All Activity

To offer learnings from its experience, MITRE has published initial details about the incident via the Center for Threat-Informed Defense, found here. McLean, Va., April 19, 2024 – MITRE today disclosed that despite its fervent commitment to safeguarding its digital assets, it experienced a breach that underscores the nature of modern cyber threats. After detecting suspicious activity on its Networked Experimentation, Research, and Virtualization Environment (NERVE), a collaborative network used for research, development, and prototyping, compromise by a foreign nation-state threat actor was confirmed. Following detection of the incident, MITRE took prompt action to contain the incident, including taking the NERVE environment offline, and quickly launched an investigation with the support of in-house and leading third-party experts. The investigation is ongoing, including to determine the scope of information that may be involved. MITRE has contacted authorities and notified affected parties and is working to restore operational alternatives for collaboration in an expedited and secure manner. “No organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible,” said Jason Providakes, president and CEO, MITRE. “We are disclosing this incident in a timely manner because of our commitment to operate in the public interest and to advocate for best practices that enhance enterprise security as well necessary measures to improve the industry’s current cyber defense posture. The threats and cyber attacks are becoming more sophisticated and require increased vigilance and defense approaches. As we have previously, we will share our learnings from this experience to help others and evolve our own practices.” NERVE is an unclassified collaborative network that provides storage, computing, and networking resources. Based on our investigation to date, there is no indication that MITRE’s core enterprise network or partners’ systems were affected by this incident. As part of our cybersecurity research in the public interest, MITRE has a 50-plus-year history of developing standards and tools used by the broad cybersecurity community. With frameworks like ATT&CK®, Engage™, D3FEND™, and CALDERA™ and a host of other cybersecurity tools, MITRE arms the worldwide community of cyber defenders. To offer learnings from its experience, MITRE has published initial details about the incident via the Center for Threat-Informed Defense, found here, and plans to release additional information as the investigation continues and concludes. Source

Microsoft is not done adding more odd stuff into its operating system. Following the not-so-great reception of new Start menu ads in one of the recent Beta builds, Microsoft is bringing even more ads, which, besides being slightly annoying, come at the cost of existing features. In build 22635.3500, the Sign Out button is now hidden behind a menu with a Microsoft 365 ad. Microsoft calls the new thing "Account Manager." In a nutshell, it is a flyout with your existing subscriptions, a Microsoft 365 upsell, and a few account-related notifications, like a prompt to add a backup phone number or enable OneDrive backups. There is now also a link to your Microsoft Account settings. Do you know what is not there? The Sign Out and Switch User button. Signing out of your profile now requires opening a submenu hidden behind a three-dot button. Apparently, Microsoft thinks showing your Xbox Game Pass subscription expiration date and the amount of OneDrive storage is more important than the "Sign Out" button. Okay. Here is how Microsoft describes the change: The "Lock" button also has a new home—it now sits in the power menu alongside "Shut down," "Restart," and "Sleep" options. The new "Account Manager" offers no apparent value or practicality besides making things less convenient. Subscription data and account notifications are already available on the Settings app's home page, along with various recommendations, Copilot ads, and more. And yes, build 22635.3500 has a new banner for that section as well—there is now a Game Pass "recommendation" politely suggesting that you subscribe. But if you are already a Game Pass member, it will offer you some games from the catalog. Because "discovering your next favorite game" is what people want when opening the Settings app. Source

