fivenewscrypto
Terkini Populer Kategori
Headline
Loading...

Technology

[Technology][recentbylabel]

Ads Auto

vendredi 26 janvier 2024

In major gaffe, hacked Microsoft test account was assigned admin privileges

In major gaffe, hacked Microsoft test account was assigned admin privileges

In major gaffe, hacked Microsoft test account was assigned admin privileges

Enlarge

The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major gaffe on the company's part, a researcher said.

The new detail was provided in vaguely worded language included in a post Microsoft published on Thursday. It expanded on a disclosure Microsoft published late last Friday. Russia-state hackers, Microsoft said, used a technique known as password spraying to exploit a weak credential for logging into a “legacy non-production test tenant account” that wasn’t protected by multifactor authentication. From there, they somehow acquired the ability to access email accounts that belonged to senior executives and employees working in security and legal teams.

A “pretty big config error”

In Thursday’s post updating customers on findings from its ongoing investigation, Microsoft provided more details on how the hackers achieved this monumental escalation of access. The hackers, part of a group Microsoft tracks as Midnight Blizzard, gained persistent access to the privileged email accounts by abusing the OAuth authorization protcol, which is used industry-wide to allow an array of apps to access resources on a network. After compromising the test tenant, Midnight Blizzard used it to create a malicious app and assign it rights to access every email address on Microsoft’s Office 365 email service.

Read 11 remaining paragraphs | Comments


I abandoned OpenLiteSpeed and went back to good ol’ Nginx

I abandoned OpenLiteSpeed and went back to good ol’ Nginx

Ish is on fire, yo.

Enlarge / Ish is on fire, yo. (credit: Tim Macpherson / Getty Images)

Since 2017, in what spare time I have (ha!), I help my colleague Eric Berger host his Houston-area weather forecasting site, Space City Weather. It’s an interesting hosting challenge—on a typical day, SCW does maybe 20,000–30,000 page views to 10,000–15,000 unique visitors, which is a relatively easy load to handle with minimal work. But when severe weather events happen—especially in the summer, when hurricanes lurk in the Gulf of Mexico—the site’s traffic can spike to more than a million page views in 12 hours. That level of traffic requires a bit more prep to handle.

Hey, it's <a href="https://spacecityweather.com">Space City Weather</a>!

Hey, it's Space City Weather! (credit: Lee Hutchinson)

For a very long time, I ran SCW on a backend stack made up of HAProxy for SSL termination, Varnish Cache for on-box caching, and Nginx for the actual web server application—all fronted by Cloudflare to absorb the majority of the load. (I wrote about this setup at length on Ars a few years ago for folks who want some more in-depth details.) This stack was fully battle-tested and ready to devour whatever traffic we threw at it, but it was also annoyingly complex, with multiple cache layers to contend with, and that complexity made troubleshooting issues more difficult than I would have liked.

So during some winter downtime two years ago, I took the opportunity to jettison some complexity and reduce the hosting stack down to a single monolithic web server application: OpenLiteSpeed.

Read 32 remaining paragraphs | Comments


Cruise failed to disclose disturbing details of self-driving car crash

Cruise failed to disclose disturbing details of self-driving car crash

A Cruise robotaxi test vehicle in San Francisco.

Enlarge / A Cruise robotaxi test vehicle in San Francisco. (credit: Cruise)

A law firm hired by the General Motors’ self-driving subsidiary Cruise to investigate the company’s response to a gruesome San Francisco crash last year found that the company failed to fully disclose disturbing details to regulators, the tech company said today in a blog post. The incident in October led California regulators to suspend Cruise’s license to operate driverless vehicles in San Francisco.

The new report by law firm Quinn Emanuel says that Cruise failed to tell California’s Department of Motor Vehicles that after striking a pedestrian knocked into its path by a human-driven vehicle, the autonomous car pulled out of traffic—dragging her some 20 feet. Cruise said it had accepted the firm’s version of events, as well as its recommendations.

Read 5 remaining paragraphs | Comments


The life and times of Cozy Bear, the Russian hackers who just hit Microsoft and HPE

The life and times of Cozy Bear, the Russian hackers who just hit Microsoft and HPE

The life and times of Cozy Bear, the Russian hackers who just hit Microsoft and HPE

Enlarge (credit: Getty Images)

Hewlett Packard Enterprise (HPE) said Wednesday that Kremlin-backed actors hacked into the email accounts of its security personnel and other employees last May—and maintained surreptitious access until December. The disclosure was the second revelation of a major corporate network breach by the hacking group in five days.

