Submission + - Whistleblower reports terrible things due to DOGE (youtube.com)

Submitted by echo123
echo123 writes: NLRB employee Daniel Berulis reports on CNN that within 15 minutes of DOGE staff receiving new accounts with access to highly sensitive Department of Labor (DoL) data, someone within Russia logged in with the correct username and password over 20 times, but were rejected by location-related conditional access policies. Additionally a traffic spike of 10Gb of data exiting DoL was witnessed which is highly unusual activity at anytime.

Also, DOGE is using Starlink to exfiltrate data, and Starlink is known to be hacked by Russia.

He also reports this activity is not limited to the DoL, it has been witnessed across the government I.T. infrastructure, and that sensitive databases have recently been exposed to the open internet.

Daniel Berulis also received a clear message to stop looking. Part of the package he received included drone footage of him walking his dog.

Fast forward to 4min 15seconds if you're in a hurry.

= = =

Via Reuters

Berulis alleged in the affidavit that there are attempted logins to NLRB systems from an IP address in Russia in the days after DOGE accessed the systems. He told Reuters Tuesday that the attempted logins apparently included correct username and password combinations but were rejected by location-related conditional access policies.

Berulis' affidavit said that an effort by him and his colleague to formally investigate and alert the Cybersecurity and Infrastructure Security Agency (CISA) was disrupted by higher-ups without explanation.

As he and his colleagues prepared to pass information they'd gathered to CISA he received a threatening note taped to the door of his home with photographs of him walking in his neighborhood taken via drone, Andrew Bakaj, Whistleblower Aid's chief legal counsel, said in his submission to Cotton and Warner.

"Unlike any other time previously, there is this fear to speak out because of reprisal," Berulis told Reuters. "We're seeing data that is traditionally safeguarded with the highest standards in the United States government being taken and the people that do try to stop it from happening, the people that are saying no, they're being removed one by one."

via NPR

The top Democrat on the House Oversight Committee is calling for an investigation into DOGE's access to the National Labor Relations Board following exclusive NPR reporting on sensitive data being removed from the agency.

Ranking Member Gerry Connolly, D-Va., sent a letter Tuesday to acting Inspector General at the Department of Labor Luiz Santos and Ruth Blevins, inspector general at the NLRB, expressing concern that DOGE "may be engaged in technological malfeasance and illegal activity."

"According to NPR and whistleblower disclosures obtained by Committee Democrats, individuals associated with DOGE have attempted to exfiltrate and alter data while also using high-level systems access to remove sensitive information—quite possibly including corporate secrets and details of union activities," Connolly wrote in a letter first shared with NPR. "I also understand that these individuals have attempted to conceal their activities, obstruct oversight, and shield themselves from accountability."

Submission + - U.S. Government Funding for MITRE's CVE Program to Expire

Submitted by SigmaTao
SigmaTao writes: The U.S. government funding for the Common Vulnerabilities and Exposures (CVE) program, operated by non-profit research giant MITRE, is set to expire on April 16. This could have significant impacts on the cybersecurity ecosystem, including the deterioration of national vulnerability databases and advisories, as well as delays in vulnerability disclosures.

MITRE remains committed to the program, but warns of potential consequences if the contracting pathway is not maintained. The CVE program is a foundational pillar of the global cybersecurity ecosystem, offering a standard for identifying and cataloging publicly disclosed security flaws.

https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html

https://www.youtube.com/watch?v=itbsfeqrRY4

Submission + - T2/Linux 25.4 ported AMD ROCm for AI to RISC-V and ARM64 (t2sde.org)

Submitted by ReneR
ReneR writes: T2 Linux SDE 25.4 has landed with a huge milestone: AMD’s ROCm stack now runs on RISC-V and ARM64, enabling open AI/HPC workloads on truly open hardware—thanks to DeepComputing and ExactCODE collab. The release also introduces a one-command web installer for reusing existing Linux systems or bootstrapping containers, along with 4,500+ package updates, Linux 6.14, GCC 14.2, LLVM/Clang 20.1, and OpenCL on by default.

In true T2 fashion, legacy gets love too with undeleted Orinoco/AirPort Wi-Fi drivers and ReiserFS v3 is back from the grave, and yes, it still runs on Itanium IA-64, DEC Alpha, PowerPC, SPARC, and other vintage platforms. T2 remains a highly portable, low-code SDE for building custom Linux systems with full cross-compilation and support for almost every CPU architecture and libc.

