Month: May 2022

Enlarge (credit: Getty Images)

Malicious hackers, some believed to be state-backed, are actively exploiting two unrelated vulnerabilities—both with severity ratings of 9.8 out of a possible 10—in hopes of infecting sensitive enterprise networks with backdoors, botnet software, and other forms of malware.

The ongoing attacks target unpatched versions of multiple product lines from VMware and of BIG-IP software from F5, security researchers said. Both vulnerabilities give attackers the ability to remotely execute malicious code or commands that run with unfettered root system privileges. The largely uncoordinated exploits appear to be malicious, as opposed to benign scans that attempt to identify vulnerable servers and quantify their number.

First up: VMware

On April 6, VMware disclosed and patched a remote code execution vulnerability tracked as CVE-2022-22954 and a privilege escalation flaw tracked as CVE-2022-22960. According to an advisory published on Wednesday by the Cybersecurity and Infrastructure Security Agency, “malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices.”

Enlarge / People watch a television broadcast showing a file image of North Korean leader Kim Jong Un during a military parade at the Seoul Railway Station on May 4, 2022, in Seoul, South Korea. (credit: Getty | Chung Sung-Jun)

A mushrooming COVID-19 outbreak in North Korea has reached over 1.7 million cases, with nearly 233,000 new cases reported on Wednesday alone, according to state media reports. It's a startling rise given that North Korea claimed to have zero COVID-19 cases a week ago.

But now the secretive, authoritarian country is acknowledging that the pandemic virus has been spreading "explosively" in since late April. Many experts have interpreted the admission as a sign of a dire situation in the country and a plea for international aid. North Korea has a weak health care system, and many of its people are undernourished due to an ongoing food crisis. Moreover, the country previously shunned offers of vaccines from the United Nations-backed COVAX program and China, leaving its population unvaccinated.

After North Korea acknowledged the outbreak for the first time last Thursday, South Korea offered aid, including vaccines. But North Korea has reportedly not responded. But, the country may have accepted aid from its closest ally, China. According to unnamed diplomats who spoke with The Wall Street Journal, three North Korean cargo planes flew to the Chinese city of Shenyang on Monday, returning the same day carrying basic medical supplies.

• 

  Door detection will use the lidar scanner and machine learning to identify doors and relay information about their location, labeling, and more to blind or low-vision users. [credit: Apple ]

Global Accessibility Awareness Day is Thursday, so Apple took to its newsroom blog this week to announce several major new accessibility features headed to the iPhone, Apple Watch, iPad, and Mac.

One of the most widely used will likely be Live Captions, which is coming to iPhone, Mac, and iPad. The feature shows AI-driven, live-updating subtitles for speech coming from any audio source on the phone, whether the user is "on a phone or FaceTime call, using a video conferencing or social media app, streaming media content, or having a conversation with someone next to them."

The text (which users can resize at will) appears at the top of the screen and ticks along as the subject speaks. Additionally, Mac users will be able to type responses and have them read aloud to others on the call. Live Captions will enter public beta on supported devices ("iPhone 11 and later, iPad models with A12 Bionic and later, and Macs with Apple silicon") later this year.