The Biden administration plans one additional round of restrictions on the export of AI chips before leaving office, "a final push in his effort to keep advanced technologies out of the hands of China and Russia," reports Bloomberg. From the report: The US wants to curb the sale of AI chips used in data centers on both a country and company basis, with the goal of concentrating AI development in friendly nations and getting businesses around the world to align with American standards, according to people familiar with the matter. The result would be an expansion of semiconductor caps to most of the world -- an attempt to control the spread of AI technology at a time of soaring demand. The regulations, which could be issued as soon as Friday, would create three tiers of chip trade restrictions, said the people, who asked not to be identified because the discussions are private.

At the top level, a small number of US allies would maintain essentially unmitigated access to American chips. A group of adversaries, meanwhile, would be effectively blocked from importing the semiconductors. And the vast majority of the world would face limits on the total computing power that can go to one country. Countries in the last group would be able to bypass their national limits -- and get their own, significantly higher caps -- by agreeing to a set of US government security requirements and human rights standards, one of the people said. That type of designation -- called a validated end user, or VEU -- aims to create a set of trusted entities that develop and deploy AI in secure environments around the world.

An anonymous reader quotes a report from Bloomberg: Italy is in advanced talks with Elon Musk's SpaceX for a deal to provide secure telecommunications for the nation's government -- the largest such project in Europe, people with knowledge of the matter said Sunday. Discussions are ongoing, and a final agreement on the five-year contract hasn't been reached, said the people, who asked not to be identified citing confidential discussions. The project has already been approved by Italy's Intelligence Services as well as Italy's Defense Ministry, they said. Italy on Monday confirmed discussions are ongoing, saying no deal had yet been reached. "The talks with SpaceX are part of normal government business," the government said.

The negotiations, which had stalled until recently, appeared to move forward after Italian Prime Minister Giorgia Meloni visited President-elect Donald Trump in Florida on Saturday. The Italian government said the two didn't discuss the issue during their meeting. Italian officials have been negotiating on a $1.6 billion deal aimed at supplying Italy with a full range of top-level encryption for telephone and Internet services used by the government, the people said. The plan also includes communications services for the Italian military in the Mediterranean area as well as the rollout of so-called direct-to-cell satellite services in Italy for use in emergencies like terror attacks or natural disasters, they said. The possible deal has been under review since mid-2023. It's been opposed by some Italian officials concerned about how the services may detract from local carriers.

TikTok has been pushing the platform's sister app, Lemon8, encouraging users to migrate via sponsored posts amid a looming ban. Axios reports: In the last few weeks, Lemon8 has been promoting its app to TikTok users through sponsored TikTok videos. In one sponsored post, TikTok user @miller.dailylife shares a video with a creator saying, "TikTok actually has another backup app. It's called Lemon8 ... and it automatically signs you in with your TikTok so you can still keep the same TikTok name and things like that. And it's supposed to transfer your followers over. ... Once you add Lemon8, it automatically pops up on your TikTok bio, so that people can just click on it. So, just so you guys know, now that they're trying to do this ban, if you want to have somewhere else to go where the government is not 100% controlling what we see, what we consume ... Just go ahead and go on to Lemon8."

In November, TikTok began informing users of its sister app, Lemon8, that beginning late that month Lemon8 would be powered by TikTok, and their TikTok usernames would also be used on Lemon8. "Some of your data on TikTok will be used to power services on lemon8," the notice says. "Your Lemon8 profile link will be shown to your TikTok profile publicly by default," it continues. "You can choose not to show it by editing your TikTok profile." Last March, Lemon8 jumped into the U.S. App Store's Top 10 list shortly after it launched in the U.S. It currently ranks as one of the top-ranking free apps on Apple's app store.

The report notes that the TikTok ban law also applies to other apps owned by TikTok's Chinese parent ByteDance, like Lemon8. "ByteDance could be betting that regulators and app store companies are so focused on TikTok that they won't pay attention to its other apps," says Axios.

