In a tragic update to Monday's story, authorities have recovered the bodies of former Autonomy CEO Mike Lynch and his teenage daughter Hannah. The Register reports: Italian divers are said to have found the billionaire father and his daughter, 18, inside one of the sunken vessel's cabins, according to The Telegraph. The capsized ship presently rests 49 meters below the surface, about half a mile from the coast. [...] Angela Bacares, Lynch's wife, was rescued at sea and is recovering.

Canadian Broadcasting Company News has reported that the body of Recaldo Thomas, a Canadian-born man who resided in Antigua and served as the ship's cook, has been recovered. Other missing individuals have been identified by The Independent as: Christopher Morvillo, a lawyer who had represented Lynch and wife Neda Morvillo; Jonathan Bloomer, chairman of investment bank Morgan Stanley International and wife Judy Bloomer. The Register has published an obituary for Mike Lynch.

An anonymous reader quotes a report from Dark Reading: Researchers have exploited a vulnerability in Microsoft's Copilot Studio tool allowing them to make external HTTP requests that can access sensitive information regarding internal services within a cloud environment -- with potential impact across multiple tenants. Tenable researchers discovered the server-side request forgery (SSRF) flaw in the chatbot creation tool, which they exploited to access Microsoft's internal infrastructure, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances, they revealed in a blog post this week. Tracked by Microsoft as CVE-2024-38206, the flaw allows an authenticated attacker to bypass SSRF protection in Microsoft Copilot Studio to leak sensitive cloud-based information over a network, according to a security advisory associated with the vulnerability. The flaw exists when combining an HTTP request that can be created using the tool with an SSRF protection bypass, according to Tenable.

"An SSRF vulnerability occurs when an attacker is able to influence the application into making server-side HTTP requests to unexpected targets or in an unexpected way," Tenable security researcher Evan Grant explained in the post. The researchers tested their exploit to create HTTP requests to access cloud data and services from multiple tenants. They discovered that "while no cross-tenant information appeared immediately accessible, the infrastructure used for this Copilot Studio service was shared among tenants," Grant wrote. Any impact on that infrastructure, then, could affect multiple customers, he explained. "While we don't know the extent of the impact that having read/write access to this infrastructure could have, it's clear that because it's shared among tenants, the risk is magnified," Grant wrote. The researchers also found that they could use their exploit to access other internal hosts unrestricted on the local subnet to which their instance belonged. Microsoft responded quickly to Tenable's notification of the flaw, and it has since been fully mitigated, with no action required on the part of Copilot Studio users, the company said in its security advisory. Further reading: Slack AI Can Be Tricked Into Leaking Data From Private Channels

Rotten Tomatoes and Fandango are rolling out a new "Verified Hot" rating for users who actually bought a ticket to the movie being reviewed. "The designation is only given to theatrical movies that have reached an audience score above 90 percent among user ratings," adds IndieWire. From the report: Movie ticketing app Fandango is the parent company to Rotten Tomatoes, so if you bought your ticket through Fandango and then rated a movie using that same user info on Rotten Tomatoes, RT is able to confirm you bought a ticket and can filter out anyone else who may just be rating things blindly. A rep for RT tells IndieWire the goal is to work with other partners so that other people who don't use Fandango can still be considered verified.

Rotten Tomatoes also expanded its Popcornmeter designations. Anything with an audience score above 60 percent of people rating it as 3.5 stars or higher will be labeled "Hot," and movies below that 60 percent threshold are now "Stale." The "Certified Fresh" badge for movies that achieve a strong enough critics score has been around for a while, but in 2020 RT introduced a "Top Critics" feature such that you could filter out the dozens or hundreds of aggregated critics from unreliable sources who could be skewing a film's score. Anyone can vote or rate movies on Rotten Tomatoes if you're an audience member, but you can also filter out ratings from those not considered "verified."

