The Biden administration is investigating China Mobile, China Telecom and China Unicom over concerns the firms could exploit access to American data through their U.S. cloud and internet businesses by providing it to Beijing, Reuters reported Tuesday, citing sources familiar with the matter. From the report: The companies still have a small presence in the United States, for example, providing cloud services and routing wholesale U.S. internet traffic. That gives them access to Americans' data even after telecom regulators barred them from providing telephone and retail internet services in the United States.

Reuters found no evidence the companies intentionally provided sensitive U.S. data to the Chinese government or committed any other type of wrongdoing. The investigation is the latest effort by Washington to prevent Beijing from exploiting Chinese firms' access to U.S. data to harm companies, Americans or national security, as part of a deepening tech war between the geopolitical rivals. It shows the administration is trying to shut down all remaining avenues for Chinese companies already targeted by Washington to obtain U.S. data.

Passant Rabie reports via Gizmodo: A video circulating online appears to show debris from a Chinese rocket falling above a populated area, with residents running for cover as a heavy cloud of dark yellow smoke trails across the sky in a frightening scene. The suspected debris may have come from China's Long March 2C rocket, which launched on Saturday, June 22, carrying a joint mission by China and France to study Gamma-ray bursts. The launch was declared a success, but its aftermath was captured by videos posted to Chinese social media sites.

The videos show what appears to be the first stage rocket booster of the Long March 2C rocket tumbling uncontrollably over a village in southwest China, while local residents cover their ears and run for shelter from the falling debris. There are no reports of injuries or damage to property. That said, unverified video and images show a gigantic cloud erupting at the site of the crashed rocket, and the booster itself seemingly next to a roadway. The first stage of the rocket can be seen leaking fuel, the color of which is consistent with nitrogen tetroxide. The chemical compound is a strong oxidizing agent that is used for rocket propulsion but it can be fatally toxic, according to Jonathan McDowell, astrophysicist at the Harvard-Smithsonian Center.

"It's known in the rocket industry as BFRC, a big fucking red cloud," McDowell told Gizmodo. "And when you see a BFRC, you run for your life." Nitrogen tetroxide was accepted as the rocket propellant oxidizer of choice in the early 1950s by the U.S.S.R. and the United States, however it became less commonly used over the years because it is extremely toxic, according to NASA (PDF). If it comes in contact with skin, eyes, or respiratory system, it can destroy human tissue, and if inhaled through the lungs, it can lead to a build up of fluids or, in extreme cases, death. "It's pretty scary, but this is just how the Chinese do business," McDowell told Gizmodo. "They have a different level of acceptable public risk." "I think over a 10 year period, we may see the older rockets phased out but they're not in any hurry to do so," added McDowell. "They're still launching one a week or something like that, and they are really quite dangerous."

Microsoft has decided to end its Project Natick experiment, which involved submerging a datacenter capsule 120 miles off the coast of Scotland to explore the feasibility of deploying underwater datacenters. TechSpot's Rob Thubron reports: Project Natick's origins stretch all the way back to 2013. Following a three-month trial in the Pacific, a submersible data center capsule was deployed 120 miles off the coast of Scotland in 2018. It was brought back to the surface in 2020, offering what were said to be promising results. Microsoft lost six of the 855 servers that were in the capsule during its time underwater. In a comparison experiment being run simultaneously on dry land, it lost eight out of 135 servers. Microsoft noted that the constant temperature stability of the external seawater was a factor in the experiment's success. It also highlighted how the data center was filled with inert nitrogen gas that protected the servers, as opposed to the reactive oxygen gas in the land data center.

Despite everything going so well, Microsoft is discontinuing Project Natick. "I'm not building subsea data centers anywhere in the world," Noelle Walsh, the head of the company's Cloud Operations + Innovation (CO+I) division, told DatacenterDynamics. "My team worked on it, and it worked. We learned a lot about operations below sea level and vibration and impacts on the server. So we'll apply those learnings to other cases," Walsh added.

Microsoft also patented a high-pressure data center in 2019 and an artificial reef data center in 2017, but it seems the company is putting resources into traditional builds for now. "I would say now we're getting more focused," Walsh said. "We like to do R&D and try things out, and you learn something here and it may fly over there. But I'd say now, it's very focused." "While we don't currently have data centers in the water, we will continue to use Project Natick as a research platform to explore, test, and validate new concepts around data center reliability and sustainability, for example with liquid immersion."

