North Korean hackers exploited a critical Windows vulnerability to deploy advanced malware, security researchers revealed. The zero-day flaw, patched by Microsoft last week, allowed attackers to gain system-level access and install a sophisticated rootkit called FudModule. Gen, the firm that discovered the attacks, identified the threat actors as Lazarus, a hacking group linked to North Korea. The exploit targeted individuals in cryptocurrency and aerospace industries, likely aiming to steal digital assets and infiltrate corporate networks. FudModule, first analyzed in 2022, stands out for its ability to operate deep within Windows, evading detection by security defenses. Earlier versions used vulnerable drivers for installation, while a newer variant exploited a bug in Windows' AppLocker service.

An anonymous reader shares a report: Many Procreate users can breathe a sigh of relief now that the popular iPad illustration app has taken a definitive stance against generative AI. "We're not going to be introducing any generative AI into our products," Procreate CEO James Cuda said in a video posted to X. "I don't like what's happening to the industry, and I don't like what it's doing to artists."

The creative community's ire toward generative AI is driven by two main concerns: that AI models have been trained on their content without consent or compensation, and that widespread adoption of the technology will greatly reduce employment opportunities. Those concerns have driven some digital illustrators to seek out alternative solutions to apps that integrate generative AI tools, such as Adobe Photoshop. "Generative AI is ripping the humanity out of things. Built on a foundation of theft, the technology is steering us toward a barren future," Procreate said on the new AI section of its website. "We think machine learning is a compelling technology with a lot of merit, but the path generative AI is on is wrong for us."

"AI is already able to mimic sight and hearing," writes CNBC. And now a startup named Osmo "wants to use the technology to digitize another: smell."

Co-founded by a former Google research scientist, the company built an AI that's "superhuman in its ability to predict what things smelled like," the company's co-founder says. And he believes this might actually prove useful. "We've known that smell contains information we can use to detect disease. But computers can't speak that language and can't interpret that data yet... We will eventually be able to detect disease with scent and we're on our way to building that technology. It's not going to happen this year or anytime soon, but we're on our way."

CoinTelegraph describes how the company invented a training dataset from scratch — a kind of "smell map" with labelled examples of molecular bond associations to teach the AI to identify specific patterns. The team also hopes to develop a method to recreate smells using molecular synthesis. This would, for example, allow a computer in one place to "smell" something and then send that information to another computer for resynthesis — essentially teleporting odor over the internet. This also means scent could join sight and sound as part of the marketing and branding world.

Indian influencers It's the largest country on earth — home to 1.4 billion people. But "The Indian government has plans to classify social media creators as 'digital news broadcasters,'" according to the nonprofit site RestofWorld.org.

While there's "no clarity" on the government's next move, the proposed legislation would require social media creators "to register with the government, set up a content evaluation committee that checks all content before it is published, and appoint complaint handlers — all at their own expense. Any failures in compliance could lead to criminal charges, including jail term." On July 26, the Hindustan Times reported that the government plans to tweak the proposed Broadcasting Services (Regulation) Bill, which aims to combine all regulations for broadcasters under one law. As per a new version of the bill, which has been reviewed by Rest of World, the government defines "digital news broadcaster" as "any person who broadcasts news and current affairs programs through an online paper, news portal, website, social media intermediary, or other similar medium as part of a systematic business, professional or commercial activity."

Creators and digital rights activists believe the potential legislation will tighten the government's grip over online content and threaten the last bastion of press freedom for independent journalists in the country. Over 785 Indian creators have sent a letter to the government seeking more transparency in the process of drafting the bill. Creators have also stormed social media with hashtags like #KillTheBill, and made videos to educate their followers about the proposal.
One YouTube creator told the site that if the government requires them to appoint a "grievance redressal officer," they might simply film themselves, responding to grievances — to "make content out of it".

Apple is building "a pricey tabletop home device" which uses "a thin robotic arm to move around a large screen," using actuators "to tilt the display up and down and make it spin 360 degree," according to Bloomberg's Mark Gurman. Citing "people with knowledge of the matter," Gurman writes that Apple assigned "several hundred people" to the project: The device is envisioned as a smart home command center, videoconferencing machine and remote-controlled home security tool, said the people... The project — codenamed J595 — was approved by Apple's executive team in 2022 but has started to formally ramp up in recent months, they said... Apple has now decided to prioritize the device's development and is aiming for a debut as early as 2026 or 2027, according to the people.

