The National Archives and Records Administration (NARA) told employees Wednesday that it is blocking access to ChatGPT on agency-issued laptops to "protect our data from security threats associated with use of ChatGPT," 404 Media reported Wednesday. From the report: "NARA will block access to commercial ChatGPT on NARANet [an internal network] and on NARA issued laptops, tablets, desktop computers, and mobile phones beginning May 6, 2024," an email sent to all employees, and seen by 404 Media, reads. "NARA is taking this action to protect our data from security threats associated with use of ChatGPT."

The move is particularly notable considering that this directive is coming from, well, the National Archives, whose job is to keep an accurate historical record. The email explaining the ban says the agency is particularly concerned with internal government data being incorporated into ChatGPT and leaking through its services. "ChatGPT, in particular, actively incorporates information that is input by its users in other responses, with no limitations. Like other federal agencies, NARA has determined that ChatGPT's unrestricted approach to reusing input data poses an unacceptable risk to NARA data security," the email reads. The email goes on to explain that "If sensitive, non-public NARA data is entered into ChatGPT, our data will become part of the living data set without the ability to have it removed or purged."

LinkedIn, the professional network known for job listings and unsolicited career advice, is jumping into gaming. From a report: The platform is officially introducing a set of Wordle-style puzzle games, weeks after they were first spotted in the app. The company is starting with three games: Pinpoint, a word game where players must guess the theme that ties a series of words together; Queens, a puzzle game that's a bit like a cross between Sudoku and Minesweeper; and Crossclimb, a trivia game that involves guessing a series of four-letter words and placing them in the correct order.

LinkedIn describes them as "thinking-oriented games," though the format will likely look familiar to fans of The New York Times Games app. Each game can only be played once a day, and players can share their score with friends in cute emoji-filled messages reminiscent of the "Wordle grid." The service will also keep track of "streaks," to encourage players to come back every day. Given the similarities, it shouldn't be surprising that games were developed by LinkedIn's news team, which recently hired a dedicated games editor.

Satellite operator SES plans to buy fellow satellite operator Intelsat, in a $3.1 billion deal that's expected to close next year. According to Space Magazine, the combined company could help it "compete with SpaceX's huge Starlink broadband network." From the report: SES and Intelsat both operate communications satellites in geostationary orbit, which lies 22,236 miles (35,785 kilometers) above Earth. SES also runs a constellation called O3b in medium Earth orbit, at an altitude of about 5,000 miles (8,000 km). As [SES CEO Adel Al-Saleh] noted, there is increasingly fierce competition for the services provided by these satellites -- for example, from SpaceX's Starlink megaconstellation in low Earth orbit. And other LEO megaconstellations are in the works as well. For instance, Amazon launched the first two prototypes for its planned 3,200-satellite Project Kuiper network this past October.

"By combining our financial strength and world-class team with that of SES, we create a more competitive, growth-oriented solutions provider in an industry going through disruptive change," Intelsat CEO David Wajsgras said in the same statement. "The combined company will be positioned to meet customers' needs around the world and exceed their expectations," he added.

An anonymous reader quotes a report from Foss Outpost: Systemd lead developer Lennart Poettering has posted on Mastodon about their upcoming v256 release of Systemd, which is expected to include a sudo replacement called "run0". The developer talks about the weaknesses of sudo, and how it has a large possible attack surface. For example, sudo supports network access, LDAP configurations, other types of plugins, and much more. But most importantly, its SUID binary provides a large attack service according to Lennart: "I personally think that the biggest problem with sudo is the fact it's a SUID binary though -- the big attack surface, the plugins, network access and so on that come after it it just make the key problem worse, but are not in themselves the main issue with sudo. SUID processes are weird concepts: they are invoked by unprivileged code and inherit the execution context intended for and controlled by unprivileged code. By execution context I mean the myriad of properties that a process has on Linux these days, from environment variables, process scheduling properties, cgroup assignments, security contexts, file descriptors passed, and so on and so on."

