2020-07-01 00:00:00 ..
2020-08-09 09:04:26 UTC
2020-08-10 13:10:21 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Submitted via IRC for RandomFactor
An ancient amber fossil has offered scientists new insights into the deadly hunting prowess of the "hell ant" species Ceratomyrmex ellenbergeri.
The 99-million-year-old amber, unearthed in Myanmar, trapped a member of the Haidomyrmecine subfamily -- the group known as hell ants -- just as the predator snatched a cockroach relative with its scythe-like mandibles.
Animal behavior rarely becomes fossilized, and fossilized hunting behavior is especially elusive. The hell ant fossil, described Thursday in the journal Current Biology, is a one-of-a-kind find.
Phillip Barden. Specialized Predation Drives Aberrant Morphological Integration and Diversity in the Earliest Ants, Current Biology (DOI: 10.1016/j.cub.2020.06.106)
Sialic acids are a diverse group of carbohydrates that blossom like leaves from the tips of proteins covering the surfaces of human cells.
[...] Changes in sialic acid markers can give rise to a number of diseases. But it was one specific change particular to all humans that the researchers here were most keen to gain an understanding of.
Most mammals – including closely related apes – have a compound called N-glycolylneuraminic acid, or Neu5Gc. We've known for some time that the gene for this version of sialic acid is broken in us, leaving its precursor form, N-acetylneuraminic acid (Neu5Ac), to do its job.
[...] Since chimpanzees retain the gene for Neu5Gc, the mutation must have occurred within the past 6 million years or so, sometime after we parted ways from one another.
[...] This most recent study shows Neanderthals and Denisovans share our variant of sialic acid, meaning the change happened before our branch of the family tree separated roughly 400,000 to 800,000 years ago.
[...] To differentiate between cells that belong to us from possible invaders, our immune cells are armed with a scanning chemical called sialic acid-binding immunoglobulin-type lectins. Or Siglecs for short.
When an inspection occurs, if a cell's sialic acid marker isn't up to scratch, it's curtains for that cell. Naturally, any changes to our sialic acid name-tag would imply our system of Siglecs would have needed adjusting as well.
Sure enough, on further investigation the researchers found significant mutations among a cluster of Siglec genes that are common to humans and their ilk, but not great apes.
Naazneen Khan, Marc de Manuel, Stephane Peyregne, et al. Multiple Genomic Events Altering Hominin SIGLEC Biology and Innate Immunity Predated the Common Ancestor of Humans and Archaic Hominins [open], Genome Biology and Evolution (DOI: 10.1093/gbe/evaa125)
Fast Radio Bursts (FRBs) are extremely short bursts of high energy radiation and typically originate hundreds of millions of light-years away. Now one has been detected for the first time from inside the milky way from a magnetar.
This FRB is different. Telescope observations suggest that the burst came from a known neutron star — the fast-spinning, compact core of a dead star, which packs a sun's-worth of mass into a city-sized ball — about 30,000 light-years from Earth in the constellation Vulpecula. The stellar remnant fits into an even stranger class of star called a magnetar, named for its incredibly powerful magnetic field, which is capable of spitting out intense amounts of energy long after the star itself has died. It now seems that magnetars are almost certainly the source of at least some of the universe's many mysterious FRBs, the study authors wrote.
"We've never seen a burst of radio waves, resembling a fast radio burst, from a magnetar before," lead study author Sandro Mereghetti, of the National Institute for Astrophysics in Milan, Italy, said in a statement. "This is the first ever observational connection between magnetars and fast radio bursts."
INTEGRAL Discovery of a Burst with Associated Radio Emission from the Magnetar SGR 1935+2154 - IOPscience, The Astrophysical Journal Letters (DOI: 10.3847/2041-8213/aba2cf)
Radio emissions drop off with the square of distance, and by the time they reach the Earth the high energy emissions of FRBs have been described as similar in magnitude to 'a cell phone calling from the Moon.' This burst originated several orders of magnitude closer than is typical and was detected by the European Space Agency's (ESA) Integral satellite, as well as radio telescopes in British Columbia, Canada, California and Utah.
