The BBC reports that "while most of the world was grappling with the blue screen of death on Friday," there was one country that managed to escape largely unscathed: China. The reason is actually quite simple: CrowdStrike is hardly used there. Very few organisations will buy software from an American firm that, in the past, has been vocal about the cyber-security threat posed by Beijing. Additionally, China is not as reliant on Microsoft as the rest of the world. Domestic companies such as Alibaba, Tencent and Huawei are the dominant cloud providers.

So reports of outages in China, when they did come, were mainly at foreign firms or organisations. On Chinese social media sites, for example, some users complained they were not able to check into international chain hotels such as Sheraton, Marriott and Hyatt in Chinese cities. Over recent years, government organisations, businesses and infrastructure operators have increasingly been replacing foreign IT systems with domestic ones. Some analysts like to call this parallel network the "splinternet".

"It's a testament to China's strategic handling of foreign tech operations," says Josh Kennedy White, a cybersecurity expert based in Singapore. "Microsoft operates in China through a local partner, 21Vianet, which manages its services independently of its global infrastructure. This setup insulates China's essential services — like banking and aviation — from global disruptions."
"Beijing sees avoiding reliance on foreign systems as a way of shoring up national security."

Thanks to long-time Slashdot reader hackingbear for sharing the article.

Slashdot covered Barrett Brown back in 2011 and 2012. The New York Times calls him "an activist associated with the hacker group Anonymous, and a political prisoner recently denied asylum in Britain, all of which sounds a bit dreary until we hear tell of it through Brown's unhinged self-regard."

They're reviewing Brown's "extraordinary" new memoir, My Glorious Defeats: Hacktivist, Narcissist, Anonymous," a book they call "deranged, hyperbolic, and true." A "machine" that focuses attention on little-known social issues, Anonymous has gone after the Church of Scientology, Koch Industries, websites hosting child pornography and the Westboro Baptist Church. The public tends to be confused by nebulous digital activities, so it was, in the collective's heyday, helpful to have Brown act as a translator between the hackers and mainstream journalists. "The year 2011 ended as it began," he writes, "with a sophisticated hack on a state-affiliated corporation that ostensibly dealt in straightforward security and analysis while secretly engaging in black ops campaigns against activists who'd proven troublesome to powerful clients."

This particular corporation was Stratfor, a company that spied on activists for the government... Brown waited for the feds to come back and drag him to jail. He also says he tried to get off suboxone in order to avoid the painful possibility of prison withdrawal, and stopped taking Paxil, inducing a manic state, all of which is given as explanation for his regrettable next move, which was to set up a camera and start talking. The feds had threatened his mother, he told the internet, and in response he was threatening Robert Smith, the lead agent on his case. He found himself in custody the same night.

Brown was then subjected to the kind of nonsense the Department of Justice is prone to inflicting on those involved in shadowy internet activities that, in fact, almost no one in the legal process understands. He was charged with participating in the hack of Stratfor, though he was not really involved and cannot code, and although the whole thing was organized by an F.B.I. informant. Brown had also retweeted a Fox News host's call to murder Julian Assange; the prosecution presented this as if he were himself calling for the murder of Assange. But generally, Brown's primary victim is himself. "My thirst for glory and hatred for the state," he writes, "were incompatible with an orthodox criminal defense, in which the limiting of one's sentence is the sole objective."

In his cell, with an eraser-less pencil he needs a compliant guard to repeatedly sharpen, he writes "The Barrett Brown Review of Arts and Letters and Jail." His mother types it up; The Intercept publishes. He develops the character he will play in his memoir: a self-aware narcissist and addict. He wins a National Magazine Award, and is especially pleased that his column "Please Stop Sending Me Jonathan Franzen Novels," wins while Franzen is in attendance.
"The state is an afterthought here — a litany of absurdist horrors too stupid to appall..." the review concludes.

"We're left with a man who refuses to look away from the deep structure of the world, an unstable position from which there is no sanctuary. My Glorious Defeats is deranged, hyperbolic and as true a work as I have read in a very long time."