The company is looking to get the price down to around $1,000. But with years to go before an expected release, the plans could theoretically change... The idea is for the tabletop product to be primarily controlled using the Siri digital assistant and upcoming features in Apple Intelligence. The device could respond to commands, such as "look at me," by repositioning the screen to focus on the person saying the words — say, during a video call. It also could understand different voices and adjust its focus accordingly. Current models in testing run a customized version of the iPad operating system...

The company also is working on robots that move around the home and has discussed the idea of a humanoid version. Those projects are being led, in part, by Hanns Wolfram Tappeiner, a robotics expert who now has about 100 former car team engineers reporting to him. In a job listing published this month, Apple said it has a team "working to leverage and build upon groundbreaking machine learning robotics research, thereby enabling development of generalizable and reliable robot systems." The company said it's seeking experts with experience in "robot manipulation" and creating AI models for robot control.
The article calls points out that Apple "still gets roughly half its revenue from the iPhone," and calls the robotics effort "one of a few avenues Apple is pursuing to generate new sources of revenue" — and to "capitalize" on its AI technology. (Apple is also working on both smart eyeglasses and augmented reality galsses.)

"Electronic shelf labels are already common in Europe," reports the Los Angeles Times, "and will become wider spread in the U.S., with Walmart planning to implement the labels in 2,300 stores by 2026." And grocery giant Kroger also plans to introduce digital labels.

But will they also bring "dynamic pricing", where stores raise the price of ice cream on hot days — or jack the cost of water and canned goods before upcoming storms? Kroger and Walmart said they have no plans to implement dynamic pricing, and added that electronic shelf labels will only be used to help lower costs. "Kroger's business model is to lower prices over time so that more customers shop with us," a Kroger spokesperson said. "Any test of electronic shelf tags is to lower prices more for customers where it matters most. To suggest otherwise is not true." A Walmart spokesperson said updates to the electronic tags will be used to reflect lower prices for items on sale or final clearance. Prices will not change throughout the day, she said...

Grocery industry analyst Phil Lempert said the digital tags will help save time and money amid a labor shortage, but they could lead grocery chains down a slippery slope. "If you can make it electronic you can take a lot of costs out of the system, and that's great," Lempert said. "But once that's installed, and regardless of what any retailer is going to say, it's now easy to change prices."

Santiago Gallino, a professor specializing in retail management at the University of Pennsylvania, said he hasn't seen signs that retailers plan to use electronic shelf labels for surge pricing. "In my conversation with retailers, it's clear that those who are pushing towards this technology are mainly trying to drive efficiency up in the stores and try to reduce costs," Gallino said. "Grocery retailers operate on very thin margins, so every time they find technology that can help them save in labor, they will do that."

What grocery stores save in labor they may lose in customer trust and loyalty, however, said Dominick Miserandino [CEO of the retail disussion forum RetailWire.] "Consumers are exceptionally skeptical," he said. "When most of the consumer reaction to any product seems to be overwhelmingly negative, it's probably a product that one might want to reevaluate quickly."
The article notes one U.S. presidential candidate has already pledged they'd "work to pass the first-ever federal ban on price gouging on food."

Long-time Slashdot reader theodp writes: Christie's this week announced the items that will be auctioned in three sales from the Paul G. Allen Collection, including historic computers and artifacts from the late Microsoft co-founder's former Living Computers Museum + Labs in Seattle. They include an Apple-1 from the desk of late Apple co-founder Steve Jobs, estimated at $500,000 to $800,000, to be auctioned as part of a live sale on Sept. 10 at Christie's Rockefeller Center in New York.

