SoylentNews

upstart writes in with an IRC submission for carny:

Hackers actively exploit high-severity networking vulnerabilities:

Hackers are actively exploiting two unrelated high-severity vulnerabilities that allow unauthenticated access or even a complete takeover of networks run by Fortune 500 companies and government organizations.

The most serious exploits are targeting a critical vulnerability in F5's Big-IP advanced delivery controler, a device that's typically placed between a perimeter firewall and a Web application to handle load balancing and other tasks. The vulnerability, which F5 patched three weeks ago, allows unauthenticated attackers to remotely run commands or code of their choice. Attackers can then use their control of the device to hijack the internal network it's connected to.

[...] Attackers are exploiting a second vulnerability found in two network products sold by Cisco. Tracked as CVE-2020-3452, the path traversal flaw resides in the company's Adaptive Security Appliance and Firepower Threat Defense systems. It allows unauthenticated people to remotely view sensitive files that among other things can disclose WebVPN configurations, bookmarks, web cookies, partial web content, and HTTP URLs. Cisco issued a patch on Wednesday. A day later, it updated its advisory.

[...] The impact of these vulnerabilities—particularly the one affecting F5 customers—is serious. These in-the-wild attacks provide ample reason to occupy the weekend of any IT administrators who have yet to patch their vulnerable systems.

Original Submission

upstart writes in with an IRC submission for RandomFactor:

i thought it was lobsters

Crown-of-thorns starfish 'cockroach of the ocean' and much more resilient than previously thought - ABC News:

It's hard to comprehend the destruction this ethereal creature could do in its lifetime — a juvenile crown-of-thorns starfish, raised in a lab where researchers have discovered worrying new findings about its progression into adulthood.

Research published today from the University of Sydney and Southern Cross University's National Marine Science Centre in Coffs Harbour has found the crown-of-thorns starfish will eat a much more varied diet as juveniles than previously thought, making them worryingly resilient.

As juveniles the crown-of-thorns starfish are vegetarian, favouring a particular type of algae.

But the study found they they would eat much more in order to survive.

"We initially thought that they only ate crustose coralline algae but we found that they can also eat biofilm, which is a mixture of diatoms, bacteria, and other microorganisms that grow pretty much everywhere in the ocean," Dr Mos said.

The findings offer a significant change in thought on the life cycle of the crown-of-thorns starfish, and raises the spectre of it being a much more dangerous predator.

Journal Reference:
Dione J. Deaker, Benjamin Mos, Huang-An Lin, et al. Diet flexibility and growth of the early herbivorous juvenile crown-of-thorns sea star, implications for its boom-bust population dynamics, PLOS ONE (DOI: 10.1371/journal.pone.0236142)

Original Submission

upstart writes in with an IRC submission for RandomFactor:

brexit means brexit

UK formally abandons Europe's Unified Patent Court, Germany plans to move forward nevertheless:

The UK has formally ditched the Unified Patent Court (UPC), a project to create a single pan-European patent system that would fix the confusing mess of contradictory laws currently in place.

In a written statement in the House of Commons on Monday, the British undersecretary for science, research and innovation Amanda Solloway noted that: "Today, by means of a Note Verbale, the United Kingdom of Great Britain and Northern Ireland has withdrawn its ratification of the Agreement on a Unified Patent Court."

The reason is, of course Brexit. "In view of the United Kingdom's withdrawal from the European Union, the United Kingdom no longer wishes to be a party to the Unified Patent Court system. Participating in a court that applies EU law and is bound by the CJEU would be inconsistent with the Government's aims of becoming an independent self-governing nation," she said.

[...] The whole idea of the UPC has been fought for over a decade now, making many its adherents borderline fanatical in making it a reality, even more so given frequent setbacks. In their unerring support, however, many seem willing to overlook or turn a blind eye to serious problems, not least of which is the mess that is the European Patent Office (EPO).

[...] The EPO is, of course, a big fan of the UPC and insists the UK leaving is a mere trifle to the larger European dream of a single patent system; a system that would give it significantly more power:

"These economic benefits for European companies and especially SMEs will not be affected by the announcement of the United Kingdom," it insisted in its submission to the German government.

"Even without the UK, the UP package will lead to significant simplification and cost reduction for the companies of the participating EU member states, which is also largely recognized by European companies."

Original Submission

upstart writes in with an IRC submission:

World's smallest imaging device can 3D-scan inside your blood vessels:

An Australian/German team has developed the world's smallest imaging device, at the thickness of a human hair. It's capable of travelling down the blood vessels of mice, offering unprecedented abilities to 3D-scan the body at microscopic resolutions.

