Month: July 2024

Enlarge (credit: Getty Images)

More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said.

For years, the JavaScript code, hosted at polyfill[.]com, was a legitimate open source project that allowed older browsers to handle advanced functions that weren’t natively supported. By linking to cdn.polyfill[.]io, websites could ensure that devices using legacy browsers could render content in newer formats. The free service was popular among websites because all they had to do was embed the link in their sites. The code hosted on the polyfill site did the rest.

The power of supply-chain attacks

In February, China-based company Funnull acquired the domain and the GitHub account that hosted the JavaScript code. On June 25, researchers from security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

Enlarge / The Baishiya Karst Cave, where the recently analyzed samples were obtained. (credit: Dongju Zhang’s group (Lanzhou University))

For well over a century, we had the opportunity to study Neanderthals—their bones, the items they left behind, their distribution across Eurasia. So, when we finally obtained the sequence of their genome and discovered that we share a genetic legacy with them, it was easy to place the discoveries into context. In contrast, we had no idea Denisovans existed when sequencing DNA from a small finger bone revealed that yet another relative of modern humans had roamed Asia in the recent past.

Since then, we've learned little more. The frequency of their DNA in modern human populations suggest that they were likely concentrated in East Asia. But we've only discovered fragments of bone and a few teeth since then, so we can't even make very informed guesses as to what they might have looked like. On Wednesday, an international group of researchers described finds from a cave on the Tibetan Plateau that had been occupied by Denisovans, which tell us a bit more about these relatives: what they ate. And that appears to be anything they could get their hands on.

The Baishiya Karst Cave

The finds come from a site called the Baishiya Karst Cave, which is perched on a cliff on the northeast of the Tibetan Plateau. It's located at a high altitude (over 3,000 meters or nearly 11,000 feet) but borders a high open plain, as you can see in the picture below.

Enlarge (credit: FHM/Getty Images)

Outside a 100-year-old house on the edge of the Peak District in northern England, a heat pump’s fan blades are swiftly spinning. They’re drawing outdoor air over coils of refrigerant, harvesting warmth from that air. All air-source heat pumps do this—and they can glean heat even on cold days. But this heat pump is special. It is one of the most efficient installations of its kind in the country.

“I’m number two on there,” fizzes owner Rob Ritchie, a retired chemistry teacher, referring to the system’s position on HeatPumpMonitor.org, a kind of online leaderboard for heat pumps around the UK and beyond. “I should say it isn’t important—but it is. It’s nice being there.”

At the time of writing, real-time data suggests that for every kilowatt-hour of electricity Ritchie’s heat pump consumes, it delivers 5.5 kilowatt-hours of heat—a coefficient of performance, or COP, of 5.5. Achieving a COP of 5 or above is “absolutely incredible,” says Emma-Louise Bennett, active transition support lead at Viessmann, the company that made Ritchie’s heat pump. In the UK, average heat pump COPs tend to be between 2 and 3.

Enlarge / ATM at a Patelco Credit Union branch in Dublin, California, on July 23, 2018. (credit: Getty Images | Smith Collection/Gado )

A California-based credit union with over 450,000 members said it suffered a ransomware attack that is disrupting account services and could take weeks to recover from.

"The next few days—and coming weeks—may present challenges for our members, as we continue to navigate around the limited functionality we are experiencing due to this incident," Patelco Credit Union CEO Erin Mendez told members in a July 1 message that said the security problem was caused by a ransomware attack. Online banking and several other services are unavailable, while several other services and types of transactions have limited functionality.

Patelco Credit Union was hit by the attack on June 29 and has been posting updates on this page, which says the credit union "proactively shut down some of our day-to-day banking systems to contain and remediate the issue... As a result of our proactive measures, transactions, transfers, payments, and deposits are unavailable at this time. Debit and credit cards are working with limited functionality."

Enlarge (credit: Getty)

About two years after the country’s digital minister publicly declared a “war on floppy discs,” Japan reportedly stopped using floppy disks in governmental systems as of June 28.

Per a Reuters report on Wednesday, Japan's government "eliminated the use of floppy disks in all its systems." The report notes that by mid-June, Japan's Digital Agency (a body set up during the COVID-19 pandemic and aimed at updating government technology) had "scrapped all 1,034 regulations governing their use, except for one environmental stricture related to vehicle recycling.” That suggests that there's up to one government use that could still turn to floppy disks, though more details weren't available.

Digital Minister Taro Kono, the politician behind the modernization of the Japanese government's tech, has made his distaste for floppy disks and other old office tech, like fax machines, quite public. Kono, who's reportedly considering a second presidential run, told Reuters in a statement today:

Enlarge / Tops of citrus sodas at a manufacturing plant. (credit: Getty | Vincent Mundy)

After more than five decades of limbo, the Food and Drug Administration on Wednesday revoked the authorization of brominated vegetable oil (BVO) in food, banning an additive long known to have toxic effects that is already banned in Europe, Japan, Australia, New Zealand, and California.

BVO—simply vegetable oil that is modified with bromine—has been used in foods since the 1920s. It has often been used as a stabilizer for fruit flavorings, particularly in citrusy beverages, including sodas, to keep the citrus flavoring from separating and floating to the top. The FDA authorized the use of BVO just after gaining the authority to regulate food additives in 1958. By the early 1960s, the FDA had put BVO on its first inventory of food additives it deemed generally safe—designated "generally recognized as safe" or GRAS. But safety concerns quickly surfaced, and by the late 1960s, the FDA had already limited its use to a flavoring stabilizer and capped the amount that could be used to 15 parts per million.

That 15-ppm limit was authorized on an "interim basis," pending more safety studies. In 1970, the FDA revoked the GRAS designation for BVO, but continued to allow the 15-ppm limit—on an interim basis—given that safety studies "did not indicate an immediate health threat from the limited use."