Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year. From a report: According to Sophos' latest figures, released today, the median ransom payments rose to $2.54 million -- a whopping 41 times last year's sum of $62,500. The mean payment for 2024 is even higher at $3.225 million, although this represents a less dramatic 6x increase. IT, tech, and telecoms were the least likely to pay mega bucks to cybercriminals with an average payment of $330,000, while lower education and federal government orgs reported the highest average payments at $6.6 million.

The numbers are based only on ransomware victims that were willing to disclose the details of their blunders, so do not present the complete picture. On the topic of ransom payments, only 86 CNI organizations of the total 275 involved in the survey offered data. There's a good chance that the numbers would be skewed if 100 percent of the total CNI ransomware victims polled were entirely transparent with their figures. Costs to recover from ransomware attacks are also significantly up compared to the researchers' report last year, with some CNI sectors' costs quadrupling to a median average of $3 million per incident. While the mean cost across oil, gas, energy, and utilities dropped slightly to $3.12 million from $3.17 million last year, the energy and water sectors saw the sharpest increase in recovery costs. The new average for just these two sectors is now four times greater than the global median cross-sector average of $750k, Sophos said.

Repairs have finally commenced on three subsea telecommunications cables that were damaged in the Red Sea in February, even as Houthi militants escalate their attacks on ships in the area. From a report: The AAE-1 cable, a 25,000-kilometer (15,500 miles) fiber optic link between Asia and Europe, was repaired by a ship owned by E-Marine, a subsidiary of Abu Dhabi-based Emirates Telecommunications Group. The cable came online this week, a Yemeni government official said. The same ship, Niwa, remains in Yemeni waters to repair the remaining two cables, Seacom and EIG.

The cables, among more than a dozen that run through the Red Sea, were severed by the anchor of a cargo ship sunk by Iran-backed Houthi militants in late February. Repairs to the cables have depended on gaining access to infrastructure in Yemen's waters, a task complicated by the country's split government and the fact the Red Sea is a conflict zone. It has taken months of negotiations involving the cable operators and the two factions that control Yemen -- the internationally-recognized government in the south and the Houthi-backed government in Sanaa -- to arrange for the repair mission.

Robin McKie writes via The Guardian: Scientists with Breakthrough Listen, the world's largest scientific research program dedicated to finding alien civilizations, say a host of technological developments are about to transform the search for intelligent life in the cosmos. These innovations will be outlined at the group's annual conference, which is to be held in the UK for the first time, in Oxford, this week. Several hundred scientists, from astronomers to zoologists, are expected to attend. "There are amazing technologies that are under development, such as the construction of huge new telescopes in Chile, Africa and Australia, as well as developments in AI," said astronomer Steve Croft, a project scientist with Breakthrough Listen. "They are going to transform how we look for alien civilizations."

Among these new instruments are the Square Kilometer Array, made up of hundreds of radio telescopes now being built in South Africa and Australia, and the Vera Rubin Observatory that is being constructed in Chile. The former will become the world's most powerful radio astronomy facility while the latter, the world's largest camera, will be able to image the entire visible sky every three or four nights, and is expected to help discover millions of new galaxies and stars. Both facilities are set to start observations in the next few years and both will provide data for Breakthrough Listen. Using AI to analyze these vast streams of information for subtle patterns that would reveal evidence of intelligent life will give added power to the search for alien civilizations, added Croft.

"Until now, we have been restricted to looking for signals deliberately sent out by aliens to advertise their existence. The new techniques are going to be so sensitive that, for the first time, we will be able to detect unintentional transmissions as opposed to deliberate ones and will be able to spot alien airport radar, or powerful TV transmitters -- things like that." [...] Croft remains optimistic that we will soon succeed in making contact. "We know that the conditions for life are everywhere, we know that the ingredients for life are everywhere. I think it would be deeply weird if it turned out we were the only inhabited planet in the galaxy or in the universe. But you know, it's possible."

According to lobby group ChargeUK, there were 930,000 electric car chargers in the UK at the end of June, with the majority residing in homes and at businesses. Only about 65,000 public chargers are available. The Guardian reports: The ChargeUK analysis showed that a new public charger was installed every 25 minutes in the spring quarter as companies raced to keep up with demand. Companies installed 5,100 public chargers during the second quarter of 2024, according to the data company Zapmap. [...] There are 1.1 million electric vehicles on UK roads, including 167,000 cars sold in the first half of this year, according to the Society of Motor Manufacturers and Traders lobby group. That is a 9% increase compared with the previous year, although the share of electric sales only increased marginally to 16.6%, as relatively higher upfront prices and rising interest rates deterred some buyers.

