Monday, July 05, 2021

Euros: Azzurro taking knee mural replaced by Fascist stance

'Stay standing Italy' says rightist school movement

(ANSA) - ROME, JUL 2 - Rightist CasaPound school movement Blocco Studentesco on Thursday night replaced a mural by street artist Harry Greb showing an Italy player taking the knee for Black Lives Matter with a poster from the 1934 World Cup showing an Azzurro standing up and giving the Fascist salute, adding the tag "Stay standing, Italy".
    Blocco Studentesco said "Kneeling, for us, is not a form of respect for anyone, it's better to stand up and look each other in the face".
    Italian professional footballers association AIC said Thursday that it was time to stop a "defamatory campaign" against the Italy players over their stance on taking the knee at Euro 2020.
    Unlike some national teams, the Azzurri did not take the knee in support of the Black Lives Matter movement before their victory over Austria in the last 16 of the tournament last week.
    Five of the starting XI took the knee before Italy's last group game against Wales.
    In a statement to ANSA, the AIC said it "unreservedly stigmatizes the defamatory, biased campaign against the Italian national team players.
    "All of the Azzurri are our members," added the union ahead of Italy's quarter-final against Belgium in Munich on Friday.
    "They have all leant their faces and their images to be the lead figures in the numerous initiatives against any form of racism and discrimination that we have been doing for years". (ANSA).

UPDATED

Is the ‘Dragon Man’ a new species of human? Here’s what we know so far


Some scientists believe we've found our long-lost sister lineage. But not everyone is entirely convinced.

 by Tibi Puiu
Artist’s impression of Dragon Man. Credit: Chuang Zhao.

Last week, paleontologists in China broke the news that they have identified a 146,000-year-old cranium that may belong to a distinct, up until now unidentified species of humans. This tentative new species, known as Homo longi, or Dragon Man, has a mix of features shared by Neanderthals, Denisovans, and humans. If it is indeed a new species, scientists believe it may be the closest relative to modern humans, replacing the Neanderthals as our closest extinct kin.

The Dragon Man skull

From left to right are the skulls of Peking Man, Maba, Jinniushan, Dali, and Harbin. Credit: Kai Geng.

The skull was found near Harbin, a town in northeast China, in 1933 by bridge construction workers. Its potential importance was missed until 2018 when it reached the hands of a team of paleontologists led by Xijun Ni, a professor of primatology and paleoanthropology at the Chinese Academy of Sciences and Hebei GEO University.

Unlike most other hominin fossilized skulls that are usually crushed and fragmented, the Harbin skull was discovered remarkably intact. Its only major flaw is that it has only one tooth still attached to the mandible, a left molar.

In a series of three papers, the researchers described the extraordinary skull, which could hold a brain comparable in size to modern humans. It features almost square eye sockets beneath a heavy brow ridge reminiscent of the Neanderthals but has a wide face with small, flat cheekbones that is typical of modern humans. The cranium, which scientists believed belonged to a 50-year-old male, also features a wide mouth and oversized teeth.


“The Harbin fossil is one of the most complete human cranial fossils in the world. This fossil preserved many morphological details that are critical for understanding the evolution of the Homo genus and the origin of Homo sapiens. While it shows typical archaic human features, the Harbin cranium presents a mosaic combination of primitive and derived characters setting itself apart from all the other previously named Homo species,” said Qiang Ji, a professor of paleontology at Hebei GEO University.

A new species of human? not so fast


Artist impression of Dragon Man. Credit: The Innovation.

Like modern humans, Homo longi probably hunted mammals and birds, gathered wild fruits and vegetables, and perhaps even caught fish. Considering the Harbin individual was large in stature, as well as the location where it was found, the researchers believed that H. longi was well adapted to harsh environmental conditions.

Geochemical analyses showed that the Harbin man fossils are at least 146,000 years old, placing them well within the Middle Pleistocene, an era when humans were busy dispersing across the world. It is thus very likely that H. longi encountered Homo sapiens, as well as Denisovans and Neanderthals.

