A new report from the threat research firm Recorded Future finds that activity from APT33—the Iranian "threat group" previously tied to the Shamoon wiper attack and other Iranian cyber-espionage and destructive malware attacks—has risen dramatically, with the organization creating over 1,200 domains for use in controlling and spreading malware. The research, conducted by Recorded Future's Insikt Group threat intelligence service, found with some confidence that individuals tied to APT33 (also known as "Elfin") had launched attacks on multiple Saudi companies, including two healthcare organizations—as well as an Indian media company and a "delegation from a diplomatic institution."
The majority of these attacks have involved "commodity" malware—well-known remote access tools (RATs). According to the report:
APT33, or a closely aligned threat actor, continues to control C2 domains in bulk. Over 1,200 domains have been in use since March 28, 2019, alone. Seven hundred twenty-eight of these were identified communicating with infected hosts. Five hundred seventy-five of the 728 domains were observed communicating with hosts infected by one of 19 mostly publicly available RATs. Almost 60% of the suspected APT33 domains that were classified to malware families related to njRAT infections, a RAT not previously associated with APT33 activity. Other commodity RAT malware families, such as AdwindRAT and RevengeRAT, were also linked to suspected APT33 domain activity.
After Symantec revealed much of the infrastructure used by APT33 in March, the Iranian group parked a majority of its existing domains and registered over 1,200 new ones—with only a few remaining active. In addition to the collection of RATs, about a quarter of the domains are tied to unknown activity—and a half-percent are connected to StoneDrill, the upgraded Shamoon wiper first seen in 2017.
Verizon yesterday received the government's permission to lock handsets to its network for 60 days after each device's activation, despite open-access rules that apply to one of Verizon's key spectrum licenses.
The Federal Communications Commission waiver approval said 60-day locks will "allow Verizon to better combat identity theft and other forms of handset-related fraud."
Verizon generally sells its phones unlocked, meaning they can be used on any carrier's network as long as the device and network are compatible with each other. This is largely because of rules the FCC applied to 700MHz spectrum that Verizon bought at auction in 2008. The 700MHz spectrum rules say that a license holder may not "disable features on handsets it provides to customers... nor configure handsets it provides to prohibit use of such handsets on other providers' networks."
Coming up with something new to say about the annual update to a franchised sports game is probably almost as hard as being one of the developers who has to come up with something new to put in the game. Which is my inelegant way of saying that Codemasters' newest Formula 1 racing game, F1 2019, is here.
I don't envy the job of Lee Mather and his team at Codemasters. F1 2017 was a great racing game. F1 2018 was an extremely great racing game—and a wonderful interactive textbook focused on the evolution of Formula 1 cars from the early 1970s through today (as good a sequel to LJK Setright's excellent The Grand Prix Car, 1954-1966 as we're ever likely to see, but in video game form). Happily, F1 2019 is no turkey, adding enough that's new to make the game a worthwhile upgrade for the F1 fan.
The most immediately noticeable change is the inclusion of Formula 2. This, as the name suggests, is the feeder series into F1—the sport's version of baseball's farm teams or college football and basketball. As you fire up the game for the first time and start your career mode, you'll be faced with a series of different challenges as a young F2 driver hoping to move up to the big show. How you perform in these—working as a team player, dealing with a noxious rival, coping with adversity during a race—all influences the RPG elements of the game, which were first introduced in last year's installment.
Just over six years ago, when researchers at Harvard announced that they had made tiny flying robots, they immediately began talking about the prospect of their tiny creations operating autonomously in complicated environments. That seemed wildly optimistic, given that the robots flew by trailing a set of copper wires that brought power and control instructions; the robots were guided by a computer that monitored their positions using a camera.
