An anonymous reader quotes a report from Wired: One of the world's most peculiar test beds stretches above Princeton, New Jersey. It's a fiber optic cable strung between three utility poles that then runs underground before feeding into an "interrogator." This device fires a laser through the cable and analyzes the light that bounces back. It can pick up tiny perturbations in that light caused by seismic activity or even loud sounds, like from a passing ambulance. It's a newfangled technique known as distributed acoustic sensing, or DAS. Because DAS can track seismicity, other scientists are increasingly using it to monitor earthquakes and volcanic activity. (A buried system is so sensitive, in fact, that it can detect people walking and driving above.) But the scientists in Princeton just stumbled upon a rather noisier use of the technology. In the spring of 2021, Sarper Ozharar -- a physicist at NEC Laboratories, which operates the Princeton test bed -- noticed a strange signal in the DAS data. "We realized there were some weird things happening," says Ozharar. "Something that shouldn't be there. There was a distinct frequency buzzing everywhere." The team suspected the "something" wasn't a rumbling volcano -- not inNew Jersey -- but the cacophony of the giant swarm of cicadas that had just emerged from underground, a population known as Brood X. A colleague suggested reaching out to Jessica Ware, an entomologist and cicada expert at the American Museum of Natural History, to confirm it. "I had been observing the cicadas and had gone around Princeton because we were collecting them for biological samples," says Ware. "So when Sarper and the team showed that you could actually hear the volume of the cicadas, and it kind of matched their patterns, I was really excited." Add insects to the quickly growing list of things DAS can spy on. Thanks to some specialized anatomy, cicadas are the loudest insects on the planet, but all sorts of other six-legged species make a lot of noise, like crickets and grasshoppers. With fiber optic cables, entomologists might have stumbled upon a powerful new way to cheaply and constantly listen in on species -- from afar. "Part of the challenge that we face in a time when there's insect decline is that we still need to collect data about what population sizes are, and what insects are where," says Ware. "Once we are able to familiarize ourselves with what's possible with this type of remote sensing, I think we can be really creative."

Read more of this story at Slashdot.

An anonymous reader quotes a report from XDA Developers: A few days ago, we spotted that the HP Smart App was being installed on people's PCs without their consent. Even worse, the app would reappear if users tried to uninstall it or clean-installed Windows. Now, the cause has finally been identified: a recent Windows 10 and 11 update is renaming everyone's printers to "HP LaserJet M101-M106" regardless of what model it actually is. As reported on Windows Latest, the latest update for Windows 10 and 11 seems to think that people's printers are an HP LaserJet model, regardless of their actual brand. It's believed that the bug appeared after HP pushed its latest metadata to Windows Update, but something went awry in the code and caused other printers to be labeled as HP LaserJet printers. This explains why the HP Smart App has been sneaking onto people's computers without their consent. A key part of Windows Update is keeping third-party drivers and devices updated, including downloading any apps that the devices depend on. After the printer metadata incorrectly identified everyone's printers as HP LaserJet printers, Windows installed all the software needed for an HP printer to work smoothly, including the HP Smart App. Fortunately, the bug only affects the metadata for the printer. While the printer may show up with a different name on your system, you should still be able to send print jobs to it. Microsoft has since removed the fault metadata from Windows Update, so anyone performing a clean install from now on should get their original printer's name back and stop the HP Smart App from re-downloading. Further reading: HP Exec Says Quiet Part Out Loud When It Comes To Locking in Print Customers

