Month: April 2021

Enlarge (credit: Getty Images)

Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control manufacturer's industrial processes, a researcher from Kaspersky Lab said on Wednesday.

The ransomware known as Cring came to public attention in a January blog post. It takes hold of networks by exploiting long-patched vulnerabilities in VPNs sold by Fortinet. Tracked as CVE-2018-13379, the directory transversal vulnerability allows unauthenticated attackers to obtain a session file that contains the username and plaintext password for the VPN.

With an initial toehold, a live Cring operator performs reconnaissance and uses a customized version of the Mimikatz tool in an attempt to extract domain administrator credentials stored in server memory. Eventually, the attackers use the Cobalt Strike framework to install Cring. To mask the attack in progress, the hackers disguise the installation files as security software from Kaspersky Lab or other providers.

• 

  A mockup of the tracking confirmation that Apple included in its company blog. Note that it uses Facebook as its example. [credit: Apple ]

This week, Apple published a new white paper that describes the ways apps typically track users and handle their data, outlines the company's privacy philosophy, and offers several details and clarifications about the upcoming App Tracking Transparency change, which will (among other things) require app developers to get a user's permission to engage in the common practice of creating an identifier (called IDFA) to track that user and their activities between multiple apps.

The paper states that the change will go fully into effect with the release of an update to iOS and other Apple operating systems in "early spring" (Apple has previously said this would happen in iOS 14.5, which is now in a late stage of beta testing) but the company has reportedly already started enforcing some aspects of the new policy with new app submissions, suggesting that the full transition is very imminent. One recent survey found that only about 38.5 percent of users plan to opt in to tracking.

Most of the paper is dedicated to explaining exactly how apps track users to begin with, by using a hypothetical example of a father and daughter traveling to the playground with their personal mobile technology and apps in tow. There are no new revelations in this section for people who are already familiar with how these systems work, but the information is accurate, and most people don't actually know all that much about how their data is tracked and used, so it might be useful to some.

Enlarge (credit: Getty Images | NurPhoto)

The National Archives and Records Administration is a federal agency responsible for preserving historically significant federal records, including tweets from senior government officials. For example, former Trump White House spokeswoman Sarah Huckabee Sanders turned over control of her official Twitter account to NARA when she left office. Leaving tweets on Twitter makes them easily accessible by the public.

But Politico reports that Twitter won't allow anything like this to happen with former President Donald Trump's now-banned @realDonaldTrump account.

"Given that we permanently suspended @realDonaldTrump, the content from the account will not appear on Twitter as it did previously or as archived administration accounts do currently, regardless of how NARA decides to display the data it has preserved," a Twitter spokesman told Politico. "Administration accounts that are archived on the service are accounts that were not in violation of the Twitter Rules."

Enlarge (credit: Jim Pennucci / Flickr)

As a society, we seem to have mixed feelings about whether it's better to add or subtract things, advising both that "less is more" and "bigger is better." But these contradictory views play out across multibillion-dollar industries, with people salivating over the latest features of their hardware and software before bemoaning that the added complexities make the product difficult to use.

A team of researchers from the University of Virginia decided to look at the behavior underlying this tension, finding in a new paper that most people defaulted to assuming that the best way of handling a problem is to add new features. While it was easy to overcome this tendency with some simple nudges, the researchers suggest that this thought process may underlie some of the growing complexity of the modern world.

Let’s add stuff

The researchers say they got interested in the topic because they noticed that beyond the admonition that less is more, many fields had specific advice about improvement through subtraction. Editors caution writers about using excess language, social scientists talk about the need to remove barriers, and so on. In contrast, there are few reminders to add stuff to fix problems.

Enlarge (credit: Thomas Kienzle / AFP / Getty Images)

The Environmental Protection Agency will be issuing revised fuel economy standards by the end of July, said new EPA Administrator Michael Regan, rewriting Trump-era limits that dictate emissions limits for cars and light trucks through the 2026 model year. The goal with the revised standards, he added, will be to mitigate certain climate impacts.

The new fuel efficiency standards will have to be significantly more stringent than those issued by the Trump-era EPA, which only finalized its rules in March 2020 after a 1.5-year-long process. Those limits call for 1.5 percent annual increases in efficiency through 2026 rather than the 5 percent target under Obama-era rules. Fuel efficiency standards in the US are overseen by both the EPA and the National Highway Traffic Safety Administration, an agency of the Department of Transportation.

“We’re taking a strong look at what the science is urging us to do. We’re looking at where technologies are,” Regan said in an interview with Bloomberg News. “We’re marrying our regulatory policy and what we have the statutory authority to do with where the science directs us and where the markets and technology are.”

Enlarge / Vials of the AstraZeneca COVID-19 vaccine are seen during the opening of a vaccination center in Cyprus on March 22, 2021. (credit: Getty | Etienne Torbey)

European medical regulators on Wednesday concluded that there is a strong link between AstraZeneca’s COVID-19 vaccine and life-threatening conditions involving the unusual combination of blood clots and low levels of blood platelets.

As such, the conditions should be listed as a “very rare side effects” of the vaccine, according to the European Medicines Agency, a regulatory agency of the European Union.

The conclusion was based on the EMA’s in-depth review of 86 blood-clotting events among around 25 million people vaccinated with the AstraZeneca vaccine in Europe and the UK. Of the 86 blood-clotting events, 18 people died. Most—but not all—of the cases occurred in women under the age of 60.

Enlarge (credit: FG Trade / Getty Images)

Around this time last year, Uber and Lyft saw demand plunge for their flagship ride-hailing services as fear of the coronavirus kept most people at home. By May 2020, Uber's ride bookings had plunged 80 percent from their level a year earlier.

But now, as people get vaccinated and some states are relaxing public health restrictions, demand for rides is soaring. And Uber and Lyft are struggling to recruit enough drivers to meet their needs.

"It takes forever to get an Uber now," a man outside Boston's Fenway Park told the local NBC 10 television station. Another man who had just completed an Uber trip to Fenway said he'd waited 16 minutes for his driver to arrive.