“We see multiple evolutionary lineages of Homo species and populations co-existing in Asia, Africa, and Europe during that time. So, if Homo sapiens indeed got to East Asia that early, they could have a chance to interact with H. longi, and since we don’t know when the Harbin group disappeared, there could have been later encounters as well,” says author Chris Stringer, a paleoanthropologist at the Natural History Museum in London.

When the researchers reconstructed the human tree of life to account for H. longi, they found that the tentative new species is even more closely related to us than Neanderthals and represents a sister species. This implies that Homo sapiens must have split from Neanderthals even further back in time, diverging from a common ancestor roughly 400,000 years earlier than scientists had previously thought.


“It is widely believed that the Neanderthal belongs to an extinct lineage that is the closest relative of our own species. However, our discovery suggests that the new lineage we identified that includes Homo longi is the actual sister group of H. sapiens,” says Professor Ni.

But is Homo longi truly a new species of human? It’s a bit too early to tell. The Harbin man may well be a Denisovan, an extinct species of archaic human that ranged across Asia during the Lower and Middle Paleolithic and whose fossil record is very scant. So far, the only fossils we have found of Denisovans include a finger bone, a few teeth and a skull fragment retrieved from Denisova Cave in Siberia, and a jawbone from Xiahe, northern China.

According to Ars Technica, when “Ni and colleagues did their statistical analysis, they pointed out that the Harbin skull fell into a group along with the 160,000-year-old Denisovan mandible from Xiahe. Given the great diversity of shapes and sizes that human skulls come in, it wouldn’t be that surprising for the Harbin skull to actually belong to the range of diversity for Denisovans.

If scientists manage to extract DNA from the Harbin skull, they could then compare it to the genomes of Denisovans, Neanderthals, and modern humans, to which we have access. That would settle at least some of the debate.

In any event, the Harbin skull is hugely significant. If it turns out to be a distinct species, then the human tree of life just got enlarged with one member. If subsequent research shows it is from a Denisovan, then we’ll finally know what these rather mysterious cousins looked like. So a win/win for science.
UPDATED
Georgia pride march cancelled after LGBT office ransacked and rainbow flags destroyed

Men climbed into the Tbilisi Pride office, ransacking it and tearing up rainbow flags.

LGBT campaigners in Georgia have called off a pride march after violent groups opposed to the event stormed and ransacked their office in the capital Tbilisi.

Key points:
Video footage showed protesters scaling a building and tearing down rainbow flags

Journalists were targeted in the violence

A tourist was reportedly stabbed for wearing an earring


Activists launched five days of LGBT Pride celebrations last Thursday and had planned a "March for Dignity" on Monday in central Tbilisi, shrugging off criticism from the church and conservatives who said the event had no place in Georgia.

However, the march plan was disrupted by counter-protesters before it could begin.

Video footage posted by LGBT activists showed men scaling their building to reach their balcony, where they tore down rainbow flags and were seen entering the office of Tbilisi Pride.

Other footage showed a journalist with a bloodied mouth and nose, and a man on a scooter driving at journalists in the street.

After the pride march was called off, some anti-march demonstrators staged a prayer outside a church facing the parliament building, while others danced to traditional music in celebration.

LGBT activists say the anti-pride march protesters are far-right extremists.(Reuters: Irakli Gedenidze)

Police said more than 50 journalists had been targeted in the violence.

Campaigners said some of their equipment had been broken in the attack.

"No words can explain my emotions and thoughts right now. This is my working space, my home, my family today. Left alone in the face of gross violence," LGBT activist Tamaz Sozashvili tweeted.

Media also reported that a tourist had been stabbed because he was allegedly wearing an earring.

The interior ministry, which said eight people were detained over the violence, had urged LGBT activists to abandon the march for security reasons.

It said in a statement that various groups were gathering and protesting, and that journalists had been targeted with violence.

"We once again publicly call on the participants of 'Tbilisi Pride' to refrain from the 'March of Dignity' … due to the scale of counter-manifestations planned by opposing groups," it said.
People danced in front of Georgia's parliament building after the pride march was cancelled.
(Reuters: Irakli Gedenidze)

Several Western embassies in Georgia issued a joint statement condemning the attack and calling on authorities to ensure freedom of expression and assembly.

"Violence is simply unacceptable and cannot be excused," the statement said.