Tuesday a SpaceX Falcon Heavy rocket will launch a special satellite — a state-of-the-art weather-watcher from America's National Oceanic and Atmospheric Administration.

It will complete a series of four GOES-R satellite launches that began in 2016. Space.com drills down into how these satellites have changed weather forecasts: More than seven years later, with three of the four satellites in the series orbiting the Earth, scientists and researchers say they are pleased with the results and how the advanced technology has been a game changer. "I think it has really lived up to its hype in thunderstorm forecasting. Meteorologists can see the convection evolve in near real-time and this gives them enhanced insight on storm development and severity, making for better warnings," John Cintineo, a researcher from NOAA's National Severe Storms Laboratory , told Space.com in an email.

"Not only does the GOES-R series provide observations where radar coverage is lacking, but it often provides a robust signal before radar, such as when a storm is strengthening or weakening. I'm sure there have been many other improvements in forecasts and environmental monitoring over the last decade, but this is where I have most clearly seen improvement," Cintineo said. In addition to helping predict severe thunderstorms, each satellite has collected images and data on heavy rain events that could trigger flooding, detected low clouds and fog as it forms, and has made significant improvements to forecasts and services used during hurricane season. "GOES provides our hurricane forecasters with faster, more accurate and detailed data that is critical for estimating a storm's intensity, including cloud top cooling, convective structures, specific features of a hurricane's eye, upper-level wind speeds, and lightning activity," Ken Graham, director of NOAA's National Weather Service told Space.com in an email.

Instruments such as the Advanced Baseline Imager have three times more spectral channels, four times the image quality, and five times the imaging speed as the previous GOES satellites. The Geostationary Lightning Mapper is the first of its kind in orbit on the GOES-R series that allows scientists to view lightning 24/7 and strikes that make contact with the ground and from cloud to cloud. "GOES-U and the GOES-R series of satellites provides scientists and forecasters weather surveillance of the entire western hemisphere, at unprecedented spatial and temporal scales," Cintineo said. "Data from these satellites are helping researchers develop new tools and methods to address problems such as lightning prediction, sea-spray identification (sea-spray is dangerous for mariners), severe weather warnings, and accurate cloud motion estimation. The instruments from GOES-R also help improve forecasts from global and regional numerical weather models, through improved data assimilation."
The final satellite, launching Tuesday, includes a new sensor — the Compact Coronagraph — "that will monitor weather outside of Earth's atmosphere, keeping an eye on what space weather events are happening that could impact our planet," according to the article.

"It will be the first near real time operational coronagraph that we have access to," Rob Steenburgh, a space scientist at NOAA's Space Weather Prediction Center, told Space.com on the phone. "That's a huge leap for us because up until now, we've always depended on a research coronagraph instrument on a spacecraft that was launched quite a long time ago."

The Linux Foundation's "Open Source Security Foundation" (or OpenSSF) is a cross-industry forum to "secure the development, maintenance, and consumption of the open source software". And now the OpenSSF has launched a new mailing list "which aims to monitor the threat landscape of open-source project vulnerabilities," reports I Programmer, "in order to provide real time alerts to anyone subscribed."

The Record explains its origins: OpenSSF General Manager Omkhar Arasaratnam said that at a recent open source event, members of the community ran a tabletop exercise where they simulated a security incident involving the discovery of a zero-day vulnerability. They worked their way through the open source ecosystem — from cloud providers to maintainers to end users — clearly defining how the discovery of a vulnerability would be dealt with from top to bottom. But one of the places where they found a gap is in the dissemination of information widely.

"What we lack within the open source community is a place in which we can convene to distribute indicators of compromise (IOCs) and threats, tactics and procedures (TTPs) in a way that will allow the community to identify threats when our packages are under attack," Arasaratnam said... "[W]e're going to be standing up a mailing list for which we can share this information throughout the community and there can be discussion of things that are being seen. And that's one of the ways that we're responding to this gap that we saw...." The Siren mailing list will encourage public discussions on security flaws, concepts, and practices in the open source community with individuals who are not typically engaged in traditional upstream communication channels...

