Enlarge (credit: Getty Images)

Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia, and South America before targeting richer countries that have more sophisticated security methods.

Hackers have adopted a “strategy” of infiltrating systems in the developing world before moving to higher-value targets such as in North America and Europe, according to a report published on Wednesday by cyber security firm Performanta.

“Adversaries are using developing countries as a platform where they can test their malicious programs before the more resourceful countries are targeted,” the company told Banking Risk and Regulation, a service from FT Specialist.

Enlarge (credit: Aurich Lawson / Getty)

For almost a decade, Nick Roy has been scanning North Korea’s tiny Internet presence, spotting new websites coming online and providing a glimpse of the Hermit Kingdoms’ digital life. However, at the end of last year, the cybersecurity researcher and DPRK blogger stumbled across something new: signs North Koreans are working on major international TV shows.

In December, Roy discovered a misconfigured cloud server on a North Korean IP address containing thousands of animation files. Included in the cache were animation cells, videos, and notes discussing the work, plus changes that needed to be made to ongoing projects. Some images appeared to be from an Amazon Prime Video superhero show and an upcoming Max (aka HBO Max) children’s anime.

Enlarge / The nukes went off in 2077 in Fallout's universe. The show tells us more about this event than we've learned from the games before. (credit: Amazon)

It's been just over a week since the Fallout TV series premiered on Amazon Prime, and one thing's for sure: It's a huge hit. You can hardly open a social media app without seeing content about it, the reviews are positive, and the active players for the Fallout games have doubled over the past week.

A few days ago, I shared some spoiler-free impressions of the first three episodes. I loved what I'd seen up to that point—the show seemed faithful to the games, but it was also a great TV show. A specific cocktail of tongue-in-cheek humor, sci-fi campiness, strong themes, great characters, and visceral violence really came together into a fantastic show.

Still, I had some questions at that point: Would the franchise's penchant for satire and its distinct political and social viewpoint come through? Where was all this headed?

Enlarge (credit: Getty)

On March 29, 2022, CNN+, CNN's take on a video streaming service, debuted. On April 28, 2022, it shuttered, making it the fastest shutdown of any launched streaming service. Despite that discouraging superlative, CNN has plans for another subscription-based video streaming platform, Financial Times (FT) reported on Wednesday.

Mark Thompson, who took CNN's helm in August 2023, over a year after CNN+'s demise, spoke with FT about evolving the company. The publication reported that Thompson is "working on plans for a digital subscription streaming service." The executive told the publication that a digital subscription, including digital content streaming, is "a serious possibility," adding, "no decisions had been made, but I think it’s quite likely that we’ll end up there."

CNN++, or whatever a new CNN streaming package might be named, would not just be another CNN+, per Thompson.

Enlarge (credit: Getty)

Broadcom CEO Hock Tan this week publicized some concessions aimed at helping customers and partners ease into VMware’s recent business model changes. Tan reiterated that the controversial changes, like the end of perpetual licensing, aren't going away. But amid questioning from antitrust officials in the European Union (EU), Tan announced that the company has already given support extensions for some VMware perpetual license holders.

Broadcom closed its $69 billion VMware acquisition in November. One of its first moves was ending VMware perpetual license sales in favor of subscriptions. Since December, Broadcom also hasn't sold Support and Subscription renewals for VMware perpetual licenses.

In a blog post on Monday, Tan admitted that this shift requires "a change in the timing of customers' expenditures and the balance of those expenditures between capital and operating spending." As a result, Broadcom has "given support extensions to many customers who came up for renewal while these changes were rolling out." Tan didn't specify how Broadcom determined who is eligible for an extension or for how long. However, the executive's blog is the first time Broadcom has announced such extensions and opens the door to more extension requests.

Enlarge / See that fortress over there? You can explore it. And then die, when someone in your party remembers a tragic incident involving meat and perishes of sadness. (credit: Bay 12 Games/Kitfox)

"I'm crying for some reason," says Tarn Adams, demonstrating Dwarf Fortress' "Adventure Mode" for a Discord stream full of games writers and PR folk. His adventurer is crying, that is. "Something must have upset me. Probably the dead bodies… I have great grouchiness, though."

Adventure Mode, out today, builds on the graphical version of Dwarf Fortress and the work you've put into it. The adventurers you create and send out into the world traverse the overland and underground places you yourself crafted. This allows you to both appreciate the realms carved out by your imagination and also be a kind of dungeon master for other adventurers (with, hopefully, an easier fortress-swapping mechanic to come soon). You can also generate a new world if you prefer the simulation's weird choices to your own.

Everything about the standard simulation version of playing Dwarf Fortress applies to playing it as a hardcore CRPG. Everything has layers, all is described, and the combination of deep logic and utter silliness is unmatched.

Enlarge / Artist's illustration of two satellites performing rendezvous and proximity operations in low-Earth orbit. (credit: True Anomaly)

The US Space Force announced Thursday it is partnering with two companies, Rocket Lab and True Anomaly, for a first-of-its-kind mission to demonstrate how the military might counter "on-orbit aggression."

On this mission, a spacecraft built and launched by Rocket Lab will chase down another satellite made by True Anomaly, a Colorado-based startup. "The vendors will exercise a realistic threat response scenario in an on-orbit space domain awareness demonstration called Victus Haze," the Space Force's Space Systems Command said in a statement.

This threat scenario could involve a satellite performing maneuvers that approach a US spacecraft or a satellite doing something else unusual or unexpected. In such a scenario, the Space Force wants to have the capability to respond, either to deter an adversary from taking action or to defend a US satellite from an attack.

