Rite Aid, the third-largest U.S. drug store chain, reported it a ransomware attack that compromised the personal data of 2.2 million customers. The data exposed includes names, addresses, dates of birth, and driver's license numbers or other forms of government-issued ID from transactions between June 2017 and July 2018.

"On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems," the company said in a filing. "We detected the incident within 12 hours and immediately launched an internal investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted." Ars Technica's Dan Goodin reports: RansomHub, the name of a relatively new ransomware group, has taken credit for the attack, which it said yielded more than 10GB of customer data. RansomHub emerged earlier this year as a rebranded version of a group known as Knight. According to security firm Check Point, RansomHub became the most prevalent ransomware group following an international operation by law enforcement in May that took down much of the infrastructure used by rival ransomware group Lockbit.

On its dark web site, RansomHub said it was in advanced stages of negotiation with Rite Aid officials when the company suddenly cut off communications. A Rite Aid official didn't respond to questions sent by email. Rite Aid has also declined to say if the employee account compromised in the breach was protected by multifactor authentication.

In its latest State of Application Security Report, Cloudflare says 6.8% of traffic on the internet is malicious, "up a percentage point from last year's study," writes ZDNet's Steven Vaughan-Nichols. "Cloudflare, the content delivery network and security services company, thinks the rise is due to wars and elections. For example, many attacks against Western-interest websites are coming from pro-Russian hacktivist groups such as REvil, KillNet, and Anonymous Sudan." From the report: [...] Distributed Denial of Service (DDoS) attacks continue to be cybercriminals' weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year. But it's not just about the sheer volume of DDoS attacks. The sophistication of these attacks is increasing, too. Last August, Cloudflare mitigated a massive HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (RPS). That number is three times bigger than any previously observed attack.

The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don't have a tight grip on their internet services or website APIs can't possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should -- each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.

Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.

An anonymous reader quotes a report from Wired, written by Chris Baraniuk: The buses struggling in China's muggy weather gave [Matt Jore, CEO of Montana Technologies] and his colleagues an idea. If they could make dehumidification more efficient somehow, then they could make air conditioning as a whole much more efficient, too. They headed back to the US wondering how to make this happen. [...] "I have here 50-gallon barrels of this stuff. It comes in a special powder," says Jore, referring to the moisture-loving material that coats components inside his firm's novel dehumidifier system, AirJoule. This is the result of years of research and development that followed his team's trip to China. The coating is a type of highly porous material called a metal-organic framework, and the pores are sized so that they fit around water molecules extremely well. It makes for a powerful desiccant, or drying device. "Just one kilogram can take up half or more than half -- in our case 55 percent -- of its own weight in water vapor," says Jore.

The AirJoule system consists of two chambers, each one containing surfaces coated with this special material. They take turns at dehumidifying a flow of air. One chamber is always drying air that is pushed through the system while the other gradually releases the moisture it previously collected. A little heat from the drying chamber gets applied to the moisture-saturated coating in the other, since that helps to encourage the water to drip away for removal. These two cavities swap roles every 10 minutes or so, says Jore. This process doesn't cool the air, but it does make it possible to feed dry air to a more traditional air conditioning device, drastically cutting how much energy that secondary device will use. And Jore claims that AirJoule consumes less than 100 watt-hours per liter of water vapor removed -- potentially cutting the energy required for dehumidification by as much as 90 percent compared to a traditional dehumidifier.

Montana Technologies wants to sell the components for its AirJoule system to established HVAC firms rather than attempt to build its own consumer products and compete with those firms directly -- it calls the approach AirJoule Inside. The firm is also working on a system for the US military, based on the same technology, that can harvest drinkable water from the air. Handy for troops stationed in the desert, one imagines. However, AirJoule is still at the prototype and testing stages. "We're building several of these pilot preproduction units for potential customers and partners," says Jore. "Think rooftops on big-box retailers." Montana Technologies isn't the only firm using cutting-edge technology to make air conditioning units more efficient. Rival firm Blue Frontier has developed a desiccant-based dehumidifying system using a liquid salt solution, with installations in various U.S. locations, that links to a secondary air-conditioning process and regenerates desiccant during off-peak hours to reduce peak electricity demand.

Then there's Nostromo Energy's IceBrick system, installed in California hotels, which freezes water capsules during off-peak hours and uses the stored coolth during peak times. This system can reduce cooling costs by up to 30 percent and emissions by up to 80 percent, according to Wired.