Members of the Siren email list will get real-time updates about emerging threats that may be relevant to their projects... OpenSSF has created a signup page for those interested and urged others to share the email list to other open source community members...
OpenSSF ecyosystem strategist Christopher Robinson (also security communications director for Intel) told the site he expects government agencies and security researchers to be involved in the effort. And he issued this joint statement with OpenSSF ecosystem strategist Bennett Pursell: By leveraging the collective knowledge and expertise of the open source community and other security experts, the OpenSSF Siren empowers projects of all sizes to bolster their cybersecurity defenses and increase their overall awareness of malicious activities. Whether you're a developer, maintainer, or security enthusiast, your participation is vital in safeguarding the integrity of open source software.
In less than a month, the mailing list has already grown to over 800 members...

An anonymous reader shared this report from Computer Weekly: Microsoft has admitted to Scottish policing bodies that it cannot guarantee the sovereignty of UK policing data hosted on its hyperscale public cloud infrastructure, despite its systems being deployed throughout the criminal justice sector.

According to correspondence released by the Scottish Police Authority (SPA) under freedom of information (FOI) rules, Microsoft is unable to guarantee that data uploaded to a key Police Scotland IT system — the Digital Evidence Sharing Capability (DESC) — will remain in the UK as required by law. While the correspondence has not been released in full, the disclosure reveals that data hosted in Microsoft's hyperscale public cloud infrastructure is regularly transferred and processed overseas; that the data processing agreement in place for the DESC did not cover UK-specific data protection requirements; and that while the company has the ability to make technical changes to ensure data protection compliance, it is only making these changes for DESC partners and not other policing bodies because "no one else had asked".

The correspondence also contains acknowledgements from Microsoft that international data transfers are inherent to its public cloud architecture. As a result, the issues identified with the Scottish Police will equally apply to all UK government users, many of whom face similar regulatory limitations on the offshoring of data. The recipient of the FOI disclosures, Owen Sayers — an independent security consultant and enterprise architect with over 20 years' experience in delivering national policing systems — concluded it is now clear that UK policing data has been travelling overseas and "the statements from Microsoft make clear that they 100% cannot comply with UK data protection law".

An anonymous reader quotes a report from TechCrunch: A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum. On Thursday, a hacker put up for sale the alleged stolen data from TEG, claiming to have information of 30 million users, including the full name, gender, date of birth, username, hashed passwords, and email addresses. In late May, TEG-owned ticketing company Ticketek disclosed a data breach affecting Australian customers' data, "which is stored in a cloud-based platform, hosted by a reputable, global third party supplier."

The company said that "no Ticketek customer account has been compromised," thanks to the encryption methods used to store their passwords. TEG conceded, however, that "customer names, dates of birth and email addresses may have been impacted" -- data that would line up with that advertised on the hacking forum. The hacker included a sample of the alleged stolen data in their post. TechCrunch confirmed that at least some of the data published on the forum appears legitimate by attempting to sign up for new accounts using the published email addresses. In a number of cases, Ticketek's website gave an error, suggesting the email addresses are already in use. There's evidence that the company's "cloud-based platform" provider is Snowflake, "which has been at the center of a recent series of data thefts affecting several of its customers, including Ticketmaster, Santander Bank, and others," notes TechCrunch.

"A now-deleted post on Snowflake's website from January 2023 was titled: 'TEG Personalizes Live Entertainment Experiences with Snowflake.' In 2022, consulting company Altis published a case study (PDF) detailing how the company, working with TEG, 'built a modern data platform for ingesting streaming data into Snowflake.'"

British startup Stability AI has appointed Prem Akkaraju as its new CEO. The 51-year-old Akkaraju, former CEO of visual effects company Weta Digital, "is part of a group of investors including former Facebook President Sean Parker that has stepped in to save Stability with a cash infusion that could result in a lower valuation for the firm," reports the Information (paywalled). "The new funding will likely shrink the stakes of some existing investors, who have collectively contributed more than $100 million."

In March, Stability AI founder and CEO Emad Mostaque stepped down from the role to pursue decentralized AI. "In a series of posts on X, Mostaque opined that one can't beat 'centralized AI' with more 'centralized AI,' referring to the ownership structure of top AI startups such as OpenAI and Anthropic," reported TechCrunch at the time. The move followed a report in April that claimed the company ran out of cash to pay its bills for its rented cloud GPUs. Last year, the company raised millions at a $1 billion valuation.

