Saturday, July 03, 2021

Russia-based hackers breach more than 1,000 businesses

Erin Doherty, Jacob Knutson, Gigi Sukin


Illustration: Aïda Amer/Axios

A Russia-based hacking group known as REvil has compromised the computer systems of at least 1,000 businesses by targeting managed service providers, according to to the cybersecurity firm Huntress Labs Inc.

Why it matters: It's a large-scale ransomware campaign — the full scope of which is not yet known — and comes on the heels of several other high-profile ransomware attacks this year.

Of note via Bloomberg: "Such attacks can have a multiplying effect, since the hackers may then gain access and infiltrate the MSPs’ customers too."
The affected MSPs, platforms that provide IT management and other core network functions for businesses, and companies have not yet been named.

The latest: President Biden said Saturday that the U.S. government is still not certain who is behind the hack, according to Reuters.
"The initial thinking was it was not the Russian government but we're not sure yet," Biden said. Biden said he directed U.S. intelligences agencies to investigate.
Victims have emerged in 11 countries so far, per cybersecurity firm ESET.
Grocery chain Coop’s 800+ stores in Sweden couldn’t open Saturday after the hack led cash registers to malfunction, spokesperson Therese Knapp told Bloomberg.

What they're saying: John Hammond, a cybersecurity researcher at Huntress Labs, said more than 20 MSPs have been impacted. He noted the criminals targeted software supplier Kaseya, using its network-management package to spread the ransomware.
“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”

Cybersecurity researcher Jake Williams, president of Rendition Infosec, told AP it's no accident that this happened before a holiday weekend, when IT staffing is generally thin.
Hackers frequently infiltrate widely used software, then spread malware as the software automatically updates.

The privately held Kaseya is based in Dublin, with a U.S. headquarters in Miami. The Miami Herald reported Kaseya's plans to hire as many as 500 workers by 2022 to staff a recently acquired cybersecurity platform.

The big picture: The breach comes after a summit between President Biden and Russian President Vladimir Putin, during which Biden threatened to use the U.S.' "significant" cyber capabilities to respond if critical infrastructure entities are targeted by Russian hackers.
FBI Director Christopher Wray told Congress in June that cyber threats against U.S. businesses are increasing "almost exponentially."

Go deeper: FBI: Russia-linked REvil behind ransomware attack on meatpacker JBS

Editor's note: This story will be updated as new information is released.

Cyber attack on US businesses through Kaseya software to be investigated for Russia links

Mr Biden has ordered an investigation into the cyber attack.(Reuters: Carlos Barria)


A cyber attack that immobilised US businesses ahead of the nation's July 4 holiday weekend will be investigated for links to Russia.

Key points:

US President Joe Biden says authorities are "not sure" whether Russia is behind the attack

Scores of businesses were affected by the attack, but estimates of how many vary

Cyber security experts say the attack is one of the largest of its kind


Security firm Huntress Labs suspects the so-called supply chain attack was carried out by a Russian gang called REvil, which has also been blamed for last month's attack on global meat packer JBS.

US President Joe Biden said authorities were "not certain" who was behind the attack, which experts say is one of the largest of its kind.

"The initial thinking was it was not the Russian government but we're not sure yet," he said.

Mr Biden said he had directed US intelligence agencies to investigate, and the United States would respond if it determined Russia was to blame.
Cybersecurity was a topic of discussion when Mr Biden met
 Russian leader Vladimir Putin last month.(AP: Patrick Semansky)

The hackers who struck on Friday US time hijacked widely used technology management software from a supplier called Kaseya.

They changed a Kaseya tool used by companies that manage technology at smaller businesses. They then encrypted the files of those providers' customers.

Kaseya said on its own website on Friday that it was investigating a "potential attack".

It also said it had limited the attack to "a very small percentage of our customers … currently estimated at fewer than 40 worldwide".

But Huntress Labs said it was working with partners targeted in the attack, and the software was manipulated "to encrypt more than 1,000 companies".

"This is a colossal and devastating supply-chain attack," John Hammond from Huntress said.

Gerome Billois, a cybersecurity expert with Wavestone consultancy, said ransomware attacks typically only affected one business at a time.

"In this case, they attacked a company that provides software for managing data systems, allowing them to simultaneously target several dozen — possibly even hundreds — of companies," he said.

Supply chain attacks have crept to the top of the cybersecurity agenda in the wake of the United States accusing hackers of operating at the Russian government's direction and tampering with a network-monitoring tool built by Texas software firm SolarWinds.

While the attack appeared directed at the US, Swedish supermarket chain Coop revealed it had to close more than half of its stores due to outages linked to the attack.

The company said it lost control of its checkouts after a subcontractor was hacked.

ABC/wires


IT management biz Kaseya pwned by miscreants to infect businesses with ransomware

Plus: Cops seize 3D printers 'used to print guns', and more bits and bytes
Sat 3 Jul 2021 

IN BRIEF In what's looking like a nasty supply-chain attack, IT systems management biz Kaseya was compromised by miscreants, which then used its VSA product to infect its own customers and then their customers with ransomware.