Ashley Belanger reports via Ars Technica: Google tried to derail a Microsoft antitrust settlement over anticompetitive software licensing in the European Union by offering a $500 million alternative deal to the group of cloud providers behind the EU complaint, Bloomberg reported. According to Bloomberg, Google's offer to the Cloud Infrastructure Services Providers in Europe (CISPE) required that the group maintain its EU antitrust complaint. It came "just days" before CISPE settled with Microsoft, and it was apparently not compelling enough to stop CISPE from inking a deal with the software giant that TechCrunch noted forced CISPE to accept several compromises.

Bloomberg uncovered Google's attempted counteroffer after reviewing confidential documents and speaking to "people familiar with the matter." Apparently, Google sought to sway CISPE with a package worth nearly $500 million for more than five years of software licenses and about $15 million in cash. But CISPE did not take the bait, announcing last week that an agreement was reached with Microsoft, seemingly frustrating Google. CISPE initially raised its complaint in 2022, alleging that Microsoft was "irreparably damaging the European cloud ecosystem and depriving European customers of choice in their cloud deployments" by spiking costs to run Microsoft's software on rival cloud services. In February, CISPE said that "any remedies and resolution must apply across the sector and to be accessible to all cloud customers in Europe." They also promised that "any agreements will be made public."

But the settlement reached last week excluded major rivals, including Amazon, which is a CISPE member, and Google, which is not. And despite CISPE's promise, the terms of the deal were not published, apart from a CISPE blog roughly outlining central features that it claimed resolved the group's concerns over Microsoft's allegedly anticompetitive behaviors. What is clear is that CISPE agreed to drop their complaint by taking the deal, but no one knows exactly how much Microsoft paid in a "lump sum" to cover CISPE legal fees for three years, TechCrunch noted. However, "two people with direct knowledge of the matter" told Reuters that Microsoft offered about $22 million.

In a post on X today, Andrej Karpathy announced that he is "starting an AI+Education company called Eureka Labs." Karpathy taught deep learning for computer vision at Stanford University, left to co-found OpenAI in 2015 and then moved on to direct artificial intelligence for Tesla Autopilot until 2022. He then migrated back to OpenAI to lead a small team related to ChatGPT. CoinTelegraph reports: Eureka is creating virtual teaching assistants powered by generative AI to bring top courses to vastly more students without sacrificing the personalized interactions typical of in-person learning. The startup's ultimate goal is to bring elite educators and coursework to students throughout the world, regardless of barriers such as geography and language. [...] Eureka's first product will be an undergraduate AI course called LLM101n. The course will guide students through the process of training an AI similar to the AI Teaching Assistant. Materials will be available online but will also include digital and physical cohorts, allowing students to progress through the course in small groups. "The teacher still designs the course materials, but they are supported, leveraged and scaled with an AI Teaching Assistant who is optimized to help guide the students through them," Karpathy explained.

"If we are successful, it will be easy for anyone to learn anything, expanding education in both reach (a large number of people learning something) and extent (any one person learning a large amount of subjects, beyond what may be possible today unassisted)."

An anonymous reader quotes a report from TechCrunch: Apple's practice of leveraging ideas from its third-party developer community to become new iOS and Mac features and apps has a hefty price tag, a new report indicates. Ahead of its fall release, you can download the public beta for iOS 18 right now to get a firsthand look at Apple's changes, which may affect apps that today have an estimated $393 million in revenue and have been downloaded roughly 58 million times over the past year, according to an analysis by app intelligence firm Appfigures. Every June at Apple's Worldwide Developers Conference, the iPhone maker teases the upcoming releases of its software and operating systems, which often include features previously only available through third-party apps. The practice is so common now it's even been given a name: "sherlocking" -- a reference to a 1990s search app for Mac that borrowed features from a third-party app known as Watson. Now when Apple launches a new feature that was before the domain of a third-party app, it's said to have "sherlocked" the app. [...]