An anonymous reader quotes a report from ZDNet: At SUSECon in Berlin, SUSE, a global Linux and cloud-native software leader, announced significant enhancements across its entire Linux distribution family. These new capabilities focus on providing faster time-to-value and reduced operational costs, emphasizing the importance of choice in today's complex IT landscape. SUSE Linux Enterprise Server (SLES) 15 Service Pack (SP) 6 is at the heart of these upgrades. This update future-proofs IT workloads with a new Long Term Service (LTS) Pack Support Core. How long is long-term? Would you believe 19 years? This gives SLES the longest-term support period in the enterprise Linux market. Even Ubuntu, for which Canonical recently extended its LTS to 12 years, doesn't come close.

You may ask yourself, "Why 19 years?" SUSE General Manager of Business Critical Linux (BCL) Rick Spencer, explained in an interview that the reason is that on 03:14:08 Greenwich Mean Time (GMT, aka Coordinated Universal Time) Tuesday, January 19, 2038, we reach the end of computing time. Well, not really, but Linux, and all the other Unix-based operating systems, including some versions of MacOS, reach what's called the Epoch. That's when the time-keeping code in 32-bit Unix-based operating systems reaches the end of the seconds it's been counting since the beginning of time -- 00:00:00 GMT on January 1, 1970, as far as Linux and Unix systems are concerned -- and resets to zero. Just like the Y2K bug, that means that all unpatched 32-bit operating systems and software will have fits. The Linux kernel itself had the problem fixed in 2020's Linux 5.6 kernel, but many other programs haven't dealt with it. Until then, though, if you're still running SLES 15 SP6, you'll be covered. I strongly suggest upgrading before then, but if you want to stick with that distro to the bitter end, you can. The new SLES also boasts enhanced security features like confidential computing support with encryption in memory, utilizing Intel TDX and AMD SEV processors, along with remote attestation via SUSE Manager. Additionally, SLES for SAP Applications 15 SP6 offers a secure and reliable platform for running mission-critical SAP workloads, incorporating innovations from Trento to help system administrators avoid infrastructure issues.

Nvidia has become the U.S.'s most valuable listed company, riding the wave of the AI revolution that brings back memories of one from earlier this century. The last time a big provider of computing infrastructure was the most valuable U.S. company was in March 2000, when networking-equipment company Cisco took that spot at the height of the dot-com boom.

Former Cisco CEO John Chambers, who led the company during the dot-com boom, said the implications of AI are larger than the internet and cloud computing combined, but the dynamics differ. "The implications in terms of the size of the market opportunity is that of the internet and cloud computing combined," he told WSJ. "The speed of change is different, the size of the market is different, the stage when the most valuable company was reached is different." The story adds: Chambers said [Nvidia CEO] Huang was working from a different playbook than Cisco but was facing some similar challenges. Nvidia has a dominant market share, much like Cisco did with its products as the internet grew, and is also fending off rising competition. Also like Nvidia, Cisco benefited from investments before the industry became profitable. "We were absolutely in the right spot at the right time, and we knew it, and we went for it," Chambers said.

An anonymous reader quotes a report from The Register: Asda is transferring more than 100 internal IT workers to Indian outsourcing company TCS as it labors to meet deadlines to move away from IT systems supported by previous owner Walmart by the end of the year. According to documents seen by The Register, a collective consultation for a staff transfer under TUPE -- an arrangement by which employment rights are protected under UK law -- begins today (June 17). The UK's third-largest supermarket expects affected staff to meet line managers from June 24, while the transfer date is set for September 16. Contractors will be let go at the end of their current contracts. Asda employs around 5,000 staff in its UK offices. Between 130 and 135 members of the IT team have entered the collective consultation to move to TCS.

The move came as private equity company TDR Capital gained majority ownership of the supermarket group. It was acquired from Walmart by the brothers Mohsin and Zuber Issa and TDR Capital in February 2021 at a value of 6.8 billion pounds. The US retail giant retained "an equity investment." Project Future is a massive shift in the retailer's IT function. It is upgrading a legacy ERP system from SAP ECC -- run on-prem by Walmart -- to the latest SAP S/4HANA in the Microsoft Azure cloud, changing the application software, infrastructure, and business processes at the same time. Other applications are also set to move to Azure, including ecommerce and store systems, while Asda is creating an IT security team for the first time -- the work had previously been carried out by its US owner.

