According to Axios, Meta will withhold future multimodel AI models from customers in the European Union "due to the unpredictable nature of the European regulatory environment." From the report: Meta plans to incorporate the new multimodal models, which are able to reason across video, audio, images and text, in a wide range of products, including smartphones and its Meta Ray-Ban smart glasses. Meta says its decision also means that European companies will not be able to use the multimodal models even though they are being released under an open license. It could also prevent companies outside of the EU from offering products and services in Europe that make use of the new multimodal models. The company is also planning to release a larger, text-only version of its Llama 3 model soon. That will be made available for customers and companies in the EU, Meta said.

Meta's issue isn't with the still-being-finalized AI Act, but rather with how it can train models using data from European customers while complying with GDPR -- the EU's existing data protection law. Meta announced in May that it planned to use publicly available posts from Facebook and Instagram users to train future models. Meta said it sent more than 2 billion notifications to users in the EU, offering a means for opting out, with training set to begin in June. Meta says it briefed EU regulators months in advance of that public announcement and received only minimal feedback, which it says it addressed. In June -- after announcing its plans publicly -- Meta was ordered to pause the training on EU data. A couple weeks later it received dozens of questions from data privacy regulators from across the region.

The United Kingdom has a nearly identical law to GDPR, but Meta says it isn't seeing the same level of regulatory uncertainty and plans to launch its new model for U.K. users. A Meta representative told Axios that European regulators are taking much longer to interpret existing law than their counterparts in other regions. A Meta representative told Axios that training on European data is key to ensuring its products properly reflect the terminology and culture of the region.

An anonymous reader quotes an excerpt from TechCrunch, written by Zack Whittaker: We're over halfway through 2024, and already this year we have seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can't get any worse, they do. From huge stores of customers' personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 to date have already surpassed at least 1 billion stolen records and rising. These breaches not only affect the individuals whose data was irretrievably exposed, but also embolden the criminals who profit from their malicious cyberattacks. Travel with us to the not-so-distant past to look at how some of the biggest security incidents of 2024 went down, their impact and. in some cases, how they could have been stopped. These are some of the largest breaches highlighted in the report:

AT&T's Data Breaches: AT&T experienced two data breaches in 2024, affecting nearly all its customers and many non-customers. The breaches exposed phone numbers, call records, and personal information, risking account hijacks for 7.6 million customers.
Change Healthcare Hack: A ransomware attack on Change Healthcare resulted in the theft of sensitive medical data, affecting a substantial proportion of Americans. The breach caused widespread outages in healthcare services across the U.S. and compromised personal, medical, and billing information.
Synnovis Ransomware Attack: The cyberattack on U.K. pathology lab Synnovis disrupted patient services in London hospitals for weeks, leading to thousands of postponed operations and the exposure of data related to 300 million patient interactions.
Snowflake Data Theft (Including Ticketmaster): Cybercriminals stole hundreds of millions of records from Snowflake's corporate customers, including 560 million records from Ticketmaster. The breach affected data from multiple companies and institutions, exposing vast amounts of customer and employee information.

Major changes are coming to the ACT college admissions exam in the spring, the CEO of ACT announced Monday. From a report: The exam will be evolving to "meet the challenges students and educators face" -- and that will include shortening the core test and making the science section optional, chief executive Janet Godwin said in a post on the non-profit's website. The changes will begin with national online tests in spring 2025 and be rolled out for school-day testing in spring 2026, Godwin said in the post. The decision to alter the ACT follows changes made to the SAT earlier this year by the College Board, the non-profit organization that develops and administers that test. The SAT was shortened by a third and went fully digital.

Science is being removed from the ACT's core sections, leaving English, reading and math as the portions that will result in a college-reportable composite score ranging from 1 to 36, Godwin wrote. The science section, like the ACT's writing section already was, will be optional. "This means students can choose to take the ACT, the ACT plus science, the ACT plus writing, or the ACT plus science and writing," Godwin wrote. "With this flexibility, students can focus on their strengths and showcase their abilities in the best possible way."

