SoylentNews

An Anonymous Coward writes:

https://www.bleepingcomputer.com/news/software/mozilla-warns-users-to-update-firefox-before-certificate-expires/

  By Bill Toulas

        March 12, 2025 11:01 AM

Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates.

The Mozilla certificate is set to expire this Friday, March 14, 2025, and was used to sign content, including add-ons for various Mozilla projects and Firefox itself.

Users need to update their browsers to Firefox 128 (released in July 2024) or later and ESR 115.13 or later for 'Extended Support Release' (ESR) users.

"On 14 March a root certificate (the resource used to prove an add-on was approved by Mozilla) will expire, meaning Firefox users on versions older than 128 (or ESR 115) will not be able to use their add-ons," warns a Mozilla blog post.

"We want developers to be aware of this in case some of your users are on older versions of Firefox that may be impacted."

A Mozilla support document explains that failing to update Firefox could expose users to significant security risks and practical issues, which, according to Mozilla, include:

        Malicious add-ons can compromise user data or privacy by bypassing security protections.
        Untrusted certificates may allow users to visit fraudulent or insecure websites without warning.
        Compromised password alerts may stop working, leaving users unaware of potential account breaches.

Users are recommended to check and confirm they're running Firefox version 128 and later via Menu > Help > About Firefox. This action should also automatically trigger a check for updates.

It is noted that the problem impacts Firefox on all platforms, including Windows, Android, Linux, and macOS, except for iOS, where there's an independent root certificate management system.

Mozilla says that users relying on older versions of Firefox may continue using their browsers after the expiration of the certificate if they accept the security risks, but the software's performance and functionality may be severely impacted.

"We strongly advise you to update to the latest version to avoid these issues and ensure your browser stays secure and efficient," advises Mozilla.

Mozilla has also set up a support thread for users who encounter problems or need help updating their Firefox browsers.

Users of Firefox-based browsers like Tor, LibreWolf, and Waterfox should also ensure they're running a version based on Firefox 128 and later.

Original Submission

upstart writes:

Woolly mice are cute and impressive – but they won't bring back mammoths or save endangered species:

US company Colossal Biosciences has announced the creation of a "woolly mouse" — a laboratory mouse with a series of genetic modifications that lead to a woolly coat. The company claims this is the first step toward "de-extincting" the woolly mammoth.

The successful genetic modification of a laboratory mouse is a testament to the progress science has made in understanding gene function, developmental biology and genome editing. But does a woolly mouse really teach us anything about the woolly mammoth?

Woolly mammoths were cold-adapted members of the elephant family, which disappeared from mainland Siberia at the end of the last Ice Age around 10,000 years ago. The last surviving population, on Wrangel Island in the Arctic Ocean, went extinct about 4,000 years ago.

The house mouse (Mus musculus) is a far more familiar creature, which most of us know as a kitchen pest. It is also one of the most studied organisms in biology and medical research. We know more about this laboratory mouse than perhaps any other mammal besides humans.

Colossal details its new research in a pre-print paper, which has not yet been peer-reviewed. According to the paper, the researchers disrupted the normal function of seven different genes in laboratory mice via gene editing.

Six of these genes were targeted because a large body of existing research on the mouse model had already demonstrated their roles in hair-related traits, such as coat colour, texture and thickness.

The modifications in a seventh gene — FABP2 — was based on evidence from the woolly mammoth genome. The gene is involved in the transport of fats in the body.

Woolly mammoths had a slightly shorter version of the gene, which the researchers believe may have contributed to its adaptation to life in cold climates. However, the "woolly mice" with the mammoth-style variant of FABP2 did not show significant differences in body mass compared to regular lab mice.

Arthur T Knackerbracket has processed the following story:

Rust is alive and well in the Linux kernel and is expected to translate into noticeable benefits shortly, though its integration with the largely C-oriented codebase still looks uneasy.