At least 200 businesses were hit, according to infosec biz Huntress. Kaseya meanwhile initially estimated 40 worldwide were infected. It also told its clients to switch off their VSA data management and remote monitoring services immediately.

"We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 1400 EDT today," it said in a Friday advisory.

"We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us. Its (sic) critical that you do this immediately, because one of the first things the attacker does is shut off administrative access to the VSA."

It appears that attackers got onto Kaseya's servers and included a copy of the REvil ransomware in a software update for customers that went out on Friday. It has also taken offline its software-as-a-service platform as a precaution.

"We have been advised by our outside experts that customers who experienced ransomware and receive a communication from the attackers should not click on any links – they may be weaponized," Kaseya's advisory added.

The Florida-based company told The Register it was working with the FBI. It's reported that among the victims is Sweden's grocery store chain Coop, a customer of one of Kaseya's customers, causing 500 stores to remain closed.
The Linkedin breach that wasn't

Earlier this week there were some reports that someone had put 700 million Linkedin records up for sale on the dark web. Rather than intrusion, LinkedIn said, someone who had scraped publicly available information, combined it with other available data, and was trying to make a buck or ten out of it.

"We want to be clear that this is not a data breach and no private LinkedIn member data was exposed," Linkedin said. "Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update."

Scraping is a serious problem for Linkedin, one it has taken to the US Supreme Court over.
Western Digital devices caught in crossfire?

Last week, users of Western Digital's My Book Live found they had lost a lot of data after devices were remotely wiped via a security vulnerability.

At the time, the manufacturer said this was due to a malware attack. Having looked at the IP addresses and network traffic involved, security shop Censys suggested it looked likely that one criminal infected My Book kit and then a separate individual initiated the factory reset command, suggesting someone could be trying to take out a rival.

Western Digital, however, disagrees. "Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP," it said. "The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device."

In the meantime the firm is offering data recovery services to affected folks and promising My Book Live customers a trade-in service for My Cloud accounts.
Google tidies up Nest security

Google has announced that it's beefing up the security of devices in its smart home biz Nest, and made a five-year commitment to support existing products. This comes after it discontinued its Nest Secure home security system.

The Chocolate Factory said all devices sold since 2019 will adhere to the standards of the Internet of Secure Things Alliance (ioXt) on patching and security. In addition Google will publish the ioXt validation results for all of its kit so buyers can make an informed choice.

"A helpful home is a safe home, and Nest’s new safety center is part of making sure Nest products help take care of the people in your life and the world around you," Google said in a blog post.

US police seize 3D printers over gun charges

An unusual case of physical security came up this week after the Pennsylvania police took custody of two 3D printers that allegedly were used to manufacture parts for so-called ghost guns – unregulated firearms American cops and prosecutors aren't too keen on.

“Kenneth Wilson was caught manufacturing untrackable and untraceable firearms out of his home. Once assembled, these fully functional firearms often become a tool for senseless violence,” said the state's Attorney General Josh Shapiro.

“Ghost guns are quickly becoming the weapon of choice for criminals that take the lives of too many Pennsylvanians. My office is working overtime to target these gun traffickers and get illegal guns off our streets.”

In addition to the 3D printers, police also said they seized three ghost gun frames, three firearms, a small amount of methamphetamine, $1,140 in cash, and drug packaging equipment from the suspect's house. ®


REvil ransomware hits 1,000+ companies in MSP supply-chain attack


By Lawrence Abrams
July 2, 2021



A massive REvil ransomware attack affects multiple managed service providers and over a thousand of their customers through a reported Kaseya supply-chain attack.

Starting this afternoon, the REvil ransomware gang, aka Sodinokibi, targeted MSPs with thousands of customers, through what appears to be a Kaseya VSA supply-chain attack.

At this time, there eight known large MSPs that have been hit as part of this supply-chain attack.



Kaseya VSA is a cloud-based MSP platform that allows providers to perform patch management and client monitoring for their customers.

Huntress Labs' John Hammond has told BleepingComputer that all of the affected MSPs are using Kaseya VSA and that they have proof that their customers are being encrypted as well.


"We are tracking 20 MSPs where Kaseya VSA was used to encrypt over 1,000 business and are working in close collaboration with six of them," Hammond shared in blog post about the attack.

Kaseya issued a security advisory on their help desk site, warning all VSA customers to immediately shut down their VSA server to prevent the attack's spread while investigating.


"We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today.

We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us.

Its critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA."

In a statement to BleepingComputer, Kaseya stated that they have shut down their SaaS servers and are working with other security firms to investigate the incident.

Most large-scale ransomware attacks are conducted late at night over the weekend when there is less staff to monitor the network.

As this attack happened midday on a Friday, the threat actors likely planned the time to coincide with the July 4th weekend in the USA, where it is common for staff to have a shorter workday before the holidays.

If you have first-hand information about this attack or information about affected companies, we would love to hear about it. You can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.
REvil attack spread through auto-update


BleepingComputer has been told by both Huntress' John Hammond and Sophos' Mark Loman that the attacks on MSPs appear to be a supply chain attack through Kaseya VSA.