[...] With this breakthrough, the team has built an OCT scanning device small enough to be pushed through blood vessels in the body. This ultra-thin probe can be rotated and slowly pulled backwards to build up a 3D map of its surroundings to a depth around half a millimeter below the surface. It offers unprecedented abilities to scan the vascular system of the body for the plaques, made up of fats, cholesterol and other substances, that tend to build up in blood vessel walls and lead to heart disease.

The team performed successful tests of the device in both human and mouse blood vessels, demonstrating its ability to deliver quality OCT images and the flexibility to get where it needs to go in the body. Its precisely printed lens allows the scanner to image depths five times deeper than previous attempts, and the researchers believe this tiny probe could open up new scanning options in hard-to-reach places like the cochlea of the ear and potentially even parts of the nervous system.

Original Submission

upstart writes in with an IRC submission:

Mundane behavioral decisions, actions can be 'misremembered' as done:

Mundane behaviors that are repeated over time and occur in the context of many other similar behaviors can lead people to conflate intentions and behaviors and create false memories of completing the task, said Dolores Albarracin, a professor of psychology and marketing at Illinois and the director of the Social Action Lab.

"Intentions and making plans typically improve task execution. We need them to function in society, to realize our goals and to get along with others," she said. "But when we form an intention in the moment such as 'I'm going to sign that form now,' and it's an activity we routinely perform, we want to complete the task when we form the intention. Otherwise, we don't actually sign the form. And the reason why is because the thought of wanting to sign the form can be misremembered as actually having signed it, in which case we'd be better off not having formed the intention to sign the form in the first place."

[...] "Our results highlight that behaviors will look to be more consistent with intentions when the behavior is routine," she said. "The finding implies we should be more aware of the potential for error in these similarly trivial behaviors."

The paper has implications for health care settings and any other situation where self-reporting of following through on an action is critical, Albarracin said.

"The fulfillment of routine, repeated behaviors can have meaningful consequences, and are part of, if not central to, many practical contexts," Albarracin said. "More generally, understanding the complexity of the intention-behavior link and the possible unexpected effects of intention formation is essential to promote beneficial behaviors in many domains, ranging from financial decisions to a person's health."

Journal Reference:
Mistaking an Intention for a Behavior: The Case of Enacting Behavioral Decisions Versus Simply Intending to Enact Them:, Personality and Social Psychology Bulletin (DOI: 10.1177/0146167220929203)

Original Submission

upstart writes in with an IRC submission for RandomFactor:

Google will use authenticated logos to reduce Gmail phishing:

Google will trial a new security feature in Gmail that shows a brand's logo as an avatar to help you know an email is genuine, the company has announced. The functionality uses the Brand Indicators for Message Identification (BIMI) standard, whose working group Google joined last year, and will be tested with a limited number of senders in the coming weeks.

According to Google, authentication with BIMI can make recipients more confident about the source of an email, which scammers try and obscure to get people to click on malicious links and/or give up their personal details in a phishing attack. Google will use BIMI in conjunction with another technology, DMARC, which tries to stop scammers from forging the "from" address of an email to pretend it's coming from a legitimate source.

As Engadget notes, the technology is similar to verified badges social networks use for official celebrity and brand accounts. Google says it's using two Certification Authorities to validate who owns any particular logo: Entrust Datacard and DigiCert. Google expects to make BIMI more widely available for brands to use in the coming months.

Original Submission

upstart writes in with an IRC submission:

Nobel Prize banquet cancelled over coronavirus: Nobel Foundation:

The Nobel Foundation, which manages the Nobel Prizes, on Tuesday cancelled its traditional December banquet due to the COVID-19 pandemic, though the award ceremonies will still be held in "new forms".

This is the first time since 1956 that the banquet has been cancelled, according to the foundation.

"The Nobel week will not be as it usually is due to the current pandemic. This is a very special year when everyone needs to make sacrifices and adapt to completely new circumstances," Lars Heikensten, director of the Nobel Foundation, said in a statement.

Heikensten added that the laureates would be highlighted in "different ways" along with "their discoveries and works".

[...] The Nobel banquet was last cancelled in 1956 to avoid inviting the Soviet ambassador because of the repression of the Hungarian Revolution, a Nobel Foundation spokeswoman said.

The banquet was also cancelled during the two world wars, and in 1907 and 1924.

Original Submission

upstart writes in with an IRC submission for RandomFactor:

The Hero We Need.

A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs:

An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected.

The sabotage, which started three days ago, on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation.

According to Cryptolaemus, a group of white-hat security researchers tracking the Emotet botnet, the vigilante is now poisoning around a quarter of all Emotet's payload downloads.

