Posted by BeauHD from Slashdot
From the deal-or-no-deal department: T-Mobile employees from around the country are reportedly receiving text messages offering them cash in exchange for swapping SIMs. SIM swapping is when cybercriminals trick a cellular service provider into switching a victim's service to a SIM card that they control, essentially hijacking the victim's phone number and gaining access to two-factor authentication codes. From the Mobile Report: The texts offer the employee $300 per SIM swap, and asks the worker to contact them on telegram. The texts all come from a variety of different numbers across multiple area codes, making it more difficult to block. The text also claims they acquired the employee's number "from the T-Mo employee directory." If true, it could mean T-Mobile's employee directory, with contact numbers, has somehow been accessed. It's also possible the bad actor has live/current access to this data, though we consider that less likely due to the fact that some impacted people are former employees who have not worked at the company in months.

Still, the biggest issue here is how this person (or multiple people) obtained the employee phone numbers. We're not sure yet which employees are impacted, but based on comments online it seems at least a few third-party employees are affected, and we've independently confirmed current corporate employees have also received the message. Though we can't say for certain, this likely means the information is not the same data as what was leaked during the Connectivity Source breach [from September]. We can't, however, eliminate that possibility. As mentioned, there are reports that some of the contacted people are former employees, and haven't been employed at T-Mobile for months, so the information being acted upon is likely a few months old at the very least. That being said, we're pretty confident based on corporate employees being included that this is a different source of data being used.
Posted by BeauHD from Slashdot
From the temporarily-halted department: Meta plans to "temporarily" shut down Threads in Turkey from April 29, in response to an interim injunction prohibiting data sharing with Instagram. TechCrunch reports: The Turkish Competition Authority (TCA), known as Rekabet Kurumu, noted on March 18 that its investigations found that Meta was abusing its dominant market position by combining the data of users who create Threads profiles with that of their Instagram account -- without giving users the choice to opt in. [...] In the buildup to April 29, everyone using Threads in Turkey will receive a notification about the impending closure, and they will be given a choice to either delete or deactivate their profile. The latter of these options means a user's profile can be resurrected when and if Threads is available in the country again. "We disagree with the interim order, we believe we are in compliance with all Turkish legal requirements, and we will appeal," Meta wrote in the blog post today. "The TCA's interim order leaves us with no choice but to temporarily shut down Threads in Turkiye. We will continue to constructively engage with the TCA and hope to bring Threads back to people in Turkiye as quickly as possible."
Posted by BeauHD from Slashdot
From the what-to-expect department: Adobe is using its Firefly machine learning model to bring generative AI video tools to Premiere Pro. "These new Firefly tools -- alongside some proposed third-party integrations with Runway, Pika Labs, and OpenAI's Sora models -- will allow Premiere Pro users to generate video and add or remove objects using text prompts (just like Photoshop's Generative Fill feature) and extend the length of video clips," reports The Verge. From the report: Unlike many of Adobe's previous Firefly-related announcements, no release date -- beta or otherwise -- has been established for the company's new video generation tools, only that they'll roll out "this year." And while the creative software giant showcased what its own video model is currently capable of in an early video demo, its plans to integrate Premiere Pro with AI models from other providers isn't a certainty. Adobe instead calls the third-party AI integrations in its video preview an "early exploration" of what these may look like "in the future." The idea is to provide Premiere Pro users with more choice, according to Adobe, allowing them to use models like Pika to extend shots or Sora or Runway AI when generating B-roll for their projects. Adobe also says its Content Credentials labels can be applied to these generated clips to identify which AI models have been used to generate them.
Posted by BeauHD from Slashdot
From the so-far-so-good department: An anonymous reader quotes a report from the Washington Post: The Biden administration marked the close of tax season Monday by announcing it had met a modest goal of getting at least 100,000 taxpayers to file through the Internal Revenue Service's new tax software, Direct File -- an alternative to commercial tax preparers. Although the government had billed Direct File as a small-scale pilot, it still represents one of the most significant experiments in tax filing in decades -- a free platform letting Americans file online directly to the government. Monday's announcement aside, though, Direct File's success has proven highly subjective.

By and large, people who tried the Direct File software -- which looks a lot like TurboTax or other commercial tax software, with its question-and-answer format -- gave it rave reviews. "Against all odds, the government has created an actually good piece of technology," a writer for the Atlantic marveled, describing himself as "giddy" as he used the website to chat live with a helpful IRS employee. The Post's Tech Friend columnist Shira Ovide called it "visible proof that government websites don't have to stink." Online, people tweeted praise after filing their taxes, like the user who called it the "easiest tax experience of my life."

< This article continues on their website >
Posted by BeauHD from Slashdot
From the better-late-than-never department: Roku has made two-factor authentication (2FA) mandatory for all users following two credential stuffing attacks that compromised approximately 591,000 customer accounts and led to unauthorized purchases in fewer than 400 cases. The Register reports: Credential stuffing and password spraying are both fairly similar types of brute force attacks, but the former uses known pairs of credentials (usernames and passwords). The latter simply spams common passwords at known usernames in the hope one of them leads to an authenticated session. "There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," it said in an update to customers. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials."