He's saying that sudo is a Unix concept from many decades ago, and a better privilege escalation system should be in place for 2024 security standards: "So, in my ideal world, we'd have an OS entirely without SUID. Let's throw out the concept of SUID on the dump of UNIX' bad ideas. An execution context for privileged code that is half under the control of unprivileged code and that needs careful manual clean-up is just not how security engineering should be done in 2024 anymore." [...]

He also mentioned that there will be more features in run0 that are not just related to the security backend such as: "The tool is also a lot more fun to use than sudo. For example, by default, it will tint your terminal background in a reddish tone while you are operating with elevated privileges. That is supposed to act as a friendly reminder that you haven't given up the privileges yet, and marks the output of all commands that ran with privileges appropriately. It also inserts a red dot (unicode ftw) in the window title while you operate with privileges, and drops it afterwards."

An anonymous reader quotes a report from TechCrunch: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company's systems that weren't protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG). UnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the U.S. healthcare system. This is the first time the health insurance giant has given an assessment of how hackers broke into Change Healthcare's systems, during which massive amounts of health data were exfiltrated from its systems. UnitedHealth said last week that the hackers stole health data on a "substantial proportion of people in America."

According to Witty's testimony, the criminal hackers "used compromised credentials to remotely access a Change Healthcare Citrix portal." Organizations like Change use Citrix software to let employees access their work computers remotely on their internal networks. Witty did not elaborate on how the credentials were stolen. However, Witty did say the portal "did not have multifactor authentication," which is a basic security feature that prevents the misuse of stolen passwords by requiring a second code sent to an employee's trusted device, such as their phone. It's not known why Change did not set up multifactor authentication on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer's systems. "Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data," said Witty. Witty said the hackers deployed ransomware nine days later on February 21, prompting the health giant to shut down its network to contain the breach. Last week, the medical firm admitted that it paid the ransomware hackers roughly $22 million via bitcoin.

Meanwhile, UnitedHealth said the total costs associated with the ransomware attack amounted to $872 million. "The remediation efforts spent on the attack are ongoing, so the total costs related to business disruption and repairs are likely to exceed $1 billion over time, potentially including the reported $22 million payment made [to the hackers]," notes The Register.

Richard Speed reports via The Register: NASA's optical communications demonstration has hit 25 Mbps in a test transmitting engineering data back to Earth from 140 million miles (226 million kilometers) away. The payload is riding aboard the Psyche probe, which is headed for an asteroid of the same name. On December 11, when the spacecraft was 19 million miles (30 million kilometers) away, it reached 267 Mbps, which NASA described as "comparable to broadband internet download speeds."

However, as Psyche has continued on its trajectory, the distances have become greater, and the rate at which data can be transmitted and received has tumbled. At 140 million miles, the project's goal was to reach a lofty 1 Mbps. Instead, engineers managed to get 25 Mbps out of the demonstration. Earlier demonstrations tested the technology using preloaded data, such as a cat video. The latest experiment used a copy of engineering data also sent via Psyche's radio transmitter.

"We downlinked about 10 minutes of duplicated spacecraft data during a pass on April 8," said Meera Srinivasan, the project's operations lead at NASA's Jet Propulsion Laboratory (JPL) in Southern California. "Until then, we'd been sending test and diagnostic data in our downlinks from Psyche. This represents a significant milestone for the project by showing how optical communications can interface with a spacecraft's radio frequency comms system." The demonstrator is only along for the ride -- Psyche uses conventional radio technology for its mission. However, the demonstration does point to the potential for higher-bandwidth communications in future projects.