BleepingComputer's Sergiu Gatlan reports: "Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. The Cyber Trust Mark label, which will appear on smart products sold in the United States later this year, will help American consumers determine whether the devices they want to buy are safe to install in their homes. It's designed for consumer smart devices, such as home security cameras, TVs, internet-connected appliances, fitness trackers, climate control systems, and baby monitors, and it signals that the internet-connected device comes with a set of security features approved by NIST.

Vendors will label their products with the Cyber Trust Mark logo if they meet the National Institute of Standards and Technology (NIST) cybersecurity criteria. These criteria include using unique and strong default passwords, software updates, data protection, and incident detection capabilities. Consumers can scan the QR code included next to the Cyber Trust Mark labels for additional security information, such as instructions on changing the default password, steps for securely configuring the device, details on automatic updates (including how to access them if they are not automatic), the product's minimum support period, and a notification if the manufacturer does not offer updates for the device. "Americans are worried about the rise of criminals remotely hacking into home security systems to unlock doors, or malicious attackers tapping into insecure home cameras to illicitly record conversations," the Biden administration said on Tuesday.

"The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess the cybersecurity of such products, as well as incentivize companies to produce more cybersecure devise [sic], much as EnergyStar labels did for energy efficiency.

Telegram's Transparency Report reveals a sharp increase in U.S. government data requests, with 900 fulfilled requests affecting 2,253 users. "The news shows a massive spike in the number of data requests fulfilled by Telegram after French authorities arrested Telegram CEO Pavel Durov in August, in part because of the company's unwillingness to provide user data in a child abuse investigation," notes 404 Media. From the report: Between January 1 and September 30, 2024, Telegram fulfilled 14 requests "for IP addresses and/or phone numbers" from the United States, which affected a total of 108 users, according to Telegram's Transparency Reports bot. But for the entire year of 2024, it fulfilled 900 requests from the U.S. affecting a total of 2,253 users, meaning that the number of fulfilled requests skyrocketed between October and December, according to the newly released data. "Fulfilled requests from the United States of America for IP address and/or phone number: 900," Telegram's Transparency Reports bot said when prompted for the latest report by 404 Media. "Affected users: 2253," it added.

A month after Durov's arrest in August, Telegram updated its privacy policy to say that the company will provide user data, including IP addresses and phone numbers, to law enforcement agencies in response to valid legal orders. Up until then, the privacy policy only mentioned it would do so when concerning terror cases, and said that such a disclosure had never happened anyway. Even though the data technically covers the entire of 2024, the jump from a total of 108 affected users in October to 2253 as of now, indicates that the vast majority of fulfilled data requests were in the last quarter of 2024, showing a huge increase in the number of law enforcement requests that Telegram completed. You can access the platform's transparency reports here.

The Japanese government published an alert on Wednesday accusing a Chinese hacking group of targeting and breaching dozens of government organizations, companies, and individuals in the country since 2019. From a report: Japan's National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity attributed the years-long hacking spree to a group called MirrorFace.

"The MirrorFace attack campaign is an organized cyber attack suspected to be linked to China, with the primary objective of stealing information related to Japan's national security and advanced technology," the authorities wrote in the alert, according to a machine translation. A longer version of the alert said the targets included Japan's Foreign and Defense ministries, the country's space agency, as well as politicians, journalists, private companies and tech think tanks, according to the Associated Press. In July 2024 Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) wrote in a blog post that MirrorFace's "targets were initially media, political organisations, think tanks and universities, but it has shifted to manufacturers and research institutions since 2023."

An anonymous reader quotes a report from Ars Technica: The US Justice Department today announced it filed an antitrust lawsuit against "six of the nation's largest landlords for participating in algorithmic pricing schemes that harmed renters." One of the landlords, Cortland Management, agreed to a settlement "that requires it to cooperate with the government, stop using its competitors' sensitive data to set rents and stop using the same algorithm as its competitors without a corporate monitor," the DOJ said. The pending settlement requires Cortland to "cooperate fully and truthfully... in any civil investigation or civil litigation the United States brings or has brought" on this subject matter.