SolarWinds still faces some legal action over its infamous 2020 breach, reports NextGov.com. But a U.S. federal judge has dismissed most of the claims from America's Securities and Exchange Commission, which "alleged the company defrauded investors because it deliberately hid knowledge of cyber vulnerabilities in its systems ahead of a major security breach discovered in 2020."

Slashdot reader krakman shares this report from the Washington Post: "The SEC's rationale, under which the statute must be construed to broadly cover all systems public companies use to safeguard their valuable assets, would have sweeping ramifications," [judge] Engelmayer wrote in a 107-page decision. "It could empower the agency to regulate background checks used in hiring nighttime security guards, the selection of padlocks for storage sheds, safety measures at water parks on whose reliability the asset of customer goodwill depended, and the lengths and configurations of passwords required to access company computers," he wrote. The federal judge also dismissed SEC claims that SolarWinds' disclosures after it learned its customers had been affected improperly covered up the gravity of the breach...

In an era when deeply damaging hacking campaigns have become commonplace, the suit alarmed business leaders, some security executives and even former government officials, as expressed in friend-of-the-court briefs asking that it be thrown out. They argued that adding liability for misstatements would discourage hacking victims from sharing what they know with customers, investors and safety authorities. Austin-based SolarWinds said it was pleased that the judge "largely granted our motion to dismiss the SEC's claims," adding in a statement that it was "grateful for the support we have received thus far across the industry, from our customers, from cybersecurity professionals, and from veteran government officials who echoed our concerns."
The article notes that as far back as 2018, "an engineer warned in an internal presentation that a hacker could use the company's virtual private network from an unauthorized device and upload malicious code. Brown did not pass that information along to top executives, the judge wrote, and hackers later used that exact technique." Engelmayer did not dismiss the case entirely, allowing the SEC to try to show that SolarWinds and top security executive Timothy Brown committed securities fraud by not warning in a public "security statement" before the hack that it knew it was highly vulnerable to attacks.

The SEC "plausibly alleges that SolarWinds and Brown made sustained public misrepresentations, indeed many amounting to flat falsehoods, in the Security Statement about the adequacy of its access controls," Engelmayer wrote. "Given the centrality of cybersecurity to SolarWinds' business model as a company pitching sophisticated software products to customers for whom computer security was paramount, these misrepresentations were undeniably material."

"More pieces of a broken wind turbine off the coast of Massachusetts are falling into the Atlantic Ocean," reports CBS News on Thursday. "The CEO of Vineyard Wind was at Nantucket's Select Board meeting Wednesday evening, apologizing and answering questions about the initial break when he suddenly had to leave because the situation is getting worse."

CNN reports the debris has been "prompting beach closures and frustrating locals at the peak of the summer season" since the blade broke a week ago, and then folded over: Since then, foam debris and fiberglass — including some large and dangerously sharp pieces — have washed onto beaches. A "significant part" of the remaining damaged blade detached from the turbine early Thursday morning, Vineyard Wind said in a news release. The US Coast Guard confirmed to CNN it has located a 300-foot piece of the blade.

There are few answers to what caused the turbine to fail, and the incident has prompted questions and anger from city officials and Nantucket residents... The shards of turbine forced officials to close beaches earlier this week, though they have since reopened. [Nantucket select board chair Brooke Mohr] said the town would monitor for additional debris and adjust schedules accordingly. "Public safety is our most immediate concern, these fiberglass pieces are quite sharp," Mohr said, making swimming unsafe...

The federal government is conducting its own investigation and has ordered Vineyard Wind to stop all its wind turbines producing electricity until it can be determined whether any other blades were impacted, a Bureau of Safety and Environmental Enforcement spokesperson said in a statement. The federal government has also ordered the companies to preserve any equipment that could help determine the cause of the failure. The federal suspension order effectively halts further construction on Vineyard Wind, the first large-scale wind farm being installed in the US. The wind farm, a joint venture of Avangrid and Copenhagen Infrastructure Partners, has 10 turbines up and running so far with plans to install 62 total...

