In the antitrust trial alleging Google had an ad-selling monopoly, "government lawyers have said some of their strongest evidence is in Google's own internal communications," reports the Wall Street Journal: [In 2010] a new crop of ad-tech companies were threatening Google's bottom line. "One way to make sure we don't get further behind in the market is picking up the one with the most traction and parking it somewhere..." [wrote YouTube Chief Executive Neal Mohan, who previously ran Google's display-ads business]. Google ended up buying one such company, AdMeld, for $400 million in 2011. Google shut down AdMeld two years later, after incorporating some of the startup's technology into its ad exchange, known commonly as AdX.

The Justice Department argued that AdMeld was part of a larger trend: Google acquiring nascent rivals to corner the market and then locking customers into using its products by conditioning access to one software tool on them paying for another... In a 2016 email introduced by the government, Google executive Jonathan Bellack asked colleagues: "Is there a deeper issue with us owning the platform, the exchange, and a huge network? The analogy would be if Goldman or Citibank owned the NYSE [New York Stock Exchange]...." The Justice Department also cited a 2018 email from another then-executive, Chris LaSala, who raised concerns internally over the 20% cut that Google takes from many of its AdX customers, saying Google was extracting "irrationally high rent" from users. "I don't think there is 20% of value in comparing two bids," wrote LaSala. "AdX is not providing additional liquidity to the market. It is simply running the auction."

Another former Google executive, Eisar Lipkovitz, testified that Google's omnipresence in ad-tech gives rise to conflicts of interest. Lipkovitz was rebuffed when he tried to get Google to lower the cut it took from AdX, he testified in a prerecorded deposition. The Justice Department finished presenting its case on Friday. Other witnesses included Google customers. One was Stephanie Layser, a former News Corp executive, who said she felt she had no choice but to use Google technology because the search giant has such market power that switching to another ad server would have meant losing out on millions in advertising revenue.
Google's lawyer countered that "There will be no witness in this case who can say with clarity where this industry is going in the next five years."

Or, as the Wall Street Journal puts it, "It makes no sense to focus on display ads, Google argues, when the industry is shifting to apps, social media and streaming services. Far from monopolizing the space, Google is actually losing ground, Google lawyer Karen Dunn said in her opening trial statement..."

Salon looks closer at a new $51,744-per-violation AI regulation officially approved one month ago by America's FTC — calling it a financial blow "If you're a digital media company whose revenue comes from publishing AI-generated articles and fake product reviews.

But they point out the rules also ban "product review suppression." Per the ruling, that means it's a violation for "anyone to use an unfounded or groundless legal threat, a physical threat, intimidation, or a public false accusation in response to a consumer review... to (1) prevent a review or any portion thereof from being written or created, or (2) cause a review or any portion thereof to be removed, whether or not that review or a portion thereof is replaced with other content."

Finally... The rule makes it a violation for a business to "provide compensation or other incentives in exchange for, or conditioned expressly or by implication on, the writing or creation of consumer reviews expressing a particular sentiment, whether positive or negative, regarding the product, service or business...." [T]he new rule also prevents secretly advertising for yourself while pretending to be an independent outlet or company. It bars "the creation or operation of websites, organizations or entities that purportedly provide independent reviews or opinions of products or services but are, in fact, created and controlled by the companies offering the products or services."

In an earlier statement, FTC Consumer Protection Bureau head Sam Levine, said the new rule "should help level the playing field for honest companies. We're using all available means to attack deceptive advertising in the digital age," he said.
Thanks to long-time Slashdot reader mspohr for sharing the article.

UPDATE (9/28): California's governor vetoed the bill.

Below is Slashdot's original story...

"Exceed the speed limit in one of the 27 European Union countries, and you may get some pushback from your vehicle," reports Car and Driver. "As of July, new cars sold in the EU must include a speed-warning device that alerts drivers if they exceed the posted limit."

The warnings can be ither acoustic or haptic, "though the European Commission gives automakers the latitude to supplant those passive measures with either an active accelerator pedal that applies counterpressure against the driver's foot or a governor that restricts the vehicle's speed to the legal limit." Drivers can override or deactivate these admonishments, but the devices must default to their active state at startup.

