Linux fréttir

Critical 9.8-rated vulnerability affects Windows Server 2012 - 2025

Governments and private security sleuths warned that attackers are already exploiting a critical bug in Microsoft Windows Server Update Services, shortly after Redmond pushed an emergency patch for the remote code execution (RCE) vulnerability.…

An anonymous reader quotes a report from Ars Technica: The outage that hit Amazon Web Services and took out vital services worldwide was the result of a single failure that cascaded from system to system within Amazon's sprawling network, according to a post-mortem from company engineers. [...] Amazon said the root cause of the outage was a software bug in software running the DynamoDB DNS management system. The system monitors the stability of load balancers by, among other things, periodically creating new DNS configurations for endpoints within the AWS network. A race condition is an error that makes a process dependent on the timing or sequence events that are variable and outside the developers' control. The result can be unexpected behavior and potentially harmful failures. In this case, the race condition resided in the DNS Enactor, a DynamoDB component that constantly updates domain lookup tables in individual AWS endpoints to optimize load balancing as conditions change. As the enactor operated, it "experienced unusually high delays needing to retry its update on several of the DNS endpoints." While the enactor was playing catch-up, a second DynamoDB component, the DNS Planner, continued to generate new plans. Then, a separate DNS Enactor began to implement them. The timing of these two enactors triggered the race condition, which ended up taking out the entire DynamoDB. [...] The failure caused systems that relied on the DynamoDB in Amazon's US-East-1 regional endpoint to experience errors that prevented them from connecting. Both customer traffic and internal AWS services were affected. The damage resulting from the DynamoDB failure then put a strain on Amazon's EC2 services located in the US-East-1 region. The strain persisted even after DynamoDB was restored, as EC2 in this region worked through a "significant backlog of network state propagations needed to be processed." The engineers went on to say: "While new EC2 instances could be launched successfully, they would not have the necessary network connectivity due to the delays in network state propagation." In turn, the delay in network state propagations spilled over to a network load balancer that AWS services rely on for stability. As a result, AWS customers experienced connection errors from the US-East-1 region. AWS network functions affected included the creating and modifying Redshift clusters, Lambda invocations, and Fargate task launches such as Managed Workflows for Apache Airflow, Outposts lifecycle operations, and the AWS Support Center. Amazon has temporarily disabled its DynamoDB DNS Planner and DNS Enactor automation globally while it fixes the race condition and add safeguards against incorrect DNS plans. Engineers are also updating EC2 and its network load balancer. Further reading: Amazon's AWS Shows Signs of Weakness as Competitors Charge Ahead

Read more of this story at Slashdot.

A study involving 641 participants across 10 European countries found pesticides in every silicone wristband worn for one week. Researchers at Radboud University tested for 193 pesticides and detected 173 substances. The average participant was exposed to 20 different pesticides through non-dietary sources. Non-organic farmers had the highest exposure at a median of 36 pesticides. Organic farmers and people living near farms recorded lower numbers. Consumers living far from agricultural areas had a median of 17 pesticides. The wristbands captured banned substances including breakdown products of DDT, which was prohibited decades ago, and insecticides dieldrin and propoxur. Paul Scheepers, the molecular epidemiologist who co-authored the study, said people cannot avoid exposure to pesticides in their direct environment.

Read more of this story at Slashdot.

31 alleged poker schemers nabbed alongside arrest of separate sports betting ring

The feds on Thursday charged alleged mafia associates and current and former National Basketball Association players and coaches with running rigged poker games and illegal sports betting.…

The U.S. will expand the use of facial recognition technology to track non-citizens entering and leaving the country in order to combat visa overstays and passport fraud, according to a government document published on Friday. Reuters: A new regulation will allow U.S. border authorities to require non-citizens to be photographed at airports, seaports, land crossings and any other point of departure, expanding on an earlier pilot program. Under the regulation, set to take effect on December 26, U.S. authorities could require the submission of other biometrics, such as fingerprints or DNA, it said. It also allows border authorities to use facial recognition for children under age 14 and elderly people over age 79, groups that are currently exempted. The tighter border rules reflect a broader effort by U.S. President Donald Trump to crack down on illegal immigration. While the Republican president has surged resources to secure the U.S.-Mexico border, he has also taken steps to reduce the number of people overstaying their visas.

Read more of this story at Slashdot.

Amazon Web Services basically invented the cloud computing business and once held nearly half the market. That dominance is slipping. AWS captured 38% of corporate spending on cloud infrastructure services last year, down from almost 50% in 2018, according to Gartner. Microsoft now grows its backlog of corporate sales faster than Amazon. The company that brushed aside incumbents and transformed an internal startup into Amazon's profit engine now faces internal bureaucracy that has slowed it down. Bloomberg interviewed 23 current and former AWS employees who described management layers that proliferated after a pandemic hiring binge. One sales engineer who was six managers from Jeff Bezos before the pandemic found himself fifteen rungs from CEO Andy Jassy earlier this year. AWS hesitated to invest in Anthropic when the AI startup was spending most of its cash on Amazon servers. Executives doubted the Anthropic AI could be monetized and were culturally reluctant to pay for external technology they believed could be built in-house. Google invested in early 2023. Amazon followed that September with $4 billion in commitments. On Thursday, Google said it will supply up to 1 million AI chips to Anthropic.

Read more of this story at Slashdot.

Hackers have been spreading malware through more than 3,000 YouTube videos advertising cracked software and game hacks, cybersecurity firm Check Point warned this week. The campaign, active since at least 2021, tripled its video production in 2025. The videos promoted free versions of Adobe Photoshop, FL Studio, Microsoft Office, and game cheats for titles like Roblox. Fake comments created the appearance of legitimacy, the researchers found. Users who downloaded archives from Dropbox, Google Drive, or MediaFire were instructed to disable Windows Defender before opening files. The downloads contained malware including Lumma and Rhadamanthys, which steal passwords and cryptocurrency wallet information. The hackers hijacked existing accounts and created new ones. One compromised channel with 129,000 subscribers posted a cracked Photoshop video that reached 291,000 views. Another video for FL Studio received over 147,000 views.

Read more of this story at Slashdot.

Redmond says it's fixed this particular indirect prompt injection vuln

Microsoft fixed a security hole in Microsoft 365 Copilot that allowed attackers to trick the AI assistant into stealing sensitive tenant data – like emails – via indirect prompt injection attacks.…

An anonymous reader shares a report: The first announcement that Lip-Bu Tan made a day after becoming the permanent chief executive of Intel was about massive layoffs to right-size the company in accordance with market realities. Now, the extent of those layoffs is becoming clearer, indicating Intel let go of as many as 20,500 employees in about three months. If we add 15,000 positions eliminated by the previous management, that means Intel reduced its headcount by 35,500 people in less than two years.

Read more of this story at Slashdot.