[...] According to Cryptolaemus member Joseph Roosen, the Emotet gang is more than aware of this issue. In a conversation yesterday, Roosen told ZDNet the Emotet botnet has been down on Thursday, as the Emotet gang apparently tried to root out the attacker from their web shells network.

Despite Emotet's efforts, Roosen said that today, the vigilante was still present and replacing Emotet payloads with GIF files, albeit the Emotet gang was quicker than before at spotting the "replacement" and restoring the original payload.

Overall, the defacements appear to have caused Emotet activity to seriously go down this week.

Original Submission

takyon writes:

Intel's 7nm is Broken, Company Announces Delay Until 2022, 2023 (archive)

Intel announced today in its Q2 2020 earnings release that it has now delayed the rollout of its 7nm CPUs by six months relative to its previously-planned release date, undoubtedly resulting in wide-ranging delays to the company's roadmaps. Intel's press release also says that yields for its 7nm process are now twelve months behind the company's internal targets, meaning the company isn't currently on track to produce its 7nm process in an economically viable way. The company now says its 7nm CPUs will not debut on the market until late 2022 or early 2023.

[...] On the earnings call, Intel CEO Bob Swan said the company had identified a "defect mode" in its 7nm process that caused yield degradation issues. As a result, Intel has invested in "contingency plans," which Swan later defined as including using third-party foundries. The company will also use external third-party foundries for its forthcoming 7nm Ponte Vecchio GPUs, the company's first graphics chips. Ponte Vecchio comes as a chiplet-based design, and Swan clarified that production for some of the chiplets (tiles) will be outsourced to third parties. Swan noted the GPUs will come in late 2021 or early 2022, portending a delay beyond the original schedule for a 2021 launch in the exascale Aurora supercomputer.

[...] Intel's first 10nm desktop CPUs, Alder Lake, will arrive in the second half of 2021.

See also: Intel Reports Q2 2020 Earnings: Data Center Sales Fuel Another Record Quarter
Intel 7nm Delayed By 6 Months; Company to Take "Pragmatic" Approach in Using Third-Party Fabs
Intel Roadmap Update: Alder Lake In H2'21, Ice Lake-SP Late This Year

Original Submission

upstart writes in with an IRC submission:

Legal Risks of Adversarial Machine Learning Research:

Adversarial machine learning (ML), the study of subverting ML systems, is moving at a rapid pace. Researchers have written more than 2,000 papers examining this phenomenon in the last 6 years. This research has real-world consequences. Researchers have used adversarial ML techniques to identify flaws in Facebook's micro-targeting ad platform, expose vulnerabilities in Tesla's self driving cars, replicate ML models hosted in Microsoft, Google and IBM, and evade anti-virus engines.

Studying or testing the security of any operational system potentially runs afoul of the Computer Fraud and Abuse Act (CFAA), the primary federal statute that creates liability for hacking. The broad scope of the CFAA has been heavily criticized, with security researchers among the most vocal. They argue the CFAA — with its rigid requirements and heavy penalties — has a chilling effect on security research. Adversarial ML security research is no different.

In a new paper, Jonathon Penney, Bruce Schneier, Kendra Albert, and I examine the potential legal risks to adversarial Machine Learning researchers when they attack ML systems and the implications of the upcoming U.S. Supreme Court case Van Buren v. United States for the adversarial ML field. This work was published at the Law and Machine Learning Workshop held at 2020 International Conference on Machine Learning (ICML).

Original Submission

An Anonymous Coward writes:

https://www.bbc.com/news/world-europe-53518238

The US State Department described the recent use of "what would appear to be actual in-orbit anti-satellite weaponry" as concerning.

Russia's defence ministry earlier said it was using new technology to perform checks on Russian space equipment.

The US has previously raised concerns about new Russian satellite activity.

But it is the first time the UK has made accusations about Russian test-firing in space.

[...] The head of the UK's space directorate, Air Vice Marshal Harvey Smyth, said he was also concerned about the latest Russian satellite test, which he said had the "characteristics of a weapon".

"Actions like this threaten the peaceful use of space and risk causing debris that could pose a threat to satellites and the space systems on which the world depends," he said. He urged Russia to be "responsible" and to "avoid any further such testing".

[...] The US said the Russian satellite system was the same one it raised concerns about in 2018 and earlier this year when the US accused it of manoeuvring close to an American satellite.

Original Submission

upstart writes in with an IRC submission:

Gedmatch confirms data breach after users' DNA profile data made available to police – TechCrunch:

Gedmatch, the DNA analysis site that police used to catch the so-called Golden State Killer, was pulled briefly offline on Sunday while its parent company investigated how its users' DNA profile data apparently became available to law enforcement searches.