Lab-grown pet food is to hit UK shelves as Britain becomes the first country in Europe to approve cultivated meat. From a report: The Animal and Plant Health Agency and the Department for Environment, Food and Rural Affairs have approved the product from the company Meatly. It is thought there will be demand for cultivated pet food, as animal lovers face a dilemma about feeding their pets meat from slaughtered livestock.

Research suggests the pet food industry has a climate impact similar to that of the Philippines, the 13th most populous country in the world. A study by the University of Winchester found that 50% of surveyed pet owners would feed their pets cultivated meat, while 32% would eat it themselves. The Meatly product is cultivated chicken. It is made by taking a small sample from a chicken egg, cultivating it with vitamins and amino acids in a lab, then growing cells in a container similar to those in which beer is fermented. The result is a pate-like paste.

The U.S. Commerce Department plans to issue proposed rules on connected vehicles next month and expects to impose limits on some software made in China and other countries deemed adversaries, a senior official said Tuesday. From a report: "We're looking at a few components and some software - not the whole car - but it would be some of the key driver components of the vehicle that manage the software and manage the data around that car that would have to be made in an allied country," said export controls chief Alan Estevez at a forum in Colorado.

In May, Commerce Secretary Gina Raimondo said her department planned to issue proposed rules on Chinese-connected vehicles this autumn and had said the Biden administration could take "extreme action" and ban Chinese-connected vehicles or impose restrictions on them after the Biden administration in February launched a probe into whether Chinese vehicle imports posed national security risks.

Cellebrite, the well-known mobile forensics company, was unable to unlock a sizable chunk of modern iPhones available on the market as of April 2024, 404 Media reported Wednesday, citing leaked documents it obtained. From the report: Mobile forensics companies typically do not release details on what specific models their tools can or cannot penetrate, instead using vague terms in marketing materials. The documents obtained by 404 Media, which are given to customers but not published publicly, show how fluid and fast moving the success, or failure, of mobile forensic tools can be, and highlights the constant cat and mouse game between hardware and operating manufacturers like Apple and Google, and the hacking companies looking for vulnerabilities to exploit.

[...] For all locked iPhones able to run 17.4 or newer, the Cellebrite document says "In Research," meaning they cannot necessarily be unlocked with Cellebrite's tools. For previous iterations of iOS 17, stretching from 17.1 to 17.3.1, Cellebrite says it does support the iPhone XR and iPhone 11 series. Specifically, the document says Cellebrite recently added support to those models for its Supersonic BF [brute force] capability, which claims to gain access to phones quickly. But for the iPhone 12 and up running those operating systems, Cellebrite says support is "Coming soon."

Google Docs is adding Markdown support, finally. The update, rolling out over the next two weeks, allows users to import, export, copy, and paste Markdown-formatted text. This move comes a decade after Google consolidated its document editing tools into Drive.

Britain's new Labour government has said it will explore how to effectively regulate AI models, but stopped short of proposing any specific laws. From a report: King Charles set out newly-elected Prime Minister Keir Starmer's legislative agenda in a speech on Wednesday to open the new session of parliament. It included more than 35 new bills covering everything from housing to cyber security measures. The government said it would seek to establish the appropriate legislation to place requirements on those working to develop "the most powerful artificial intelligence models."

An anonymous reader shares a report: A recent poll on TechPowerUp revealed that an overwhelming majority of PC users are not interested in paying extra for hardware with AI capabilities. According to the survey, 84% of respondents would not spend more for AI features, while only 7% said they would, and 9% were unsure. The poll data was already contributed by over 26K responders. This indicates that despite the PC market's shift toward integrating AI, most enthusiasts remain skeptical of its value. This suggests that hardware companies should pay attention to the preferences of their core user base. Currently, enthusiasts, who no doubt represent the majority of users on TechPowerUP, show little interest in AI features.

Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year. From a report: According to Sophos' latest figures, released today, the median ransom payments rose to $2.54 million -- a whopping 41 times last year's sum of $62,500. The mean payment for 2024 is even higher at $3.225 million, although this represents a less dramatic 6x increase. IT, tech, and telecoms were the least likely to pay mega bucks to cybercriminals with an average payment of $330,000, while lower education and federal government orgs reported the highest average payments at $6.6 million.