All accounts now require 2FA to be implemented, whether they were affected by the wave of compromises or not. Roku has more than 80 million active accounts, so only a minority were affected, and these have all been issued mandatory password resets. Compromised or not, all users are encouraged to create a strong, unique password for their accounts, consisting of at least eight characters, including a mix of numbers, symbols, and letter cases. [...] Roku also asked users to remain vigilant to suspicious activity regarding its service, such as phishing emails or clicking on dodgy links to rest passwords -- the usual stuff. "In closing, we sincerely regret that these incidents occurred and any disruption they may have caused," it said. "Your account security is a top priority, and we are committed to protecting your Roku account."
Posted by BeauHD from Slashdot
From the taking-matters-into-his-own-hands department: Michael Larabel reports via Phoronix: Within yesterday's Linux 6.9-rc4 release is an interesting little nugget by Linus Torvalds to battle Kconfig parsers that can't correctly handle tabs but rather just assume spaces for whitespace for this kernel configuration format. Due to a patch having been queued last week to replace a tab with a space character in the kernel tracing Kconfig file, Linus Torvalds decided to take matters into his own hand for Kconfig parsers that can't deal with tabs... Torvalds authored a patch to intentionally add some tabs of his own into Kconfig for throwing off any out-of-tree/third-party parsers that can't correctly handle them. Torvalds added these intentional hidden tabs to the common Kconfig file for handling page sizes for the kernel. Thus sure to cause dramatic and noticeable breakage for any parsers not having tabs correctly.
Posted by Ethan Gach from Kotaku
Destiny 2 is back on the menu thanks to a brilliant new horde mode called Onslaught. As players return to the sci-fi shooter MMO in droves following the free Into The Light update that’s been showering them with loot, a lot of you are no doubt behind on the latest top gear. Fortunately, Apex Predator is arguably the…

< This article continues on their website >
Posted by BeauHD from Slashdot
From the would-you-look-at-that department: An anonymous reader quotes a report from TechCrunch: Dropout's Dungeons & Dragons actual play show, Dimension 20, is getting pretty close to selling out a 19,000-seat venue just hours after ticket sales opened to the general public. To the uninitiated, it may seem absurd to go to a massive sports arena and watch people play D&D. As one Redditor commented, "This boggles my mind. When I was playing D&D in the early eighties, I would have never believed that there was a future where people would watch live D&D at Madison Square Garden. It's incomprehensible to me." It is indeed bizarre, albeit fun. But in this monumental moment for the actual play genre, the triumph is eclipsed by the biggest frustration that links sports, music and now D&D fans: Ticketmaster. As Federal Trade Commission chair Lina Khan said amid the Taylor Swift-Ticketmaster scandal, the company's failures "ended up converting more Gen Zers into anti-monopolists overnight than anything [she] could have done."

< This article continues on their website >
Posted by msmash from Slashdot
From the security-woes department: The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. Krebs on SecurityL: The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with "low attack complexity" in Chirp Systems smart locks.

"Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access," CISA's alert warned, assigning the bug a CVSS (badness) rating of 9.1 (out of a possible 10). "Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability." Matt Brown, the researcher CISA credits with reporting the flaw, is a senior systems development engineer at Amazon Web Services. Brown said he discovered the weakness and reported it to Chirp in March 2021, after the company that manages his apartment building started using Chirp smart locks and told everyone to install Chirp's app to get in and out of their apartments.
Posted by Kenneth Shepard from Kotaku
Two years after he made his debut in Sonic the Hedgehog 2, we finally know who is voicing Shadow the Hedgehog in Paramount’s live-action movies. Keanu Reeves of The Matrix, Cyberpunk 2077, and John Wick fame is voicing the Ultimate Lifeform in Sonic the Hedgehog 3.

