Toyota and BMW are two of the latest automakers to announce they're adopting Tesla's North American Charging System (NACS) plug for their North American EVs, giving drivers access to Tesla's Supercharger network. Ars Technica reports: BMW's announcement applies to all its car brands, which means that in addition to EVs like the BMW i5 or i7, it's also swapping over to NACS for the upcoming Mini EVs as well as the Rolls-Royce Spectre. BMW will start adding native NACS ports to its EVs in 2025, and that same year its customers will gain access to the Tesla Supercharger network. BMW's release doesn't explicitly mention a CCS1-NACS adapter being made available, but it does say that BMW (and Mini and Rolls-Royce) EVs with CCS1 ports will be able to use Superchargers from early 2025.

Similarly, the Toyota news applies to its brand as well as Lexus. Toyota says that it will start incorporating NACS ports into "certain Toyota and Lexus BEVs starting in 2025." And customers with Toyota or Lexus EVs that have a CCS1 port will be offered an adapter allowing them to use NACS chargers, also in 2025. And -- you guessed it -- 2025 is when Toyota and Lexus EVs gain access to the Supercharger network. While virtually all the brands that sell EVs in the North American market have announced the switch, there are still a couple holdouts. Stellantis has yet to make the switch, "meaning Alfa Romeo, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram are all sticking with CCS1 for now," reports Ars.

"Volkswagen Group has also yet to take the plunge, which means that Audi and Porsche are also staying with CCS1 for now, as well as the soon-to-be-reborn Scout brand." That said, they're expected to announce a switch to the NACS plug any day now.

Jessica Lyons Hardcastle reports via The Register: Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries. ClassPad is Casio's education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of "items" belonging to individuals and organizations around the globe. As of October 18, the crooks accessed 91,921 items belonging to Japanese customers, including individuals and 1,108 educational institution customers, as well as 35,049 items belonging to customers from 148 other countries. If Casio finds additional customers were compromised, it promises to update this count.

The data included customers' names, email addresses, country of residence, purchasing info including order details, payment method and license code, and service usage info including log data and nicknames. Casio noted that it doesn't not retain customers' credit card information, so presumably people's banking info wasn't compromised in the hack. An employee discovered the incident on October 11 while attempting to work in the corporate dev environment and spotted the database failure. "At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management," the official notice said. "Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access." The intruder didn't access the ClassPad.net app, according to Casio, so that is still available for use.

Amazon announced today that it plans to expand its Prime Air drone delivery program to Italy and United Kingdom, as well as one more yet-to-be-named U.S. city. "The new Prime Air locations will be announced in the coming months, with an anticipated launch date of late 2024," reports The Verge. From the report: Another step by Amazon today suggests it's ready to make drones a more serious part of its actual delivery network. The company said it plans to add Prime Air delivery to its existing fulfillment network -- specifically by adding delivery drones to some of its same-delivery sites. Prime Air drones currently only operate out of the two standalone sites in Texas and California, so expanding drones to other sites means a wider delivery range and closer integration with Amazon's delivery network.

Amazon also gave us a sneak peek of its new Prime Air delivery drone that it claims flies twice as far as its current model. Even more critically, the drones will be able to operate in light rain and what Amazon calls more "diverse weather." The company released photos of the MK30 drone today, which it said will replace its existing delivery drones by late 2024.

The MK30 is also smaller and quieter than the existing Prime Air model, Amazon claims. The new drone can deliver objects of up to five pounds, with a typical delivery time of "one hour or less." The new drone includes a "sense and avoid" feature that can help it avoid pets, people, and property. The new design will hopefully result in smoother flights. "Not only will this help boost the economy, offering consumers even more choice while helping keep the environment clean with zero emission technology, but it will also build our understanding how to best use the new technology safely and securely," said UK's Aviation Minister Baroness Vere in a statement in Amazon's announcement.

The Five Eyes countries' intelligence chiefs came together on Tuesday to accuse China of intellectual property theft and using artificial intelligence for hacking and spying against the nations, in a rare joint statement by the allies. From a report: The officials from the United States, Britain, Canada, Australia and New Zealand - known as the Five Eyes intelligence sharing network - made the comments following meetings with private companies in the U.S. innovation hub Silicon Valley. U.S. FBI Director Christopher Wray said the "unprecedented" joint call was meant to confront the "unprecedented threat" China poses to innovation across the world.