The project was set to double the number of turbines spinning off the East Coast, and state leaders in Massachusetts have viewed it as a big boost to the state's ability to generate electricity. Now the project is in limbo, and could remain so until the investigation is complete.
The article quotes the head of government affairs at wind blade manufacturer GE Vernova as saying a breaking wind turbine is "highly unusual and rare." But Vineyard Wind CEO Klaus Skoust Møller called it a "very serious situation" and apologized to local residents.

Meanwhile, the Boston Herald reported Friday that the Nantucket Select Board "is set to pursue litigation against the wind energy company in connection to the blade failure..." Town officials, residents and local mariners have all said they didn't learn of the incident until Monday evening, roughly 48 hours after the fact and just hours before debris started to wash ashore, prompting beaches to close Tuesday...

The "significant portion" of the 107-meter blade that detached from the turbine Thursday morning sunk to the ocean floor. Crews were slated to recover the fiberglass "in due course," town officials wrote in a Friday update... Residents are not taking kindly to Vineyard Wind's assertion that the debris — fiberglass fragments ranging in size from small pieces to larger sections, typically green or white — is not toxic. Vineyard Wind has deployed a crew of 56 contractors to assist in the cleanup of the island's beaches, and town officials said Friday that no town staff are actively engaged in removing the debris. The wind energy company reported Wednesday that crews had removed 17 cubic yards of debris, enough to fill more than six truckloads.
"The joint venture of Connecticut-based Avangrid and Denmark-based Copenhagen Infrastructure Partners is developing a plan to test water quality around the island while working on a process for financial claims."

Bangladesh is experiencing a "near-total" nationwide internet shutdown amid government efforts to control widespread student protests against the country's quota system for government jobs. The country's quota system requires a third of government jobs be reserved for relatives of veterans who had fought for independence from Pakistan.

According to Reuters, the protests "have opened old and sensitive political fault lines between those who fought for Bangladesh's independence from Pakistan in 1971 and those accused of collaborating with Islamabad." Analysts say the protests have also been "fueled by high unemployment among young people" and "wider economic woes, such as high inflation and shrinking reserves of foreign exchange." Engadget reports on the internet disruptions: To control the situation, Bangladeshi authorities shut down internet and phone access throughout the country, a common practice in South Asia to prevent the spread of rumors and misinformation and exercise state control. NetBlocks, a global internet monitor that works on digital rights analyzed live network data that showed that Bangladesh was in the middle of a "near-total national internet shutdown." [...]

Bangladesh has frequently blacked out the internet to crack down on political opposition and activists. At the end of 2023, research tool CIVICUS Monitor, which provides data on the state of civil society and freedoms in nearly 200 countries, downgraded Bangladesh's civic space to "closed," its lowest possible rating, after the country imposed six internet shutdowns the previous year. That made Bangladesh the fifth-largest perpetrator of internet shutdowns in 2022, Access Now said.

The country's telecom regulator had pledged to keep internet access on through Bangladesh's general elections at the beginning of 2024, but that electoral period is now over. Despite the pledge, Bangladesh blocked access to news websites during its elections.

An anonymous reader quotes a report from Ars Technica: Citing frustration with mobile carriers enforcing different phone-unlocking policies that are bad for consumers, the Federal Communications Commission is proposing a 60-day unlocking requirement that would apply to all wireless providers. The industry's "confusing and disparate cell phone unlocking policies" mean that "some consumers can unlock their phones with relative ease, while others face significant barriers," Commissioner Geoffrey Starks said at yesterday's FCC meeting. "It also means certain carriers are subject to mandatory unlocking requirements while others are free to dictate their own. This asymmetry is bad for both consumers and competition."

The FCC is "proposing a uniform 60-day unlocking policy" so that "consumers can choose the carrier that offers them the best value," Starks said. Unlocking a phone allows it to be used on a different carrier's network as long as the phone is compatible. The FCC approved the Notice of Proposed Rulemaking (NPRM) in a 5-0 vote. That begins a public comment period that could lead to a final rulemaking. A draft of the NPRM said the FCC "propose[s] to require all mobile wireless service providers to unlock handsets 60 days after a consumer's handset is activated with the provider, unless within the 60-day period the service provider determines the handset was purchased through fraud."