The US previously sued RealPage, a software maker accused of helping landlords collectively set prices by giving them access to competitors' nonpublic pricing and occupancy information. The original version of the lawsuit described actions by landlords but did not name any as defendants. The Justice Department filed an amended complaint (PDF) today in order to add the landlords as defendants. The landlord defendants are Greystar, LivCor, Camden, Cushman, Willow Bridge, and Cortland, which collectively "operate more than 1.3 million units in 43 states and the District of Columbia," the DOJ said. "The amended complaint alleges that the six landlords actively participated in a scheme to set their rents using each other's competitively sensitive information through common pricing algorithms," the DOJ said. The phrase "price fixing" came up in discussions between landlords, the amended complaint said: "For example, in Minnesota, property managers from Cushman & Wakefield, Greystar, and other landlords regularly discussed competitively sensitive topics, including their future pricing. When a property manager from Greystar remarked that another property manager had declined to fully participate due to 'price fixing laws,' the Cushman & Wakefield property manager replied to Greystar, 'Hmm... Price fixing laws huh? That's a new one! Well, I'm happy to keep sharing so ask away. Hoping we can kick these concessions soon or at least only have you guys be the only ones with big concessions! It's so frustrating to have to offer so much.'"

The Justice Department is joined in the case by the attorneys general of California, Colorado, Connecticut, Illinois, Massachusetts, Minnesota, North Carolina, Oregon, Tennessee, and Washington. The case is in US District Court for the Middle District of North Carolina.

Further reading: Are We Entering an AI Price-Fixing Dystopia?

Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. 404 Media: The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples' precise movements, and they are threatening to publish the data publicly.

The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.

An anonymous reader quotes a report from Reuters: The U.S. Defense Department said on Monday it has added Chinese tech giants including gaming and social media leader Tencent Holdings and battery maker CATL to a list of firms it says work with China's military. The list also included chip maker Changxin Memory Technologies, Quectel Wireless and drone maker Autel Robotics, according to a document published on Monday. The annually updated list (PDF) of Chinese military companies, formally mandated under U.S. law as the "Section 1260H list," designated 134 companies, according to a notice posted to the Federal Register.

U.S.-traded shares of Tencent, which is also the parent of Chinese instant messaging app WeChat, fell 8% in over-the-counter trading. Tencent said in a statement that its inclusion on the list was "clearly a mistake." It added: "We are not a military company or supplier. Unlike sanctions or export controls, this listing has no impact on our business." CATL called the designation a mistake, saying it "is not engaged in any military related activities." A Quectel spokesperson said the company "does not work with the military in any country and will ask the Pentagon to reconsider its designation, which clearly has been made in error."

While the designation does not involve immediate bans, it can be a blow to the reputations of affected companies and represents a stark warning to U.S. entities and firms about the risks of conducting business with them. It could also add pressure on the Treasury Department to sanction the companies. Two previously listed companies, drone maker DJI and Lidar-maker Hesai Technologies, both sued the Pentagon last year over their previous designations, but remain on the updated list. The Pentagon also removed six companies it said no longer met the requirements for the designation, including AI firm Beijing Megvii Technology, China Railway Construction Corporation Limited, China State Construction Group Co and China Telecommunications Corporation.

A forthcoming peer-reviewed study (PDF) from Rutgers University's Network Contagion Research Institute argues that TikTok surfaces fewer anti-CCP posts compared to Instagram and YouTube, despite higher user engagement with such content. It also found that heavy TikTok usage correlates with more favorable views of China's human rights record. The findings come a Supreme Court hearing later this week on whether the federal government can ban TikTok. Gizmodo reports: The new peer-reviewed paper, which was first reported by The Free Press, begins by examining whether content on TikTok, Instagram, and YouTube related to the keywords "Tiananmen," "Tibet," "Uyghur," and "Xinjiang" tends to display pro- or anti-CCP sentiment. The researchers found that TikTok's algorithm didn't necessarily surface more pro-CCP content in response to searches for those terms, but it delivered fewer anti-CCP posts than did Instagram or YouTube and significantly more posts that were irrelevant to the subject.