• 

  Like the games, the show depicts a Vault Dweller making her way out into the Wasteland. [credit: Amazon ]

Amazon has had a rocky history with big, geeky properties making their way onto Prime Video. The Wheel of Time wasn’t for everyone, and I have almost nothing good to say about The Lord of the Rings: The Rings of Power.

Fallout, the first season of which premiered this week, seems to break that bad streak. All the episodes are online now, but I’ve watched three episodes so far. I love it.

I’ve spent hundreds of hours playing the games that inspired it, so I can only speak to that experience; I don’t know how well it will work for people who never played the games. But as a video game adaptation, it’s up there with The Last of Us.

Enlarge (credit: Getty)

Schleswig-Holstein, one of Germany’s 16 states, on Wednesday confirmed plans to move tens of thousands of systems from Microsoft Windows to Linux. The announcement follows previously established plans to migrate the state government off Microsoft Office in favor of open source LibreOffice.

As spotted by The Document Foundation, the government has apparently finished its pilot run of LibreOffice and is now announcing plans to expand to more open source offerings.

In 2021, the state government announced plans to move 25,000 computers to LibreOffice by 2026. At the time, Schleswig-Holstein said it had already been testing LibreOffice for two years.

Enlarge / Downtown Kansas City, Missouri, which is part of Jackson County. (credit: Eric Rogers)

Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable.

"Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack," officials wrote Tuesday. "Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been rendered inoperative while others continue to function as normal."

The systems confirmed inoperable include tax and online property payments, issuance of marriage licenses, and inmate searches. In response, the Assessment, Collection and Recorder of Deeds offices at all county locations are closed until further notice.

Enlarge (credit: Broadcom)

Broadcom has made controversial changes to VMware since closing its acquisition of the virtualization brand in late November. Broadcom executives are trying to convince VMware customers and partners that they'll eventually see the subscription-fueled light. But discontent remains, as illustrated by industry groups continuing to urge regulators to rein-in what they claim are unfair business practices.

Since Broadcom announced that it would no longer sell perpetual VMware licenses as of December 2023, there have been complaints about rising costs associated with this model. In March, a VMware User Group Town Hall saw attendees complaining of price jumps of up to 600 percent, The Register reported. Small managed service providers that had worked with VMware have reported seeing the price of business rising tenfold, per a February ServeTheHome report.

Broadcom execs defend subscription model

However, Sylvain Cazard, president of Broadcom Software for Asia-Pacific, reportedly told The Register that complaints about higher prices are unwarranted since customers using at least two components of VMware's flagship Cloud Foundation will end up paying less and because the new pricing includes support, which VMware didn't include before.

Before the cancellation of The Problem with Jon Stewart on Apple TV+, Apple forbade the inclusion of Federal Trade Commission Chair Lina Khan as a guest and steered the show away from confronting issues related to artificial intelligence, according to Jon Stewart.

This isn't the first we've heard of this rift between Apple and Stewart. When the Apple TV+ show was canceled last October, reports circulated that he told his staff that creative differences over guests and topics were a factor in the decision.

The New York Times reported that both China and AI were sticking points between Apple and Stewart. Stewart confirmed the broad strokes of that narrative in a CBS Morning Show interview after it was announced that he would return to The Daily Show.

Enlarge (credit: LifeSpan)

I enjoy getting my exercise but hate doing it indoors. I'd much rather get some fresh air and watch the world drift past me as I cycle or hike somewhere than watch a screen while sweating away on something stationary.

To get a bit more of what I like, I've invested in a variety of gear that has extended my cycling season deeper into the winter. But even with that, there are various conditions—near-freezing temperatures, heavy rains, Canada catching fire—that have kept me off the roads. So, a backup exercise plan has always been on my to-do list.

The company LifeSpan offers exercise equipment that fits well into a home office and gave me the chance to try its Ampera model. It's a stationary bike that tucks nicely under a standing desk and has a distinct twist: You can pedal to power the laptop you're working on. Overall, the hardware is well-designed, but some glitches, software issues, and design decisions keep it from living up to its potential.

Enlarge / Supply-chain attacks, like the latest PyPI discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images)

PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any device that installed them. Ten hours later, it lifted the suspension.

Short for the Python Package Index, PyPI is the go-to source for apps and code libraries written in the Python programming language. Fortune 500 corporations and independent developers alike rely on the repository to obtain the latest versions of code needed to make their projects run. At a little after 7 pm PT on Wednesday, the site started displaying a banner message informing visitors that the site was temporarily suspending new project creation and new user registration. The message didn’t explain why or provide an estimate of when the suspension would be lifted.

Screenshot showing temporary suspension notification. (credit: Checkmarx)

About 10 hours later, PyPI restored new project creation and new user registration. Once again, the site provided no reason for the 10-hour halt.

Enlarge (credit: Proxmox)

Broadcom has made sweeping changes to VMware's business since acquiring the company in November 2023, killing off the perpetually licensed versions of VMware's software and instituting large-scale layoffs. Broadcom executives have acknowledged the "unease" that all of these changes have created among VMware's customers and partners but so far haven't been interested in backtracking.

Among the casualties of the acquisition is the free version of VMware's vSphere Hypervisor, also known as ESXi. ESXi is "bare-metal hypervisor" software, meaning that it allows users to run multiple operating systems on a single piece of hardware while still allowing those operating systems direct access to disks, GPUs, and other system resources.

One alternative to ESXi for home users and small organizations is Proxmox Virtual Environment, a Debian-based Linux operating system that provides broadly similar functionality and has the benefit of still being an actively developed product. To help jilted ESXi users, the Proxmox team has just added a new "integrated import wizard" to Proxmox that supports importing of ESXi VMs, easing the pain of migrating between platforms.

