Editor’s Pick

Enlarge (credit: Getty Images)

As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security update patching four critical vulnerabilities discovered late last year.

The vulnerabilities are found in four LG TV models that collectively comprise slightly more than 88,000 units around the world, according to results returned by the Shodan search engine for Internet-connected devices. The vast majority of those units are located in South Korea, followed by Hong Kong, the US, Sweden, and Finland. The models are:

LG43UM7000PLA running webOS 4.9.7 – 5.30.40
OLED55CXPUA running webOS 5.5.0 – 04.50.51
OLED48C1PUB running webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50
OLED55A23LA running webOS 7.3.1-43 (mullet-mebin) – 03.33.85

Starting Wednesday, updates are available through these devices’ settings menu.

Enlarge / Elon Musk, owner of Tesla and the X (formerly Twitter) platform on January 22, 2024. (credit: Getty Images)

On Monday, Tesla CEO Elon Musk predicted the imminent rise in AI superintelligence during a live interview streamed on the social media platform X. “My guess is we’ll have AI smarter than any one human probably around the end of next year,” Musk said in his conversation with hedge fund manager Nicolai Tangen.

Just prior to that, Tangen had asked Musk, “What’s your take on where we are in the AI race just now?” Musk told Tangen that AI “is the fastest advancing technology I’ve seen of any kind, and I’ve seen a lot of technology.” He described computers dedicated to AI increasing in capability by “a factor of 10 every year, if not every six to nine months.”

Musk made the prediction with an asterisk, saying that shortages of AI chips and high AI power demands could limit AI’s capability until those issues are resolved. “Last year, it was chip-constrained,” Musk told Tangen. “People could not get enough Nvidia chips. This year, it’s transitioning to a voltage transformer supply. In a year or two, it’s just electricity supply.”

Enlarge (credit: Getty Images)

We’ve come a long way since primitive AI music generators in 2022. Today, AI tools like Suno.ai allow any series of words to become song lyrics, including inside jokes (as you’ll see below). On Wednesday, prompt engineer Riley Goodside tweeted an AI-generated song created with the prompt “sad girl with piano performs the text of the MIT License,” and it began to circulate widely in the AI community online.

The MIT License is a famous permissive software license created in the late 1980s, frequently used in open source projects. “My favorite part of this is ~1:25 it nails ‘WARRANTIES OF MERCHANTABILITY’ with a beautiful Imogen Heap-style glissando then immediately pronounces ‘FITNESS’ as ‘fistiff,'” Goodside wrote on X.

Suno (which means “listen” in Hindi) was formed in 2023 in Cambridge, Massachusetts. It’s the brainchild of Michael Shulman, Georg Kucsko, Martin Camacho, and Keenan Freyberg, who formerly worked at companies like Meta and TikTok. Suno has already attracted big-name partners, such as Microsoft, which announced the integration of an earlier version of the Suno engine into Bing Chat last December. Today, Suno is on v3 of its model, which can create temporally coherent two-minute songs in many different genres.

Enlarge (credit: Getty Images)

Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday.

Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability came to light two weeks ago. The researcher said they were making the threat public because D-Link said it had no plans to patch the vulnerabilities, which are present only in end-of-life devices, meaning they are no longer supported by the manufacturer.

An ideal recipe

On Monday, researchers said their sensors began detecting active attempts to exploit the vulnerabilities starting over the weekend. Greynoise, one of the organizations reporting the in-the-wild exploitation, said in an email that the activity began around 02:17 UTC on Sunday. The attacks attempted to download and install one of several pieces of malware on vulnerable devices depending on their specific hardware profile. One such piece of malware is flagged under various names by 40 endpoint protection services.

Enlarge (credit: Getty)

Schleswig-Holstein, one of Germany’s 16 states, on Wednesday confirmed plans to move tens of thousands of systems from Microsoft Windows to Linux. The announcement follows previously established plans to migrate the state government off Microsoft Office in favor of open source LibreOffice.

As spotted by The Document Foundation, the government has apparently finished its pilot run of LibreOffice and is now announcing plans to expand to more open source offerings.

In 2021, the state government announced plans to move 25,000 computers to LibreOffice by 2026. At the time, Schleswig-Holstein said it had already been testing LibreOffice for two years.

Enlarge (credit: Getty Images)

Ivanti, the remote-access company whose remote-access products have been battered by severe exploits in recent months, has pledged a “new era,” one that “fundamentally transforms the Ivanti security operating model” backed by “a significant investment” and full board support.

CEO Jeff Abbott’s open letter promises to revamp “core engineering, security, and vulnerability management,” make all products “secure by design,” formalize cyber-defense agency partnerships, and “sharing information and learning with our customers.” Among the details is the company’s promise to improve search abilities in Ivanti’s security resources and documentation portal, “powered by AI,” and an “Interactive Voice Response system” for routing calls and alerting customers about security issues, also “AI-powered.”