In a hopeful coda to the recent maintainer drama that raised questions about the willingness of Linux maintainers to accommodate Rust code, Josh Aas, who oversees the Internet Security Research Group's Prossimo memory-safety project, late last week hailed Miguel Ojeda's work to advance memory safety in the kernel without mentioning the programming language schism.

"While our goal was never to rewrite the entire kernel in Rust, we are glad to see growing acceptance of Rust's benefits in various subsystems," said Aas. "Today, multiple companies have full time engineers dedicated to working on Rust in the Linux kernel."

Since at least September last year, when Microsoft software engineer Wedson Almeida Filho left the Rust for Linux project citing "non-technical nonsense," it's been clear that acceptance had limits. Tensions between Rust and C kernel contributors flared again in January over concerns about the challenges of maintaining a mixed language codebase – likened to cancer by one maintainer. Urged to intervene, Linux creator Linux Torvalds did so, making his annoyance known to both parties and prompting their departures as Linux maintainers.

Amid all that, Ojeda, who helms the Rust for Linux project, published a "Rust kernel policy" as a way to clarify that those contributing Rust code to the Linux kernel should stay the course and to underscore that Linux leaders still support the initiative.

According to Aas, the presence of Rust code is increasing in various Linux subsystems, including: PHY drivers, the null block driver, the DRM panic screen QR code generator, the Android binder driver, the Apple AGX GPU driver, the NVMe driver, and the Nova GPU driver.

"We expect that one of them will be merged into the mainline kernel in the next 12-18 months," said Aas, pointing to remarks from Linux lieutenant Greg Kroah-Hartman last November suggesting that the availability of Rust driver bindings represented a tipping point that would allow most driver subsystems to start getting Rust drivers.

Once this happens, said Aas, "the goal of the effort will start to be realized: Products and services running Linux with Rust drivers will be more secure, and that means the people using them will be more secure, too."

[...] "The good news is that with the rare exception of code that must be written in assembly for performance and/or security reasons (eg, cryptographic routines), we know how to get rid of memory safety vulnerabilities entirely: write code in languages that don't allow for those kinds of mistakes. It's a more or less solved research problem, and as such we don't need to suffer from this kind of thing any more. It can be relegated to the past like smallpox, we just have to do the work."

Between evocations of cancer and smallpox, it sounds like the Linux and Rust communities still have some issues to work out.

Original Submission

Arthur T Knackerbracket has processed the following story:

Researchers have criticised Microsoft's new Majorana 1 quantum computer, saying it has made claims about the way it works that aren't fully backed up by scientific evidence

Last month Microsoft announced, with fanfare, that it had created a new kind of matter and used it to make a quantum computer architecture that could lead to machines “capable of solving meaningful, industrial-scale problems in years, not decades”.

But since then, the tech giant has increasingly come under fire from researchers who say it has done nothing of the sort. “My impression is that the response of the expert physics community has been overwhelmingly negative. Privately, people are just outraged,” says Sergey Frolov at the University of Pittsburgh, Pennsylvania.

Microsoft’s claim rests on elusive and exotic quasiparticles called Majorana zero modes (MZMs). These can theoretically be used to create a topological qubit, a new type of quantum bit – the building blocks of information processing within a quantum computer. Because of their inherent properties, such qubits could excel at reducing errors, addressing a big shortcoming of all quantum computers in use today.

MZM’s have been theorised to emerge from the collective behaviour of electrons at the edges of thin superconducting wires. Microsoft’s new Majorana 1 chip contains several such wires and, according to the firm, enough MZMs to make eight topological qubits. A Microsoft spokesperson told New Scientist that the chip was “a significant breakthrough for us and the industry”.

Yet researchers say Microsoft hasn’t provided enough evidence to support these claims. Alongside its press announcement, the company published a paper in the journal Nature that it said confirmed its results. “The Nature paper marks peer-reviewed confirmation that Microsoft has not only been able to create Majorana particles, which help protect quantum information from random disturbance, but can also reliably measure that information from them,” said a Microsoft press release.