In an analysis of third-party apps that generated more than 1,000 downloads per year, Appfigures discovered several genres that had found themselves in Apple's crosshairs in 2024. In terms of worldwide gross revenue, these categories have generated significant income over the past 12 months, with the trail app category making the most at $307 million per year, led by market leader and 2023 Apple "App of the Year" AllTrails. Grammar helper apps, like Grammarly and others, also generated $35.7 million, while math helpers and password managers earned $23.4 million and $20.3 million, respectively. Apps for making custom emoji generated $7 million, too. Of these, trail apps accounted for the vast majority of "potentially sherlocked" revenue, or 78%, noted Appfigures, as well as 40% of downloads of sherlocked apps. In May 2024, they accounted for an estimated $28.8 million in gross consumer spending and 2.5 million downloads, to give you an idea of scale.

Many of these app categories were growing quickly, with math solvers having seen revenue growth of 43% year-over-year followed by grammar helpers (+40%), password managers (+38%) and trail apps (+28%). Emoji-making apps, however, were seeing declines at -17% year-over-year. By downloads, grammar helpers had seen 9.4 million installs over the past 12 months, followed by emoji makers (10.6 million), math-solving apps (9.5 million) and password managers (457,000 installs). "Although these apps certainly have dedicated user bases that may not immediately choose to switch to a first-party offering, Apple's ability to offer similar functionality built-in could be detrimental to their potential growth," concludes TechCrunch's Sarah Perez. "Casual users may be satisfied by Apple's 'good enough' solutions and won't seek out alternatives."

Google is discontinuing its experimental Notes feature in Search Labs, the company confirmed on Wednesday. The feature, launched in November, allowed users to add comments and tips to search results and Discover content. It aimed to create a community-driven platform within Google's ecosystem, similar to social media forums.

Delta Air Lines CEO Ed Bastian had stark words for competing airlines that depend on selling low-priced tickets to stay alive. From a report: "You cannot, if you are on the lower end of the industry's food chain, continue to post losses, particularly given the health of the demand set we've seen over these last couple of years," Bastian said as Delta reported disappointing second-quarter financials and warned things could get even worse.

Airlines that can't break even "will not be given the opportunity to continue to run business models they have," he added. Bastian's comments came in response to a question about the potential for structural changes within the industry as many airlines struggle to remain profitable. [...] A big contributor to the lower profits was lower airfares and extra capacity, especially in economy class,

An anonymous reader a report:Google is no longer trying to index the entire web. In fact, it's become extremely selective, refusing to index most content. This isn't about content creators failing to meet some arbitrary standard of quality. Rather, it's a fundamental change in how Google approaches its role as a search engine.

From my experience, Google now seems to operate on a "default to not index" basis. It only includes content in its index when it perceives a genuine need. This decision appears to be based on various factors:
Extreme content uniqueness: It's not enough to write about something that isn't extensively covered. Google seems to require content to be genuinely novel or fill a significant gap in its index.
Perceived authority: Sites that Google considers highly authoritative in their niche may have more content indexed, but even then, it's not guaranteed.
Brand recognition: Well-known brands often see most of their content indexed, while small or unknown bloggers face much stricter selectivity.
Temporary indexing and de-indexing: In practice, Google often indexes new content quite quickly, likely to avoid missing out on breaking news or important updates. Soon after, Google may de-index the content, and it remains de-indexed thereafter. So getting initially indexed isn't necessarily a sign that Google considers your content valuable.

A group calling itself "NullBulge" published a 1.1-TB trove of data late last week that it claims is a dump of Disney's internal Slack archive. From a report: The data allegedly includes every message and file from nearly 10,000 channels, including unreleased projects, code, images, login credentials, and links to internal websites and APIs. The hackers claim they got access to the data from a Disney insider and named the alleged collaborator.

Whether the hackers actually had inside help remains unconfirmed; they could also have plausibly used info-stealing malware to compromise an employee's account. Disney did not confirm the breach or return multiple requests for comment about the legitimacy of the stolen data. A Disney spokesperson told the Wall Street Journal that the company "is investigating this matter." The data, which appears to have been first published on Thursday, was posted on BreachForums and later taken down, but it is still live on mirror sites. The hacker said they breached Disney in protest against AI-generated artwork.

Amazon is now monitoring the hours corporate employees spend in the office. From a report: This move is intended to crack down on people who are trying to skirt the company's return-to-office policy, Business Insider has learned. Several teams across Amazon, including the retail and cloud-computing units, were told in recent months that a minimum of two hours per visit is required to count as office attendance, according to multiple screenshots of internal Slack messages obtained by BI and people familiar with the matter. Some teams have been told to stay at least six hours per visit.

