Miscellaneous Tech News

mlnews

NHS rejects Apple-Google coronavirus app plan

The UK's coronavirus contact-tracing app is set to use a different model to the one proposed by Apple and Google, despite concerns raised about privacy and performance.
The NHS says it has a way to make the software work "sufficiently well" on iPhones without users having to keep it active and on-screen. That limitation has posed problems for similar apps in other countries. Experts from GCHQ's National Cyber Security Centre have aided the effort. NCSC indicated that its involvement has been limited to an advisory role. "Engineers have met several core challenges for the app to meet public health needs and support detection of contact events sufficiently well, including when the app is in the background, without excessively affecting battery life," said a spokeswoman for NHSX, the health service's digital innovation unit.

mlnews

Virgin Media goes offline for thousands

Virgin Media, one of the UK's largest broadband providers, has gone offline for thousands of users, at peak time.
The outage began just after 17:00 on Monday, coinciding with the government daily coronavirus press briefing. The Downdetector service recorded more than 30,000 reports. Many said their service had come back online shortly after the outage but others reported ongoing problems nearly an hour later. Virgin said the problem had been fixed, despite ongoing complaints on Twitter. In a statement that followed, a company spokesman said: "We're currently investigating an intermittent broadband issue that lasted for a very short period of time earlier this evening.

mlnews

Coronavirus: UK contact-tracing app 'ready in two to three weeks'

Building a coronavirus contact-tracing app that might help the UK emerge from lockdown has been a titanic effort - and it has largely taken place in private.
But now the NHS chief responsible has told MPs he hopes the first version will be ready in a fortnight's time. Matthew Gould also disclosed plans to log the location of whenever two or more people are in close proximity for minutes at a time. That will disturb privacy campaigners. However, NHSX - the health service's digital innovation unit - has told BBC News this extra request will be "opt in" rather than the default setting.

mlnews

AI cannot be recognised as an inventor, US rules

An artificial intelligence system has been refused the right to two patents in the US, after a ruling only "natural persons" could be inventors.
The US Patent and Trademark Office rejected two patents where the AI system Dabus was listed as the inventor, in a ruling on Monday. US patent law had previously only specified eligible inventors had to be "individuals". And its creator, physicist and AI researcher Stephen Thaler, had argued that because he had not helped it with the inventions, it would be inaccurate to list himself as the inventor.

scottalanmiller

@mlnews said in Miscellaneous Tech News:

AI cannot be recognised as an inventor, US rules

An artificial intelligence system has been refused the right to two patents in the US, after a ruling only "natural persons" could be inventors.
The US Patent and Trademark Office rejected two patents where the AI system Dabus was listed as the inventor, in a ruling on Monday. US patent law had previously only specified eligible inventors had to be "individuals". And its creator, physicist and AI researcher Stephen Thaler, had argued that because he had not helped it with the inventions, it would be inaccurate to list himself as the inventor.

Probably best as AI can't sue you, either. It just means that the owner of the AI, not the AI, has to be listed.

black3dynamite

What’s New with Pop!_OS 20.04 LTS
https://blog.system76.com/post/616861064165031936/whats-new-with-popos-2004-lts

https://pop.system76.com/

Danp

Salt Bugs Allow Full RCE as Root on Cloud Servers

The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently.

black3dynamite

https://www.altaro.com/hyper-v/office-365-microsoft-365/

Danp

@Danp said in Miscellaneous Tech News:

Salt Bugs Allow Full RCE as Root on Cloud Servers

The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently.

Looks like they weren't kidding...

https://www.zdnet.com/article/hackers-breach-lineageos-servers-via-unpatched-vulnerability/

1337

US govt updates O365 security best practices

https://www.us-cert.gov/ncas/alerts/aa20-120a

Summary

CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets by defending against attacks related to their O365 transition and better securing O365 services.