But editors at Nature made it explicitly clear that this statement is incorrect. A publicly available report on the peer-review process states: “The editorial team wishes to point out that the results in this manuscript do not represent evidence for the presence of Majorana zero modes in the reported devices.”

In other words, Microsoft and Nature are directly contradicting each other. “The press releases have said something totally different [than the Nature paper],” says Henry Legg at the University of St Andrews in the UK.

[...] This isn’t the only unorthodox aspect of Microsoft’s paper. Legg points out that two of the four peer reviewers initially gave rather critical and negative feedback which, in his experience, would typically disqualify a paper from publication in the prestigious journal. The peer-review report shows that by the last round of editing, one reviewer still disagreed with publication of the paper, while the other three signed off on it. A spokesperson for Nature told New Scientist that the ultimate decision to publish came down to the potential they saw for experiments with future MZMs in Microsoft’s device, rather than necessarily what it had achieved so far.

Original Submission

upstart writes:

DOGE axes CISA 'red team' staffers amid ongoing federal cuts:

Elon Musk's Department of Government Efficiency (DOGE) has fired more than a hundred employees working for the U.S. government's cybersecurity agency CISA, including "red team" staffers, two people affected by the layoffs told TechCrunch.

The people, who asked not to be named, said affected employees were axed immediately when their network access was revoked with no prior warning.

The layoffs, which happened in late February and early March, are the latest round of staff cuts to hit the federal cybersecurity agency since the start of the Trump administration.

CISA spokesperson Tess Hyre declined to comment on the latest round of job cuts affecting the agency and wouldn't say how many employees had been affected. Hyre told TechCrunch that CISA's red team "remains operational" but said the agency is "reviewing all contracts to ensure that they align with the priorities of the new administration."

One of the people affected told TechCrunch that CISA red team employees, who simulate real-world attacks to identify security weaknesses in networks before attackers do, were affected by the DOGE-enforced cuts.

Another person affected by the layoffs, who asked to remain anonymous due to fear of government retaliation, told TechCrunch that laid-off employees also include staffers who worked for CISA's Cyber Incident Response Team (CIRT), which is responsible for penetration testing and vulnerability management of networks belonging to U.S. federal government departments and agencies.

[...] This is by our count the third known round of job cuts to affect CISA employees since January 20. More than 130 CISA employees were cut by DOGE earlier in February, according to reports, and several CISA employees working on election security were placed on leave in January.

Original Submission

upstart writes:

Where will the 'Blood Moon' total lunar eclipse be visible in March 2025?A total lunar eclipse on March 13-14, 2025, will be visible across Earth's night side:

A total lunar eclipse will occur on March 13-14, 2025 — the first on Earth since 2022 — but only the night side of the planet will get to see it. During this global event, which will occur at the same time across the world, the lunar surface will turn reddish for 65 minutes — a phenomenon often dubbed a "blood moon."

Although the point of greatest eclipse will be in the Pacific Ocean, North America and South America will get the best views. Some areas of Europe will get a slight view of the moonset, and East Asia will glimpse the spectacle at moonrise.

[...] The total lunar eclipse on March 13-14, 2025, will last just over six hours, beginning with a penumbral eclipse — when the moon enters Earth's fuzzy outer shadow and loses brightness — from 11:57 p.m. to 1:09 a.m. EDT (03:57 to 05:09 UTC). There will then be a partial phase — when the moon begins to enter Earth's darker umbral shadow and starts to turn red — from 1:09 a.m. to 2:26 a.m. (05:09 to 06:26 UTC). Totality — when the whole moon is within Earth's umbra — will last 65 minutes, from 2:26 a.m. to 3:31 a.m. EDT (06:26 to 07:31 UTC). The spectacle then reverses, with totality followed by a partial phase from 3:31 to 4:47 a.m. (07:31 to 08:47 UTC) and a penumbral phase from 4:47 to 6 a.m. EDT (08:47 to 10:00 UTC).