President Salome Zourabichvili, who visited one of the injured journalists, said the violence was a "violation of the core fabric of Georgia".

"What happened is not the Georgia I know," Ms Zourabichvili, who ran as an independent, wrote on Twitter.

"It's not the Georgia based on its core values of tolerance."

In the run-up, Prime Minister Irakli Garibashvili said he viewed the march as "not reasonable", saying it risked causing public confrontation and that it was not acceptable to most Georgians, the Civil Georgia media outlet reported.

Rights campaigners condemned the violence and accused Mr Garibashvili of having emboldened hate groups.

"Violent far-right crowds supported by [the] Church & emboldened by [an] incredibly irresponsible statement of PM [Garibashvili] gathered in Tbilisi center to prevent Pride March, attacking journalists & breaking into Pride office," wrote Giorgi Gogia, who works for US-based Human Rights Watch.

VIDEO
Georgia pride march cancelled after LGBT office ransacked and rainbow flags destroyed - ABC News
Demoralised Afghan troops flee as key districts fall to Taliban insurgency
Afghan commandos arrive to reinforce security forces in Faizabad, capital of Badakhshan province, after the Taliban captured neighbourhood districts of Badakhshan. Photo: Reuters

Rahim Faiez, Kabul

July 06 2021 

The Taliban’s march through northern Afghanistan gained momentum overnight on Sunday with the capture of several districts from fleeing Afghan forces, several hundred of whom fled across the border into Tajikistan, officials said.

The government of Afghanistan announced it was preparing to mount a counter offensive.

More than 300 Afghan military personnel crossed from Afghanistan’s Badakhshan province as Taliban fighters advanced toward the border, Tajikistan’s State Committee for National Security said in a statement.

The Afghan troops crossed over at about 6.30pm local time on Saturday

“Guided by the principles of humanism and good neighbourliness,” the Tajik authorities allowed the retreating Afghan National Defence and Security Forces to cross into Tajikistan, said the statement

Since mid-April, when US President Joe Biden announced the end to Afghanistan’s “forever war”, the Taliban have made strides throughout the country.

But its most significant gains have been in the northern half of the country, a traditional stronghold of the US-allied warlords who helped defeat them in 2001. The Taliban now controls roughly a third of all 421 districts and district centres in Afghanistan.

The gains in northeastern Badakhshan province in recent days have mostly come to the insurgent movement without a fight, said Mohib-ul Rahman, a provincial council member.

He blamed Taliban successes on the poor morale of troops who are mostly outnumbered and without resupplies.

“Unfortunately, the majority of the districts were left to Taliban without any fight,” said Mr Rahman. In the last three days, 10 districts fell to Taliban, eight without a fight, he said.

Hundreds of Afghan army, police and intelligence troops surrendered their military outposts and fled to the Badakhshan provincial capital of Faizabad, Mr Rahman said.

Even as a security meeting was being held early on Sunday to plot the strengthening of the perimeter around the capital, some senior provincial officials were leaving Faizabad for the capital Kabul, he said.

Late last month, the Afghan government resurrected militias with a reputation of brutal violence to support the beleaguered Afghan forces but Mr Rahman said that many of these militias in the Badakhshan districts had put up only a half-hearted fight.

The areas under Taliban control in the north are increasingly strategic, running along Afghanistan’s border with central Asian states.

Last month, the religious movement took control of Imam Sahib, a town in Kunduz province opposite Uzbekistan and gained control of a key trade route.

The inroads in Badakhshan are particularly significant as it is the home province of former President Burhanuddin Rabbani, who was killed by a suicide bomber in 2011.

His son, Salahuddin Rabbani, is part of the current High Council for National Reconciliation. The slain former president also led Afghanistan’s Jamiat-e-Islami, which was the party of famed anti-Taliban fighter Ahmad Shah Massoud, killed by a suicide bomber two days before the 9/11 attacks in the United States.

The Interior Ministry issued a statement on Saturday saying the defeats were temporary although it was not clear how they would regain control.

Taliban spokesman Zabihullah Mujahid confirmed the fall of the districts and said most were without a fight.

The Taliban in previous surrenders have shown videos of Afghan soldiers taking transportation money and returning to their homes.