[...] In a statement on Wednesday, the company told users by email that it was hit by two security breaches on July 19 and July 20.

"We became aware of the situation a short time later and immediately took the site down. As a result of the breach, all user permissions were reset, making all profiles visible to all users," the email read. "This was the case for approximately 3 hours. During this time, users who did not opt-in for law enforcement matching were also available for law enforcement matching, and conversely, all law enforcement profiles were made visible to Gedmatch users."

The statement said that the second breach caused user's settings to reset, allowing law enforcement to search profile data for users who had previously opted out.

At the time of writing, Gedmatch's website was offline.

Original Submission

upstart writes in with an IRC submission for RandomFactor:

Space Force unveils logo, 'Semper Supra' motto - SpaceNews:

The U.S. Space Force revealed its new logo and motto as the service seeks to build branding and cultural identity.

The black-and-silver service logo unveiled July 22 has the delta wing as its central element that is also found in the Space Force seal and flag. There is a "Space Force" horizontally shaped logo and a USSF vertical logo.

The Space Force motto "Semper Supra" means "always above." It represents the service's role in establishing, maintaining and preserving U.S. freedom of operations in the ultimate high ground, a Space Force spokesman said.

The logo was designed by the Department of the Air Force's advertising agency GSD&M.

Original Submission

upstart writes in with an IRC submission:

Lab-made virus infects cells, interacts with antibodies just like SARS-CoV-2:

Airborne and potentially deadly, the virus that causes COVID-19 can only be studied safely under high-level biosafety conditions. Scientists handling the infectious virus must wear full-body biohazard suits with pressurized respirators, and work inside laboratories with multiple containment levels and specialized ventilation systems. While necessary to protect laboratory workers, these safety precautions slow down efforts to find drugs and vaccines for COVID-19 since many scientists lack access to the required biosafety facilities.

To help remedy that, researchers at Washington University School of Medicine in St. Louis have developed a hybrid virus that will enable more scientists to enter the fight against the pandemic. The researchers genetically modified a mild virus by swapping one of its genes for one from SARS-CoV-2, the virus that causes COVID-19. The resulting hybrid virus infects cells and is recognized by antibodies just like SARS-CoV-2, but can be handled under ordinary laboratory safety conditions.

The study is available online in Cell Host & Microbe.

I've never had this many requests for a scientific material in such a short period of time. We've distributed the virus to researchers in Argentina, Brazil, Mexico, Canada and, of course, all over the U.S. We have requests pending from the U.K. and Germany. Even before we published, people heard that we were working on this and started requesting the material."

Sean Whelan, PhD, co-senior author, the Marvin A. Brennecke Distinguished Professor and head of the Department of Molecular Microbiology

[...] Since the hybrid virus looks like SARS-CoV-2 to the immune system but does not cause severe disease, it is a potential vaccine candidate, Diamond added. He, Whelan and colleagues are conducting animal studies to evaluate the possibility.

Journal Reference:
Case, J.B., et al. (2020) Neutralizing antibody and soluble ACE2 inhibition of a replication-competent VSV-SARS-CoV-2 and a clinical isolate of SARS-CoV-2. Cell Host & Microbe. doi.org/10.1016/j.chom.2020.06.021.

Original Submission

Phoenix666 writes:

Science Magazine:

Astronomers know of thousands of planets around other stars, yet only a handful have been imaged directly. The existence of the rest is inferred by how they affect their stars.

Now the world's largest optical telescope has directly spied a new planetary system—the first time more than one planet has been imaged around a star like our Sun. Astronomers used the European Southern Observatory's Very Large Telescope (VLT) to observe the Sun-like star TYC 8998-760-1, 300 light-years from Earth. Using the VLT's Spectro-Polarimetric High-contrast Exoplanet Research (SPHERE) instrument, which is equipped with an optical mask called a coronagraph to block out a star's light, they were able to see two planets orbiting it [pictured here], as reported today in The Astrophysical Journal Letters. Some light from the star can be seen in the image above (center left) as well as the two giant planets (right) and a scattering of background stars.

The star system is very young at 17 million years old.

Also at AstronomyNow.

Journal Reference:
Alexander J. Bohn, Matthew A. Kenworthy, Christian Ginski, et al. Two Directly Imaged, Wide-orbit Giant Planets around the Young, Solar Analog TYC 8998-760-1 - IOPscience, The Astrophysical Journal Letters (DOI: https://iopscience.iop.org/article/10.3847/2041-8213/aba27e)

Original Submission