Security researcher Grant Smith uncovered a large-scale smishing scam where scammers posing as the USPS tricked victims into providing their credit card details through fake websites. Smith hacked into the scammers' systems, gathered evidence, and collaborated with the USPS and a US bank to protect over 438,000 unique credit cards from fraudulent activity. Wired reports: The flood of text messages started arriving early this year. They carried a similar thrust: The United States Postal Service is trying to deliver a parcel but needs more details, including your credit card number. All the messages pointed to websites where the information could be entered. Like thousands of others, security researcher Grant Smith got a USPS package message. Many of his friends had received similar texts. A couple of days earlier, he says, his wife called him and said she'd inadvertently entered her credit card details. With little going on after the holidays, Smith began a mission: Hunt down the scammers. Over the course of a few weeks, Smith tracked down the Chinese-language group behind the mass-smishing campaign, hacked into their systems, collected evidence of their activities, and started a months-long process of gathering victim data and handing it to USPS investigators and a US bank, allowing people's cards to be protected from fraudulent activity.

In total, people entered 438,669 unique credit cards into 1,133 domains used by the scammers, says Smith, a red team engineer and the founder of offensive cybersecurity firm Phantom Security. Many people entered multiple cards each, he says. More than 50,000 email addresses were logged, including hundreds of university email addresses and 20 military or government email domains. The victims were spread across the United States -- California, the state with the most, had 141,000 entries -- with more than 1.2 million pieces of information being entered in total. "This shows the mass scale of the problem," says Smith, who is presenting his findings at the Defcon security conference this weekend and previously published some details of the work. But the scale of the scamming is likely to be much larger, Smith says, as he didn't manage to track down all of the fraudulent USPS websites, and the group behind the efforts have been linked to similar scams in at least half a dozen other countries.

An anonymous reader quotes a report from Ars Technica: The past several years have been absolute scorchers, with 2023 being the warmest year ever recorded. And things did not slow down in 2024. As a result, we entered a stretch where every month set a new record as the warmest iteration of that month that we've ever recorded. Last month, that pattern stretched out for a full 12 months, as June of 2024 once again became the warmest June ever recorded. But, despite some exceptional temperatures in July, it fell just short of last July's monthly temperature record, bringing the streak to a close.

Europe's Copernicus system was first to announce that July of 2024 was ever so slightly cooler than July of 2023, missing out on setting a new record by just 0.04 degrees C. So far, none of the other major climate trackers, such as Berkeley Earth or NASA GISS, have come out with data for July. These each have slightly different approaches to tracking temperatures, and, with a margin that small, it's possible we'll see one of them register last month as warmer or statistically indistinguishable. According to the Copernicus system, July 2024 was 0.68 degrees above the average temperature for July from 1991 to 2020. It also included the warmest day ever recorded.

In terms of anomalies, July 2024 also represents the first time in a year that a month was less than 1.5 degrees C above preindustrial temperatures (defined as the average from 1850-1900).

FTX has been ordered to pay $12.7 billion in relief to its customers, according to the Commodity Futures Trading Commission (CFTC). In a statement, CFTC Chairman Rostin Behnam said the crypto exchange drew customers in with "an illusion that it was a safe and secure place to access crypto markets," then misappropriated their customer deposits to make its own risky investments. Reuters reports: The repayment order implements a settlement between the CFTC and the bankrupt crypto exchange, which has committed to a bankruptcy liquidation that will repay customers whose deposits were locked during its late 2022 collapse. FTX has said that its customers will receive 100% recovery on their claims against the company, based on the value of their accounts at the time it filed for bankruptcy. The CFTC agreement resolves a potential roadblock to that repayment, ensuring that the government's lawsuit against FTX will not reduce the funds available to its customers. The CFTC agreed not to collect any payment from FTX until all its customers are repaid, with interest.

The CFTC settlement requires FTX to pay $8.7 billion in restitution and $4 billion in disgorgement, which will be used to further compensate victims for losses suffered during the exchange's collapse. [...] FTX is currently soliciting votes on its bankruptcy proposal but faces opposition from some customers who feel short-changed by the decision to repay them based on much-lower cryptocurrency prices from November 2022. Votes are due on Aug. 16, and FTX intends to seek final approval of its wind-down plan on Oct. 7.