The entire eclipse will be visible — and at its best — across most of the Americas, with glimpses for Europe, Africa and East Asia. Here's a breakdown of the eclipse's visibility by region:

• North America: All phases of the eclipse will be visible across all 50 U.S. states (including Alaska and Hawaii), Canada and Mexico.
• South America: Most of the continent will witness the entire event, with totality visible from Brazil, Argentina and Chile starting after midnight on March 14.
• Europe: Western Europe — including Spain, France and the U.K. — will see totality as the moon sets early on the morning of March 14.
• Africa: Extreme Western Africa — including Cape Verde, Morocco and Senegal — will see totality as the moon sets early on the morning of March 14.
• Oceania: New Zealanders will see the eclipse in its later stages, with the moon already in partial shadow as it rises on March 14.

[...] Europe gets a poor view of this total lunar eclipse. In London, the penumbral phase will be viewable from 3:47 a.m. GMT on March 14 and the partial phase from 5:09 a.m. GMT. However, the full moon will set at 6:22 a.m. GMT, just before totality begins, so the only spectacle will be a barely distinguishable line of Earth's shadow across the moon as it sinks into the western horizon. Locations farther west get a slightly better view. From Cardiff, Wales, totality will begin at 6:26 a.m. GMT, 10 minutes before the local moonset, while in Dublin, the local moonset isn't until 6:48 a.m. GMT.

Arguably, the only locations in Europe to see this eclipse in an impressive way are Iceland and Greenland. From Reykjavik, Iceland, totality occurs between 06:26 and 7:31 a.m. GMT, and the local moonset isn't until 7:58 a.m.

Original Submission

Fnord666 writes:

The Hacker News has an interesting article on a PHP-CGI RCE flaw that is being exploited in the wild.

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.

"The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical report published Thursday.

"The attacker utilizes plugins of the publicly available Cobalt Strike kit 'TaoWu' for-post exploitation activities."

Targets of the malicious activity encompass companies across technology, telecommunications, entertainment, education, and e-commerce sectors in Japan.

[...] "We assess with moderate confidence that the attacker's motive extends beyond just credential harvesting, based on our observation of other post-exploitation activities, such as establishing persistence, elevating to SYSTEM level privilege, and potential access to adversarial frameworks, indicating the likelihood of future attacks," Raghuprasad said.

Original Submission

upstart writes:

Disney is reportedly cutting staff across ABC News Group and its entertainment network as media layoffs continue:

The popular political poll news and analysis website, 538, is being shut down as part of a broader shuttering effort across ABC News and Disney Entertainment, the Wall Street Journal reported on Tuesday night.

Disney is reportedly cutting 200 positions across ABC News Group and Disney Entertainment Networks, including shutting down the data-driven 538.

[...] FiveThirtyEight, which is named after the number of electors in the US electoral college, has become a popular website for predictions, analysis and watching the polls in the months and days leading up to election night.

But the website's workforce had been slowly dwindling for a couple of years. The 15 employees still with the outlet make up less than half of the team from 2023, when it had about 35 employees.

The decline began when 538's founder, Nate Silver, left the company two years ago when his Disney contract expired.

[...] The broader media landscape has been hit with mass layoffs seemingly nonstop for months. Last month, MSNBC announced a massive shakeup at the network that included letting go of Joy Reid and her production team, as well as no longer using the Spanish-language network Telemundo.

Original Submission

upstart writes:

Short-cut method pinpoints a galaxy apparently formed from just hydrogen and helium:

Staring deep into space and far back in time, a team of astronomers may have spotted a galaxy full of stars made from only the primordial gas created in the Big Bang. Such "population III stars" would have formed from hydrogen and helium and nothing else, and researchers have been searching for them for decades, racking up many disputed sightings. If confirmed, the discovery, made with NASA's JWST space observatory, opens a window on the starting point of the chemical enrichment of the universe, in which the heavier elements needed to make planets and life began to be forged in stellar explosions.