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Intel on Tuesday pushed microcode updates to fix a high-severity CPU bug that has the potential to be maliciously exploited against cloud-based hosts. The flaw, affecting virtually all modern Intel CPUs, causes them to "enter a glitch state where the normal rules don't apply," Tavis Ormandy, one of several security researchers inside Google who discovered the bug, reported. Once triggered, the glitch state results in unexpected and potentially serious behavior, most notably system crashes that occur even when untrusted code is executed within a guest account of a virtual machine, which, under most cloud security models, is assumed to be safe from such faults. Escalation of privileges is also a possibility. The bug, tracked under the common name Reptar and the designation CVE-2023-23583, is related to how affected CPUs manage prefixes, which change the behavior of instructions sent by running software. Intel x64 decoding generally allows redundant prefixes -- meaning those that don't make sense in a given context -- to be ignored without consequence. During testing in August, Ormandy noticed that the REX prefix was generating "unexpected results" when running on Intel CPUs that support a newer feature known as fast short repeat move, which was introduced in the Ice Lake architecture to fix microcoding bottlenecks. The unexpected behavior occurred when adding the redundant rex.r prefixes to the FSRM-optimized rep mov operation. [...] Intel's official bulletin lists two classes of affected products: those that were already fixed and those that are fixed using microcode updates released Tuesday. An exhaustive list of affected CPUs is available here. As usual, the microcode updates will be available from device or motherboard manufacturers. While individuals aren't likely to face any immediate threat from this vulnerability, they should check with the manufacturer for a fix. People with expertise in x86 instruction and decoding should read Ormandy's post in its entirety. For everyone else, the most important takeaway is this: "However, we simply don't know if we can control the corruption precisely enough to achieve privilege escalation." That means it's not possible for people outside of Intel to know the true extent of the vulnerability severity. That said, anytime code running inside a virtual machine can crash the hypervisor the VM runs on, cloud providers like Google, Microsoft, Amazon, and others are going to immediately take notice.

Read more of this story at Slashdot.

In a rare move, Apple hit pause on development of next year's software updates for the iPhone, iPad, Mac and other devices so that it could root out glitches in the code. From a report: The delay, announced internally to employees last week, was meant to help maintain quality control after a proliferation of bugs in early versions, according to people with knowledge of the decision. Rather than adding new features, company engineers were tasked with fixing the flaws and improving the performance of the software, said the people, who asked not to be identified because the matter is private. Apple's software -- famous for its clean interfaces, easy-to-use controls and focus on privacy -- is one of its biggest selling points. That makes quality control imperative. But the company has to balance a desire to add new features with making sure its operating systems run as smoothly as possible. [...] When looking at new operating systems due for release next year, the software engineering management team found too many "escapes" -- an industry term for bugs missed during internal testing. So the division took the unusual step of halting all new feature development for one week to work on fixing the bugs. With thousands of different Apple employees working on a range of operating systems and devices -- that need to work together seamlessly -- it's easy for glitches to crop up.

Read more of this story at Slashdot.

"Earlier this month, the California Department of Food and Agriculture quarantined 69 square miles of metro L.A. after invasive and destructive Mediterranean fruit flies were found at a home in the Leimert Park neighborhood," notes The Hill. Officials are now planning to use small planes to drop millions of fruit flies over Los Angeles in an effort to eradicate an invasive and destructive species of the insects. From the report: Jay Van Rein, a spokesperson for the CDFA, told SFGATE that officials plan to drop approximately 250,000 sterile male fruit flies per square mile in the quarantine area every week for six months, or perhaps longer. The sterile males mate with the females, which fail to produce offspring, reducing the population over time. Van Rein says the Preventative Release Program (PRP), as it's called, has been used effectively to manage invasive species since 1996. The quarantine radius includes parts of downtown and South L.A., Hyde Park, Baldwin Hills, Culver City, Inglewood, Pico-Robertson and Mid-Wilshire. Those who live within the zone are urged not to transport any fruits or vegetables from their property and to double-bag them in plastic before tossing them in the trash. The Mediterranean fruit fly is very tiny -- only about 1/4 inch in length -- but they can potentially cause hundreds of millions of dollars in damage to crops if left unchecked, officials said. When a female lays eggs in a fruit or vegetable, they hatch into maggots that tunnel through it and cause rot.