Rotten Tomatoes made some other tweaks too under the hood: Both the Popcornmeter and Tomatometer need to meet a new minimum number of reviews published for a score to appear. Not everything gets reviewed widely, so the threshold varies depending on a film's total projected domestic box office forecast. A full list of "Verified Hot" films can be found here.

Phoronix's Michael Larabel reports: As part of Intel's Scalable Video Technology (SVT) initiative they had been developing SVT-HEVC as a BSD-licensed high performance H.265/HEVC video encoder optimized for Xeon Scalable and Xeon D processors. But recently they've changed course and the project has been officially discontinued. [...] The SVT-AV1 project a while ago was already punted to the Alliance for Open Media (AOMedia) project and one of its lead maintainers having joined Meta from Intel two years ago. SVT-AV1 continues excelling great outside the borders of Intel but SVT-HEVC (and SVT-VP9) have remained Intel open-source projects but at least officially SVT-HEVC has ended.

SVT-HEVC hadn't seen a new release since 2021 and there are already several great open-source H.265 encoders out there like x265 and Kvazaar. But as of a few weeks ago, SVT-HEVC upstream is now discontinued. The GitHub repository was put into a read-only state [with a discontinuation notice]. Meanwhile SVT-VP9 doesn't have any discontinuation notice at this time. The SVT-VP9 GitHub repository remains under Intel's Open Visual Cloud account although it hasn't seen any new commits in four months and the last tagged release was back in 2020.

An anonymous reader quotes a report from Ars Technica: Chrome users who declined to sync their Google accounts with their browsing data secured a big privacy win this week after previously losing a proposed class action claiming that Google secretly collected personal data without consent from over 100 million Chrome users who opted out of syncing. On Tuesday, the 9th US Circuit Court of Appeals reversed (PDF) the prior court's finding that Google had properly gained consent for the contested data collection. The appeals court said that the US district court had erred in ruling that Google's general privacy policies secured consent for the data collection. The district court failed to consider conflicts with Google's Chrome Privacy Notice (CPN), which said that users' "choice not to sync Chrome with their Google accounts meant that certain personal information would not be collected and used by Google," the appeals court ruled.

Rather than analyzing the CPN, it appears that the US district court completely bought into Google's argument that the CPN didn't apply because the data collection at issue was "browser agnostic" and occurred whether a user was browsing with Chrome or not. But the appeals court -- by a 3-0 vote -- did not. In his opinion, Circuit Judge Milan Smith wrote that the "district court should have reviewed the terms of Google's various disclosures and decided whether a reasonable user reading them would think that he or she was consenting to the data collection." "By focusing on 'browser agnosticism' instead of conducting the reasonable person inquiry, the district court failed to apply the correct standard," Smith wrote. "Viewed in the light most favorable to Plaintiffs, browser agnosticism is irrelevant because nothing in Google's disclosures is tied to what other browsers do."

Smith seemed to suggest that the US district court wasted time holding a "7.5-hour evidentiary hearing which included expert testimony about 'whether the data collection at issue'" was "browser-agnostic." "Rather than trying to determine how a reasonable user would understand Google's various privacy policies," the district court improperly "made the case turn on a technical distinction unfamiliar to most 'reasonable'" users, Smith wrote. Now, the case has been remanded to the district court where Google will face a trial over the alleged failure to get consent for the data collection. If the class action is certified, Google risks owing currently unknown damages to any Chrome users who opted out of syncing between 2016 and 2024. According to Smith, the key focus of the trial will be weighing the CPN terms and determining "what a 'reasonable user' of a service would understand they were consenting to, not what a technical expert would."

A growing body of scientific evidence shows that microplastics are accumulating in critical human organs, including the brain, leading researchers to call for more urgent actions to rein in plastic pollution. From a report: Studies have detected tiny shards and specks of plastics in human lungs, placentas, reproductive organs, livers, kidneys, knee and elbow joints, blood vessels and bone marrow. Given the research findings, "it is now imperative to declare a global emergency" to deal with plastic pollution, said Sedat Gundogdu, who studies microplastics at Cukurova University in Turkey. Humans are exposed to microplastics -- defined as fragments smaller than 5mm in diameter -- and the chemicals used to make plastics from widespread plastic pollution in air, water and even food.