"It's very exciting," says astronomer Elka Rusta of the University of Florence. "We hypothesize that [population III stars] exist from theory, but they have never been directly observed."

The nature of population III stars remains uncertain. Most theorists think they were huge, with masses up to 1000 times that of the Sun, 10 times larger than any star around today. That's because a cloud of gas collapsing to form a star needs to cool, which requires ionizing the atoms in the gas when they collide. But tightly bound hydrogen and helium atoms are hard to ionize, unlike the heavier elements found in later generations of stars. So a cloud of primordial gas would just keep growing as it pulled in more gas under its own gravity, reaching an enormous size before finally becoming dense enough to ignite nuclear fusion in its core.

The gigantic stars that resulted would also burn hot and fast, ending in a supernova explosion after just a few million years. That brief first flash of population III stars is hard for astronomers to spot in galaxies that went on to shine steadily for billions of years with smaller, longer lived stars. But the spectrum of the light from the giant stars might give them away. Different elements absorb and emit characteristic wavelengths of light. Population III stars would produce very strong emission lines for hydrogen and helium and would lack completely spectral lines produced by heavier elements.

canopic jug writes:

These days most ISPs allow self-hosting to some extent. Programmer Mira Welner has published a 15-step tutorial to getting a working static web site up and running on a Raspberry Pi:

While tutorials abound in regards to getting a basic webserver set up, there is a difference between a functional server and a good usable website. I've been working on getting my personal site set up over the course of the past five years, spending an hour or so every month working on improving the Pi. I never intended for this personal project to become so lengthy or complex, but eventually I ended up with a fairly robust system for running, maintaining, and editing my website. This tutorial will describe what I've learned throughout the process of creating this site in 15 steps, so that you can use it to create and maintain your own sites.

This tutorial assumes that you already know how to use the command line, and that you have some understanding of HTML and CSS. That is about it.

Any always-on system is going to need to draw as little current as possible, and it is hard to beat a Raspberry Pi Zero 2 W which uses under 150 mA. This tutorial stands out as better than most others because of the small details filled in necessary to go from "Hello, World" page to a working, public web site.

Previously:
(2025) AI Haters Build Tarpits to Trap and Trick AI Scrapers That Ignore Robots.Txt
(2025) A Better DIY Seismometer Can Detect Faraway Earthquakes
(2024) How the Raspberry Pi is Transforming Synthesizers
(2023) Free Raspberry Pi 4B in Abandoned Scooters
... and many more.

Original Submission

X Outage: Thousands Report Issues With Elon Musk's Platform

upstart writes:

X outage: Thousands report issues with Elon Musk's platform:

Elon Musk's social media platform X, formerly known as Twitter, experienced massive outages throughout Monday morning that impacted thousands of users in the US and UK.

The outage came as platform monitor Downdetector said it had seen tens of thousands of reports from US users of technical issues affecting the platform.

There were more than 8,000 outage reports from UK users shortly before 14:00 GMT, following a brief but notable surge of reports on Monday morning.

Connection issues lasted for some users into the afternoon.

Many users trying to access the platform and refresh feeds on its app and desktop site during Monday's outages were met with a loading icon.

Musk claims the outages stemmed from a "massive cyber-attack" that originated "in the Ukraine area".

But the technology billionaire, who has been a frequent critic of Ukraine and its President Volodymyr Zelensky, offered no evidence to support the claim and did not say whether or not he thought state actors were involved.

Earlier, he posted on X that "either a large, coordinated group and/or a country is involved".

[...] "We're not sure exactly what happened but there was a massive cyber-attack to try and bring down the X system with [Internet Protocol] addresses originating in the Ukraine area," Musk said in an interview with the Fox Business channel.