From quantum technology and robotics to biotechnology and artificial intelligence, China was stealing secrets in various sectors, the officials said. "China has long targeted businesses with a web of techniques all at once: cyber intrusions, human intelligence operations, seemingly innocuous corporate investments and transactions," Wray said. "Every strand of that web had become more brazen, and more dangerous." In response, Chinese government spokesman Liu Pengyu said the country was committed to intellectual property protection.

Christopher Grimes reports via the Financial Times: Some of Netflix's competitors are reversing a streaming war tactic by licensing their old TV shows and movies to the streamer -- boosting its programming offerings but also potentially squeezing its profit margins, analysts say. Netflix relied heavily on programming that it licensed from other companies when it launched its streaming service in 2007. But after Walt Disney, NBCUniversal, Paramount and the then Time Warner launched their own streaming services, they pulled many of their shows from Netflix to avoid feeding a company that had grown into an arch-competitor. With legacy media groups under pressure to produce streaming profits, however, licensing revenue is looking attractive again -- even if it comes from Netflix. This summer, Warner Bros Discovery's HBO network began licensing a handful of older shows to Netflix, including Insecure, Six Feet Under, Ballers and Band of Brothers.

Analysts at Morgan Stanley said the return of licensing deals was a "long-term positive" for Netflix and would "pad" its lead over competitors in streaming. But the bank added that the cost of licensing -- along with the Netflix's investments in gaming and other sectors -- could add pressure to its profit margins in 2024. The analysts raised their outlook for Netflix's overall cash spending next year by $500mn to $17.7bn. Netflix will report results on Wednesday, with investors expected to focus on whether it plans to increase subscription prices and signs of progress on its new advertising tier. The latest data on its password sharing crackdown will also be watched.

[T]he studios' experiments with licensing deals appear to have given some old shows new life. After NBCUniversal licensed its show Suits -- which aired from 2011-19 and starred Meghan Markle -- to Netflix in June, the show experienced a revival. The legal drama was in the top spot on the Nielsen Streaming top 10 for three months, an example of the "Netflix effect" on older shows. Bloys said licensing shows to Netflix had also boosted traffic for the programs on Warner Discovery's Max streaming platform, home to HBO programming including Ballers, a sports drama that ran from 2015-19. Ballers entered the Nielsen top 10 after it went to Netflix, and Insecure, a comedy starring Issa Rae that ran from 2016-21, had a similar boost.

Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo, has been sentenced to five years in prison for wire fraud. From a report: Golestan's sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.

In 2018, ARIN sued Golestan and Micfo, alleging they had obtained hundreds of thousands of IP addresses under false pretenses. ARIN and Micfo settled that dispute in arbitration, with Micfo returning most of the addresses that it hadn't already sold. ARIN's civil case caught the attention of federal prosecutors in South Carolina, who in May 2019 filed criminal wire fraud charges against Golestan, alleging he'd orchestrated a network of shell companies and fake identities to prevent ARIN from knowing the addresses were all going to the same buyer.

Jon Brodkin reports via Ars Technica: An advertising industry group urged Comcast to stop its "10G" ads or modify them to state that 10G is an "aspirational" technology rather than something the company actually provides on its cable network today. The National Advertising Division (NAD), part of the advertising industry's self-regulatory system run by BBB National Programs, ruled against Comcast after a challenge lodged by T-Mobile. In its decision announced Thursday, the NAD recommended that Comcast "discontinue its '10G' claims" or "modify its advertising to (a) make clear that it is implementing improvements that will enable it to achieve '10G' and that it is aspirational or (b) use '10G' in a manner that is not false or misleading, consistent with this decision."

Comcast plans to appeal the decision, so it won't make any changes to marketing immediately. If Comcast loses the appeal and agrees to change its practices, it would affect more than just a few ads because Comcast now calls its entire broadband network "10G." "In February 2023, Comcast rebranded its fixed Internet network as 'Xfinity 10G Network' to signify technological upgrades to its network that are continuing to be implemented," the NAD said. Comcast's website claims that the "Xfinity 10G Network is already here! You'll see continual increases in network speed and reliability. No action is required on your part to join the Xfinity 10G Network." It also claims that 10G is "complementary" to the 5G mobile network.