ChargeUK's analysis, which was carried out by the thinktank New AutoMotive, suggested that the private sector was confident it could meet a target set by the previous Conservative government of 300,000 public charge points by 2030. "In little more than a decade, the UK's charging sector has grown to become a major player in the green economy, providing the infrastructure that more than a million EV drivers rely on today and scaling fast to deliver the charging needed through to 2030 and beyond," said Vicky Read, the chief executive of ChargeUK.

In its latest State of Application Security Report, Cloudflare says 6.8% of traffic on the internet is malicious, "up a percentage point from last year's study," writes ZDNet's Steven Vaughan-Nichols. "Cloudflare, the content delivery network and security services company, thinks the rise is due to wars and elections. For example, many attacks against Western-interest websites are coming from pro-Russian hacktivist groups such as REvil, KillNet, and Anonymous Sudan." From the report: [...] Distributed Denial of Service (DDoS) attacks continue to be cybercriminals' weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year. But it's not just about the sheer volume of DDoS attacks. The sophistication of these attacks is increasing, too. Last August, Cloudflare mitigated a massive HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (RPS). That number is three times bigger than any previously observed attack.

The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don't have a tight grip on their internet services or website APIs can't possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should -- each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.

Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.

An anonymous reader quotes a report from Wired, written by Chris Baraniuk: The buses struggling in China's muggy weather gave [Matt Jore, CEO of Montana Technologies] and his colleagues an idea. If they could make dehumidification more efficient somehow, then they could make air conditioning as a whole much more efficient, too. They headed back to the US wondering how to make this happen. [...] "I have here 50-gallon barrels of this stuff. It comes in a special powder," says Jore, referring to the moisture-loving material that coats components inside his firm's novel dehumidifier system, AirJoule. This is the result of years of research and development that followed his team's trip to China. The coating is a type of highly porous material called a metal-organic framework, and the pores are sized so that they fit around water molecules extremely well. It makes for a powerful desiccant, or drying device. "Just one kilogram can take up half or more than half -- in our case 55 percent -- of its own weight in water vapor," says Jore.

The AirJoule system consists of two chambers, each one containing surfaces coated with this special material. They take turns at dehumidifying a flow of air. One chamber is always drying air that is pushed through the system while the other gradually releases the moisture it previously collected. A little heat from the drying chamber gets applied to the moisture-saturated coating in the other, since that helps to encourage the water to drip away for removal. These two cavities swap roles every 10 minutes or so, says Jore. This process doesn't cool the air, but it does make it possible to feed dry air to a more traditional air conditioning device, drastically cutting how much energy that secondary device will use. And Jore claims that AirJoule consumes less than 100 watt-hours per liter of water vapor removed -- potentially cutting the energy required for dehumidification by as much as 90 percent compared to a traditional dehumidifier.

Montana Technologies wants to sell the components for its AirJoule system to established HVAC firms rather than attempt to build its own consumer products and compete with those firms directly -- it calls the approach AirJoule Inside. The firm is also working on a system for the US military, based on the same technology, that can harvest drinkable water from the air. Handy for troops stationed in the desert, one imagines. However, AirJoule is still at the prototype and testing stages. "We're building several of these pilot preproduction units for potential customers and partners," says Jore. "Think rooftops on big-box retailers." Montana Technologies isn't the only firm using cutting-edge technology to make air conditioning units more efficient. Rival firm Blue Frontier has developed a desiccant-based dehumidifying system using a liquid salt solution, with installations in various U.S. locations, that links to a secondary air-conditioning process and regenerates desiccant during off-peak hours to reduce peak electricity demand.

Then there's Nostromo Energy's IceBrick system, installed in California hotels, which freezes water capsules during off-peak hours and uses the stored coolth during peak times. This system can reduce cooling costs by up to 30 percent and emissions by up to 80 percent, according to Wired.

Ashley Belanger reports via Ars Technica: Google tried to derail a Microsoft antitrust settlement over anticompetitive software licensing in the European Union by offering a $500 million alternative deal to the group of cloud providers behind the EU complaint, Bloomberg reported. According to Bloomberg, Google's offer to the Cloud Infrastructure Services Providers in Europe (CISPE) required that the group maintain its EU antitrust complaint. It came "just days" before CISPE settled with Microsoft, and it was apparently not compelling enough to stop CISPE from inking a deal with the software giant that TechCrunch noted forced CISPE to accept several compromises.