Millions of Americans pay for Netflix, doling out anywhere from $6.99 to $22.99 a month. It's a common belief that you can get out of recurring charges like this by canceling your credit card. Netflix won't be able to find you, and your account will just go away, right? You wouldn't be crazy for believing it, but it's a myth that canceling a credit card will definitely stop your recurring charges. From a report: Nearly 46% of Americans opened a new credit card last year, according to Forbes, which means millions of Americans also canceled old ones. When you switch cards, Netflix doesn't just stop your service -- they just start charging your new card. Granted, it might be easier to just cancel your Netflix subscription directly. There's a largely hidden service that enables Netflix and most other subscription services to keep throwing charges at you indefinitely.

"Banks may automatically update credit or debit card numbers when a new card is issued. This update allows your card to continue to be charged, even if it's expired," Netflix says in its help center. Most major card providers offer a feature that enables this, including Visa. In 2003, Visa U.S.A. started offering a new software product to merchants called Visa Account Updater (VAU), according to a 2003 American Banker article. The service works with a network of banks to create a virtual tracking service of Americans' financial profiles. Whenever someone renews, or switches a credit card within their bank, the institution automatically update the VAU. This system lets Netflix and countless other corporations charge whatever card you have on file.

The United Kingdom has become the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. From a report: The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.

Manufacturing and design practices mean many IoT products introduce additional risks to the home and business networks they're connected to. In one often-cited case described by cybersecurity company Darktrace, hackers were allegedly able to steal data from a casino's otherwise well-protected computer network after breaking in through an internet-connected temperature sensor in a fish tank. Under the PSTI, weak or easily guessable default passwords such as "admin" or "12345" are explicitly banned, and manufacturers are also required to publish contact details so users can report bugs.

Oakland, California is now home to "the first commercial hydrogen fuel station for big-rig trucks in the United States," according to the Los Angeles Times — serving 30 hydrogen fuel-cell trucks.

The newspaper says the facility "could mark the start of a nationwide network for fuel-cell truck refueling. It could also flop." Hydrogen fuel is expensive — as much as four times more expensive than gasoline or diesel fuel. The fuel cells, which drive electric motors to drive the truck, are enormously expensive as well.... The vehicles themselves are expensive too. Both battery electric and hydrogen fuel-cell trucks can cost three times as much or more than a $120,000 diesel truck. Those buying the trucks can qualify for state and federal subsidies to make up most of the upfront costs.
But government regulations may spark some demand: New diesel truck sales will be outlawed in California by 2036. Only zero-tailpipe-emission new trucks will be allowed. Already, zero-emission requirements are in place for trucks that enter ocean ports. And only two technologies are available to achieve that goal: battery electric trucks and hydrogen fuel-cell trucks. "We believe a good portion of those will be hydrogen vehicles," said Matt Miyasato, chief of public policy for hydrogen fuel distributor FirstElement Fuel. FirstElement, through its True Zero brand fueling stations, is the largest hydrogen vehicle fuel distributor in the U.S...

Battery electric is gaining a strong foothold in the medium-sized delivery truck market, but hydrogen could have a leg up for long-haul trucking. While a fuel cell is comparable in size to a diesel engine, a battery big enough for long-haul trucks adds weight and size and cuts down on the total freight load the truck can deliver. And while an electric truck battery can take hours to recharge, the refill time for hydrogen is more comparable to filling up with diesel fuel.

"A former high school athletic director was arrested Thursday morning," reports CBS News, "after allegedly using artificial intelligence to impersonate the school principal in a recording..." One-time Pikesville High School employee Dazhon Darien is facing charges that include theft, stalking, disruption of school operations and retaliation against a witness. Investigators determined he faked principal Eric Eiswert's voice and circulated the audio on social media in January. Darien's nickname, DJ, was among the names mentioned in the audio clips he allegedly faked, according to the Baltimore County State's Attorney's Office.

Baltimore County detectives say Darien created the recording as retaliation against Eiswert, who had launched an investigation into the potential mishandling of school funds, Baltimore County Police Chief Robert McCullough said on Thursday. Eiswert's voice, which police and AI experts believe was simulated, made disparaging comments toward Black students and the surrounding Jewish community. The audio was widely circulated on social media.
The article notes that after the faked recording circulated on social media the principal "was temporarily removed from the school, and waves of hate-filled messages circulated on social media, while the school received numerous phone calls."