An anonymous reader shared this report from Neowin: The various versions of Windows have used Kerberos as its main authentication protocol for over 20 years. However, in certain circumstances, the OS has to use another method, NTLM (NT LAN Manager). Today, Microsoft announced that it is expanding the use of Kerberos, with the plan to eventually ditch the use of NTLM altogether.

In a blog post, Microsoft stated that NTLM continues to be used by some businesses and organizations for Windows authentication because it "doesn't require local network connection to a Domain Controller." It also is "the only protocol supported when using local accounts" and it "works when you don't know who the target server is." Microsoft states:

These benefits have led to some applications and services hardcoding the use of NTLM instead of trying to use other, more modern authentication protocols like Kerberos. Kerberos provides better security guarantees and is more extensible than NTLM, which is why it is now a preferred default protocol in Windows. The problem is that while businesses can turn off NTLM for authentication, those hardwired apps and services could experience issues. That's why Microsoft has added two new authentication features to Kerberos.
Microsoft's blog post calls it "the evolution of Windows authentication," arguing that "As Windows evolves to meet the needs of our ever-changing world, the way we protect users must also evolve to address modern security challenges..." So, "our team is building new features for Windows 11."

• Initial and Pass Through Authentication Using Kerberos, or IAKerb, "a public extension to the industry standard Kerberos protocol that allows a client without line-of-sight to a Domain Controller to authenticate through a server that does have line-of-sight."

• A local Key Distribution Center (KDC) for Kerberos, "built on top of the local machine's Security Account Manager so remote authentication of local user accounts can be done using Kerberos."

• "We are also fixing hard-coded instances of NTLM built into existing Windows components... shifting these components to use the Negotiate protocol so that Kerberos can be used instead of NTLM... NTLM will continue to be available as a fallback to maintain existing compatibility."

• "We are also introducing improved NTLM auditing and management functionality to give your organization more insight into your NTLM usage and better control for removing it."

"Reducing the use of NTLM will ultimately culminate in it being disabled in Windows 11. We are taking a data-driven approach and monitoring reductions in NTLM usage to determine when it will be safe to disable."

Ashley Belanger reports via Ars Technica: This month, more than three dozen victims allegedly terrorized by stalkers using Apple AirTags have joined a class-action lawsuit filed in a California court last December against Apple. They alleged in an amended complaint (PDF) that, partly due to Apple's negligence, AirTags have become "one of the most dangerous and frightening technologies employed by stalkers" because they can be easily, cheaply, and covertly used to determine "real-time location information to track victims." Since the lawsuit was initially filed in 2022, plaintiffs have alleged that there has been an "explosion of reporting" showing that AirTags are frequently being used for stalking, including a spike in international AirTags stalking cases and more than 150 police reports in the US as of April 2022. More recently, there were 19 AirTags stalking cases in one US metropolitan area -- Tulsa, Oklahoma -- alone, the complaint said.

This seeming escalation is concerning, plaintiffs say, because Apple allegedly has not done enough to mitigate harms, and AirTags stalking can lead to financial ruin, as victims bear significant costs like hiring mechanics to strip their cars to locate AirTags or repeatedly relocating their homes. AirTags stalking can also end in violence, including murder, plaintiffs alleged, and the problem is likely bigger than anyone knows, because stalking is historically underreported. [...] Many plaintiffs said they had no clue what AirTags were when they first discovered hidden AirTags were being used to monitor their moves. At the very least, plaintiffs want Apple to be responsible for raising awareness of how AirTags are used by stalkers -- not just to inform people who are at risk of stalking but also to ensure law enforcement is aware. Plaintiffs have alleged that Apple did not provide information to police that prevented them from accessing protective orders and pressing criminal charges. The complaint also suggested other remedies Apple could provide, like improving the consistency of AirTag alerts, which plaintiffs claimed only sometimes appeared on iPhones, so that users are always aware when an AirTag is nearby. "Apple continues to find itself in the position of reacting to the harms its product has unleashed, as opposed to prophylactically preventing those harms," the complaint said.

