GitHub Warns Java Developers of New Malware Poisoning NetBeans Projects

GitHub issued a security alert Thursday warning about new malware spreading on its site via boobytrapped Java projects, ZDNet reports: The malware, which GitHub's security team has named Octopus Scanner, has been found in projects managed using the Apache NetBeans IDE (integrated development environment), a tool used to write and compile Java applications. GitHub said it found 26 repositories uploaded on its site that contained the Octopus Scanner malware, following a tip it received from a security researcher on March 9. But the article adds GitHub "believes that many more projects have been infected during the past two years." GitHub says that when other users would download any of the 26 projects, the malware would behave like a self-spreading virus and infect their local computers. It would scan the victim's workstation for a local NetBeans IDE installation, and proceed to burrow into the developer's other Java projects. The malware, which can run on Windows, macOS, and Linux, would then download a remote access trojan (RAT) as the final step of its infection, allowing the Octopus Scanner operator to rummage through an infected victim's computer, looking for sensitive information. GitHub says the Octopus Scanner campaign has been going on for years, with the oldest sample of the malware being uploaded on the VirusTotal web scanner in August 2018, time during which the malware operated unimpeded. Read more of this story at Slashdot.
2020-05-30 19:45:01 preview's
Study: classic Hollywood’s studio system gave rise to sharp gender disparity

The post-system presence of more female producers, directors helped break the cycle.
2020-05-30 18:45:03 preview's
Google Says It Inadvertently Removed Ability To Visit URLs From 'Image Search' AMP Pages

DevNull127 writes: Wednesday someone calling themself "Zenexer" complained on Twitter that Google "appears to be phasing out the ability to visit the original URL from an AMP page. Tapping the info icon in the top left used to provide the option to visit the real URL. Currently only an issue in Image Search." "This is an oversight," tweeted Malte Ubl, the Google software engineer who created AMP (and a member of its Technical Steering Committee), citing a conversation he'd had with the Image Search team, who said they'd be adding back the feature soon. "Sorry about that and thanks for the report!" When asked about a timeline for a possible fix, he responded "Sorry, no way to do it in fewer than a couple days." Read more of this story at Slashdot.
2020-05-30 18:45:03 preview's
Eight Amazon Workers Have Now Died from Covid-19

The Los Angeles Times tells the story of 63-year-old Harry Sentoso, an Amazon warehouse worker who was called back to work on March 29th -- and died two weeks later of Covid-19. Across the country, Amazon workers have documented more than 1,000 cases among warehouse workers as of May 20, and 7 deaths. Sentoso is the eighth.... The company has put new measures in place to make its warehouses safer for employees, but the number of cases at its facilities keeps rising... Amazon also fired two tech workers who had publicly criticized safety and working conditions at the company's warehouses... The week before Sentoso died, the company began requiring employees to wear masks on site, and started checking the temperature of workers before they could enter. It began requiring employees to stay six feet apart in late March, and staggered shifts and canceled in-person meetings to make that easier. The company has increased the frequency of cleaning and disinfecting in warehouses as well, and began spraying down whole facilities with disinfectant fogs in mid-April. But [the late Harry Sentoso's son] Evan, and a contingent of Amazon workers across the country, don't think that those measures are enough. Hundreds of workers at Amazon's facilities in Hawthorne and Eastvale, in Riverside County, have signed and submitted petitions asking the company to close the facilities for two weeks after infections for thorough cleaning and send workers home with quarantine pay. Following worker complaints compiled by the Warehouse Workers Resource Center, Cal OSHA has also launched investigations into both facilities... The call for a shutdown has been especially loud at warehouses in Pennsylvania and New York that have become coronavirus hotspots, with more than 60 reported cases at each before the company stopped updating the tally even to local employees. Read more of this story at Slashdot.
2020-05-30 17:45:02 preview's
NASA and SpaceX Make History with Successful Crew Dragon Launch!

NASA and SpaceX made history today with the launch of second demonstration flight of the Crew Dragon (Demo-2), which signalled the restoration of the US' domestic launch capability! The post NASA and SpaceX Make History with Successful Crew Dragon Launch! appeared first on Universe Today.
2020-05-30 17:00:02 preview's
Cisco Discloses Security Breach That Impacted VIRL-PE Infrastructure

Thursday Cisco disclosed a security breach that impacted a small part of its backend infrastructure and two of its commercial products also bundling the SaltStack software package as part of their firmware. ZDNet reports: Cisco said that hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers... The six servers provide the backend infrastructure for VIRL-PE (Internet Routing Lab Personal Edition), a Cisco service that lets users model and create virtual network architectures to test network setups before deploying equipment in real situations. "Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised," the company said Thursday. Cisco said it patched and remediated all hacked VIRL-PE servers on May 7, when it deployed updates for the SaltStack software. However, the issue isn't localized to Cisco's backend infrastructure alone. Cisco says that two of its commercial products also bundle the SaltStack software package as part of their firmware. These are the aforementioned Cisco VIRL-PE, and Cisco Modeling Labs Corporate Edition (CML), another network modeling tool. Both VIRL-PE and CML can be used in Cisco-hosted and on-premise scenarios. In case companies use the two products on location, Cisco says CML and VIRL-PE need to be patched. Read more of this story at Slashdot.
2020-05-30 16:45:03 preview's
Tunguska Meteor That Blasted Millions of Trees in 1908 Might Have Returned To Space

schwit1 quotes A new explanation for a massive blast over a remote Siberian forest in 1908 is even stranger than the mysterious incident itself. Known as the Tunguska event, the blast flattened more than 80 million trees in seconds, over an area spanning nearly 800 square miles (2,000 square kilometers) — but left no crater. A meteor that exploded before hitting the ground was thought by many to be the culprit. However, a comet or asteroid would likely have left behind rocky fragments after blowing up, and no "smoking gun" remnants of a cosmic visitor have ever been found. Now, a team of researchers has proposed a solution to this long-standing puzzle: A large iron meteor hurtled toward Earth and came just close enough to generate a tremendous shock wave. But the meteor then curved away from our planet without breaking up, its mass and momentum carrying it onward in its journey through space. Read more of this story at Slashdot.
2020-05-30 16:00:03 preview's
SpaceX Launched Two Astronauts—Changing Spaceflight Forever

The test mission will clear the way for regular crewed launches from the United States for the first time in nearly a decade.
2020-05-30 15:30:02 preview's
An advanced and unconventional hack is targeting industrial firms

Steganography? Check? Living off the land? Yep. Triple-encoded payloads? Uh-huh.
2020-05-30 12:30:03 preview's
Turns Out 4 ‘Blank’ Dead Sea Scrolls Actually Have Text

A new analysis revealed what scientists believe is a passage from the book of Ezekiel.
2020-05-30 10:15:02