Now California is looking to emulate the EU with legislation that would mandate in-car speed-warning devices [for driving more than 10 miles per hour over the speed limit — in "just about every 2030 model-year vehicle equipped with either GPS or a front-facing camera"].
The article cites statistics that 18% of those drivers involved in fatal crashes were speeding.

Although the projects director at the European Transport Safety Council also acknowledges the systems may struggle to identify speed limits from passing signs — and that their testing shows the systems generally irritate drivers, who often deactivate the systems...

Thanks to long-time Slashdot reader sinij for sharing the article.

Friday America's Federal Trade Commission brought action against three companies for "anticompetitive and unfair" practices "that have artificially inflated the list price of insulin."

For years, many of the millions of Americans who need insulin to survive "have been forced to pay exorbitant prices for a product that's inexpensive to make," writes NPR. "Now, the federal government is targeting one part of the system behind high insulin prices." While out-of-pocket costs have gone down for many people to $35 a month, questions remain on how the drug became so expensive in the first place. In a new lawsuit filed Friday, the Federal Trade Commission said it's going after one link in the chain: pharmacy benefit managers. The FTC brought action against the top pharmacy benefit managers (PBMs) — CVS Health's Caremark Rx, Cigna's Express Scripts, and United Health Group's OptumRx — saying the companies created a "perverse drug rebate system" that artificially inflates the cost of insulin. If the suit is successful, it could further drive down costs for patients at the pharmacy counter.

PBMs are essentially the middlemen between drug manufacturers and insurance providers. Their job is to reduce drug prices. But the process is complex and opaque, and critics say they're actually driving prices up for patients. The FTC said a big issue is that PBMs' revenue is tied to rebates and fees — which are based on a percentage of a drug's list price. Essentially, in the case of insulin, when the drug costed more, it generated higher rebates and fees for PBMs. "Even when lower list price insulins became available that could have been more affordable for vulnerable patients, the PBMs systemically excluded them in favor of high list price, highly rebated insulin products," the FTC said in a press release on Friday.

The three PBMs named in the FTC lawsuit make up about 80% of the market. According to the suit, the PBMs collected billions of dollars in rebates and fees while insulin became increasingly unaffordable. Over the last two decades, the cost of the lifesaving drug shot up 600% — forcing many Americans with diabetes to ration their medication and jeopardize their health. In 2019, one 1 of 4 insulin patients was unable to afford their medication, according to the FTC. Some people have died.
The FTC's statement says the companies "have abused their economic power by rigging pharmaceutical supply chain competition in their favor, forcing patients to pay more for life-saving medication... While PBM respondents collected billions in rebates and associated fees according to the complaint, by 2019 one out of every four insulin patients was unable to afford their medication..."

"[A]ll drug manufacturers should be on notice that their participation in the type of conduct challenged here raises serious concerns, and that the Bureau of Competition may recommend suing drug manufacturers in any future enforcement actions."

X's struggles in Brazil got this update from the Guardian Wednesday: In a statement tweeted from X's global government affairs account, the company said the restoration of service was an "inadvertent and temporary" side-effect of switching network providers.
But Friday "After defying court orders in Brazil for three weeks, Mr. Musk's social network, X, has capitulated," writes the New York Times. "In a court filing on Friday night, the company's lawyers said that X had complied with orders from Brazil's Supreme Court in the hopes that the court would lift a block on its site."

"The company's lawyers said X had complied with the court's orders — blocking designated accounts, paying fines, and naming a new formal representative in the country," writes TechCrunch (citing reporting by the New York Times): In a filing of its own, the Supreme Court reportedly responded by telling X it had not provided the proper paperwork and giving it five days to do so....

X came back online in Brazil earlier this week, although Cloudflare CEO Matthew Prince told TechCrunch that the timing of the company's recent switch to Cloudflare infrastructure is just a "coincidence." During the ban, Brazilian users sought out social media alternatives, leading to dramatic growth at Bluesky and Tumblr.
The New York Times believes "The moment showed how, in the yearslong power struggle between tech giants and nation-states, governments have been able to keep the upper hand."