According to Hammond, Kaseya VSA will drop an agent.crt file to the c:\kworking folder, which is being distributed as an update called 'Kaseya VSA Agent Hot-fix.'

A PowerShell command is then launched that first disables various Microsoft Defender security features, such as real-time monitoring, Controlled Folder Access, script scanning, and network protection.

It will then decode the agent.crt file using the legitimate Windows certutil.exe command to extract an agent.exe file to the same folder, which is then launched to begin the encryption process.

PowerShell command to execute the REvil ransomware
Source: Reddit

The agent.exe is signed using a certificate from "PB03 TRANSPORT LTD" and includes an embedded 'MsMpEng.exe' and 'mpsvc.dll,' with the DLL being the REvil encryptor. When extracted, the 'MsMpEng.exe' and 'mpsvc.dll' are placed in the C:\Windows folder.

Signed agent.exe file

The MsMPEng.exe is an older version of the legitimate Microsoft Defender executable used as a LOLBin to launch the DLL and encrypt the device through a trusted executable.

The agent.exe extracting and launching embedded resources

Some of the samples add politically charged Windows Registry keys and configurations changes to infected computers.

For example, a sample [VirusTotal] installed by BleepingComputer adds the HKLM\SOFTWARE\Wow6432Node\BlackLivesMatter key to store configuration information from the attack.

Advanced Intel's Vitali Kremez told BleepingComputer that another sample configures the device to launch REvil Safe Mode with a default password of 'DTrump4ever.'

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
"DefaultUserName"="[account_name]"
"DefaultPassword"="DTrump4ever"

Kaseya CEO Fred Voccola told BleepingComputer in an email late Friday night that a vulnerability in Kaseya VSA was used during the attack and that a patch will be released as soon as possibly.

"While our investigation is ongoing, to date we believe that:

Our SaaS customers were never at-risk. We expect to restore service to those customers once we have confirmed that they are not at risk, which we expect will be within the next 24 hours;

Only a very small percentage of our customers were affected – currently estimated at fewer than 40 worldwide.

We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it for our on-premises customers that will be tested thoroughly. We will release that patch as quickly as possible to get our customers back up and running." - Kaseya.

BleepingComputer has sent followup questions regarding the vulnerability and was told a comprehensive update would be released Saturday afternoon.

Huntress continues to provide more info about the attack in a Reddit thread and we have added IOCs to the bottom of this article.
Ransomware gang demands a $5 million ransom

A sample of the REvil ransomware used in one of these attacks has been shared with BleepingComputer. However, it is unknown if this is the sample used for every victim or if each MSP received its own ransom demand.

The ransomware gang is demanding a $5,000,000 ransom to receive a decryptor from one of the samples.


Ransom demand

According to Emsisoft CTO Fabian Wosar, MSP customers who were affected by the attack received a much smaller $44,999 ransom demand.

While REvil is known to steal data before deploying the ransomware and encrypting devices, it is unknown if the attackers exfiltrated any files.

MSPs are a high-value target for ransomware gangs as they offer an easy channel to infecting many companies through a single breach, yet the attacks require intimate knowledge about MSPs and the software they use.

REvil has an affiliate well versed in the technology used by MSPs as they have a long history of targeting these companies and the software commonly used by them.

In June 2019, an REvil affiliate targeted MSPs via Remote Desktop and then used their management software to push ransomware installers to all of the endpoints that they manage.

This affiliate is believed to have previously worked with GandCrab, who also successfully conducted attacks against MSPs in January 2019.

This is a developing story and will continue to be updated.

Update 7/1/21 10:30 PM EST: Added updated statement about vulnerability.
Update 7/3/21 5:37 PM EST: Updated title and added information on how over 1,000 businesses have been affected this attack.


 SOON MOUSE-VISION VR

Neurobiology: How mice see the world

LUDWIG-MAXIMILIANS-UNIVERSITÄT MÜNCHEN

Research News

Researchers based in Munich and Tuebingen have developed an open-source camera system that images natural habitats as they appear to rodents.

During the course of evolution, animals have adapted to the particular demands of their local environments in ways that increased their chances of survival and reproduction. This is also true of diverse aspects of the sensory systems that enable species to perceive their surroundings. In the case of the visual system, these adaptations have shaped features such as the positioning of the eyes and the relative acuity of different regions of the retina.

However, our knowledge of the functional evolution of visual systems in mammals has remained relatively sparse. "In the past 10 or 15 years, the mouse has become the favored model for the investigation of the processing of visual information," says Professor Laura Busse of the Department of Biology II at Ludwig-Maximilians-Universitaet (LMU) in Munich. "That's a somewhat surprising development, given that it was previously thought that these rodents primarily sensed the world using their whisker system and smell." However, color vision in mammals is known to have an effect on the ability to find food, evade predators, and choose mating partners.

"It occurred to us that we don't really know how mice perceive their natural environment visually," says Busse, who is a member of the transregional Collaborative Research Center (CRC) 1233  on "Robust Vision". Here, the term "robust" refers the fact that animals (including humans) are able to draw inferences from limited amounts of visual information, even in environments that are constantly changing. Busse decided to close this gap by studying the visual input and the processing of neuronal signals in mice", In collaboration with Professor Thomas Euler of Tuebingen University, the Coordinating University of the CRC.