Dan Robinson writes via The Register: Hyperscalers are forecast to account for more than 60 percent of datacenter space by 2029, a stark reversal on just seven years ago when the majority of capacity was made up of on-premises facilities. This trend is the result of demand for cloud services and consumer-oriented digital services such as social networking, e-commerce and online gaming pushing growth in hyperscale bit barns, those operated by megacorps including Amazon, Microsoft and Meta. The figures were published by Synergy Research Group, which says they are drawn from several detailed quarterly tracking research services to build an analysis of datacenter volume and trends.

As of last year's data, those hyperscale companies accounted for 41 percent of the entire global data dormitory capacity, but their share is growing fast. Just over half of the hyperscaler capacity is comprised of own-build facilities, with the rest made up of leased server farms, operated by providers such as Digital Realty or Equinix. On-premises datacenters run by enterprises themselves now account for 37 percent of the total, a drop from when they made up 60 percent a few years ago. The remainder (22 percent) is accounted for by non-hyperscale colocation datacenters.

What the figures appear to show is that hyperscale volume is growing faster than colocation or on-prem capacity -- by an average of 22 percent each year. Hence Synergy believes that while colocation's share of the total will slowly decrease over time, actual colo capacity will continue to rise steadily. Likewise, the proportion of overall bit barn space represented by on-premise facilities is forecast by Synergy to decline by almost three percentage points each year, although the analyst thinks the actual total capacity represented by on-premises datacenters is set to remain relatively stable. It's a case of on-prem essentially standing still in an expanding market.

According to Bloomberg's Mark Gurman (paywalled), Apple plans to launch a completely redesigned Mac mini with M4 and M4 Pro chips later this year. MacRumors reports: The new Mac mini will be the first major design change to the machine since 2010, making it Apple's smallest ever desktop computer. The new Mac mini will apparently approach the size of an Apple TV, but it may be slightly taller than the current model, which is 1.4 inches high. It will continue to feature an aluminum shell. Individuals working on the new device apparently say that it is "essentially an iPad Pro in a small box."

Apple is said to have tested Mac mini models with at least three USB-C ports on the back, as well as an area for the power cable and an HDMI port. There will continue to be two versions of the Mac mini: one with the standard M4 chip, similar to the iPad Pro, and one with an M4 Pro chip. The base model is set to begin shipping from suppliers this month ahead of release later in the year, while the high-end model will not be ready until October.

An anonymous reader quotes a report from The Guardian: Amazon's $4 billion investment into US artificial intelligence startup Anthropic is to be examined in the latest investigation into technology tie-ups by the UK's competition watchdog. The Competition and Markets Authority (CMA) said on Thursday that it was launching a preliminary investigation into the deal, before deciding whether to refer it for an in-depth review. The deal, announced in March, included a $4 billion investment in Anthropic from Amazon, and a commitment from Anthropic to use Amazon Web Services "as its primary cloud provider for mission critical workloads, including safety research and future foundation model development." The regulator said it was "considering whether it is or may be the case that Amazon's partnership with Anthropic has resulted in the creation of a relevant merger situation." "We are an independent company. Our strategic partnerships and investor relationships do not diminish our corporate governance independence or our freedom to partner with others," said an Anthropic spokesperson said in a statement. "Amazon does not have a seat on Anthropic's board, nor does it have any board observer rights. We intend to cooperate with the CMA and provide them with a comprehensive understanding of Amazon's investment and our commercial collaboration."

"Sonos is delaying two hardware releases originally planned for later this year as it deploys an all-hands-on-deck approach to fixing the app," writes The Verge's Chris Welch. The company released a redesigned mobile app on May 7th that has been riddled with flaws and missing features. Sonos also entered the crowded headphone market in May with the launch of its Ace headphones, but it was immediately "overshadowed" by problems with the new Sonos app, according to Sonos CEO Patrick Spence. The Verge reports: "I will not rest until we're in a position where we've addressed the issues and have customers raving about Sonos again," Spence said during the afternoon earnings call. "We believe our focus needs to be addressing the app ahead of everything else," he continued."This means delaying the two major new product releases we had planned for Q4 until our app experience meets the level of quality that we, our customers, and our partners expect from Sonos." One of those two products is almost certainly Sonos' next flagship soundbar, codenamed Lasso, which I revealed last month. "These products were ready to ship in Q4," Spence said in response to a question on the call.