Although I'm curious about that missing paperwork...

Meta (the parent company of Facebook, Instagram, and Threads) announced Monday that Russian state media outlets like RT are now "banned from our apps globally for foreign interference activity," reports CNN.

CNN adds that Meta is alleging that the "Kremlin-controlled networks" have "engaged in deceptive influence operations and attempted to evade detection... Prior to Monday's ban, RT had 7.2 million followers on Facebook and 1 million followers on Instagram." The move comes days after the US Justice Department announced charges against two RT employees for funneling nearly $10 million into a US company, identified by CNN as Tenet Media, to create and amplify content that aligned with Russian interests. The covert influence campaign was aimed at the American public ahead of the 2024 US presidential election, US officials said.
Last week the U.S. State department "revealed declassified U.S. intelligence findings that suggest RT is fully integrated into Russia's intelligence operations around the world," CNN reported earlier" In addition to its covert influence operations, the leaders of RT also administered an online crowdfunding effort to supply military equipment to Russian soldiers in Ukraine, Blinken alleged. The crowdfunding effort supplied "sniper rifles, suppressors, body armor, night vision equipment, drones, radio equipment, personal weapon sights, diesel generators" to Russian soldiers fighting in Ukraine, according to Blinken.

The goal of the U.S. announcement — and private discussions with allied diplomats — is to make sure that countries know that RT and Russian intelligence agencies are working together to sow division and harm democratic processes, while simultaneously making it much more difficult for RT to operate globally, a senior administration official said...

Asked for comment by CNN, RT responded with a mocking email that read in part: "We've been broadcasting straight out of the KGB headquarters all this time."
More from Reuters: U.S. Secretary of State Antony Blinken said on Friday that countries should treat RT's activities as they do covert intelligence operations... In briefing materials shared with Reuters, Meta said it had seen Russian state-controlled media try to evade detection in their online activities in the past and expected them to continue trying to engage in deceptive practices going forward.
A YouTube spokesperson told Reuters they've also terminated over 230 channels affiliated with Kremlin-controlled outlets — channels which were previously only blocked from viewers.

YouTube "began blocking Russian state-sponsored news channels globally in 2022," reports NBC News, "including those tied to RT and Sputnik. Over the years, according to YouTube, the platform has blocked thousands of channels and millions of videos." James Rubin, coordinator for the State Department's Global Engagement Center, said RT is "where propaganda, disinformation and lies are spread to millions, if not billions, of people around the world."

Sandvine, the makers of surveillance-ware that allowed authoritarian countries to censor the internet and spy on their citizens, announced that it is leaving dozens of "non-democratic" countries as part of a major overhaul of the company. From a report: The company, which was founded in Canada, published a statement on Thursday, claiming that it now wants to be "a technology solution leader for democracies." As part of this new strategy, Sandvine said it has already left 32 countries and is in the process of leaving another 24 countries.

Sandvine did not name the 56 countries, apart from Egypt, where Sandvine promised to leave by the end of March 2025. For the remaining countries -- including non-government customers in Egypt -- the "end-of-service" date will be the end of 2025. This change in the company's direction comes after years of investigations by Bloomberg, which reported that Sandvine had sold its internet surveillance products to authoritarian regimes, including Belarus, Egypt, Eritrea, the United Arab Emirates, and Uzbekistan.

Ukraine has banned use of Telegram on official devices used by state officials, military personnel and critical workers because it believes its enemy Russia can spy on both messages and users, a top security body said on Friday. Reuters: The National Security and Defence Council announced the restrictions after Kyrylo Budanov, head of Ukraine's GUR military intelligence agency, presented the Council with evidence of Russian special services' ability to snoop on the platform, it said in a statement. But Andriy Kovalenko, head of the security council's centre on countering disinformation, posted on Telegram that the restrictions apply only to official devices, not personal phones.

Telegram is heavily used in both Ukraine and Russia and has become a critical source of information since the Russian invasion of Ukraine in February 2022. But Ukrainian security officials had repeatedly voiced concerns about its use during the war. Based in Dubai, Telegram was founded by Russian-born Pavel Durov, who left Russia in 2014 after refusing to comply with demands to shut down opposition communities on his social media platform VKontakte, which he has sold.