Bloomberg uncovered Google's attempted counteroffer after reviewing confidential documents and speaking to "people familiar with the matter." Apparently, Google sought to sway CISPE with a package worth nearly $500 million for more than five years of software licenses and about $15 million in cash. But CISPE did not take the bait, announcing last week that an agreement was reached with Microsoft, seemingly frustrating Google. CISPE initially raised its complaint in 2022, alleging that Microsoft was "irreparably damaging the European cloud ecosystem and depriving European customers of choice in their cloud deployments" by spiking costs to run Microsoft's software on rival cloud services. In February, CISPE said that "any remedies and resolution must apply across the sector and to be accessible to all cloud customers in Europe." They also promised that "any agreements will be made public."

But the settlement reached last week excluded major rivals, including Amazon, which is a CISPE member, and Google, which is not. And despite CISPE's promise, the terms of the deal were not published, apart from a CISPE blog roughly outlining central features that it claimed resolved the group's concerns over Microsoft's allegedly anticompetitive behaviors. What is clear is that CISPE agreed to drop their complaint by taking the deal, but no one knows exactly how much Microsoft paid in a "lump sum" to cover CISPE legal fees for three years, TechCrunch noted. However, "two people with direct knowledge of the matter" told Reuters that Microsoft offered about $22 million.

Google is discontinuing its experimental Notes feature in Search Labs, the company confirmed on Wednesday. The feature, launched in November, allowed users to add comments and tips to search results and Discover content. It aimed to create a community-driven platform within Google's ecosystem, similar to social media forums.

An anonymous reader a report:Google is no longer trying to index the entire web. In fact, it's become extremely selective, refusing to index most content. This isn't about content creators failing to meet some arbitrary standard of quality. Rather, it's a fundamental change in how Google approaches its role as a search engine.

From my experience, Google now seems to operate on a "default to not index" basis. It only includes content in its index when it perceives a genuine need. This decision appears to be based on various factors:
Extreme content uniqueness: It's not enough to write about something that isn't extensively covered. Google seems to require content to be genuinely novel or fill a significant gap in its index.
Perceived authority: Sites that Google considers highly authoritative in their niche may have more content indexed, but even then, it's not guaranteed.
Brand recognition: Well-known brands often see most of their content indexed, while small or unknown bloggers face much stricter selectivity.
Temporary indexing and de-indexing: In practice, Google often indexes new content quite quickly, likely to avoid missing out on breaking news or important updates. Soon after, Google may de-index the content, and it remains de-indexed thereafter. So getting initially indexed isn't necessarily a sign that Google considers your content valuable.

Speaking of crypto, BlackRock's co-founder and CEO Larry Fink is now embracing crypto more than ever. From a report: In an interview with CNBC on Monday, he mentioned that he had abandoned his initial skepticism of cryptocurrencies like Bitcoin. He now firmly believes that there is a place for crypto in the average investor's portfolio. "I believe Bitcoin is legitimate. I'm not saying there aren't misuses like everything else, but it is a legitimate financial instrument that allows you to have uncorrelated returns," Fink told CNBC host Jim Cramer.

When asked whether the U.S. budget deficit makes a case for investing in crypto, Fink responded, "absolutely." He added that crypto can help buyers hedge against countries that are devaluing their currencies.

OW2, the non-profit international consortium dedicated to developing open-source middleware, published an open letter to the European Commission today. They're urging the European Union to continue funding free software after noticing that the Next Generation Internet (NGI) programs were no longer mentioned in Cluster 4 of the 2025 Horizon Europe funding plans.

OW2 argues that discontinuing NGI funding would weaken Europe's technological ecosystem, leaving many projects under-resourced and jeopardizing Europe's position in the global digital landscape. The letter reads, in part: NGI programs have shown their strength and importance to support the European software infrastructure, as a generic funding instrument to fund digital commons and ensure their long-term sustainability. We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure. Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organizations.

Previous Cluster 4 allocated 27 millions euros to:
- "Human centric Internet aligned with values and principles commonly shared in Europe";
- "A flourishing internet, based on common building blocks created within NGI, that enables better control of our digital life";
- "A structured eco-system of talented contributors driving the creation of new internet commons and the evolution of existing internet commons."

In the name of these challenges, more than 500 projects received NGI funding in the first 5 years, backed by 18 organizations managing these European funding consortia.