A camera that captures the mouse's view

Mice are dichromate - in other words, they have two types of cone cells (the photoreceptors that are responsible for color vision) in their retinas. These cells detect electromagnetic radiation in the green and ultraviolet regions of the spectrum, centered on wavelengths of 510 nanometers (nm) and 350 nm, respectively. "We wanted to know what range of color information is available to mice in their natural habitats, and whether the prevalence of these colors can explain the functional characteristics of the neural circuits in the mouse retina," Busse explains.

Together, the teams in Munich and Tuebingen set out to develop an low-cost, open-source camera which, unlike conventional cameras, was specifically designed to cover the spectral regions in the green and ultraviolet to which the mice retina is sensitive. To facilitate its use in the field, the hand-held camera is equipped with a gimbal, which automatically orients the picture frame, thus avoiding sudden, unintentional shifts in perspective.

The researchers used this camera to image the environment as it would appear to a mouse, at different times of the day, in fields that showed clear signs of their presence. "We knew that the upper hemisphere of the mouse retina, with which they can see the sky, is especially sensitive to UV light," says Busse. "The lower half of the mouse retina, which is normally oriented towards the ground, shows a higher sensitivity in the green region. The team confirmed that these two spectral ranges closely match the color statistics of the natural environments that are favored by mouse populations. This adaptation could be a result of evolutionary processes - and for example help the animal to perceive birds of prey in the sky - and take evasive action. Experiments using artificial neural nets that mimic the processing characteristics of cone cells in the mouse retina confirm this conjecture.

###

 Same dance, different species: How natural selection drives common behavior of lizards

A surprising study on the behavior of unrelated lizards demonstrates how evolution can lead to different species learning the same skills

UNIVERSITY OF NEW SOUTH WALES

Research News

A surprising study by UNSW on the behaviour of unrelated lizards in very different parts of the world has demonstrated how evolution can lead to different species learning the same skills.

The study in Ecology Letters documents how the Anolis lizard species in the Caribbean, and the Draco lizard species in Southeast Asia, have solved the challenge of communicating with one another to defend territories and attract mates.

It found males from both species perform elaborate head bob and push up displays, and rapidly extend and retract their often large and conspicuously coloured dewlap, or throat fan, specifically in habitats with lots of wind-blown vegetation or low light.

The lizards occupy the same range of rainforest and grassland habitats, and therefore face the same problems when it comes to communicating to a potential mate or enemy in visually 'noisy' environments.

Remarkably, they have evolved the same strategy to cope with the same selection problems, lead author Dr Terry Ord from the Evolution & Ecology Research Centre at the UNSW School of Biological, Earth and Environmental Sciences says.

According to his research, this scenario of two unrelated lizards displaying similar behaviour shows that natural selection directs evolution towards the same common set of adaptive outcomes over and over again.

"The surprise is that lizards in both groups have evolved remarkably similar displays for communication, but they also tailor the production of those displays according to the prevailing conditions experienced at the time of display," Dr Ord says.

"That is, increasing the speed or the length of time they spend displaying the movements as the viewing conditions deteriorate.

"Really there should be essentially innumerable ways these lizards could have adapted their displays to remain effective, and there is strong evolutionary predictions that would lead us to expect this as well."

Dr Ord says what this study shows is that natural selection driving similarities between different species.

Formally, this is known as convergent evolution -- the independent origin of similar adaptations, he says.

"It seemed that these types of convergent, common adaptations are outcomes that would only really occur among species that are closely-related in some capacity," he says.

"The reason for this is a bit complicated and it rests on the fact that adaptations build on characteristics that a species already possesses."

"So, the longer species have evolved independently of each other, the less likely they would evolve the same adaptive solutions if they were exposed to the same change in the environment."

But what this study highlights, he says, is what many evolutionary ecologists have argued - that natural selection is an extremely powerful process that can override the "baggage" of past history to produce the same adaptations.

"So if arm-waving is the most effective solution to some change in the environment, then natural selection would ultimately lead to its evolution rather than a more subtle (less effective) modification to an existing vocal call," he says.

"Evolutionary biologists are excited about convergent evolution because it gives us multiple examples of the same adaptation evolving time and time again in very different animals.?

"So it tells us what the challenges are faced by these animals and how they have solved it in terms of evolutionary adaptation."

The study documents this independent evolution of common communication strategies amongst groups that have evolved separately from each other for hundreds of millions of years.

Dr Ord says the striking similarities in communication strategies for maintaining an effective communication system in noisy conditions has evolved in various forms in many insects, fish, frogs, birds and mammals.

"For example, increasing the volume of calls when there's lots of acoustic background noise, or extending the length of those calls or even vibrational signals by spiders and such," Dr Ord says .

"The fact that many other groups of animals have also evolved thesesame adaptive strategies is even more extraordinary."

Read the study in Ecology Letters.