In the second stage of their study, the NCRI team tested whether the lower performance of anti-CCP content was a result of less user engagement (likes and comments) with those posts. They found that TikTok users "liked or commented on anti-CCP content nearly four times as much as they liked or commented on pro-CCP content, yet the search algorithm produced nearly three times as much pro-CCP content" while there was no similar discrepancy on Instagram or YouTube.

Finally, the researchers surveyed 1,214 Americans about their social media usage and their views on China's human rights record. The more time users spent on any social media platform, the more likely they were to have favorable views of China's human rights record, the survey showed. Users were particularly more likely to have favorable views if they spent more than three hours a day using TikTok. The researchers wrote that they could not definitively conclude that spending more time on TikTok resulted in more positive views of China, but "taken together, the findings from these three studies raise the distinct possibility that TikTok is a vehicle for CCP propaganda."

More than 1.6 million Americans have been jobless for at least six months, up 50% since late 2022, despite the economy adding over two million jobs last year, Labor Department data shows.

The average job search now takes six months, primarily affecting high-paying sectors like tech, law, and media. While the 4.2% unemployment rate remains below pre-pandemic averages, job postings have dropped to one per unemployed worker from two in early 2022.

Software development, data science, and marketing roles are 20% below pre-pandemic levels, while healthcare and government sectors account for half of recent job creation. The number of Americans receiving unemployment benefits reached 1.8 million in late December, approaching post-pandemic highs, as wage growth declined to 4% from 6% during the early 2020s hiring peak.

A U.S. Appeals Court ruled this week that net neutrality couldn't be reinstated by America's Federal Communications Commission. But "Despite the dismantling of the FCC's efforts to regulate broadband internet service, state laws in California, New York and elsewhere remain intact," notes the Los Angeles Times: This week's decision by the 6th U.S. Circuit Court of Appeals, striking down the FCC's open internet rules, has little bearing on state laws enacted during the years-long tug-of-war over the government's power to regulate internet service providers, telecommunications experts said. In fact, some suggested that the Cincinnati-based 6th Circuit's decision — along with other rulings and the U.S. Supreme Court's posture on a separate New York case — has effectively fortified state regulators' efforts to fill the gap. "Absent an act of Congress, the FCC has virtually no role in broadband any more," Ernesto Falcon, a program manager for the California Public Utilities Commission, said in an interview. "The result of this decision is that states like California, New York and others will have to govern and regulate broadband carriers on our own."

California has one of the nation's strongest laws on net neutrality, the principle that internet traffic must be treated equally to ensure a free and open network. Former Gov. Jerry Brown signed the measure into law in 2018, months after federal regulators in President elect-Donald Trump's first administration repealed the net neutrality rules put in place under President Obama. Colorado, Oregon and other states also adopted their own standards.

The Golden State's law has already survived legal challenges. It also prompted changes in the way internet service providers offered plans and services. "California's net neutrality law, which is seen as the gold standard by consumer advocates, carries national impact," Falcon said.... "The state's authority and role in broadband access has grown dramatically now," Falcon said.
California's net neutrality rules prohibit "throttling" data speeds, according to the article.

In a potential U.S.-China conflict, cyberattackers are military weapons. That's the thrust of a new article from the Wall Street Journal: The message from President Biden's national security adviser was startling. Chinese hackers had gained the ability to shut down dozens of U.S. ports, power grids and other infrastructure targets at will, Jake Sullivan told telecommunications and technology executives at a secret meeting at the White House in the fall of 2023, according to people familiar with it. The attack could threaten lives, and the government needed the companies' help to root out the intruders.

