Month: May 2022

Enlarge

Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world’s biggest and most sensitive networks.

The vulnerability, which carries a 9.8 severity rating out of a possible 10, affects F5’s BIG-IP, a line of appliances that organizations use as load balancers, firewalls, and for inspection and encryption of data passing into and out of networks. There are more than 16,000 instances of the gear discoverable online, and F5 says it’s used by 48 of the Fortune 50. Given BIG-IP’s proximity to network edges and their functions as devices that manage traffic for web servers, they often are in a position to see decrypted contents of HTTPS-protected traffic.

Last week, F5 disclosed and patched a BIG-IP vulnerability that hackers can exploit to execute commands that run with root system privileges. The threat stems from a faulty authentication implementation of the iControl REST, a set of web-based programming interfaces for configuring and managing BIG-IP devices.

Enlarge / White House Coronavirus Response Coordinator Dr. Ashish Jha gestures as he speaks at a daily press conference in the James Brady Press Briefing Room of the White House on April 26, 2022 in Washington, DC. (credit: Getty | Anna Moneymaker)

The US could see a significant surge in COVID-19 cases, hospitalizations, and deaths this fall and winter unless the country prepares and acts, according to public health experts with the Biden administration.

Last week, administration officials told reporters in a background briefing that some disease models projected that the US could see 100 million coronavirus infections this winter, though there is a wide range of possibilities. The noted forecast assumed that omicron subvariants continued to be dominant in the country, rather than a dramatically different variant potentially worsening the outlook.

In an interview Sunday on ABC’s This Week, White House COVID-19 response coordinator Ashish Jha reiterated the warning of a winter surge, noting that each pandemic winter so far has included large surges, and the conditions will be prime for another this season. Protection from first and even second boosters will wane by this fall. Meanwhile, the virus will continue to evolve new variants and subvariants, and people will huddle indoors during the cold weather and end-of-year holidays.

Enlarge / The Google doodle for Russia National Day 2016. (credit: Google)

Google no longer offers paid apps or paid app updates to Russian users. A new support page—first spotted by 9to5Google—says, “Google Play is blocking the downloading of paid apps and updates to paid apps in Russia starting May 5, 2022.”

Many companies have voluntarily stopped their business in Russia in response to the invasion of Ukraine, but Google makes it clear it’s not voluntarily ending payments in the country. In March, Google said it was forced to “pause” its billing system for users “due to payment system disruption.” (The big four credit card companies voluntarily pulled out of Russia in March over the Ukraine invasion, making it basically impossible for Google to offer paid apps.) Now Google says the blocking of paid apps is “part of our compliance efforts.”

The page says “users cannot purchase apps and games, make subscription payments or conduct any in-app purchases of digital goods using Google Play in Russia.” Free apps will continue to be available, and paid apps you’ve already purchased will still be available for download and use, but any purchases will now show an error message. Subscriptions will not be able to be renewed and will be canceled. Because Google is only dealing with a lack of credit card processing, it says developer payouts to Russian developers will continue.

Enlarge (credit: BTC Keychain)

Nvidia began releasing LHR (or “Lite Hash Rate”) graphics cards last year to slow down their cryptocurrency mining performance and make them less appealing to non-gamers. Late last week, crypto-mining platform NiceHash announced that it had finally found a way around those limitations and released an update for its QuickMiner software that promises full Ethereum mining performance on nearly all of the LHR-enabled GeForce RTX 3000-series GPUs.

Unlike past attempts to disable the LHR protections, NiceHash’s workaround appears to be the real deal—Tom’s Hardware was able to confirm the performance boosts using QuickMiner and a GeForce RTX 3080 Ti.

For now, NiceHash says that the LHR workaround will only work in Windows, with “no Linux support yet.” The more flexible NiceHash Miner software doesn’t include the workarounds yet, though it will soon. NiceHash also says that the software won’t accelerate mining performance on newer GeForce cards that use version 3 of the LHR algorithm, a list that (for now) includes the RTX 3050 and the 12GB version of the RTX 3080 but which will presumably grow as Nvidia releases new GPUs and updated revisions for older GPUs.

Enlarge / Yatskov worked near Tesla’s headquarters in Fremont, California. (credit: Michael Vi / Getty)

Tesla on Friday sued a former thermal engineer for trade-secret theft. The company accused its ex-employee, Alexander Yatskov, of transferring confidential information from Tesla’s network to his personal laptop.

Yatskov was hired in January to work on Dojo, the supercomputer Tesla is building to train its self-driving software. Through its customers’ vehicles, Tesla gathers vast quantities of real-world camera data. Dojo will use this data to train the neural networks that power Autopilot, Tesla’s self-driving software.

According to Tesla, Yatskov was assigned to a team that “runs complex simulations of how different thermal designs affect heat distribution, and in turn, affect the balancing of speed, power, safety, cost and environmental concerns.”