Editor’s Pick

Enlarge (credit: Getty Images)

In the stretch of a few days, two municipal water facilities that serve more than 2 million residents in parts of Pennsylvania and Texas have reported network security breaches that have hamstrung parts of their business or operational processes.

In response to one of the attacks, the Municipal Water Authority of Aliquippa in western Pennsylvania temporarily shut down a pump providing drinking water from the facility’s treatment plant to the townships of Raccoon and Potter, according to reporting by the Beaver Countian. A photo the Water Authority provided to news outlets showed the front panel of a programmable logic controller—a toaster-sized box often abbreviated as PLC that’s used to automate physical processes inside of industrial settings—that displayed an anti-Israeli message. The PLC bore the logo of the manufacturer Unitronics. A sign above it read “Primary PLC.”

WWS facilities in the cross hairs

The Cybersecurity and Infrastructure Security Administration on Tuesday published an advisory that warned of recent attacks compromising Unitronics PLCs used in Water and Wastewater Systems, which are often abbreviated as WWSes. Although the notice didn’t identify any facilities by name, the account of one hack was almost identical to the one that occurred inside the Aliquippa facility.

Enlarge / Example images generated using Stable Diffusion XL Turbo. (credit: Stable Diffusion XL Turbo / Benj Edwards)

On Tuesday, Stability AI launched Stable Diffusion XL Turbo, an AI image-synthesis model that can rapidly generate imagery based on a written prompt. So rapidly, in fact, that the company is billing it as “real-time” image generation, since it can also quickly transform images from a source, such as a webcam, quickly.

SDXL Turbo’s primary innovation lies in its ability to produce image outputs in a single step, a significant reduction from the 20–50 steps required by its predecessor. Stability attributes this leap in efficiency to a technique it calls Adversarial Diffusion Distillation (ADD). ADD uses score distillation, where the model learns from existing image-synthesis models, and adversarial loss, which enhances the model’s ability to differentiate between real and generated images, improving the realism of the output.

Stability detailed the model’s inner workings in a research paper released Tuesday that focuses on the ADD technique. One of the claimed advantages of SDXL Turbo is its similarity to Generative Adversarial Networks (GANs), especially in producing single-step image outputs.

Enlarge / The Amazon Q logo. (credit: Amazon)

On Tuesday, Amazon unveiled Amazon Q, an AI chatbot similar to ChatGPT that is tailored for corporate environments. Developed by Amazon Web Services (AWS), Q is designed to assist employees with tasks like summarizing documents, managing internal support tickets, and providing policy guidance, differentiating itself from consumer-focused chatbots. It also serves as a programming assistant.

According to The New York Times, the name “Q” is a play on the word “question” and a reference to the character Q in the James Bond novels, who makes helpful tools. (And there’s apparently a little bit of Q from Star Trek: The Next Generation thrown in, although hopefully the new bot won’t cause mischief on that scale.)

Amazon Q’s launch positions it against existing corporate AI tools like Microsoft’s Copilot, Google’s Duet AI, and ChatGPT Enterprise. Unlike some of its competitors, Amazon Q isn’t built on a singular AI large language model (LLM). Instead, it uses a platform called Bedrock, integrating multiple AI systems, including Amazon’s Titan and models from Anthropic and Meta.

Enlarge (credit: Apple)

Apple has repeatedly trumpeted the success of its financial services, a product lineup that now encompasses the Apple Card credit card, high-interest savings accounts, and a buy-now-pay-later service called Apple Pay Later.

But even if those products have proven reasonably popular with consumers, they haven’t been working out for the bank that Apple has partnered with to supply those services. Goldman Sachs’ consumer services have been losing the company billions of dollars, according to reporting from Bloomberg, CNBC, and The New York Times, among others. These losses have been driven in part by a much higher-than-usual loss rate on its credit card loans—meaning that people with Goldman-backed credit cards like the Apple Card are actually making their payments less often than people with credit cards from other banks.

Today, The Wall Street Journal reports that Apple has sent Goldman Sachs a proposal that will end their partnership within the next 12 to 15 months, leaving Apple to find a new backer for its financial products.

Enlarge (credit: Getty Images)

Security researchers are tracking what they say is the “mass exploitation” of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open-source filesharing server app.

The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing “mass exploitation” in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. The number of IP addresses sending the web requests has slowly risen since then. At the time this post went live on Ars, it had reached 13.

Spraying the Internet

“We’re seeing hits to the specific endpoint that exposes sensitive information, which would be considered exploitation,” Glenn Thorpe, senior director of security research & detection engineering at Greynoise, said in an interview on Mastodon. “At the moment, we’ve seen 13 IPs that are hitting our unadvertised sensors, which indicates that they are pretty much spraying it across the internet to see what hits.”

