news.buyenne.com

Enlarge / Dr. Peter Marks, director of the Center for Biologics Evaluation and Research within the Food and Drug Administration, testifies during a Senate Health, Education, Labor, and Pensions Committee hearing on the federal coronavirus response on Capitol Hill on March 18, 2021, in Washington, DC. (credit: Getty | Pool)

On Thursday, the US Food and Drug Administration advised vaccine makers to reformulate COVID-19 booster shots for this fall. The boosters would target both the original strain of the pandemic coronavirus plus two new omicron subvariants—BA.4 and BA.5—which became the dominant versions of the virus circulating in the United States this week.

The FDA's announcement comes two days after its independent expert advisors voted overwhelmingly in favor of updating boosters to include an omicron component. The vote—19 in favor, two against—was simply in favor of including an omicron component generally. But, in their afternoon-long discussion, experts offered opinions that led to the FDA's more specific guidance.

Specifically, much of the committee expressed support for combination shots—aka bivalent boosters—that would target both the original virus and a version of omicron. There was also broad support for targeting the omicron subvariants BA.4 and BA.5 specifically, rather than earlier subvariants, such as the first, BA.1, which is no longer in circulation.

Enlarge / A man walks up the steps of the US Supreme Court. (credit: Mark Wilson/Getty Images)

Thursday's Supreme Court decision regarding the use of the Clean Air Act to regulate carbon dioxide emissions from power plants comes down to two specific issues: Should the Supreme Court take the case at all; and did Congress delegate sufficient authority to the EPA for it to implement a specific regulatory scheme first proposed during the Obama administration? But the case was decided against a backdrop of conflict between the court's conservative and liberal justices, and some of that conflict spills into this decision.

We'll tackle each issue below and discuss what this means for US climate policy. But one thing that should be clear is that this is a fairly minimalist decision since it applies only to the EPA's ability to regulate carbon emissions from existing facilities and not to environmental regulations more broadly. While it doesn't leave the EPA with an obvious next step, it leaves avenues for regulating new power plant construction.

Why now?

As described in our immediate coverage, the decision is focused on the Clean Power Plan, a set of EPA rules formulated during the Obama years that immediately faced lawsuits that put it on hold, where it remained until the Trump administration rescinded it. With yet another new administration in place, the EPA is now formulating replacement rules. As such, the EPA saw no reason for the Supreme Court to intervene at this point.

Enlarge (credit: Getty Images)

Researchers have identified stealthy new malware that threat actors have been using for the past 15 months to backdoor Microsoft Exchange servers after they have been hacked.

Dubbed SessionManager, the malicious software poses as a legitimate module for Internet Information Services (IIS), the web server installed by default on Exchange servers. Organizations often deploy IIS modules to streamline specific processes on their web infrastructure. Researchers from security firm Kaspersky have identified 34 servers belonging to 24 organizations that have been infected with SessionManager since March 2021. As of earlier this month, Kaspersky said, 20 organizations remained infected.

Stealth, persistence, power

Malicious IIS modules offer an ideal means to deploy powerful, persistent, and stealthy backdoors. Once installed, they will respond to specifically crafted HTTP requests sent by the operator instructing the server to collect emails, add further malicious access, or use the compromised servers for clandestine purposes. To the untrained eye, the HTTP requests look unremarkable, even though they give the operator complete control over the machine.

Enlarge / The Rufus tool will offer to modify your Windows 11 install media when you create it. The workaround for the Microsoft account requirement is new to the 3.19 beta. (credit: Andrew Cunningham)

One of the new "features" coming to the Windows 11 22H2 update is a Microsoft account requirement for all new installs, regardless of whether you are using the Home or Pro version of the operating system. And that's too bad, because the 22H2 update corrects a few of Windows 11's original shortcomings while adding some nice quality-of-life improvements.

An easy workaround for this requirement is the Rufus USB formatting tool, which can create USB install media for Windows and all kinds of other operating systems. Rufus has already offered some flags to remove Windows 11's system requirement checks from the installer, removing the need for clunky Windows Registry edits and other workarounds. But the beta of version 3.19 will also remove the Microsoft account requirement for new installs, making it easy to set up a new Windows PC with a traditional local account.

When setting up Windows 11, make sure not to connect your PC to the Internet before creating your user account. This trick worked to circumvent the Microsoft account requirement in Windows 11 Pro and some of the later versions of Windows 10 but is being removed entirely from Windows 11 22H2. The Rufus tool merely reverts to the pre-22H2 status quo.

Enlarge (credit: Getty Images | grinvalds)

The Federal Communications Commission today said it closed a robocall loophole by requiring small phone companies to implement the caller ID authentication technology known as STIR and SHAKEN.

Large voice providers were required to implement STIR/SHAKEN a year ago. But there was an exemption for carriers with 100,000 or fewer customers that would have given those smaller companies until June 30, 2023, to comply.

The FCC voted in December to move that deadline up to June 30, 2022, because small phone companies were apparently carrying a disproportionately high number of illegal robocalls.