The numbers are based only on ransomware victims that were willing to disclose the details of their blunders, so do not present the complete picture. On the topic of ransom payments, only 86 CNI organizations of the total 275 involved in the survey offered data. There's a good chance that the numbers would be skewed if 100 percent of the total CNI ransomware victims polled were entirely transparent with their figures. Costs to recover from ransomware attacks are also significantly up compared to the researchers' report last year, with some CNI sectors' costs quadrupling to a median average of $3 million per incident. While the mean cost across oil, gas, energy, and utilities dropped slightly to $3.12 million from $3.17 million last year, the energy and water sectors saw the sharpest increase in recovery costs. The new average for just these two sectors is now four times greater than the global median cross-sector average of $750k, Sophos said.

GitLab, a U.S. provider of cloud-based software development tools whose investors include Google parent Alphabet, is exploring a sale after attracting acquisition interest, Reuters is reporting. From the report: GitLab, which has a market value of about $8 billion, is working with investment bankers on a sale process that has attracted interest from peers, including cloud monitoring firm Datadog, the sources said. Any deal is still weeks away and no agreement is certain, the sources said, requesting anonymity because the matter is confidential.

Repairs have finally commenced on three subsea telecommunications cables that were damaged in the Red Sea in February, even as Houthi militants escalate their attacks on ships in the area. From a report: The AAE-1 cable, a 25,000-kilometer (15,500 miles) fiber optic link between Asia and Europe, was repaired by a ship owned by E-Marine, a subsidiary of Abu Dhabi-based Emirates Telecommunications Group. The cable came online this week, a Yemeni government official said. The same ship, Niwa, remains in Yemeni waters to repair the remaining two cables, Seacom and EIG.

The cables, among more than a dozen that run through the Red Sea, were severed by the anchor of a cargo ship sunk by Iran-backed Houthi militants in late February. Repairs to the cables have depended on gaining access to infrastructure in Yemen's waters, a task complicated by the country's split government and the fact the Red Sea is a conflict zone. It has taken months of negotiations involving the cable operators and the two factions that control Yemen -- the internationally-recognized government in the south and the Houthi-backed government in Sanaa -- to arrange for the repair mission.

A bipartisan pair of U.S. senators pressed the leaders of AT&T and data storage company Snowflake on Tuesday for more information about the scope of a recent breach that allowed cybercriminals to steal records on "nearly all" of the phone giant's customers. From a report: "There is no reason to believe that AT&T's sensitive data will not also be auctioned and fall into the hands of criminals and foreign intelligence agencies," Sens. Richard Blumenthal (D-CT) and Josh Hawley (R-MO), the leaders of the Judiciary Committee's privacy subpanel, wrote Tuesday in a letter to AT&T Chief Executive Officer John Stankey.

The duo also sent a missive to Snowflake CEO Sridhar Ramaswamy that said the theft of AT&T subscriber information "appears to be connected with an ongoing series of breaches" of the company's clients, including Ticketmaster, Advance Auto Parts, and Santander Bank. "Disturbingly, the Ticketmaster and AT&T breaches appears [sic] to have been easily preventable," they wrote to Ramaswamy. Blumenthal and Hawley have asked the corporate leaders to answer a series of questions about the lapses by July 29.

An anonymous reader quotes a report from CNBC: CNBC spoke to three startups -- France-based Zephalto, Florida-based Space Perspective and Arizona-based World View -- that aim to hoist tourists to the stratosphere using pressurized capsules and massive gas-filled balloons. "The capsule itself is designed to to carry eight customers and two crew into the stratosphere," said Ryan Hartman, CEO of World View. "There will be a center bar where people can gather, and then, of course, there will be a bathroom aboard the capsule." The balloon rides will last around 6 hours, but will not take passengers all the way to space. Most will reach heights of 15 to 19 miles above the earth's surface, flying in an area known as the stratosphere. The start of space is generally accepted by the U.S. government to be around 80 kilometers, or about 50 miles, above the earth's surface.