< This article continues on their website >
Posted by msmash from Slashdot
From the rundown department: Top takeaways from Stanford's new AI Index Report [PDF]: 1. AI beats humans on some tasks, but not on all. AI has surpassed human performance on several benchmarks, including some in image classification, visual reasoning, and English understanding. Yet it trails behind on more complex tasks like competition-level mathematics, visual commonsense reasoning and planning.
2. Industry continues to dominate frontier AI research. In 2023, industry produced 51 notable machine learning models, while academia contributed only 15. There were also 21 notable models resulting from industry-academia collaborations in 2023, a new high.
3. Frontier models get way more expensive. According to AI Index estimates, the training costs of state-of-the-art AI models have reached unprecedented levels. For example, OpenAI's GPT-4 used an estimated $78 million worth of compute to train, while Google's Gemini Ultra cost $191 million for compute.
4. The United States leads China, the EU, and the U.K. as the leading source of top AI models. In 2023, 61 notable AI models originated from U.S.-based institutions, far outpacing the European Union's 21 and China's 15.
5. Robust and standardized evaluations for LLM responsibility are seriously lacking. New research from the AI Index reveals a significant lack of standardization in responsible AI reporting. Leading developers, including OpenAI, Google, and Anthropic, primarily test their models against different responsible AI benchmarks. This practice complicates efforts to systematically compare the risks and limitations of top AI models.
6. Generative AI investment skyrockets. Despite a decline in overall AI private investment last year, funding for generative AI surged, nearly octupling from 2022 to reach $25.2 billion. Major players in the generative AI space, including OpenAI, Anthropic, Hugging Face, and Inflection, reported substantial fundraising rounds.
< This article continues on their website >
Posted by Zack Zwiezen from Kotaku
FPS Fest, a large Steam sales event featuring big and small PC shooters is happening right now, and we’ve got a list of some of the biggest and best deals to grab before the event ends later this month.

< This article continues on their website >
Posted by Moises Taveras from Kotaku
Amazon’s Fallout show is, miraculously, pretty fun and great. It manages to capture the satire of the games and somehow makes it even sharper by trimming much of their fat. Because of this, the elements which the show lifts from the games feel like they’re lent even more space to shine prominently, and this is…

< This article continues on their website >
Posted by Kenneth Shepard from Kotaku
It’s not often that I kick down someone’s door and get real close to their face to tell them something Homer Simpson-style, but dear readers, one of the best games of 2021 is so cheap right now it’s practically a steal. If you haven’t played Before Your Eyes, it’s available on Steam for real cheap for a few more days.…

< This article continues on their website >
Posted by msmash from Slashdot
From the owning-vs-renting department: Ubisoft has come under fire from players who claim the company has revoked access to a game they had previously purchased. Users attempting to launch "The Crew" on Ubisoft Connect are met with a message stating, "You no longer have access to this game. Why not check the Store to pursue your adventures?" The game has also been moved to a separate "inactive games" section in players' libraries.

While the game can still be launched, it reportedly only plays a limited demo version. Ubisoft has yet to comment on the matter, but some speculate that the decision may be related to the game's reliance on servers that are no longer operational. The incident has sparked concerns among gamers about the control platform holders have over digital purchases. Ubisoft's subscription boss, Philippe Tremblay, recently stated that players will need to get "comfortable" with not owning games.
Posted by Tony_Bacala from The Toyark


Earlier today the Marvel team at Hasbro held a stream revealing new Marvel 85th Anniversary figures.  Included were comic inspired figs from all eras including SKAAR, Warbird, Wolverine, Spider-Man, Ghost Rider, Iron Fist and Luke Cage.  Read on to check ...

The post Marvel Legends Marvel 85th Anniversary Figures – Official Pics and Info appeared first on The Toyark - News.
Posted by Willa Rowe from Kotaku
As I play through the sci-fi adventure that is Harold Halibut, I am often reminded of walking through an aquarium. It’s partially because the game’s gorgeous environments are submerged in, but it’s also because I feel a childlike frustration at the events unfolding in front of me. Like a kid tapping the glass in hopes…

< This article continues on their website >
Posted by msmash from Slashdot
From the shape-of-things-to-come department: The UK is starting to draft regulations to govern AI, focusing on the most powerful language models which underpin OpenAI's ChatGPT, Bloomberg News reported Monday, citing people familiar with the matter. From the report: Policy officials at the Department for Science, Innovation and Technology are in the early stages of devising legislation to limit potential harms caused by the emerging technology, according to the people, who asked not to be identified discussing undeveloped proposals. No bill is imminent, and the government is likely to wait until France hosts an AI conference either later this year or early next to launch a consultation on the topic, they said.

Prime Minister Rishi Sunak, who hosted the first world leaders' summit on AI last year and has repeatedly said countries shouldn't "rush to regulate" AI, risks losing ground to the US and European Union on imposing guardrails on the industry. The EU passed a sweeping law to regulate the technology earlier this year, companies in China need approvals before producing AI services and some US cities and states have passed laws limiting use of AI in specific areas.
Posted by Kenneth Shepard from Kotaku
Respawn’s hero shooter battle royale Apex Legends is an incredibly inclusive game for the queer community. It has several playable LGBTQIA+ legends, has given players Pride Flag cosmetics to showcase their identities in-game, and developer Respawn even put a statement supporting trans rights in the game itself. After…

< This article continues on their website >
Posted by Zack Zwiezen from Kotaku
A recent update for Bethesda’s popular post-apocalyptic spin-off, Fallout Shelter, added some characters from the Amazon Prime live-action TV show adaptation to the base-building game. While it’s fun that you can now have some of these characters, like Lucy and Maximus, in your own digital vault, it also reveals their

< This article continues on their website >
© Z-R0E