Among the lot of "Firsts" from the Paul Allen Collection is a circa-1984 PC's Limited Personal Computer (est. $600-$800), which comes with a manual for the Microsoft-developed IBM DOS. Also being offered is a circa-1975 IMSAI 8080 microcomputer (est. $2,000-$3,000). Both computers ran operating systems that can be traced back to the efforts of Digital Research founder Gary Kildall. Kildall's CP/M was adapted for IMSAI in 1975 and inspired the "CP/M work-alike" Quick And Dirty Operating System (QDOS) that Microsoft purchased in 1981, ported to the new IBM PC as MS-DOS, and licensed to IBM, who in turn offered it as PC-DOS...

Interestingly, not present in the any of the three Christie's Paul G. Allen Collection auctions is Allen's rare unedited copy of Kildall's Computer Connections: People, Places, and Events in the Evolution of the Personal Computer Industry (edited version available at CHM), one of only 20 copies that were originally distributed to family and friends shortly before Kildall's death in 1994. (In the unpublished memoir, Kildall's Seattle Times obit reported, Kildall called DOS "plain and simple theft" of CP/M). Documents released in response to a 2018 Washington Public Records Act request revealed that one of those copies found its way into the hands of Allen in 2017, gifted by University of Washington CS professor Ed Lazowska, who led fundraising campaigns for UW's Paul G. Allen Center for Computer Science & Engineering.

"We're testing a few new ways to plan and manage your presence on Threads," announced top Threads/Instagram executive Adam Mosseri, promising their 200 million-plus users "enhanced insights to help you better understand your followers and how posts perform, and the ability to save multiple drafts with scheduling coming soon."

Axios reports: Helping creators avoid burnout has become a growing focus for Meta CEO Mark Zuckerberg, who said in July that the company's new generative AI tools can alleviate certain tasks like communicating with followers. Thursday's announcement was positioned as helping both businesses and creators — suggesting that Meta is ramping up plans to start monetizing Threads, which could be as early as this year.

The Dubai Court of First Instance has declared that cryptocurrency can be used as a legal form of salary under employment contracts. CoinTelegraph reports: Irina Heaver, a partner at UAE law firm NeosLegal, explained that the ruling in case number 1739 of 2024 shows a shift from the court's earlier stance in 2023, where a similar claim was denied because the crypto involved lacked precise valuation. Heaver believes this shows a "progressive approach" to integrating digital currencies into the country's legal and economic framework. Heaver said that the case involved an employee who filed a lawsuit claiming that the employer had not paid their wages, wrongful termination compensation and other benefits. The worker's employment contract stipulated a monthly salary in fiat and 5,250 in EcoWatt tokens. The dispute stems from the employer's inability to pay the tokens portion of the employee's salary in six months.

In 2023, the court acknowledged the inclusion of the EcoWatts tokens in the contract. Still, it did not enforce the payment in crypto, as the employee failed to provide a clear method for valuing the currency in fiat terms. "This decision reflected a traditional viewpoint, emphasizing the need for concrete evidence when dealing with unconventional payment forms," Heaver said. However, the lawyer said that in 2024, the court "took a step forward," ruling in favor of the employee and ordering the payment of the crypto salary as per the employment contract without converting it into fiat. Heaver added that the court's reliance on the UAE Civil Transactions Law and Federal Decree-Law No. 33 of 2021 in both judgments shows the consistent application of legal principles in wage determination.

An anonymous reader quotes a report from Ars Technica: Anova, a company that sells smart sous vide cookers, is getting backlash from customers after announcing that it will soon charge a subscription fee for the device's companion app. Anova was founded in 2013 and sells sous vide immersion circulators. Its current third-generation Precision Cooker 3.0 has an MSRP of $200. Anova also sells a $149 model and a $400 version that targets professionals. It debuted the free Anova Culinary App in 2014. In a blog post on Thursday, Anova CEO and cofounder Stephen Svajian announced that starting on August 21, people who sign up to use the Anova Culinary App with the cooking devices will have to pay $2 per month, or $10 per year. The app does various things depending on the paired cooker, but it typically offers sous vide cooking guides, cooking notifications, and the ability to view, save, bookmark, and share recipes. The subscription fee will only apply to people who make an account after August 21. Those who downloaded the app and made an account before August 21 won't have to pay. But everyone will have to make an account; some people have been using the app without one until now.