The suspect had actually used the school's network multiple times to perform online searches for OpenAI tools, "which police linked to paid OpenAI accounts."

"Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years," Ars Technica reported this week, "in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday.

"When Microsoft patched the vulnerability in October 2022 — at least two years after it came under attack by the Russian hackers — the company made no mention that it was under active exploitation." As of publication, the company's advisory still made no mention of the in-the-wild targeting. Windows users frequently prioritize the installation of patches based on whether a vulnerability is likely to be exploited in real-world attacks.

Exploiting CVE-2022-38028, as the vulnerability is tracked, allows attackers to gain system privileges, the highest available in Windows, when combined with a separate exploit. Exploiting the flaw, which carries a 7.8 severity rating out of a possible 10, requires low existing privileges and little complexity. It resides in the Windows print spooler, a printer-management component that has harbored previous critical zero-days. Microsoft said at the time that it learned of the vulnerability from the US National Security Agency... Since as early as April 2019, Forest Blizzard has been exploiting CVE-2022-38028 in attacks that, once system privileges are acquired, use a previously undocumented tool that Microsoft calls GooseEgg. The post-exploitation malware elevates privileges within a compromised system and goes on to provide a simple interface for installing additional pieces of malware that also run with system privileges. This additional malware, which includes credential stealers and tools for moving laterally through a compromised network, can be customized for each target.

"While a simple launcher application, GooseEgg is capable of spawning other applications specified at the command line with elevated permissions, allowing threat actors to support any follow-on objectives such as remote code execution, installing a backdoor, and moving laterally through compromised networks," Microsoft officials wrote.
Thanks to Slashdot reader echo123 for sharing the news.

The U.S. Court of Appeals for the 2nd Circuit overturned a prior district court decision, lifting the injunction that blocked New York's law mandating that ISPs offer $15 broadband plans to low-income families. Ars Technica reports: The ruling (PDF) is a loss for six trade groups that represent ISPs, although it isn't clear right now whether the law will be enforced. For consumers who qualify for means-tested government benefits, the state law requires ISPs to offer "broadband at no more than $15 per month for service of 25Mbps, or $20 per month for high-speed service of 200Mbps," the ruling noted. The law allows for price increases every few years and makes exemptions available to ISPs with fewer than 20,000 customers.

"First, the ABA is not field-preempted by the Communications Act of 1934 (as amended by the Telecommunications Act of 1996), because the Act does not establish a framework of rate regulation that is sufficiently comprehensive to imply that Congress intended to exclude the states from entering the field," a panel of appeals court judges stated in a 2-1 opinion. Trade groups claimed the state law is preempted by former Federal Communications Commission Chairman Ajit Pai's repeal of net neutrality rules. Pai's repeal placed ISPs under the more forgiving Title I regulatory framework instead of the common-carrier framework in Title II of the Communications Act.

2nd Circuit judges did not find this argument convincing: "Second, the ABA is not conflict-preempted by the Federal Communications Commission's 2018 order classifying broadband as an information service. That order stripped the agency of its authority to regulate the rates charged for broadband Internet, and a federal agency cannot exclude states from regulating in an area where the agency itself lacks regulatory authority. Accordingly, we REVERSE the judgment of the district court and VACATE the permanent injunction."

Tobias Mann reports via The Register: Canadian systems builder 45 Drives is perhaps best known for the dense multi-drive storage systems employed by the likes of Backblaze and others, but over the last year the biz has expanded its line-up to virtualization kit, and now low-power clients and workstations aimed at enterprises and home enthusiasts alike. 45 Drives' Home Client marks a departure from the relatively large rack-mount chassis it normally builds. Founder Doug Milburn told The Register the mini PC is something of a passion project that was born out of a desire to build a better home theater PC.

