SoylentNews

upstart writes:

Zoom awarded $1.8 million in bug bounty rewards over 2021:

Zoom has awarded $1.8 million to researchers who submitted bug bounty reports over 2021.

Bug bounty programs, whether private and available to invitees-only or public, where anyone can submit a vulnerability report, have become a critical method for organizations to improve their security posture.

The industry is beset with talent shortages. Estimates suggest that there will be approximately 3.5 million unfilled job openings by 2025 in the US alone, and until there are more specialists available, companies often can't just rely on in-house security teams, who have more than enough of a workload.

This is where bug bounties come in: external researchers and bug hunters can perform tests on software and services, report any severe security issues, and receive credit and/or financial rewards in return.

The popularity of Zoom's teleconferencing video software exploded overnight due to COVID-19 and lockdowns, with many of us forced to work from home. However, the rapid increase in users also highlighted security problems that had to be addressed quickly. Hence, a bug bounty program was one of the firm's initiatives for improving the situation.

Original Submission

upstart writes:

Uranium detectable in two-thirds of US community water system monitoring records: Highest concentrations were found for Hispanic communities:

Even at low concentrations, uranium in particular represents an important risk factor for the development of chronic diseases. Until now little epidemiological research had been done on chronic water uranium exposures despite the potential health effects of uranium exposure from CWSs. Uranium in particular, has been underappreciated in the literature as a public drinking water contaminant of concern. The study results are published in the journal The Lancet Planetary Health.

"Previous studies have found associations between chronic uranium exposure and increased risk of hypertension, cardiovascular disease, kidney damage, and lung cancer at high levels of exposure," said Anne Nigra, PhD, assistant professor of Environmental Health Sciences at Columbia Mailman School of Public Health. "Our objectives were to estimate CWS metal concentrations across the U.S, and identify socio-demographic subgroups served by these systems that either reported high metal concentration estimates or were more likely to report averages exceeding the US EPA's maximum contaminant level (MCL)."

Approximately 90 percent of U.S. residents rely on public drinking water systems, with most residents relying specifically on community water systems that serve the same population year-round. The researchers evaluated six-year EPA review records for antimony, arsenic, barium, beryllium, cadmium, chromium, mercury, selenium, thallium, and uranium to determine if average concentrations exceeded the maximum contaminant levels set by the EPA which regulates levels for six classes of contaminants. This included approximately 13 million records from 139,000 public water systems serving 290 million people annually. The researchers developed average metal concentrations for 37,915 CWSs across the country, and created an online interactive map of estimated metal concentrations at the CWS and county levels to use in future analyses.

upstart writes:

AMD's GPU drivers are overclocking some Ryzen processors without asking:

In September, AMD added support for simple CPU overclocking to its graphics drivers. If you had a Ryzen 5000-series CPU and wanted to benefit from the extra performance, this auto-overclocking function could save you from needing to download the more complex Ryzen Master utility. The overclock would also be conservative enough that it probably wouldn't cause system instability or other issues.

The problem for some users is that this auto-overclocking feature has become too automated—that is, it's changing systems' overclocking settings whether users want it to or not.

An AMD representative told Tom's Hardware that "an issue in the AMD software suite" caused the feature to begin "adjusting certain AMD processor settings for some users." Because the CPU overclocking feature is actually changing settings in your system's BIOS, that means it can change overclocking settings that users have changed themselves and apply an overclock where there was no overclock before. That second bit could be especially problematic since overclocking processors generally voids AMD's CPU warranty, even when you're using AMD-provided tools like Ryzen Master or using AMD-advertised features like Precision Boost Overdrive (though, anecdotally, this policy isn't consistently enforced).

Original Submission

upstart writes:

Flood risk for Iowa farmland:

The study from IIHR-Hydroscience and Engineering at the University of Iowa is the first to detail the flood risk to farmland statewide. The researchers used flood maps developed at the Iowa Flood Center, and incorporated data from the Federal Emergency Management Agency (FEMA) and the U.S. Department of Agriculture to create the crop flood-risk analysis.

Among the main findings:

• Nearly 450,000 acres of Iowa farmland are located in a two-year flood return period, meaning there's a 50% chance the land will flood in a given year. That's less than 2% of the total farmable land analyzed in the study.
• Iowa agriculture sees crop losses, on average, of $230 million a year due to farming that takes place in flood-prone areas.