Enlarge / Claptrap keeps finding himself in wild new places. Now he's heading from Sweden's Embracer Group to New York City's Take-Two Interactive. Okay, maybe not that wild. (credit: Gearbox Interactive)

Embracer Group has been backing away from its all-encompassing position in the games industry lately. The latest divestment is Gearbox Entertainment, the studio behind the Borderlands series it bought in early 2021 for a deal that could have been worth up to $1.37 billion to Gearbox had it stayed inside the Swedish conglomerate's grasp.

The buyer is Take-Two Interactive Software, which had previously partnered with Gearbox on publishing Borderlands and other titles. Take-Two will issue new shares of its common stock to pay $460 million for Gearbox, to be completed before the end of June this year. Embracer paid $363 million in cash and stock for Gearbox in 2021 but promised up to $1 billion more should the developer hit earnings goals over six years.

"Today’s announcement marks the result of the final structured divestment process and is an important step in transforming Embracer into the future with notably lower net debt and improved free cash flow," said Embracer CEO Lars Wingefors in a statement intended to start nobody's imagination running.

Enlarge / Affinity's photo editor. (credit: Canva)

Online graphic design platform provider Canva announced its acquisition of Affinity on Tuesday. The purchase adds tools for creative professionals to the Australian startup's repertoire, presenting competition for today's digital design stronghold, Adobe.

The companies didn't provide specifics about the deal, but Cliff Obrecht, Canva's co-founder and COO, told Bloomberg that it consists of cash and stock and is worth "several hundred million pounds."

Canva, which debuted in 2013, has made numerous acquisitions to date, including Flourish, Kaleido, and Pixabay, but its purchase of Affinity is its biggest yet—by both price and headcount (90). Affinity CEO Ashley Hewson said via a YouTube video that Canva approached Affinity about a potential deal two months ago.

Enlarge / One day I will own griffons in such spectacular fashion. But I'm currently carrying a too-heavy backpack and clipped through a hut wall.

With all due respect to the Capcom team, which poured itself into Dragon’s Dogma 2 and deserves praise, raises, and time off, let me get right to it: I love this game for how dumb it is.

I mean "dumb" in the way most heavy metal lyrics are dumb, but you find yourself rocking out nonetheless. Dumb like when you laugh uncontrollably at the sight of someone getting conked on the head and falling over backward. Dumb as in the silliest bits of Monty Python and the Holy Grail, just nowhere near as self-aware (unless, due to translation issues, this game actually is self-aware, then I apologize).

Dragon’s Dogma 2 (DD2) reminds me of playing another huge, dumb, enjoyable game: The Elder Scrolls V: Skyrim. Not the first time you play through it, though. I’m talking about the second or third run-through (or that 100-plus-hour save in which you refuse to finish the game), and your admiration of this huge, rich world gives way to utter ridiculousness. You one-shot dragons with your broken stealth-archer build, you put buckets on the heads of NPCs to rob them, and you marvel at how the most effective fast travel is horse tilting. You lunge into possibilities, choose chaos, and appreciate all the ways you can do so.

Enlarge (credit: Aurich Lawson | Getty Images)

Few Ars readers will have been surprised by the news from last week concerning General Motors' connected cars. As The New York Times reported, some owners of vehicles made by General Motors have been having a hard time getting car insurance. The reason? They unwittingly agreed to share their driving data with a third party. Now, at least one driver is suing. If more follow suit, this could be the push the industry needs to do better.

The heart of the problem is one of GM's OnStar connected-car services, called Smart Driver. We've tested it out in the past—it monitors things like how fast you drive, how hard you accelerate and brake, how often you drive at night, and your fuel economy, then uses that data to generate a numerical score from 0 to 100, with a higher number indicating that you're a safer driver.

These kinds of services can be useful—most people think they're great drivers until they start getting independent feedback. And the data that Smart Driver collects really can help you drive more economically and with less risk. But as I noted at the time, I was glad my insurance rates weren't at risk via data sharing with an insurer.

We got the first trailer for the spinoff prequel film Furiosa: A Mad Max Saga in December, starring Anya Taylor-Joy as the younger incarnation of the character immortalized by Charlize Theron in Mad Max: Fury Road. We're now just a couple of months away from the film's much-anticipated release—i.e., the perfect time to drop a second trailer to keep that anticipation high.

(Spoilers for Fury Road below.)

As previously reported, we met Furiosa early on in Fury Road, working logistics for Immortan Joe (the late Hugh Keays-Byrne), who charged her with ferrying oil from Gas Town to his Citadel with the help of a small crew of War Boys and one of the war rigs—basically tractor trailer trucks souped up with armor and novel weaponry. Furiosa stole the war rig instead, taking Joe's five wives with her.

A long time ago, in a galaxy far, far away, the Galactic Republic and its Jedi masters symbolized the epitome of enlightenment and peace. Then came the inevitable downfall and outbreak of war as the Sith, who embraced the Dark Side of the Force, came to power. Star Wars: The Acolyte is a forthcoming new series on Disney+ that will explore those final days of the Republic as the seeds of its destruction were sown—and the streaming platform just dropped the first trailer.

The eight-episode series was created by Leslye Headland, who co-created Russian Doll with Natasha Lyonne and Amy Poehler. It's set at the end of the High Republic Era, about a century before the events of The Phantom Menace. Apparently Headland rather cheekily pitched The Acolyte as "Frozen meets Kill Bill," which is an intriguing combination. She drew on wuxia martial arts films for inspiration, much like George Lucas was originally inspired by Westerns and the samurai films of Akira Kurosawa.