Housed within a custom passively cooled chassis built in-house by 45 Drive's parent company Protocase, is a quad-core, non-hyperthreaded Intel Alder Lake-generation N97 processor capable of boosting to 3.6GHz, your choice of either 8GB or 16GB of memory, and 250GB of flash storage. The decision to go with a 12-gen N-series was motivated in part by 45 Drives' internal workloads, Milburn explains, adding that to run PowerPoint or Salesforce just doesn't require that much horsepower. However, 45 Drives doesn't just see this as a low-power PC. Despite its name, the box will be sold under both its enterprise and home brands. In home lab environments, these small form factor x86 and Arm PCs have become incredibly popular for everything from lightweight virtualization and container hosts to firewalls and routers. [...]

In terms of software, 45 Drives says it will offer a number of operating system images for customers to choose from at the time of purchase, and Linux will be a first-class citizen on these devices. It's safe to say that Milburn isn't a big fan of Microsoft these days. "We run many hundreds of Microsoft workstations here, but we're kind of moving away from it," he said. "With Microsoft, it's a control thing; it's forced updates; it's a way of life with them." Milburn also isn't a fan of Microsoft's registration requirements and online telemetry. "We want control over what all our computers do. We want no traffic on our network that's out of here," he said. As a result, Milburn says 45 Drives is increasingly relying on Linux, and that not only applies to its internal machines but its products as well. Having said that, we're told that 45 Drives recognizes that Linux may not be appropriate for everyone and will offer Windows licenses at an additional cost. And, these both being x86 machines, there's nothing stopping you from loading your preferred distro or operating system on them after they've shipped. These workstations aren't exactly cheap. They start at $1,099 without the dedicated GPU. "The HL15 will set you back $799-$910 for the bare chassis if you opted for the PSU or not," adds The Register. "Meanwhile, a pre-configured system would run you $1,999 before factoring in drives."

An anonymous reader quotes a report from TechCrunch: Darktrace is set to go private in a deal that values the U.K.-based cybersecurity giant at around $5 billion. A newly formed entity called Luke Bidco Ltd., formed by private equity giant Thoma Bravo, has tabled an all-cash bid of $7.75 per share, which represents a 44% premium on its average price for the three-month period ending April 25. However, this premium drops to just 20% when juxtaposed against Darktrace's closing price Thursday, as the company's shares had risen 20% to 5.18 pounds in the past month.

Founded out of Cambridge, U.K., in 2013, Darktrace is best known for AI-enabled threat detection smarts, using machine learning to identify abnormal network activity and attempts at ransomware attacks, insider attacks, data breaches and more. The company claims big-name customers including Allianz, Airbus and the city of Las Vegas. After raising some $230 million in VC funding and hitting a private valuation of $1.65 billion, Darktrace went public on the London Stock Exchange in April 2021, with an opening-day valuation of $2.4 billion. Its shares hit an all-time high later that year of 9.45 pounds and plummeted to an all-time low of 2.29 pounds last February. But they had been steadily rising since the turn of the year and hadn't fallen below 4 pounds since the beginning of March.

The full valuation based on Thoma Bravo's offer amounts to $5.3 billion on what is known as a full-diluted basis, which takes into account all convertible securities and is designed to give a more comprehensive view of a company's valuation. However, the enterprise value in this instance is approximately $4.9 billion, which includes additional considerations such as debt and cash positions. [...] The deal is of course still subject to shareholder approval, but the companies said that they expect to complete the transaction by the end of 2024. "The proposed offer represents an attractive premium and an opportunity for shareholders to receive the certainty of a cash consideration at a fair value for their shares," Darktrace chair Gordon Hurst said. "The proposed acquisition will provide Darktrace access to a strong financial partner in Thoma Bravo, with deep software sector expertise, who can enhance the company's position as a best-in-class cyber AI business headquartered in the U.K."

