Supply Chain Attack Used Legitimate WordPress Add-Ons To Backdoor Sites

An anonymous reader quotes a report from Ars Technica: Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on "quite a few" sites running the open source content management system. The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected. In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on, the official developer site for the WordPress project, remained clean. "Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites," Ben Martin, a researcher with Web security firm Sucuri, wrote in a separate analysis of the backdoor. The Jetpack post said evidence indicates that the supply chain attack on AccessPress Themes was performed in September. Martin, however, said evidence suggests the backdoor itself is much older than that. Some of the infected websites had spam payloads dating back nearly three years. He said his best guess is that the people behind the backdoor were selling access to infected sites to people pushing web spam and malware. He wrote, "[...] it seems that the malware that we've found associated with this backdoor is more of the same: spam, and redirects to malware and scam sites." The Jetpack post provides full names and versions of the infected AccessPress software. Anyone running a WordPress site with this company's offerings should carefully inspect their systems to ensure they're not running a backdoored instance. Site owners may also want to consider installing a website firewall, many of which would have prevented the backdoor from working. Read more of this story at Slashdot.
2022-01-21 23:15:02 preview's
Cryptocurrencies Tumble As Global Investors Reduce Risk

New submitter NoMoreDupes shares a report from CoinDesk: The crypto market was in a sea of red on Friday as bitcoin, the world's largest cryptocurrency by market capitalization, tumbled more than 10% over the past 24 hours. It appears that global investors have entered the year with a reduced appetite for risk, and so the correlations between speculative assets such as cryptocurrencies and equities have increased, which results in widespread losses. Bitcoin is down roughly 40% from its all-time high of almost $69,000, while the S&P 500 is down about 7% from its peak, compared with a 10% drawdown in the Nasdaq 100 Index. Alternative cryptocurrencies (altcoins) led the way lower on Friday given their higher risk profile relative to bitcoin. Ether, the world's second-largest cryptocurrency by market cap, was down about 13% over the past 24 hours, compared with a 14% drop in AVAX and a 16% drop in FTM over the same period. Despite the losses, some analysts still foresee a short-term bounce. "We expect BTC to find a bid around the $35K mark, close to 50% from the top. In the short term, we can bounce to challenge the $45K-$50K zone, but the overall outlook remains bearish as liquidity remains tight," Pankaj Balani, CEO of Delta Exchange, a crypto derivatives trading platform, wrote in an email to CoinDesk. Read more of this story at Slashdot.
2022-01-21 22:00:06 preview's
Google Could Face Class-Action Lawsuit Over Free G Suite Legacy Account Shutdown

On Wednesday, Google announced that it is getting rid of the G Suite legacy free edition, "which allowed those that snuck in before 2012 to get free Google apps services tied to a custom domain rather than Gmail," reports Android Police. Since a lot of people will be left "in the lurch" after the shutdown, attorneys at Chimicles Schwartz Kriner & Donaldson-Smith are opening an investigating into the matter for a potential class-action lawsuit. From the report: No lawsuit has been filed yet; the attorneys involved are just collecting information for a potential lawsuit in the future once all the facts are straight (and Google has had time to reconsider its actions). When we covered the original news of the legacy G Suite shutdown, it seemed unreasonable to us, because customers using those legacy accounts are unable to transfer purchases or things like grandfathered subscription discounts to new accounts. When we asked if moving purchases between accounts might be possible, a Google representative confirmed it wasn't. [...] That means years of purchases tied to Google Play -- potentially hundreds to thousands of dollars of assets like movie and music purchases for a given customer, across thousands of affected customers -- could be tied to broken accounts because of the transition. Google explicitly confirmed to us that was the case, though customers could elect to keep using their broken suspended account alongside a working one. In essence, everyone that migrated to one of these accounts while they were still offered (from 2006 at least until 2012, so far as I can tell) will have to pay extra money to keep their existing purchases tied to a fully working account, and we think that's pretty ridiculous. Read more of this story at Slashdot.
2022-01-21 21:15:02 preview's
Hands-On Microsoft's Canceled Andromeda OS

