AsyncRAT exploits ConnectWise ScreenConnect via fileless loader, stealing credentials and crypto data, maintaining persistence through fake Skype Upd
Get the latest international news and world events from around the world.
Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release.
Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to privilege escalation, followed by remote code execution (22), information disclosure (14), and denial-of-service.
“For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,” Satnam Narang, senior staff research engineer at Tenable, said. “Nearly 50% (47.5%) of all bugs this month are privilege escalation vulnerabilities.”
DDoS defender targeted in 1.5 Bpps denial-of-service attack
A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second.
The attack originated from thousands of IoTs and MikroTik routers, and it was mitigated by FastNetMon, a company that offers protection against service disruptions.
“The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed,” FastNetMon says in a press release.
Microsoft waives fees for Windows devs publishing to Microsoft Store
Microsoft announced that, starting today, individual Windows developers will no longer have to pay for publishing their applications on the Microsoft Store.
The company said that developers can now submit Win32 (including. NET WPF and WinForms), UWP, PWA,.NET MAUI, or Electron apps to the Microsoft Store without paying any registration fees.
Redmond will also handle each app’s hosting and signing, eliminating the need for developers to pay for these services.
Hackers left empty-handed after massive NPM supply-chain attack
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but the attacker made little profit off it.
The attack occurred earlier this week after maintainer Josh Junon (qix) fell for a password reset phishing lure and compromised multiple highly popular NPM packages, among them chalk and degub-js, that cumulatively have more than 2.6 billion weekly downloads.
After gaining access to Junon’s account, the attackers pushed malicious updates with a malicious module that stole cryptocurrency by redirecting transactions to the threat actor.
First-ever complete measurement of a black-hole recoil achieved thanks to gravitational waves
A team of researchers led by the Instituto Galego de Física de Altas Enerxías (IGFAE) from the University of Santiago de Compostela (Spain) has measured for the first time the speed and direction of the recoil of a newborn black hole formed through the merger of two others. The result, published today in the journal Nature Astronomy, offers new insights into some of the most extreme events in the universe.
Gravitational waves (GWs) are ripples in the fabric of spacetime that travel away from their sources at the speed of light, encoding information about them. They provide a completely novel information channel that allows us to observe astrophysical phenomena that do not emit light—such as black hole mergers—and obtain new information about processes that do—such as supernovae or neutron-star mergers.
While Einstein predicted the existence of GWs in 1916, they are so weak that detecting them requires incredibly sensitive detectors and extremely violent astrophysical events such as black-hole mergers, supernovae or the Big Bang itself.
What Is Superposition and Why Is It Important?
Imagine touching the surface of a pond at two different points at the same time. Waves would spread outward from each point, eventually overlapping to form a more complex pattern. This is a superposition of waves. Similarly, in quantum science, objects such as electrons and photons have wavelike properties that can combine and become what is called superposed.
While waves on the surface of a pond are formed by the movement of water, quantum waves are mathematical. They are expressed as equations that describe the probabilities of an object existing in a given state or having a particular property. The equations might provide information on the probability of an electron moving at a specific speed or residing in a certain location. When an electron is in superposition, its different states can be thought of as separate outcomes, each with a particular probability of being observed. An electron might be said to be in a superposition of two different velocities or in two places at once. Understanding superposition may help to advance quantum technology such as quantum computers.
One of the fundamental principles of quantum mechanics, superposition explains how a quantum state can be represented as the sum of two or more states.
Ultra-Bright and —Stable Red and Near-Infrared Squaraine Fluorophores for In Vivo Two-Photon Imaging
Fluorescent dyes that are bright, stable, small, and biocompatible are needed for high-sensitivity two-photon imaging, but the combination of these traits has been elusive. We identified a class of squaraine derivatives with large two-photon action cross-sections (up to 10,000 GM) at near-infrared wavelengths critical for in vivo imaging. We demonstrate the biocompatibility and stability of a red-emitting squaraine-rotaxane (SeTau-647) by imaging dye-filled neurons in vivo over 5 days, and utility for sensitive subcellular imaging by synthesizing a specific peptide-conjugate label for the synaptic protein PSD-95.