What no one at the briefing knew, including Sullivan: China's hackers were already working their way deep inside U.S. telecom networks, too. The two massive hacking operations have upended the West's understanding of what Beijing wants, while revealing the astonishing skill level and stealth of its keyboard warriors — once seen as the cyber equivalent of noisy, drunken burglars. China's hackers were once thought to be interested chiefly in business secrets and huge sets of private consumer data. But the latest hacks make clear they are now soldiers on the front lines of potential geopolitical conflict between the U.S. and China, in which cyberwarfare tools are expected to be powerful weapons. U.S. computer networks are a "key battlefield in any future conflict" with China, said Brandon Wales, a former top U.S. cybersecurity official at the Department of Homeland Security, who closely tracked China's hacking operations against American infrastructure. He said prepositioning and intelligence collection by the hackers "are designed to ensure they prevail by keeping the U.S. from projecting power, and inducing chaos at home."

As China increasingly threatens Taiwan, working toward what Western intelligence officials see as a target of being ready to invade by 2027, the U.S. could be pulled into the fray as the island's most important backer... Top U.S. officials in both parties have warned that China is the greatest danger to American security.

In the infrastructure attacks, which began at least as early as 2019 and are still taking place, hackers connected to China's military embedded themselves in arenas that spies usually ignored, including a water utility in Hawaii, a port in Houston and an oil-and-gas processing facility. Investigators, both at the Federal Bureau of Investigation and in the private sector, found the hackers lurked, sometimes for years, periodically testing access. At a regional airport, investigators found the hackers had secured access, and then returned every six months to make sure they could still get in. Hackers spent at least nine months in the network of a water-treatment system, moving into an adjacent server to study the operations of the plant. At a utility in Los Angeles, the hackers searched for material about how the utility would respond in the event of an emergency or crisis. The precise location and other details of the infrastructure victims are closely guarded secrets, and couldn't be fully determined.

American security officials said they believe the infrastructure intrusions — carried out by a group dubbed Volt Typhoon — are at least in part aimed at disrupting Pacific military supply lines and otherwise impeding America's ability to respond to a future conflict with China, including over a potential invasion of Taiwan... The focus on Guam and West Coast targets suggested to many senior national-security officials across several Biden administration agencies that the hackers were focused on Taiwan, and doing everything they could to slow a U.S. response in a potential Chinese invasion, buying Beijing precious days to complete a takeover even before U.S. support could arrive.
The telecom breachers "were also able to swipe from Verizon and AT&T a list of individuals the U.S. government was surveilling in recent months under court order, which included suspected Chinese agents. The intruders used known software flaws that had been publicly warned about but hadn't been patched."

And ultimately nine U.S. telecoms were breached, according to America's deputy national security adviser for cybersecurity — including what appears to have been a preventable breach at AT&T (according to "one personal familiar with the matter"): [T]hey took control of a high-level network management account that wasn't protected by multifactor authentication, a basic safeguard. That granted them access to more than 100,000 routers from which they could further their attack — a serious lapse that may have allowed the hackers to copy traffic back to China and delete their own digital tracks.
The details of the various breaches are stunning: Chinese hackers gained a foothold in the digital underpinnings of one of America's largest ports in just 31 seconds. At the Port of Houston, an intruder acting like an engineer from one of the port's software vendors entered a server designed to let employees reset their passwords from home. The hackers managed to download an encrypted set of passwords from all the port's staff before the port recognized the threat and cut off the password server from its network...

Brazil ended daylight saving time in 2019, reports the Washington Post, adding that some Brazilians loved the change, "particularly those who commute long distances and are no longer forced to leave their houses in pitch blackness." But "In the heavily populated southeast, the sky begins to brighten at the unconscionable hour of 4:30 a.m. during the summer, and by 8 a.m., it feels like high noon... Polls showed it ultimately lost majority support..."

And then "After several energy emergencies, and with the prospect of more to come as the effects of climate change intensify, the vanquished daylight saving time is suddenly looking a whole lot better than it once did to some in the Brazilian government." Authorities almost mandated the return of daylight saving — a portion of the calendar when clocks are turned forward to maximize seasonal daylight — late last year to conserve energy amid a historic drought that had threatened hydroelectric power generation and drove up light bills. The government is already laying the political groundwork to restore it as soon as this year...