Submission + - US Government Stops Funding for the CVE Program (theregister.com)

Submitted by Mr. Dollar Ton
Mr. Dollar Ton writes: US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.

The 25-year-old CVE program plays a huge role in vulnerability management. It is used by companies big and small, developers, researchers, the public sector, and more as the primary system for identifying and squashing bugs.

The lack of US government funding means that, unless someone else steps in to fill the gap, this standardized system for naming and tracking vulnerabilities may falter or shut down, new CVEs may no longer be published, and the program's website may go offline.

I guess China can now step in with a leadership role here as well, eh?

Submission + - CVE Program Faces Swift End After DHS Fails to Renew Contract (csoonline.com)

Submitted by snydeq
snydeq writes: MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program will end April 16 after DHS did not renew its funding contract for reasons unspecified. Experts say ending the program, which served as the crux for most cybersecurity defense programs, is a tragedy. MITRE’s CVE program is a foundational pillar of the global cybersecurity ecosystem and is the de facto standard for identifying vulnerabilities and guiding defenders’ vulnerability management programs. It provides foundational data to vendor products across vulnerability management, cyber threat intelligence, security information, event management, and endpoint detection and response. It’s unclear what led to DHS’s decision to end the contract after 25 years of funding the highly regarded program. The Trump administration, primarily through Elon Musk’s Department of Government Efficiency initiative, has been slashing government spending across the board, particularly at the Cybersecurity and Infrastructure Security Agency (CISA), through which DHS funds the MITRE CVE program.

Submission + - Insurance Firm Lemonade Says API Glitch Exposed Some Driver's License Numbers (securityweek.com)

Submitted by Anonymous Coward
An anonymous reader writes: Insurance firm Lemonade is notifying roughly 190,000 individuals that their driver’s license numbers were likely exposed due to a technical glitch. Copies of the notification letter that were submitted to regulators in several states show that the incident involved an online application that enables individuals to obtain car insurance quotes and purchase policies. According to the company, a vulnerability in the car insurance quote flow resulted in the exposure of certain driver’s license numbers for identifiable individuals. The vulnerability has been addressed, Lemonade says.

Between April 2023 and September 2024, the platform transmitted the information unencrypted, which the company says allowed driver’s license numbers to be accessed without authorization. “We have no evidence to suggest that your driver’s license number has been misused but we are providing this notice as a precaution to inform potentially affected individuals and share some steps you can take to help protect yourself,” the company’s notification letter reads. The insurer is providing the impacted individuals with 12 months of free credit monitoring and identity protection services.

Submission + - US paedophile jailed in Wales (telegraph.co.uk)

Submitted by Bruce66423
Bruce66423 writes: The good news is that the evil man got caught. The worrying question is: 'How'. it appears the UK police got involved after a 'tip off from the US'. The question is; 'How did they know this evil was going on?' Would the evidence against him have survived in a US court? And should we welcome a case of where a 'will nobody think of the children' driven action has produced an apparently positive result.

Submission + - US tariffs causing Sony to raise PS5 price substantially in UK and Europe? (theverge.com)

Submitted by Anonymous Coward
An anonymous reader writes: Sony has raised the price of most of its PlayStation 5 console hardware in the UK, Europe, Australia, and New Zealand by 10-15 percent, blaming âoea challenging economic environment.â With rising US import costs thanks to tariffs likely a contributing factor, an equivalent price rise in the US is probably on the way.

Sony manufactures the majority of its PlayStation 5 hardware in China, now subject to 145 percent tariffs on imports into the US, and game consoles arenâ(TM)t included in the pause on some tech tariffs announced Friday. A price increase in other markets may be a way of limiting how sharply prices will need to rise in the US, which is a key market for Sony.

Sonyâ(TM)s blog post announcing the change blamed it on âoehigh inflation and fluctuating exchange rates,â though made no mention of Trumpâ(TM)s tariffs or increased import costs into the US, where prices are remaining the same â" for now. Analyst Serkan Toto told CNBC that he âoewould be very surprised if Sony was able to keep the PlayStation prices in the US stable,â calling now âoethe ârightâ(TM) timeâ for the company to raise prices.

Submission + - Arguing Against CALEA (schneier.com)

Submitted by Mirnotoriety
Mirnotoriety writes: At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:

Submission + - Llama 2 LLM on DOS (yeokhengmeng.com) 1

Submitted by yeokm1
yeokm1 writes: Conventional wisdom states that running LLMs locally will require computers with high performance specifications especially GPUs with lots of VRAM. But is this actually true?