Asda signed up to SAP's "RISE" program in a deal to lift, shift, and transform its ERP system -- a vital plank in the German vendor's strategy to get customers to the cloud -- in December 2021. But the project has already been beset by delays. The UK retailer had signed a three-year deal with Walmart in February 2021 to continue to support its existing system, but was forced to renegotiate to extend the arrangement, saying it planned to move away from the legacy systems before the end of 2024. Although one insider told El Reg that deadline was "totally unachievable," the Walmart deal extends to September 2025, giving the UK retailer room to accommodate further delays without renegotiating the contract.

Asda has yet to migrate a single store to the new infrastructure. The first -- Yorkshire's Otley -- is set to go live by the end of June. One insider pointed out that project managers were trying to book resources from the infrastructure team for later this year and into the next, but, as they were set to transfer to TCS, the infrastructure team did not know who would be doing the work or what resources would be available. "They have a thousand stores to migrate and they're going to be doing that with an infrastructure team who have their eyes on the door. They'll be very professional, but they're not going above and beyond and doing on-call they don't have to do," the insider said.

A Zillow listing for a $2.4 million house in a Dallas suburb is grabbing attention for its 5,786-square-foot data center with immersion cooling tanks, massive server racks, and two separate power grids. Tom's Hardware reports: With a brick exterior, cute paving, and mini-McMansion arch stylings, the building certainly looks to be a residential home for the archetypal Texas family. Prospective home-buyers will thus be disappointed by the 0 bedroom, 1 bathroom setup, which becomes a warehouse-feeling office from the first step inside where you are met with a glass-shielded reception desk in a white-brick corridor. The "Crypto Collective" branding betrays the former life of the unit, which served admirably as a crypto mining base.

The purchase of the "upgraded turnkey Tier 2 Data Center" will include all of its cooling and power infrastructure. Three Engineered Fluids "SLICTanks," single-phase liquid immersion cooling tanks for use with dielectric coolant, will come with pumps and a 500kW dry cooler. The tanks are currently filled with at least 80 mining computers visible from the photos, though the SLICTanks can be configured to fit more machines. Also visible in proximity to the cooling array is a deep row of classic server racks and a staggering amount of networking.

The listing advertises a host of potential uses for future customers, from "AI services, cloud hosting, traditional data center, servers or even Bitcoin Mining". Also packed into the 5,786 square feet of real estate is two separate power grids, 5 HVAC units, a hefty amount of four levels of warehouse-style storage aisles, a lounge/office space, and a fully-paved backyard. In other good news, its future corporate residents will not have an HOA to deal with, and will only be 20 minutes outside of the heart of Dallas, sitting just out of earshot of two major highways.

Cybercriminals are demanding payments of between $300,000 and $5 million apiece from as many as 10 companies breached in a campaign that targeted Snowflake customers, according to a security firm helping with the investigation. From a report: The hacking scheme has entered a "new stage" as the gang looks to profit from the most valuable information it has stolen, said Austin Larsen, a senior threat analyst at Google's Mandiant security business, which helped lead Snowflake's inquiry. That includes auctioning companies' data on illegal online forums to try to pressure them into making payments, he said.

"We anticipate the actor to continue to attempt to extort victims," Larsen said. Snowflake, a cloud-based data analytics firm, said on June 2 that hackers had launched a "targeted" effort directed against Snowflake users that used single-factor authentication techniques. The company declined to comment on any specific customers.

The accounting and finance professions have long adapted to technology -- from calculators and spreadsheets to cloud computing. However, the emergence of generative AI presents both new challenges and opportunities for students looking to get ahead in the world of finance. From a report: Research last year by investment bank Evercore and Visionary Future, which incubates new ventures, highlights the workforce disruption being wreaked by generative AI. Analysing 160mn US jobs, the study reveals that service sectors such as legal and financial are highly susceptible to disruption by AI, although full job replacement is unlikely.

Instead, generative AI is expected to enhance productivity, the research concludes, particularly for those in high-value roles paying above $100,000 annually. But, for current students and graduates earning below this threshold, the challenge will be navigating these changes and identifying the skills that will be in demand in future. Generative AI is being swiftly integrated into finance and accounting, by automating specific tasks. Stuart Tait, chief technology officer for tax and legal at KPMG UK, describes it as a "game changer for tax," because it is capable of handling complex tasks beyond routine automation. "Gen AI for tax research and technical analysis will give an efficiency gain akin to moving from typewriters to word processors," he says. The tools can answer tax queries within minutes, with more than 95 per cent accuracy, Tait says.

