon after the Big Bang goes against the current cosmological model which represents science’s best understanding of how the universe works. According to theory, galaxies grow slowly from very small beginnings at early times,” Labbe said, adding that such galaxies were expected to be between 10 to 100 times smaller. But the size of these galaxies “really go off a cliff,” he said….

The newly discovered galaxies could indicate that things sped up far faster in the early universe than previously thought, allowing stars to form “much more efficiently,” said David Elbaz, an astrophysicist at the French Atomic Energy Commission not involved in the research. is could be linked to recent signs that the universe itself is expanding faster than we once believed, he added.

This subject sparks fierce debate among cosmologists, making this latest discovery “all the more exciting, because it is one more indication that the model is cracking,” Elbaz said.

Read more of this story at Slashdot.

Can This Company Use Earth’s Heat to Suck Carbon from the Sky?

An anonymous reader shares this report from the Washington Post:

Sucking carbon dioxide out of the sky — or “direct air capture,” as it is known by experts and scientists — is a bit like a time machine for climate change. It removes CO2 from the atmosphere and stores it deep underground, almost exactly the reverse of what humanity has been doing for centuries by burning fossil fuels. Its promise? That it can help run back the clock, undoing some of what we have done to the atmosphere and helping to return the planet to a cooler state.

The problem with direct air capture, however, has been that it takes energy — a lot of energy…. But if the energy powering that comes from fossil fuels, direct air capture starts to look less like a time machine than an accelerator: a way to emit even more CO2. Now, however, a company is working to combine direct air capture with a relatively untapped source of energy: Heat from Earth’s crust. Fervo Energy, a geothermal company headquartered in Houston, announced on Thursday that it will design and engineer the first purpose-built geothermal and direct air capture plant. With the help of a grant from the Chan Zuckerberg Initiative, the company hopes to have a pilot facility online in 3 to 5 years.

If it works, it will be a way to produce carbon-free electricity, while reducing CO2 in the atmosphere at the same time. In short, a win-win for the climate. “You have to have your energy from a carbon-free source” for direct air capture to make sense, said Timothy Latimer, the CEO of Fervo Energy. “Geothermal is a great match….” Geothermal wells don’t, of course, get anywhere close to Earth’s core, but a geothermal well drilled just 1 to 2 miles into hot rocks below the surface can reach temperatures of up to 1,000 degrees. Water is pumped into the well, heated and returned to the surface, where it can be converted into steam and electricity. Even after generating electricity, most geothermal plants have a lot of waste heat — often clocking in around 212 degrees. And conveniently, that happens to be the exact temperature needed to pull carbon dioxide out of an air filter and bury it underground.
The article notes a study which found that if air capture were combined with all the geothermal plants currently in America, the country “could suck up around 12.8 million tons of carbon dioxide every year.”

And “Unlike wind and solar, a geothermal plant can be on all of the time, producing electricity even when the wind isn’t blowing or the sun isn’t shining.”

Read more of this story at Slashdot.

Survey Claims Some Companies are Already Replacing Workers With ChatGPT

An anonymous reader quotes an article from Fortune:

Earlier this month, job advice platform Resumebuilder.com surveyed 1,000 business leaders who either use or plan to use ChatGPT. It found that nearly half of their companies have implemented the chatbot. And roughly half of this cohort say ChatGPT has already replaced workers at their companies….

Business leaders already using ChatGPT told ResumeBuilders.com their companies already use ChatGPT for a variety of reasons, including 66% for writing code, 58% for copywriting and content creation, 57% for customer support, and 52% for meeting summaries and other documents. In the hiring process, 77% of companies using ChatGPT say they use it to help write job descriptions, 66% to draft interview requisitions, and 65% to respond to applications.
Overall, most business leaders are impressed by ChatGPT’s work,” ResumeBuilder.com wrote in a news release. “Fifty-five percent say the quality of work produced by ChatGPT is ‘excellent,’ while 34% say it’s ‘very good….'” Nearly all of the companies using ChatGPT said they’ve saved money using the tool, with 48% saying they’ve saved more than $50,000 and 11% saying they’ve saved more than $100,000….

Of the companies ResumeBuilder.com identified as businesses using the chatbot, 93% say they plan to expand their use of ChatGPT, and 90% of executives say ChatGPT experience is beneficial for job seekers — if it hasn’t already replaced their jobs.

Read more of this story at Slashdot.

Ransomware Attacks, Payments Declined In 2022: Report

CRN reports:

Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year. The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.

The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.

Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022’s total ransomware revenue “fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%.” And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes “signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts,” including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.

From the Wall Street Journal:
After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware…. “It reflects, I think, the pivot that we have made to a posture where we’re on our front foot,” Deputy Attorney General Lisa Monaco said in an interview. “We’re focusing on making sure we’re doing everything to prevent the attacks in the first place.”