Latin America's largest country is a global leader in green energy. An astounding 93 percent of its electricity comes from renewable sources, according to Brazil's Electric Energy Commercialization Chamber, the majority of which is hydropower. This strength, however, has also left it vulnerable to global warming. As temperatures have warmed and punishing droughts have grown more frequent, the country's water reserves have dropped precariously low at times, jeopardizing its primary source of energy. In 2021, an extended drought depleted the country's water stores, driving up light bills by an estimated 20 percent, according to the National Chamber of Electric Energy. Then came last year's drought, the worst in 70 years, and government officials started to look more seriously at daylight saving.

Alexandre Silveira [Brazil's mining and energy minister] said that month that the decision to eliminate daylight saving had been extravagance Brazil could scarcely afford. "It was massively irresponsible, without any basis in science," the energy official said. "We're living in a period of denial in Brazil in all aspects." José Sidnei Colombo Martini, an electrical engineer at the University of São Paulo, told The Washington Post that decision to end daylight saving amounted to a "national bet on whether it is going to rain." And the bet is expected to become increasingly risky as the years pass. "Brazil has always had a massive amount of available water compared to other countries — storing 12 percent of the planet's surface — but this is being altered," said Suely Araújo, public policy coordinator at the Climate Observatory. Estimates show "we could have a 40 percent reduction in our water availability in Brazil's principal hydro regions by 2040. Brazil has entered a new reality... "
Should other countries end Daylight Saving Time? "People and governments all over the world are having the same debate," the article points out, "often coming to conflicting conclusions." Countries including Azerbaijan, Mexico and Samoa have done away with daylight saving time. Meanwhile, Jordan, Namibia and Turkey have gone the opposite direction, opting for permanent daylight saving time. And Russia, discovering there's no way to tell time that pleases everyone, first tried permanent daylight saving time, then scuttled it.

"Private space stations have been raising billions of dollars in an effort to build future hubs — and even one day cities — in orbit," according to a recent report from the U.K. newspaper, the Telegraph: Axiom Space, a US business aiming to build its own station, has raised more than $500m (£400m). Vast, a space business backed by crypto billionaire Jed McCaleb, is plotting two stations before the end of the decade. Gravitics, meanwhile, has raised tens of millions of dollars for its modular space "real estate". Nasa itself, along with other space agencies, is planning a further station, Lunar Gateway, which will orbit the Moon. Jeff Bezos's Blue Origin has also announced plans to build a space station by 2027, called Orbital Reef, which it has described as an orbital "mixed-use business park". Working with US aerospace business Sierra Space, Orbital Reef will be made up of inflatable pods, which can be launched on a regular rocket before being "blown up" in space. Sierra Space says these modules could house in-space manufacturing or pharmaceutical technology...

Since 2021, Nasa has also offered to pay hundreds of millions of dollars to private companies to develop commercial space stations that could succeed the ISS. So far, it has handed $400m to companies including Axiom, Blue Origin (which is working with Sierra Space), and Northrop Grumman... Vast hopes to launch its first space station, Haven-1, as soon as 2025. This simple module will be the first privately-run space station and will be occupied by a crew of four over four two week expeditions... While Vast was not one of the businesses to secure funding from Nasa, it hopes by launching the first proof-of-concept space station as soon as next year it can leapfrog rival efforts and claim the agency as an anchor customer. From there, it can target other space agencies or companies looking to conduct research.
Some interesting perspectives from the article:

• Chris Quilty, an analyst at Quilty Space: "If China were not building its own space station it is arguable whether Nasa would have felt enjoined to maintain a human presence in low Earth orbit."

• Tim Farrar, founder of TMF Associates, which advises some of the world's top space companies: "Unless they either secure government funding or focus on space tourism, they will inevitably have to rely on the largess of either billionaires or gullible investors who are space enthusiasts."

Thanks to Slashdot reader fjo3 for sharing the news.