Read more of this story at Slashdot.

Richard Speed reports via The Register: Asahi Linux, a project to port Linux to Apple Silicon Macs, has reported a combination of bugs in Apple's macOS that could leave users with hardware in a difficult-to-recover state. The issues revolve around how recent versions of macOS handle refresh rates, and MacBook Pro models with ProMotion displays (the 14 and 16-inch versions) are affected. According to the Asahi team, the bugs lurk in the upgrade and boot process and, when combined, can create a condition where a machine always boots to a black screen, and a Device Firmware Update (DFU) recovery is needed. Asahi Linux's techies have looked into the issue, having first suspected it had something to do with either having an Asahi Linux installation on a Mac and then upgrading to macOS Sonoma or installing Asahi Linux after a Sonoma upgrade. However, the issue appears to be unconnected to the project. The team said: "As far as we can tell, ALL users who upgraded to Sonoma the normal way have an out-of-date or even broken System RecoveryOS, and in particular MacBook Pro 14" and 16" owners are vulnerable to ending up with a completely unbootable system." While this might sound alarming, the team was at pains to assure users that data was not at risk and only certain versions of macOS were affected -- Sonoma 14.0+ and Ventura 13.6+. The first bug is related to macOS Sonoma using the previously installed version as System Recovery, which can cause problems when an older RecoveryOS runs into newer firmware. The second occurs if a display is configured to a refresh rate other than ProMotion. According to the Asahi Linux team, the system will no longer be able to boot into old macOS installs or Asahi Linux. "This includes recovery mode when those systems are set as the default boot OS, and also System Recovery at least until the next subsequent OS upgrade." The team noted: "Even users with just 13.6 installed single-boot are affected by this issue (no Asahi Linux needed). "We do not understand how Apple managed to release an OS update that, when upgraded to normally, leaves machines unbootable if their display refresh rate is not the default. This seems to have been a major QA oversight by Apple."

Read more of this story at Slashdot.

Wednesday Greg Kroah-Hartman announced the release of the 6.4.2 kernel. "All users of the 6.4 kernel series must upgrade." The Hacker News reports: Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date. "As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said. "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging." Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds. A proof-of-concept (PoC) exploit and additional technical specifics about the bug are expected to be made public by the end of the month. ZDNet points out that Linux 6.4 "offers improved hardware enablement for ARM boards" and does a better job with the power demands of Steam Deck gaming devices. And "On the software side, the Linux 6.4 release includes more upstreamed Rust code. We're getting ever closer to full in-kernel Rust language support." The Register also notes that Linux 6.4 also includes "the beginnings of support for Apple's M2 processors," along with support for hibernation of RISC-V CPUs, "a likely presage to such silicon powering laptop computers."

Read more of this story at Slashdot.

Wednesday Greg Kroah-Hartman announced the release of the 6.4.2 kernel. "All users of the 6.4 kernel series must upgrade." The Hacker News reports: Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date. "As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said. "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging." Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds. A proof-of-concept (PoC) exploit and additional technical specifics about the bug are expected to be made public by the end of the month. ZDNet points out that Linux 6.4 "offers improved hardware enablement for ARM boards" and does a better job with the power demands of Steam Deck gaming devices. And "On the software side, the Linux 6.4 release includes more upstreamed Rust code. We're getting ever closer to full in-kernel Rust language support." The Register also notes that Linux 6.4 also includes "the beginnings of support for Apple's M2 processors," along with support for hibernation of RISC-V CPUs, "a likely presage to such silicon powering laptop computers."

Read more of this story at Slashdot.

