Linux fréttir

One gives root access, the other lets you steal info and reconfig nodes, in the right (or should that be wrong) circumstances

Cisco has fixed two critical vulnerabilities in its Identity Services Engine (ISE) that could allow an authenticated remote attacker to execute arbitrary commands as root or access sensitive information, modify configurations, and reload affected devices.…

An anonymous reader quotes a report from Ars Technica: Robocallers posing as employees of the Federal Communications Commission made the mistake of trying to scam real employees of the FCC, the FCC announced yesterday. "On the night of February 6, 2024, and continuing into the morning of February 7, 2024, over a dozen FCC staff and some of their family members reported receiving calls on their personal and work telephone numbers," the FCC said. The calls used an artificial voice that said, "Hello [first name of recipient] you are receiving an automated call from the Federal Communications Commission notifying you the Fraud Prevention Team would like to speak with you. If you are available to speak now please press one. If you prefer to schedule a call back please press two." You may not be surprised to learn that the FCC does not have any "Fraud Prevention Team" like the one mentioned in the robocalls, and especially not one that demands Google gift cards in lieu of jail time. "The FCC's Enforcement Bureau believes the purpose of the calls was to threaten, intimidate, and defraud," the agency said. "One recipient of an imposter call reported that they were ultimately connected to someone who 'demand[ed] that [they] pay the FCC $1,000 in Google gift cards to avoid jail time for [their] crimes against the state.'" The FCC said it does not "publish or otherwise share staff personal phone numbers" and that it "remains unclear how these individuals were targeted." Obviously, robocallers posing as FCC employees probably wouldn't intentionally place scam calls to real FCC employees. But FCC employees are just as likely to get robocalls as anyone else. This set of schemers apparently only made about 1,800 calls before their calling accounts were terminated. The FCC described the scheme yesterday when it announced a proposed fine of $4,492,500 against Telnyx, the voice service provider accused of carrying the robocalls. The FCC alleges that Telnyx violated "Know Your Customer (KYC)" rules by providing access to calling services without verifying the customers' identities. When contacted by Ars today, Telnyx denied the FCC's allegations and said it will contest the proposed fine.

Read more of this story at Slashdot.

Workday is cutting about 8.5% of its workforce, making it the latest technology company to begin 2025 with headcount reductions. From a report: The cuts will amount to about 1,750 workers, Chief Executive Officer Carl Eschenbach wrote in a note to employees Wednesday. "The environment we're operating in today demands a new approach, particularly given our size and scale," he wrote. Workday intends to hire in strategic areas such as AI, allow faster decision-making, and take on more people overseas, Eschenbach wrote. This will advance the company's "ongoing focus on durable growth," Workday said in a filing Wednesday. Shares of Workday jumped more than 5% on the news.

Read more of this story at Slashdot.

Kaspersky researchers have discovered malware hiding in both Google Play and Apple's App Store that uses optical character recognition to steal cryptocurrency wallet recovery phrases from users' photo galleries. Dubbed "SparkCat" by security firm ESET, the malware was embedded in several messaging and food delivery apps, with the infected Google Play apps accumulating over 242,000 downloads combined. This marks the first known instance of such OCR-based spyware making it into Apple's App Store. The malware, active since March 2024, masquerades as an analytics SDK called "Spark" and leverages Google's ML Kit library to scan users' photos for wallet recovery phrases in multiple languages. It requests gallery access under the guise of allowing users to attach images to support chat messages. When granted access, it searches for specific keywords related to crypto wallets and uploads matching images to attacker-controlled servers. The researchers found both Android and iOS variants using similar techniques, with the iOS version being particularly notable as it circumvented Apple's typically stringent app review process. The malware's creators appear to be Chinese-speaking actors based on code comments and server error messages, though definitive attribution remains unclear.

Read more of this story at Slashdot.

