Change Healthcare Finally Admits It Paid Ransomware Hackers

Andy Greenberg reports via Wired: More than two months after the start of a ransomware debacle whose impact ranks among the worst in the history of cybersecurity, the medical firm Change Healthcare finally confirmed what cybercriminals, security researchers, and Bitcoin’s blockchain had already made all too clear: that it did indeed pay a ransom to the hackers who targeted the company in February. And yet, it still faces the risk of losing vast amounts of customers’ sensitive medical data. In a statement sent to WIRED and other news outlets on Monday evening, Change Healthcare wrote that it paid a ransom to a cybercriminal group extorting the company, a hacker gang known as AlphV or BlackCat. “A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure,” the statement reads. The company’s belated admission of that payment accompanied a new post on its website where it warns that the hackers may have stolen health-related data that would “cover a substantial proportion of people in America.”

Cybersecurity and cryptocurrency researchers told WIRED last month that Change Healthcare appeared to have paid that ransom on March 1, pointing to a transaction of 350 bitcoins or roughly $22 million sent into a crypto wallet associated with the AlphV hackers. That transaction was first highlighted in a message on a Russian cybercriminal forum known as RAMP, where one of AlphV’s allegedly jilted partners complained that they hadn’t received their cut of Change Healthcare’s payment. However, for weeks following that transaction, which was publicly visible on Bitcoin’s blockchain and which both security firm Recorded Future and blockchain analysis firm TRM Labs told WIRED had been received by AlphV, Change Healthcare repeatedly declined to confirm that it had paid the ransom.

Change Healthcare’s confirmation of that extortion payment puts new weight behind the cybersecurity industry’s fears that the attack — and the profit AlphV extracted from it — will lead ransomware gangs to further target health care companies. “It 100 percent encourages other actors to target health care organizations,” Jon DiMaggio, a researcher with cybersecurity firm Analyst1 who focuses on ransomware, told WIRED at the time the transaction was first spotted in March. “And it’s one of the industries we don’t want ransomware actors to target — especially when it affects hospitals.” Compounding the situation, a conflict between hackers in the ransomware ecosystem has led to a second ransomware group claiming to possess Change Healthcare’s stolen data and threatening to sell it to the highest bidder on the dark web. Earlier this month that second group, known as RansomHub, sent WIRED alleged samples of the stolen data that appeared to come from Change Healthcare’s network, including patient records and a contract with another health care company.

Read more of this story at Slashdot.

Pareto’s Economic Theories Used To Find the Best Mario Kart 8 Racer

Data scientist Antoine Mayerowitz, PhD, applied Vilfredo Pareto’s (the early 20th-century Italian economist) theories to Mario Kart 8 Deluxe to determine the best racer combinations. “When you break down the build options (including driver stats and various vehicle details) in Mario Kart 8 Deluxe, there are over 700,000 possible combinations,” notes Engadget. “But once you eliminate duplicates that differ only in appearance, you can narrow it down to ‘only’ 25,704 possibilities.” From the report: Pareto’s theories, most notably the Pareto front, help us navigate the complexities of choice. They can pinpoint the solutions with the most balanced strengths and the fewest trade-offs. Pareto’s work is about efficiency and effectiveness. […] Mayerowitz’s Pareto front analysis lets you narrow your possibilities down to the 14 most efficient. And it turns out the game’s top players were onto something: One of the combinations with the most ideal balance of speed, acceleration and mini-turbo is Cat Peach driving the Teddy Buggy, roller tires and cloud glider — one already favored among Mario Kart 8 competitors.

Of course, if that combination isn’t your cup of tea, there are others that allow you to stay within the Pareto front’s optimal range. As Eurogamer points out, Donkey Kong, Wario (my old standby, mostly because he makes me laugh) and Princess Peach are often highlighted as drivers, and you can use Mayerowitz’s data fields to find the best matching vehicles. Keep in mind that others have identical stats, so racers like Villager (female), Inkling Girl and Diddy Kong are separated only by appearances.

To find your ideal racer, you can head over to Mayerowitz’s website. There, you can enter your most prized stats and view the combos that give you the best balance (those highlighted in yellow), according to Pareto’s theories.

Read more of this story at Slashdot.

Apple Acquires Datakalab, a French Startup Behind AI and Computer Vision Tech

According to French business magazine Challenges, Apple has acquired Datakalab — a Paris-based startup specializing in artificial intelligence compression and computer vision technology. 9to5Mac reports: Datakalab described itself as “experts in low power, runtime efficient, and deep learning algorithms” that work on device. On its LinkedIn page, Datakalab highlights “industry leading compression and adaptation to deploy embedded computer vision that is fast, cost-effective and precise.” Prior to the Apple acquisition had between 10 and 20 employees.