Ivanti and Abbott seem to have been working on this presentation for a while, so it’s unlikely they could have known it would arrive just days after four new vulnerabilities were disclosed for its Connect Secure and Policy Secure gateway products, two of them rated for high severity. Those vulnerabilities came two weeks after two other vulnerabilities, rated critical, with remote code execution. And those followed “a three-week spree of non-stop exploitation” in early February, one that left security directors scrambling to patch and restore services or, as federal civilian agencies did, rebuild their servers from scratch.

Enlarge / A person made of many parts, similar to the attorney who handles both severe criminal law and copyright takedowns for an Arizona law firm. (credit: Getty Images)

If you run a personal or hobby website, getting a copyright notice from a law firm about an image on your site can trigger some fast-acting panic. As someone who has paid to settle a news service-licensing issue before, I can empathize with anybody who wants to make this kind of thing go away.

Which is why a new kind of angle-on-an-angle scheme can seem both obvious to spot and likely effective. Ernie Smith, the prolific, ever-curious writer behind the newsletter Tedium, received a “DMCA Copyright Infringement Notice” in late March from “Commonwealth Legal,” representing the “Intellectual Property division” of Tech4Gods.

The issue was with a photo of a keyfob from legitimate photo service Unsplash used in service of a post about a strange Uber ride Smith once took. As Smith detailed in a Mastodon thread, the purported firm needed him to “add a credit to our client immediately” and said it should be “addressed in the next five business days.” Removing the image “does not conclude the matter,” and should Smith have not taken action, the putative firm would have to “activate” its case, relying on DMCA 512(c) (which, in many readings, actually does grant relief should a website owner, unaware of infringing material, “act expeditiously to remove” said material). The email unhelpfully points to the main page of the Internet Archive so that Smith might review “past usage records.”

Enlarge (credit: Getty Images)

Depending on who you ask about AI (and how you define it), the technology may or may not be useful, but one thing is for certain: AI hype is dominating corporate marketing these days—even in fast food. According to a report in The Wall Street Journal, corporate fast food giant Yum Brands is embracing an “AI-first mentality” across its restaurant chains, including Taco Bell, Pizza Hut, KFC, and Habit Burger Grill. The company’s chief digital and technology officer, Joe Park, told the WSJ that AI will shape nearly every aspect of how these restaurants operate.

“Our vision of [quick-service restaurants] is that an AI-first mentality works every step of the way,” Park said in an interview with the outlet. “If you think about the major journeys within a restaurant that can be AI-powered, we believe it’s endless.”

As we’ve discussed in the past, artificial intelligence is a nebulous term. It can mean many different things depending on the context, including computer-controlled ghosts in Pac-Man, algorithms that play checkers, or large language models that give terrible advice on major city websites. But most of all in this tech climate, it means money, because even talking about AI tends to make corporate share prices go up.

Enlarge (credit: Getty Images)

A federal Cyber Safety Review Board has issued its report on what led to last summer’s capture of hundreds of thousands of emails by Chinese hackers from cloud customers, including federal agencies. It cites “a cascade of security failures at Microsoft” and finds that “Microsoft’s security culture was inadequate” and needs to adjust to a “new normal” of cloud provider targeting.

The report, mandated by President Biden in the wake of the far-reaching intrusion, details the steps that Microsoft took before, during, and after the breach and in each case finds critical failure. The breach was “preventable,” even though it cites Microsoft as not knowing precisely how Storm-0558, a “hacking group assessed to be affiliated with the People’s Republic of China,” got in.

“Throughout this review, the board identified a series of Microsoft operational and strategic decisions that collectively points to a corporate culture that deprioritized both enterprise security investments and rigorous risk management,” the report reads.

Enlarge / TSMC’s headquarters, seen here, are in Hsinchu, Taiwan. (credit: Sam Yeh via Getty Images)

Chipmaking operations at Taiwan Semiconductor Manufacturing Co. (TSMC) were briefly paused today following a 7.4-magnitude earthquake hit Taiwan, according to a company statement provided to Bloomberg and others.

TSMC says that workers were evacuated as part of its earthquake safety protocols and that they have already returned to work. Bloomberg reports that the company is still “examining impact” to its operations, but it “expects to resume production overnight.”

The quake’s epicenter was on Taiwain’s east coast and has prompted tsunami warnings in Japan, China, and the Philippines, according to The New York Times. The quake was followed by a long series of over 200 aftershocks, including one 6.5-magnitude aftershock. It’s the strongest earthquake to affect Taiwan since the 7.7-magnitude Jiji earthquake in 1999. As of this writing, the NYT reports that at least nine people have died, and 1,011 have reported injuries.