 THE LOVE DRUG

UMass Amherst research pinpoints role of dopamine in songbird's brain plasticity

Neurotransmitter shown to be a key driver in sensory processing

UNIVERSITY OF MASSACHUSETTS AMHERST

Research News

IMAGE

IMAGE: LUKE REMAGE-HEALEY IS A PROFESSOR OF PSYCHOLOGICAL AND BRAIN SCIENCES AT UMASS AMHERST. view more 

CREDIT: UMASS AMHERST

Neuroscientists at the University of Massachusetts Amherst have demonstrated in new research that dopamine plays a key role in how songbirds learn complex new sounds.

Published in the Journal of Neuroscience, the finding that dopamine drives plasticity in the auditory pallium of zebra finches lays new groundwork for advancing the understanding of the functions of this neurotransmitter in an area of the brain that encodes complex stimuli.

"People associate dopamine with reward and pleasure," says lead author Matheus Macedo-Lima, who performed the research in the lab of senior author Luke Remage-Healey as a Ph.D. student in UMass Amherst's Neuroscience and Behavior graduate program. "It's a very well-known concept that dopamine is involved in learning. But the knowledge about dopamine in areas related to sensory processing in the brain is limited. We wanted to understand whether dopamine was playing a role in how this brain region learns new sounds or changes with sounds."

Studying vocal learning in songbirds provides insight into how spoken language is learned, adds behavioral neuroscientist Remage-Healey, professor of psychological and brain sciences. "It's not just the songbird that comes up with this strategy of binding sounds and meaning using dopamine. There's something parallel here that we ¬- as humans - are interested in."

The research team conducted a range of experiments in vitro and in vivo, poking neurons under the microscope and in the brains of live birds that were watching videos and hearing sounds. Ultimately, the scientists obtained anatomical, behavioral and physiological evidence to support their hypothesis about the role of dopamine.

Using antibodies, the researchers showed that dopamine receptors are present in many types of neurons in the songbird auditory brain ¬- they can be inhibitory or excitatory and may also contain an enzyme that produces estrogens. "Dr. Remage-Healey's research has shown that in the auditory brain of songbirds of both sexes, neurons produce estrogen in social situations, like when listening to birdsong or seeing another bird. We think that dopamine and estrogens might be working together in the sound learning process, but this work focused on dopamine because there was still so much we didn't know about how dopamine affected the songbird brain," explains Macedo-Lima, now a postdoctoral associate at the University of Maryland.

Macedo-Lima developed a test, similar to the well-known Pavlov's dog experiment, in which the birds sat alone in a chamber and were presented with a random sound followed immediately by a silent video of other birds. "We wanted to focus on the association between a meaningless sound - a tone - and the behaviorally relevant thing, which is another bird on video," he says.

The researchers looked at the birds' auditory brain regions after this sound-video pairing, using a gene marker known to be expressed when a neuron goes through change or plasticity. "We found this very interesting increase in this gene expression in the left hemisphere, the ventral part of the auditory region, in dopamine receptor-expressing neurons, reflecting the learning process, and paralleling human brain lateralization for speech learning," Macedo-Lima says.

To show the effect of dopamine on the basic signaling of neurons, the researchers used a whole cell patch clamp technique, controlling and measuring the currents the neurons received. They found in a dish that dopamine activation decreases inhibition and increases excitation.

"This one modulator is tuning the system in a way that ramps down the stop signals and ramps up the go signals," Remage-Healey explains. "That's a simple yet powerful control mechanism for how animals are potentially encoding sound. It's a neurochemical lever that can change how stimuli are registered and passed on in this part of the brain."

The team then painlessly probed the brain cells of live birds. "What happened when we delivered dopamine was exactly as we were predicting from the whole cell data," Macedo-Lima says. "We saw that inhibitory neurons fired less when we delivered the dopamine agonist, while the excitatory neurons fired more."

The same effect occurred when the birds were played birdsong from other songbirds - the excitatory neurons responded more and the inhibitory neurons responded less when dopamine activation occurred. "We were happy to replicate what we saw in a dish in a live animal listening to actual relevant sounds," Macedo-Lima says.

Dopamine activation also made these neurons unable to adapt to new songs presented to the animal, which strongly corroborates the hypothesis of dopamine's role in sensory learning. "We currently don't know how dopamine affects sensory learning in most animals," Macedo-Lima says, "but this research gives many clues about how this mechanism could work across vertebrates that need to learn complex sounds, such as humans."

###

 

Color and flavor -- pigments play a role in creating tasty tomatoes

Researchers from the University of Tsukuba and the University of Florida show that the pigments that color tomatoes also affect their flavor

UNIVERSITY OF TSUKUBA

Research News

Ibaraki, Japan - The flavor of a tomato is an interaction between its taste and aroma. Now, researchers from Japan and the United States have revealed that the pigments that determine the colors of tomatoes also affect their flavor.

In a study published this month, researchers from University of Tsukuba developed a new method to rapidly measure the pigment profiles of tomatoes and used the technique to explore how pigments affect the taste and aroma of different tomato varieties.