Wednesday BleepingComputer reported: Malwarebytes confirmed today that the Windows 11 22H2 KB5027231 cumulative update released this Patch Tuesday breaks Google Chrome on its customers' systems... While uninstalling the KB5027231 update fixes the issue, admins report that it's not possible to do so via Windows Server Update Services because of a "catastrophic error..." The Google Chrome process is actually running but is prevented from fully launching the application and loading the user interface due to the conflict. Then Friday BleepingComputer reported that the same update "also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions." "We deploy Secure Endpoint 8.1.7 to our few thousand devices, and we started getting a mountain of reports this morning that Google Chrome would not appear on the screen after attempting to open it," one admin said. "With a little trial & error, I found that killing the Secure Endpoint service or uninstalling Secure Endpoint will allow Chrome to open again..." WatchGuard staff also confirmed on Friday that Google Chrome wouldn't open on Windows 11 after installing KB5027231 if anti-exploit protection is enabled in the company's Endpoint Security software. Thanks to Slashdot reader boley1 for sharing the news.

Read more of this story at Slashdot.

Long-time Slashdot reader waspleg shared this story from Hot Hardware: Red Hat Linux developer Richard WM Jones has shared an eyebrow raising tale of Linux bug hunting. Jones noticed that Linux 6.4 has a bug which means it will hang on boot about 1 in 1,000 times. Jones set out to pinpoint the bug, and prove he had caught it red handed. However, his headlining travail, involving booting Linux 292,612 times (and another 1,000 times to confirm the bug) apparently "only took 21 hours." It also seems that the bug is less common with Intel hardware than AMD based machines.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: This year's DEF CON AI Village has invited hackers to show up, dive in, and find bugs and biases in large language models (LLMs) built by OpenAI, Google, Anthropic, and others. The collaborative event, which AI Village organizers describe as "the largest red teaming exercise ever for any group of AI models," will host "thousands" of people, including "hundreds of students from overlooked institutions and communities," all of whom will be tasked with finding flaws in LLMs that power today's chat bots and generative AI. Think: traditional bugs in code, but also problems more specific to machine learning, such as bias, hallucinations, and jailbreaks -- all of which ethical and security professionals are now having to grapple with as these technologies scale. DEF CON is set to run from August 10 to 13 this year in Las Vegas, USA. For those participating in the red teaming this summer, the AI Village will provide laptops and timed access to LLMs from various vendors. Currently this includes models from Anthropic, Google, Hugging Face, Nvidia, OpenAI, and Stability. The village people's announcement also mentions this is "with participation from Microsoft," so perhaps hackers will get a go at Bing. We're asked for clarification about this. Red teams will also have access to an evaluation platform developed by Scale AI. There will be a capture-the-flag-style point system to promote the testing of "a wide range of harms," according to the AI Village. Whoever gets the most points wins a high-end Nvidia GPU. The event is also supported by the White House Office of Science, Technology, and Policy; America's National Science Foundation's Computer and Information Science and Engineering (CISE) Directorate; and the Congressional AI Caucus.

Read more of this story at Slashdot.

Here's a good reason to use Google Pay: Google might send you a bunch of free money. From a report: Many users report that Google accidentally deposited cash in their accounts -- anywhere from $10 to $1,000. Android researcher Mishaal Rahman got hit with the bug and shared most of the relevant details on Twitter. The cash arrived via Google Pay's "reward" program. Just like a credit card, you're supposed to get a few bucks back occasionally for various promotions, but nothing like this. Numerous screenshots show users receiving loads of "Reward" money for what the message called "dogfooding the Google Pay Remittance experience." "Dogfooding" is tech speak for "internally beta testing pre-release software," so if a message like this was ever supposed to go out, it should have only gone out to Google employees and/or some testing partners. Many regular users received multiple copies of this message with multiple payouts.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Back in 2018, Pixel phones gained a built-in screenshot editor called "Markup" with the release of Android 9.0 Pie. The tool pops up whenever you take a screenshot, and tapping the app's pen icon gives you access to tools like crop and a few colored drawing pens. That's very handy assuming Google's Markup tool actually does what it says, but a new vulnerability points out the edits made by this tool weren't actually destructive! It's possible to uncrop or unredact Pixel screenshots taken during the past four years. The bug was discovered by Simon Aarons and is dubbed "Acropalypse," or more formally CVE-2023-21036. There's a proof-of-concept app that can unredact Pixel screenshots at acropalypse.app, and it works! There's also a good technical write-up here by Aarons' collaborator, David Buchanan. The basic gist of the problem is that Google's screenshot editor overwrites the original screenshot file with your new edited screenshot, but it does not truncate or recompress that file in any way. If your edited screenshot has a smaller file size than the original -- that's very easy to do with the crop tool -- you end up with a PNG with a bunch of hidden junk data at the end of it. That junk data is made up of the end bits of your original screenshot, and it's actually possible to recover that data. While the bug was fixed in the March 2023 security update for Pixel devices, it doesn't solve the problem, notes Ars. "There's still the matter of the last four years of Pixel screenshots that are out there and possibly full of hidden data that people didn't realize they were sharing."