(Some spoilers for the prequel trilogy below.)

Enlarge / Apollo commander Tom Stafford (left) with Soyuz commander Alexei Leonov during the Apollo-Soyuz mission in July 1975. (credit: NASA)

Former NASA astronaut Thomas Stafford, a three-star Air Force general known for a historic handshake in space with a Soviet cosmonaut nearly 50 years ago, died Monday in Florida. He was 93.

Stafford was perhaps the most accomplished astronaut of his era who never walked on the Moon. He flew in space four times, helping pilot the first rendezvous with another crewed spacecraft in orbit in 1966 and taking NASA's Apollo lunar landing craft on a final test run before Neil Armstrong and Buzz Aldrin set foot on the Moon in 1969.

By his own account, one of the greatest moments in Stafford's career came in 1975, when he commanded the final Apollo mission—not to the Moon but to low-Earth orbit—and linked up with a Russian Soyuz spacecraft carrying two Soviet cosmonauts. The Apollo-Soyuz Test Project (ASTP) planted the seeds for a decades-long partnership in space between the United States and Russia, culminating in the International Space Station, where US and Russian crews still work together despite a collapse in relations back on Earth.

Enlarge (credit: Getty Images)

Japan-based IT behemoth Fujitsu said it has discovered malware on its corporate network that may have allowed the people responsible to steal personal information from customers or other parties.

“We confirmed the presence of malware on several of our company's work computers, and as a result of an internal investigation, it was discovered that files containing personal information and customer information could be illegally taken out,” company officials wrote in a March 15 notification that went largely unnoticed until Monday. The company said it continued to “investigate the circumstances surrounding the malware's intrusion and whether information has been leaked.” There was no indication how many records were exposed or how many people may be affected.

Fujitsu employs 124,000 people worldwide and reported about $25 billion of revenue in its fiscal 2023, which ended at the end of last March. The company operates in 100 countries. Past customers include the Japanese government. Fujitsu’s revenue comes from sales of hardware such as computers, servers, and telecommunications gear, storage systems, software, and IT services.

Enlarge (credit: Getty Images | Justin Sullivan )

Broadcom CEO and President Hock Tan has acknowledged the discomfort VMware customers and partners have experienced after the sweeping changes that Broadcom has instituted since it acquired the virtualization company 114 days ago.

In a blog post Thursday, Tan noted that Broadcom spent 18 months evaluating and buying VMware. He said that while there's still a lot of work to do, the company has made "substantial progress."

That so-called progress, though, has worried some of Broadcom's customers and partners.

Enlarge (credit: Getty Images | Charles O'Rear)

A dual Canadian-Russian national has been sentenced to four years in prison for his role in infecting more than 1,000 victims with the LockBit ransomware and then extorting them for tens of millions of dollars.

Mikhail Vasiliev, a 33-year-old who most recently lived in Ontario, Canada, was arrested in November 2022 and charged with conspiring to infect protected computers with ransomware and sending ransom demands to victims. Last month, he pleaded guilty to eight counts of cyber extortion, mischief, and weapons charges.

During an October 2022 raid on Vasiliev’s Bradford, Ontario, home, Canadian law enforcement agents found Vasiliev working on a laptop that displayed a login screen to the LockBit control panel, which members used to carry out attacks. The investigators also found a seed phrase credential for a bitcoin wallet address that was linked to a different wallet that had received a payment from a victim that had been infected and extorted by LockBit.

Enlarge / Star Wars: Battlefront Classic Collection has had an early reception much like the ship at left in this battle off the planet of Felucia. (credit: Aspyr Media)

The last version of Star Wars: Battlefront, released by Electronic Arts, was so stuffed full of loot boxes and pay-to-play systems that EA admitted it "got it wrong" and overhauled the game.

So it was that when the well-regarded, pre-EA versions of Star Wars: Battlefront were announced for a modern remaster and re-release, by experienced porting firm Aspyr Media, there was (forgive us) a new hope. As we wrote at the announcement:

[T]here was nothing quite like the originals, which were PC games first and foremost ... There was a purity to those games that's lost in the general, well, EA-ness of the reboots.

And, lo, was there much rejoicing when Star Wars: Battlefront Classic Collection arrived? There was not. Reviews of the $35 package are "Mostly Negative" on Steam as this is written, with roughly 20 percent of reviews positive. Players are reporting numerous bugs and (rightfully, we might suggest) complaining about the lack of an option to invert joystick axes. There's also a lack of aim assist for console players, which typically helps round out their relative disadvantage to PC players using a mouse and keyboard.

Enlarge (credit: Getty | Bloomberg)

As health systems around the US are still grappling with an unprecedented ransomware attack on the country's largest health care payment processor, the US Department of Health and Human Services is opening an investigation into whether that processor and its parent company, UnitedHealthcare Group, complied with federal rules to protect private patient data.

The attack targeted Change Healthcare, a unit of UnitedHealthcare Group (UHG) that provides financial services to tens of thousands of health care providers around the country, including doctors, dentists, hospitals, and pharmacies. According to an antitrust lawsuit brought against UHG by the Department of Justice in 2022, 50 percent of all medical claims in the US pass through Change Healthcare's electronic data interchange clearinghouse. (The DOJ lost its case to prevent UHG's acquisition of Change Healthcare and last year abandoned plans for an appeal.)