An anonymous reader quotes a report from Tom's Hardware: TSMC announced its leading-edge 1.6nm-class process technology today, a new A16 manufacturing process that will be the company's first Angstrom-class production node and promises to outperform its predecessor, N2P, by a significant margin. The technology's most important innovation will be its backside power delivery network (BSPDN). Just like TSMC's 2nm-class nodes (N2, N2P, and N2X), the company's 1.6nm-class fabrication process will rely on gate-all-around (GAA) nanosheet transistors, but unlike the current and next-generation nodes, this one uses backside power delivery dubbed Super Power Rail. Transistor and BSPDN innovations enable tangible performance and efficiency improvements compared to TSMC's N2P: the new node promises an up to 10% higher clock rate at the same voltage and a 15%-20% lower power consumption at the same frequency and complexity. In addition, the new technology could enable 7%-10% higher transistor density, depending on the actual design.

The most important innovation of TSMC's A16 process, which was unveiled at the company's North American Technology Symposium 2024, is the introduction of the Super Power Rail (SPR), a sophisticated backside power delivery network (BSPDN). This technology is tailored specifically for AI and HPC processors that tend to have both complex signal wiring and dense power delivery networks. Backside power delivery will be implemented into many upcoming process technologies as it allows for an increase in transistor density and improved power delivery, which affects performance. Meanwhile, there are several ways to implement a BSPDN. TSMC's Super Power Rail plugs the backside power delivery network to each transistor's source and drain using a special contact that also reduces resistance to get the maximum performance and power efficiency possible. From a production perspective, this is one of the most complex BSPDN implementations and is more complex than Intel's Power Via. Volume production of A16 is slated for the second half of 2026. "Therefore, actual A16-made products will likely debut in 2027," notes the report. "This timeline positions A16 to potentially compete with Intel's 14A node, which will be Intel's most advanced node at the time."

prisoninmate shares a report from 9to5Linux: Canonical released today Ubuntu 24.04 LTS (Noble Numbat) as the latest version of its popular Linux-based operating system featuring some of the latest GNU/Linux technologies and Open Source software. Powered by Linux kernel 6.8, Ubuntu 24.04 LTS features the latest GNOME 46 desktop environment, an all-new graphical firmware update tool called Firmware Updater, Netplan 1.0 for state-of-the-art network management, updated Ubuntu font, support for the deb822 format for software sources, increased vm.max_map_count for better gaming, and Mozilla Thunderbird as a Snap by default.

It also comes with an updated Flutter-based graphical desktop installer that's now capable of updating itself and features a bunch of changes like support for accessibility features, guided (unencrypted) ZFS installations, a new option to import auto-install configurations for templated custom provisioning, as well as new default installation options, such as Default selection (previously Minimal) and Extended selection (previously Normal)."

An anonymous reader quotes a report from MIT Technology Review: Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto.

These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps -- built by major internet companies like Baidu, Tencent, and iFlytek -- basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.

In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties. Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping. [...] After the researchers got in contact with companies that developed these keyboard apps, the majority of the loopholes were fixed. But a few companies have been unresponsive, and the vulnerability still exists in some apps and phones, including QQ Pinyin and Baidu, as well as in any keyboard app that hasn't been updated to the latest version.

An anonymous reader quotes a report from Wired: Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Cisco warned that its so-called Adaptive Security Appliances -- devices that integrate a firewall and VPN with other security features -- had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant's gear to compromise government targets globally in a hacking campaign it's calling ArcaneDoor.

The hackers behind the intrusions, which Cisco's security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn't be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group's espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored. "This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor," a blog post from Cisco's Talos researchers reads. Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China's state interests.

Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. "The investigation that followed identified additional victims, all of which involved government networks globally," the company's report reads. In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco's ASA products. One, which it's calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers' malware to maintain its access to the target devices even when they were rebooted or updated. It's not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances. Cisco advises that customers apply its new software updates to patch both vulnerabilities.