Read more of this story at Slashdot.

An anonymous reader shares a report: Nvidia released a new driver update for its GeForce graphics cards that, among other things, introduced a new Video Super Resolution upscaling technology that could make low-resolution videos look better on high-resolution screens. But the driver (version 531.18) also apparently came with a bug that caused high CPU usage on some PCs after running and then closing a game. Nvidia has released a driver hotfix (version 531.26) that acknowledges and should fix the issue, which was apparently being caused by an undisclosed bug in the "Nvidia Container," a process that exists mostly to contain other processes that come with Nvidia's drivers. It also fixes a "random bugcheck" issue that may affect some older laptops with GeForce 1000-series or MX250 and MX350 GPUs.

Read more of this story at Slashdot.

Longtime Slashdot reader theshowmecanuck shares a report from CBS News: A 2012 trip to a Fayetteville, Arkansas, Walmart to pick up some milk turned out to be one for the history books. A giant bug that stopped a scientist in his tracks as he walked into the store and he ended up taking home turned out to be a rare Jurassic-era flying insect. Michael Skvarla, director of Penn State University's Insect Identification Lab, found the mysterious bug -- an experience that he says he remembers "vividly." "I was walking into Walmart to get milk and I saw this huge insect on the side of the building," he said in a press release from Penn State. "I thought it looked interesting, so I put it in my hand and did the rest of my shopping with it between my fingers. I got home, mounted it, and promptly forgot about it for almost a decade." [I]n the fall of 2020 when he was teaching an online course on insect biodiversity and evolution, Skvarla was showing students the bug and suddenly realized it wasn't what he originally thought. He and his students then figured out what it might be -- live on a Zoom call. "We were watching what Dr. Skvarla saw under his microscope and he's talking about the features and then just kinda stops," one of his students Codey Mathis said. "We all realized together that the insect was not what it was labeled and was in fact a super-rare giant lacewing." A clear indicator of this identification was the bug's wingspan. It was about 50 millimeters -- nearly 2 inches -- a span that the team said made it clear the insect was not an antlion. His team's molecular analysis on the bug has been published in the Proceedings of the Entomological Society of Washington. theshowmecanuck captioned: "To be fair, he said he didn't know what it was so [he] just collected it and took it home, and then figured it out later. My thought that I added to the title was because of this quote in the story (which tickled my cynicism in humanity): "It could have been 100 years since it was even in this area -- and it's been years since it's been spotted anywhere near it..."

Read more of this story at Slashdot.