Alp Toker, director of Netblocks, which monitors the connectivity of web services, said its own metrics suggested the outages could well be linked to a cyber-attack.

"What we've been seeing is consistent with what we've seen in past denial of service attacks, rather than a configuration or coding error in the platform," he told the BBC.

Elon Musk Claims X Being Targeted in 'Massive Cyberattack' as Service Goes Down

upstart writes:

Elon Musk claims X being targeted in 'massive cyberattack' as service goes down:

Elon Musk's X social media platform is experiencing multiple outages. Downdetector.com says more than 28,000 users reported an outage at 11:28 a.m.

The social media platform X (FKA Twitter) went down three separate times with the longest outage lasting several hours starting around 7 a.m. PT/10 a.m. ET.

No official words has come from X save for a single tweet from owner Elon Musk claiming that the outage was due to a 'massive cyberattack.'

More than 40,000 Downdetector reports poured in from users during the second outage — around 35,000 during the third outage — stating that they couldn't even get the X website to load, and it spiked hard again for a third one.

Elon Musk Says DOGE Involvement is Making It Harder to Run His Businesses

upstart writes:

Elon Musk says DOGE involvement is making it harder to run his businesses:

In an interview with Fox's Larry Kudlow on Monday, billionaire Elon Musk admitted that his involvement with the Department of Government Efficiency (DOGE), Donald Trump's initiative to reduce federal spending, is making it tougher to run his many businesses: X, Tesla, xAI, SpaceX, The Boring Company, Neuralink, and Starlink.

"How are you running your other businesses?" Kudlow asked at one point. "With great difficulty," Musk replied. "Frankly, I can't believe I'm here doing this."

Musk and DOGE, which has around 100 staffers — a number that Musk expects to climb to 200 — have been criticized for overpromising and underdelivering on spending cuts across U.S government agencies. Government contracting experts say that DOGE's online record of reductions contains inaccurate information and inflates claims of "savings" by including misleading math about contract cancellations.

DOGE has also put the U.S.'s data and computing infrastructure at risk through its work, according to cybersecurity analysts. DOGE staffers, some of whom have little experience working with government systems, have reportedly accessed agency data through insecure means and copied that data onto unprotected servers.

[...] While Musk complains that his work advising DOGE has stretched him thin, the billionaire has been accused of using the initiative to weaken regulations that oversee his business ventures.

When asked by Kudlow if he would extend his involvement in DOGE by "another year," Musk said, "Yeah." "We're just getting things done, as opposed to writing a report," Musk added. "Like, reports don't mean anything. You've got to actually take action."

Original Submission #1  Original Submission #2  Original Submission #3 

A Paleoarchaean Impact Crater in the Pilbara Craton, Western Australia

upstart writes:

A Paleoarchaean impact crater in the Pilbara Craton, Western Australia:

The role of meteorite impacts in the origin, modification, and destruction of crust during the first two billion years of Earth history (4.5–2.5 billion years ago; Ga) is disputed. Whereas some argue for a relatively minor contribution overall, others have proposed that individual giant impactors (10–50 km diameter) can initiate subduction zones and deep mantle plumes, arguably triggering a chain of events that formed cratons, the ancient nuclei of the continents. The uncertainty is compounded by the seeming absence of impact structures older than 2.23 Ga, such that the evidence for the terrestrial impact flux in the Hadean and Archaean eons is circumstantial. Here, we report the discovery of shatter cones in a complex, dominantly metasedimentary layer, the Antarctic Creek Member (ACM), in the centre of the East Pilbara Terrane, Western Australia, which provide unequivocal evidence for a hypervelocity meteorite impact. The shocked rocks of the crater floor are overlain by (unshocked) carbonate breccias and pillow lavas, stratigraphically constraining the age of the impact to 3.47 Ga and confirming discovery of the only Archaean crater known thus far.