Snapdragon is what’s known as a system on a chip that provides a host of components, such as a CPU and a graphics processor. One of the functions, known as digital signal processing, or DSP, tackles a variety of tasks, including charging abilities and video, audio, augmented reality, and other multimedia functions. Phone makers can also use DSPs to run dedicated apps that enable custom features.
“While DSP chips provide a relatively economical solution that allows mobile phones to provide end users with more functionality and enable innovative features—they do come with a cost,” researchers from security firm Check Point wrote in a brief report of the vulnerabilities they discovered.
[...] Qualcomm has released a fix for the flaws, but so far it hasn’t been incorporated into the Android OS or any Android device that uses Snapdragon, Check Point said. When I asked when Google might add the Qualcomm patches, a company spokesman said to check with Qualcomm. The chipmaker didn’t respond to an email asking.
Check Point is withholding technical details about the vulnerabilities and how they can be exploited until fixes make their way into end-user devices. Check Point has dubbed the vulnerabilities Achilles. The more than 400 distinct bugs are tracked as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.
Kevin Clark, from Candler in North Carolina, had a hunch that the top $US5 million ($A7 million) prize in the Mega Cash scratch-off game would be won in the western part of the state.
So he came up with an unusual strategy to ensure he got his hands on the lucky ticket – by travelling from store to store and buying every ticket he could find.
Mr Clark spent four hours on his quest to purchase every $20 Mega Cash scratchie ticket he came across in around 40 different stores.
And while it is not known how much he spent in total, it’s safe to say he came out on top after a ticket he bought from a Stop N Go outlet in Swannanoa, North Carolina ended up being the winner.
[...] In the end he decided to pocket a $US3 million ($A4.2 million) lump sum instead of taking the $US5 million as an annuity of $US250,000 ($A350,267) per year for two decades.
After taxes, he was left with a total cash prize of around $US2.1 million ($A2.94 million).
“I had a real good feeling it was going to be in the western part of the state,” Mr Clark said, according to the NC Education Lottery.
However, he said he was still stunned when his tactic paid off.
Massospora manipulates male cicadas into flicking their wings like females—a mating invitation—which tempts unsuspecting male cicadas and infects them.
It's a recent discovery into the bizarre world of cicadas plagued by a psychedelic fungus that contains chemicals including those found in hallucinogenic mushrooms.
[...] "Essentially, the cicadas are luring others into becoming infected because their healthy counterparts are interested in mating," said Brian Lovett, study co-author and post-doctoral researcher with the Davis College of Agriculture, Natural Resources and Design. "The bioactive compounds may manipulate the insect to stay awake and continue to transmit the pathogen for longer."
[...] Massospora spores gnaw away at a cicada's genitals, butt and abdomen, replacing them with fungal spores. Then they "wear away like an eraser on a pencil," Lovett said.
Brian Lovett, Angie Macias, Jason E. Stajich, et al. Behavioral betrayal: How select fungal parasites enlist living insects to do their bidding, PLOS Pathogens (DOI: 10.1371/journal.ppat.1008598)
EXCLUSIVE: The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs.
A hacker has published [on August 4] a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.
ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community.
According to a review, the list includes:
- IP addresses of Pulse Secure VPN servers
- Pulse Secure VPN server firmware version
- SSH keys for each server
- A list of all local users and their password hashes
- Admin account details
- Last VPN logins (including usernames and cleartext passwords)
- VPN session cookies
The security researcher noted that all the Pulse Secure VPN servers included in the list were running a firmware version vulnerable to the CVE-2019-11510 vulnerability.
[...] The publication of this list as a free download is a literal DEFCON 1 danger level for any company that has failed to patch its Pulse Secure VPN over the past year, as some of the ransomware gangs active on this forum are very likely to use the list for future attacks.
Just hours after Professor Matt Blaze today discussed the state of election system security in America, one of the largest US voting machine makers stepped forward to say it's trying to improve its vulnerability research program.
Election Systems and Software (ES&S), whose products include electronic ballot boxes and voter registration software, said it is working with infosec outfits and bug-finders to improve the security of its products.
Speaking at this year's online Black Hat USA conference, CISO Chris Wlaschin outlined a number of steps his biz has already or will soon take to overhaul its relationship with bug-bounty hunters.
