Author: easyfilo

Enlarge

Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world’s biggest and most sensitive networks.

The vulnerability, which carries a 9.8 severity rating out of a possible 10, affects F5’s BIG-IP, a line of appliances that organizations use as load balancers, firewalls, and for inspection and encryption of data passing into and out of networks. There are more than 16,000 instances of the gear discoverable online, and F5 says it’s used by 48 of the Fortune 50. Given BIG-IP’s proximity to network edges and their functions as devices that manage traffic for web servers, they often are in a position to see decrypted contents of HTTPS-protected traffic.

Last week, F5 disclosed and patched a BIG-IP vulnerability that hackers can exploit to execute commands that run with root system privileges. The threat stems from a faulty authentication implementation of the iControl REST, a set of web-based programming interfaces for configuring and managing BIG-IP devices.

Enlarge / White House Coronavirus Response Coordinator Dr. Ashish Jha gestures as he speaks at a daily press conference in the James Brady Press Briefing Room of the White House on April 26, 2022 in Washington, DC. (credit: Getty | Anna Moneymaker)

The US could see a significant surge in COVID-19 cases, hospitalizations, and deaths this fall and winter unless the country prepares and acts, according to public health experts with the Biden administration.

Last week, administration officials told reporters in a background briefing that some disease models projected that the US could see 100 million coronavirus infections this winter, though there is a wide range of possibilities. The noted forecast assumed that omicron subvariants continued to be dominant in the country, rather than a dramatically different variant potentially worsening the outlook.

In an interview Sunday on ABC’s This Week, White House COVID-19 response coordinator Ashish Jha reiterated the warning of a winter surge, noting that each pandemic winter so far has included large surges, and the conditions will be prime for another this season. Protection from first and even second boosters will wane by this fall. Meanwhile, the virus will continue to evolve new variants and subvariants, and people will huddle indoors during the cold weather and end-of-year holidays.

Enlarge / The Google doodle for Russia National Day 2016. (credit: Google)

Google no longer offers paid apps or paid app updates to Russian users. A new support page—first spotted by 9to5Google—says, “Google Play is blocking the downloading of paid apps and updates to paid apps in Russia starting May 5, 2022.”

Many companies have voluntarily stopped their business in Russia in response to the invasion of Ukraine, but Google makes it clear it’s not voluntarily ending payments in the country. In March, Google said it was forced to “pause” its billing system for users “due to payment system disruption.” (The big four credit card companies voluntarily pulled out of Russia in March over the Ukraine invasion, making it basically impossible for Google to offer paid apps.) Now Google says the blocking of paid apps is “part of our compliance efforts.”

The page says “users cannot purchase apps and games, make subscription payments or conduct any in-app purchases of digital goods using Google Play in Russia.” Free apps will continue to be available, and paid apps you’ve already purchased will still be available for download and use, but any purchases will now show an error message. Subscriptions will not be able to be renewed and will be canceled. Because Google is only dealing with a lack of credit card processing, it says developer payouts to Russian developers will continue.