‘You know you’re shaking things up when they come after you’: Hacker takes over top accounts on new pro-Trump app GETTR

The hacker says more vulnerabilities remain.



Mikael Thalen


Tech


Published Jul 5, 2021

GETTR, the new social media platform for supporters of former President Donald Trump, has already been hacked.

Launched last week by Jason Miller, a former spokesperson for Trump, GETTR was compromised after security researchers discovered numerous bugs and vulnerabilities.vertisement

The accounts for some of the site’s biggest users, including Miller himself as well as Rep. Marjorie Taylor Greene, were taken over on Sunday by hacker @JubaBaghdad.

The usernames for the hacked accounts were all changed to include a pro-Palestinian message: “@JubaBaghdad was here :) ^^ free palestine ^^.”

Speaking with Insider, the hacker argued that the attack had been “easy” due to the site’s poor security postertisement

“They should not publish the website before making sure everything, or at least almost everything, is secure,” he said.

Other compromised accounts included those belonging to former Secretary of State Mike Pompeo, the pro-Trump broadcaster Newsmax, and ex-White House chief strategist Steve Bannon.



Miller responded to the hack of his site by downplaying the severity, arguing that the problem was fixed within minutes.

“You know you’re shaking things up when they come after you. The problem was detected and sealed in a matter of minutes, and all the intruder was able to accomplish was to change a few user names,” Miller told Insider. “The situation has been rectified and we’ve already had more than half a million users sign up for our exciting new platform!”

Despite Miller’s assurances, however, @JubaBaghdad told Salon’s Zachary Petrizzo on Monday that GETTR was still vulnerable. Petrizzo says the hacker was able to show him all of the personal information he used while signing up for the site. (Editor’s note: Zachary Petrizzo previously contributed to the Daily Dot.)

Security woes are just one of several issues facing the novice platform. Shortly after launch, trolls flooded GETTR with pornographic images, much to the ire of the site’s conservative userbase.
The Kaseya Ransomware Attack is a Really Big Deal
By Matt Tait Monday, July 5, 2021
LAWFARE


A keyboard (ericnvntr/https://flic.kr/p/9A8uFb/CC BY 2.0/https://creativecommons.org/licenses/by/2.0/)

If you’re not already paying attention to the Kaseya ransomware incident, you should be. It’s likely the most important cybersecurity event of the year. Bigger than the Exchange hacks by China in January. Bigger than the Colonial pipeline ransomware incident. And, yes, more important than the SolarWinds intrusions last year.

First, some background. Kaseya is a managed service provider; its customers use Kaseya to manage their company IT infrastructure. As part of this task, Kaseya can deploy software to the systems under management, in a way that is broadly equivalent to a software provider deploying an automatic update to those machines. For those interested in more, Nick Weaver wrote a piece for Lawfare that walks through the background in depth.

Under normal circumstances, automatic software deployment, especially in the context of software updates, are a good thing. But here this feature was turned on its head. Russian-based criminal gang REvil hacked into Kaseya’s management system, and pushed REvil software to all of the systems under Kaseya’s management. From there, the ransomware promptly disabled those computers and demanded a cryptocurrency payment of about $45k per system to set the machines free. As of writing, REvil claims that about a million total computers were affected, and is offering a “bulk discount” of $70m to unlock all affected systems in a single payment.

Although the direct impact is already enormous, to me, the direct impact is, in some sense, far less important than the issue of how the incident occurred, namely by subverting software delivery mechanisms as a means to install ransomware.

Supply chain attacks such as these are the proximate technical cause of many of cybersecurity’s “greatest” hits, including NotPetya and SolarWinds. The NotPetya attack in June 2017 did about $10bn or so of damage globally. The SolarWinds campaign led to the compromise of thousands of major organizations and dozens of federal agencies. NotPetya was delivered by a malicious update to Ukrainian accountancy software firm MeDoc; the SolarWinds malware by a malicious update to SolarWinds’ IT management software.

If this is not yet enough to catch your attention, three further observations will.

First, supply chain compromises, such as these, are very often indiscriminate; everyone that installs a malicious update gets the malware. Even in cases where supply-chain malware merely lays the groundwork for further sub-targeting after the initial breach—as the SolarWinds malware did—the effect is disruptive to all recipients, whether sub-targeted or not. Except in very rare cases, perpetrators behind supply chain attacks cannot control, predict or constrain the real-world consequences of subverting software supply-chains—and this is especially true when they are used to install ransomware.