From Datakalab’s now-defunct website: “Datakalab is a French technology company that develops computer image analysis algorithms to measure flows in public space. The images are instantly transformed into anonymized statistical data processed locally in 100ms. Datakalab does not store any images or personal data and only keeps statistical data. Datakalab products are built according to the principle of ‘Privacy by Design.'”

While neither Apple nor DatakaLab have acknowledged the acquisition, Challenges says that the deal was reported to the European Commission this month. The report says that Datakalab’s two founders did not join Apple, but multiple other employees did make the jump. Datakalab also held multiple patents related to AI compression and vision technology. The acquisition makes perfect sense given Apple’s rumored ambitions to run its upcoming AI-related features in iOS 18 “entirely on device.”

Read more of this story at Slashdot.

Huawei Wants To Take Homegrown HarmonyOS Phone Platform Worldwide

An anonymous reader quotes a report from The Register: Huawei plans to expand its native HarmonyOS smartphone platform worldwide, despite coming under US-led sanctions that have deprived it of access to key technologies. “We will work hard to build up the HarmonyOS app ecosystem in the China market first, then, from country to country, we will start gradually pushing it out to other parts of the world,” Huawei’s rotating chairman Erik Xu told attendees at its 21st Analyst Summit in Shenzhen last week. Part of this process will involve porting apps to HarmonyOS and encouraging other app developers to code for the platform.

“In the China market, Huawei smartphone users spend 99 percent of their time on about 5,000 apps. So we decided to spend 2024 porting these apps over to HarmonyOS first in our drive to truly unify the OS and the app ecosystem. We are also encouraging other apps to be ported over to HarmonyOS,” Xu said. According to Huawei’s rotating chairman, more than 4,000 of those apps are already in the process of being transferred, and the company is “communicating with developers” on the 1,000 or so apps that remain. “This is a massive undertaking, but we have broad support in the industry and from many app developers,” he claimed. “Once we have these first 5,000 Android apps — and thousands of other apps — up and running on HarmonyOS, we will have a real HarmonyOS: a third mobile operating system for the world,” Xu said. That number could reach up to 1 million apps in the future, he claimed. According to Counterpoint Research, HarmonyOS accounted for 4 percent of global market share in the fourth quarter of 2023, and exceeded 16 percent market share in China. That makes it the third largest mobile OS by handset sales, behind Android and iOS.

It remains to be seen whether there will be much of a market for HarmonyOS outside of China, given the current sanctions and sour US/EU-China relations.

Read more of this story at Slashdot.

Startup is Building the World’s Largest Ocean-Based Carbon Plant – and It’s Scalable

An anonymous reader shared this report from CNN:
On a slice of the ocean front in west Singapore, a startup is building a plant to turn carbon dioxide from air and seawater into the same material as seashells, in a process that will also produce “green” hydrogen — a much-hyped clean fuel.

The cluster of low-slung buildings starting to take shape in Tuas will become the “world’s largest” ocean-based carbon dioxide removal plant when completed later this year, according to Equatic, the startup behind it that was spun out of the University of California at Los Angeles. The idea is that the plant will pull water from the ocean, zap it with an electric current and run air through it to produce a series of chemical reactions to trap and store carbon dioxide as minerals, which can be put back in the sea or used on land… The $20 million facility will be fully operational by the end of the year and able to remove 3,650 metric tons of carbon dioxide annually, said Edward Sanders, chief operating officer of Equatic, which has partnered with Singapore’s National Water Agency to construct the plant. That amount is equivalent to taking roughly 870 average passenger cars off the road. The ambition is to scale up to 100,000 metric tons of CO2 removal a year by the end of 2026, and from there to millions of metric tons over the next few decades, Sanders told CNN. The plant can be replicated pretty much anywhere, he said, stacked up in modules “like lego blocks….”

The upfront costs are high but the company says it plans to make money by selling carbon credits to polluters to offset their pollution, as well as selling the hydrogen produced during the process. Equatic has already signed a deal with Boeing to sell it 2,100 metric tons of hydrogen, which it plans to use to create green fuel, and to fund the removal of 62,000 metric tons of CO2.
There’s other projects around the world attempting ocean-based carbon renewal, CNN notes. “Other projects include sprinkling iron particles into the ocean to stimulate CO2-absorbing phytoplankton, sinking seaweed into the depths to lock up carbon and spraying particles into marine clouds to reflect away some of the sun’s energy.”

But carbon-removal projects are controversial, criticized for being expensive, unproven at scale and a distraction from policies to cut fossil fuels. And when they involve the oceans — complex ecosystems already under huge strain from global warming — criticisms can get even louder. There are “big knowledge gaps” when it comes to ocean geoengineering generally, said Jean-Pierre Gatusso, an ocean scientist at the Sorbonne University in France. “I am very concerned with the fact that science lags behind the industry,” he told CNN.