On July 12, 1999, the last Morse code message was sent from a Bay Area radio station, marking the end of an era. Every July 12, the Historic KPH Maritime Radio Receiving Station in Point Reyes revives the golden age of maritime radio, with volunteers exchanging Morse code messages worldwide. The Mercury News reports: Friday's "Night of Nights" event, which commemorates the long-gone stations and the skilled radiotelegraph operators who linked ships to shore, starts at 5:01 p.m. -- precisely one minute after the 1999 message ended. Operators will keep working until 11 p.m. "We're carrying on," said historical society president Richard Dillman, 80, who learned Morse code as a boy. "Morse code is not dead."

The event, based at KPH's stations that are now part of the wild and windswept Point Reyes National Seashore, northwest of San Francisco, is not open to the public. But amateur radio operators around the world can participate by sending messages and exchanging greetings. The operating frequencies of the historical society's amateur station, under the call sign K6KPH, are 3550, 7050, 14050, 18097.5 and 21050. Radiogrammed messages arrive from as far away as New Zealand and Europe, rich with memories of rewarding careers or poignant tributes to lost loved ones. "Dear dad, we love you and we miss you so much," said one. The station uses the original historic KPH transmitters, receivers, antennas and other equipment, carefully repaired and restored by the society's experts. [...]

All over the Pacific coast, stations closed. KPH's receiving headquarters -- an Art Deco cube built between 1929 and 1931, its entrance framed by a tunnel of cypress trees -- was acquired by the National Park Service in 1999. Its transmission station is located on a windswept bluff in Bolinas. [Historical society president Richard Dillman] and friend Tom Horsfall resolved to repair, restore and operate KPH as a way to honor the men and women who for 100 years had served ships in the North Pacific and Indian Ocean. "It was a brotherhood," said Dillman. "There was camaraderie -- a love of Morse code and the ability to do a job well." [...] They pitched their ambitious plan to the National Park Service.

"At first, I was skeptical about their proposal," said Don Neubacher, the Seashore's former Superintendent. "But over time, I realized the Maritime Radio Historical Society, led by Richard Dillman, was a gift for the National Park Service." "I was impressed by the overwhelming knowledge of early wireless and ship-to-shore communication," he said, "and their lifelong commitment to saving this critical piece of Point Reyes history." With a dozen society volunteers from all over the Bay Area -- all over the age of 60, self-described "radio squirrels" -- they went to work. They meet on Saturday mornings over coffee and breakfast "services" dubbed "The Church of the Continuous Wave," sometimes ogling over radio schematics. Then, for a few hours, they broadcast news and weather.

Last week, Senior Advisor on AI Governance at the Center for Democracy & Technology, Kevin Bankston, took to X to report that Google's Gemini AI was caught summarizing his private tax return on Google Drive without his permission. "Despite attempts to disable the feature, Bankston found that Gemini's continued to operate in Google Drive, raising questions about Google's handling of user data and privacy settings," writes TechRadar's Craig Hale. From the report: After failing to find the right controls to disable Gemini's integration, the Advisor asked Google's ChatGPT-rivalling AI chatbot on two occasions to pinpoint the settings. A second, more detailed response still brought no joy: "Gemini is *not* in Apps and services on my dashboard (1st option), and I didn't have a profile pic in the upper right of the Gemini page (2nd)."

With help from another X user, Bankston found the control, which was already disabled, highlighting either a malfunctioning control or indicating that further settings are hidden elsewhere. However, previous Google documentation has confirmed that the company will not use Google Workspace data to train or improve its generative AI services or to feed targeted ads. Bankston theorizes that his previous participation in Google Workspace Labs might have influenced Gemini's behavior. The Gemini side panel in Google Drive for PDFs can be closed if a user no longer wishes to access generative AI summaries.

In a perplexing turn of events that has raised concerns about the vulnerability of critical undersea infrastructure, Norway's Institute of Marine Research is reconfiguring its sophisticated underwater observatory after a mysterious incident left a section of its seafloor cable cleanly severed. The Lofoten-Vesteralen Ocean Observatory (LoVe), an advanced array of sensors designed to monitor marine life and environmental conditions off Norway's rugged coastline, unexpectedly went silent in April 2021, prompting an investigation that would uncover more questions than answers.