He also went in-depth on the app issues and how Sonos plans to fix them. Spence remains adamant that overhauling the app and its underlying infrastructure "was the right thing to do" for the company's future; the new app "has a modular developer platform based on modern programming languages that will allow us to drive more innovation faster," he said. But Spence also now acknowledges that the project was rushed. "With the app, my push for speed backfired," he said. "As we rolled out the new software to more and more users, it became evident that there were stubborn bugs we had not discovered in our testing. As a result, far too many of our customers are having an experience that is worse than what they previously had." [...]

For now, Sonos is turning to some longtime experts for help. "I've asked Nick Millington, the original software architect of the Sonos experience, to do whatever it takes to address the issues with our new app," Spence said. Sonos board member Tom Conrad is helping to oversee the app improvement effort and "ensure" things stay on the right track.

The Russian Chess Federation is suspending a player who is facing jail time for allegedly trying to poison her rival with mercury during a chess tournament. Chess.com reports: Amina Abakarova, a 40-year-old chess coach from Makhachkala in the Russian Republic of Dagestan, is accused of trying to poison her rival, 30-year-old Umayganat Osmanova. The incident unfolded during the Dagestan Chess Championship on August 2, according to a Telegram channel that first reported on the story, and is now making headlines in state-run Russian news media as well as reaching global media as well. Security camera footage shows the incident where Abakarova calmly walked over to the board where Osmanova was supposed to appear 20 minutes later. It was reported that she'd previously asked if cameras were in operation and been told that they weren't. She then smeared what is said to be potentially deadly mercury from a thermometer.

Osmanova said she began feeling unwell 30 minutes later, complaining of nausea and dizziness, prompting an immediate call for medical assistance. Doctors eventually concluded that poisoning was a likely cause. After reviewing the footage from security cameras, the arbiter reported it to the police and Abakarova was detained, rtv1.com reports. [...] Abakarova has reportedly confessed that she wanted to "knock her opponent out of the tournament," admitting "personal hostility" toward Osmanova, who had a week earlier won the Dagestan Rapid Championship above her on tiebreaks. The plan was not to harm Osmanova, but to scare her, according to a police report quoted by Russian media.

Abakarova has now been detained by police and is facing up to three years in jail, according to The Mirror. Andrey Filatov, the President of the Russian Chess Federation, has also confirmed that Abakarova is temporarily suspended from Russian chess events, pending an investigation into the incident. She is potentially facing a lifetime ban. [...] Despite falling ill, Osmanova fully recovered and continued the tournament, eventually finishing in second place and winning a prize. Abakarova was expelled after the fourth round and is unlikely to play chess again anytime soon.

An anonymous reader quotes a report from TechCrunch: In a newly published paper titled "Achieving Human Level Competitive Robot Table Tennis," Google's DeepMind Robotics team is showcasing its own work on the game. The researchers have effectively developed a "solidly amateur human-level player" when pitted against a human component. During testing, the table tennis bot was able to beat all of the beginner-level players it faced. With intermediate players, the robot won 55% of matches. It's not ready to take on pros, however. The robot lost every time it faced an advanced player. All told, the system won 45% of the 29 games it played. "This is the first robot agent capable of playing a sport with humans at human level and represents a milestone in robot learning and control," the paper claims. "However, it is also only a small step towards a long-standing goal in robotics of achieving human level performance on many useful real world skills. A lot of work remains in order to consistently achieve human-level performance on single tasks, and then beyond, in building generalist robots that are capable of performing many useful tasks, skillfully and safely interacting with humans in the real world."

The robot's biggest trouble areas are responding to fast balls, high and low balls. It also has trouble with backhand and the ability to read the spin on an incoming ball. Here's how the researchers plan to address the issue with fast balls: "To address the latency constraints that hinder the robot's reaction time to fast balls, we propose investigating advanced control algorithms and hardware optimizations. These could include exploring predictive models to anticipate ball trajectories or implementing faster communication protocols between the robot's sensors and actuators."

Apple on Thursday announced changes to its Digital Markets Act (DMA) compliance plan for the European Union, as the tech giant faces an ongoing investigation by the European Commission for suspected non-compliance. The revised rules, set to roll out this fall, ease restrictions on developers' ability to promote external offers within iOS apps. Developers can now inform users about offers available beyond their own websites, including on other apps and marketplaces, without adhering to Apple-mandated templates.