Qualcomm has already revealed some info about the upcoming Qualcomm X Elite processor that's designed for Windows 11 PCs. However, there may be more to reveal soon. The company has released a teaser video for some kind of major Snapdragon X reveal next week. On both its X (formerly Twitter) and Instagram Snapdragon accounts, Qualcomm has posted this 15-second teaser video that's clearly related to some kind of announcement concerning the Snapdragon X series. Both posts state that the reveal will happen sometime on Wednesday, April 24. Exactly what the teaser video is referring to is still something of a mystery. Many online are speculating that these social media post may be preparing us for a release date announcement for the new Windows 11 notebooks that will have the ARM-based Snapdragon X Elite processor on board. Qualcomm has already announced back in October 2023 that the Snapdragon X Elite will be available in notebooks made by Acer, ASUS, Dell, HP, HONOR, Lenovo, Microsoft, Samsung, and Xiaomi sometime in 2024. Earlier this week, render images of an alleged Snapdragon X Elite notebook, the Lenovo Yoga Slim 7 14, hit the internet. However, it's also possible that Qualcomm is teasing us about an upcoming new processor in the Snapdragon X series family. Earlier this month, more unconfirmed rumors hit the internet that Qualcomm was working on the Snapdragon X Plus, a somewhat less powerful chip compared to the Elite processor. Of course, it's also possible that neither one of these things is what Qualcomm is teasing us about with this brief but intriguing video. Thankfully, we have less than a week before we find out what the processor company has in mind. We will report on the Qualcomm Snapdragon X news on April 24. Source

Independent movie companies have filed an updated complaint in their joint piracy liability lawsuit against Internet provider WOW!. With the addition of hundreds of new works, the potential damages are raised to well over $50 million. The update also adds two new piracy tracking companies, and doubles down on site blocking demands. Under U.S. copyright law, Internet providers must terminate the accounts of repeat infringers “in appropriate circumstances.” Many ISPs have been reluctant to take such drastic measures, which triggered a wave of copyright infringement lawsuits in recent years with WideOpenWest (WOW!) as one of the targets. The Colorado-based Internet provider was sued by a group of movie companies including Millennium Media and Voltage Pictures. The filmmakers accuse the ISP of failing to disconnect the accounts of subscribers who were repeatedly flagged for sharing copyrighted material via BitTorrent. The movie companies hold WOW! liable for these pirating activities, which could lead to millions of dollars in damages. The ISP rejects the claims and responded with a motion to dismiss, which was denied last year, and the case remains ongoing today. Multi-Million Dollar Lawsuit Expansion After the case was stalled for over a year, the movie companies requested permission to submit an amended complaint, which would add seven new plaintiffs and more than 300 new works. The proposals raised the stakes significantly. Instead of 57 works, good for maximum statutory damages of roughly $8 million, an expansion to roughly 375 works would increase the statutory maximum to $56 million. In addition to the monetary stakes, the proposed update also introduced evidence from two new third-party piracy tracking companies, Irdeto and Facterra. The initial complaint only included piracy tracking information from anti-piracy partner Maverickeye. WOW protested these additions, but the court allowed the movie companies to go ahead. This week, they filed their second amended complaint at the Colorado federal court, making the changes official. Same Claims, Higher Stakes The nature of the claims against WOW! haven’t changed. The movie companies accuse the Internet provider of contributory and vicarious copyright infringement, as well as DMCA violations. The complaint lists several examples of WOW! subscribers who, according to the referenced piracy tracking data, repeatedly shared copyright-infringing content including plaintiffs’ films. From the amended complaint WOW! purportedly received tens of thousands of infringement notices and was allegedly aware of these piracy activities. However, the ISP decided not to take any action as that could hurt its revenues, the movie companies allege. “Defendant knew that if it terminated or otherwise prevented repeat infringer subscribers from using its service to infringe, or made it less attractive for such use, Defendant would enroll fewer new subscribers, lose existing subscribers, and ultimately lose revenue,” the amended complaint reads. Redditors and Site Blocking In addition to IP-address logs and other evidence, the movie companies also cite screenshots from Reddit users who discussed WOW!’s handling of piracy notices, or its lack thereof. They suggest that this acted as a draw to potential subscribers. “The ability of subscribers ‘who want it all’ to use Defendant’s high speed service to ‘intensively upload and download’ Plaintiffs’ Works without having their services terminated despite multiple notices being sent to Defendant acts as a powerful draw for subscribers of Defendant’s service,” they write. Cited Reddit Comments Besides terminating accounts of subscribers whose connections are repeatedly used to pirate, the ISP could have taken other ‘simple’ actions as