Thanks to an open-source llama2.c project, I ported it to work so vintage machines running DOS can actually inference Llama 2 LLM models. Of course there are severe limitations but the results will surprise you.

Submission + - Hertz Says Customers' Personal Data, Driver's Licenses Stolen In Data Breach (techcrunch.com)

Submitted by Anonymous Coward
An anonymous reader writes: Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver’s licenses. The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024. The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

Notices on Hertz’s websites disclosed the breach to customers in Australia, Canada, the European Union, New Zealand, and the United Kingdom. Hertz also disclosed the breach with several U.S. states, including California and Maine. Hertz said at least 3,400 customers in Maine were affected but did not list the total number of affected individuals, which is likely to be significantly higher. Emily Spencer, a spokesperson for Hertz, would not provide TechCrunch with a specific number of individuals affected by the breach but said it would be “inaccurate to say millions” of customers are affected. The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang.

Submission + - Chinese Robotaxis Have Government Black Boxes, Approach US Quality (forbes.com)

Submitted by Anonymous Coward
An anonymous reader writes: Robotaxi development is speeding at a fast pace in China, but we don’t hear much about it in the USA, where the news focuses mostly on Waymo, with a bit about Zoox, Motional, May, trucking projects and other domestic players. China has 4 main players with robotaxi service, dominated by Baidu (the Chinese Google.) A recent session at last week’s Ride AI conference in Los Angeles revealed some details about the different regulatory regime in China, and featured a report from a Chinese-American Youtuber who has taken on a mission to ride in the different vehicles.

Zion Maffeo, deputy general counsel for Pony.AI, provided some details on regulations in China. While Pony began with U.S. operations, its public operations are entirely in China, and it does only testing in the USA. Famously it was one of the few companies to get a California “no safety driver” test permit, but then lost it after a crash, and later regained it. Chinese authorities at many levels keep a close watch over Chinese robotaxi companies. They must get approval for all levels of operation which control where they can test and operate, and how much supervision is needed. Operation begins with testing with a safety driver behind the wheel (as almost everywhere in the world,) with eventual graduation to having the safety driver in the passenger seat but with an emergency stop. Then they move to having a supervisor in the back seat before they can test with nobody in the vehicle, usually limited to an area with simpler streets.

The big jump can then come to allow testing with nobody in the vehicle, but with full time monitoring by a remote employee who can stop the vehicle. From there they can graduate to taking passengers, and then expanding the service to more complex areas. Later they can go further, and not have full time remote monitoring, though there do need to be remote employees able to monitor and assist part time. Pony has a permit allowing it to have 3 vehicles per remote operator, and has one for 15 vehicles in process, but they declined comment on just how many vehicles they actually have per operator. Baidu also did not respond to queries on this. [...] In addition, Chinese jurisdictions require that the system in a car independently log any “interventions” by safety drivers in a sort of “black box” system. These reports are regularly given to regulators, though they are not made public. In California, companies must file an annual disengagement report, but they have considerable leeway on what they consider a disengagement so the numbers can’t be readily compared. Chinese companies have no discretion on what is reported, and they may notify authorities of a specific objection if they wish to declare that an intervention logged in their black box should not be counted.

There are strong arguments against such strict reporting. Safety drivers are told to intervene when they have any doubt, which means they will frequently intervene when not necessary. Because companies with mandatory reporting of all interventions want to keep their number down, they may, even unconsciously, discourage interventions. They also don’t want to have to count things like bathroom breaks which have no bearing on safety, leading to the wrong incentive. On the other hand, giving companies full leeway on what counts led to essentially useless reports in California. The right answer is hard. This more strict regulation reportedly also has its own Chinese “flavor” and personal relationships are also important to get permits and deploy. Even so, it’s not slowing things down much, if at all.

Submission + - China Halts Rare Earth Exports to U.S. (thegatewaypundit.com)

Submitted by AmiMoJo
AmiMoJo writes: China has halted exports of seven critical rare earth elements to the United States, a move that threatens to disrupt supply chains across key American industries, including automotive, semiconductor, and aerospace sectors. China’s Ministry of Commerce recently added seven rare earth elements—including dysprosium, terbium, and lutetium—to its restricted export list. These elements are essential for manufacturing high-performance magnets used in electric vehicles, advanced weaponry, and consumer electronics.