"You bought your phone, you should be able to take it to any provider you want," Rosenworcel said. "Some providers already operate this way. Others do not. In fact, some have recently increased the time their customers must wait until they can unlock their device by as much as 100 percent." Rosenworcel apparently was referring to a prepaid brand offered by T-Mobile. The NPRM draft said that "T-Mobile recently increased its locking period for one of its brands, Metro by T-Mobile, from 180 days to 365 days." The 365-day rule brought Metro into line with other T-Mobile prepaid phones that already came with the year-long lock. We reached out to T-Mobile and will update this article if it provides a comment. A merger condition imposed on T-Mobile's purchase of Sprint merely requires that it unlock prepaid phones within one year. T-Mobile imposes different unlocking policies on prepaid and postpaid phones. For postpaid devices, T-Mobile says it will unlock phones that have been active for at least 40 days, but only if any associated financing or leasing agreement has been paid in full.

Calling plastic pollution one of the world's most pressing environmental problems, the Biden administration on Friday said that the federal government, the biggest buyer of consumer goods in the world, would phase out purchases of single-use plastics. From a report: The administration also said it planned tougher regulations on plastic manufacturing, which releases planet-warming greenhouse gases and other dangerous pollutants. The efforts, which the White House called the first comprehensive strategy to tackle plastic use nationwide, aim to reduce demand for disposable plastic items while also helping to create a market for substitutes that are reusable, compostable or more easily recyclable.

Brenda Mallory, who heads the White House Council on Environmental Quality, said in a statement that the changes would "require unprecedented action at every stage of the plastic life cycle." Because of its purchasing power, the White House added, "the federal government has the potential to significantly impact the supply of these products." The emphasis on curbing plastic use mirrors a growing recognition that the world can't recycle or manage its way out of a deluge of plastic waste. Global plastic production rose nearly 230-fold between 1950 and 2019, to more than 400 million tons a year, and is expected to quadruple from current levels by 2050. An estimated 40 percent of that is single-use plastic, which makes up the bulk of the world's plastic waste.

An anonymous reader quotes a report from 404 Media: A group of researchers, academics, and hackers are trying to make it easier to break AI companies' terms of service to conduct "good faith research" that exposes biases, inaccuracies, and training data without fear of being sued. The U.S. government is currently considering an exemption to U.S. copyright law that would allow people to break technical protection measures and digital rights management (DRM) on AI systems to learn more about how they work, probe them for bias, discrimination, harmful and inaccurate outputs, and to learn more about the data they are trained on. The exemption would allow for "good faith" security and academic research and "red-teaming" of AI products even if the researcher had to circumvent systems designed to prevent that research. The proposed exemption has the support of the Department of Justice, which said "good faith research can help reveal unintended or undisclosed collection or exposure of sensitive personal data, or identify systems whose operations or outputs are unsafe, inaccurate, or ineffective for the uses for which they are intended or marketed by developers, or employed by end users. Such research can be especially significant when AI platforms are used for particularly important purposes, where unintended, inaccurate, or unpredictable AI output can result in serious harm to individuals."

Much of what we know about how closed-sourced AI tools like ChatGPT, Midjourney, and others work are from researchers, journalists, and ordinary users purposefully trying to trick these systems into revealing something about the data they were trained on (which often includes copyrighted material indiscriminately and secretly scraped from the internet), its biases, and its weaknesses. Doing this type of research can often violate the terms of service users agree to when they sign up for a system. For example, OpenAI's terms of service state that users cannot "attempt to or assist anyone to reverse engineer, decompile or discover the source code or underlying components of our Services, including our models, algorithms, or systems (except to the extent this restriction is prohibited by applicable law)," and adds that users must not "circumvent any rate limits or restrictions or bypass any protective measures or safety mitigations we put on our Services."