A technology specialist for the National Network to End Domestic Violence, Corbin Streett, is also quoted in the complaint, pointing out that Apple's threat model seemed to only consider risks of strangers using AirTags for unwanted stalking, not abusive partners. That's a problem since advocacy groups like the federally funded Stalking Prevention, Awareness, & Resource Center report (PDF) that the "vast majority of stalking victims are stalked by someone they know" and "intimate partner stalkers are the most likely stalkers to approach, threaten, and harm their victims." "I hope Apple keeps their learning hat on and works to figure out that piece of the puzzle," Streett said.

Jessica Lyons Hardcastle reports via The Register: The European Telecommunications Standards Institute (ETSI) may open source the proprietary encryption algorithms used to secure emergency radio communications after a public backlash over security flaws found this summer. "The ETSI Technical Committee in charge of TETRA algorithms is discussing whether to make them public," Claire Boyer, a spokesperson for the European standards body, told The Register. The committee will discuss the issue at its next meeting on October 26, she said, adding: "If the consensus is not reached, it will go to a vote."

TETRA is the Terrestrial Trunked Radio protocol, which is used in Europe, the UK, and other countries to secure radio communications used by government agencies, law enforcement, military and emergency services organizations. In July, a Netherlands security biz uncovered five vulnerabilities in TETRA, two deemed critical, that could allow criminals to decrypt communications, including in real-time, to inject messages, deanonymize users, or set the session key to zero for uplink interception. At the time ETSI downplayed the flaws, which it said had been fixed last October, and noted that "it's not aware of any active exploitation of operational networks."

At the time ETSI downplayed the flaws, which it said had been fixed last October, and noted that "it's not aware of any active exploitation of operational networks." It did, however, face criticism from the security community over its response to the vulnerabilities -- and the proprietary nature of the encryption algorithms, which makes it more difficult for proper pentesting of the emergency network system. "This whole idea of secret encryption algorithms is crazy, old-fashioned stuff," said security author Kim Zetter who first reported the story. "It's very 1960s and 1970s and quaint. If you're not publishing [intentionally] weak algorithms, I don't know why you would keep the algorithms secret."

Schools for children of military members achieve results rarely seen in public education. From a report: Amy Dilmar, a middle-school principal in Georgia, is well aware of the many crises threatening American education. The lost learning that piled up during the coronavirus pandemic. The gaping inequalities by race and family income that have only gotten worse. A widening achievement gap between the highest- and lowest-performing students. But she sees little of that at her school in Fort Moore, Ga. The students who solve algebra equations and hone essays at Faith Middle School attend one of the highest-performing school systems in the country. It is run not by a local school board or charter network, but by the Defense Department. With about 66,000 students -- more than the public school enrollment in Boston or Seattle -- the Pentagon's schools for children of military members and civilian employees quietly achieve results most educators can only dream of.

On the National Assessment of Educational Progress, a federal exam that is considered the gold standard for comparing states and large districts, the Defense Department's schools outscored every jurisdiction in math and reading last year and managed to avoid widespread pandemic losses. Their schools had the highest outcomes in the country for Black and Hispanic students, whose eighth-grade reading scores outpaced national averages for white students. Eighth graders whose parents only graduated from high school -- suggesting lower family incomes, on average -- performed as well in reading as students nationally whose parents were college graduates. The schools reopened relatively quickly during the pandemic, but last year's results were no fluke. While the achievement of U.S. students overall has stagnated over the last decade, the military's schools have made gains on the national test since 2013. And even as the country's lowest-performing students -- in the bottom 25th percentile -- have slipped further behind, the Defense Department's lowest-performing students have improved in fourth-grade math and eighth-grade reading.

SpaceX quietly published a new "Starlink Direct to Cell" webpage highlighting the company's forthcoming cell service for mobile phones. MobileSyrup reports: The new 'Starlink Direct to Cell' page boasts "seamless access to text, voice, and data for LTE phones across the globe" and notes that the company is targeting text capabilities in 2024, followed by voice and data capabilities in 2025. Internet of Things (IoT) support may also arrive in 2025. Starlink also advertises that the direct-to-cell system would work with "existing LTE phones wherever you can see the sky" and wouldn't require any changes to hardware, firmware, or special apps. The page also explains that Starlink Direct to Cell would use "an advanced eNodeB modem" that "acts like a cellphone tower in space." The system would allow network integration "similar to a standard roaming partner." Last year, SpaceX announced a partnership with T-Mobile, allowing users' mobile phones to connect directly with Starlink satellites in orbit. SpaceX said it was hoping to launch the service later this year but the company has been mum on the progress.