With more than a million craters exceeding 1 km in diameter, and around forty more than 100 km across1,2, the Moon preserves an exquisite record of the intense bombardment endured by bodies in the inner solar system during the first billion years or so of its history (Fig. 1a)3. On Earth, this early impact record has seemingly been lost, reflecting the destructive efficiency of erosion and subduction in recycling primary (basaltic, oceanic) crust back into the convecting mantle. Nevertheless, the oldest parts of many cratons, the ancient Archaean (4.0–2.5 billion years ago; Ga) nuclei of the continents, formed at or before 3.5 Ga4, and should preserve some evidence for an impact flux that would have exceeded that of a similar area of the Moon of comparable age5,6,7 (Fig. 1a). However, the oldest recognized terrestrial impact structure, at Yarrabubba, Western Australia, is dated at 2.23 Ga8. Where are all the Archaean craters?

Finding direct evidence for Archaean impacts (i.e., craters or impact structures8), and thereby better constraining the Archaean impact flux, is important. Large impactors (here bodies or  10 km in diameter) travelling in excess of 10 km.s–1 deliver enormous quantities of kinetic energy, most of which will decay to heat, warming the crust and upper mantle9, with potential consequences for plausible tectonic modes on the early Earth10,11. Further, numerical models have shown that individual bolide impacts can instigate subduction, mantle upwellings (plumes), and voluminous production of primary (basaltic) crust12,13,14. Moreover, impacts provide a ready mechanism to fracture (brecciate) the crust and, in the presence of a hydrosphere15, drive intense hydrothermal alteration of this regolith, concentrating key mineral deposits16. Notably, impact craters may have provided the physical and chemical environments required for life to emerge on Earth and elsewhere17,18.

An Anonymous Coward writes:

https://www.theregister.com/2025/03/10/infosec_in_brief/

Infosec in Brief -- Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves.

Discovered by Microsoft Threat Intelligence late last year, the campaign saw pirate vid-streaming websites embed malvertising redirectors to generate pay-per-view or pay-per-click revenue from malvertising platforms.

"These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub," according to Microsoft's threat research team.

GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths.

Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."

The attackers built four to five redirect layers in the campaign, each of which followed on from the GitHub dropper to install more nastiness that it appears were designed to steal information including stored browser credentials.

Microsoft noted that the malicious repos have since been taken down, and provided plenty of indicators of compromise and other valuable information in its report to aid in hunting down and stopping related campaigns.

Original Submission

upstart writes:

US supreme court weakens rules on discharge of raw sewage into water supplies:

The US supreme court has weakened rules on the discharge of raw sewage into water supplies in a 5-4 ruling that undermines the 1972 Clean Water Act.

The CWA is the principal law governing pollution control and water quality of the nation's waterways.

The Republican super majority court ruled on Tuesday that the Environmental Protection Agency (EPA) cannot employ generic, water body-focused pollution discharge limits to Clean Water Act permit holders, and must provide specific limitations to pollution permittees.

The ruling is a win for San Francisco, which challenged nonspecific, or "narrative," wastewater permits that the EPA issues to protect the quality of surface water sources like rivers and streams relied upon for drinking water.

In a 5-4 ruling written by Justice Samuel Alito, the court blocked the EPA from issuing permits that make a permittee responsible for surface water quality, or "end result" permits – a new term coined by the court.

"The agency has adequate tools to obtain needed information from permittees without resorting to end-result requirements," wrote Justice Samuel Alito, who was joined by Chief Justice John Roberts and Justices Clarence Thomas and Brett Kavanaugh, along with Justice Neil Gorsuch, who joined part of the majority opinion.

An Anonymous Coward writes:

[Ed note: Most of the headlines for this story uses the security vendor's description of this is a "backdoor", which is getting called out as deliberate clickbait and hype given the physical access needed to load malicious code --hubie]

Undocumented commands found in Bluetooth chip used by a billion devices

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.