Shayne Longpre, an MIT researcher who is part of the team pushing for the exemption, told me that "there is a lot of apprehensiveness about these models and their design, their biases, being used for discrimination, and, broadly, their trustworthiness." "But the ecosystem of researchers looking into this isn't super healthy. There are people doing the work but a lot of people are getting their accounts suspended for doing good-faith research, or they are worried about potential legal ramifications of violating terms of service," he added. "These terms of service have chilling effects on research, and companies aren't very transparent about their process for enforcing terms of service." The exemption would be to Section 1201 of the Digital Millennium Copyright Act, a sweeping copyright law. Other 1201 exemptions, which must be applied for and renewed every three years as part of a process through the Library of Congress, allow for the hacking of tractors and electronic devices for the purpose of repair, have carveouts that protect security researchers who are trying to find bugs and vulnerabilities, and in certain cases protect people who are trying to archive or preserve specific types of content. Harley Geiger of the Hacking Policy Council said that an exemption is "crucial to identifying and fixing algorithmic flaws to prevent harm or disruption," and added that a "lack of clear legal protection under DMCA Section 1201 adversely affect such research."

The FBI was given access to unreleased technology to access the phone of the man identified as the shooter of former President Donald Trump, Bloomberg reported late Thursday, citing people familiar with the investigation. From the report: As the FBI struggled to gain access on Sunday morning to the phone, they appealed directly to Cellebrite, a digital intelligence company founded in Israel that supplies technology to several US federal agencies, according to the people, who requested anonymity to speak freely about the case.

FBI agents wanted to pull data from the device to help decipher his motives for the shooting at a rally in Bethel Park, Pennsylvania, where Trump suffered an injured ear and a spectator was killed. Authorities have identified the deceased shooter as Thomas Matthew Crooks. The local FBI bureau in Pittsburgh held a license for Cellebrite software, which lets law enforcement identify or bypass a phone's passcode. But it didn't work with Crooks' device, according to the people, who said the deceased shooter owned a newer Samsung model that runs Android's operating system. The agents called Cellebrite's federal team, which liaises with law enforcement and government agencies, according to the people. Within hours, Cellebrite transferred to the FBI in Quantico, Virginia, additional technical support and new software that was still being developed. The details about the unsuccessful initial attempt to access the phone, and the unreleased software, haven't been previously reported.

Longtime Slashdot reader SonicSpike shares an op-ed from Reason, written by Sen. Rand Paul: In America, we do not punish businesses for their success. We certainly do not punish businesses because their competitors are struggling to keep pace. Sadly, that is exactly what the Department of Justice (DOJ) is attempting to do in its recent lawsuit against Apple. In March, the DOJ, joined by 15 states and the District of Columbia, filed a lawsuit aimed at penalizing Apple for successfully competing in the market for smartphones. However, like much of the Biden administration's approach to antitrust enforcement, the DOJ's lawsuit is focused on punishing Apple for its success rather than addressing any real harm to consumers. Instead of fostering innovation and competition, this approach threatens to stifle the very progress that benefits Americans.

In its lawsuit, the DOJ makes the unsubstantiated claim that Apple has "willfully monopolized" the smartphone market through "exclusionary" and "anticompetitive" conduct. In particular, it accuses Apple of exercising unwarranted control over the creation, distribution, and functioning of apps within the iPhone operating system. What the complaint ignores, however, is that this control is not simply a lawful business practice by a privately held company; it is an indispensable part of Apple's business model. Far from being an "anticompetitive" practice that harms consumers, Apple's careful approach to app integration is a pro-competitive way in which it meets its users' demands.

Privacy, security, and seamless integration have been the core of Apple's operational strategy for years. Back in 2010, Steve Jobs explained that "when selling to people who want their devices to just work, we think integrated wins every time." That "open systems don't always work," and Apple was "committed to the integrated approach." What makes Apple products so unique is their ease of use and consistency over time. While no product will ever be perfect, Apple's goal is to deliver a seamless, integrated experience that users can rely on time after time without giving it a second thought. How does Apple do this? By carefully exercising the very control that the DOJ is trying to punish. As economist Alex Tabarrok explains in Marginal Revolution: "Apple's promise to iPhone users is that it will be a gatekeeper. Gatekeeping is what allows Apple to promise greater security, privacy, usability and reliability. Gatekeeping is Apple's brand promise. Gatekeeping is what the consumer's are buying." [...] "Digital markets do not need more government regulation; they need more companies willing to innovate and compete," concludes Sen. Paul. "The DOJ should not waste taxpayer-provided resources targeting a company that has earned its success through excellence in the marketplace. An Apple a day may keep the doctor away, but it seems that all of the pro-competitive justifications in the world cannot keep a politically motivated antitrust enforcer at bay."