The color of tomatoes is produced by combinations of different types of pigments, including carotenoids and chlorophylls. These pigments can also affect the accumulation of flavor-related compounds such as sugars, which affect the taste of tomatoes, and volatile organic compounds (VOCs), which determine the aroma. As tomato fruits ripen from green to red, the amounts of pigments and flavor-related compounds change but until now the relationship between color and flavor has been unclear.

"Pigments like carotenoids have no taste," says lead author Professor Miyako Kusano, "but they are precursors for compounds called apocarotenoid-VOCs (AC-VOCs) which produce the fruity/floral smell of tomatoes and increase the perception of sweetness--characteristics that appeal to consumers."

Traditional methods for identifying and measuring pigments can be slow, so the researchers developed a simple method to rapidly analyze large numbers of samples. Using the new technique, the team measured the amounts of carotenoids and chlorophylls in 157 different varieties of tomato and then analyzed the flavors of each variety to find the links between pigments and flavor.

The results showed that tomato varieties with an abundance of chlorophyll also had a high sugar content, contributing to a sweet taste. They also found that the carotenoid profiles of the fruit reflected the appearance of the fruit, as well as AC-VOC levels.

"The pigment profile of one of the orange-colored varieties called "Dixie Golden Giant" was particularly interesting," explains Professor Kusano. "It had very high levels of AC-VOCs, but the carotenoid content wasn't that high. We discovered that the pigment prolycopene was abundant in this variety, which explained the high AC-VOC levels."

The carotenoid content of fruit is influenced by growing conditions, like temperature and amount of light. By looking at the pigment profiles and AC-VOC content of fruits in different environments, it may be possible to find ways of improving AC-VOC production, which is good for both consumers and producers.

Given its speed, the new method developed by the team is a powerful tool for analyzing pigment concentrations in large numbers of samples and could also be used for other fruits and vegetables.

###

The article, "High-throughput chlorophyll and carotenoid profiling reveals positive associations with sugar and apocarotenoid volatile content in fruits of tomato varieties in modern and wild accessions," was published in Metabolites at DOI: 10.3390/metabo11060398.

This work was funded by the "Sustainable Food Security Research Project" in the form of an operational grant from the National University Corporation and The Yanmar Environmental Sustainability Support Association, Japan. This work was also supported by the JSPS KAKENHI Grant Number 19K05711 and by a grant from the National Science Foundation (IOS 1855585). The authors declare no competing interests.

 

Solving a long-standing mystery about the desert's rock art canvas

DOE/SLAC NATIONAL ACCELERATOR LABORATORY

Research News

Wander around a desert most anywhere in the world, and eventually you'll notice dark-stained rocks, especially where the sun shines most brightly and water trickles down or dew gathers. In some spots, if you're lucky, you might stumble upon ancient art - petroglyphs - carved into the stain. For years, however, researchers have understood more about the petroglyphs than the mysterious dark stain, called rock varnish, in which they were drawn.

In particular, science has yet to come to a conclusion about where rock varnish, which is unusually rich in manganese, comes from.

Now, scientists at the California Institute of Technology, the Department of Energy's SLAC National Accelerator Laboratory and elsewhere think they have an answer. According to a recent paper in Proceedings of the National Academy of Sciences, rock varnish is left behind by microbial communities that use manganese to defend against the punishing desert sun.

The mystery of rock varnish is old, said Usha Lingappa, a graduate student at Caltech and the study's lead author. "Charles Darwin wrote about it, Alexander von Humboldt wrote about it," she said, and there is a long-standing debate about whether it has a biological or inorganic origin.

But, Lingappa said, she and her colleagues didn't actually set out to understand where rock varnish comes from. Instead, they were interested in how microbial ecosystems in the desert interact with rock varnish. To do so, they deployed as many techniques as they could come up with: DNA sequencing, mineralogical analyses, electron microscopy, and - aided by Stanford Synchroton Radiation Lightsource (SSRL) scientist Samuel Webb - advanced X-ray spectroscopy methods that could map different kinds of manganese and other elements within samples of rock varnish.

"By combining these different perspectives, maybe we could draw a picture of this ecosystem and understand it in new ways," Lingappa said. "That's where we started, and then we just stumbled into this hypothesis" for rock varnish formation.

Among the team's key observations was that, while manganese in desert dust is usually in particle form, it was deposited in more continuous layers in varnish, a fact revealed by X-ray spectroscopy methods at SSRL that can tell not only what chemical compounds make up a sample but also how they are distributed, on a microscopic scale, throughout the sample.

That same analysis showed that the kinds of manganese compounds in varnish were the result of ongoing chemical cycles, rather than being left out in the sun for millennia. That information, combined with the prevalence of bacteria called Chroococcidiopsis that use manganese to combat the oxidative effects of the harsh desert sun, led Lingappa and her team to conclude that rock varnish was left behind by those bacteria.

For his part, Webb said that he always enjoys a manganese project - "I've been a mangaphile for a while now" - and that this project arrived at the perfect time, given advances in X-ray spectroscopy at SSRL. Improvements in X-ray beam size allowed the researchers to get a finer-grained picture of rock varnish, he said, and other improvements ensured that they could get a good look at their samples without the risk of damaging them. "We're always tinkering and fine-tuning things, and I think it was the right time for a project that maybe 5 or 10 years ago wouldn't really have been feasible."

