The largest collection of stolen passwords ever has been leaked to a notorious crime marketplace, according to cybersecurity researchers at Cybernews. This leak, dubbed RockYou2024 by its original poster “ObamaCare,” holds a file containing nearly 10 billion unique plaintext passwords. Allegedly gathered from a series of data breaches and hacks accumulated over several years, the passwords were posted on July 4th and hailed as the most extensive collection of stolen and leaked credentials ever seen on the forum. “In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” the researchers told Cybernews. “Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.” Credential stuffing attacks are among the most common methods criminals, ransomware affiliates, and state-sponsored hackers use to access services and systems. Threat actors could exploit the RockYou2024 password collection to conduct brute-force attacks against any unprotected system and “gain unauthorized access to various online accounts used by individuals whose passwords are included in the dataset,” the research team said. This could affect online services, cameras and hardware This could affect various targets, from online services to internet-facing cameras and industrial hardware. “Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” the team concluded. However, despite the seriousness of the data leak, it is important to note that RockYou2024 is primarily a compilation of previous password leaks, estimated to contain entries from a total of 4,000 massive databases of stolen credentials, covering at least two decades. This new file notably includes an earlier credentials database known as RockYou2021, which featured 8.4 billion passwords. RockYou2024 added approximately 1.5 billion passwords to the collection, spanning from 2021 through 2024, which, though a massive figure, is only a fraction of the reported 9,948,575,739 passwords in the leak. Thus, users who have changed their passwords since 2021 may not have to panic about a potential breach of their information. That said, the research team at Cybernews stressed the importance of maintaining data security. In response to the leak, they recommend immediately changing the passwords for any accounts associated with the leaked credentials, ensuring each password is strong and unique and not reused across different platforms. Additionally, they advised enabling multi-factor authentication (MFA), which requires an extra form of verification beyond the password, wherever possible, to strengthen cyber security. Lastly, tech users should utilize password manager software, which securely generates and stores complex passwords, mitigating the risk of password reuse across multiple accounts.

According to AndroidAuthority, the Linux kernel used by Android devices is mostly derived from Google's Android Universal Kernel (ACK) branch, which is created from the Android mainline kernel branch when new LTS versions are released upstream. For example, when kernel version 6.6 is announced as the latest LTS release, an ACK branch for Android15-6.6 appears shortly after, with the "android15" in the name referring to the Android version of the kernel (in this case, Android 15). Google maintains its own set of LTS kernel branches for three main reasons. First, Google can integrate upstream features that have not yet been released into the ACK branch by backporting or picking, so as to meet the specific needs of Android. Second, Google can include some features that are being developed upstream in the ACK branch ahead of time, making it available for Android devices as early as possible. Finally, Google can add some vendor or original equipment manufacturer (OEM) features for other Android partners to use. Once created, Google continues to update the ACK branch to include not only bug fixes for Android specific code, but also to integrate the LTS merge content of the upstream kernel branch. For example, the Linux kernel vulnerability disclosed in the July 2024 Android security bulletin will be fixed through these updates. However, it is not easy to distinguish a bug fix from other bug fixes, as a patch that fixes a bug may also accidentally plug a security vulnerability that the submitter did not know about or chose not to disclose. Google does its best to recognize this, but it inevitably misses the mark, resulting in bug fixes for the upstream Linux kernel being released months before Android devices. As a result, Google has been urging Android vendors to regularly update the LTS kernel to avoid being caught off guard by unexpectedly disclosed security vulnerabilities. Clearly, the LTS version of the Linux kernel is critical to the security of Android devices, helping Google and vendors deal with known and unknown security vulnerabilities. The longer the support period, the more timely security updates Google and vendors can provide to devices.