Since then, however, the team has continued working on refining the tiny machines, giving them enhanced landing capabilities, for example. And today, the team is announcing the first demonstration of self-powered flight. The flight is very short and isn't self-controlled, but the tiny craft manages to carry both the power supply circuitry and its own power source.A matter of miniaturization
There are two approaches to miniaturization, which you can think of as top-down and bottom-up. From the top-down side, companies are shrinking components and cutting weight to allow ever smaller versions of quadcopter drones to fly, with some now available that weigh as little as 10 grams. But this type of hardware faces some hard physical limits that are going to limit how much it could shrink. Batteries, for example, end up with more of their mass going to packaging and support hardware rather than charge storage. And friction begins to play a dominant role in the performance of the standard rotating motors.
With the long-running trade war between the United States and China continuing to escalate, the Trump administration is now threatening to institute a 25% tariff on an additional $300 billion in goods from the country, a move that would cover almost all Chinese exports. In light of that threat, Nintendo, Microsoft, and Sony issued a letter today asking the administration to exempt video game consoles from any such tariff plans.
The seven-page letter, signed by the business affairs VPs of the three major console makers, argues that any tax on game console imports would "injure consumers, video game developers, retailers, and console manufacturers; put thousands of high-value, rewarding U.S. jobs at risk; and stifle innovation in our industry and beyond."
Since game consoles are sold at or slightly above the cost of manufacture, the cost of any import tariff would have to be passed directly on to "extremely price sensitive" consumers, the letter argues. "A price increase of 25% will likely put a new video game console out of reach for many American families who we expect to be in the market for a console this holiday season," the letter says.
Nearly seven years ago, MIT scientists mapped the molecular structure of proteins in spider silk threads onto musical theory to produce the "sound" of silk in hopes of establishing a radical new way to create designer proteins. That work even inspired a sonification art exhibit, "Spider's Canvas," in Tokyo last fall. Artist Tomas Saraceno created an interactive instrument inspired by the web of a Cyrotophora citricola spider, with each strand in the "web" tuned to a different note.
Now MIT materials engineer Markus Buehler and his colleagues are back with an even more advanced system of making music out of a protein structure—and then converting it back to create novel proteins never before seen in nature. The team also developed a free app for the Android smartphone, called the Amino Acid Synthesizer, so users could create their own protein "compositions" from the sounds of amino acids. They described their work in a new paper in ACS Nano.
Much like how music has a limited number of notes and chords and uses different combinations to compose music, proteins have a limited number of building blocks (its 20 amino acids) which can combine in any number of ways to create novel protein structures with unique properties. Furthermore, "Any genre of music has patterns," said Buehler. "You'll see universality in terms of sound, the tones, but you also see repetitive patterns, like motifs and movements in classical music. These kinds of patterns are also found in proteins."
Late last week, General Electric told a California regulator that it would close down a 10-year-old Southern California natural gas plant because it's no longer economically competitive in California's energy market.
The news, first reported by Reuters, is surprising because natural gas plants tend to have 30-year lifespans on average, and natural gas is currently the cheapest fossil fuel on the market today. But the two 376 megawatt (MW) turbines at the Inland Empire Energy Center (IEEC) outside of Riverside, California, are not built to play well with the increasing amount of renewable energy on California's grid. On top of that, renewables' low marginal cost and ubiquity throughout the state mean that during certain times of day, they're often the cheapest energy option.Natural gas needs quick-start options
GE told the California Energy Commission on Thursday that the natural gas plant is “not designed for the needs of the evolving California market, which requires fast-start capabilities to satisfy peak demand periods.”
Meteorologists and other experts are urging the Federal Communications Commission to drop a spectrum-sharing plan that they say could interfere with transmissions of weather-satellite imagery.
The dispute is over the 1675-1680MHz frequencies and is separate from the other FCC/weather controversy we've been covering, which involves the 24GHz band and has pitted the FCC against NASA, the National Oceanic and Atmospheric Administration (NOAA), and the US Navy.
The American Geophysical Union (AGU), American Meteorological Society (AMS), and National Weather Association (NWA) told the FCC in a filing last week that its plan for 1675-1680MHz should be scrapped because of the "likelihood of interference with the reception of weather satellite imagery and relayed environmental data to receive-only antennas that members of America's weather, water, and climate enterprise use."