well. For example, by blocking notorious ‘pirate’ sites such as torrent sites YTS and (the now defunct) RARB. “Upon information and belief, Defendant refuses to block or limit its subscribers from accessing notorious piracy websites out of fear of losing subscriber revenue,” the complaint reads. Increased Damages and More To compensate for this wrongdoing, the plaintiffs request statutory damages up to the maximum of $150,000 per work. With roughly 375 titles in suit, damages could reach $56,250,000 for the copyright infringements alone. The DMCA violations could add millions more to this tally, the movie companies note. On top of the damages increase, the movie companies still seek far-reaching injunctive relief. They specifically request an order requiring WOW! to terminate the accounts of subscribers targeted by three unique infringement notices in three days. In addition to this mandatory three-strikes policy, WOW! should also block all alleged pirate sites listed in the USTR’s annual overview of notorious markets. This includes the likes of The Pirate Bay, FMovies, and YTS. Finally, the movie companies request an order that requires the Internet provider to disclose the identities of account holders whose accounts are flagged for copyright infringement. Needless to say, such an order would allow the companies to target the alleged pirates directly. — A copy of the movie companies’ second amended complaint, filed against WOW! at the US District Court for Colorado, is available here (pdf) Source

While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. A relatively new operation called RansomHub gained media attention this week after a BlackCat affiliate used the newer operation's data leak site to extort Change HealthCare once again. Change HealthCare allegedly already paid a ransom, which was stolen from an affiliate in an exit scam by the BlackCat/ALPHV ransomware operation. However, the affiliate behind the attack claims to have kept the stolen data and is now extorting the company again through RansomHub. So far, the Change Healthcare attack has cost UnitedHealth Group $872 million, with losses expected to continue. Another disruptive attack we learned more about this week is the Daixin operation claiming the cyberattack on Omni Hotels. This attack caused the hotel chain to shut down its IT systems, impacting reservations and requiring hotel staff to let guests into their rooms. Other attacks targeted chipmaker Nexpira, the United Nations Development Programme (UNDP), Octapharma Plasma, and the Atlantic States Marine Fisheries Commission (ASMFC). There were other cyberattacks this week, such as the one on Frontier Communications, but they have not been confirmed to be ransomware. In other news, the U.S. Justice Department charged a Moldovan national for running a large-scale botnet that infected thousands of computers and deployed ransomware. Last but not least, the FBI reported that the Akira ransomware operation had earned $42 million from 250+ victims, and HelloKitty returned, rebranding as HelloGookie. Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @BleepinComputer, @Ionut_Ilascu, @serghei, @fwosar, @LawrenceAbrams, @malwrhunterteam, @demonslay335, @Seifreed, @pcrisk, @SophosXOps, @jgreigj, @JessicaHrdcstle, @3xp0rtblog, @AShukuhi, and @vxunderground. April 15th 2024 Daixin ransomware gang claims attack on Omni Hotels The Daixin Team ransomware gang claimed a recent cyberattack on Omni Hotels & Resorts and is now threatening to publish customers' sensitive information if a ransom is not paid. Chipmaker Nexperia confirms breach after ransomware gang leaks data Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data. Ransomware gang starts leaking alleged stolen Change Healthcare data The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. New ransomware variant PCrisk found a new ransomware variant that adds the .FBIRAS extension and drops a ransom note named Readme.txt. April 16th 2024 UnitedHealth: Change Healthcare cyberattack caused $872 million loss UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February. Atlantic fisheries body confirms cyber incident after 8Base ransomware gang claims breach A fisheries management organization for the East Coast is dealing with a cyber incident following claims by a ransomware gang that it stole data. New Lethal Lock ransomware PCrisk found a ransomware that appends the .LethalLock extension and drops a ransom note named SOLUTION_NOTE.txt. New ransomware variant PCrisk found a ransomware that appends the .Senator extension and drops a ransom note named SENATOR ENCRYPTED.txt. New Chaos ransomware variant PCrisk found a new Chaos ransomware variant that appends the .DumbStackz extension and drops a ransom note named read_it.txt. New MedusaLocker ransomware variant PCrisk found a new MedusaLocker ransomware variant that appends the .repair extension and drops a ransom note named How_to_back_files.html. April 17th 2024 Moldovan charged for operating botnet used to push ransomware The U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States. ‘Junk gun’ ransomware: Peashooters can still pack a punch A Sophos X-Ops investigation finds that a wave of crude, cheap ransomware could spell trouble for small businesses and individuals – but also provide insights into threat actor career development and the wider threat landscape April 18th 2024 FBI: Akira ransomware raked in $42 million from 250+ victims According to a joint advisory from the FBI, CISA, Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments. Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers Octapharma Plasma has blamed IT "network issues" for the ongoing closure of its 150-plus centers across the US. It's feared a ransomware infection may be the root cause of the medical firm's ailment. April 19th 2024 United Nations agency investigates ransomware attack, data theft ?The United Nations Development Programme (UNDP) is investigating a cyberattack after threat actors breached its IT systems to steal human resources data. HelloKitty ransomware rebrands, releases CD Projekt and Cisco data An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks. New MedusaLocker ransomware variant PCrisk found a new MedusaLocker ransomware variant that appends the .virus3 extension and drops a ransom note named How_to_back_files.html. That's it for this week! Hope everyone has a nice weekend! Source

The study is small and imperfect but offers more data on how time-restricted diets work. Intermittent fasting, aka time-restricted eating, can help people lose weight—but the reason why may not be complicated hypotheses about changes from fasting metabolism or diurnal circadian rhythms. It may just be because restricting eating time means people eat fewer calories overall. In a randomized-controlled trial, people who followed a time-restricted diet lost about the same amount of weight as people who ate the same diet without the time restriction, according to a study published Friday in Annals of Internal Medicine. The finding offers a possible answer to a long-standing question for time-restricted eating (TRE) research, which has been consumed by small feeding studies of 15 people or fewer, with mixed results and imperfect designs. The new study—led by Nisa Marisa Maruthur, an internal medicine expert at Johns Hopkins—has its own limitations and, like any one study, isn't the last word on the matter. But "it takes us one step closer to identifying the underlying mechanisms of TRE," nutrition experts Krista Varady and Vanessa Oddo of the University of Illinois wrote in an editorial accompanying the study. "Using a controlled feeding design, Maruthur and colleagues show that TRE is effective for weight loss, simply because it helps people eat less." The study involved 41 people, 21 who followed a time-restricted diet for 12 weeks and 20 who ate a usual eating pattern (UEP). Most of the participants were Black women (93 percent) with obesity and either pre-diabetes or diet-controlled diabetes, limiting the generalizability of the findings. But the study carefully controlled what and when the participants ate; each participant got controlled meals (breakfast, lunch, dinner, and snack) with identical macro- and micro-nutrients. Each participant was assigned a calorie level for their meals based on an established, standardized equation that estimates baseline caloric need. They were told to maintain their current exercise level, which was monitored with a wrist-worn accelerometer. No magic necessary In the time-restricted group, people only ate in a 10-hour window between 8 am and 6 pm, with 80 percent of their total daily calories consumed before 1 pm. In the usual eating group, people ate between 8 am and midnight, with 55 percent of their calories eaten after 5 pm for dinner and a night-time snack. In each eating group, participants were given specific windows of a couple of hours in which they should eat each pre-made meal. The participants ate three meals each week at a research site, where dieticians addressed adherence issues, and their eating was carefully monitored with the use of food diaries and urine tests. Approximately 96 percent of people in both groups followed the schedules to within 30 minutes. Diet adherence—eating all their assigned food and not eating outside food—was also high, with 93 percent in the time-restricted group and 95 percent in the usual eating group. At the end of the 12 weeks, both groups lost about the same amount of weight, an average of around 2.4 kg (5.3 pounds), with no statistically significant difference between the two groups. The researchers also found no differences between the two groups in their glucose homeostasis, waist circumference, blood pressure, or lipid levels. "Our results indicate that when food intake is matched across groups and calories are held