Jane Poynter, founder and co-CEO of Space Perspective, has a differing view. "There is no universal definition of space," Poynter said. "We are regulated as a spaceship. If we go over 98,000 feet, we are a spaceship. Outside the capsule, it's essentially a vacuum. We're above 99% of Earth's atmosphere, which is why the sky is so deep black." Compared to rocket-powered space tourism, the physical sensation that passengers will experience on a stratospheric balloon ride is more comparable to being on an airplane. Passengers will not experience weightlessness. "We don't need any physical requirements to board the balloon," said Vincent Farret d'Asties, the founder and chief pilot at Zephalto. "If you can board a standard plane, you can board the balloon."

All three companies told CNBC that they were pleased with consumer interest. World Views says it sold 1,250 tickets so far while Space Perspective has sold 1,800. Zephalto did not tell CNBC how many tickets it sold, but said its initial flights were fully booked. Ticket prices range from $50,000 per seat with World View to around $184,000 with Zephalto. Space Perspective sells tickets to its experience for $125,000 per seat. That's all assuming commercial service gets off the ground. Only Zephalto has performed crewed tests so far, though not at the company's target altitude of about 15 miles above the earth's surface.

Robin McKie writes via The Guardian: Scientists with Breakthrough Listen, the world's largest scientific research program dedicated to finding alien civilizations, say a host of technological developments are about to transform the search for intelligent life in the cosmos. These innovations will be outlined at the group's annual conference, which is to be held in the UK for the first time, in Oxford, this week. Several hundred scientists, from astronomers to zoologists, are expected to attend. "There are amazing technologies that are under development, such as the construction of huge new telescopes in Chile, Africa and Australia, as well as developments in AI," said astronomer Steve Croft, a project scientist with Breakthrough Listen. "They are going to transform how we look for alien civilizations."

Among these new instruments are the Square Kilometer Array, made up of hundreds of radio telescopes now being built in South Africa and Australia, and the Vera Rubin Observatory that is being constructed in Chile. The former will become the world's most powerful radio astronomy facility while the latter, the world's largest camera, will be able to image the entire visible sky every three or four nights, and is expected to help discover millions of new galaxies and stars. Both facilities are set to start observations in the next few years and both will provide data for Breakthrough Listen. Using AI to analyze these vast streams of information for subtle patterns that would reveal evidence of intelligent life will give added power to the search for alien civilizations, added Croft.

"Until now, we have been restricted to looking for signals deliberately sent out by aliens to advertise their existence. The new techniques are going to be so sensitive that, for the first time, we will be able to detect unintentional transmissions as opposed to deliberate ones and will be able to spot alien airport radar, or powerful TV transmitters -- things like that." [...] Croft remains optimistic that we will soon succeed in making contact. "We know that the conditions for life are everywhere, we know that the ingredients for life are everywhere. I think it would be deeply weird if it turned out we were the only inhabited planet in the galaxy or in the universe. But you know, it's possible."

A Californian startup funded by Bill Gates is making rich, fatty "butter" using just carbon dioxide and hydrogen, with other dairy-free alternatives in the works. New Atlas reports: The San Jose company, Savor, uses a thermochemical process to create its animal-like fat, which is free of the environmental footprint of both the dairy industry and plant-based alternatives. "They started with the fact that all fats are made of varying chains of carbon and hydrogen atoms," Gates wrote in a blog post. "Then they set out to make those same carbon and hydrogen chains -- without involving animals or plants. They ultimately developed a process that involves taking carbon dioxide from the air and hydrogen from water, heating them up, and oxidizing them to trigger the separation of fatty acids and then the formulation of fat."

"The idea of switching to lab-made fats and oils may seem strange at first," Gates wrote. "But their potential to significantly reduce our carbon footprint is immense. By harnessing proven technologies and processes, we get one step closer to achieving our climate goals." Savor's 'butter' is easily produced and scalable, but convincing people to swap out butter and other dairy products for 'experimental' foods will remain a challenge for the foreseeable future. Gates is hoping, however, that his support will do more than start a conversation. "The process doesn't release any greenhouse gases, and it uses no farmland and less than a thousandth of the water that traditional agriculture does," he added. "And most important, it tastes really good -- like the real thing, because chemically it is." The research has been published in the journal Nature Sustainability.