As Ars reported previously, the attack was disclosed on February 21 by UHG's subsidiary, Optum, which now runs Change Healthcare. On February 29, UHG accused the notorious Russian-speaking ransomware gang known both as AlphV and BlackCat of being responsible. According to The Washington Post, the attack involved stealing patient data, encrypting company files, and demanding money to unlock them. The result is a paralysis of claims processing and payments, causing hospitals to run out of cash for payroll and services and preventing patients from getting care and prescriptions. Additionally, the attack is believed to have exposed the health data of millions of US patients.

Enlarge / A plucky, likable creature under the looming threat of consumption by an interconnected menacing force of nature in one of Adult Swim Games' titles. (credit: Adult Swim Games)

Warner Bros. Discovery seems set to remove at least 16 games from its Adult Swim Games subsidiary from games markets and has told the affected developers that it will not transfer the games back to them nor offer other means of selling them in the future.

Ars reported Wednesday on the plight of Small Radios Big Televisions, a Steam and PlayStation game made by a solo developer who received a notice from Warner Bros. Discovery (WBD) that it was "retiring" his game within 60 days.

In a comment on that Ars post, Matt Kain, developer of Adult Swim Games' Fist Puncher, noted that they had received the same "retired" notice from WBD. "When we requested that Warner Bros simply transfer the game over to our studio's Steam publisher account so that the game could stay active, they said no. The transfer process literally takes a minute to initiate (look up "Transferring Applications" in the Steamworks documentation), but their rep claimed they have simply made the universal decision not to transfer the games to the original creators," Kain wrote.

Enlarge / A Google sign stands in front of the building on the sidelines of the opening of the new Google Cloud data center in Hesse, Hanau, opened in October 2023. (credit: Getty Images)

On Wednesday, authorities arrested former Google software engineer Linwei Ding in Newark, California, on charges of stealing AI trade secrets from the company. The US Department of Justice alleges that Ding, a Chinese national, committed the theft while secretly working with two China-based companies.

According to the indictment, Ding, who was hired by Google in 2019 and had access to confidential information about the company's data centers, began uploading hundreds of files into a personal Google Cloud account two years ago.

The trade secrets Ding allegedly copied contained "detailed information about the architecture and functionality of GPU and TPU chips and systems, the software that allows the chips to communicate and execute tasks, and the software that orchestrates thousands of chips into a supercomputer capable of executing at the cutting edge of machine learning and AI technology," according to the indictment.

Enlarge (credit: Getty)

Linux reached 4.03 percent of global market share in February, according to data from research firm Statcounter. That takes Linux past the 3 percent milestone it reached in June 2023. While we’re still far from the Year of the Linux Desktop, interest in Linux has somewhat grown lately.

Statcounter says it gets its desktop operating system (OS) usage stats from tracking code installed on over 1.5 million global websites generating over 5 billion monthly page views. The only adjustments the firm says it makes to this data are around removing bot activity and adjusting for Google Chrome prerendering. Note that when Statcounter analyzes desktop OSes, it also includes laptop computers, and Statcounter says it may revise its data within 45 days of publication.

• 

  Global desktop OS adoption, per Statcounter. [credit: Statcounter ]

As spotted by Linuxiac, Linux’s reported desktop market share was higher than ever in February. If you count ChromeOS as a Linux OS, then market share totaled 6.34 percent in February, although that number is actually smaller than what Statcounter reported in June: 2 percent.

Enlarge (credit: Jacqui VanLiew; Getty Images)

As generative AI systems like OpenAI's ChatGPT and Google's Gemini become more advanced, they are increasingly being put to work. Startups and tech companies are building AI agents and ecosystems on top of the systems that can complete boring chores for you: think automatically making calendar bookings and potentially buying products. But as the tools are given more freedom, it also increases the potential ways they can be attacked.

Now, in a demonstration of the risks of connected, autonomous AI ecosystems, a group of researchers has created one of what they claim are the first generative AI worms—which can spread from one system to another, potentially stealing data or deploying malware in the process. “It basically means that now you have the ability to conduct or to perform a new kind of cyberattack that hasn't been seen before,” says Ben Nassi, a Cornell Tech researcher behind the research.

Nassi, along with fellow researchers Stav Cohen and Ron Bitton, created the worm, dubbed Morris II, as a nod to the original Morris computer worm that caused chaos across the Internet in 1988. In a research paper and website shared exclusively with WIRED, the researchers show how the AI worm can attack a generative AI email assistant to steal data from emails and send spam messages—breaking some security protections in ChatGPT and Gemini in the process.

Enlarge (credit: Getty Images)

Nine days after a Russian-speaking ransomware syndicate took down the biggest US health care payment processor, pharmacies, health care providers, and patients were still scrambling to fill prescriptions for medicines, many of which are lifesaving.

On Thursday, UnitedHealth Group accused a notorious ransomware gang known both as AlphV and Black Cat of hacking its subsidiary, Optum. Optum provides a nationwide network called Change Healthcare, which allows health care providers to manage customer payments and insurance claims. With no easy way for pharmacies to calculate what costs were covered by insurance companies, many had to turn to alternative services or offline methods.

The most serious incident of its kind

Optum first disclosed on February 21 that its services were down as a result of a “cyber security issue.” Its service has been hamstrung ever since. Shortly before this post went live on Ars, Optum said it had restored Change Healthcare services.

Enlarge (credit: NurPhoto / Contributor | NurPhoto)

WhatsApp will soon be granted access to explore the "full functionality" of the NSO Group's Pegasus spyware—sophisticated malware the Israeli Ministry of Defense has long guarded as a "highly sought" state secret, The Guardian reported.