Apple has also introduced a new fee structure for purchases made through external links. An "Initial Acquisition Fee" of 5% will apply to new users' first-year purchases, while a "Store Services Fee" of 10% (or 5% for smaller developers) will be charged on subsequent transactions. These changes replace the controversial Core Technology Fee, which is currently under EU scrutiny.

Spotify and Epic aren't satisfied with the changes. Spotify has called the new plan "unacceptable," arguing it disregards DMA requirements. Epic Games CEO Tim Sweeney labeled it "malicious compliance" involving "junk fees."

China's rapid deployment of robotaxis is raising concerns among the country's 7 million ride-hailing drivers, who fear job losses as autonomous vehicles hit the streets, according to a Reuters report. At least 19 Chinese cities are conducting robotaxi trials, with seven approving tests without human monitors. Baidu's Apollo Go plans to deploy 1,000 vehicles in Wuhan by year-end and operate in 100 cities by 2030. The push for self-driving technology aligns with President Xi Jinping's call for "new productive forces," but contrasts sharply with the more cautious approach in the United States. As robotaxi fleets proliferate, some drivers worry about their livelihoods, with one Wuhan driver predicting "everyone will go hungry."

Another study is raising concern about the safety of the widely used sugar alcohol sweetener erythritol, a low-calorie sugar substitute found in "keto-friendly" foods, baked goods and candies. From a report: Researchers from the Cleveland Clinic compared erythritol to typical sugar and found only erythritol caused worrisome cardiovascular effects. Although the study was small, it's the first head-to-head look at people's blood levels after they consume products with erythritol or sugar (glucose). "We compared the results, and glucose caused none of the problems," said Dr. Stanley Hazen, a cardiologist at the Cleveland Clinic and the lead author of the study, published Thursday morning in the journal Arteriosclerosis, Thrombosis, and Vascular Biology.

Erythritol is one ingredient on a growing list of nonsugar sweeteners found in low-calorie and sugar-free foods. Erythritol and xylitol are sugar alcohols that are sweet like sugar but with far fewer calories. Erythritol is often mixed with another sweetener, stevia, and xylitol is often found in gum, mouthwash and toothpaste. Earlier studies from Hazen's lab -- one published last year and the other in June -- found potential links between the sugar alcohols and an increased risk of heart attacks and strokes. The research suggested both sugar alcohols might make blood platelets stickier and therefore more susceptible to clotting and blocking veins or arteries, in turn contributing to heart attacks and strokes. For the new research, Hazen's team analyzed the heart effects of erythritol and regular sugar -- in this case, simple glucose -- by enrolling two groups of healthy middle-aged male and female volunteers: 10 who consumed the erythritol and 10 who consumed sugar.

Privacy removal services fail to effectively scrub personal data from people-search websites, a Consumer Reports (CR) study [PDF] revealed Thursday. The four-month investigation found these services eliminated only 35% of volunteers' identifying information profiles across 13 people-search sites. Manual opt-outs proved most effective, removing 70% of profiles within a week.

ICON, a construction technology company, is nearing completion of 100 3D-printed homes in Wolf Ranch, Texas, using a massive robotic printer. The 45-foot-wide, 4.75-ton Vulcan printer began constructing the walls of what ICON claims is the world's largest 3D-printed community in November 2022. The printer extrudes a concrete mixture layer by layer, creating corduroy-textured walls. ICON senior project manager Conner Jenkins told Reuters the process is faster and more efficient than traditional construction, requiring fewer workers and reducing material waste.

The single-story homes, priced between $450,000 and $600,000, feature concrete walls resistant to water, mold, termites, and extreme weather. However, homeowners reported weak wireless signals due to the thick walls, necessitating mesh internet routers. ICON, which printed its first home in Austin in 2018, is also developing lunar construction systems for NASA's Artemis program.

Apple is set to implement stricter controls on screen recording permissions in its upcoming macOS Sequoia release this fall. Users will be required to grant explicit permission weekly and after each reboot for apps needing screen access, 9to5Mac reports. From the report: Multiple developers who spoke to 9to5Mac say that they've received confirmation from Apple that this is not a bug. Instead, Apple is indeed adding a new system prompt reminding users when an app has permission to access their computer's screen and audio.