Amazon's goal is to ramp up scrutiny of "coffee badging," some of the Slack messages said. Coffee badging refers to employees who badge in, get coffee, and leave the office shortly to satisfy their return-to-office mandate. Amazon started requiring office attendance for most corporate staffers three times a week last year, but it didn't have a minimum-hour obligation for each visit.

Speaking of crypto, BlackRock's co-founder and CEO Larry Fink is now embracing crypto more than ever. From a report: In an interview with CNBC on Monday, he mentioned that he had abandoned his initial skepticism of cryptocurrencies like Bitcoin. He now firmly believes that there is a place for crypto in the average investor's portfolio. "I believe Bitcoin is legitimate. I'm not saying there aren't misuses like everything else, but it is a legitimate financial instrument that allows you to have uncorrelated returns," Fink told CNBC host Jim Cramer.

When asked whether the U.S. budget deficit makes a case for investing in crypto, Fink responded, "absolutely." He added that crypto can help buyers hedge against countries that are devaluing their currencies.

A judge in the UK High Court has directed prosecutors to consider bringing criminal charges against computer scientist Craig Wright, after ruling that he lied "extensively and repeatedly" and committed forgery "on a grand scale" in service of his quest to prove he is Satoshi Nakamoto, creator of bitcoin. From a report: In a judgment published Tuesday, Justice James Mellor outlined various injunctions to be imposed upon Wright, after finding in May that he had "engaged in the deliberate production of false documents to support false claims [to be Satoshi] and use the Courts as a vehicle for fraud."

By order of the judge, Wright will be prevented from claiming publicly that he is Satoshi and from bringing or threatening legal action in any jurisdiction on that basis. He will be required to pin a notice to the front page of his personal website and X feed detailing the findings against him. The matter, Mellor writes, will also be referred to the Crown Prosecution Service (CPS), the body responsible for prosecuting criminal cases in the UK, "for consideration of whether a prosecution should be commenced against Dr Wright." It will be up to the CPS to decide whether the available evidence is sufficient to bring charges against Wright "for his wholescale perjury and forgery of documents" and "whether a warrant for his arrest should be issued."

The latest release of MySQL has underwhelmed some commentators who fear Oracle -- the custodian of the open source database -- may have other priorities. From a report: Earlier this month, Oracle -- which has long marketed its range of proprietary database systems -- published the 9.0 version as an "Innovation Release" of MySQL. MySQL 9.0 is now among the three iterations Oracle supports. The others include 8.0 (8.0.38) and the first update of the 8.4 LTS (8.4.1).

[...] In June, Peter Zaitsev, an early MySQL engineer and founder of open source consultancy Percona, said he feared the lack of features in MySQL was a result of Oracle's focus on Heatwave, a proprietary analytics database built on MySQL. He had previously defended Oracle's stewardship of the open source database. The release of MySQL 9.0 has not assuaged those concerns, said colleague Dave Stokes, Percona technology evangelist. It had not lived up to the previous 8.0 release, which arrived with many new features. "MySQL 9.0 is supposed to be an 'innovation release' where [Oracle offers] access to the latest features and improvements and [users] enjoy staying on top of the latest technologies," he said. However, he pointed out most more innovative features, such as vector support and embedded JavaScript store procedures, were not in the free MySQL Community Edition and were only available on the paid-for HeatWave edition. "The ability to store the output of an EXPLAIN command to a variable is not the level of new feature hoped for," he said.

NASA: The stars above and on Earth aligned as an inspirational message and lyrics from the song "The Rain (Supa Dupa Fly)" by hip-hop artist Missy Elliott were beamed to Venus via NASA's DSN (Deep Space Network). The agency's Jet Propulsion Laboratory in Southern California sent the transmission at 10:05 a.m. PDT on Friday, July 12. As the largest and most sensitive telecommunication service of NASA's Space Communications and Navigation (SCaN) program, the DSN has an array of giant radio antennas that allow missions to track, send commands, and receive scientific data from spacecraft venturing to the Moon and beyond. To date, the system has transmitted only one other song into space, making the transmission of Elliott's song a first for hip-hop and NASA.