Steven Vaughan-Nichols reports via ZDNet: While Linux and open-source software (OSS) are no longer constantly under intellectual property (IP) attacks, the Open Invention Network (OIN) patent consortium still stands guard over its patents. Now, OIN, the largest patent non-aggression community, has expanded its protection once again by updating its Linux System definition. Covering more than just Linux, the Linux System definition also protects adjacent open-source technologies. In the past, protection was expanded to Android, Kubernetes, and OpenStack. The OIN accomplishes this by providing a shared defensive patent pool of over 3 million patents from over 3,900 community members. OIN members include Amazon, Google, Microsoft, and essentially all Linux-based companies.

This latest update extends OIN's existing patent risk mitigation efforts to cloud-native computing and enterprise software. In the cloud computing realm, OIN has added patent coverage for projects such as Istio, Falco, Argo, Grafana, and Spire. For enterprise computing, packages such as Apache Atlas and Apache Solr -- used for data management and search at scale, respectively -- are now protected. The update also enhances patent protection for the Internet of Things (IoT), networking, and automotive technologies. OpenThread and packages such as agl-compositor and kukusa.val have been added to the Linux System definition. In the embedded systems space, OIN has supplemented its coverage of technologies like OpenEmbedded by adding the OpenAMP and Matter, the home IoT standard. OIN has included open hardware development tools such as Edalize, cocotb, Amaranth, and Migen, building upon its existing coverage of hardware design tools like Verilator and FuseSoc.

Keith Bergelt, OIN's CEO, emphasized the importance of this update, stating, "Linux and other open-source software projects continue to accelerate the pace of innovation across a growing number of industries. By design, periodic expansion of OIN's Linux System definition enables OIN to keep pace with OSS's growth." [...] Looking ahead, Bergelt said, "We made this conscious decision not to include AI. It's so dynamic. We wait until we see what AI programs have significant usage and adoption levels." This is how the OIN has always worked. The consortium takes its time to ensure it extends its protection to projects that will be around for the long haul. The OIN practices patent non-aggression in core Linux and adjacent open-source technologies by cross-licensing their Linux System patents to one another on a royalty-free basis. When OIN signees are attacked because of their patents, the OIN can spring into action.

An anonymous reader quotes a report from TechCrunch: Amazon says that it will commit up to $230 million to startups building generative AI-powered applications. The investment, roughly $80 million of which will fund Amazon's second AWS Generative AI Accelerator program, aims to position AWS as an attractive cloud infrastructure choice for startups developing generative AI models to power their products, apps and services. Much of the new tranche -- including the entire portion set aside for the accelerator program -- comes in the form of compute credits for AWS infrastructure, meaning that it can't be transferred to other cloud service providers like Google Cloud and Microsoft Azure.

To sweeten the pot, Amazon is pledging that startups in this year's Generative AI Accelerator cohort will gain access to experts and tech from Nvidia, the program's presenting partner. They will also be invited to join the Nvidia Inception program, which provides companies opportunities to connect with potential investors and additional consulting resources. The Generative AI Accelerator program has also grown substantially. Last year's cohort, which had 21 startups, received only up to $300,000 in AWS compute credits, amounting to around a combined $6.3 million investment. "With this new effort, we will help startups launch and scale world-class businesses, providing the building blocks they need to unleash new AI applications that will impact all facets of how the world learns, connects, and does business," Matt Wood, VP of AI products at AWS, said in a statement. Further reading: How Amazon Blew Alexa's Shot To Dominate AI

Speaking of Microsoft, the House Homeland Security committee is grilling Microsoft President Brad Smith Thursday about the software giant's plans to improve its security after a series of devastating hacks reached into federal officials' email accounts, challenging the company's fitness as a dominant government contractor. Washington Post adds:The questioning followed a withering report on one of those breaches, where the federal Cyber Safety Review Board found the event was made possible by a "cascade of avoidable errors" and a security culture "that requires an overhaul." In that hack, suspected agents of China's Ministry of State Security last year created digital keys using a tool that allowed them to pose as any existing Microsoft customer. Using the tool, they impersonated 22 organizations, including the U.S. Departments of State and Commerce, and rifled through Commerce Secretary Gina Raimondo's email among others.