The researchers also identified four watersheds as most vulnerable to flooding and crop losses: Middle Cedar in east-central Iowa, North Raccoon and South Skunk in central Iowa, and West Nishnabotna in southwest Iowa.

upstart writes:

UC Berkeley ML pioneer wins top computing gong:

[...] This year's ACM Prize in Computing is going toward a machine learning specialist whose work, even if you haven't heard of him, is likely to be familiar.

Pieter Abbeel, UC Berkeley professor and co-founder of AI robotics company Covariant, was awarded the prize and its $250,000 bounty, which is given to those in the machine learning field "whose research contributions have fundamental impact and broad implications."

Abbeel is a professor of computer science and electrical engineering whose work has already received some recognition. Along with this new award, he was named a top young innovator under 25 by the MIT Technology Review and won a prize given out to the best US PhD thesis in robotics and automation.

[...] ACM said that one of Abbeel's most important contributions to the machine learning world was his work with deep reinforcement learning, which combines reinforcement learning with deep neural networks. "While early reinforcement learning programs were effective, they could only perform simple tasks... deep reinforcement learning can solve far more complex problems than computer programs developed with reinforcement learning alone," ACM said.

Deep reinforcement learning enables AI to learn more quickly with less prior knowledge because it's able to learn from abstract, unstructured data more effectively. The approach was used in high-profile applications like learning to beat humans at Go, Chess, and Poker, and others involve improving social media notifications and training self-driving cars.

Original Submission

upstart writes:

Phishing uses Azure Static Web Pages to impersonate Microsoft:

Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials.

Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.

It allows developers to use custom domains for branding web apps, and it provides web hosting for static content such as HTML, CSS, JavaScript, and images.

As security researcher MalwareHunterTeam discovered, threat actors have also noticed that the custom branding and the web hosting features can easily be used to host static landing phishing pages.

Attackers are now actively using Microsoft's service against its customers, actively targeting users with Microsoft, Office 365, Outlook, and OneDrive accounts.

As shown below, some of the landing pages and login forms used in these phishing campaigns look almost exactly like official Microsoft pages.

Original Submission

upstart writes:

Where you grew up may shape your navigational skills:

People who grow up outside of cities are better at finding their way around than urbanites, a large study on navigation suggests. The results, described online March 30 in Nature, hint that learning to handle environmental complexity as a child strengthens mental muscles for spatial skills.

Nearly 400,000 people from 38 countries around the world played a video game called Sea Hero Quest, designed by neuroscientists and game developers as a fun way to glean data about people's brains. Players piloted a boat in search of various targets.

On average, people who said they had grown up outside of cities, where they would have presumably encountered lots of meandering paths, were better at finding the targets than people who were raised in cities.

What's more, the difference between city dwellers and outsiders was most prominent in countries where cities tend to have simple, gridlike layouts, such as Chicago with its streets laid out at 90-degree angles. The simpler the cities, the bigger the advantage for people from more rural areas, cognitive scientist Antoine Coutrot of CNRS who is based in Lyon, France, and his colleagues report.

Journal Reference:
Coutrot, A., Manley, E., Goodroe, S., et al. Entropy of city street networks linked to future spatial navigation ability, Nature (DOI: 10.1038/s41586-022-04486-7)

Original Submission

upstart writes:

These sneaky hackers hid inside their victims' networks for nine months:

Detailed by cybersecurity researchers at Symantec, the campaign is the work of a group they call Cicada – also known as APT10 - a state-sponsored offensive hacking group which western intelligence agencies have linked to Chinese Ministry of State Security. In some cases, the attackers spent as long as nine months inside the networks of victims.

[...] In several of the detected campaigns, evidence of initial activity on compromised networks has been seen on Microsoft Exchange Servers, suggesting the possibility that the intrusions started with attackers exploiting unpatched vulnerabilities in Microsoft Exchange which came to light in early 2021.

Once the attackers gain initial access, they use a variety of tools including Sodamaster, fileless malware which provides a backdoor onto machines, as well as a custom loader for dropping additional payloads. Both forms of malware have been used in previous campaigns by APT10.

The malware is capable of evading detection and it also obfuscates and encrypts any information which is sent back to command and control servers operated by the attackers. In addition to custom tools, the campaigns also use publicly available tools, to scan systems and execute commands.

The victims being targeted, along with the tools being deployed and the earlier history of the suspected culprit behind the attacks has led researchers to conclude that the most likely goal of the campaign is information theft and intelligence gathering.