The health hazards of microplastics within the human body are not yet well-known. Recent studies are just beginning to suggest they could increase the risk of various conditions such as oxidative stress, which can lead to cell damage and inflammation, as well as cardiovascular disease. Animal studies have also linked microplastics to fertility issues, various cancers, a disrupted endocrine and immune system, and impaired learning and memory.

bobdevine writes: The Linux operating system has reached a notable milestone in desktop market share, according to the latest data from StatCounter. As of July 2024, Linux has achieved a 4.45% market share for desktop operating systems worldwide. While this percentage might seem small to those unfamiliar with the operating system landscape, it represents a significant milestone for Linux and its dedicated community. What makes this achievement even more thrilling is the upward trajectory of Linux's adoption rate.

South Africa's telecoms industry body is pushing for digital content and service providers to help pay for the roll out of network infrastructure because they generate a huge part of the internet traffic. From a report: The Association of Comms and Technology (ACT) CEO Nomvuyiso Batyi said that the revenues generated by over-the-top (OTT) platforms and the continued success of the OTT model was dependent on the availability of high-quality, reliable and efficient network infrastructure. So "what we're saying is that the OTTs should contribute towards the network upgrades, the network building," she added. OTT platforms or services deliver digital content such as video, audio and messaging directly to consumers over the internet. "Fair share" arrangements ensure that OTT providers contribute to the costs of building, maintaining, and upgrading the infrastructure that supports their business.

CrowdStrike's president hit out at "shady" efforts by its cyber security rivals to scare its customers and steal market share in the month since its botched software update sparked a global IT outage. From a report: Michael Sentonas told the Financial Times that attempts by competitors to use the July 19 disruption to promote their own products were "misguided." After criticism from rivals including SentinelOne and Trellix, the CrowdStrike executive said no vendor could "technically" guarantee that their own software would never cause a similar incident.

"Our industry is built on trust," Sentonas said. For rivals to take advantage of the meltdown to push their own products "lets themselves down because, ultimately, people know really quickly fact from, possibly, some shady commentary." Texas-based CrowdStrike had a reputation as many major companies' first line of defense against cyber attacks, but the high-profile nature of its clients exacerbated the impact of July's global disruption that shut down 8.5 million Windows devices. Insurers have estimated that losses from the disruption, which grounded flights and shut down hospital systems, could run into billions of dollars. Delta Air Lines, which canceled more than 6,000 flights, has estimated that the outages will cost it $500 million and has threatened litigation.

An anonymous reader shares a report: U.S. agencies are increasingly accessing parts of a half-billion encrypted chat message haul that has rocked the global organized crime underground, using the chats as part of multiple drug trafficking prosecutions, according to a 404 Media review of U.S. court records. In particular, U.S. authorities are using the chat messages to prosecute alleged maritime drug smugglers who traffic cocaine using speedboats and commercial ships.

The court records show the continued fallout of the massive hack of encrypted phone company Sky in 2021, in which European agencies obtained the intelligence goldmine of messages despite Sky being advertised as end-to-end encrypted. European authorities have used those messages as the basis for many prosecutions and drug seizures across the continent. Now, it's clear that the blast radius extends to the United States.

Slack AI, an add-on assistive service available to users of Salesforce's team messaging service, is vulnerable to prompt injection, according to security firm PromptArmor. From a report: The AI service provides generative tools within Slack for tasks like summarizing long conversations, finding answers to questions, and summarizing rarely visited channels.

"Slack AI uses the conversation data already in Slack to create an intuitive and secure AI experience tailored to you and your organization," the messaging app provider explains in its documentation. Except it's not that secure, as PromptArmor tells it. A prompt injection vulnerability in Slack AI makes it possible to fetch data from private Slack channels.