Smartphone design is slowly dumping notches, hole punches, and other blemishes that cut into the display to make room for the front camera. Devices like the OnePlus 7 Pro have reached the final form of all-screen front designs thanks to a complicated, motorized pop-up camera, but it would be nice if we could do all-screen phones without all the moving parts. A possible solution is coming in the form of an under-display camera—a camera that sits behind the pixels of your display to take a selfie through the screen.
So far we've seen both Oppo and Xiaomi show off prototypes of this technology in blurry social media phones, but at Mobile World Congress Shanghai, Oppo showed off its prototype to the public for the first time. Engadget attended the show to see the device in person, and well, it looks like this first generation isn't the seamless all-screen camera solution we were hoping for.
With Oppo's prototype, you get a full screen design, but Engadget reports that the display over the camera "appears to be more pixellated" than the rest of the display. Oppo's solution involves making the display over top of the camera transparent with a transparent anode and a "redesigned pixel structure for improved light transmittance." This "redesigned pixel structure" is, well, less dense than the normal screen, so the image over it looks bad. In the pictures it looks like a semi-transparent notch.
About a month ago, Ars posted a couple of calls to action in our forums and on Reddit: we wanted to take your coolest Warframe designs and get them in front of the game's developers at Digital Extremes to see what the company thinks of the community's creations. Digital Extremes told us they don't have a great way of sorting through all the different player designs on the backend, so we asked you to show us what you got.
It took a bit to get things filmed, but this morning we're happy to present Digital Extremes Community Director Rebecca Ford with some analysis of the submissions. We last heard from Rebecca just about a year ago when we ran a video featuring her and game director Steve Sinclair answering questions about Warframe's lore and unsolved mysteries, but this time we had an extra ask for her: after dissecting some community frames and their build strategies, would she be willing to show us what she flies around in? (Spoiler: it's purple. Very, very purple.)
Thanks to Rebecca for being such a good sport and playing along—and also congrats to Warframers RekiSanchez, pacading, rytlocknroll, ninjakivi2, and Bedchuck for being picked. Special shout-out to ninjakivi2 for having an all-around awesome set of customizations—I particularly dug the giant pile of Ayatan sculptures. You're a decorator after my own heart.
Here in 2019, only the most fringe reactionaries are able to claim with a straight face that climate change is not a thing. But after years of the media doing its "two sides" thing, recalcitrant policy makers dragging their heels, a continued lack of investment in public transport, and intense, well-funded opposition from vested interests like the oil industry, there has been a heavy cost on attempts to decarbonize. When it comes to the transportation sector, even with the best will in the world, it will be decades before we see the end of the internal combustion engine. So when a new technology comes along that offers a really meaningful improvement in fuel efficiency when fitted to existing engines, my interest gets piqued. Such is the case with a new ignition system from a company called Transient Plasma Systems.
The company has its roots in pulsed power technology developed for the Department of Defense at the University of Southern California, specifically nanosecond-duration pulses of power. Since 2009, it has been working on commercializing the technology for the civilian market in a number of applications, but obviously it's the automotive one that interests me.
In a conventional four-stroke internal combustion gasoline engine, which works on the principle of suck-squeeze-bang-blow, the bang is created by a spark plug igniting the fuel-air mixture in the cylinder. That spark typically lasts several milliseconds, and although the control of that spark is now controlled electronically rather than mechanically, the principle is the same today as it was in 1910 when Cadillac added it to its engines.
Bitcoin has risen above $12,500, its highest level in 2019. The new milestone comes just five days after bitcoin rose above $10,000.
Bitcoin's value has risen by almost a factor of four since last December, when the price bottomed out around $3,200. Bitcoin's price is still well below the all-time high of around $19,500 reached in December 2017.
Bitcoin's rise is part of a broader rally in cryptocurrency markets. The price of ether, the currency of the Ethereum network, is up 11% over the last 24 hours to nearly $350. Bitcoin Cash, a bitcoin spinoff optimized for higher transaction volumes, is now worth more than $500 for the first time since the start of 2019.