Longtime Slashdot reader SonicSpike shares a report from Politico: The creator of a video that used artificial intelligence to imitate Kamala Harris is suing the state of California after Gov. Gavin Newsom signed laws restricting the use of digitally altered political "deepfakes," alleging First and 14th Amendment violations. Christopher Kohls, who goes by the name "Mr Reagan" on X, has been at the center of a debate over the use of AI-generated material in elections since he posted the video in July, calling it a parody of a Harris campaign ad. It features AI-generated clips mimicking Harris' voice and saying she's the "ultimate diversity hire." The video was shared by X owner Elon Musk without calling it parody and attracted the ire of Newsom, who vowed to ban such content.

The suit (PDF), filed Tuesday in federal court, seeks permanent injunctions against the laws. One of the laws in question, the Defending Democracy from Deepfake Deception Act, specifies that it does not apply to satire or parody content. It requires large online platforms to remove or label deceptive, digitally altered media during certain periods before or after an election. Newsom spokesperson Izzy Gardon said in a statement that Kohls had already labeled the post as a parody on X. "Requiring them to use the word 'parody' on the actual video avoids further misleading the public as the video is shared across the platform," Gardon said. "It's unclear why this conservative activist is suing California. This new disclosure law for election misinformation isn't any more onerous than laws already passed in other states, including Alabama."

Disney plans to transition away from using Slack as its companywide collaboration tool after a hacking group leaked over a terabyte of data from the platform. Many teams at Disney have already begun moving to other enterprise-wide tools, with the full transition expected later this year. Reuters reports: Hacking group NullBulge had published data from thousands of Slack channels at the entertainment giant, including computer code and details about unreleased projects, the Journal reported in July. The data spans more than 44 million messages from Disney's Slack workplace communications tool, WSJ reported earlier this month. The company had said in August it was investigating an unauthorized release of over a terabyte of data from one of its communication systems.

Joe_Dragon shares a report: Four more large Internet service providers told the US Supreme Court this week that ISPs shouldn't be forced to aggressively police copyright infringement on broadband networks. While the ISPs worry about financial liability from lawsuits filed by major record labels and other copyright holders, they also argue that mass terminations of Internet users accused of piracy "would harm innocent people by depriving households, schools, hospitals, and businesses of Internet access."

The legal question presented by the case "is exceptionally important to the future of the Internet," they wrote in a brief filed with the Supreme Court on Monday. The amici curiae brief was filed by Altice USA (operator of the Optimum brand), Frontier Communications, Lumen (aka CenturyLink), and Verizon. The brief supports cable firm Cox Communications' attempt to overturn its loss in a copyright infringement lawsuit brought by Sony. Cox petitioned the Supreme Court to take up the case last month.

Sony and other music copyright holders sued Cox in 2018, claiming it didn't adequately fight piracy on its network and failed to terminate repeat infringers. A US District Court jury in the Eastern District of Virginia ruled in December 2019 that Cox must pay $1 billion in damages to the major record labels. Cox won a partial victory when the US Court of Appeals for the 4th Circuit vacated the $1 billion verdict, finding that Cox wasn't guilty of vicarious infringement because it did not profit directly from infringement committed by users of its cable broadband network. But the appeals court affirmed the jury's finding of willful contributory infringement and ordered a new damages trial.

Google is updating its Password Manager to allow users to sync passkeys across multiple devices, including Windows, macOS, Linux, and Android, with iOS and ChromeOS support coming soon. Engadget reports: Once saved, the passkey automatically syncs across other devices using Google Password Manager. The company says this data is end-to-end encrypted, so it'll be pretty tough for someone to go in and steal credentials. [...] Today's update also brings another layer of security to passkeys on Google Password Manager. The company has introduced a six-digit PIN that will be required when using passkeys on a new device. This would likely stop nefarious actors from logging into an account even if they've somehow gotten ahold of the digital credentials. Just don't leave the PIN number laying on a sheet of paper directly next to the computer.