An anonymous reader quotes a report from Ars Technica: Facebook may have to overhaul its entire ad-targeting system after a California court ruled (PDF) last month that the platform's practice of routinely targeting ads by age, gender, and other protected categories violates a state anti-discrimination law. The decision came after a 48-year-old Facebook user, Samantha Liapes, fought for years to prove that Facebook had discriminated against her as an older woman using the platform's ad-targeting system to shop for life insurance policies.

Liapes filed a class-action lawsuit against Facebook in 2020. In her complaint, Liapes alleged that "Facebook requires all advertisers to choose the age and gender of its users who will receive ads, and companies offering insurance products routinely tell it to not send their ads to women or older people." Further, she alleged that Facebook's ad-delivery algorithm magnifies the problem by using these required inputs to serve the ads to "lookalike audiences." Through its algorithm, Liapes alleged that she found that Facebook "discriminates against women and older people," by intentionally excluding them from seeing certain life insurance ads. This, Liapes alleged, caused harm by preventing her from signing up for deals that "often change and may expire" -- deals which she said were disproportionately being advertised on Facebook to younger and/or male audiences. As evidence, Liapes pointed to ads that Facebook did not serve to her -- allegedly because advertisers used the platform's Audience Selection and Lookalike Audience tools to exclude her -- as an older woman [...]. "As a result, she had a harder time learning about those products or services," Liapes' complaint alleged. [...]

Initially, a court agreed with Facebook's arguments that Liapes had not provided sufficient evidence establishing Facebook's intent or demonstrating harms caused, but rather than amend her complaint, Liapes appealed. Then, in what tech law expert Eric Goldman on his blog called a "shocking conclusion," a California court last month reversed that initial decision, finding instead that Facebook's ad-targeting tools are not neutral, discriminate against users by age and gender, and are not immune under Section 230 of the Communications Decency Act. Goldman -- who joked that Liapes wanting more Facebook ads is "a desire shared by almost no one" -- said that the potential impact of this ruling goes beyond possibly shaking up Facebook's ad system. It also seemingly implicates every other ad network by finding that "any gender- or age-based ad targeting for any product or service (and targeting based on any other protected characteristics) could violate the Unruh Act." If the ruling is upheld, that could "have devastating effects on the entire Internet ecosystem," Goldman warned. "The court's single-minded determination to find a valid discrimination claim under these conditions casts a long and troubling shadow over the online advertising industry," Goldman wrote in his blog. "Who needs new privacy laws if the Unruh Act already bans most ad targeting?"

"The opinion never expressly says that the Unruh Act regulates ad targeting," Goldman told Ars. "It takes some reading between the lines to reach that conclusion."

A network connectivity error caused Mastodon to severely undercount its users. According to founder and CEO Eugen Rochko, the decentralized social network actually has 407,814 more monthly active users than it had been reporting previously. "The adjustment also included a gain of 2.34 million registered users across an additional 727 servers that had not been counted due to the error," reports TechCrunch. From the report: The issue was impacting the metrics reported on Mastodon's statistics aggregator on its joinmastodon.org/servers page, which had been undercounting users between October 2 and October 8. This issue has now been resolved, Rochko said. That leaves Mastodon with a total of 1.8 million monthly active users at present, an increase of 5% month-over-month and 10,000 servers, up 12% -- a testament to Mastodon's current upward swing at a time when the nature of X continues to remain in flux.

Amy Hawkins reports via The Guardian: A programmer in northern China has been ordered to pay more than 1 million yuan to the authorities for using a virtual private network (VPN), in what is thought to be the most severe individual financial penalty ever issued for circumventing China's "great firewall." The programmer, surnamed Ma, was issued with a penalty notice by the public security bureau of Chengde, a city in Hebei province, on August 18. The notice said Ma had used "unauthorised channels" to connect to international networks to work for a Turkish company. The police confiscated the 1.058m yuan ($145,092) Ma had earned as a software developer between September 2019 and November 2022, describing it as "illegal income," as well as fining him 200 yuan ($27). Charlie Smith (a pseudonym), the co-founder of GreatFire.org, a website that tracks internet censorship in China, said: "Even if this decision is overturned in court, a message has been sent and damage has been done. Is doing business outside of China now subject to penalties?"