"You helped us build Anova, and our intent is that you will be grandfathered in forever," Svajian wrote. According to Svajian, the subscription fees are necessary so Anova can "continue delivering the exceptional service and innovative recipes" and "maintain and enhance the app, ensuring it remains a valuable resource." As Digital Trends pointed out, the announcement follows an Anova statement saying it will no longer let users remotely control their kitchen gadgets via Bluetooth starting on September 28, 2025. This means that remote control via the app will only be possible for models offering and using Wi-Fi connectivity. Owners of affected devices will no longer be able to access their device via the Anova app, get notifications, or use status monitoring. Users will still be able to manually set the time, temperature, and timer via the device itself.

IKEA is expanding its stock-counting drone system to operate alongside workers in the U.S., starting with its Perryville, Maryland distribution center. The Verge reports: The Verity-branded drones also come with a new AI-powered system that allows them to fly around warehouses 24/7. That means they'll now operate alongside human workers, helping to count inventory as well as identify if something's in the wrong spot. Previously, the drones only flew during nonoperational hours. Parag Parekh, the chief digital officer for Ikea retail, says in the press release that flights are prescheduled and that the drones use a "custom indoor positioning system to navigate higher levels of storage locations." They also have an obstacle detection system that allows them to reroute their paths to avoid collisions. Ikea is also working on several upgrades for the drones, including the ability to inspect unit loads and racks.

So far, Ikea's fleet consists of more than 250 drones operating across 73 warehouses in nine countries. Ikea first launched its drone system in partnership with Verity in 2021 and expanded it to more locations throughout Europe last year. Now, Ikea plans on bringing its AI-upgraded drones to more distribution centers in Europe and North America, which the company says will help "reduce the ergonomic strain on [human] co-workers, allowing them to focus on lighter and more interesting tasks."

Epic Games launched its digital app store on iOS and Android devices on Friday, marking Fortnite's return to Apple's platform in the European Union after a four-year absence. The move follows the implementation of the EU's Digital Markets Act, which mandates Apple to allow third-party app stores. Epic's store is available globally on Android and in the EU for iOS devices running iOS 17.6 or later.

Fortnite, along with Rocket League Sideswipe and Fall Guys, are now accessible through Epic's mobile store and the EU's AltStore. This marks Fall Guys' mobile debut. Epic CEO Tim Sweeney hailed the development as "tangible progress" but noted challenges remain, including Apple's new fees for third-party app distribution. The company aims for 100 million mobile store installations by year-end and plans to offer third-party games by December, with self-publishing slated for early 2025. Epic's 88/12 revenue split model will extend to mobile, potentially disrupting the mobile gaming marketplace dominated by Apple and Google.

The SAG-AFTRA actors' union has struck a deal with online talent marketplace Narrativ, allowing actors to sell advertisers the rights to replicate their voices using AI. "Not all members will be interested in taking advantage of the opportunities that licensing their digital voice replicas might offer, and that's understandable," SAG-AFTRA official Duncan Crabtree-Ireland said in a statement. "But for those who do, you now have a safe option." Reuters reports: Narrativ connects advertisers and ad agencies with actors to create audio ads using AI. Under the deal, an actor can set the price for an advertiser to digitally replicate their voice, provided it at least equals the SAG-AFTRA minimum pay for audio commercials. Brands must obtain consent from performers for each ad that uses the digital voice replica. The union hailed the pact with Narrativ as setting a standard for the ethical use of AI-generated voice replicas in advertising.

An anonymous reader quotes a report from Wired: Professional cycling has, in its recent history, been prone to a shocking variety of cheating methods and dirty tricks.Performance-enhancing drugs.Tacks strewn on race courses. Even stealthy motors hidden inside of wheel hubs. Now, for those who fail to download a software patch for their gear shifters -- yes, bike components now get software updates -- there may be hacker saboteurs to contend with, too. At the Usenix Workshop on Offensive Technologies earlier this week, researchers from UC San Diego and Northeastern University revealed a technique that would allow anyone with a few hundred dollars of hardware to hack Shimano wireless gear-shifting systems (Warning: source may be paywalled; alternative source) of the kind used by many of the top cycling teams in the world, including in recent events like the Olympics and the Tour de France. Their relatively simple radio attack would allow cheaters or vandals to spoof signals from as far as 30 feet away that trigger a target bike to unexpectedly shift gears or to jam its shifters and lock the bike into the wrong gear.