The hacking group that hit HPE is the same one that Microsoft said Friday broke into its corporate network in November and monitored email accounts of senior executives and security team members until being driven out earlier this month. Microsoft tracks the group as Midnight Blizzard. (Under the company’s recently retired threat actor naming convention, which was based on chemical elements, the group was known as Nobelium.) But it is perhaps better known by the name Cozy Bear—though researchers have also dubbed it APT29, the Dukes, Cloaked Ursa, and Dark Halo.

“On December 12, 2023, Hewlett Packard Enterprise was notified that a suspected nation-state actor, believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear, had gained unauthorized access to HPE’s cloud-based email environment,” company lawyers wrote in a filing with the Securities and Exchange Commission. “The Company, with assistance from external cybersecurity experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity. Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”

Read 15 remaining paragraphs | Comments


Rocket Report: Iran reaches orbit; Chinese firm achieves impressive landing test

Rocket Report: Iran reaches orbit; Chinese firm achieves impressive landing test

First and second stages of Blue Origin's "New Glenn" test vehicle.

Enlarge / First and second stages of Blue Origin's "New Glenn" test vehicle. (credit: Blue Origin)

Welcome to Edition 6.28 of the Rocket Report! There's a lot going on in the world of launch as always, but this week I want to take this space for a personal message. I have just announced the forthcoming publication of my second book, REENTRY, on the Falcon 9 rocket, Dragon spacecraft, and development of reusable launch. Full details here. I worked very hard to get the inside story.

As always, we welcome reader submissions, and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

Europe seeks to support small launch companies. The European Space Agency and European Commission have selected five launch companies to participate in a new program to provide flight opportunities for new technologies, a sign of a greater role the European Union intends to play in launch, Space News reports. The effort seeks to stimulate demand for European launch services by allowing companies to compete for missions in the European Union’s In-Orbit Demonstration and Validation technology program. Proposals for the program's first phase are due to ESA at the end of February.

Read 22 remaining paragraphs | Comments


mercredi 24 janvier 2024

Aluminum mining waste could be a source of green steel

Aluminum mining waste could be a source of green steel

Image of a largely green landscape with a large, square area of red much in the center.

Enlarge / A red mud retaining pond in Germany. (credit: Wikimedia Commons)

The metals that form the foundation of modern society also cause a number of problems. Separating the metals we want from other minerals is often energy-intensive and can leave behind large volumes of toxic waste. Getting them in a pure form can often require a second and considerable energy input, boosting the associated carbon emissions.

A team of researchers from Germany has now figured out how to handle some of these problems for a specific class of mining waste created during aluminum production. Their method relies on hydrogen and electricity, which can both be sourced from renewable power and extracts iron and potentially other metals from the waste. What's left behind may still be toxic but isn't as environmentally damaging.

Out of the mud

The first step in aluminum production is the isolation of aluminum oxide from the other materials in the ore. This leaves behind a material known as red mud; it's estimated that nearly 200 million tonnes are produced annually. While the red color comes from the iron oxides present, there are a lot of other materials in it, some of which can be toxic. And the process of isolating the aluminum oxide leaves the material with a very basic pH.

Read 11 remaining paragraphs | Comments


Google’s latest AI video generator renders implausible situations for cute animals

Google’s latest AI video generator renders implausible situations for cute animals

Still images of AI-generated video examples provided by Google for its Lumiere video synthesis model.

Enlarge / Still images of AI-generated video examples provided by Google for its Lumiere video synthesis model. (credit: Google)

On Tuesday, Google announced Lumiere, an AI video generator that it calls "a space-time diffusion model for realistic video generation" in the accompanying preprint paper. But let's not kid ourselves: It does a great job at creating videos of cute animals in ridiculous scenarios, such as using roller skates, driving a car, or playing a piano. Sure, it can do more, but it is perhaps the most advanced text-to-animal AI video generator yet demonstrated.

According to Google, Lumiere utilizes unique architecture to generate a video's entire temporal duration in one go. Or, as the company put it, "We introduce a Space-Time U-Net architecture that generates the entire temporal duration of the video at once, through a single pass in the model. This is in contrast to existing video models which synthesize distant keyframes followed by temporal super-resolution—an approach that inherently makes global temporal consistency difficult to achieve."

In layperson terms, Google's tech is designed to handle both the space (where things are in the video) and time (how things move and change throughout the video) aspects simultaneously. So, instead of making a video by putting together many small parts or frames, it can create the entire video, from start to finish, in one smooth process.

Read 8 remaining paragraphs | Comments


Ads Auto


Smartphones

[Smartphones][recentbylabel]

Ads Auto

Photography

[Photography][recentbylabel2]

Economy

[Economy][recentbylabel2]