Specifically, CISA recommends that administrators implement the following mitigations and best practices:

• Use multi-factor authentication. This is the best mitigation technique to protect against credential theft for O365 administrators and users.
• Protect Global Admins from compromise and use the principle of “Least Privilege.”
• Enable unified audit logging in the Security and Compliance Center.
• Enable Alerting capabilities.
• Integrate with organizational SIEM solutions.
• Disable legacy email protocols, if not required, or limit their use to specific users.

EddieJennings

@Pete-S said in Miscellaneous Tech News:

US govt updates O365 security best practices

https://www.us-cert.gov/ncas/alerts/aa20-120a

Summary

CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets by defending against attacks related to their O365 transition and better securing O365 services.

Specifically, CISA recommends that administrators implement the following mitigations and best practices:

• Use multi-factor authentication. This is the best mitigation technique to protect against credential theft for O365 administrators and users.
• Protect Global Admins from compromise and use the principle of “Least Privilege.”
• Enable unified audit logging in the Security and Compliance Center.
• Enable Alerting capabilities.
• Integrate with organizational SIEM solutions.
• Disable legacy email protocols, if not required, or limit their use to specific users.

They all read as common sense to me

scottalanmiller

@EddieJennings said in Miscellaneous Tech News:

They all read as common sense to me

So not exactly expected from the US gov't.

mlnews

Coronavirus: Far-right spreads Covid-19 'infodemic' on Facebook

"What if [they] are trying to kill off as many people as possible" reads one Facebook post.
"Eventually, these scum will release something truly nasty to wipe us all out, but first they have to train us to be obedient slaves" reads another. A third: "Coronavirus is the newest Islamist weapon." Many of us by now will have seen something of the "infodemic" the World Health Organization (WHO) warned is swirling across society. Whether popping into your online timeline or maybe forwarded by a relative, it would have been a rumour or revelation so eye-grabbing, so shockingly different from the norm, that they're hard to ignore.

scottalanmiller

BackBlaze B2 now offers S3 API.

black3dynamite

https://community.saltstack.com/blog/critical-vulnerabilities-update-cve-2020-11651-and-cve-2020-11652/

mlnews

Latvian drone fuelled for days goes missing, restricting airspace

Latvian authorities are hunting a 26kg (57lb) drone that went missing mid-flight, causing air-traffic problems.
The aviation authority has restricted flights below 19,500ft (6,000m) in the region while they search for it. While officials say it is likely the drone, which took off on Saturday, has landed, it had enough fuel to fly until 19:10 local time on Tuesday (17:10 BST). Many members of the public reported sightings but none has been confirmed. The non-military drone is understood to belong to a local unmanned aerial vehicle (UAV) manufacturer. During a test flight, the company lost communications with the drone and lost track of its location, Latvian media reports.

JaredBusch

Uncle Sam to agencies: No encrypted DNS for you!

The US federal government has been protecting its users by blocking malicious destinations for years, but it won’t let them take advantage of the latest protective measure in DNS – encryption – just yet. Last month, the US Department of Homeland Security warned government agencies that they’re legally bound to use an internal system that won’t support this feature.

Grey

https://exchange.xforce.ibmcloud.com/#/collection/705fd7c8cc1111e72979c5fc52611775

Kaiji - New Chinese Linux Malware

Summary
A new report from Intezer details a new Chinese malware, named Kaiji, that is brute forcing servers and IoT devices. Its name is based on function, the botnet was built from scratch using Golang programming language, a rare occurrence within the IoT botnet arena.

Obsolesce

28,000 GoDaddy Hosting Accounts Compromised

"On May 4, 2020, GoDaddy, one of the world’s largest website hosting providers, disclosed that the SSH credentials of approximately 28,000 GoDaddy hosting accounts were compromised by an unauthorized attacker."

Danp

Hackers hide web skimmer behind a website's favicon

The trick, according to Malwarebytes, was that the MyIcons..net website served a legitimate favicon file for all a website's pages, except on pages that contained checkout forms.

On these pages, the MyIcons..net website would secretly switch the favicon with a malicious JavaScript file that created a fake checkout form and stole user card details.