Additionally: US chipmakers outsourcing manufacturing will escape China's tariffs

U.S. chipmakers that outsource manufacturing will be exempt from China's retaliatory tariffs on U.S. imports, according to a notice by the main Chinese semiconductor association on Friday.
Given the highly specialized and multi-country nature of chip supply chains, there was uncertainty within the industry about how tariffs would be applied to chip imports.
"For all integrated circuits, whether packaged or unpackaged, the declared country of origin for import customs purchases is the location of the wafer fabrication plant," the state-backed China Semiconductor Industry Association (CSIA), which represents the country's largest chip companies, said in an "urgent notice" on its WeChat account.
For U.S. chip designers such as Qualcomm and AMD that outsource manufacturing to Taiwanese chipmaking giant TSMC 2330.TW, Chinese customs authorities will classify these chips' place of origin as Taiwan, according to EETop, an information platform and forum for Chinese chipmakers.
This means China-based companies importing such chips will not be forced to pay China's retaliatory tariffs on U.S. imports, EETop said on its WeChat account.

https://www.reuters.com/techno...

Submission + - Overvaluing Things Considered Hard-To-Do Considered Harmful

Submitted by theodp
theodp writes: In Three Stories About How CS is Overwhelming, and Ideas for How We Can Do Better", Univ. of Michigan CS Prof Mark Guzdial tackles the problem of how computer science's if-it-ain't-considered-hard-it-ain't-considered-important attitude dissuades students and educators alike from pursuing certain areas of study and research.

"We overly value things that are hard to do," Guzdial explains, "which leads us to undervalue things that are interesting, valuable, or useful but are not necessarily hard to do (e.g., studying how people build in Excel is interesting and valuable, even if it’s not as 'hard' as studying programmers building million LOC systems). I have heard this sentiment voiced lots of times. 'The study was really not that much. I don’t see why it’s interesting.' 'The system wasn’t hard to do. Anyone could have built it. It’s not really a contribution.' 'Anyone could have thought of that.' An academic contribution should be judged by what we learn, not by how hard it was to do or invent. That focus on being hard is part of what drives students away from computer science."

Submission + - DOJ Creates National Security Program to Protect Americans' Sensitive Data (justice.gov)

Submitted by Anonymous Coward
An anonymous reader writes: The Justice Department took significant steps to move forward with implementing a critical program to prevent China, Russia, Iran, and other foreign adversaries from using commercial activities to access and exploit U.S. government-related data and Americans’ sensitive personal data to commit espionage and economic espionage, conduct surveillance and counterintelligence activities, develop AI and military capabilities, and otherwise undermine our national security.

Submission + - Three million child deaths linked to drug resistance, study shows (bbc.co.uk) 1

Submitted by Bruce66423
Bruce66423 writes: 'More than three million children around the world are thought to have died in 2022 as a result of infections that are resistant to antibiotics, according to a study by two leading experts in child health.

'Children in Africa and South East Asia were found to be most at risk.

'Antimicrobial resistance — known as AMR — develops when the microbes that cause infections evolve in such a way that antibiotic drugs no longer work.

'It has been identified as one of the biggest public health threats facing the world's population.'

We've been hearing about the threat of this for decades. The news that it's now actually killing a lot of people is scary.

Submission + - Japanese train station shelter replaced overnight with 3D printed structure (arstechnica.com)

Submitted by cusco
cusco writes: Hatsushima station serves the town of Arida of about 25,000, and around 530 passengers a day board there. Because the population is shrinking when it came time to replace the aging wooden shelter the new structure could be smaller, presenting West Japan Railway with the opportunity to try something new. The company commissioned a new 3D printed shelter from Serendix, who printed the structure in four parts over seven days. The parts were shipped by rail to Hatsushima and a crew assembled them in around six hours, finishing before the first train of the morning at 5:45.

The structure itself is made of mortar, layered like dull-green frosting by a 3D-printing nozzle, reinforced by steel and framed at its edges by concrete. The result is a building that has "earthquake resistance similar to that of reinforced concrete houses," according to West Japan Railway (JR West), and costing about half of what the shelter would cost to build with traditional reinforced concrete. It also has a mandarin orange and scabbardfish [local products] embossed into its sides.

Submission + - Trump backpedals on China imports that US cannot produce domestically (cnn.com)

Submitted by Mr. Dollar Ton
Mr. Dollar Ton writes: Smartphones and computers are now exempt from Trump’s latest tariffs.

Electronics imported to the United States will be exempt from President Donald Trump’s reciprocal tariffs, according to a US Customs and Border Protection notice posted late Friday.

Smartphones, computer monitors and various electronic parts are among the exempted products. The exemption applies to products entering the United States or removed from warehouses as early as April 5, according to the notice.

Slashdot Top Deals