An anonymous reader quotes a report from TechCrunch: Several groups of hacktivists have targeted Israeli websites with floods of malicious traffic following a surprise land, sea and air attack launched against Israel by militant group Hamas on Saturday, which prompted Israel to declare war and retaliate. Israeli newspaper The Jerusalem Post reported Monday that since Saturday morning its website was down "due to a series of cyberattacks initiated against us." At the time of writing, the paper's website still appeared down.

Rob Joyce, director of cybersecurity at the National Security Agency, reportedly said at a conference on Monday that there have been denial of service (DDoS) attacks and defacements of websites, without attributing the cyberattacks to particular groups. "But we're not yet seeing real [nation] state malicious actors," Joyce reportedly said. [...] Joyce's remarks appear to confirm findings of security researcher Will Thomas, who told TechCrunch that he has seen more than 60 websites taken down with DDoS attacks, and more than five websites that were defaced as of Monday.

It is common for hacktivist groups to launch cyberattacks during armed conflict, similar to what happened in Ukraine. These hackers are often not affiliated with any governments but rather a decentralized group of politically motivated hackers. Their activities can disrupt websites and services, but are far more limited compared to the activities of nation-state hacking groups. Researchers and government agencies like the NSA say they have only seen activity by hacktivists so far in this Hamas-Israel conflict. "The thing that has surprised me about the hacktivism surrounding this conflict is the amount of international groups involved, such as those allegedly from Bangladesh, Pakistan, and Morocco all also targeting Israel in support of Palestine," said Thomas. "We also seen long-time threat actors returning who have participated in attacks and spread them using the hashtag #OpIsrael for years."

"I have seen several posts of cybercriminal service operators such as DDoS-for-Hire or Initial Access Brokers offering their services to those wanting to target Israel or Palestine," he added.

AI startup Anthropic, writing in a blog post: Neural networks are trained on data, not programmed to follow rules. With each step of training, millions or billions of parameters are updated to make the model better at tasks, and by the end, the model is capable of a dizzying array of behaviors. We understand the math of the trained network exactly -- each neuron in a neural network performs simple arithmetic -- but we don't understand why those mathematical operations result in the behaviors we see. This makes it hard to diagnose failure modes, hard to know how to fix them, and hard to certify that a model is truly safe. Neuroscientists face a similar problem with understanding the biological basis for human behavior. The neurons firing in a person's brain must somehow implement their thoughts, feelings, and decision-making. Decades of neuroscience research has revealed a lot about how the brain works, and enabled targeted treatments for diseases such as epilepsy, but much remains mysterious. Luckily for those of us trying to understand artificial neural networks, experiments are much, much easier to run. We can simultaneously record the activation of every neuron in the network, intervene by silencing or stimulating them, and test the network's response to any possible input.

Unfortunately, it turns out that the individual neurons do not have consistent relationships to network behavior. For example, a single neuron in a small language model is active in many unrelated contexts, including: academic citations, English dialogue, HTTP requests, and Korean text. In a classic vision model, a single neuron responds to faces of cats and fronts of cars. The activation of one neuron can mean different things in different contexts. In our latest paper, Towards Monosemanticity: Decomposing Language Models With Dictionary Learning , we outline evidence that there are better units of analysis than individual neurons, and we have built machinery that lets us find these units in small transformer models. These units, called features, correspond to patterns (linear combinations) of neuron activations. This provides a path to breaking down complex neural networks into parts we can understand, and builds on previous efforts to interpret high-dimensional systems in neuroscience, machine learning, and statistics. In a transformer language model, we decompose a layer with 512 neurons into more than 4000 features which separately represent things like DNA sequences, legal language, HTTP requests, Hebrew text, nutrition statements, and much, much more. Most of these model properties are invisible when looking at the activations of individual neurons in isolation.

An anonymous reader quotes a report from SecurityWeek: Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before they are delivered to resellers, physical retail stores, and e-commerce warehouses, a backdoor was injected into their firmware. "Products known to contain the backdoor have been found on public school networks throughout the United States," Human says.