In addition to its ongoing vulnerabilities rewards program, ES&S said it will employ the services of security house Synack to bridge the gap with bounty hunters, and make its products better able to withstand attacks from the likes of state-sponsored groups.
Most notably, ES&S will beef up said rewards program. With the help of ethical hackers at Synack, testers will be able to hammer on devices like the ES&S ExpressPoll without fear of legal reprisal.
[...] One of the bounty hunters who has worked with ES&S, industry veteran Jack Cable, issued his seal of approval to the expanded program.
Today, the nation's largest voting vendor released a vulnerability disclosure policy giving hackers authorization to test their systems. This is a great step towards transparency for election security. I hope that other vendors follow suit and welcome hackers with open arms. 🧵
— Jack Cable (@jackhcable) August 5, 2020
For a brief period, panicking international students across the nation found hope in a Google Sheet.
When the U.S. Immigration and Customs Enforcement (ICE) agency announced on July 6 that international students who weren't enrolled in courses meeting in-person could face deportation in the fall, Sumana Kaluvai — the creator of H-4 Hope, a Facebook group that supports students of varying immigration backgrounds — built a system for connecting international students with peers who were willing to surrender their seats in courses that could grant their classmates the right to stay in the country. She used the closest tool in her reach, Google Sheets, to facilitate these class exchanges and began circulating the resource on social media.
Her spreadsheet quickly went viral, attracting levels of traffic that rendered it unresponsive. McClain Thiel, a data science student at the University of California, Berkeley, eventually reached out and offered to build a website to replace the Google Sheet, and on July 9, they launched Support Our International Students. Though ICE would rescind the policy days later, their new website managed to mitigate the problems the original Google Sheet encountered.
[...] When Stella Nguyen, a UCLA student from Vietnam, came across Kaluvai's spreadsheet, she "found it comforting that many students — international or not — were coming together." Google Docs has helped get us here, to an era where anyone who can create and edit a document can feel empowered to help others and foster hope and connection. Now, we just need tools that are as ambitious as we are.
Ten years after the game-changing Stuxnet attack was first discovered, a Windows printer program it exploited has been found to contain additional dangerous zero-day flaws that could allow an attacker to gain a foothold in the network as a privileged user.
The researchers who discovered the new flaws in Microsoft's ubiquitous Windows Print Spooler service say they wanted to see if there still was a way to game Print Spooler for a Stuxnet 2.0-style attack 10 years after the first known cyberweapon attack was unearthed. "We started digging in, looking at the original Stuxnet propagation, and then we found out there were problems. ... We decided to take the Spooler service to the next level, and eventually we found it was not fully patched," explains Tomer Bar, research team leader at Safe Breach, who along with his colleague Peleg Hadar found the flaws that they plan to detail today at Black Hat USA.
Bar and Hadar found three zero-day vulnerabilities in the 20-year-old Windows Print Spooler program, which serves as the interface between a printer and the Windows operating system, loading the print driver, setting up print jobs, and printing. The new, post-Stuxnet vulns include a memory corruption bug that could be used to wage a denial-of-service (DoS) attack and two local privilege escalation bugs. One of the local privilege escalation flaws was patched by Microsoft in May (CVE-2020-1048), but Bar and Hadar found another similar flaw that bypasses that patch. All three vulnerabilities affect all versions of the Windows operating system.
"They're using the same function [as Stuxnet did] but with a little twist," Bar says of the two local privilege-escalation zero-days.
While Stuxnet used a Print Spooler exploit to gain remote access, the local vulnerability found by Bar and Hadar could allow any user to gain the highest privileges on the machine — either as a malicious insider who has physical access to the machine or via an existing remote-access foothold previously obtained by an attacker.
Hadar says while Microsoft's patch for the Stuxnet vulnerability (MS10-061) fixed the remote-attack hole, it didn't address the local privilege-escalation holes. "That's what we focused on and were able to exploit," he says. They found the flaws using good old-fashioned reverse engineering and fuzzing techniques.
Exploiting the flaws is fairly simple, too, the researchers say. They were able to employ PowerShell commands to exploit the vulns.