Since 2019, WhatsApp has pushed for access to the NSO's spyware code after alleging that Pegasus was used to spy on 1,400 WhatsApp users over a two-week period, gaining unauthorized access to their sensitive data, including encrypted messages. WhatsApp suing the NSO, Ars noted at the time, was "an unprecedented legal action" that took "aim at the unregulated industry that sells sophisticated malware services to governments around the world."

Initially, the NSO sought to block all discovery in the lawsuit "due to various US and Israeli restrictions," but that blanket request was denied. Then, last week, the NSO lost another fight to keep WhatsApp away from its secret code.

Enlarge (credit: Getty Images)

Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s a likely harbinger of what’s to come.

In all, JFrog researchers said, they found roughly 100 submissions that performed hidden and unwanted actions when they were downloaded and loaded onto an end-user device. Most of the flagged machine learning models—all of which went undetected by Hugging Face—appeared to be benign proofs of concept uploaded by researchers or curious users. JFrog researchers said in an email that 10 of them were “truly malicious” in that they performed actions that actually compromised the users’ security when loaded.

Full control of user devices

One model drew particular concern because it opened a reverse shell that gave a remote device on the Internet full control of the end user’s device. When JFrog researchers loaded the model into a lab machine, the submission indeed loaded a reverse shell but took no further action.

Enlarge / A gas station displays an out-of-order sign on February 29, 2024 in New Zealand. (credit: Mark Coote/Bloomberg via Getty Images)

Today is Leap Day, meaning that for the first time in four years, it's February 29. That's normally a quirky, astronomical factoid (or a very special birthday for some). But that unique calendar date broke gas station payment systems across New Zealand for much of the day.

As reported by numerous international outlets, self-serve pumps in New Zealand were unable to accept card payments due to a problem with the gas pumps' payment processing software. The New Zealand Herald reported that the outage lasted "more than 10 hours." This effectively shuttered some gas stations, while others had to rely on in-store payments. The outage affected suppliers, including Allied Petroleum, BP, Gull, Waitomo, and Z Energy, and has reportedly been fixed.

In-house payment solutions, such as BP fuel cards and the Waitomo app, reportedly still worked during the outage.

Enlarge (credit: Paramount+)

Warner Bros. Discovery (WBD) and Paramount Global are no longer considering a merger that would have put the Max and Paramount+ streaming services under one corporate umbrella. Per a CNBC report today citing anonymous “people familiar with the matter," WBD and Paramount had been mulling a merger for “several months."

In December, reports started swirling about WBD and Paramount discussing a potential merger. Axios even reported that WBD CEO David Zaslav and Paramount CEO Bob Bakish met in person for “several hours” and that Zaslav also met with Shari Redstone, the owner of National Amusements Inc. (NAI), Paramount’s parent company. Now, CNBC reports that discussions between the media giants “cooled off this month.” Paramount and WBD haven’t commented.

When news of the potential merger dropped, it was unclear what sort of regulatory hurdles the media conglomerates might have faced if they tried becoming one. Combined, the companies would have had the second-biggest streaming business by subscriber count, trailing Netflix.

Enlarge / Do you ever wonder why no contractor has been able to deliver to the Empire a standardized blaster rifle that shoots right where the crosshairs are aiming? Is this covered in the "Legends" extended universe? (credit: Nightdive Studios/LucasFilm)

I remember Dark Forces, or Star Wars: Doom, as a slog. Running a demo of the 1995 game on a Gateway system with an Intel 486DX at 33 MHz, I trudged through seemingly endless gray hallways. I shot at a steady trickle of Stormtroopers with one of their own (intentionally) semi-accurate blaster rifles. After a while, I would ask myself a pertinent, era-specific question: Why was I playing this low-energy nostalgia trip instead of actual Doom?

Dark Forces moved first-person shooters forward in a number of ways. It could lean on Star Wars for familiar sounds and enemies and tech, and a plot with a bit more complexity than "They're demons, they gotta go." It let the player look up and down, jump, and crouch, which were big steps for the time. And its level design went beyond "find the blue key for the blue door," with some clever environmental puzzles and challenges.

Not that key cards don't show up. This game is from 1995, so there are key cards, there are hidden wall-doors, and there are auto-spawning enemies. It's not like the Dark Forces designers could entirely ignore Doom. Nobody could.

Enlarge (credit: Getty Images)

Two days after an international team of authorities struck a major blow to LockBit, one of the Internet’s most prolific ransomware syndicates, researchers have detected a new round of attacks that are installing malware associated with the group.

The attacks, detected in the past 24 hours, are exploiting two critical vulnerabilities in ScreenConnect, a remote desktop application sold by Connectwise. According to researchers at two security firms—SophosXOps and Huntress—attackers who successfully exploit the vulnerabilities go on to install LockBit ransomware and other post-exploit malware. It wasn’t immediately clear if the ransomware was the official LockBit version.

“We can't publicly name the customers at this time but can confirm the malware being deployed is associated with LockBit, which is particularly interesting against the backdrop of the recent LockBit takedown,” John Hammond, principal security researcher at Huntress, wrote in an email. “While we can't attribute this directly to the larger LockBit group, it is clear that LockBit has a large reach that spans tooling, various affiliate groups, and offshoots that have not been completely erased even with the major takedown by law enforcement.”

Enlarge (credit: Nvidia)

Nvidia has announced a public beta of a new app for Windows, one that does a few useful things and one big thing.

The new app combines the functions of three apps you'd previously have to hunt through—the Nvidia Control Panel, GeForce Experience, and RTX Experience—into one app. Setting display preferences on games and seeing exactly how each notch between "Performance" and "Quality" will affect its settings is far easier and more visible inside the new app. The old-fashioned control panel is still there if you right-click the Nvidia app's notification panel icon. Installing the new beta upgrades and essentially removes the Experience and Control Panel apps, but they're still available online.