This month, the European Commission revealed a new three-year project to develop technologies needed for two proposed reusable launch vehicles. The commission provided €3 million to the German space agency, DLR, and five companies to, in the words of a news release about the project, "tackle the shortcoming of know-how in reusable rockets in Europe."
This new RETALT project's goals are pretty explicit about copying the retro-propulsive engine firing technique used by SpaceX to land its Falcon 9 rocket first stages back on land and on autonomous drone ships. The Falcon 9 rocket's ability to land and fly again is "currently dominating the global market," the European project states. "We are convinced that it is absolutely necessary to investigate Retro Propulsion Assisted Landing Technologies to make re-usability state-of-the-art in Europe."
SpaceX began testing supersonic retro-propulsion as far back as September 2013, when the company first flew its upgraded Falcon 9 rocket, v1.1. This involves relighting the rocket's Merlin engines as the Falcon thunders toward Earth through the atmosphere at supersonic speeds. Relighting a rocket's engines and controlling its descent with aerodynamic surfaces was a huge engineering challenge that the company has now mostly mastered.
When I reviewed the first Super Mario Maker in 2015, I lamented that the game didn't debut years earlier as a Wii U console launch title. No other game before or since so easily showed off the benefits of that 2012 system’s tablet controller and online community features. And though the Wii U’s retail life fizzled shortly after Super Mario Maker’s release, a dedicated community of makers and players kept their aging consoles plugged in, carefully pushing the game’s course-making systems as far as they could go with truly inventive and imaginative levels.
This week, Nintendo is finally bringing a Mario Maker sequel to a platform with a healthy future ahead of it, rebuilding the game for a Switch tablet that can also be played on the go. The long-awaited sequel brings enough new features and quality-of-life improvements to justify the impending permanent loss of literally millions of levels created for the first game. But the package is still missing some key features that have me worried about how easy it will be to discover quality levels after launch.
One of the biggest additions in Super Mario Maker 2 is an offline Story Mode. Seemingly inspired by the similar (and excellent) course collection in the wholly offline Super Mario Maker for 3DS, Story Mode here comprises over 120 pre-built courses, all made with the game’s construction set.
In this, Story Mode acts as an extended tutorial not just on individual building parts, but on how to build those parts into a quality course. Most of these courses aren’t long, and most aren’t all that challenging for those with some Mario experience, but they’re built with the kind of guided care and internal thematic consistency that you don’t reliably find when playing random online levels. Spending a few hours working through them is great inspiration for your own course construction efforts.
Weather forecasters think parts of the 5G network could interfere with meteorology communications.
Chipmaker Micron has restarted some shipments to Huawei despite US sanctions.
Lake City becomes the second Florida town in two weeks to pay up after a ransomware attack.
Israeli security firms Check Point and CyberInt partnered up this week to find, exploit, and demonstrate a nasty security flaw that allows attackers to hijack player accounts in EA/Origin's online games. The exploit chains together several classic types of attacks—phishing, session hijacking, and cross-site scripting—but the key flaw that makes the entire attack work is poorly maintained DNS.
If you have a reasonably good eye for infosec, most of the video speaks for itself. The attacker phishes a victim over WhatsApp into clicking a dodgy link, the victim clicks the shiny and gets owned, and the stolen credentials are used to wreak havoc on the victim's account.
What makes this attack different—and considerably more dangerous—is the attacker's possession of a site hosted at a valid, working subdomain of ea.com. Without a real subdomain in their possession, the attack would have required the victim to log in to a fake EA portal to allow the attacker to harvest a password. This would have immensely increased the likelihood of the victim becoming alert to a scam. With the working subdomain, the attacker was able to harvest the authentication token from an existing active EA session before exploiting it directly and in real time.
A huge acceleration in the use of robots will affect jobs around the world, Oxford Economics says.
A live stream tour of a tiny museum open only one day a week attracts nearly half a million viewers.