Microsoft is launching three new Xbox Series S / X console options in October. From a report: There's the $449.99 white discless Xbox Series X, a 2TB "Galaxy Black" special-edition Xbox Series X priced at $599.99, and a $349.99 1TB Xbox Series S. All three models will be available in the US on October 15th, with other markets to follow on October 29th.

The white coating on the exterior of this new discless Xbox Series X matches the "robot white" found on the Xbox Series S, Microsoft's smaller $299 console. While leaks of the white Xbox Series X hinted that Microsoft may upgrade the heatsink used to cool the console, the company hasn't detailed any hardware changes beyond the removal of the disc drive here.

An anonymous reader quotes a report from The Register: Thirty-six flights were cancelled at Japan's New Chitose airport on Saturday after a pair of scissors went missing. Japanese media report that retail outlets at the airport -- which serves the regional city of Chitose on Japan's northernmost island, Hokkaido -- are required to store scissors in a locker. When staff need to cut something, they withdraw the scissors and then replace them after they're done snipping. But last Saturday, an unnamed retailer at the airport was unable to find a pair of scissors. A lengthy search ensued, during which security checks for incoming passengers were paused for at least two hours.

Chaos ensued as queues expanded, passengers were denied entry, and airport authorities scrambled to determine whether the scissors had been swiped by somebody with malicious intent. The incident saw over 200 flights delayed, and 36 cancelled altogether. The mess meant some artists didn't appear at a music festival. Happily, the scissors were eventually found -- in the very same shop from which they had gone missing, and not in the hands of someone nefarious. But it took time for authorities to verify the scissors were the missing cutters and not another misplaced pair.

The Verge's Tom Warren reports: Valve is banning Counter-Strike 2 players from using keyboard features to automate perfect counter-strafes. Razer was the first keyboard maker to add a Simultaneous Opposing Cardinal Directions (SOCD) feature to its range of Huntsman V3 Pro keyboards last month, followed shortly by Wooting. Using Snap Tap as Razer calls it or Wooting's Snappy Tappy will now get you kicked from Counter-Strike 2 games.

"Recently, some hardware features have blurred the line between manual input and automation, so we've decided to draw a clear line on what is or isn't acceptable in Counter-Strike," says Valve. "We are no longer going to allow automation (via scripting or hardware) that circumvent these core skills and, moving forward, (and initially -- exclusively on Valve Official Servers) players suspected of automating multiple player actions from a single game input may be kicked from their match." [...]

Razer and Wooting's SOCD features both let players automate switching strafe directions without having to learn the skill. Normally, to switch strafe directions in a first-person shooter, you have to fully release one key before pressing the other. If both are pressed, they cancel each other, and you stand there for a moment until you release one of the keys. SOCD means you don't need to release a key and you can rapidly tap the A or D key to counter-strafe with little to no effort.

Approvals for new coal-fired power plants in China dropped by 80% in the first half of this year compared to last, according to an analysis from Greenpeace and the Shanghai Institutes for International Studies. The Associated Press reports: A review of project documents by Greenpeace East Asia found that 14 new coal plants were approved from January to June with a total capacity of 10.3 gigawatts, down 80% from 50.4 gigawatts in the first half of last year. Authorities approved 90.7 gigawatts in 2022 and 106.4 gigawatts in 2023, a surge that raised alarm among climate experts. China leads the world in solar and wind power installations but the government has said that coal plants are still needed for periods of peak demand because wind and solar power are less reliable. While China's grid gives priority to greener sources of energy, experts worry that it won't be easy for China to wean itself off coal once the new capacity is built.