"Both space exploration and Missy Elliott's art have been about pushing boundaries," said Brittany Brown, director, Digital and Technology Division, Office of Communications at NASA Headquarters in Washington, who initially pitched ideas to Missy's team to collaborate with the agency. "Missy has a track record of infusing space-centric storytelling and futuristic visuals in her music videos, so the opportunity to collaborate on something out of this world is truly fitting." The song traveled about 158 million miles (254 million kilometers) from Earth to Venus -- the artist's favorite planet. Transmitted at the speed of light, the radio frequency signal took nearly 14 minutes to reach the planet. The transmission was made by the 34-meter (112-foot) wide Deep Space Station 13 (DSS-13) radio dish antenna, located at the DSN's Goldstone Deep Space Communications Complex, near Barstow in California. Coincidentally, the DSS-13 also is nicknamed Venus.

AI companies are generally secretive about their sources of training data, but an investigation by Proof News found some of the wealthiest AI companies in the world have used material from thousands of YouTube videos to train AI. Companies did so despite YouTube's rules against harvesting materials from the platform without permission. From a report: Our investigation found that subtitles from 173,536 YouTube videos, siphoned from more than 48,000 channels, were used by Silicon Valley heavyweights, including Anthropic, Nvidia, Apple, and Salesforce. The dataset, called YouTube Subtitles, contains video transcripts from educational and online learning channels like Khan Academy, MIT, and Harvard. The Wall Street Journal, NPR, and the BBC also had their videos used to train AI, as did The Late Show With Stephen Colbert, Last Week Tonight With John Oliver, and Jimmy Kimmel Live.

Proof News also found material from YouTube megastars, including MrBeast (289 million subscribers, two videos taken for training), Marques Brownlee (19 million subscribers, seven videos taken), Jacksepticeye (nearly 31 million subscribers, 377 videos taken), and PewDiePie (111 million subscribers, 337 videos taken). Some of the material used to train AI also promoted conspiracies such as the "flat-earth theory." Further reading: YouTube Says OpenAI Training Sora With Its Videos Would Break Rules.

The climate crisis is causing the length of each day to get longer, analysis shows, as the mass melting of polar ice reshapes the planet. From a report: The phenomenon is a striking demonstration of how humanity's actions are transforming the Earth, scientists said, rivalling natural processes that have existed for billions of years. The change in the length of the day is on the scale of milliseconds but this is enough to potentially disrupt internet traffic, financial transactions and GPS navigation, all of which rely on precise timekeeping.

The length of the Earth's day has been steadily increasing over geological time due to the gravitational drag of the moon on the planet's oceans and land. However, the melting of the Greenland and Antarctic ice sheets due to human-caused global heating has been redistributing water stored at high latitudes into the world's oceans, leading to more water in the seas nearer the equator. This makes the Earth more oblate -- or fatter -- slowing the rotation of the planet and lengthening the day still further.

The planetary impact of humanity was also demonstrated recently by research that showed the redistribution of water had caused the Earth's axis of rotation -- the north and south poles -- to move. Other work has revealed that humanity's carbon emissions are shrinking the stratosphere.

Microsoft's investment into Inflection AI will get a full-blown UK antitrust probe, after the watchdog said it needed to take a closer look at the hiring of former employees from the artificial intelligence startup. From a report: The Competition and Markets Authority said Tuesday it was opening the formal phase one merger probe into the partnership, setting a Sept. 11 deadline on whether to escalate it to an in-depth investigation. The agency has been swift to act against big tech's AI startup investments after it found a pattern of large tech firms piling money into start ups.

Last week, the U.S. Senate introduced a new bill to outlaw the unethical use of AI-generated content and deepfake technology. Called the Content Origin Protection and Integrity from Edited and Deepfaked Media Act (COPIED Act), the bill would "set new federal transparency guidelines for marking, authenticating and detecting AI-generated content, protect journalists, actors and artists against AI-driven theft, and hold violators accountable for abuses." TechSpot reports: Proposed and sponsored by Democrats Maria Cantwell of Washington and Martin Heinrich of New Mexico, along with Republican Marsha Blackburn of Tennessee, the aims to establish enforceable transparency standards in AI development [such a through watermarking]. The legislation also wants to curb unauthorized data use in training models. The senators intend to task the National Institutes of Standards and Technology with developing sensible transparency guidelines should the bill pass. [...] The senators feel that clarifying and defining what is okay and what is not regarding AI development is vital in protecting citizens, artists, and public figures from the harm that misuse of the technology could cause, particularly in creating deepfakes. The text of the bill can be read here.