constant, TRE, as operationalized in our study, does not enhance weight loss," Maruthur and her colleagues concluded. The authors are upfront about the limitations of the study, though, noting that the results could have been different in different groups of people and potentially in shorter time-restricted windows, such as eight hours instead of 10. They called for more research to explore those questions. Outside experts applauded the study while also adding that it's not surprising. "The headline finding that TRE does not magically lead to more weight loss sounds sensational but is also obvious," Adam Collins, a nutrition expert at the University of Surrey, said. Naveed Sattar, a professor of cardiometabolic medicine at the University of Glasgow, called the study "well done." It "tells us what we expected—that there is nothing magical about time-restricted eating on weight change other than effects to reduce caloric intake," he said. "If time-restricted eating helps some people eat less calories than they would otherwise, great." The experts Varady and Oddo, meanwhile, see it as a boon for anyone trying to lose weight. "Many patients stop following standard-care diets (such as daily calorie restriction) because they become frustrated with having to monitor food intake vigilantly each day," they wrote in their commentary. "Thus, TRE can bypass this requirement simply by allowing participants to 'watch the clock' instead of monitoring calories while still producing weight loss." It's a "simplified" and "accessible" dietary strategy that anyone can follow, including lower-resource populations, the researchers wrote. Source

It showed up in an eBay listing; now Roddenberry's son wants to show it to fans. This mysterious model appeared on eBay with little fanfare. eBay The first-ever model of Star Trek's USS Enterprise NCC-1701 has been returned to the Roddenberry family, according to an ABC News report. The three-foot model was used to shoot the pilot and credits scene for Star Trek's original series in the 1960s and was used occasionally for shots throughout the series. (Typically, a larger, 11-foot model was used for shots after the pilot.) The model also sat on series creator Gene Roddenberry's desk for several years. It went missing in the late 1970s; historians and collectors believe it belonged to Roddenberry himself, that he lent it to a production house working on Star Trek: The Motion Picture, and that it was never returned. Its whereabouts were unknown until last fall, when a listing for a mysterious model of the Enterprise appeared on eBay. Enthusiasts analyzed the pictures in the listing and came to believe it was the long-lost three-foot production model. They contacted the seller, who quickly took down the listing. The eBay account that posted the item specialized in selling artifacts found in storage lockers that end up without an owner, either because of failure to pay or death. The model appeared in this promotional image with Roddenberry. CBS The model was turned over by the eBay seller to Texas-based Heritage Auctions. News spread that it had been discovered, and Gene Roddenberry's son, Eugene "Rod" Roddenberry, made public statements that he would like to see it returned to his family. After that, there were months of silence, and its fate was unknown—until now. Heritage Auctions announced that it had given the model to Rod Roddenberry. Details of the exchange have not been shared, but Roddenberry said he did compensate Heritage in some way. Heritage reached out directly to Roddenberry upon acquiring the object and reportedly decided to return it because it was "the right thing to do." Roddenberry said that he "felt it important to reward that and show appreciation for that" but didn't disclose a sum. Promotional images of the model with William Shatner and Leonard Nimoy. Roddenberry also revealed what he has planned for the model: He runs a group called the Roddenberry Foundation that has scanned and digitized many relics from Star Trek's ideation and production over the years, so it's likely the Foundation will get a crack at the model, too. Listing image by eBay Source

Juno captures images of Io's violence as study says it has always been that way. Ever since the Voyager mission sent home images of Jupiter's moon Io spewing material into space, we've gradually built up a clearer picture of Io's volcanic activity. It slowly became clear that Io, which is a bit smaller than Mercury, is the most volcanically active body in the Solar System, with all that activity driven by the gravitational strain caused by Jupiter and its three other giant moons. There is so much volcanism that its surface has been completely remodeled, with no signs of impact craters. A few more details about its violence came to light this week, with new images being released of the moon's features, including an island in a lake of lava, taken by the Juno orbiter. At the