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission today voted to lower price caps on prison phone calls and closed a loophole that allowed prison telecoms to charge high rates for intrastate calls. Today's vote will cut the price of interstate calls in half and set price caps on intrastate calls for the first time. The FCC said it "voted to end exorbitant phone and video call rates that have burdened incarcerated people and their families for decades. Under the new rules, the cost of a 15-minute phone call will drop to $0.90 from as much as $11.35 in large jails and, in small jails, to $1.35 from $12.10."

The new rules are expected to take effect in January 2025 for all prisons and for jails with at least 1,000 incarcerated people. The rate caps would take effect in smaller jails in April 2025. Worth Rises, a nonprofit group advocating for prison reform, said it "estimates that the new rules will impact 83 percent of incarcerated people (about 1.4 million) and save impacted families at least $500 million annually." The nonprofit Prison Policy Institute said that prison phone companies charge ancillary fees for things "like making a deposit to fund an account." The ban on those fees "also effectively blocks a practice that we have been campaigning against for years: companies charging fees to consumers who choose to make single calls rather than fund a calling account, and deliberately steering new consumers to this higher-cost option in order to increase fee revenue," the group said.

The ancillary fee ban is a "technical-sounding change," but will help "eliminate some of the industry's dirtiest tricks that shortchange both the families and the facilities," the group said.

Longtime Slashdot reader Uncle_Meataxe shares a report from the Sacramento Bee: California's power grid handled a nearly three week long record-setting heat wave with few issues. The heat wave was the hottest 20-day period on record around Sacramento and set an all-time temperature record of 124 degrees in Palm Springs. Emergency alerts and calls for voluntary conservation were avoided this time around. Officials credit years of investment in renewable energy, especially battery storage that store solar power for use when the sun stops shining.

CAISO last issued calls for voluntary conservation two years ago, during a 2022 bout of extreme heat. Since then, roughly 11,600 megawatts of new renewable energy sources have come onto California's electricity grid. That includes 10,000 megawatts of battery power, enough to power 10 million homes for a few hours. California is now home to the most grid batteries in the world outside of China, [said Elliot Mainzer, president and CEO of California Independent System Operator (CAISO)].

"Batteries performed very well in this event, they were charged and ready at the right times for optimization on the grid," he added. "That made a big, big difference." [...] Apart from battery storage, Mainzer also credited that success to less extreme temperatures in Southern California as well as noticeable slightly lower electricity consumption in the peak demand hours, from 4 p.m. to 9 p.m.

Matthew Connatser reports via The Register: US government is granting GlobalWafers up to $400 million in CHIPS Act cash to help fund its 300mm wafer manufacturing facilities in Texas and Missouri. The Commerce Department said GlobalWafers' Texas plant is a significant milestone for the US as it's the country's first facility for manufacturing 300mm wafers, the kind that are used for modern processes. The Missouri site will produce a silicon-on-insulator (SOI) variant of 300mm wafers, which are more geared towards defense and aerospace applications where chips need to be less prone to failure. Plans to build the Texas wafer plant were first revealed just over two years ago by the Taiwanese chip biz. It was an alternative use of a few billion dollars that were originally earmarked for acquiring German wafer maker Siltronic, an acquisition which didn't go as hoped due to resistance from German regulators.