Enlarge / The Ekobot autonomous weeding robot roving around an onion field in Sweden. (credit: Ekobot AB)

Anybody who has pulled weeds in a garden knows that it’s a tedious task. Scale it up to farm-sized jobs, and it becomes a nightmare. The most efficient industrial alternative, herbicides, have potentially devastating side effects for people, animals, and the environment. So a Swedish company named Ekobot AB has introduced a wheeled robot that can autonomously recognize and pluck weeds from the ground rapidly using metal fingers.

The four-wheeled Ekobot WEAI robot is battery-powered and can operate 10–12 hours a day on one charge. It weighs 600 kg (about 1322 pounds) and has a top speed of 5 km/h (2.5 mph). It’s tuned for weeding fields full of onions, beetroots, carrots, or similar vegetables, and it can cover about 10 hectares (about 24.7 acres) in a day. It navigates using GPS RTK and contains safety sensors and vision systems to prevent it from unintentionally bumping into objects or people.

To pinpoint plants it needs to pluck, the Ekobot uses an AI-powered machine vision system trained to identify weeds as it rolls above the farm field. Once the weeds are within its sights, the robot uses a series of metal fingers to quickly dig up and push weeds out of the dirt. Ekobot claims that in trials, its weed-plucking robot allowed farmers to grow onions with 70 percent fewer pesticides. The weed recognition system is key because it keeps the robot from accidentally digging up crops by mistake.

Enlarge (credit: Getty Images)

A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported.

The intrusion, by a group tracked under names including “Chimera” and “G0114,” lasted from late 2017 to the beginning of 2020, according to Netherlands-based NCR, which cited “several sources” familiar with the incident. During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn’t uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

No material damage

NCR cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in “early Q4 2017.” Some of the intrusions lasted as long as three years before coming to light. NCR said the unidentified victim was NXP.

Enlarge / Still examples of images animated using Stable Video Diffusion by Stability AI. (credit: Stability AI)

On Tuesday, Stability AI released Stable Video Diffusion, a new free AI research tool that can turn any still image into a short video—with mixed results. It’s an open-weights preview of two AI models that use a technique called image-to-video, and it can run locally on a machine with an Nvidia GPU.

Last year, Stability AI made waves with the release of Stable Diffusion, an “open weights” image synthesis model that kick started a wave of open image synthesis and inspired a large community of hobbyists that have built off the technology with their own custom fine-tunings. Now Stability wants to do the same with AI video synthesis, although the tech is still in its infancy.

Right now, Stable Video Diffusion consists of two models: one that can produce image-to-video synthesis at 14 frames of length (called “SVD”), and another that generates 25 frames (called “SVD-XT”). They can operate at varying speeds from 3 to 30 frames per second, and they output short (typically 2-4 second-long) MP4 video clips at 576×1024 resolution.

Enlarge / A blog post from AWS chief evangelist Jeff Barr shows the Workspaces Thin Client setup. (credit: Jeff Barr/Amazon)

Amazon has turned its Fire TV Cube streaming device into a thin client optimized for Amazon Web Services (AWS).

Amazon’s Workspaces Thin Client also supports Amazon’s Workspaces Web, for accessing virtual desktops from a browser, and AppStream.

The computer is a Fire TV Cube with a new software stack. All the hardware—from the 2GB of LPDDR4x RAM and 16GB of storage, to the Arm processor with 8 cores, including four running at up to 2.2 GHz—remain identical whether buying the device as an Alexa-powered entertainment-streaming device or thin client computer. Both the Fire TV Cube and Workspaces Thin Client run an Android Open Source Project-based Android fork (for now).

Enlarge (credit: Aurich Lawson / Ars Technica)

Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday.

Both of the vulnerabilities, which were previously unknown to their manufacturers and to the security research community at large, allow for the remote execution of malicious code when the affected devices use default administrative credentials, according to an Akamai post. Unknown attackers have been exploiting the zero-days to compromise the devices so they can be infected with Mirai, a potent piece of open source software that makes routers, cameras, and other types of Internet of Things devices part of a botnet that’s capable of waging DDoSes of previously unimaginable sizes.

Akamai researchers said one of the zero-days under attack resides in one or more models of network video recorders. The other zero-day resides in an “outlet-based wireless LAN router built for hotels and residential applications.” The router is sold by a Japan-based manufacturer, which “produces multiple switches and routers.” The router feature being exploited is “a very common one,” and the researchers can’t rule out the possibility it’s being exploited in multiple router models sold by the manufacturer.