Here's hoping freeze-dried Polish dumplings are just as good as ones freshly fried in butter

When Axiom Space's fourth mission to the International Space Station arrives in orbit this spring it'll include Poland's second-ever astronaut, who will bring an essential comfort from home: Pierogi.…

Software developer and prolific blogger Herman Ounapuu, writing in a blog post: I liked Ubuntu. For a very long time, it was the sensible default option. Around 2016, I used the Ubuntu GNOME flavor, and after they ditched the Unity desktop environment, GNOME became the default option. I was really happy with it, both for work and personal computing needs. Estonian ID card software was also officially supported on Ubuntu, which made Ubuntu a good choice for family members. But then something changed. Ounapuu recounts how Ubuntu's bi-annual long-term support releases consistently broke functionality, from minor interface glitches to catastrophic system failures that left computers unresponsive. His breaking point came after multiple problematic upgrades affecting family members' computers, including one that rendered a laptop completely unusable during an upgrade from Ubuntu 20.04 to 22.04. Another incident left a relative's system with broken Firefox shortcuts and duplicate status bar icons after updating Lubuntu 18.04. Canonical's aggressive push of Snap packages has drawn particular criticism. The forced migration of system components from traditional Debian packages to Snaps resulted in compatibility issues, broken desktop shortcuts, and government ID card authentication failures. In one instance, he writes, a Snap-related bug in the GNOME desktop environment severely disrupted workplace productivity, requiring multiple system restarts to resolve. The author has since switched to Fedora, praising its implementation of Flatpak as a superior alternative to Snaps.

Read more of this story at Slashdot.

Nothing to see here, just a 'special government employee' doing his job

The US Treasury Department has assured Congress that a "special government employee" associated with Elon Musk's Department of Government Efficiency (DOGE) has just "read-only" access to vital federal government payment systems that disburse trillions of dollars annually.…

An anonymous reader shares a report: Nissan looks set to step back from merger talks with rival Honda, two sources said on Wednesday, calling into question a $60 billion tie-up to create the world's no.3 automaker and potentially leaving Nissan to drive its turnaround alone. Talks between the two Japanese automakers have been complicated by growing differences, according to multiple people familiar with the matter. Reuters reported earlier that Nissan could call off talks after Honda sounded it out about becoming a subsidiary. Nissan baulked as this was a departure from what was originally framed as a merger of equals, one of the people said.

Read more of this story at Slashdot.

Scientists are making significant advances in developing artificial blood substitutes, with two promising approaches emerging in 2025, the New Yorker reports. At the University of Maryland School of Medicine's Center for Blood Oxygen Transport and Hemostasis, researchers are testing ErythroMer, a synthetic nanoparticle that mimics red blood cells' oxygen-carrying capabilities. Simultaneously, the UK's National Health Service is conducting the first human trials of lab-grown blood cells. These developments address critical blood shortages - of the 38% of Americans eligible to donate, less than 3% do so regularly. Traditional donated blood also has significant limitations: platelets last only 5 days, red blood cells 42 days, and all require careful refrigeration and blood-type matching. DARPA awarded $46 million in early 2023 to develop ErythroMer, seeing potential for battlefield medicine where traditional blood storage isn't feasible. The synthetic blood can be stored as a powder and reconstituted when needed. There are still a lot of challenges, the report adds. The lab-grown blood currently costs about $75,000 per syringe compared to around $200 for a pint of donated blood, and production is limited to small quantities.

Read more of this story at Slashdot.

Fall in line with executive policy or you're gone, acting OPM chief insists

Chief Information Officers across the US federal government face increased job uncertainty as the Trump administration recommends agencies reclassify these positions, potentially making them political appointees.…

Microsoft will charge commercial customers $61 per device in the first year to continue receiving Windows 10 security updates after support ends, The Register wrote in a PSA note Wednesday, citing text, with costs doubling each subsequent year for up to three years. Organizations can't skip initial years to save money, as the updates are cumulative. Some users may avoid fees if they connect Windows 10 endpoints to Windows 365 Cloud PCs. The program also covers Windows 10 virtual machines running on Windows 365 or Azure Virtual Desktop for three years with an active Windows 365 subscription.

Read more of this story at Slashdot.