Palantir Chief Technology Officer Shyam Sankar has called for faster defense spending, arguing the Pentagon should focus on rapid deployment over higher budgets. "The biggest challenge is speed," Sankar told Axios in an interview. "The Department of Defense would be better off spending half as much money twice as quickly."

The U.S. military has "lost our ability to value time," he said. The Denver-based software company, known for its work in areas ranging from vaccine logistics to Ukraine demining efforts, has positioned itself as a "software prime" in the defense sector.

An anonymous reader shares a report: I'm not sure I knew of anyone, Borderlands fan or not, who believed that the movie adaptation of the game was going to be good, based on everything from casting to trailers. Now as reviews come in ahead of its release tomorrow, those fears have been validated. And then some. As I write this, the Borderlands movie has a flat 0% on Rotten Tomatoes. No positive reviews whatsoever, and the ones that are in are not just negative, but brutal.

Nasdaq is taking steps to purge itself of dubious companies whose shares trade below $1 each, following criticism that the exchange has become home to hundreds of risky penny stocks. From a report: [...] When a stock closes below $1 for 30 consecutive trading days, Nasdaq deems the company to be noncompliant and gives it 180 days to remedy the situation. After 180 days, if the stock hasn't climbed above $1, the company can request another 180-day grace period. At the end of that second period, the company can still get a last-minute reprieve by appealing to a Nasdaq hearings panel. The delisting is stayed while the company awaits its hearing.

Some say those rules are lax, leading to a pileup of penny stocks on Nasdaq. On Wednesday, there were 523 stocks listed on U.S. exchanges that closed below $1 per share, of which 433 were listed on Nasdaq, according to Dow Jones Market Data. By comparison, there were fewer than a dozen sub-$1 stocks in early 2021. The two proposed rule changes unveiled by Nasdaq on Thursday would tighten up some of the rules regarding sub-$1 stocks, though they don't go as far as Virtu has demanded.

Under one of the proposed changes, companies that reach the end of their second 180-day grace period wouldn't be able to postpone delisting by seeking an appeal. Instead, their shares would move to the over-the-counter market -- a sort of purgatory where companies land after being delisted -- while they await the appeal. Effectively, the rule change caps the amount of time that sub-$1 stocks can be listed on Nasdaq to roughly a year. The second proposed rule change would speed up the delisting process for companies that recently did a reverse stock split. Under the change, if a company carried out a reverse split to prop up its share price, but then its stock fell below $1 within a year, Nasdaq would immediately send the company a delisting notice. The company could still appeal and remain listed for another 180 days.

ADT confirmed this week that it was recently hacked, compromising some customer data. From a report: The home security company did not say when the cyberattack and data breach occurred, but disclosed that the attackers accessed the company's databases containing customer home addresses, email addresses, and phone numbers.

In a brief regulatory filing published late Wednesday, ADT said it has "no reason to believe" that customer home security systems were compromised during the incident, but ADT did not say how it reached that conclusion. The statement said a "small percentage" of customers are affected, but did not provide a more specific number. As of June 2024, ADT said it had six million customers.

The Internet Corporation for Assigned Names and Numbers (ICANN) has agreed to reserve the .internal top-level domain so it can become the equivalent to using the 10.0.0.0, 172.16.0.0 and 192.168.0.0 IPv4 address blocks for internal networks. From a report: Those blocks are reserved for private use by the Internet Assigned Numbers Authority, which requires they never appear on the public internet. As The Register reported when we spotted the proposal last January, ICANN wanted something similar but for DNS, by defining a top-level domain that would never be delegated in the global domain name system (DNS) root.

Doing so would mean the TLD could never be accessed on the open internet -- achieving the org's goal of delivering a domain that could be used for internal networks without fear of conflict or confusion. ICANN suggested such a domain could be useful, because some orgs had already started making up and using their own domain names for private internal use only. Networking equipment vendor D-Link, for example, made the web interface for its products available on internal networks at .dlink. ICANN didn't like that because the org thought ad hoc TLD creation could see netizens assume the TLDs had wider use -- creating traffic that busy DNS servers would have to handle. Picking a string dedicated to internal networks was the alternative. After years of consultation about whether it was a good idea -- and which string should be selected -- ICANN last week decided on .internal. Any future applications to register it as a global TLD won't be allowed.