The trick would, the researchers say, easily be enough to hamper a rival on a climb or, if timed to certain intense moments of a race, even cause dangerous instability. "The capability is full control of the gears. Imagine you're going uphill on a Tour de France stage: If someone shifts your bike from an easy gear to a hard one, you're going to lose time," says Earlence Fernandes, an assistant professor at UCSD's Computer Science and Engineering department. "Or if someone is sprinting in the big chain ring and you move it to the small one, you can totally crash a person's bike like that." [...] The researchers' technique exploits the increasingly electronic nature of modern high-end bicycles, which now have digital components like power meters, wireless control of fork suspensions, and wireless shifters. "Modern bicycles are cyber-physical systems," the researchers note in their Usenix paper. Almost all professional cyclists now use electronic shifters, which respond to digital signals from shifter controls on the bike's handlebars to move a bicycle's chain from gear to gear, generally more reliably than mechanical shifting systems. In recent years, those wired electronic shifters have transitioned again to wireless versions that pair via a radio connection, such as the popular Di2 wireless shifters sold by the Japanese cycling component firm Shimano, which the researchers focused on. Shimano says it has developed a firmware update to patch the exploit but it won't be available widely until late August. The update is intended to improve wireless transmission across Shimano Di2 component platforms, though specific details about the fix and how it prevents the identified attacks have not been disclosed for security reasons.

Californians' driver's licenses are going digital as people will soon be able to carry them in their Apple or Google wallets. From a report: The governor's office says it's a secure and convenient tool that will allow users to more easily undergo ID verification, such as airport screenings. The virtual wallet capabilities, which are set to roll out "in the coming weeks," will allow users to add and access California driver's licenses and ID cards on their iPhones, Apple Watch and Android devices -- similar to credit cards.

They will be authorized for use in TSA screenings, select apps and select businesses, such as Circle K. Participating airports in the state include SFO, SJC and LAX. The new format, which Gov. Gavin Newsom is expected to announce Thursday, is part of the DMV's broader mobile driver's license (mDL) pilot, which launched last year. "This is a big step in our efforts to better serve all Californians, meeting people where they're at and with technology people use every day," Newsom said in a statement shared first with Axios.

Roku has removed the Redbox app from its platform, effectively cutting off users' access to purchased content following Redbox parent company Chicken Soup for the Soul Entertainment's bankruptcy filing. The move signals the likely end of Redbox's digital streaming service, which launched in 2017 to complement its DVD rental kiosks. Customers attempting to use the Redbox app on Roku devices now receive an error message directing them to other streaming services. While the app remains downloadable on some platforms, including Apple's App Store and Google Play, its functionality is severely limited. The shutdown raises questions about the fate of content purchased through Redbox's streaming service and the company's remaining 24,000 physical kiosks.

"NIST has formally accepted three algorithms for post-quantum cryptography," writes ancient Slashdot reader jd. "Two more backup algorithms are being worked on. The idea is to have backup algorithms using very different maths, just in case a flaw in the original approach is discovered later." The Register reports: The National Institute of Standards and Technology (NIST) today released the long-awaited post-quantum encryption standards, designed to protect electronic information long into the future -- when quantum computers are expected to break existing cryptographic algorithms. One -- ML-KEM (PDF) (based on CRYSTALS-Kyber) -- is intended for general encryption, which protects data as it moves across public networks. The other two -- ML-DSA (PDF) (originally known as CRYSTALS-Dilithium) and SLH-DSA (PDF) (initially submitted as Sphincs+) -- secure digital signatures, which are used to authenticate online identity. A fourth algorithm -- FN-DSA (PDF) (originally called FALCON) -- is slated for finalization later this year and is also designed for digital signatures.

