news.buyenne.com

Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active exploitation in widespread attacks targeting a swath of the Internet, researchers say.

The zero-day went undiscovered until March, when security firm Trend Micro said it had been under active exploitation since 2017, by as many as 11 separate advanced persistent threats (APTs). These APT groups, often with ties to nation-states, relentlessly attack specific individuals or groups of interest. Trend Micro went on to say that the groups were exploiting the vulnerability, then tracked as ZDI-CAN-25373, to install various known post-exploitation payloads on infrastructure located in nearly 60 countries, with the US, Canada, Russia, and Korea being the most common.

A large-scale, coordinated operation

Seven months later, Microsoft still hasn’t patched the vulnerability, which stems from a bug in the Windows Shortcut binary format. The Windows component makes opening apps or accessing files easier and faster by allowing a single binary file to invoke them without having to navigate to their locations. In recent months, the ZDI-CAN-25373 tracking designation has been changed to CVE-2025-9491.

Read full article

Comments

The Federal Communications Commission will vote in November to repeal a ruling that requires telecom providers to secure their networks, acting on a request from the biggest lobby groups representing Internet providers.

FCC Chairman Brendan Carr said the ruling, adopted in January just before Republicans gained majority control of the commission, “exceeded the agency’s authority and did not present an effective or agile response to the relevant cybersecurity threats.” Carr said the vote scheduled for November 20 comes after “extensive FCC engagement with carriers” who have taken “substantial steps… to strengthen their cybersecurity defenses.”

The FCC’s January 2025 declaratory ruling came in response to attacks by China, including the Salt Typhoon infiltration of major telecom providers such as Verizon and AT&T. The Biden-era FCC found that the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law, “affirmatively requires telecommunications carriers to secure their networks from unlawful access or interception of communications.”

Read full article

Comments

A measles investigation amid a large, ongoing outbreak at the Arizona-Utah border has hit a roadblock as the first probable case identified in the Salt Lake City area refuses to work with health officials, the local health department reported this week.

There have been over 150 cases collectively across the two states, mostly in northwestern Mohave County, Arizona, and the southwest health district of Utah, in the past two months. Both areas have abysmally low vaccination rates: In Mohave County, only 78.4 percent of kindergartners in the 2024–2025 school year were vaccinated against measles, according to state records. In the southwest district of Utah, only 80.7 percent of kindergartners in the 2024–2025 school year had records of measles vaccination. Public health experts say vaccination coverage of 95 percent is necessary to keep the disease from spreading in a community.

While the outbreak has largely exploded along the border, cases are also creeping to the north, toward Salt Lake County, which encompasses the city. Utah County, which sits just south of Salt Lake County, has identified eight cases, including a new case reported today.

Read full article

Comments

The road to the second flight of Blue Origin’s heavy-lifting New Glenn rocket got a lot clearer Thursday night with a success test-firing of the launcher’s seven main engines on a launch pad at Cape Canaveral Space Force Station, Florida.

Standing on a seaside launch pad, the New Glenn rocket ignited its seven BE-4 main engines at 9:59 pm EDT Thursday (01:59 UTC Friday). The engines burned for 38 seconds while the rocket remained firmly on the ground, according to a social media post by Blue Origin.

The hold-down firing of the first stage engines was the final major test of the New Glenn rocket before launch day. Blue Origin previously test-fired the rocket’s second-stage engines. Officials have not announced a target launch date, but sources tell Ars the rocket could be ready for liftoff as soon as November 9.

Read full article

Comments

2017 feels like another era these days, but if you cast your mind back that far, you might remember Tesla CEO Elon Musk’s vaporware Roadster 2.0. Full of nonsensical-sounding features that impressed people who know a little bit about rockets but nothing about cars, the $200,000 electric car promised to have a suction fan and “cold gas thrusters,” plus 620 miles (1,000 km) of range and a whole load of other stuff that’s never happening.

Plenty of other electric automakers have introduced electric hypercars in the eight years since Musk declared the second Roadster a thing, with no sign of it being any closer to reality, if the latest job postings are accurate. And it seems that over time, a lot of the people who gave the company a hefty deposit—some say interest-free loan—have become tired of waiting and want their money back.

And that’s not quite so easy, it turns out. Musk’s current Silicon Valley rival is the latest to discover this. According to Sam Altman’s social media account, he placed an order for a Roadster on July 11, 2018, with a deposit of $45,000 ($58,206 in today’s money). But after emailing Tesla for a refund, he discovered the email address associated with preorders had been deleted.

Read full article

Comments

AT&T yesterday sued the advertising industry’s official watchdog over the group’s demand that AT&T stop using its rulings for advertising and promotional purposes.

As previously reported, BBB National Programs’ National Advertising Division (NAD) found that AT&T violated a rule “by issuing a video advertisement and press release that use the NAD process and its findings for promotional purposes,” and sent a cease-and-desist letter to the carrier. The NAD operates the US advertising industry’s system of self-regulation, which is designed to handle complaints that advertisers file against each other and minimize government regulation of false and misleading claims.

While it’s clear that both AT&T and T-Mobile have a history of misleading ad campaigns, AT&T portrays itself as a paragon of honesty in new ads calling T-Mobile “the master of breaking promises.” An AT&T press release about the ad campaign said the NAD “asked T-Mobile to correct their marketing claims 16 times over the last four years,” and an AT&T commercial said T-Mobile has faced more challenges for deceptive ads from competitors than all other telecom providers in that time.

Read full article

Comments