"Electric vehicles are expected to outsell cars with internal combustion engines in China for the first time next year," reports the Financial Times, calling it "a historic inflection point that puts the world's biggest car market years ahead of western rivals." China is set to smash international forecasts and Beijing's official targets with domestic EV sales — including pure battery and plug-in hybrids — growing about 20 per cent year on year to more than 12mn cars in 2025, according to the latest estimates supplied to the Financial Times by four investment banks and research groups. The figure would be more than double the 5.9mn sold in 2022. At the same time, sales of traditionally powered cars are expected to fall by more than 10 per cent next year to less than 11 million, reflecting a near 30 per cent plunge from 14.8 million in 2022...

Robert Liew, director of Asia-Pacific renewables research at Wood Mackenzie, said China's EV milestone signalled its success in domestic technology development and securing global supply chains for critical resources needed for EVs and their batteries. The industry's scale meant steep manufacturing cost reductions and lower prices for consumers. "They want to electrify everything," said Liew. "No other country comes close to China." While the pace of Chinese EV sales growth has eased from a post-pandemic frenzy, the forecasts suggest Beijing's official target, set in 2020, for EVs to account for 50 per cent of car sales by 2035, will be achieved 10 years in advance of schedule...

As China's EV market tracked towards year-on-year growth of near 40 per cent in 2024, the market share of foreign-branded cars fell to a record low of 37 per cent — a sharp decline from 64 per cent in 2020, according to data from Automobility, a Shanghai-based consultancy. In this month alone, GM wrote down more than $5 billion (€4.8 billion) of its business value in China; the holding company behind Porsche warned of a writedown in its Volkswagen stake of up to €20 billion; and arch rivals Nissan and Honda said they were responding to a "drastically changing business environment" with a merger.
"Meanwhile, EV sales growth has slowed in Europe and the US, reflecting the legacy car industry's slow embrace of new technology, uncertainty over government subsidies and rising protectionism against imports from China..."

Thanks to long-time Slashdot reader AmiMoJo for sharing the news.

Politico asked an "array of thinkers — futurists, scientists, foreign policy analysts and others — to lay out some of the possible 'Black Swan' events that could await us in the new year: What are the unpredictable, unlikely episodes that aren't yet on the radar but would completely upend American life as we know it?"

Here's one from Gary Marcus, a cognitive scientist and author of the book Taming Silicon Valley: How We Can Ensure That AI Works For Us: 2025 could easily see the largest cyberattack in history, taking down, at least for a little while, some sizeable piece of the world's infrastructure, whether for deliberate ransom or to manipulate people to make money off a short on global markets. Cybercrime is already a huge, multi-trillion dollar problem, and one that most victims don't like to talk about. It is said to be bigger than the entire global drug trade. Four things could make it much worse in 2025.

First, generative AI, rising in popularity and declining in price, is a perfect tool for cyberattackers. Although it is unreliable and prone to hallucinations, it is terrific at making plausible sounding text (e.g., phishing attacks to trick people into revealing credentials) and deepfaked videos at virtually zero cost, allowing attackers to broaden their attacks. Already, a cybercrew bilked a Hong Kong bank out of $25 million. Second, large language models are notoriously susceptible to jailbreaking and things like "prompt-injection attacks," for which no known solution exists. Third, generative AI tools are increasingly being used to create code; in some cases those coders don't fully understand the code written, and the autogenerated code has already been shown in some cases to introduce new security holes.
And finally 2025 may see a U.S. government "determined to deregulate as much as possible, slashing costs," Marus speculates, a scenario where "enforcement and investigations will almost certainly decline in both quality and quantity, leaving the world quite vulnerable to ever more audacious attacks."

Elsewhere in Politico's article there's other even less-cheery predictions for 2025. The executive director of an advocacy group for public health professionals describes the possibility of an epidemic "that we had the tools to control" which "winds up killing thousands" (while also "sending the economy back into a Covid-like downward spiral.")

And a law professor predicts 2025 will see a decisive breakthrough in quantum computing. "Those little padlocks you see beside URLs? They would, overnight, become a fiction."

