Month: January 2024
‘Palworld’ Pokémon Modder Tests the Limits of Nintendo’s Legal Reach
YouTuber ToastedShoes had his Pokémon mod of Palworld taken down. Now he’s back with a new mod with “legally distinct” creatures—for as long as it lasts.
YouTuber ToastedShoes had his Pokémon mod of Palworld taken down. Now he’s back with a new mod with “legally distinct” creatures—for as long as it lasts.
VPN users beware — security flaws are being exploited to spread dangerous malware
Ivanti VPN tools are being abused to drop malware and in some cases even cryptominers.
Users of Ivanti’s Connect Secure (ICS) virtual private network (VPN) devices beware – the solutions carry two high severity vulnerabilities that are being chained together to deliver the Silver malware.
First things first – the two vulnerabilities being abused here are tracked as CVE-2023-46805, and CVE-2024-21887. The former carries a severity score of 8.2, while the latter 9.1. Researchers from Volexity first spotted these two being abused in early December 2023, claiming that Chinese state-sponsored threat actors abused them as zero-days.
Now, some hacking collectives seem to be using the flaws to first deliver KrustyLoader, a payload dropper built in Rust. Synacktiv researchers are saying that KrustyLoader’s goal is to download Sliver from a remote server and run it on the compromised endpoint. Sliver, on the other hand, is an open-source, cross-platform post-exploitation framework built in the Go language. Some use it as an alternative to Cobalt Strike, it was said.
More bugs to patch
It first emerged in mid-2022, when BleepingComputer reported of hackers “dumping the Cobalt Strike penetration testing suite in favor of similar frameworks that are less known.” These include not just Sliver, but also Brute Ratel, Viper, Meterpreter, and Havoc. Apparently, hackers started ditching Cobalt Strike due to stronger defenses being set up by their targets. Sliver was developed by a cybersecurity firm called BishopFox.
The patch for the two flaws is not yet available, it was said, but Ivanti did release a temporary mitigation solution via an XML file.
Besides Sliver, some hackers are apparently using these vulnerabilities to install XMRig on the vulnerable endpoints. XMRig is a cryptojacker that “hijacks” the device’s computing power and quietly mines the Monero cryptocurrency for the attackers. “Quietly” being a stretch, however, as miners take up so much computing power that it’s hard not to see the device performing poorly.
Via The Hacker News
More from TechRadar Pro
GitLab users told to install emergency security fix immediatelyHere’s a list of the best firewalls around todayThese are the best endpoint security tools right now
Earplugs Aren’t Just for Hearing Protection: 5 Health Benefits to Know – CNET
Plugs can help keep your ears safe from loud noise, but they can also have other upsides for your health.
Plugs can help keep your ears safe from loud noise, but they can also have other upsides for your health.
California And Big Oil Are Splitting After Century-Long Affair
It is the end of an era for Big Oil in California, as the most populous U.S. state divorces itself from fossil fuels in its fight against climate change. From a report: California’s oil output a century ago amounted to it being the fourth-largest crude producer in the U.S., and spawned hundreds of oil drillers, including some of the largest still in existence. Oil led to its car culture of iconic highways, drive-in theaters, banks and restaurants that endures today. On Friday, however, the marriage will officially end. The two largest U.S. oil producers, Exxon Mobil and Chevron will formally disclose a combined $5 billion writedown of California assets when they report fourth-quarter results.
“They are definitely getting a divorce,” said Jamie Court, president of advocacy group Consumer Watchdog, which said the companies long ago stopped investing in California production, and now want to hive off their old wells there. “They’ve been separated for more than a decade, now they are just signing the papers,” he said. Exxon Mobil last year exited onshore production in the state, ending a 25-year-long partnership with Shell when they sold their joint-venture properties. The state’s regulatory environment has impeded efforts to restart offshore production, Exxon said this month, leading to an exit that includes financing a Texas company’s purchase of its offshore properties. The No.1 U.S. oil producer’s asset writedown will cost about $2.5 billion and officially end five decades of oil production off the coast of Southern California.
Read more of this story at Slashdot.
It is the end of an era for Big Oil in California, as the most populous U.S. state divorces itself from fossil fuels in its fight against climate change. From a report: California’s oil output a century ago amounted to it being the fourth-largest crude producer in the U.S., and spawned hundreds of oil drillers, including some of the largest still in existence. Oil led to its car culture of iconic highways, drive-in theaters, banks and restaurants that endures today. On Friday, however, the marriage will officially end. The two largest U.S. oil producers, Exxon Mobil and Chevron will formally disclose a combined $5 billion writedown of California assets when they report fourth-quarter results.
“They are definitely getting a divorce,” said Jamie Court, president of advocacy group Consumer Watchdog, which said the companies long ago stopped investing in California production, and now want to hive off their old wells there. “They’ve been separated for more than a decade, now they are just signing the papers,” he said. Exxon Mobil last year exited onshore production in the state, ending a 25-year-long partnership with Shell when they sold their joint-venture properties. The state’s regulatory environment has impeded efforts to restart offshore production, Exxon said this month, leading to an exit that includes financing a Texas company’s purchase of its offshore properties. The No.1 U.S. oil producer’s asset writedown will cost about $2.5 billion and officially end five decades of oil production off the coast of Southern California.
Read more of this story at Slashdot.
