Month: June 2024

Enlarge (credit: Getty Images)

Ransomware criminals have quickly weaponized an easy-to-exploit vulnerability in the PHP programming language that executes malicious code on web servers, security researchers said.

As of Thursday, Internet scans performed by security firm Censys had detected 1,000 servers infected by a ransomware strain known as TellYouThePass, down from 1,800 detected on Monday. The servers, primarily located in China, no longer display their usual content; instead, many list the site’s file directory, which shows all files have been given a .locked extension, indicating they have been encrypted. An accompanying ransom note demands roughly $6,500 in exchange for the decryption key.

The output of PHP servers infected by TellYouThePass ransomware. (credit: Censys)

The accompanying ransom note. (credit: Censys)

When opportunity knocks

The vulnerability, tracked as CVE-2024-4577 and carrying a severity rating of 9.8 out of 10, stems from errors in the way PHP converts Unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to convert user-supplied input into characters that pass malicious commands to the main PHP application. Exploits allow attackers to bypass CVE-2012-1823, a critical code execution vulnerability patched in PHP in 2012.

Enlarge (credit: GreyParrot | iStock / Getty Images Plus)

Meta has apparently paused plans to process mounds of user data to bring new AI experiences to Europe.

The decision comes after data regulators rebuffed the tech giant's claims that it had "legitimate interests" in processing European Union- and European Economic Area (EEA)-based Facebook and Instagram users' data—including personal posts and pictures—to train future AI tools.

There's not much information available yet on Meta's decision. But Meta's EU regulator, the Irish Data Protection Commission (DPC), posted a statement confirming that Meta made the move after ongoing discussions with the DPC about compliance with the EU's strict data privacy laws, including the General Data Protection Regulation (GDPR).

Enlarge / Illustration of the Apollo lunar lander Eagle over the Moon. (credit: Getty Images)

On Friday, a retired software engineer named Martin C. Martin announced that he recently discovered a bug in the original Lunar Lander computer game's physics code while tinkering with the software. Created by a 17-year-old high school student named Jim Storer in 1969, this primordial game rendered the action only as text status updates on a teletype, but it set the stage for future versions to come.

The legendary game—which Storer developed on a PDP-8 minicomputer in a programming language called FOCAL just months after Neil Armstrong and Buzz Aldrin made their historic moonwalks—allows players to control a lunar module's descent onto the Moon's surface. Players must carefully manage their fuel usage to achieve a gentle landing, making critical decisions every ten seconds to burn the right amount of fuel.

In 2009, just short of the 40th anniversary of the first Moon landing, I set out to find the author of the original Lunar Lander game, which was then primarily known as a graphical game, thanks to the graphical version from 1974 and a 1979 Atari arcade title. When I discovered that Storer created the oldest known version as a teletype game, I interviewed him and wrote up a history of the game. Storer later released the source code to the original game, written in FOCAL, on his website.

Enlarge (credit: Marcos del Mazo / Contributor | LightRocket)

Apple has spent years "intentionally, knowingly, and deliberately paying women less than men for substantially similar work," a proposed class action lawsuit filed in California on Thursday alleged.

A victory for women suing could mean that more than 12,000 current and former female employees in California could collectively claw back potentially millions in lost wages from an apparently ever-widening wage gap allegedly perpetuated by Apple policies.

The lawsuit was filed by two employees who have each been with Apple for more than a decade, Justina Jong and Amina Salgado. They claimed that Apple violated California employment laws between 2020 and 2024 by unfairly discriminating against California-based female employees in Apple’s engineering, marketing, and AppleCare divisions and "systematically" paying women "lower compensation than men with similar education and experience."

Enlarge (credit: Getty Images | SOPA Images)

A group of Tesla investors yesterday sued Elon Musk, the company, and its board members, alleging that Tesla was harmed by Musk's diversion of resources to his xAI venture. The diversion of resources includes hiring AI employees away from Tesla, diverting microchips from Tesla to X (formerly Twitter) and xAI, and "xAI's use of Tesla's data to develop xAI's own software/hardware, all without compensation to Tesla," the lawsuit said.

The lawsuit in Delaware Court of Chancery was filed by three Tesla shareholders: the Cleveland Bakers and Teamsters Pension Fund, Daniel Hazen, and Michael Giampietro. It seeks financial damages for Tesla and the disgorging of Musk's equity stake in xAI to Tesla.