China is mulling over establishing a Brain-Computer Interface (BCI) standardization technical committee under its Ministry of Industry and Information Technology (MIIT), aiming to guide enterprises to enhance industrial standards and boost domestic innovation. The proposed committee, revealed by the MIIT on Monday, will work on composing a BCI standards roadmap for the entire industry development as well as the standards for the research and development of the key technologies involved, according to the MIIT. China has taken strides in developing the BCI industry over the years, not only providing abundant policy support but also generous financial investment, Li Wenyu, secretary of the Brain-Computer Interface Industrial Alliance, told the Global Times. From last year to 2024, both the central and local governments have successively issued relevant policies to support industrial development. The MIIT in 2023 rolled out a plan selecting and promoting a group of units with strong innovation capabilities to break through landmark technological products and accelerate the application of new technologies and products. The Beijing local government also released an action plan to accelerate the industry in the capital (2024-2030) this year. In 2023, there were no fewer than 20 publicly disclosed financing events for BCI companies in China, with a total disclosed amount exceeding 150 million yuan ($20.6 million), Li said. “The strong support from the government has injected momentum into industrial innovation.” The fact that China's BCI industry started later than Western countries such as the US is a reality, leading to the gap in China regarding technological breakthroughs, industrial synergy, and talent development, according to Li. To further close gaps and solve bottlenecks in BCI industrial development, Li suggested that the industry explore various technological approaches to suit different application scenarios and encourage more medical facilities powered by BCI to initiate clinical trials by optimizing the development of BCI-related ethics. Additionally, he highlighted that standard development is one of the aspects to enhance the overall level and competitiveness of the industry chain, which could, in turn, empower domestic BCI innovation. While China's BCI technology generally lags behind leading countries like the US in terms of system integration and clinical application, this has not hindered the release of Neucyber, which stands as China's first "high-performance invasive BCI." Neucyber, an invasive implanted BCI technology, was independently developed by Chinese scientists from the Chinese Institute for Brain Research in Beijing. Li Yuan, Business Development Director of Beijing Xinzhida Neurotechnology, the company that co-developed this BCI system, told the Global Times that the breakthrough of Neucyber could not have been achieved without the efforts of the institute gathering superior resources from various teams in Beijing. A group of mature talents were gathered within the institute, from specific fields involving electrodes, chips, algorithms, software, and materials, Li Yuan said. Shrugging off the outside world's focus on China’s competition with the US in this regard, Li Yuan said her team doesn’t want to be imaginative and talk too much, but strives to produce a set of products step by step that can be useful in actual applications. In addition, Li Wenyu also attributed the emergence of Neucyber to the independent research atmosphere and the well-established talent nurturing mechanism in the Chinese Institute for Brain Research. He said that to advance China’s BCI industry, it is necessary not only to cultivate domestic talents but also to introduce foreign talents to enhance China's research and innovation capabilities. The proposed plan for establishing the BCI standardization technical committee under the MIIT will solicit public opinions until July 30, 2024.

White House spokeswoman Karina Jean-Pierre denied a report in the U.S. media on the 8th that President Joseph Biden did not receive treatment for Parkinson's disease. Biden had the first televised debate of the 2024 presidential election with Republican opponent Donald Trump on June 27, and his poor performance on the spot triggered discussions about his physical condition. The New York Times reported that a doctor specializing in the treatment of Parkinson's disease had "visited" the White House eight times from August last year to March this year. Facing the media's questions about Biden's health, Jean-Pierre asked and answered himself at a regular White House press conference on the 8th: "Has the president received treatment for Parkinson's disease? No. Is he currently receiving treatment for Parkinson's disease? No, he is not. Is he taking medication for Parkinson's disease? No." Jean-Pierre said Biden had seen a neurologist three times, all related to his annual physical examination. She also took out the report issued by the doctor after Biden's most recent physical examination in February this year. The report said, "An extremely detailed neurological examination was once again reassuring" because no symptoms consistent with stroke, multiple sclerosis or Parkinson's disease were found. The doctor who went to the White House mentioned by the New York Times is Kevin Kanal, a neurology and movement disorder expert at the Walter Reed National Military Medical Center in Maryland and an authority on Parkinson's disease. Jean-Pierre suggested that the doctor might have come to treat military personnel on duty at the White House.

July 9 (Reuters) - The National Highway Traffic Safety Administration (NHTSA) has opened a recall query into 94,275 Stellantis-owned (STLAM.MI), opens new tab Jeep SUVs over a loss of motive power, the U.S. auto safety regulator said on Tuesday. The investigation targets Jeep's Wrangler 4xe hybrid SUVs manufactured between 2021 through 2024. Chrysler had previously recalled, opens new tab the same model in 2022 to address concerns related to an engine shutdown. A recall query is an investigation opened by safety regulators when a remedy to solve an issue appears inadequate. The complaints noted in the new report include both failures in vehicles that received the recall remedy and those not covered by the prior recall, the NHTSA said.