The Federal Trade Commission said on Thursday it found that several social media and streaming services engaged in a "vast surveillance" of consumers, including minors, collecting and sharing more personal information than most users realized. From a report: The findings come from a study of how nine companies -- including Meta, YouTube and TikTok -- collected and used consumer data. The sites, which mostly offer free services, profited off the data by feeding it into advertising that targets specific users by demographics, according to the report. The companies also failed to protect users, especially children and teens.

The F.T.C. said it began its study nearly four years ago to offer the first holistic look into the opaque business practices of some of the biggest online platforms that have created multibillion-dollar ad businesses using consumer data. The agency said the report showed the need for federal privacy legislation and restrictions on how companies collect and use data. "Surveillance practices can endanger people's privacy, threaten their freedoms, and expose them to a host of harms, from identify theft to stalking," said Lina Kahn, the F.T.C.'s chair, in a statement.

Kenya signed a Memorandum of Understanding (MoU) with the U.S. on nuclear technology cooperation during the 2024 IAEA General Conference in Vienna, with the aim of safely integrating nuclear power into Kenya's energy mix by 2035. The agreement focuses on collaboration in nuclear safety, regulatory experience, and research. The Standard reports: The historic pact came a day after Prime Cabinet Secretary Musalia Mudavadi addressed the general session of the conference. Mudavadi had outlined Kenya's ambitious plans to integrate nuclear power into the country's energy mix by 2035, as part of a broader strategy to meet its growing energy demand. Kenya's current installed energy capacity, as of 2023, totals 3,321 MW, with significant contributions from geothermal (863 MW), hydroelectric power (838 MW), wind (436 MW), solar (173 MW), biomass (2 MW), and thermal energy (678 MW). However, despite these sources, the country still faces a shortfall in its energy supply. Experts say nuclear energy will be crucial in addressing this deficit and supporting Kenya's long-term industrialization goals.

The MoU was signed by the Kenya Nuclear Regulatory Authority (KNRA) and the United States Nuclear Regulatory Commission (USNRC), with both parties expressing optimism about the future of nuclear cooperation between the two nations. [...] Areas of cooperation will include sharing of operating experience and regulatory experience, cooperation in joint programs of nuclear safety research and trainings. Kenya, along with several other developing nations, is exploring the potential use of nuclear energy beyond electricity generation, including its applications in health and agriculture. As the country moves forward with its nuclear aspirations, experts highlight the importance of robust regulatory frameworks and international cooperation to ensure the safe and effective deployment.

schwit1 shares a report from SpaceNews: The FAA announced Sept. 17 that it notified SpaceX of $633,009 in proposed fines for violating terms of its launch licenses during the June 2023 Falcon 9 launch of the Satria-1, or PSN Satria, broadband satellite and the July 2023 Falcon Heavy launch of Jupiter-3, or EchoStar-24, broadband satellite. Both launches were successful.

For the Satria-1 launch, the FAA said in its enforcement notice (PDF) to the company that SpaceX had requested in May 2023 changes to its communications plan to allow the use of a new launch control center at the company's "Hangar X" facility at the Kennedy Space Center and to skip a poll of launch controllers at two hours before liftoff. The FAA notified SpaceX shortly before the scheduled launch that it would not be able to approve those changes and modify the license in time, although the enforcement notice did not state why. SpaceX went ahead and used the Hangar X control center and skipped the "T-2 hours" poll for the launch. The agency concluded that violated two conditions of its launch license, which allowed for civil penalties of up to $283,009 each. The FAA said it planned to fine SpaceX a combined $350,000 for that launch.

A month later, SpaceX conducted the Falcon Heavy launch of Jupiter-3, but nine days before the launch the company requested a modification to its launch license to allow it to use a new tank farm for RP-1 fuel at KSC's Launch Complex 39A, according to a separate enforcement notice. The FAA notified SpaceX two days before the scheduled launch that the agency would not be able to modify the license in time, but SpaceX nonetheless used the new tank farm for the launch. The agency said it proposed to fine SpaceX the maximum $283,009 for that violation. Instead of participating in administrative procedures, SpaceX CEO Elon Musk said it would take the FAA to court. "SpaceX will be filing suit against the FAA for regulatory overreach," he posted on X.