The creators of Twitterrific are making an app to read (almost) anything on the web
Iconfactory
After nearly 16 years in operation, Twitterrific was abruptly deactivated last year during Twitter’s unceremonious purging of third-party apps. Now, the app’s developer Iconfactory is raising funds on Kickstarter to create Project Tapestry, a new internet reader for the publicly accessible web. The iOS app will serve as a “universal, chronological timeline,” pulling from federated social media networks like Mastodon and Bluesky, as well as Tumblr, Micro.blog, and any RSS feed. It’ll also be able to access governmental data sources, such as National Oceanic and Atmospheric Administration (NOAA) satellite imagery and US Geological Survey (USGS) earthquake data.
Because Tapestry (which will be the app’s official name) will let anyone create their own data source plug-in, the options are almost endless: “We started experimenting with ways to accommodate all these new sources of information and landed on API that is based on JavaScript. It can work with anything that has an IP address and data that’s accessible with HTTP,” wrote lead developer Craig Hockenberry in an email to The Verge. Project Tapestry has also created tools that let developers make their own plug-ins, and Hockenberry says the team is confident the app can work for a number of different purposes.
It might not always look pretty, he noted. “The hard part is to put it all into a product that’s intuitive and beautiful where the plumbing isn’t a focus.”
But there is one big part of the internet that Tapestry won’t be able to access, and this is the locked-in world of centralized platforms like Meta, Instagram, X, and even Threads (which is still working on ActivityPub integration). Moreover, the app is truly meant to be an internet reader — so while users can view posts, they won’t be able to create or reply to them.
Project Tapestry’s Kickstarter has already raised over $70,000, and the developers hope to reach their goal of $100,000 to start building. At $150,000, Iconfactory will be able to add additional features like muting, bookmarking, filtering, and search.
Iconfactory notes it will take anywhere between nine to 12 months to complete the app after it hits its fundraising goal. But it also warns in its Kickstarter description that Apple may pose an additional hurdle. “The primary risk to the project is Apple’s app review process. Since this is an iOS app, it will be subject to their review and approval, and it will be their decision whether or not to allow it in the App Store.”
Iconfactory
After nearly 16 years in operation, Twitterrific was abruptly deactivated last year during Twitter’s unceremonious purging of third-party apps. Now, the app’s developer Iconfactory is raising funds on Kickstarter to create Project Tapestry, a new internet reader for the publicly accessible web. The iOS app will serve as a “universal, chronological timeline,” pulling from federated social media networks like Mastodon and Bluesky, as well as Tumblr, Micro.blog, and any RSS feed. It’ll also be able to access governmental data sources, such as National Oceanic and Atmospheric Administration (NOAA) satellite imagery and US Geological Survey (USGS) earthquake data.
Because Tapestry (which will be the app’s official name) will let anyone create their own data source plug-in, the options are almost endless: “We started experimenting with ways to accommodate all these new sources of information and landed on API that is based on JavaScript. It can work with anything that has an IP address and data that’s accessible with HTTP,” wrote lead developer Craig Hockenberry in an email to The Verge. Project Tapestry has also created tools that let developers make their own plug-ins, and Hockenberry says the team is confident the app can work for a number of different purposes.
It might not always look pretty, he noted. “The hard part is to put it all into a product that’s intuitive and beautiful where the plumbing isn’t a focus.”
But there is one big part of the internet that Tapestry won’t be able to access, and this is the locked-in world of centralized platforms like Meta, Instagram, X, and even Threads (which is still working on ActivityPub integration). Moreover, the app is truly meant to be an internet reader — so while users can view posts, they won’t be able to create or reply to them.
Project Tapestry’s Kickstarter has already raised over $70,000, and the developers hope to reach their goal of $100,000 to start building. At $150,000, Iconfactory will be able to add additional features like muting, bookmarking, filtering, and search.
Iconfactory notes it will take anywhere between nine to 12 months to complete the app after it hits its fundraising goal. But it also warns in its Kickstarter description that Apple may pose an additional hurdle. “The primary risk to the project is Apple’s app review process. Since this is an iOS app, it will be subject to their review and approval, and it will be their decision whether or not to allow it in the App Store.”
Google earnings: 100 million Google One subscribers, Google Cloud profits
We highlight the interesting numbers from Google’s earnings call.
Alphabet’s earnings call was yesterday, and as usual, the company took in a lot of money ($86.31 billion), thanks mostly to ad click-through rates being at a certain level. More interesting, though, are the product numbers tucked away in the report.
For the good news, a big announcement was the success of one of Google’s biggest subscription plans, Google One, which CEO Sundar Pichai said is “just about to cross 100 million subscribers.” Google One is mostly a cloud-storage plan for Google accounts, allowing users to pay a monthly fee to get more than the 15GB of Drive and Gmail storage that comes free with a Google account. Pichai says the company’s whole subscription business—which is going to be Google One (storage), Google Workspace (business accounts), YouTube Premium (ad-free YouTube), and YouTube TV (a cable TV alternative)—are up to $5 billion in annual revenue. That’s up fivefold since 2019.
Speaking of subscriptions, one of Google’s most expensive, the $350-a-year NFL Sunday Ticket, didn’t have any hard numbers associated with it. Google SVP and CBO Philipp Schindler said the company was “pleased with the NFL Sunday Ticket signups in our first season.” Sunday Ticket was always a money-loser for DirecTV, and that was before the price shot up half a billion in the streaming era. Google is now reportedly on the hook to pay the NFL $2 billion a year for the next seven years. When asked about a return on investment for the project, Schindler only cited “solid” advertiser interest and that “NFL Sunday Ticket supports our long-term strategy and really helps solidify YouTube’s position as a must-have app on everyone’s TV set.”