The event triggered the sharpest criticism in decades of the stalwart federal vendor, and has prompted rival companies and some authorities to push for less government reliance on its technology. Two senators wrote to the Pentagon last month, asking why the agency plans to improve nonclassified Defense Department tech security with more expensive Microsoft licenses instead of with alternative vendors. "Cybersecurity should be a core attribute of software, not a premium feature that companies upsell to deep-pocketed government and corporate customers," Sens. Eric Schmitt (R-Mo.) and Ron Wyden (D-Ore.) wrote. "Through its buying power, DOD's strategies and standards have the power to shape corporate strategies that result in more resilient cybersecurity services." Any serious shift in executive branch spending would take years, but Department of Homeland Security leaders say plans are in motion to add security guarantees and requirements to more government purchases -- an idea touted in the Cyber Safety Review Board's Microsoft report.

Amazon unveiled a new generative AI-powered version of its Alexa voice assistant at a packed event in September 2023, demonstrating how the digital assistant could engage in more natural conversation. However, nearly a year later, the updated Alexa has yet to be widely released, with former employees citing technical challenges and organizational dysfunction as key hurdles, Fortune reported Thursday. The magazine reports that the Alexa large language model lacks the necessary data and computing power to compete with rivals like OpenAI. Additionally, Amazon has prioritized AI development for its cloud computing unit, AWS, over Alexa, the report said. Despite a $4 billion investment in AI startup Anthropic, privacy concerns and internal politics have prevented Alexa's teams from fully leveraging Anthropic's technology.

A former Microsoft employee claims the tech giant dismissed his repeated warnings about a security flaw that was later exploited in the SolarWinds hack, prioritizing business interests over customer safety. Andrew Harris, who worked on Microsoft's cloud security team, says he discovered the weakness in 2016 but was told fixing it could jeopardize a multibillion-dollar government contract and the company's competitive edge, ProPublica reported Thursday.

The flaw, in a Microsoft product called Active Directory Federation Services, allowed hackers to bypass security measures and access sensitive cloud data. Russian hackers exploited the vulnerability in the 2020 SolarWinds attack, breaching several U.S. agencies. Microsoft continues to deny wrongdoing, insisting customer protection is its top priority. The revelations come at a time when Microsoft is facing increasing scrutiny over its security practices and seeks to expand its government business.

In a new blog post, Adobe said it has updated its terms of service to clarify that it won't train AI on customers' work. The move comes after a week of backlash from users who feared that an update to Adobe's ToS would permit such actions. The clause was included in ToS sent to Creative Cloud Suite users, which claimed that Adobe "may access, view, or listen to your Content through both automated and manual methods -- using techniques such as machine learning in order to improve our Services and Software and the user experience." The Verge reports: The new terms of service are expected to roll out on June 18th and aim to better clarify what Adobe is permitted to do with its customers' work, according to Adobe's president of digital media, David Wadhwani. "We have never trained generative AI on our customer's content, we have never taken ownership of a customer's work, and we have never allowed access to customer content beyond what's legally required," Wadhwani said to The Verge. [...]

Adobe's chief product officer, Scott Belsky, acknowledged that the wording was "unclear" and that "trust and transparency couldn't be more crucial these days." Wadhwani says that the language used within Adobe's TOS was never intended to permit AI training on customers' work. "In retrospect, we should have modernized and clarified the terms of service sooner," Wadhwani says. "And we should have more proactively narrowed the terms to match what we actually do, and better explained what our legal requirements are."

"We feel very, very good about the process," Wadhwani said in regards to content moderation surrounding Adobe stock and Firefly training data but acknowledged it's "never going to be perfect." Wadhwani says that Adobe can remove content that violates its policies from Firefly's training data and that customers can opt out of automated systems designed to improve the company's service. Adobe said in its blog post that it recognizes "trust must be earned" and is taking on feedback to discuss the new changes. Greater transparency is a welcome change, but it's likely going to take some time to convince scorned creatives that it doesn't hold any ill intent. "We are determined to be a trusted partner for creators in the era ahead. We will work tirelessly to make it so."