An anonymous reader quotes a report from Ars Technica: The Senate Judiciary Committee is scheduled to consider two bills Thursday that would effectively nullify the Supreme Court's rulings against patents on broad software processes and human genes. Open source and Internet freedom advocates are mobilizing and pushing back. The Patent Eligibility Restoration Act (or PERA, S. 2140), sponsored by Sens. Thom Tillis (R-NC) and Chris Coons (D-Del.), would amend US Code such that "all judicial exceptions to patent eligibility are eliminated." That would include the 2014 ruling in which the Supreme Court held, with Justice Clarence Thomas writing, that simply performing an existing process on a computer does not make it a new, patentable invention. "The relevant question is whether the claims here do more than simply instruct the practitioner to implement the abstract idea of intermediated settlement on a generic computer," Thomas wrote. "They do not." That case also drew on Bilski v. Kappos, a case in which a patent was proposed based solely on the concept of hedging against price fluctuations in commodity markets. [...]

Another wrinkle in the PERA bill involves genetic patents. The Supreme Court ruled in June 2013 that pieces of DNA that occur naturally in the genomes of humans or other organisms cannot, themselves, be patented. Myriad Genetics had previously been granted patents on genes associated with breast and ovarian cancer, BRCA1 and BRCA2, which were targeted in a lawsuit led by the American Civil Liberties Union (ACLU). The resulting Supreme Court decision -- this one also written by Thomas -- found that information that naturally occurs in the human genome could not be the subject to a patent, even if the patent covered the process of isolating that information from the rest of the genome. As with broad software patents, PERA would seemingly allow for the patenting of isolated human genes and connections between those genes and diseases like cancer. [...] The Judiciary Committee is set to debate and potentially amend or rewrite PREVAIL and PERA (i.e. mark up) on Thursday.

Snapchat's terms of service for its "My Selfie" tool reserve the right to use users' AI-generated images in ads. While users can opt out by disabling the "See My Selfie in Ads" feature, it is enabled by default. 404 Media's Emanuel Maiberg reports: A support page on the Snapchat website titled "What is My Selfie?" explains further: "You'll take selfies with your Snap camera or select images from your camera roll. These images will be used to understand what you look like to enable you, Snap and your friends to generate novel images of you. If you're uploading images from the camera roll, only add images of yourself," Snapchat's site says. "After you've successfully onboarded, you may have access to some features powered by My Selfie, like Cameos stickers and AI Snaps. We are constantly adding features and functionality so stay tuned for more My Selfie features."

After seeing the popup, I searched for instances of people getting ads featuring their own face on Snapchat, and found this thread on the r/Privacy Reddit community where a user claimed exactly this happened to them. In an email to 404 Media, Snapchat said that it couldn't confirm or deny whether this user was served an ad featuring their face, but if they did, the ad was not using My Selfie images. Snapchat also said that it investigated the claim in the Reddit thread and that the advertiser, yourdreamdegree.com, has a history of advertising on Snapchat and that Snapchat believes the ad in question does not violate any of its policies. "The photo that was used in the advertisement is clearly AI, however, it is very clearly me," the Reddit user said. "It has my face, my hair, the clothing I wear, and even has my lamp & part of a painting on my wall in the background. I have no idea how they got photos of me to be able to generate this ad." Snapchat confirmed the news but emphasized that advertisers do not have access to Snapchat users' generative AI data. "You are correct that our terms do reserve the right, in the future, to offer advertising based on My Selfies in which a Snapchatter can see themselves in a generated image delivered to them," a Snapchat spokesperson said. "As explained in the onboarding modal, Snapchatters have full control over this, and can turn this on and off in My Selfie Settings at any time."

