A Species of Lungfish Claims Title of World’s Largest Animal Genome
Read more of this story at Slashdot.
China-Linked Hackers Could Be Behind Cyberattacks On Russian State Agencies, Researchers Say
According to Kaspersky, the hackers sent phishing emails containing malicious archives. In the first stage of the attack, they exploited a dynamic link library (DLL), commonly found in Windows computers, to collect information about the infected devices and load the additional malicious tools. While Kaspersky didn’t explicitly attribute the recent attacks to APT31 or APT27, they highlighted links between the tools that were used. Although PlugY malware is still being analyzed, it is highly likely that it was developed using the DRBControl backdoor code, the researchers said. This backdoor was previously linked to APT27 and bears similarities to PlugX malware, another tool typically used by hackers based in China.
Read more of this story at Slashdot.
IRS Has Loads of Legacy IT, Still Has No Firm Plans To Replace It
The closure of the retirement office, in the eyes of the TIGTA, is part of the IRS’s failure to properly identify and plan for shutting down legacy systems and possibly replacing them with something modern. According to the audit report, the IRS identified 107 of its 334 legacy systems as up for retirement, yet only two of those 107 have specific decommissioning plans. The TIGTA would like to see clear plans for all of those identified systems, and had hoped the retirement office (or similar) would provide them. Then there’s the second incomplete recommendation, which the IG said is the IRS’ failure to properly apply its own definition of a legacy system to all of its tech. […] In its response to the IG report, the IRS said it had largely addressed the two incomplete recommendations, though not entirely as the Inspector General might want.
Read more of this story at Slashdot.
NIST Finalizes Trio of Post-Quantum Encryption Standards
NIST continued to evaluate two other sets of algorithms that could potentially serve as backup standards in the future. One of the sets includes three algorithms designed for general encryption — but the technology is based on a different type of math problem than the ML-KEM general-purpose algorithm in today’s finalized standards. NIST plans to select one or two of these algorithms by the end of 2024. Despite the new ones on the horizon, NIST mathematician Dustin Moody encouraged system administrators to start transitioning to the new standards ASAP, because full integration takes some time. “There is no need to wait for future standards,” Moody advised in a statement. “Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”
From the NIST: This notice announces the Secretary of Commerce’s approval of three Federal Information Processing Standards (FIPS):
– FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard
– FIPS 204, Module-Lattice-Based Digital Signature Standard
– FIPS 205, Stateless Hash-Based Digital Signature Standard
These standards specify key establishment and digital signature schemes that are designed to resist future attacks by quantum computers, which threaten the security of current standards. The three algorithms specified in these standards are each derived from different submissions in the NIST Post-Quantum Cryptography Standardization Project.
Read more of this story at Slashdot.
Artists Claim ‘Big’ Win In Copyright Suit Fighting AI Image Generators
“We won BIG,” an artist plaintiff, Karla Ortiz, wrote on X (formerly Twitter), celebrating the order. “Not only do we proceed on our copyright claims,” but “this order also means companies who utilize” Stable Diffusion models and LAION-like datasets that scrape artists’ works for AI training without permission “could now be liable for copyright infringement violations, amongst other violations.” Lawyers for the artists, Joseph Saveri and Matthew Butterick, told Ars that artists suing “consider the Court’s order a significant step forward for the case,” as “the Court allowed Plaintiffs’ core copyright-infringement claims against all four defendants to proceed.”
Read more of this story at Slashdot.