NIST continued to evaluate two other sets of algorithms that could potentially serve as backup standards in the future. One of the sets includes three algorithms designed for general encryption -- but the technology is based on a different type of math problem than the ML-KEM general-purpose algorithm in today's finalized standards. NIST plans to select one or two of these algorithms by the end of 2024. Despite the new ones on the horizon, NIST mathematician Dustin Moody encouraged system administrators to start transitioning to the new standards ASAP, because full integration takes some time. "There is no need to wait for future standards," Moody advised in a statement. "Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event." From the NIST: This notice announces the Secretary of Commerce's approval of three Federal Information Processing Standards (FIPS):
- FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard
- FIPS 204, Module-Lattice-Based Digital Signature Standard
- FIPS 205, Stateless Hash-Based Digital Signature Standard

These standards specify key establishment and digital signature schemes that are designed to resist future attacks by quantum computers, which threaten the security of current standards. The three algorithms specified in these standards are each derived from different submissions in the NIST Post-Quantum Cryptography Standardization Project.

U.S. Senators Elizabeth Warren and Bob Casey have accused supermarket giant Kroger of potential price-gouging through its adoption of electronic shelf labels (ESLs). In a letter to Kroger CEO Rodney McMullen, the lawmakers expressed concern that ESLs could enable dynamic pricing of groceries, potentially creating artificial scarcity and inflating prices of essential goods.

Kroger, which operates nearly 3,000 stores nationwide, began implementing ESLs in 2018 under the "Kroger Edge" program. While initially promoted as a consumer-friendly technology offering video ads and personalized shopping assistance, the senators argue it could lead to "surge pricing" similar to ride-sharing services. The lawmakers' concerns reflect broader scrutiny of differential pricing practices across industries. The Federal Trade Commission recently launched an investigation into such tactics, which have been observed in sectors ranging from e-commerce to travel booking.

An anonymous reader shares a report: After much back and forth earlier this year, Spotify on Wednesday says it's now received approval from Apple to display pricing information in its iOS app for users in the EU. The company is not opting into Apple's new business rules under the EU's Digital Markets Act, but rather is taking advantage of new antitrust guidelines imposed by the EU specifically for music streaming apps. Apple in March was fined by European regulators nearly $2 billion for breaching antitrust rules in the market. Spotify and Apple have also gone back and forth over an update to Spotify's app that would allow the music streamer to share pricing information with EU users.

Now, Spotify says its app update has been approved, and it will be able to display the pricing for things like Spotify subscriptions and digital goods, including Spotify's more recently added collection of audiobooks. The latter includes the ability to show the pricing for subscription plans that include audiobook streaming, as well as "top off" hours users can buy to complete their audiobook listening and a la carte audiobook prices.

An anonymous reader quotes a report from Ars Technica: Over the past few days, a software package called Deep-Live-Cam has been going viral on social media because it can take the face of a person extracted from a single photo and apply it to a live webcam video source while following pose, lighting, and expressions performed by the person on the webcam. While the results aren't perfect, the software shows how quickly the tech is developing -- and how the capability to deceive others remotely is getting dramatically easier over time. The Deep-Live-Cam software project has been in the works since late last year, but example videos that show a person imitating Elon Musk and Republican Vice Presidential candidate J.D. Vance (among others) in real time have been making the rounds online. The avalanche of attention briefly made the open source project leap to No. 1 on GitHub's trending repositories list (it's currently at No. 4 as of this writing), where it is available for download for free. [...]

Like many open source GitHub projects, Deep-Live-Cam wraps together several existing software packages under a new interface (and is itself a fork of an earlier project called "roop"). It first detects faces in both the source and target images (such as a frame of live video). It then uses a pre-trained AI model called "inswapper" to perform the actual face swap and another model called GFPGAN to improve the quality of the swapped faces by enhancing details and correcting artifacts that occur during the face-swapping process. The inswapper model, developed by a project called InsightFace, can guess what a person (in a provided photo) might look like using different expressions and from different angles because it was trained on a vast dataset containing millions of facial images of thousands of individuals captured from various angles, under different lighting conditions, and with diverse expressions.

During training, the neural network underlying the inswapper model developed an "understanding" of facial structures and their dynamics under various conditions, including learning the ability to infer the three-dimensional structure of a face from a two-dimensional image. It also became capable of separating identity-specific features, which remain constant across different images of the same person, from pose-specific features that change with angle and expression. This separation allows the model to generate new face images that combine the identity of one face with the pose, expression, and lighting of another.