But perhaps most importantly, Nvidia's new app allows you to update the driver for your graphics card, the one you paid for, without having to log in to an Nvidia account. I tested it, it worked, and I don't know why I was surprised, but I've been conditioned that way. Given that driver updates are something people often do with new systems and the prior tendencies of Nvidia's apps to log you out, this is a boon that will pay small but notable cumulative dividends for some time to come.

Enlarge (credit: Rafael Henrique/SOPA Images/LightRocket via Getty Images)

Fubo is suing Fox Corporation, The Walt Disney Company, and Warner Bros. Discovery (WBD) over their plans to launch a unified sports streaming app. Fubo, a live sports streaming service that has business relationships with the three companies, claims the firms have engaged in anticompetitive practices for years, leading to higher prices for consumers.

In an attempt to understand how much potential the allegations have to derail the app's launch, Ars Technica read the 73-page sealed complaint and sought opinions from some antitrust experts. While some of Fubo's allegations could be hard to prove, Fubo isn't the only one concerned about the joint app's potential to make it hard for streaming services to compete fairly.

Fubo wants to kill ESPN, Fox, and WBD’s joint sports app

Earlier this month, Disney, which owns ESPN, WBD (whose sports channels include TBS and TNT), and Fox, which owns Fox broadcast stations and Fox Sports channels like FS1, announced plans to launch an equally owned live sports streaming app this fall. Pricing hasn’t been confirmed but is expected to be in the $30-to-$50-per-month range. Fubo, for comparison, starts at $80 per month for English-language channels.

• 

  The game includes re-creations of classic battles from the original trilogy... [credit: Lucasfilm ]

There was once a time of outstanding Star Wars computer games before Disney made a deal with publisher EA that led to a plethora of lukewarmly received multiplayer games-as-a-service and mobile titles. (And Jedi: Fallen Order, of course.) Now, a cornerstone of that era is set to be revived in the form of the Star Wars Battlefront Classic Collection.

Announced this morning, the collection includes two beloved LucasArts-developed online multiplayer shooters from the 2000s: Star Wars Battlefront and Star Wars Battlefront 2. Although it debuted during a Nintendo livestream, the collection won't just be coming out on Nintendo Switch—it's coming to PC, PlayStation, and Xbox, too.

The collection will include "restored online play for up to 64 players" of all the previous Galactic Conquest and Campaign mode content from both games on all platforms, including bonus maps and extras that were previously exclusive to specific consoles. Additionally, the Hero Assault mode will now be playable on all ground maps.

Enlarge (credit: Getty Images)

After years of being outmaneuvered by snarky ransomware criminals who tease and brag about each new victim they claim, international authorities finally got their chance to turn the tables, and they aren't squandering it.

The top-notch trolling came after authorities from the US, UK, and Europol took down most of the infrastructure belonging to LockBit, a ransomware syndicate that has extorted more than $120 million from thousands of victims around the world. On Tuesday, most of the sites LockBit uses to shame its victims for being hacked, pressure them into paying, and brag of their hacking prowess began displaying content announcing the takedown. The seized infrastructure also hosted decryptors victims could use to recover their data.

The dark web site LockBit once used to name and shame victims, displaying entries such as "press releases," "LB Backend Leaks," and "LockbitSupp You've been banned from Lockbit 3.0."

this_is_really_bad

Authorities didn’t use the seized name-and-shame site solely for informational purposes. One section that appeared prominently gloated over the extraordinary extent of the system access investigators gained. Several images indicated they had control of /etc/shadow, a Linux file that stores cryptographically hashed passwords. This file, among the most security-sensitive ones in Linux, can be accessed only by a user with root, the highest level of system privileges.

Enlarge / Artist's conceptions of what the surfaces of two dwarf planets might look like. (credit: SWRI)

Active geology—and the large-scale chemistry it can drive—requires significant amounts of heat. Dwarf planets near the far edges of the Solar System, like Pluto and other Kuiper Belt objects, formed from frigid, icy materials and have generally never transited close enough to the Sun to warm up considerably. Any heat left over from their formation was likely long since lost to space.

Yet Pluto turned out to be a world rich in geological features, some of which implied ongoing resurfacing of the dwarf planet's surface. Last week, researchers reported that the same might be true for other dwarf planets in the Kuiper Belt. Indications come thanks to the capabilities of the Webb telescope, which was able to resolve differences in the hydrogen isotopes found on the chemicals that populate the surface of Eris and Makemake.

Cold and distant

Kuiper Belt objects are natives of the distant Solar System, forming far enough from the warmth of the Sun that many materials that are gasses in the inner planets—things like nitrogen, methane, and carbon dioxide—are solid ices. Many of these bodies formed far enough from the gravitational influence of the eight major planets that they have never made a trip into the warmer inner Solar System. In addition, because there was much less material that far from the Sun, most of the bodies are quite small.

Enlarge (credit: jay_zynism via Getty)

For nearly a year now, a bizarre heating event has been unfolding across the world’s oceans. In March 2023, global sea surface temperatures started shattering record daily highs and have stayed that way since.

You can see 2023 in the orange line below, the other gray lines being previous years. That solid black line is where we are so far in 2024—way, way above even 2023. While we’re nowhere near the Atlantic hurricane season yet—that runs from June 1 through the autumn—keep in mind that cyclones feed on warm ocean water, which could well stay anomalously hot in the coming months. Regardless, these surface temperature anomalies could be triggering major ecological problems already.