Discovered in 2016, Triada is a modular trojan residing in a device's RAM, relying on the Zygote process to hook all applications on Android, actively using root privileges to substitute system files. Over time, the malware went through various iterations and was found pre-installed on low-cost Android devices on at least two occasions. As part of the BadBox operation that Human Security discovered, the infected low-cost Android devices allow threat actors to carry out various ad-fraud schemes, including one named PeachPit, which at its peak relied on 121,000 Android and 159,000 iOS devices infected with malware, and on 39 Android, iOS, and CTV-centric apps designed to connect to a fake supply-side platform (SSP).

One of the modules delivered to the infected devices from the command-and-control (C&C) server allows the creation of WebViews that are fully hidden from the user, but which "are used to request, render, and click on ads, spoofing the ad requests to look like they're coming from certain apps, referred by certain websites, and rendered" on specific devices. BadBox, Human Security notes, also includes a residential proxy module that allows the threat actors to sell access to the victim's network. Furthermore, they can create WhatsApp messaging accounts and Gmail accounts they can then use for other malicious activities. "Finally, because of the backdoor's connection to C2 servers on BadBox-infected smartphones, tablets, and CTV boxes, new apps or code can be remotely installed by the threat actors without the device owner's permission. The threat actors behind BadBox could develop entirely new schemes and deploy them on BadBox-infected devices without any interaction from the devices' owners," Human notes.

The National Security Agency (NSA), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), have highlighted the ten most common cybersecurity misconfigurations in large organizations. In their join cybersecurity advisory (CSA), they also detail the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. From the report: Through NSA and CISA Red and Blue team assessments, as well as through the activities of NSA and CISA Hunt and Incident Response teams, the agencies identified the following 10 most common network misconfigurations:

1. Default configurations of software and applications
2. Improper separation of user/administrator privilege
3. Insufficient internal network monitoring
4. Lack of network segmentation
5. Poor patch management
6. Bypass of system access controls
7. Weak or misconfigured multifactor authentication (MFA) methods
8. Insufficient access control lists (ACLs) on network shares and services
9. Poor credential hygiene
10. Unrestricted code execution

NSA and CISA encourage network defenders to implement the recommendations found within the Mitigations section of this advisory -- including the following -- to reduce the risk of malicious actors exploiting the identified misconfigurations: Remove default credentials and harden configurations; Disable unused services and implement access controls; Update regularly and automate patching, prioritizing patching of known exploited vulnerabilities; and Reduce, restrict, audit, and monitor administrative accounts and privileges.

NSA and CISA urge software manufacturers to take ownership of improving security outcomes of their customers by embracing secure-by-design and-default tactics, including: Embedding security controls into product architecture from the start of development and throughout the entire software development lifecycle (SDLC); Eliminating default passwords; Providing high-quality audit logs to customers at no extra charge; and Mandating MFA, ideally phishing-resistant, for privileged users and making MFA a default rather than opt-in feature. A PDF version of the report can be downloaded here (PDF).

The Biden administration has urged the FCC to adopt strong rules to redress historic shortfalls that have left some communities lacking adequate broadband service. From a report: The position sets up a possible clash with large broadband providers that have warned the FCC, which is set to produce rules by next month, against unnecessary regulations. Clear rules are needed to close the digital divide that leaves millions without adequate broadband, the National Telecommunications and Information Administration said in a statement. The Commerce Department unit advises the president and develops internet policy. "Strong rules are needed to remedy unequal access to internet service, no matter what the cause may be," said Alan Davidson, the assistant secretary of commerce for communications and information, who is also the NTIA's top official. "Rules that combat digital discrimination will bring lasting relief to vulnerable communities that historically have been left behind online."

The FCC is considering regulations to prevent and eliminate digital discrimination of access based on income level, race and other factors, according to Chairwoman Jessica Rosenworcel. Broadband advocates have told the agency they want deep changes that will steer spending into cities. Some urban neighborhoods have suffered from disinvestment dating back to redlining decades ago, when government-aided discriminatory lending patterns starved neighborhoods of housing resources. Many of those areas still aren't prosperous, and haven't seen network upgrades.