The second, and perhaps scariest, observation is that the software vendors used in malicious update compromises thus far have, in the grand scheme of things, been relatively small. MEDoc, SolarWinds and Kaseya are, of course, important to their respective customers, but none were household names before their respective incidents. Far bigger software vendors exist. Some are central to the basic functioning of modern computing. A disruption to the supply chain of platform vendors like Microsoft, Apple, or Google would have fallout at a scale that is literally unimaginable; with global disruption so vast that it cannot really be articulated without sounding insane or alarmist. But platform vendors are not the only large software developers. Hundreds of smaller companies exist on the periphery, each with enormous customer-bases, from organizations like NVidia, Dell, Adobe and Mozilla; Linux and its various major distributions; the maintainers of core package managers used by huge numbers of software developers; large enterprise IT products; as well as any of the major games companies like Blizzard Activision or Valve. Most of these regularly push software to huge numbers of users and organizations at an operational scale that makes MEDoc, Kaseya and SolarWinds look like lightweights.

The final observation is that defensive remediation of ransomware deployed through automatic updates is pathological to the cybersecurity industry itself in a way that is qualitatively different from other categories of cybersecurity incidents.

To understand why, contrast the Kaseya breach with, say, a more “traditional” deployment of malware using zero-day exploits against each affected target. Hackers who develop or have access to zero-days have two natural obstacles to their mass-use: the difficulty in reaching exposed systems, and the risk of discovery. Once the zero-day is discovered, its utility rapidly and sharply declines.

Once a zero-day is discovered being used “in the wild”, remediation typically comes in the form of two key streams in the cybersecurity community. The first stream is the software developers at the affected vendor. Those developers quickly reverse-engineer the exploit to identify the software defect. For simple fixes, the developers can fix it outright; for more complicated issues they might temporarily disable the surrounding feature until the defective component can be safely re-engineered. In either case, an “immunized” patch is made ready and deployed to customers, often within a few days of initial discovery of the exploit.

As the developers engineer a patch to prevent new infections, the incident response community mobilizes to help infected organizations. These incident responders perform an intensive triage and remediation. They identify and restore affected systems, discover what was stolen, and put in place measures that will make future compromises less likely to occur—and less damaging when they do—for the affected systems and organizations.

Malware deployed automatically via the supply-chain up-ends all of these dynamics pathologically. A malware operator with access to automatic software delivery infrastructure has no incentive to keep the infections small. Rather than infecting only a few targets at the top of their priority list, the hacker typically hacks all affected customers nearly simultaneously. Finding and reaching exposed systems isn’t an obstacle here to their mass-deployment either; the delivery mechanism “helpfully” routes the malware through to systems buried deep inside corporate networks, or hidden behind layers of traditional defenses.

The vendor can’t respond in the normal way to supply-chain malware either. The malware came from their own software delivery infrastructure, so remediation begins with them disabling their infrastructure to prevent further misuse and then turning inwards to secure their own systems. In any case, patches are the wrong tool for remediation: patches help defend systems that might be vulnerable to malware, but here their customers are already infected with the malware. By the time the breach is discovered, it’s already too late to fix via a patch.

As if this wasn’t enough, malware-laden updates are also pathological to incident response. Since malicious updates affect enormous groups of systems simultaneously, they tend to saturate the capacity of the entire incident response industry overnight, overwhelming their ability to respond.

In short, software supply chain security breaches don’t look like other categories of breaches. A lot of this comes down to the central conundrum of system security: it’s not possible to defend the edges of a system without centralization so that we can pool defensive resources. But this same centralization concentrates offensive action against a few single points of failure that, if breached, cause all of the edges to fall at once. And the more edges that central failure point controls, the more likely the collateral real-world consequences of any breach, but especially a ransomware breach will be catastrophic, and cause overwhelm the defensive cybersecurity industry’s ability to respond.