Windows Central got their hands on a pre-release build of Microsoft's canceled Andromeda OS running on a Lumia 950. As noted in the article, "Andromeda OS was never intended to ship on the Lumia 950, or any Windows phone on the market at that time." They're using a 950 because Microsofted used them to help develop Andromeda OS internally. Also worth mentioning is the fact that Andromeda OS is no longer in development. Android is the OS that will be powering future Microsoft devices, such as the future Surface Duo devices. Here's an excerpt from the report: Microsoft decided to do something rather unique with Andromeda OS, and build out OS experience around a journaling/inking experience. On the lockscreen, the user is able to begin taking notes directly onto the lockscreen UI just by putting pen to screen. You don't have to initiate a special mode, or enter an app first, just take your Surface Pen and begin writing, and the lockscreen will store that ink for you to see every time you unlock your device. [...] Unlocking the device would take you to your home screen, which on Andromeda OS is another inking canvas. This canvas is called the Journal (though this later became the Microsoft Whiteboard app) which acted as a digital notebook with the ability to take notes with a pen, add sticky notes, insert images and 3D objects, and more. The Journal experience would always be running in the background, with your phone apps running above it. Andromeda OS was also gesture based. The on-screen Start and Cortana buttons would disappear when opening an app to provide a full-screen experience, so to access those areas, you'd swipe in from the left for Start, and from the right for Cortana, which is also where your notifications were stored. Yes, Cortana and your Notifications were one of the same on Andromeda OS, with Cortana becoming your "manager" of notifications missed or stored for dealing with later. A swipe down from the top would reveal the Control Center, which is feature that's now shipping on Windows 11, but started life here on Andromeda OS. Feature-wise, it's exactly the same, with the ability to control things like Wi-Fi, brightness, volume, and music playback. It also features Fluent Design acrylic blur effects, as do many other parts of the UI, even in this unfinished state. [...] There was also an experimental "Radial UX Menu" mode, where instead of gestures swiping in things like Start and Cortana, swiping would present you with a UI full of circular buttons for things like Start, switching apps, and more. This may have been an alternative to on-screen navigation, as not everyone was familiar with full gesture navigation at the time just yet. Or, it could have been an alternative method of navigation for when you were using a pen. Who knows. One thing we're not able to show you is the Continuum mode that Microsoft was also working on for Andromeda OS, as unfortunately it appears to be broken in the build we have. That said, we do know what it was going to be like. Essentially, Microsoft was building out Continuum to be a true desktop experience, with windowed app experiences, the ability to store icons on the desktop, and more. If you'd prefer to see Andromeda OS in action instead of read about it, you can watch Windows Central's video here. Read more of this story at Slashdot.
2022-01-21 20:45:03 preview's
Study: Leidenfrost effect occurs in all three water phases: Solid, liquid, and vapor

But there's a much higher threshold of 550° C for levitation of an ice disk to occur.
2022-01-21 19:30:04 preview's
Meta Researchers Build an AI That Learns Equally Well From Visual, Written or Spoken Materials

An anonymous reader quotes a report from TechCrunch: Meta (AKA Facebook) researchers are working on [...] an AI that can learn capably on its own whether it does so in spoken, written or visual materials. The traditional way of training an AI model to correctly interpret something is to give it lots and lots (like millions) of labeled examples. A picture of a cat with the cat part labeled, a conversation with the speakers and words transcribed, etc. But that approach is no longer in vogue as researchers found that it was no longer feasible to manually create databases of the sizes needed to train next-gen AIs. Who wants to label 50 million cat pictures? Okay, a few people probably -- but who wants to label 50 million pictures of common fruits and vegetables? Currently some of the most promising AI systems are what are called self-supervised: models that can work from large quantities of unlabeled data, like books or video of people interacting, and build their own structured understanding of what the rules are of the system. For instance, by reading a thousand books it will learn the relative positions of words and ideas about grammatical structure without anyone telling it what objects or articles or commas are -- it got it by drawing inferences from lots of examples. This feels intuitively more like how people learn, which is part of why researchers like it. But the models still tend to be single-modal, and all the work you do to set up a semi-supervised learning system for speech recognition won't apply at all to image analysis -- they're simply too different. That's where Facebook/Meta's latest research, the catchily named data2vec, comes in. The idea for data2vec was to build an AI framework that would learn in a more abstract way, meaning that starting from scratch, you could give it books to read or images to scan or speech to sound out, and after a bit of training it would learn any of those things. It's a bit like starting with a single seed, but depending on what plant food you give it, it grows into an daffodil, pansy or tulip. Testing data2vec after letting it train on various data corpi showed that it was competitive with and even outperformed similarly sized dedicated models for that modality. (That is to say, if the models are all limited to being 100 megabytes, data2vec did better -- specialized models would probably still outperform it as they grow.) Read more of this story at Slashdot.
2022-01-21 19:15:02 preview's
Picard and Guinan have a warm reunion in S2 trailer for Star Trek: Picard

"Your answers are not in the stars and they never have been."
2022-01-21 18:45:05 preview's
Unvaccinated 5X more likely to get omicron than those boosted, CDC reports

Real-world data shows booster doses are standing up to omicron.
2022-01-21 18:45:05 preview's
Two cannabinoids have opposing effects on SARS-CoV-2 in culture

In early tests, CBD inhibits the virus, but THC blocks this effect.
2022-01-21 18:15:02 preview's
Here’s why some games aren’t “verified” for Steam Deck compatibility

But the vast majority of games are at least "playable," with no graphics issues.
2022-01-21 17:15:02