"We may now be seeing a turning point," Gao Yuhe, the project lead for Greenpeace East Asia, said in a statement. "One question remains here. Are Chinese provinces slowing down coal approvals because they've already approved so many coal projects ...? Or are these the last gasps of coal power in an energy transition that has seen coal become increasingly impractical? Only time can tell." [...] Gao said that China should focus its resources on better connecting wind and solar power to the grid rather than building more coal power plants. Coal provides more than 60% of the country's electricity. "Coal plays a foundation role in China's energy security," Li Fulong, an official of National Energy Administration, said at a news conference in June. The report notes that China is also looking to nuclear power to help reach its carbon reduction targets. The country approved five nuclear power projects on Monday with 11 units and a total cost of $28 billion.

An anonymous reader quotes a report from The Hill: Births in the United States dropped again between 2022 and 2023, according to new data from the Centers for Disease Control and Prevention (CDC). The national birth rate has been steadily declining for the last 17 years, with a particularly steep drop in births between 2007 and 2009 during the Great Recession. Between 2007 and 2022, the U.S. birth rate fell by nearly 23 percent, according to CDC data. There were 3,596,017 registered births in 2023, about 2 percent fewer than in 2022, when there were 3,667,758 registered births, according to CDC data.

The general fertility rate fell by nearly 3 percent last year to 54.5 births per 1,000 women between the ages of 15 and 44. That's down from the 2022 rate of 56 births per 1,000 women, CDC data shows. Teen births have declined almost every year since the 1990s and are continuing to fall. The teenage birth rate dropped by 4 percent between 2022 and 2023, from 13.6 to 13.1 births per 1,000 girls aged 15 to 19, according to the CDC. And the birth rate for teens between the ages of 15 and 17, specifically, declined by 2 percent from 5.6 to 5.5 births per 1,000 girls. In 2007, the general fertility rate reached a height not seen since the 1990s at 69.5 births per 1,000 women between the ages of 15 and 44, 1 percentage point higher than the year before, according to CDC data.

Ars Technica's Dan Goodwin writes: Last Tuesday, loads of Linux users -- many running packages released as early as this year -- started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: "Something has gone seriously wrong." The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don't load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday. [...]

With Microsoft maintaining radio silence, those affected by the glitch have been forced to find their own remedies. One option is to access their EFI panel and turn off secure boot. Depending on the security needs of the user, that option may not be acceptable. A better short-term option is to delete the SBAT Microsoft pushed out last Tuesday. This means users will still receive some of the benefits of Secure Boot even if they remain vulnerable to attacks that exploit CVE-2022-2601. The steps for this remedy are outlined here (thanks to manutheeng for the reference).

Toyota confirmed a breach of its network after 240GB of data, including employee and customer information, was leaked on a hacking forum by a threat actor. The company has not provided details on how or when the breach occurred. BleepingComputer reports: ZeroSevenGroup (the threat actor who leaked the stolen data) says they breached a U.S. branch and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information. They also claim to have collected network infrastructure information, including credentials, using the open-source ADRecon tool that helps extract vast amounts of information from Active Directory environments.

"We have hacked a branch in United States to one of the biggest automotive manufacturer in the world (TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB," the threat actor claims. "Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords." While Toyota hasn't shared the date of the breach, BleepingComputer found that the files had been stolen or at least created on December 25, 2022. This date could indicate that the threat actor gained access to a backup server where the data was stored. "We are aware of the situation. The issue is limited in scope and is not a system wide issue," Toyota told BleepingComputer. The company added that it's "engaged with those who are impacted and will provide assistance if needed."

An anonymous reader quotes a report from The Guardian, written by Julian Benson: It's been eight years since Civilization 6 -- the most recent in a very long-running strategy game series that sees you take a nation from the prehistoric settlement of their first town through centuries of development until they reach the space age. Since 2016 it has amassed an abundance of expansions, scenario packs, new nations, modes and systems for players to master -- but series producer Dennis Shirk at Firaxis Games feels that enough it enough. "It was getting too big for its britches," he says. "It was time to make something new."