“In the tropical eastern Atlantic, it’s four months ahead of pace—it’s looking like it’s already June out there,” says Brian McNoldy, a hurricane researcher at the University of Miami. “It’s really getting to be strange that we’re just seeing the records break by this much, and for this long.”

Enlarge (credit: Getty)

Broadcom has made a lot of changes to VMware since closing its acquisition of the company in November. On Wednesday, VMware admitted that these changes are worrying customers. With customers mulling alternatives and partners complaining, VMware is trying to do damage control and convince people that change is good.

Not surprisingly, the plea comes from a VMware marketing executive: Prashanth Shenoy, VP of product and technical marketing for the Cloud, Infrastructure, Platforms, and Solutions group at VMware. In Wednesday's announcement, Shenoy admitted that VMware "has been all about change" since being swooped up for $61 billion. This has resulted in "many questions and concerns" as customers "evaluate how to maximize value from" VMware products.

Among these changes is VMware ending perpetual license sales in favor of a subscription-based business model. VMware had a history of relying on perpetual licensing; VMware called the model its "most renowned" a year ago.

Warner Bros. has released a new trailer for Godzilla x Kong: The New Empire, directed by Adam Wingard. It's the fifth feature film in the rebooted franchise, which also includes the animated series Skull Island and Apple TV+'s Monarch: Legacy of Monsters.

(Spoilers for Godzilla vs. Kong below.)

As previously reported, Godzilla x Kong picks up sometime after its 2021 predecessor. Godzilla vs. Kong showcased not only a major showdown between its titular titans—in which Godzilla emerged the victor—but also the two teaming up in the climactic finale to take out Mechagodzilla, a telepathically controlled creature with the severed head of Ghidorah. Ghidorah's consciousness took over when Mechagodzilla was activated, and it took both Kong and Godzilla (plus some timely help from humans) to defeat him. (Kong got the final honors, although Godzilla charged the killing ax—made from one of his dorsal plates—with his atomic breath.)

Enlarge (credit: Nozin.com)

More than four years after SARS-CoV-2 made its global debut, the US Food and Drug Administration is still working to clear out the bogus and unproven products that flooded the market claiming to prevent, treat, and cure COVID-19.

The latest example is an alcohol-based sanitizer meant to be smeared inside the nostrils. According to its maker, the rub can protect you from becoming infected with SARS-CoV-2 and other nasty germs, like MRSA, and that protection lasts up to 12 hours after each swabbing. That all sounds great, but according to the FDA, none of it is proven. In a warning letter released Tuesday, the agency determined the sanitizer, called Nozin, is an unapproved new drug and misbranded.

While ethyl alcohol is used in common topical antiseptics, like hand sanitizers, the FDA does not generally consider it safe for inside the nostrils—and the agency is unaware of any high-quality clinical data showing that Nozin is safe, let alone effective. The FDA also noted that, for general over-the-counter topical antiseptics, calling out specific pathogens it can fight off—like SARS-CoV-2 and MRSA—is not allowed under agency rules without further FDA review. Making claims about protection duration is also not allowed.

Enlarge (credit: VMware)

Since Broadcom's $61 billion acquisition of VMware closed in November 2023, Broadcom has been charging ahead with major changes to the company's personnel and products. In December, Broadcom began laying off thousands of employees and stopped selling perpetually licensed versions of VMware products, pushing its customers toward more stable and lucrative software subscriptions instead. In January, it ended its partner programs, potentially disrupting sales and service for many users of its products.

This week, Broadcom is making a change that is smaller in scale but possibly more relevant for home users of its products: The free version of VMware's vSphere Hypervisor, also known as ESXi, is being discontinued.

ESXi is what is known as a "bare-metal hypervisor," lightweight software that runs directly on hardware without requiring a separate operating system layer in between. ESXi allows you to split a PC's physical resources (CPUs and CPU cores, RAM, storage, networking components, and so on) among multiple virtual machines. ESXi also supports passthrough for PCI, SATA, and USB accessories, allowing guest operating systems direct access to components like graphics cards and hard drives.

Enlarge (credit: SOPA Images / Contributor | LightRocket)

Once again, Cloudflare has proven that its unusual defense against meritless patent infringement claims effectively works to end so-called "patent trolling."

In a blog post, Cloudflare announced that its most recent victory—defeating a lawsuit filed by Sable IP and Sable Networks in 2021—was largely thanks to participants of Project Jengo. Launched in 2017, Cloudflare's program offers tens of thousands of dollars in awards to activate an army of bounty seekers and crowdsource submissions of evidence—known as "prior art"—that can be used to overcome frivolous patent claims or even invalidate patents that never should have been issued.

To find prior art, Project Jengo participants comb through academic papers, technical websites, and patent documents, helping Cloudflare explain in detailed petitions to the US Patent and Trademark Office (USPTO) why certain patents should be invalidated.

Enlarge / Ukraine’s GUR military intelligence unit made its claim following multiple reports in recent days that Russian forces are using Starlink’s distinctive square-shaped terminals. (credit: Pierre Crom/Getty Images)

Russian forces are using Starlink terminals on the front line in Ukraine, according to the Ukrainian military, which said the adoption of Elon Musk’s satellite Internet service by Moscow’s troops was becoming “systemic.”

Ukraine’s GUR military intelligence unit said on Telegram on Sunday that radio intercepts confirmed the use of Starlink terminals by Russian units operating in the occupied Donetsk region of eastern Ukraine.

“Yes, there have been recorded cases of the Russian occupiers using these devices,” Andriy Yusov, a GUR officer, told RBC-Ukraine. “This is starting to take on a systemic nature.”