Late last month, Brazilian Justice Alexandre de Moraes ordered X to suspend operations in Brazil after a months-long dispute with X owner Elon Musk. The conflict centered on Musk's refusal to appoint a legal representative in the country and his refusal to take down disinformation and far-right accounts. However, on Wednesday, X bypassed the court-ordered block by utilizing third-party cloud services, allowing many Brazilian users to access the platform without the need for a virtual private network (VPN). From a report: The number of Brazilians accessing X is unknown, according to [Abrint, the Brazilian Association of Internet and Telecommunications Providers]. "I believe the change was probably intentional. Why would X use a third-party service that ends up being slower than its own?" said Basilio Perez, a board member at Abrint.

Any revised order from Brazil's national telecommunications agency Anatel, which is responsible for implementing the court ruling, will need to be more specific, because blocking cloud access is complex and may jeopardize government agencies and financial services providers, Perez said.

Anatel has identified the problem and is working to first notify content delivery network providers, followed by telecom companies to block access again to X in Brazil, according to a person familiar with the situation. The same person said it is not clear how long it will take for the providers to comply with the order...

In a statement tweeted from X's global government affairs account, the company said the restoration of service was an "inadvertent and temporary" side-effect of switching network providers.

The Register's Jessica Lyons reports: Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server. In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer. It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks; those with shadow IT deployments; and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.

This particular company, which Dwyer declined to name, makes components for public and private aerospace organizations and other critical sectors, including oil and gas. The intrusion has been attributed to an unnamed People's Republic of China team, whose motivation appears to be espionage and blueprint theft. It's worth noting the Feds have issued multiple security alerts this year about Beijing's spy crews including APT40 and Volt Typhoon, which has been accused of burrowing into American networks in preparation for destructive cyberattacks.

After discovering China's agents within its network in August, the manufacturer alerted local and federal law enforcement agencies and worked with government cybersecurity officials on attribution and mitigation, we're told. Binary Defense was also called in to investigate. Before being caught and subsequently booted off the network, the Chinese intruders uploaded a web shell and established persistent access, thus giving them full, remote access to the IT network -- putting the spies in a prime position for potential intellectual property theft and supply-chain manipulation. If a compromised component makes it out of the supply chain and into machinery in production, whoever is using that equipment or vehicle will end up feeling the brunt when that component fails, goes rogue, or goes awry.

"The scary side of it is: With our supply chain, we have an assumed risk chain, where whoever is consuming the final product -- whether it is the government, the US Department of the Defense, school systems â" assumes all of the risks of all the interconnected pieces of the supply chain," Dwyer told The Register. Plus, he added, adversarial nations are well aware of this, "and the attacks continually seem to be shifting left." That is to say, attempts to meddle with products are happening earlier and earlier in the supply-chain pipeline, thus affecting more and more victims and being more deep-rooted in systems. Breaking into a classified network to steal designs or cause trouble is not super easy. "But can I get into a piece of the supply chain at a manufacturing center that isn't beholden to the same standards and accomplish my goals and objectives?" Dwyer asked. The answer, of course, is yes. [...]

The House Energy and Commerce Committee has approved the AM for Every Vehicle Act, which mandates that automakers include AM radio in new vehicles without additional charges. The Verge reports: The bill passed the committee on a roll-call vote of 45-2 and now heads to the full House for final approval. The bill, titled the AM for Every Vehicle Act, would direct the National Highway Traffic Safety Administration (NHTSA) to issue a rule that "requires automakers to maintain AM broadcast radio in their vehicles without a separate or additional payment, fee, or surcharge." Supporters say they are pushing the bill out of a concern that the slow demise of AM radio could make it more difficult to broadcast emergency information during a natural disaster or other related events. Conservatives are also worried about losing a lucrative platform for right-wing news and media. [...]

Automakers generally see AM radio as an obsolete technology, arguing that there are other, better technologies, such as internet streaming, HD radio delivered on FM bands, or some apps that provide AM content that will make up for the absence of AM radio in vehicles. Critics say the bill could also add to the costs of producing EVs at a time when many manufacturers are struggling to rein in their costs. "With a new mandate, [EV companies] will have to go through a significant powertrain redesign, vehicle redesign," Albert Gore, executive director of the Zero Emission Transportation Association, said in an interview earlier this year, "because of the degree to which electric motor generates this [electromagnetic] interference."