###

The research was supported by the National Science Foundation, the National Institutes of Health and the National Aeronautics and Space Administration. SSRL is a DOE Office of Science user facility.

Citation: Usha F. Lingappa et al., Proceedings of the National Academy of Sciences, 22 June 2021 (10.1073/pnas.2025188118)

1541 NORTH AMERICAN HISTORY OF INVASION

After routing de Soto, Chickasaws repurposed Spanish objects for everyday use

FLORIDA MUSEUM OF NATURAL HISTORY

Research News

IMAGE

IMAGE: FLORIDA MUSEUM ARCHAEOLOGIST CHARLES COBB HOLDS AN AXE HEAD KNOWN AS A CELT, ONE OF MORE THAN 80 METAL OBJECTS LIKELY FROM THE DE SOTO EXPEDITION. TO CREATE THIS DISTINCT... view more 

CREDIT: JEFF GAGE/FLORIDA MUSEUM OF NATURAL HISTORY

GAINESVILLE, Fla. --- Archaeologists have unearthed a rare trove of more than 80 metal objects in Mississippi thought to be from Hernando de Soto's 16th-century expedition through the Southeast. Many of the objects were repurposed by the resident Chickasaws as household tools and ornaments, an unusual practice at a time when European goods in North America were few and often reserved for leaders.

The researchers believe Spaniards left the objects behind while fleeing a Chickasaw attack that followed frayed relations between the two groups in 1541. The victors took advantage of the windfall of spoils - axe heads, blades, nails and other items made of iron, lead and copper alloy - modifying many of them to suit local uses and tastes. Chickasaw craftspeople turned pieces of Spanish horseshoes into scrapers, barrel bands into cutting tools and bits of copper into jingling pendants.

The sheer abundance of objects from the site, an area of northeastern Mississippi known as Stark Farms, is one of the factors that makes the find unique, said Charles Cobb, the study's lead author and Florida Museum of Natural History Lockwood Chair in Historical Archaeology.

"Typically, we might find a handful of European objects in connection with a high-status person or some other special context," Cobb said. "But this must have been more of an open season - a pulse of goods that became widely available for a short period of time."

If the researchers' diagnosis is correct, Stark Farms is only the second place to yield convincing archaeological evidence of direct contact with de Soto's expedition, after the historic site of the Apalachee capital of Anhaica in present-day Tallahassee, Cobb said.

'Unconquered and unconquerable'

By the time de Soto arrived in Mississippi in 1540, the conquistador had trekked through the Southeast for more than a year with about 600 people, hundreds of horses and pigs and heavy equipment in tow. A shrewd man with a reputation for bloodshed, de Soto was previously a key figure in the Spanish destruction of the Inca Empire in South America and came to Florida with an eye to further increase his wealth. Finding little gold, he pressed deeper into the interior, alternately befriending and warring with the Native Americans he encountered.

The Spaniards began on a friendly, if aloof, footing with the Chickasaws, whose leader, known as Chikasha Minko, gave them a modest village in which to spend the winter. But tensions rose as the months dragged on: De Soto executed two Chickasaws and cut off the hands of another accused of stealing pigs. The Chickasaws, who farmed maize in the region's rich prairie soil, also must have grown tired of providing food and shelter for such a large encampment of uninvited guests, Cobb said.

With spring drawing near, de Soto demanded that Chikasha Minko provide him with hundreds of Chickasaws to carry the Spaniards' equipment to their next destination. According to Spanish accounts of the expedition, the conversation did not go well.

Shortly afterwards, the Chickasaws launched a surprise attack under the cover of night, torching the Spanish camp and killing at least a dozen men, as well as many horses and pigs. The retreating Spaniards set up another camp about a mile away, where they were assaulted a second time. Better prepared, they fought back, but soon picked up and headed north, having lost much of their livestock, clothing and goods.

Meanwhile, the Chickasaws collected from the battlefield dozens of prized metal objects, usually reserved by the Europeans for strategic trades or as gifts to smooth relationships with local leaders.

"It's kind of like inflation," Cobb said. "You don't want too much stuff to get out or that gift will be devalued. That's what makes this site unusual."

After the Chickasaws sent the Spanish packing, the region remained largely free of European presence for nearly 150 years.

"This research shows how Chickasaws adapted to invasion by alien intruders and secured their reputation as unconquered and unconquerable," said study co-author Brad Lieb, director of Chickasaw archaeology for the Chickasaw Nation's Heritage Preservation Division. "The findings are remarkable in their success in addressing a baseline event in Chickasaw cultural history - the first encounter with Hernando de Soto and the Spanish invaders."



CAPTION

Chickasaws worked Spanish metal into tools and ornaments that reflected local uses and tastes, such as these brass pendants. If the researchers' diagnosis is correct, Stark Farms, Mississippi is only the second place to yield convincing archaeological evidence of direct contact with de Soto's expedition.