Since the earliest versions of the iPhone, "The ability to dynamically execute code was nearly completely removed," write security researchers at Trellix, "creating a powerful barrier for exploits which would need to find a way around these mitigations to run a malicious program. As macOS has continually adopted more features of iOS it has also come to enforce code signing more strictly. "The Trellix Advanced Research Center vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape on both macOS and iOS.... The vulnerabilities range from medium to high severity with CVSS scores between 5.1 and 7.1. These issues could be used by malicious applications and exploits to gain access to sensitive information such as a user's messages, location data, call history, and photos." Computer Weekly explains that the vulnerability bypasses strengthened code-signing mitigations put in place by Apple on its developer tool NSPredicate after the infamous ForcedEntry exploit used by Israeli spyware manufacturer NSO Group: So far, the team has found multiple vulnerabilities within the new class of bugs, the first and most significant of which exists in a process designed to catalogue data about behaviour on Apple devices. If an attacker has achieved code execution capability in a process with the right entitlements, they could then use NSPredicate to execute code with the process's full privilege, gaining access to the victim's data. Emmitt and his team also found other issues that could enable attackers with appropriate privileges to install arbitrary applications on a victim's device, access and read sensitive information, and even wipe a victim's device. Ultimately, all of the new bugs carry a similar level of impact to ForcedEntry. Senior vulnerability researcher Austin Emmitt said the vulnerabilities constituted a "significant breach" of the macOS and iOS security models, which rely on individual applications having fine-grain access to the subset of resources needed, and querying services with more privileges to get anything else. "The key thing here is the vulnerabilities break Apple's security model at a fundamental level," Trellix's director of vulnerability research told Wired — though there's some additional context: Apple has fixed the bugs the company found, and there is no evidence they were exploited.... Crucially, any attacker trying to exploit these bugs would require an initial foothold into someone's device. They would need to have found a way in before being able to abuse the NSPredicate system. (The existence of a vulnerability doesn't mean that it has been exploited.) Apple patched the NSPredicate vulnerabilities Trellix found in its macOS 13.2 and iOS 16.3 software updates, which were released in January. Apple has also issued CVEs for the vulnerabilities that were discovered: CVE-2023-23530 and CVE-2023-23531. Since Apple addressed these vulnerabilities, it has also released newer versions of macOS and iOS. These included security fixes for a bug that was being exploited on people's devices. TechCrunch explores its severity: While Trellix has seen no evidence to suggest that these vulnerabilities have been actively exploited, the cybersecurity company tells TechCrunch that its research shows that iOS and macOS are "not inherently more secure" than other operating systems.... Will Strafach, a security researcher and founder of the Guardian firewall app, described the vulnerabilities as "pretty clever," but warned that there is little the average user can do about these threats, "besides staying vigilant about installing security updates." And iOS and macOS security researcher Wojciech ReguÅa told TechCrunch that while the vulnerabilities could be significant, in the absence of exploits, more details are needed to determine how big this attack surface is. Jamf's Michael Covington said that Apple's code-signing measures were "never intended to be a silver bullet or a lone solution" for protecting device data. "The vulnerabilities, though noteworthy, show how layered defenses are so critical to maintaining good security posture," Covington said.

Read more of this story at Slashdot.

The Zero Day Initiative, a zero-day security research firm, announced a new Linux kernel security bug that allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. ZDNet reports: Originally, the Zero Day Initiative ZDI rated it a perfect 10 on the 0 to 10 common Vulnerability Scoring System scale. Now, the hole's "only" a 9.6.... The problem lies in the Linux 5.15 in-kernel Server Message Block (SMB) server, ksmbd. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the kernel context. This new program, which was introduced to the kernel in 2021, was developed by Samsung. Its point was to deliver speedy SMB3 file-serving performance.... Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15.

Read more of this story at Slashdot.