The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands…. And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group’s decryption keys — used to undo the effects of ransomware — for free.

In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.
Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.

Read more of this story at Slashdot.

As Cold Fronts Hit America, Half a Million Lose Power

More than 126,000 Californians are without electricity, reports ABC News. But Reuters notes that meanwhile “more than 400,000 customers of Detroit based DTE Energy remained without power on Saturday, the Detroit News reported,” suffering through “a separate storm that clobbered the U.S. Plains, Midwest and Great Lakes regions earlier this week” that finally moved over the Atlantic.

And ABC News notes that as of Saturday morning, “more than 30 million Americans are under weather alerts in the West” — roughly 1 in 11 Americans — “ranging from blizzard warnings in the mountains near Los Angeles to wind chill alerts in the Northern Plains” near Wyoming. But California’s problems came from its own major storm that delivered heavy snow, record rainfall, and damaging winds — a storm that “will be moving from southern California across the entire country over the next few days, eventually moving northeast by Tuesday.”

The Los Angeles area saw record rainfall on Friday, and it came along with 50- to 70-mile-per-hour winds. Burbank, California, saw 4.6 inches of rain Friday — stranding cars in floods and causing dozens of flight delays and cancellations. Records for daily rainfall were also set at the Los Angeles International Airport and the cities of Fresno, Bakersfield, Modesto and Oxnard…. Multiple stretches of I-5 in Los Angeles County were shuttered on Saturday due to rain and snow.

Snowflakes even fell around the “Hollywood” sign, reports Reuters. But bad weather wasn’t just hitting southern California:

In Northern California, San Francisco was expected to experience record cold temperatures on Saturday, and the National Weather Service warned residents of the state capital of Sacramento to avoid travel from Sunday through Wednesday as rain and snow started up again after a reprieve on Saturday. “Extreme impacts from heavy snow & winds will cause extremely dangerous to impossible driving conditions & likely widespread road closures & infrastructure impacts!” the agency said on Twitter. The next set of storms, expected to hit on Sunday, will bring wind gusts of up to 50 miles per hour (80 kph) in the Sacramento Valley, and up to 70 miles per hour in the nearby Sierra Nevada mountains….
A massive low-pressure system driven from the Arctic was responsible for the unusual conditions, said Bryan Jackson, a forecaster at the NWS Weather Prediction Center in College Park, Maryland.

This week one political cartoonist suggested a connection between “crazy weather” and climate change.

Read more of this story at Slashdot.

Microsoft Has Been Secretly Testing Its Bing Chatbot ‘Sydney’ For Years

According to The Verge, Microsoft has been secretly testing its Sydney chatbot for several years after making a big bet on bots in 2016. From the report: Sydney is a codename for a chatbot that has been responding to some Bing users since late 2020. The user experience was very similar to what launched publicly earlier this month, with a blue Cortana-like orb appearing in a chatbot interface on Bing. “Sydney is an old codename for a chat feature based on earlier models that we began testing in India in late 2020,” says Caitlin Roulston, director of communications at Microsoft, in a statement to The Verge. “The insights we gathered as part of that have helped to inform our work with the new Bing preview. We continue to tune our techniques and are working on more advanced models to incorporate the learnings and feedback so that we can deliver the best user experience possible.”

“This is an experimental AI-powered Chat on Bing.com,” read a disclaimer inside the 2021 interface that was added before an early version of Sydney would start replying to users. Some Bing users in India and China spotted the Sydney bot in the first half of 2021 before others noticed it would identify itself as Sydney in late 2021. All of this was years after Microsoft started testing basic chatbots in Bing in 2017. The initial Bing bots used AI techniques that Microsoft had been using in Office and Bing for years and machine reading comprehension that isn’t as powerful as what exists in OpenAI’s GPT models today. These bots were created in 2017 in a broad Microsoft effort to move its Bing search engine to a more conversational model.

Microsoft made several improvements to its Bing bots between 2017 and 2021, including moving away from individual bots for websites and toward the idea of a single AI-powered bot, Sydney, that would answer general queries on Bing. Sources familiar with Microsoft’s early Bing chatbot work tell The Verge that the initial iterations of Sydney had far less personality until late last year. OpenAI shared its next-generation GPT model with Microsoft last summer, described by Jordi Ribas, Microsoft’s head of search and AI, as “game-changing.” While Microsoft had been working toward its dream of conversational search for more than six years, sources say this new large language model was the breakthrough the company needed to bring all of its its Sydney learnings to the masses. […] Microsoft hasn’t yet detailed the full history of Sydney, but Ribas did acknowledge its new Bing AI is “the culmination of many years of work by the Bing team” that involves “other innovations” that the Bing team will detail in future blog posts.

Read more of this story at Slashdot.