Read more of this story at Slashdot.

The Ingenuity Mars Helicopter Just Sent Its Last Message Home

Two months ago the team behind NASA’s Ingenuity Helicopter released a video reflecting on its historic explorations of Mars, flying 10.5 miles (17.0 kilometers) in 72 different flights over three years. It was the team’s way of saying goodbye, according to NASA’s video.

And this week, LiveScience reports, Ingenuity answered back:

On April 16, Ingenuity beamed back its final signal to Earth, which included the remaining data it had stored in its memory bank and information about its final flight. Ingenuity mission scientists gathered in a control room at NASA’s Jet Propulsion Laboratory (JPL) in California to celebrate and analyze the helicopter’s final message, which was received via NASA’s Deep Space Network, made up of ground stations located across the globe.

In addition to the remaining data files, Ingenuity sent the team a goodbye message including the names of all the people who worked on the mission. This special message had been sent to Perseverance the day before and relayed to Ingenuity to send home.

The helicopter, which still has power, will now spend the rest of its days collecting data from its final landing spot in Valinor Hills, named after a location in J.R.R. Tolkien’s “The Lord of the Rings” books.

The chopper will wake up daily to test its equipment, collect a temperature reading and take a single photo of its surroundings. It will continue to do this until it loses power or fills up its remaining memory space, which could take 20 years. Such a long-term dataset could not only benefit future designs for Martian vehicles but also “provide a long-term perspective on Martian weather patterns and dust movement,” researchers wrote in the statement. However, the data will be kept on board the helicopter and not beamed back to Earth, so it must be retrieved by future Martian vehicles or astronauts.

“Whenever humanity revisits Valinor Hills — either with a rover, a new aircraft, or future astronauts — Ingenuity will be waiting with her last gift of data,” Teddy Tzanetos, an Ingenuity scientist at JPL, said in the statement.

Thursday NASA’s Jet Propulsion Laboratory released another new video tracing the entire route of Ingenuity’s expedition over the surface of Mars.

“Ingenuity’s success could pave the way for more extensive aerial exploration of Mars down the road,” adds Spacae.com:
Mission team members are already working on designs for larger, more capable rotorcraft that could collect a variety of science data on the Red Planet, for example. And Mars isn’t the only drone target: In 2028, NASA plans to launch Dragonfly, a $3.3 billion mission to Saturn’s huge moon Titan, which hosts lakes, seas and rivers of liquid hydrocarbons on its frigid surface. The 1,000-pound (450 kg) Dragonfly will hop from spot to spot on Titan, characterizing the moon’s various environments and assessing its habitability.

Read more of this story at Slashdot.

GPT-4 Can Exploit Real Vulnerabilities By Reading Security Advisories

Long-time Slashdot reader tippen shared this report from the Register:

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.

In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists — Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang — report that OpenAI’s GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw. “To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description,” the US-based authors explain in their paper. “When given the CVE description, GPT-4 is capable of exploiting 87 percent of these vulnerabilities compared to 0 percent for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit)….”

The researchers’ work builds upon prior findings that LLMs can be used to automate attacks on websites in a sandboxed environment. GPT-4, said Daniel Kang, assistant professor at UIUC, in an email to The Register, “can actually autonomously carry out the steps to perform certain exploits that open-source vulnerability scanners cannot find (at the time of writing).”
The researchers wrote that “Our vulnerabilities span website vulnerabilities, container vulnerabilities, and vulnerable Python packages. Over half are categorized as ‘high’ or ‘critical’ severity by the CVE description….”

“Kang and his colleagues computed the cost to conduct a successful LLM agent attack and came up with a figure of $8.80 per exploit”

Read more of this story at Slashdot.

Volla Successfully Crowdfunds a Privacy-Focused Tablet on Kickstarter

It’s “the new generation of Tablet for simplicity and privacy…” according to its Kickstarter page. “Top-tier performance, lightweight design and completely Google-free.” And it’s already reached its funding goal of $53,312 — climbing to over $75,000 from 115 backers with another 26 days still to go.

9to5Linux reports:

Volla, the maker of the Volla Phone smartphones, has launched a crowdfunding campaign on Kickstarter for their first tablet device, the Volla Tablet, which will also support the Ubuntu Touch mobile OS.

Featuring a 12.3-inch Quad HD display with 2650Ö1600 pixel resolution, the Volla Tablet uses a powerful MediaTek Gaming G99 8-core processor, 12 GB RAM, and 256 GB internal storage. It also comes with a long-lasting 10,000 mAh battery, 2G/3G/4G cellular network support, Wi-Fi, Bluetooth, and a 13+5 MP main camera.