Tackling this problem is no small task; it will need a great deal of resources and creativity across a large number of different domains, from the technical community through to the foreign policy community. And, to be fair, many of the options towards a safer infrastructure will likely require some large, and frankly unpopular, shaping-up against some large entrenched interests to make progress.

But before researchers and policymakers can start to look for solutions, the first step is recognizing why supply-chain compromise is fundamentally different from most other problems encountered day-to-day in cybersecurity, and one with a failure mode that can be unusually fast and large-scale. Only then will the information security community be able to start tackling it with the scale and seriousness that it deserves.
Fallout continues from most widespread global ransomware attack to date

Cyberattack hit at least 17 countries; FBI directing ‘full resources’ to investigation


Published: July 5, 2021
Associated Press

The inside of a computer in seen in Jersey City, N.J. ASSOCIATED PRESS

BOSTON — The single biggest global ransomware attack yet continued to bite Monday as details emerged on how the Russia-linked gang responsible breached the company whose software was the conduit. In essence, the criminals used a tool that helps protect against malware to spread it widely.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS JBSS3, -0.95% after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.


REvil was demanding ransoms of up to $5 million. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency. It wasn’t clear who they expected might pay that amount.

Sweden may have been hardest hit by the attack — or at least most transparent about it. Its defense minister, Peter Hultqvist, bemoaned on Monday “a serious attack on basic functions in Swedish society.”

”It shows how fragile the system is when it comes to IT security and that you must constantly work to develop your ability to defend yourself,” he said in a TV interview. Most of the Swedish grocery chain Coop’s 800 stores were closed all weekend because their cash register software supplier was crippled. They remained closed Monday. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.

A broad array of businesses and public agencies were affected, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. The cybersecurity firm ESET identified victims in countries including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.

Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Victims get a decoder key when they pay up.

In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.

On Sunday, the FBI said in a statement that while it was investigating the attack, its scale “may make it so that we are unable to respond to each victim individually.” Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.

Biden suggested Saturday the U.S. would respond if it was determined that the Kremlin is at all involved. Less than a month ago, Biden pressed Russian President Vladimir Putin to stop giving safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.

On Monday, Putin spokesman Dmitry Peskov was asked if Russia was aware of the attack or had looked into it. He said no, but suggested it could be discussed by the U.S. and Russia in consultations on cybersecurity issues for which no timeline has been specified.

Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed and many victims might not learn of it until back at work Monday or Tuesday.

Most end users of managed service providers “have no idea” whose software keep their networks humming, said CEO Fred Voccola of the breached software company, Kaseya.

He estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”

Voccola said only between 50-60 of the company’s 37,000 customers were compromised. But 70% were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and malware-detection updates and manages backups and other vital tasks.

Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.

The REvil offer to offer blanket decryption for all victims of the Kaseya attack in exchange for $70 million suggested its inability to cope with the sheer quantity of infected networks, said Allan Liska, an analyst with the cybersecurity firm Recorded Future.

But Kevin Reed of Acronis said the offer of a universal decryptor could be a PR stunt because no human involvement would be needed to pay a $45,000 base ransom demand apparently sent to the vast majority of targets. Analysts reported seeing demands of $5 million and $500,000 for bigger targets, which would require negotiation.

Analyst Brett Callow of Emsisoft said he suspects REvil is hoping insurers might crunch the numbers and determine the $70 million will be cheaper for them than extended downtime.

Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the ransomware. The criminals then threaten to dump the stolen data online unless paid, although that does not appear to have happened in this case. But this attack was apparently bare-bones. REvil seems only to have scrambled victims’ data.

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.

“The level of sophistication here was extraordinary,” he said.

It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 U.S. dental practices were crippled in a separate attack.

Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.
RIP
Richard Donner, director of Superman, Lethal Weapon and The Goonies, dies aged 91

He was "the greatest Goonie of all" said Stephen Spielberg.



Mark Serrels
July 5, 2021
CNET

Donner attending at 25th anniversary Goonies reunion at Warner Bros. Studios in October 2010.Michael Tran/FilmMagic


Richard Donner, the director behind huge hits like Lethal Weapon, The Goonies and Superman, has died aged 91. His wife, producer Lauren Shuler Donner, did not disclose the cause of death.