A separate advisory (PDF) from the UK's National Cybersecurity Center notes that physically unplugging an ASA device does disrupt the hackers' access. "A hard reboot by pulling the power plug from the Cisco ASA has been confirmed to prevent Line Runner from re-installing itself," the advisory reads.

Oracle Chairman Larry Ellison said Tuesday that the company is moving its world headquarters to Nashville, Tennessee, to be closer to a major health-care epicenter. CNBC reports: In a wide-ranging conversation with Bill Frist, a former U.S. Senate Majority Leader, Ellison said Oracle is moving a "huge campus" to Nashville, "which will ultimately be our world headquarters." He said Nashville is an established health center and a "fabulous place to live," one that Oracle employees are excited about. "It's the center of the industry we're most concerned about, which is the health-care industry," Ellison said. The announcement was seemingly spur-of-the-moment. "I shouldn't have said that," Ellison told Frist, a longtime health-care industry veteran who represented Tennessee in the Senate. The pair spoke during a fireside chat at the Oracle Health Summit in Nashville.

Nashville has been a major player in the health-care scene for decades, and the city is now home to a vibrant network of health systems, startups and investment firms. The city's reputation as a health-care hub was catalyzed when HCA Healthcare, one of the first for-profit hospital companies in the U.S., was founded there in 1968. HCA helped attract troves of health-care professionals to Nashville, and other organizations quickly followed suit. Oracle has been developing its new $1.2 billion campus in the city for about three years, according to The Tennessean. "Our people love it here, and we think it's the center of our future," Ellison said.

Andy Greenberg reports via Wired: More than two months after the start of a ransomware debacle whose impact ranks among the worst in the history of cybersecurity, the medical firm Change Healthcare finally confirmed what cybercriminals, security researchers, and Bitcoin's blockchain had already made all too clear: that it did indeed pay a ransom to the hackers who targeted the company in February. And yet, it still faces the risk of losing vast amounts of customers' sensitive medical data. In a statement sent to WIRED and other news outlets on Monday evening, Change Healthcare wrote that it paid a ransom to a cybercriminal group extorting the company, a hacker gang known as AlphV or BlackCat. "A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure," the statement reads. The company's belated admission of that payment accompanied a new post on its website where it warns that the hackers may have stolen health-related data that would "cover a substantial proportion of people in America."

Cybersecurity and cryptocurrency researchers told WIRED last month that Change Healthcare appeared to have paid that ransom on March 1, pointing to a transaction of 350 bitcoins or roughly $22 million sent into a crypto wallet associated with the AlphV hackers. That transaction was first highlighted in a message on a Russian cybercriminal forum known as RAMP, where one of AlphV's allegedly jilted partners complained that they hadn't received their cut of Change Healthcare's payment. However, for weeks following that transaction, which was publicly visible on Bitcoin's blockchain and which both security firm Recorded Future and blockchain analysis firm TRM Labs told WIRED had been received by AlphV, Change Healthcare repeatedly declined to confirm that it had paid the ransom.

Change Healthcare's confirmation of that extortion payment puts new weight behind the cybersecurity industry's fears that the attack -- and the profit AlphV extracted from it -- will lead ransomware gangs to further target health care companies. "It 100 percent encourages other actors to target health care organizations," Jon DiMaggio, a researcher with cybersecurity firm Analyst1 who focuses on ransomware, told WIRED at the time the transaction was first spotted in March. "And it's one of the industries we don't want ransomware actors to target -- especially when it affects hospitals." Compounding the situation, a conflict between hackers in the ransomware ecosystem has led to a second ransomware group claiming to possess Change Healthcare's stolen data and threatening to sell it to the highest bidder on the dark web. Earlier this month that second group, known as RansomHub, sent WIRED alleged samples of the stolen data that appeared to come from Change Healthcare's network, including patient records and a contract with another health care company.