Update (~4pm ET): Mid-afternoon on Friday, August 7, the Essex County Prosecutor's Office dropped its cyber harassment charges against all five defendants, the Asbury Park Press reports. These charges stemmed from an incident involving a Tweet attempting to identify a New Jersey police officer. Our original story on the situation appears unchanged below.
A New Jersey man is facing felony charges for a tweet seeking to identify a police officer. Four others are facing felony charges for retweeting the tweet, the Washington Post reports.
[...] The complaint against Sziszak claims that the tweet caused the officer to "fear that harm will come to himself, family, and property."
"As a 20 year old that simply retweeted a tweet to help my friend, I am now at risk of giving up my career, serving time, and having a record," Sziszak wrote.
Wind turbines are a great source of renewable energy, and a great DIY project, too. They can be built with all kinds of materials and the barrier for entry is low for the beginner. [Fab] has built just such a device, taking advantage of modern construction techniques, and dubbed it the WinDIY.
[...] [Fab]'s writeup goes into great detail on topics like the design of the pitch control systems and other minutae, which should serve as a great reference for anyone else working on a similar project. If you're looking for something with more of a sci-fi future vibe, consider attempting a vertical-axis build instead.
[HAWT - Horizontal Axis Wind Turbine]
We've all eaten something that seems to run right through us, but rarely do our meals get to live another day once they leave our bodies. Yet that's exactly what happens when frogs snack on the aquatic beetle Regimbartia attenuata.
In a new study published Monday in the journal Current Biology, Kobe University ecologist Shinji Sugiura reveals more about the evolution of escape behavior in prey animals, most notably the aquatic beetle.
[...] When the Pelophylax nigromaculatus frog gulps the beetle, it can survive by swimming through the frog's digestive tract to later be pooped out intact and alive. Previously, it was suspected frogs spit out beetles that moved so erratically.
Sugiura revealed that 93 percent of the beetles fed to a frog during the study escaped the frog's "vent" (anus) within four hours, "frequently entangled in fecal pellets." The quickest beetle escape was an impressive six minutes.
Because the aquatic beetle has evolved to become a better swimmer by kicking its legs and can breathe underwater by trapping a small pocket of air under its wing covers, the beetle may have also evolved to survive inside a frog's intestines long enough to escape through its captor's tush.
Shinji Sugiura. Active escape of prey from predator vent via the digestive tract, Current Biology (DOI: 10.1016/j.cub.2020.06.026)
Huawei Technologies Co will stop making its flagship Kirin chipsets next month, financial magazine Caixin said on Saturday, as the impact of U.S. pressure on the Chinese tech giant grows.
U.S. pressure on Huawei's suppliers has made it impossible for the company's HiSilicon chip division to keep making the chipsets, key components for mobile phone, Richard Yu, CEO of Huawei's Consumer Business Unit was quoted as saying at the launch of the company's new Mate 40 handset.
[...] "From Sept. 15 onward, our flagship Kirin processors cannot be produced," Yu said, according to Caixin. "Our AI-powered chips also cannot be processed. This is a huge loss for us."
Huawei's HiSilicon division relies on software from U.S. companies such as Cadence Design Systems Inc or Synopsys Inc to design its chips and it outsources the production to Taiwan Semiconductor Manufacturing Co (TSMC), which uses equipment from U.S. companies.
Also at PhoneArena.
Previously: Arrest of Huawei Executive Causing Discontent Among Chinese Elites
Huawei Soldiers on, Announces Nova 5 and Kirin 810
U.S. Attempting to Restrict TSMC Sales to Huawei
TSMC Dumps Huawei
Huawei on List of 20 Chinese Companies that Pentagon Says are Controlled by People's Liberation Army
The Mighty Buzzard writes:
Yeah, so, failure to babysit the db node that was scheduled for a reboot on the 5th resulted in a bit of database FUBAR that left us temporarily losing everything from then to now. Fortunately we had a backup less than six hours old, restored from it, and appear to be copacetic now. Except for the missing five hours and change.
I'd usually make some sort of dumb joke here but it was already four hours past my bedtime when I found out about the problem. My brain is no work good anymore. Fill in whatever dad joke or snark about getting a do-over for a change strikes your fancy.