Original Submission

JoeMerchant writes:

Digital Data Could Be Altering Earth's Mass Just a Tiny Bit, Claims Physicist

According to calculations made a few years ago by University of Portsmouth physicist Melvin Vopson, the literal mass of visual imagery created daily – along with half a billion tweets, countless texts, billions of WhatsApp messages, and every other bit and byte of information we've created – could be making our planet a touch heavier. An experiment recently proposed by Vopson based on antimatter explosions might go some way in convincing the scientific community that information might not only have mass but that it could also be a strange new state of matter, or (of course) the elusive dark matter needed to balance most cosmological observations today.

Scientist says that dark matter may be information itself

"If we assume that information is physical and has mass, and that elementary particles have a DNA of information about themselves, how can we prove it?" Vopson asked in the release. "My latest paper is about putting these theories to the test so they can be taken seriously by the scientific community."

Vospon suggests an experiment that could test the hypothesis that information is a distinct state of matter — alongside solids, liquids, gases and plasmas — by using a particle-antiparticle collision to, in theory, "erase" information from the universe.

"It doesn't contradict quantum mechanics, electrodynamics, thermodynamics or classical mechanics," he said in the release. "All it does is complement physics with something new and incredibly exciting."

Reference:

Melvin M. Vopson, Experimental protocol for testing the mass–energy–information equivalence principle [open], AIP Adv., 12, 3, 2022.

DOI: 10.1063/5.0087175

----

Had enough of trying to formulate the grand unification theory? Have a try at lumping another theory on the pile to see if that makes it better! Is Maxwell's Demon creating mass with every action?

Original Submission

upstart writes:

Researchers discover new cell type in human lung with regenerative properties:

A new type of cell that resides deep within human lungs and may play a key role in human lung diseases has been discovered by researchers at the Perelman School of Medicine at the University of Pennsylvania.

The researchers [...] analyzed human lung tissue to identify the new cells, which they call respiratory airway secretory cells (RASCs). The cells line tiny airway branches, deep in the lungs, near the alveoli structures where oxygen is exchanged for carbon dioxide. The scientists showed that RASCs have stem-cell-like properties enabling them to regenerate other cells that are essential for the normal functioning of alveoli. They also found evidence that cigarette smoking and the common smoking-related ailment called chronic obstructive pulmonary disease (COPD) can disrupt the regenerative functions of RASCs—hinting that correcting this disruption could be a good way to treat COPD.

"COPD is a devastating and common disease, yet we really don't understand the cellular biology of why or how some patients develop it. Identifying new cell types, in particular new progenitor cells, that are injured in COPD could really accelerate the development of new treatments," said study first author Maria Basil, MD, Ph.D., an instructor of Pulmonary Medicine.

COPD typically features progressive damage to and loss of alveoli, exacerbated by chronic inflammation. It is estimated to affect approximately 10 percent of people in some parts of the United States and causes about 3 million deaths every year around the world. Patients often are prescribed steroid anti-inflammatory drugs and/or oxygen therapy, but these treatments can only slow the disease process rather than stop or reverse it. Progress in understanding COPD has been gradual in part because mice—the standard lab animal—have lungs that lack key features of human lungs.

In the new study, Morrisey and his team uncovered evidence of RASCs while examining gene-activity signatures of lung cells sampled from healthy human donors. They soon recognized that RASCs, which don't exist in mouse lungs, are "secretory" cells that reside near alveoli and produce proteins needed for the fluid lining of the airway.

Journal Reference:
Basil, Maria C., Cardenas-Diaz, Fabian L., Kathiriya, Jaymin J., et al. Human distal airways contain a multipotent secretory cell that can regenerate alveoli, Nature (DOI: 10.1038/s41586-022-04552-0)

Original Submission

upstart writes:

Missing Charles Darwin notebooks returned after two decades:

A pair of Charles Darwin's notebooks that have been missing from the Cambridge University Library for more than two decades have been returned, the library announced Tuesday. The notebooks, which include Darwin's 1837 Tree of Life sketch, were dropped off in a bright pink gift bag and stacked in plastic wrap by an anonymous person on March 9 [...] along with a note that read:

"Librarian

Happy Easter

X"

The bag of notebooks was placed in a public area outside of the librarian's office on the fourth floor and did not show "obvious signs of significant handling or damage" since they disappeared in January 2001. The notebooks were believed to have been misplaced for many years until librarian Jessica Gardner made a public appeal for their return in November 2020.