The Missouri plant meanwhile was announced in 2021 as a partnership between GlobalWafers and GlobalFoundries, the chip fab spun off from AMD that now focuses on older nodes rather than the cutting edge. This fab seems to be the smaller of the two, considering that its budget when first announced was just $800 million, and that seems to also cover an expansion of a 200mm SOI wafer plant. In total, GlobalWafers' Texas and Missouri factories will cost around four billion dollars, which means the maximum award funded by the CHIPS Act would cover up to ten percent of the budget. The Commerce Department claims that facilities will create 1,700 jobs in construction and 880 in manufacturing.

Britain's new Labour government has said it will explore how to effectively regulate AI models, but stopped short of proposing any specific laws. From a report: King Charles set out newly-elected Prime Minister Keir Starmer's legislative agenda in a speech on Wednesday to open the new session of parliament. It included more than 35 new bills covering everything from housing to cyber security measures. The government said it would seek to establish the appropriate legislation to place requirements on those working to develop "the most powerful artificial intelligence models."

Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year. From a report: According to Sophos' latest figures, released today, the median ransom payments rose to $2.54 million -- a whopping 41 times last year's sum of $62,500. The mean payment for 2024 is even higher at $3.225 million, although this represents a less dramatic 6x increase. IT, tech, and telecoms were the least likely to pay mega bucks to cybercriminals with an average payment of $330,000, while lower education and federal government orgs reported the highest average payments at $6.6 million.

The numbers are based only on ransomware victims that were willing to disclose the details of their blunders, so do not present the complete picture. On the topic of ransom payments, only 86 CNI organizations of the total 275 involved in the survey offered data. There's a good chance that the numbers would be skewed if 100 percent of the total CNI ransomware victims polled were entirely transparent with their figures. Costs to recover from ransomware attacks are also significantly up compared to the researchers' report last year, with some CNI sectors' costs quadrupling to a median average of $3 million per incident. While the mean cost across oil, gas, energy, and utilities dropped slightly to $3.12 million from $3.17 million last year, the energy and water sectors saw the sharpest increase in recovery costs. The new average for just these two sectors is now four times greater than the global median cross-sector average of $750k, Sophos said.

Repairs have finally commenced on three subsea telecommunications cables that were damaged in the Red Sea in February, even as Houthi militants escalate their attacks on ships in the area. From a report: The AAE-1 cable, a 25,000-kilometer (15,500 miles) fiber optic link between Asia and Europe, was repaired by a ship owned by E-Marine, a subsidiary of Abu Dhabi-based Emirates Telecommunications Group. The cable came online this week, a Yemeni government official said. The same ship, Niwa, remains in Yemeni waters to repair the remaining two cables, Seacom and EIG.

The cables, among more than a dozen that run through the Red Sea, were severed by the anchor of a cargo ship sunk by Iran-backed Houthi militants in late February. Repairs to the cables have depended on gaining access to infrastructure in Yemen's waters, a task complicated by the country's split government and the fact the Red Sea is a conflict zone. It has taken months of negotiations involving the cable operators and the two factions that control Yemen -- the internationally-recognized government in the south and the Houthi-backed government in Sanaa -- to arrange for the repair mission.

An anonymous reader quotes a report from CNBC: CNBC spoke to three startups -- France-based Zephalto, Florida-based Space Perspective and Arizona-based World View -- that aim to hoist tourists to the stratosphere using pressurized capsules and massive gas-filled balloons. "The capsule itself is designed to to carry eight customers and two crew into the stratosphere," said Ryan Hartman, CEO of World View. "There will be a center bar where people can gather, and then, of course, there will be a bathroom aboard the capsule." The balloon rides will last around 6 hours, but will not take passengers all the way to space. Most will reach heights of 15 to 19 miles above the earth's surface, flying in an area known as the stratosphere. The start of space is generally accepted by the U.S. government to be around 80 kilometers, or about 50 miles, above the earth's surface.

Jane Poynter, founder and co-CEO of Space Perspective, has a differing view. "There is no universal definition of space," Poynter said. "We are regulated as a spaceship. If we go over 98,000 feet, we are a spaceship. Outside the capsule, it's essentially a vacuum. We're above 99% of Earth's atmosphere, which is why the sky is so deep black." Compared to rocket-powered space tourism, the physical sensation that passengers will experience on a stratospheric balloon ride is more comparable to being on an airplane. Passengers will not experience weightlessness. "We don't need any physical requirements to board the balloon," said Vincent Farret d'Asties, the founder and chief pilot at Zephalto. "If you can board a standard plane, you can board the balloon."