"It's tough to even get through the whole game," designer Ed Beach says, singling out the key problem that Firaxis aims to solve with the forthcoming Civilization 7. While the early turns of a campaign in Civilization 6 can be swift, when you're only deciding the actions for the population of a single town, "the number of systems, units, and entities you must manage explodes after a while," Beach says. From turn one to victory, a single campaign can take more than 20 hours, and if you start falling behind other nations, it can be tempting to restart long before you see the endgame. That's why Civilization 7's campaign has been split into three ages -- Antiquity, Exploration and Modern -- with each ending in a dramatic explosion of global crises. "Breaking the game into chapters lets people get through history in a more digestible fashion," Beach says.

When you start a new campaign, you pick a leader and civilization to govern, and direct your people in establishing their first settlements and encounters with the other peoples populating a largely undeveloped land. You'll choose the technologies they research, the expansions they make to their cities, and whom they try to befriend or conquer. Every turn you complete or scientific, economic, cultural and military milestone you pass adds points to a meter running in the background. Once that meter hits 200, you and all the other surviving civilizations on the map will transition into the next age. When moving from Antiquity to Exploration and later Exploration to Modern, you select a new civilization to lead. You'll retain all the cities you controlled before but have access to different technologies and attributes. This may seem strange, but it's built to reflect history: think of London, which was once run by the Romans before being supplanted by the Anglo-Saxons. No empire lasts for ever, but they don't all collapse, either.

Breaking Civilization 7 into chapters also gives campaigns a new rhythm. As you approach the end of an age, you'll begin to face global crises. In Antiquity, for instance, you can see a proliferation of independent powers similar to the tribes that tore down Rome. "We're not calling them barbarians any more," Beach says. "It's a more nuanced way to present them." These crises multiply and strengthen until you reach the next age. "It's like a sci-fi or fantasy series with a huge, crazy conclusion, and then the next book starts nice and calm," Beach says. "There's a point where getting to the next age is a relief." Here's a round-up of thoughts on Civilization 7 from some of the most respected gaming outlets and reviewers:

Civilization VII hands-on: This strategy sequel rethinks the long game -- Ars Technica's Samuel Axon
Civilization 7 pairs seismic changes with a lovably familiar formula -- Eurogamer's Chris Tapsell
Civilization 7 hands-on: Huge changes are coming to the classic strategy series - PC Gamer's Tyler Wilde
Civilization 7 lets you mix and match history -- and it's a blast - The Verge's Ash Parrish
Civilization 7 Hands-On Preview: Creating Your Legacy - Game Rant's Joshua Duckworth
Sid Meier's Civilization VII preview -- possibly the freshest sequel yet - GamesHub's Jam Walker
How Civilization 7 Rethinks The Series' Structure - GameSpot's Steve Watts

U.S. District Judge Ada Brown in Dallas blocked the FTC's rule banning noncompete agreements, arguing the FTC lacks authority to implement such broad regulations and did not adequately justify the sweeping prohibition. Reuters reports: Brown had temporarily blocked the rule in July while she considered a bid by the U.S. Chamber of Commerce, the country's largest business lobby, and tax service firm Ryan to strike it down entirely. The rule was set to take effect Sept. 4. Brown in her ruling said that even if the FTC had the power to adopt the rule, the agency had not justified banning virtually all noncompete agreements. "The Commission's lack of evidence as to why they chose to impose such a sweeping prohibition ... instead of targeting specific, harmful non-competes, renders the Rule arbitrary and capricious," wrote Brown, an appointee of Republican former President Donald Trump.

FTC spokesperson Victoria Graham said the agency was disappointed with the ruling and is "seriously considering a potential appeal." "Today's decision does not prevent the FTC from addressing noncompetes through case-by-base enforcement actions," Graham said in a statement. The Democratic-controlled FTC approved the ban on noncompete agreements in a 3-2 vote in May. The commission and supporters of the rule say the agreements are an unfair restraint on competition that violate U.S. antitrust law and suppress workers' wages and mobility.