As the institute's acoustic engineer Guosong Zhang delved into the mystery, he meticulously traced ship movements in the area, uncovering a curious pattern: a Russian trawler had repeatedly crossed the cable's location at the precise time the outage occurred, a coincidence that seemed too striking to ignore. Despite this compelling lead, subsequent police investigations proved inconclusive, leaving the institute grappling with the unsettling possibility of deliberate sabotage.

The incident, compounded by similar damage to a communications cable serving the remote Svalbard archipelago, has cast a spotlight on the potential vulnerabilities of submarine assets in an era of heightened geopolitical tensions, with some experts pointing to the possibility of Russian intelligence activities targeting Norway's undersea infrastructure. In response to these challenges and the unresolved nature of the cable damage, the Institute of Marine Research has made the difficult decision to adapt its approach, opting to replace the compromised cable section with wireless modules -- a solution that, while sacrificing some data transmission capacity, aims to enhance the security and resilience of this vital scientific installation in the face of evolving threats beneath the waves.

An anonymous reader shares a report: During an interview with Sequoia Capital's Training Data podcast published last Tuesday, Microsoft CTO Kevin Scott doubled down on his belief that so-called large language model (LLM) "scaling laws" will continue to drive AI progress, despite some skepticism in the field that progress has leveled out. Scott played a key role in forging a $13 billion technology-sharing deal between Microsoft and OpenAI. "Despite what other people think, we're not at diminishing marginal returns on scale-up," Scott said. "And I try to help people understand there is an exponential here, and the unfortunate thing is you only get to sample it every couple of years because it just takes a while to build supercomputers and then train models on top of them."

LLM scaling laws refer to patterns explored by OpenAI researchers in 2020 showing that the performance of language models tends to improve predictably as the models get larger (more parameters), are trained on more data, and have access to more computational power (compute). The laws suggest that simply scaling up model size and training data can lead to significant improvements in AI capabilities without necessarily requiring fundamental algorithmic breakthroughs. Since then, other researchers have challenged the idea of persisting scaling laws over time, but the concept is still a cornerstone of OpenAI's AI development philosophy.

Cybercriminals are using Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. From a report: Trustwave researchers who observed the campaigns said the threat actors also promote fake downloads for pirated games and software, Sora AI, 3D image creator, and One Click Active. While using Facebook advertisements to push information-stealing malware is not new, the social media platform's massive reach makes these campaigns a significant threat.

The threat actors take out advertisements that promote Windows themes, free game downloads, and software activation cracks for popular applications, like Photoshop, Microsoft Office, and Windows. These advertisements are promoted through newly created Facebook business pages or by hijacking existing ones. When using hijacked Facebook pages, the threat actors rename them to suit the theme of their advertisement and to promote the downloads to the existing page members.

Alphabet, Google's parent company, is reportedly in advanced negotiations to acquire cloud security startup Wiz for approximately $23 billion, Wall Street Journal reported on Sunday. The potential deal, which would value Wiz at nearly double its most recent private valuation of $12 billion, underscores the growing importance of cybersecurity in Alphabet's enterprise strategy as it seeks to narrow the gap with cloud computing rivals such as Microsoft, Morgan Stanley said in a note.

Founded in January 2020, Wiz has quickly established itself as a leading player in the Cloud-Native Application Protection Platform (CNAPP) space, utilizing an agentless approach to secure cloud application deployments throughout their lifecycle. The company's platform continuously assesses and prioritizes critical risks across various security domains, providing customers with a comprehensive view of their cloud security posture. Wiz has experienced rapid growth since its inception, with annual recurring revenue (ARR) exceeding $350 million as of January 2024, representing a year-over-year increase of over 75%. The company boasts an impressive client roster, with more than 40% of Fortune 100 companies among its customers, and has raised nearly $2 billion in funding to date.

If confirmed, the acquisition would mark Alphabet's largest to date, significantly expanding its footprint in the burgeoning cloud security market. The move follows previous security-focused acquisitions by the tech giant, including the $5.4 billion purchase of Mandiant in 2022 and the $500 million acquisition of Siemplify. Morgan Stanley adds that the potential acquisition could raise questions about Wiz's ability to maintain neutrality across multiple cloud platforms, potentially benefiting competitors such as Palo Alto Networks and CrowdStrike in the near term.