"Could the CEO of Coca-Cola loyally start a competing soft-drink company on the side, then divert scarce ingredients from Coca-Cola to the startup? Could the CEO of Goldman Sachs loyally start a competing financial advisory company on the side, then hire away key bankers from Goldman Sachs to the startup? Could the board of either company loyally permit such conduct without doing anything about it? Of course not," the lawsuit says.

Enlarge / Ten milligram tablets of the hyperactivity drug, Adderall, made by Shire Plc, is shown in a Cambridge, Massachusetts pharmacy Thursday, January 19, 2006. (credit: Getty | Jb Reed)

The Centers for Disease Control and Prevention on Thursday warned that a federal indictment of an allegedly fraudulent telehealth company may lead to a massive, nationwide disruption in access to ADHD medications—namely Adderall, but also other stimulants—and could possibly increase the risk of injuries and overdoses.

"A disruption involving this large telehealth company could impact as many as 30,000 to 50,000 patients ages 18 years and older across all 50 US states," the CDC wrote in its health alert.

The CDC warning came on the heels of an announcement from the Justice Department Thursday that federal agents had arrested two people in connection with an alleged scheme to illegally distribute Adderall and other stimulants through a subscription-based online telehealth company called Done Global.  The company's CEO and founder, Ruthia He, was arrested in Los Angeles, and its clinical president, David Brody, was arrested in San Rafael, California.

Enlarge / This is an intact phage. A tailocin looks like one of these with its head cut off. (credit: iLexx)

Long before humans became interested in killing bacteria, viruses were on the job. Viruses that attack bacteria, termed "phages" (short for bacteriophage), were first identified by their ability to create bare patches on the surface of culture plates that were otherwise covered by a lawn of bacteria. After playing critical roles in the early development of molecular biology, a number of phages have been developed as potential therapies to be used when antibiotic resistance limits the effectiveness of traditional medicines.

But we're relative latecomers in terms of turning phages into tools. Researchers have described a number of cases where bacteria have maintained pieces of disabled viruses in their genomes and converted them into weapons that can be used to kill other bacteria that might otherwise compete for resources. I only just became aware of that weaponization, thanks to a new study showing that this process has helped maintain diverse bacterial populations for centuries.

Evolving a killer

The new work started when researchers were studying the population of bacteria associated with a plant growing wild in Germany. The population included diverse members of the genus Pseudomonas, which can include plant pathogens. Normally, when bacteria infect a new victim, a single strain expands dramatically as it successfully exploits its host. In this case, though, the Pseudomonas population contained a variety of different strains that appeared to maintain a stable competition.

Enlarge / US Embassy Australia employees learning to do the Nutbush to honor the late Tina Turner in 2023. (credit: Screenshot/US Embassy Australia on X)

The whole world mourned the passing of music legend Tina Turner last year, perhaps none more so than Australians, who have always had a special fondness for her. That's not just because of her star turn as Aunty Entity in 1985's Mad Max Beyond Thunderdome or her stint as the face of Australia's rugby league.

Australians of all ages have also been performing a line dance called the "Nutbush" at weddings and social events to Turner's hit single (with then-husband Ike Turner) "Nutbush City Limits." Turner herself never performed the dance, but when she died, there was a flood of viral TikTok videos of people performing the Nutbush in her honor—including members of the US Embassy in Canberra, who had clearly just learned it for the occasion. Dancers at the 2023 Mundi Mundi Bash in a remote corner of New South Wales set a world record with 6,594 dancers performing the Nutbush at the same time.

The exact origin of the dance remains unknown, but researchers at the University of South Australia think they understand how the Nutbush became so ubiquitous in Australia, according to a paper published in the journal Continuum. “What we seem to know is that there was a committee in the New South Wales education department that devised the idea of the Nutbush,” co-author Jon Stratton told the Guardian. “Whether they devised the dance itself, we don’t really know. But what’s interesting is that nobody has come forward.”

Enlarge (credit: Getty Images | NurPhoto)

Brussels is set to charge Apple over allegedly stifling competition on its mobile app store, the first time EU regulators have used new digital rules to target a Big Tech group.

The European Commission has determined that the iPhone maker is not complying with obligations to allow app developers to “steer” users to offers outside its App Store without imposing fees on them, according to three people with close knowledge of its investigation.

The charges would be the first brought against a tech company under the Digital Markets Act, landmark legislation designed to force powerful “online gatekeepers” to open up their businesses to competition in the EU.