An anonymous reader quotes a report from The Verge: Puerto Rico filed suit against fossil fuel companies this week, alleging that the oil and gas giants have misled the public about climate change and delayed a transition to clean energy. The suit seeks $1 billion in damages to help Puerto Rico defend itself against climate disasters. In a complaint (PDF) filed in San Juan yesterday, Puerto Rico's Department of Justice says that the companies violated trade law by promoting fossil fuels without adequately warning about the dangers. The defendants include ExxonMobil, BP, Chevron, Shell, ConocoPhillips, and other energy companies.

In the complaint, Puerto Rico says it expects to pay billions of dollars in the future to cope with catastrophes made worse by climate change -- including storms like Hurricane Maria, which killed thousands of people in 2017 and triggered monthslong power outages. The suit asks defendants to contribute to a fund that would be used to mitigate the consequences of climate change and pay for measures to strengthen Puerto Rico's infrastructure against future climate-related calamities. After Hurricane Maria devastated the island in 2017, thirty-seven municipalities in Puerto Rico and the capital city of San Juan filed suit against fossil fuel companies, "seeking to hold them accountable for the devastation," notes The Verge.

Last week, Portland's Multnomah County filed a lawsuit against several fossil fuel companies, blaming their emissions for the 2021 heat dome that resulted in the deaths of 69 people.

According to lobby group ChargeUK, there were 930,000 electric car chargers in the UK at the end of June, with the majority residing in homes and at businesses. Only about 65,000 public chargers are available. The Guardian reports: The ChargeUK analysis showed that a new public charger was installed every 25 minutes in the spring quarter as companies raced to keep up with demand. Companies installed 5,100 public chargers during the second quarter of 2024, according to the data company Zapmap. [...] There are 1.1 million electric vehicles on UK roads, including 167,000 cars sold in the first half of this year, according to the Society of Motor Manufacturers and Traders lobby group. That is a 9% increase compared with the previous year, although the share of electric sales only increased marginally to 16.6%, as relatively higher upfront prices and rising interest rates deterred some buyers.

ChargeUK's analysis, which was carried out by the thinktank New AutoMotive, suggested that the private sector was confident it could meet a target set by the previous Conservative government of 300,000 public charge points by 2030. "In little more than a decade, the UK's charging sector has grown to become a major player in the green economy, providing the infrastructure that more than a million EV drivers rely on today and scaling fast to deliver the charging needed through to 2030 and beyond," said Vicky Read, the chief executive of ChargeUK.

Rite Aid, the third-largest U.S. drug store chain, reported it a ransomware attack that compromised the personal data of 2.2 million customers. The data exposed includes names, addresses, dates of birth, and driver's license numbers or other forms of government-issued ID from transactions between June 2017 and July 2018.

"On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems," the company said in a filing. "We detected the incident within 12 hours and immediately launched an internal investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted." Ars Technica's Dan Goodin reports: RansomHub, the name of a relatively new ransomware group, has taken credit for the attack, which it said yielded more than 10GB of customer data. RansomHub emerged earlier this year as a rebranded version of a group known as Knight. According to security firm Check Point, RansomHub became the most prevalent ransomware group following an international operation by law enforcement in May that took down much of the infrastructure used by rival ransomware group Lockbit.

On its dark web site, RansomHub said it was in advanced stages of negotiation with Rite Aid officials when the company suddenly cut off communications. A Rite Aid official didn't respond to questions sent by email. Rite Aid has also declined to say if the employee account compromised in the breach was protected by multifactor authentication.

In its latest State of Application Security Report, Cloudflare says 6.8% of traffic on the internet is malicious, "up a percentage point from last year's study," writes ZDNet's Steven Vaughan-Nichols. "Cloudflare, the content delivery network and security services company, thinks the rise is due to wars and elections. For example, many attacks against Western-interest websites are coming from pro-Russian hacktivist groups such as REvil, KillNet, and Anonymous Sudan." From the report: [...] Distributed Denial of Service (DDoS) attacks continue to be cybercriminals' weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year. But it's not just about the sheer volume of DDoS attacks. The sophistication of these attacks is increasing, too. Last August, Cloudflare mitigated a massive HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (RPS). That number is three times bigger than any previously observed attack.

The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don't have a tight grip on their internet services or website APIs can't possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should -- each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.

Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.