Thunderbird's annual Extended Support Release was revealed Friday, promising "significant" improvements to the overall user experience and "the speed at which we can deliver new features to you," according to the Thunderbird blog: We've devoted significant development time integrating Rust — a modern programming language originally created by Mozilla Research — into Thunderbird. Even though this is a seemingly invisible change, it is a major leap forward because it enhances our code quality and performance. This overhaul will allow us to share features between the desktop and future mobile versions of Thunderbird, and speed up our development process. It's a win for our developers and a win for you.
More from the blog OMG Ubuntu: I'm also stoked to see that Thunderbird 128 makes 'newest first' the default sort order for messages in message list. While some prefer the old way, I always found it strange that the oldest mails were shown first — team reverse chronology, represent!
They also cite "a number of OpenPGP improvements," plus a new preference option for displaying full names and email addresses of all recipients in the message list. (Plus, threaded-message views now display a "New Message" count.)

Other new features in this release:

• A new and more attractive layout for Cards View (with adjustable heights) that "makes it easier to scan your email threads and glean information."

• The folder pane has better recall of message thread states

• Improved theme compatibility. "Your Thunderbird should blend seamlessly with your desktop environment, matching the system's accent colors perfectly." (Especially beneficial on Ubuntu and Mint.)

• You can now customize the color of your account icon.

The Thunderbird blog also mentions that "We plan to launch the first phase of built-in support for Exchange, as well as Mozilla Sync, in a future Nebula point release (e.g. Thunderbird 128.X)."

"A leading South Korean producer of electric vehicle batteries has declared itself in crisis," reports the Financial Times, "as its customers struggle with disappointing EV sales in Europe and the US." SK On, the world's fourth-largest EV battery maker behind Chinese giants CATL and BYD and South Korean rival LG Energy Solution, has recorded losses for 10 consecutive quarters since being spun off by its parent company in 2021. Its net debt has increased more than fivefold, from Won2.9tn ($2.1bn) to Won15.6tn over the same period, as western EV sales have fallen far short of its expectations. With losses snowballing, chief executive Lee Seok-hee announced a series of cost-cutting and working practice measures last Monday, describing them as a state of "emergency management".

"We have our back against the wall," Lee wrote in a letter to employees. "We should all pull together."

[...] Tim Bush, a Seoul-based battery analyst at UBS, said the South Korean battery makers had been "badly let down" by US car manufacturers, which he said had failed to produce EVs sufficiently attractive to mass market consumers to meet their own bullish sales projections. He noted that until as recently as last year, General Motors was forecasting it would sell 1 million EVs in 2025. It sold just 21,930 in the second quarter of this year.
Bush tells the Financial Times that "the automakers didn't invest enough in producing high-quality affordable EVs." But he also tells the newspaper that a transition to EVs is still "inevitable".

"As long as the wider SK Group continues to see SK On as a trophy asset and gives it the support it needs to weather the present storm, then its long-term future is likely to be assured."

Thanks to long-time Slashdot reader schwit1 for sharing the article.

"Signal is finally tightening its desktop client's security," reports BleepingComputer — by changing the way it stores plain text encryption keys for the SQLite database where users' messages are stored: When BleepingComputer contacted Signal about the flaw in 2018, we never received a response. Instead, a Signal Support Manager responded to a user's concerns in the Signal forum, stating that the security of its database was never something it claimed to provide. "The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide," responded the Signal employee...

[L]ast week, mobile security researchers Talal Haj Bakry and Tommy Mysk of Mysk Inc warned on X not to use Signal Desktop because of the same security weakness we reported on in 2018... In April, an independent developer, Tom Plant, created a request to merge code that uses Electron's SafeStorage API "...to opportunistically encrypt the key with platform APIs like DPAPI on Windows and Keychain on macOS," Plant explained in the merge request... When used, encryption keys are generated and stored using an operating system's cryptography system and secure key stores. For example, on Macs, the encryption key would be stored in the Keychain, and on Linux, it would use the windows manager's secret store, such as kwallet, kwallet5, kwallet6, and gnome-libsecret... While the solution would provide additional security for all Signal desktop users, the request lay dormant until last week's X drama.

Two days ago, a Signal developer finally replied that they implemented support for Electron's safeStorage, which would be available soon in an upcoming Beta version. While the new safeStorage implementation is tested, Signal also included a fallback mechanism that allows the program to decrypt the database using the legacy database decryption key...

Signal says that the legacy key will be removed once the new feature is tested.
"To be fair to Signal, encrypting local databases without a user-supplied password is a problem for all applications..." the article acknowledges.

"However, as a company that prides itself on its security and privacy, it was strange that the organization dismissed the issue and did not attempt to provide a solution..."