All three companies told CNBC that they were pleased with consumer interest. World Views says it sold 1,250 tickets so far while Space Perspective has sold 1,800. Zephalto did not tell CNBC how many tickets it sold, but said its initial flights were fully booked. Ticket prices range from $50,000 per seat with World View to around $184,000 with Zephalto. Space Perspective sells tickets to its experience for $125,000 per seat. That's all assuming commercial service gets off the ground. Only Zephalto has performed crewed tests so far, though not at the company's target altitude of about 15 miles above the earth's surface.

According to lobby group ChargeUK, there were 930,000 electric car chargers in the UK at the end of June, with the majority residing in homes and at businesses. Only about 65,000 public chargers are available. The Guardian reports: The ChargeUK analysis showed that a new public charger was installed every 25 minutes in the spring quarter as companies raced to keep up with demand. Companies installed 5,100 public chargers during the second quarter of 2024, according to the data company Zapmap. [...] There are 1.1 million electric vehicles on UK roads, including 167,000 cars sold in the first half of this year, according to the Society of Motor Manufacturers and Traders lobby group. That is a 9% increase compared with the previous year, although the share of electric sales only increased marginally to 16.6%, as relatively higher upfront prices and rising interest rates deterred some buyers.

ChargeUK's analysis, which was carried out by the thinktank New AutoMotive, suggested that the private sector was confident it could meet a target set by the previous Conservative government of 300,000 public charge points by 2030. "In little more than a decade, the UK's charging sector has grown to become a major player in the green economy, providing the infrastructure that more than a million EV drivers rely on today and scaling fast to deliver the charging needed through to 2030 and beyond," said Vicky Read, the chief executive of ChargeUK.

Rite Aid, the third-largest U.S. drug store chain, reported it a ransomware attack that compromised the personal data of 2.2 million customers. The data exposed includes names, addresses, dates of birth, and driver's license numbers or other forms of government-issued ID from transactions between June 2017 and July 2018.

"On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems," the company said in a filing. "We detected the incident within 12 hours and immediately launched an internal investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted." Ars Technica's Dan Goodin reports: RansomHub, the name of a relatively new ransomware group, has taken credit for the attack, which it said yielded more than 10GB of customer data. RansomHub emerged earlier this year as a rebranded version of a group known as Knight. According to security firm Check Point, RansomHub became the most prevalent ransomware group following an international operation by law enforcement in May that took down much of the infrastructure used by rival ransomware group Lockbit.

On its dark web site, RansomHub said it was in advanced stages of negotiation with Rite Aid officials when the company suddenly cut off communications. A Rite Aid official didn't respond to questions sent by email. Rite Aid has also declined to say if the employee account compromised in the breach was protected by multifactor authentication.

Last week, the U.S. Senate introduced a new bill to outlaw the unethical use of AI-generated content and deepfake technology. Called the Content Origin Protection and Integrity from Edited and Deepfaked Media Act (COPIED Act), the bill would "set new federal transparency guidelines for marking, authenticating and detecting AI-generated content, protect journalists, actors and artists against AI-driven theft, and hold violators accountable for abuses." TechSpot reports: Proposed and sponsored by Democrats Maria Cantwell of Washington and Martin Heinrich of New Mexico, along with Republican Marsha Blackburn of Tennessee, the aims to establish enforceable transparency standards in AI development [such a through watermarking]. The legislation also wants to curb unauthorized data use in training models. The senators intend to task the National Institutes of Standards and Technology with developing sensible transparency guidelines should the bill pass. [...] The senators feel that clarifying and defining what is okay and what is not regarding AI development is vital in protecting citizens, artists, and public figures from the harm that misuse of the technology could cause, particularly in creating deepfakes. The text of the bill can be read here.