Donner had an incredible career, directing one of the first significant superhero movies in Superman, starring Christopher Reeves and Marlon Brando, but made his feature film debut with The Omen, the classic, iconic horror movie, written by David Seltzer.

Donner is perhaps most famous for his work on the Lethal Weapon series, which helped create the template for the buddy cop movie. Lethal Weapon grossed $120 million on a $15 million budget and kickstarted one of the most memorable franchises in Hollywood history, perhaps peaking with the sequel, Lethal Weapon 2, released in 1989. It was the third most successful movie released that year behind Batman and Indiana Jones and the Last Crusade. Donner also directed cult classic, The Goonies, launching the careers of stars like Sean Astin and Josh Brolin.

He was also an incredibly successful producer. Donner's production company, The Donners' Company, helped launch the X-Men franchise back in 2000.

"Being in his circle was akin to hanging out with your favorite coach, smartest professor, fiercest motivator, most endearing friend, staunchest ally, and — of course — the greatest Goonie of all," said Stephen Spielberg, in a statement sent to Variety.

"Dick genuinely cared about me, my life and my family," added Danny Glover, who was directed by Donner. "We were friends and loved each other far beyond collaborating for the screen and the success that the Lethal Weapon franchise brought us. I will so greatly miss him."

 

Belowground microbial solutions to aboveground plant problems

MAX PLANCK INSTITUTE FOR PLANT BREEDING RESEARCH

Research News

IMAGE

IMAGE: PRIORITY TO MICROBIOTA-INDUCED PLANT GROWTH OVER DEFENSE, UNDER LOW LIGHT CONDITIONS. IMAGE CREATED WITH BIORENDER. view more 

CREDIT: STÉPHANE HACQUARD

Land plants - plants that live primarily in terrestrial habitats and form vegetation on earth - are anchored to the ground through their roots, and their performance depends on both the belowground soil conditions and the aboveground climate. Plants utilize sunlight to grow through the process of photosynthesis where light energy is converted to chemical energy in chloroplasts, the powerhouses of plant cells. Therefore, the amount and quality of light perceived by chloroplasts through light absorbing pigments, such as chlorophyll, is a defining factor in plant growth and health. A substantial amount of the chemical compounds produced during the conversion of light energy to chemical energy, termed photoassimilates (mainly sugars), is translocated to the plant root compartment and invested in the surrounding soil to sustain microbial growth. Consequently, roots harbour complex microbial communities of bacteria and filamentous eukaryotes (i.e., fungi and oomycetes), and the composition of these communities profoundly influences plant performance. However, the extent to which plants can take advantage of belowground microbes to orchestrate aboveground stress responses remains largely unexplored. Now, in a new study published in Nature Plants, Stéphane Hacquard and his colleagues from the Department of Plant-Microbe Interactions at the MPIPZ in Cologne, Germany, shed light on these aboveground-belowground connections.

To tackle this question, the first author of the study Shiji Hou performed experiments where the aboveground light conditions and the belowground microbial conditions could be controlled. By comparing the growth of Arabidopsis thaliana (Thale Cress) grown in the absence of root microbes (i.e., germ-free) to those colonized by a complex community of 183 bacteria, 24 fungi and 7 oomycetes, the researchers observed that the presence of microbes rescued the plant growth-deficiency observed under low light conditions. Inoculation experiments with leaf pathogens further indicated that plants colonized by microbes were also more resistant to aboveground leaf pathogens than germ-free control plants, indicating that the presence of root microbes can promote both plant growth and defense under low light.

By comparing growth and defense responses of colonized plants between the two light conditions, the scientists observed that investment in growth under low light conditions came at the cost of defense, since microbiota-induced defense responses were reduced and plants were more susceptible to leaf pathogens under low light. Based on this observation, the authors of the study then hypothesized that when light conditions are suboptimal, plants favor microbe-induced growth over microbe-induced defense responses. To test this hypothesis, the researchers screened different A. thaliana mutants to identify those that failed to invest in growth under low light. Consistent with their hypothesis, the identified mutants were better at resisting leaf pathogens instead. Furthermore, the scientists found that the presence of the host transcription factor MYC2 was crucial to tip the balance in favor of microbiota-induced growth instead of microbiota-induced defense under low light conditions.