By default, Volla Tablet ships with Volla OS 13, Volla’s in-house operating system based on the free Android Open Source Project (AOSP), but users will be able to buy the tablet with Ubuntu Touch featuring built-in convergence and support for Android apps with WayDroid container.

“Users will also be able to use desktop apps like Firefox or LibreOffice thanks to the help of the Libertine container,” according to the article. (“Volla says that Volla Tablet with Ubuntu Touch is ideal for Linux enthusiasts and minimalists seeking a simplified, efficient, and familiar operating system experience.”)

Its Kickstarter page points out the tablet even offers options like “hide.me VPN” and private speech recognition that’s “cloud-independent for secure, confidential interactions.”

(“For U.S. users, please note that only roaming SIM cards from abroad can be used.”)

Read more of this story at Slashdot.

Could the Earth’s Record Hot Streak Signal a New Climate Era?

South America’s Amazon River has reached its lowest level since measurements began, according to the Washington Post, while temperatures “hovered above 110 degrees Fahrenheit” for nearly a week as April began in the capital of Mali. “Nights offered little relief, with temperatures often staying above 90 degrees…”

“An overtaxed electrical grid sputtered and shut down,” they add, and “dehydration and heat stroke became epidemic… At the city’s main hospital, doctors recorded a month’s worth of deaths in just four days. Local cemeteries were overwhelmed.”

The historic heat wave that besieged Mali and other parts of West Africa this month — which scientists say would have been “virtually impossible” in a world without human-caused climate change — is just the latest manifestation of a sudden and worrying surge in global temperatures. Fueled by decades of uncontrolled fossil fuel burning and an El Niño climate pattern that emerged last June, the planet this year breached a feared warming threshold of 1.5 degrees Celsius above preindustrial levels. Nearly 19,000 weather stations have notched record high temperatures since January 1. Each of the last ten months has been the hottest of its kind.

The scale and intensity of this hot streak is extraordinary even considering the unprecedented amount of greenhouse gases in the atmosphere, researchers say. Scientists are still struggling to explain how the planet could have exceeded previous temperature records by as much as half a degree Celsius (0.9 degrees Fahrenheit) last fall. What happens in the next few months, said Gavin Schmidt, director of the NASA Goddard Institute for Space Studies, could indicate whether Earth’s climate has undergone a fundamental shift — a quantum leap in warming that is confounding climate models and stoking ever more dangerous weather extremes.

But even if the world returns to a more predictable warming trajectory, it will only be a temporary reprieve from the conditions that humanity must soon confront, Schmidt said. “Global warming continues apace.”
Will this summer’s La Niña cool things off? More atmospheric research is underway, and “Schmidt says it’s too soon to know how worried the world should be,” according to the article. But he does raise this possibility. “What if the statistical connections that we are basing our predictions on are no longer valid?”

“It’s niggling at the back of my brain that it could be that the past is no longer a guide to the future.”

Read more of this story at Slashdot.

US Passes Bill Reauthorizing ‘FISA’ Surveillance for Two More Years

Late Friday night the U.S. Senate “reauthorized the Foreign Intelligence Surveillance Act, a key. U.S. surveillance authority,” reports Axios, “shortly after it expired in the early hours Saturday morning.”

The reauthorization came despite bipartisan concerns about Section 702, which allows the government to collect communications from non-U.S. citizens overseas without a warrant.
The legislation passed the Senate 60 to 34, with 17 Democrats, Sen. Bernie Sanders (I-Vt.) and 16 Republicans voting “nay.” It extends the controversial Section 702 for two more years.

The bill had already passed last week in the U.S. House of Representatives,
explains CNN:

Under FISA’s Section 702, the government hoovers up massive amounts of internet and cell phone data on foreign targets. Hundreds of thousands of Americans’ information is incidentally collected during that process and then accessed each year without a warrant — down from millions of such queries the US government ran in past years. Critics refer to these queries as “backdoor” searches…

According to one assessment, it forms the basis of most of the intelligence the president views each morning and it has helped the U.S. keep tabs on Russia’s intentions in Ukraine, identify foreign efforts to access US infrastructure, uncover foreign terror networks and thwart terror attacks in the U.S.

An interesting detail from The Verge:

Sens. Ron Wyden (D-OR) and Josh Hawley (R-MO) introduced an amendment that would have struck language in the House bill that expanded the definition of “electronic communications service provider.” Under the House’s new provision, anyone “who has access to equipment that is being or may be used to transmit or store wire or electronic communications.” The expansion, Wyden has claimed, would force “ordinary Americans and small businesses to conduct secret, warrantless spying.” The Wyden-Hawley amendment failed 34-58, meaning that the next iteration of the FISA surveillance program will be more expansive than before.

Saturday morning the U.S. House of Representatives passed a bill banning TikTok if its Chinese owner doesn’t sell the app.

Read more of this story at Slashdot.