same time, imaging done using an Earth-based telescope has provided some indications that this volcanism has been reshaping Io from almost the moment it formed. Fiery, glassy lakes The Juno orbiter's mission is primarily focused on studying Jupiter, including the dynamics of its storms and its internal composition. But many of its orbital passes have taken it right past Io, and this week, the Jet Propulsion Laboratory released some of the best images from these flybys. They include a shot of Loki Patera, a lake of lava that has an island within it. Also featured: the impossibly sheer slopes of Io's Steeple Mountain. Looking more closely at the lake, the Juno team found that some of the areas within it were incredibly smooth, raising the possibility that obsidian glass had formed on the surface where it had cooled enough to solidify. Given the level of volcanism on Io, this may be more widespread than the Loki Patera. Volcanic ash would also create a relatively smooth surface, and is likely to be even more common, but it would have significantly different reflective properties. How long has this been going on? But we don't have to send hardware to Jupiter to learn something about Io. A US-based team got time on the Atacama Large Millimeter Array (ALMA) and used it to record emissions from atoms in Io's sparse atmosphere. By combining the imaging power of lots of smaller telescopes scattered across a plateau, ALMA is able to spot regional differences in the presence of specific elements in Io's atmosphere, as well as identify different isotopes of those elements. What can isotopes tell us? Any atoms that reach Io's upper atmosphere are at risk of being lost to space. And, because of their relative atomic weights, lighter isotopes have a higher probability of being lost. So, it's possible to compare the present ratio of elements in the atmosphere with the expected ratio, and we can make inferences about the history of loss of lighter isotopes. And, since the material is put into the atmosphere by volcanoes in the first place, that tells us something about the history of volcanism. The research team focused on two particular elements: sulfur and chlorine. Sulfur has two common non-radioactive isotopes, 32S and 34S, and chlorine, its neighbor on the periodic table, has 35Cl and 37Cl. There are differences in the ratio of these isotopes throughout the bodies of the Solar System, but those differences are generally small. And, because we think we know what sort of material contributed to the formation of Io, we can focus on the ratios found in bodies that have a similar origin. Chlorine enters the atmosphere from volcanoes primarily in the form of sodium and potassium salts. These have a very short half-life before they're split up by exposure to light and radiation. The ALMA data indicated both these chemicals were present in localized regions, likely corresponding to active volcanic plumes. The data from the chlorine isotopes were a bit noisy, so were largely used as a sanity check for the ones obtained from sulfur isotopes. Recycling sulfur Sulfur is largely in the form of oxides (SO and SO2), which are much longer lived. As a result, it's much more widely distributed in the atmosphere. There were isotope differences between the leading and trailing edge of the moon, so the researchers took the average of the two. That average showed a very large excess of the heavier sulfur isotope compared to the average seen in the Solar System. There's only one body that is anywhere close (the comet Hale-Bopp), but that's likely because the uncertainties on the comet's data are so large. There's really no way to produce that sort of excess through a single trip into the atmosphere. Instead, the authors think Io has been recycling the sulfur dioxide through the atmosphere, back to the surface, and then sending it through volcanoes into the atmosphere repeatedly. In fact, taking the current rate of mass loss, they calculate that Io's volcanism dates back to the formation of the moon, meaning it has been geologically active for its entire history. Similar calculations suggest that this rate of loss means that Io has exhausted about 95 percent of the sulfur that is available to its volcanic system. The researchers suggest that there's still going to be plenty of sulfur on the moon, most likely mixed with iron at its core. But the large depletion of the lighter isotope suggests that anything in the core isn't participating in the moon's volcanic activity. The intriguing thing about this—or at least one of them—is that it implies that Io has some system that's cycling the sulfur dioxide that erupts to the surface back into the interior of the moon where it can take part in volcanism again. There's no indication of any plate tectonics on the moon, so we don't have a clear analog for what can be driving the process on Io. Science, 2024. DOI: 10.1126/science.adj0625 (About DOIs). Source