Remember that massive botnet run by Chinese government hackers? Flax Typhoon "compromised computer networks in North America, Europe, Africa, and across Asia, with a particular focus on Taiwan," according to the U.S. Treasury Department. (The group's botnet breaching this autumn affected "at least 260,000 internet-connected devices," reports the Washington Post, "roughly half of which were located in the United States.")

Friday America's Treasury Department sanctioned "a Beijing-based cybersecurity company for its role in multiple computer intrusion incidents against U.S. victims..." according to an announcement from the department's Office of Foreign Assets Control. "Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure."

From the Washington Post: The group behind the attacks was active since at least 2021, but U.S. authorities only managed to wrest control of the devices from the hackers in September, after the FBI won a court order that allowed the agency to send commands to the infected devices...

Treasury's designation follows sanctions announced last month on Sichuan Silence Information Technology Company, in which U.S. officials accused the company of exploiting technology flaws to install malware in more than 80,000 firewalls, including those protecting U.S. critical infrastructure. The new sanctions on Beijing Integrity Technology are notable due to the company's public profile and outsize role in servicing China's police and intelligence services via state-run hacking competitions. The company, which is listed in Shanghai and has a market capitalization of more than $327 million, plays a central role in providing state agencies "cyber ranges" — technology that allows them to simulate cyberattacks and defenses...

In September, FBI Director Christopher A. Wray said the Flax Typhoon attack successfully infiltrated universities, media organizations, corporations and government agencies, and in some cases caused significant financial losses as groups raced to replace the infected hardware. He said at the time that the operation to shut down the network was "one round in a much longer fight...." A 2024 assessment by the Office of the Director of National Intelligence said China is the most "active and persistent" cyberthreat and that actors under Beijing's direction have made efforts to breach U.S. critical infrastructure with the intention of lying in wait to be able to launch attacks in the event of major conflict.
"The Treasury sanctions bar Beijing Integrity Technology from access to U.S. financial systems and freeze any assets the company might hold in the United States," according to the article, "but the moves are unlikely to have a significant effect on the company," (according to Dakota Cary, a fellow at the Atlantic Council who has studied the company's role in state-sponsored hacking).

An anonymous reader quotes a report from TechCrunch: A U.S. online gift card store has secured an online storage server that was publicly exposing hundreds of thousands of customer government-issued identity documents to the internet. A security researcher, who goes by the online handle JayeLTee, found the publicly exposed storage server late last year containing driving licenses, passports, and other identity documents belonging to MyGiftCardSupply, a company that sells digital gift cards for customers to redeem at popular brands and online services.

MyGiftCardSupply's website says it requires customers to upload a copy of their identity documents as part of its compliance efforts with U.S. anti-money laundering rules, often known as "know your customer" checks, or KYC. But the storage server containing the files had no password, allowing anyone on the internet to access the data stored inside. JayeLTee alerted TechCrunch to the exposure last week after MyGiftCardSupply did not respond to the researcher's email about the exposed data. [...]

According to JayeLTee, the exposed data -- hosted on Microsoft's Azure cloud -- contained over 600,000 front and back images of identity documents and selfie photos of around 200,000 customers. It's not uncommon for companies subject to KYC checks to ask their customers to take a selfie while holding a copy of their identity documents to verify that the customer is who they say they are, and to weed out forgeries. MyGiftCardSupply founder Sam Gastro told TechCrunch: "The files are now secure, and we are doing a full audit of the KYC verification procedure. Going forward, we are going to delete the files promptly after doing the identity verification." It's not known how long the data was exposed or if the company would commit to notifying affected individuals.

More than half-a-dozen VPN apps, including Cloudflare's widely-used 1.1.1.1, have been pulled from India's Apple App Store and Google Play Store following intervention from government authorities, TechCrunch reported Friday. From the report: The Indian Ministry of Home Affairs issued removal orders for the apps, according to a document reviewed by TechCrunch and a disclosure made by Google to Lumen, Harvard University's database that tracks government takedown requests globally.