Ars Technica reports on a dangerously "wormable" Windows vulnerability that allowed attackers to execute malicious code with no authentication required — a vulnerability that was present "in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability." Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of "important." In the routine course of analyzing vulnerabilities after they're patched, IBM security researcher Valentina Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did [the flaw used to detonate WannaCry]. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue.... One potentially mitigating factor is that a patch for CVE-2022-37958 has been available for three months. EternalBlue, by contrast, was initially exploited by the NSA as a zero-day. The NSA's highly weaponized exploit was then released into the wild by a mysterious group calling itself Shadow Brokers. The leak, one of the worst in the history of the NSA, gave hackers around the world access to a potent nation-state-grade exploit. Palmiotti said there's reason for optimism but also for risk: "While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time," said Palmiotti. There's still some risk, Palmiotti tells Ars Technica. "As we've seen with other major vulnerabilities over the years, such as MS17-010 which was exploited with EternalBlue, some organizations have been slow deploying patches for several months or lack an accurate inventory of systems exposed to the internet and miss patching systems altogether." Thanks to Slashdot reader joshuark for sharing the article.

Read more of this story at Slashdot.

Keylogger-like behavior has some Corsair K100 keyboard customers concerned. Several users have reported their peripheral randomly entering text into their computer that they previously typed days or weeks ago. However, Corsair told Ars Technica that the behavior is a bug, not keylogging, and it's possibly related to the keyboard's macro recording feature. From a report: A reader tipped us off to an ongoing thread on Corsair's support forum that a user started in August. The user claimed that their K100 started typing on its own while they use it with a MacBook Pro, gaming computer, and KVM switch. "Every couple of days, the keyboard has started randomly typing on its own while I am working on the MacBook. It usually seems to type messages that I previously typed on the gaming PC and it won't stop until I unplug the keyboard and plug it back in," the user, "brendenguy," wrote. Ten users seemingly responded to the thread (we can't verify the validity of each claim or account, but Corsair confirmed this is a known issue), reporting similar experiences. [...] Corsair confirmed to Ars that it's received "several" reports of the K100 acting like this but affirmed that "there's no hardware function on the keyboard that operates as a key logger." The company didn't immediately respond to follow-up questions about how many keyboards were affected. "Corsair keyboards unequivocally do not log user input in any way and do not have the ability to log individual keystrokes," Corsair's rep told Ars Technica.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Phys.Org: Bumble bees play, according to new research led by Queen Mary University of London published in Animal Behavior. It is the first time that object play behavior has been shown in an insect, adding to mounting evidence that bees may experience positive "feelings." The team of researchers set up numerous experiments to test their hypothesis, which showed that bumble bees went out of their way to roll wooden balls repeatedly despite there being no apparent incentive for doing so. The study also found that younger bees rolled more balls than older bees, mirroring human behavior of young children and other juvenile mammals and birds being the most playful, and that male bees rolled them for longer than their female counterparts. The study followed 45 bumble bees in an arena and gave them the options of walking through an unobstructed path to reach a feeding area or deviating from this path into the areas with wooden balls. Individual bees rolled balls between 1 and, impressively, 117 times over the experiment. The repeated behavior suggested that ball-rolling was rewarding. This was supported by a further experiment where another 42 bees were given access to two colored chambers, one always containing movable balls and one without any objects. When tested and given a choice between the two chambers, neither containing balls, bees showed a preference for the color of the chamber previously associated with the wooden balls. The set-up of the experiments removed any notion that the bees were moving the balls for any greater purpose other than play. Rolling balls did not contribute to survival strategies, such as gaining food, clearing clutter, or mating and was done under stress-free conditions. [...] The new research showed the bees rolling balls repeatedly without being trained and without receiving any food for doing so -- it was voluntary and spontaneous -- therefore akin to play behavior as seen in other animals. Study first-author, Samadi Galpayage, Ph.D. student at Queen Mary University of London says that "it is certainly mind-blowing, at times amusing, to watch bumble bees show something like play. They approach and manipulate these 'toys' again and again. It goes to show, once more, that despite their little size and tiny brains, they are more than small robotic beings." "They may actually experience some kind of positive emotional states, even if rudimentary, like other larger fluffy, or not so fluffy, animals do. This sort of finding has implications to our understanding of sentience and welfare of insects and will, hopefully, encourage us to respect and protect life on Earth ever more."

Read more of this story at Slashdot.