[...] Cambridge University Libraries will put the notebooks on display as part of a free exhibition called Darwin in Conversation beginning July 9.

Perhaps somebody was finally feeling a little bit guilty after 20 years of having them for him/herself.

Original Submission

upstart writes:

'Internet Age' has increased accessibility but also accelerated life's pace, researcher says:

The myriad ways in which technology has fueled the ever-accelerating pace of life in the 21st century was the topic of a virtual presentation by The Ohio State University Center for Historical Research.

In the presentation, "Pace in the Internet Age," Stephen Kern, Humanities Distinguished Professor in the Department of History, outlined the pros and cons of having 24-hour access to a seemingly limitless supply of information at one's fingertips.

One upside is that technological advancements enable people of all socioeconomic backgrounds to prepare for life-altering circumstances such as weather emergencies, Kern said.

"The ability to predict the future increases by one day in terms of predicting a hurricane every decade using computer models," Kern said. "In 1920, they looked at almanacks, which was just superstition. You knew when it was raining when your head was wet. They didn't have this knowledge. We have this knowledge (now), and anyone has this knowledge. You know what's going to happen – a hurricane's coming in three days."

upstart writes:

Epic Games releases Unreal Engine 5 to the public:

After nearly a year in early access and around a month in preview, Unreal Engine 5 has reached full release. All developers can now start downloading and using Epic's next-gen game engine. It comes with two free sample projects showcasing its abilities. Alongside the announcement, multiple prominent developers discussed their plans for working on the platform.

Since Epic unveiled Unreal Engine 5 in 2020, it's chiefly been noted for features like the Lumen real-time global illumination system and Nanite micro-polygons. This week, the company announced these features and others are now ready. However, they are still insufficient for non-gaming applications like film and TV productions.

One sample project Epic released alongside UE5 is City Sample, which lets users examine and explore an environment Epic built for The Matrix Awakens — the free UE5 demo released for PlayStation 5 and Xbox Series consoles last year. It's the first time this project has been made available to the public on PC. The other sample is Lyra Starter Game — a starting point and educational resource for building shooters, which Epic intends to upgrade over time.

Original Submission

upstart writes:

Amazon, Google Busted Faking Small Business Opposition To Antitrust Reform:

For decades now, a favorite DC lobbying tactic has been to create bogus groups pretending to support something unpopular your company is doing. Like "environmentalists for big oil" or "Americans who really love telecom monopolies." These groups then help big companies create a sound-wall of illusory support for policies that generally aren't popular, or great for innovation or markets.

Case in point: this week both Politico and CNBC released stories showcasing how Amazon and Google had been funding a "small business alliance" that appears to be partially or entirely contrived. The group, the Connected Commerce Council, professes to represent small U.S. businesses, yet has been busy recently lobbying government to avoid antitrust reform (which would, generally, aid small businesses).

When Politico reached out to companies listed as members of the organization, most of them had mysteriously never heard of it, and were greatly annoyed their company names were being used for such a purpose:

The four-year-old group listed about 5,000 small businesses in its membership directory before it removed that document from its website late last month. When POLITICO contacted 70 of those businesses, 61 said they were not members of the group and many added that they were not familiar with the organization.

Google is not your friend!

Original Submission

upstart writes:

No air currents required: Ballooning spiders rely on electric fields to generate lift:

In 1832, Charles Darwin witnessed hundreds of ballooning spiders landing on the HMS Beagle while some 60 miles offshore. Ballooning is a phenomenon that's been known since at least the days of Aristotle—and immortalized in E.B. White's children's classic Charlotte's Web—but scientists have only recently made progress in gaining a better understanding of its underlying physics.

Now, physicists have developed a new mathematical model incorporating all the various forces at play as well as the effects of multiple threads, according to a recent paper published in the journal Physical Review E. Authors M. Khalid Jawed (UCLA) and Charbel Habchi (Notre Dame University-Louaize) based their new model on a computer graphics algorithm used to model fur and hair in such blockbuster films as The Hobbit and Planet of the Apes. The work could one day contribute to the design of new types of ballooning sensors for explorations of the atmosphere.

Journal Reference:
Charbel Habchi, Mohammad K. Jawed. Ballooning in spiders using multiple silk threads, Physical Review E (DOI: 10.1103/PhysRevE.105.034401)

Original Submission