Bezos' rocketeers tout capability as useful for NASA and other tech providers

Blue Origin has sent its reusable New Shepard rocket on another suborbital lob, this time simulating lunar gravity for capsule payloads.…

Since November, British telecom O2 has deployed an AI chatbot masquerading as a 78-year-old grandmother to waste scammers' time. The bot, named Daisy, engages fraudsters by discussing knitting patterns, recipes, and asking about tea preferences while feigning computer illiteracy. The Guardian has an update this week: In tests over several weeks, Daisy has kept individual scammers occupied for up to 40 minutes, with one case showing her being passed between four different callers. An excerpt from the story: "When a third scammer tries to get her to download the Google Play Store, she replies: 'Dear, did you say pastry? I'm not really on the right page.' She then complains that her screen has gone blank, saying it has 'gone black like the night sky'."

Read more of this story at Slashdot.

Google parent Alphabet plans to spend $75 billion on capital expenditures in 2025, up from $52.5 billion last year, as it races to compete with Microsoft and Meta in AI infrastructure. CNBC: On its earnings call, Alphabet said it expects $16 billion to $18 billion of those expenses to come in the first quarter. Overall, the expenditures will go toward "technical infrastructure, primarily for servers, followed by data centers and networking," finance chief Anat Ashkenazi said. [...] Alphabet and its megacap tech rivals are rushing to build out their data centers with next-generation AI infrastructure, packed with Nvidia's graphics processing units, or GPUs. Last month, Meta said it plans to invest $60 billion to $65 billion this year as part of its AI push. Microsoft has committed to $80 billion in AI-related capital expenditures in its current fiscal year.

Read more of this story at Slashdot.

International security squads all focus on stopping baddies busting in through routers, IoT kit etc

Netgear is advising customers to upgrade their firmware after it patched two critical vulnerabilities affecting multiple routers.…

A developer has successfully run the classic video game Doom on Apple's $50 Lightning to HDMI adapter, exploiting the device's built-in system-on-chip that runs a simplified iOS version.

Read more of this story at Slashdot.

It looks like you want to irritate Windows users. Do you want some help with that?

There are some things that can't be unseen, including Microsoft posting a hand-drawn image of the company's infamous assistant, Clippy, on social media.…

Temperatures at the north pole soared more than 20C above average on Sunday, crossing the threshold for ice to melt. From a report: Temperatures north of Svalbard in Norway had already risen to 18C hotter than the 1991-2020 average on Saturday, according to models from weather agencies in Europe and the US, with actual temperatures close to ice's melting point of 0C. By Sunday, the temperature anomaly had risen to more than 20C. "This was a very extreme winter warming event," said Mika Rantanen, a scientist at the Finnish Meteorological Institute. "Probably not the most extreme ever observed, but still at the upper edge of what can happen in the Arctic." Burning fossil fuels has heated the planet by about 1.3C since preindustrial times, but the poles are warming much faster as reflective sea ice melts. The increase in average temperatures has driven an increase in fiercely hot summers and unsettlingly mild winters.

Read more of this story at Slashdot.

China's antitrust watchdog is laying the groundwork for a potential probe into Apple's policies and the fees it charges app developers, part of a broader push by Beijing that risks becoming another flashpoint in the country's trade war with the US. From a report: The State Administration for Market Regulation is examining Apple's policies, which include taking a cut of as much as 30% on in-app spending and barring external payment services and stores, people familiar with the matter said. Agency officials have spoken with Apple executives and app developers since last year, said the people, who asked for anonymity to discuss sensitive moves. The conversations stem from long-running disputes between Apple and developers such as Tencent and ByteDance over iOS store policies -- a source of tension between the US company and regulators worldwide. While Beijing has since 2024 targeted the practices of US tech firms from Nvidia to most recently Alphabet's Google, regulators may not formally move against Apple if the current conversations go well.

Read more of this story at Slashdot.

Radiation-hardening for space environments and energy efficiency tweaks for above and below

Los Alamos National Laboratory (LANL) is leading a project to transform how chips are designed and manufactured, to make them more energy efficient and able to better tolerate environmental conditions such as radiation.…