The researchers then went on to investigate whether the make-up of the microbial community belowground could explain aboveground investment in growth at the expense of defense under low light. To do this, they analyzed the composition of the root microbiota across the different A. thaliana mutants and observed that the bacterial community composition was markedly different depending on whether the different plants invested in growth under low light. This experiment led to the identification of 67 bacterial strains that were predicted to be associated with plant growth rescue under low light. To test a potential causal link, the researchers prepared three different bacterial communities composed of either: 1) all 183 strains, 2) the 183 strains lacking the 67 strains predicted to be important for growth rescue or 3) the 67 strains alone. Remarkably, A. thaliana wild-type plants colonized with the 67-member community invested in growth under low light, whereas those colonized by the community lacking these bacterial strains did not, instead favoring better resistance to leaf infection by pathogens.

In the words of study lead Stéphane Hacquard: "Our results suggest that plant growth and defense responses are engaged in different feedback loops with the root microbiota depending on aboveground light conditions. It is likely that light-induced change in root exudation profiles is an important mechanism that stimulates the growth of particular beneficial bacterial root commensals that boost plant growth, in the expense of defense responses under low light". The observation that microbiota-root-shoot-circuits exist in plants is reminiscent of recent results obtained in the context of the microbiota-gut-brain axis in animals, where a direct link between gut commensals and brain functions was uncovered. The results suggest that bacterial root and gut commensals have important functions in modulating stress responses not only locally, but also in distant host organs.

These findings have important applications for utilizing belowground microbes to promote aboveground stress responses in plants. By applying the knowledge gained in this study it would now be conceivable to design synthetic microbial communities with modular functions that could be used to promote plant resistance to particular biotic or abiotic stresses, and ultimately promote plant health in nature.

###

 

Seabird colony creates 'halo' of depleted fish stocks

UNIVERSITY OF EXETER

Research News

IMAGE

IMAGE: ASCENSION FRIGATE view more 

CREDIT: SAM WEBER

A vast seabird colony on Ascension Island creates a "halo" in which fewer fish live, new research shows.

Ascension, a UK Overseas Territory, is home to tens of thousands of seabirds - of various species - whose prey incudes flying fish.

The new study, by the University of Exeter and the Ascension Island Government, finds reduced flying fish numbers up to 150km (more than 90 miles) from the island - which could only be explained by the foraging of seabirds.

The findings - which provide rare evidence for a long-standing theory first proposed at Ascension - show how food-limited seabird populations naturally are, and why they are often so sensitive to competition with human fishers.

"This study tells us a lot about large colonies of animals and how their numbers are limited," said Dr Sam Weber, of the Centre for Ecology and Conservation on Exeter's Penryn Campus in Cornwall.

"These birds are concentrated at Ascension Island during the breeding season, and the intensity of their foraging is naturally highest near the island.

"As they use up the most accessible prey located near to the island, they have to travel increasingly long distances to feed, causing the 'halo' to expand outwards.


CAPTION

Masked booby feeding a chick

CREDIT

Sam Webe

"Once individuals can't find enough food to break even with the energy they expend finding it, the colony stops growing.

"Human impacts such as fisheries can interfere with this natural balance and have negative effects on populations of marine top predators like seabirds, even if they don't directly harm the birds.

"What was particularly surprising is the large scale of the footprint we found.

"It shows that Marine Protected Areas may need to be very large because some predators rely on prey stocks across a huge area."

The pattern of prey depletion revealed by the study is known as "Ashmole's halo", after British ornithologist Philip Ashmole, who first proposed it about 60 years ago after a visit to Ascension Island.

For the study, the researchers counted flying fish, tracked seabirds' foraging trips and examined their regurgitated food.

The nesting seabird species on Ascension that prey on flying fish include frigatebirds, masked boobies and brown boobies.


CAPTION

Masked booby

CREDIT

Sam Weber

The research team included the RSPB and the Royal Netherlands Institute for Sea Research.

The study was funded by UK Government's Conflict, Security and Stability Fund and by a Darwin Initiative grant.

The paper, published in the journal Proceedings of the National Academy of Sciences, is entitled: "Direct evidence of a prey depletion 'halo' surrounding a pelagic predator colony."