CREDIT

Jeff Gage/Florida Museum of Natural History


CAPTION

Europeans rarely traded or gifted military items. The presence of objects such as this palm-sized cannonball, lead shot and a ramrod tip at Stark Farms is one reason Cobb and his colleagues believe many of the items were spoils collected after the 1541 battle between the Spaniards and Chickasaws.

CREDIT

Jeff Gage/Florida Museum of Natural History

History confirmed by metal detectors

When Cobb, Lieb and their colleagues first arrived at Stark Farms in 2015, they weren't just looking for traces of de Soto. The Chickasaw Nation, removed from its traditional homeland to Oklahoma by the U.S. Department of War in 1837, had commissioned the team to identify and preserve ancestral sites and provide Chickasaw university students the opportunity to reconnect with their heritage through an archaeology fieldwork program.

The team focused on studying the environmental factors in the movements of Native Americans across the landscape, where radiocarbon dates showed people had lived since the 14th or 15th century. Curious about early residents' potential interactions with outsiders, the researchers brought metal detectors, a speedy way of finding objects of European origin. The first day they deployed the detectors, the machines began pinging. Soon, the team was uncovering dozens of items, including a small cannon ball, a mouth harp and what could be a Spanish bridle bit, emblazoned with a golden cross.

"We couldn't believe it," Cobb said. "There was a lot of serendipity for sure."

The style and type of objects, as well as their location, aligned with Spanish accounts of the de Soto expedition and the 1541 battle at Chikasha, the main Chickasaw town. But the researchers found no evidence of a burned village or the remains of horses and pigs. Cobb said the site was likely a village near Chikasha, whose inhabitants visited the site of the conflict and brought items back to their households. They may also have acquired some of the objects during the previous winter through under-the-table trading with Spanish soldiers.

The Chickasaws generally relied on bone, cane or stone as raw materials for their cutting and scraping tools, making the haul of metal a particular boon. While some of the objects retain their original form, the Chickasaws painstakingly reworked others into more familiar shapes. They bent metal back and forth until it broke and ground down and smoothed edges, modifying tools to mimic the design of their traditional Chickasaw counterparts.

"One of the most stunning things we've found is an exact iron replica of a Native American stone celt, or axe head," Cobb said. "I've never seen anything like this in the Southeast before."

Among the more sobering finds were chain links, pulled apart with sharpened edges. "The Spanish brought reams of chain with them to shackle Native Americans as captives and porters," Cobb said. "This is evidence of some of the first examples of European enslavement of people in what is now the U.S."

The refashioned items from Stark Farms represent a stage of Native American experimentation and improvisation with foreign items that largely faded by the late 1700s and 1800s, as they folded European materials and technology more completely into their own.

"In the 1500s, a thimble might be turned into a bangle. By the late 1700s, a thimble is a thimble," Cobb said. "You tend to see a more regular adoption of goods over time."

Spanish survivors did their own repurposing

De Soto failed to establish any permanent settlements in the Southeast, joining a line of ill-fated expeditions that demonstrated the precariousness of Europeans' early attempts to dominate the region. He succumbed to a fever on the banks of the Mississippi River in 1542, and his remaining band of men made rafts and floated south to Mexico where they found passage back to Spain.

There, they undertook a repurposing effort of their own: Having failed to find fame and fortune in the Americas, they sold their stories, many of which became bestselling books, Cobb said.

"There was a thriving industry in explorer and survival tales, which is probably one of the reasons why some of these individuals provided their accounts. From that perspective, it was very modern."

The objects will be repatriated to the Chickasaw Nation for permanent curation and exhibits.

###

James Legg, Steven Smith and Chester DePratter of the South Carolina Institute of Archaeology and Anthropology and Edmond Boudreaux of the University of Mississippi also co-authored the study. The Chickasaw Nation reviewed the study for consistency with its histories.

The Chickasaw Nation and its Chickasaw Explorers Program co-led and funded the research. Portions of the fieldwork were also funded by the National Geographic Society.

 

A globally important microbial process hidden on marine particles

UNIVERSITY OF COPENHAGEN - FACULTY OF SCIENCE

Research News

How on Earth?

It has puzzled scientists for years whether and how bacteria, that live from dissolved organic matter in marine waters, can carry out N2 fixation. It was assumed that the high levels of oxygen combined with the low amount of dissolved organic matter in the marine water column would prevent the anaerobic and energy consuming N2 fixation.

Already in the 1980s it was suggested that aggregates, so-called "marine snow particles", could possibly be suitable sites for N2 fixation, but this was never proven.

Until now..

In a new study, researchers from the University of Copenhagen demonstrate, by use of mathematical models, that microbial fixation of nitrogen can take place on these aggregates of live and dead organisms in the marine plankton. The study has just been published in the prestigious Nature Communications.

Marine snow

Marine snow consists of debris from diverse organisms in the water column.

Picture shows marine snow from the Sargasso Sea. Photo: L. Riemann

-- "Our work took almost two years, but it was definitely worth the effort, since the results are quite a breakthrough. In close collaboration with our research collaborators at the Center for Ocean Life at DTU Aqua and in the USA, we managed to create a model mimicking conditions on marine snow particles. With this model, we show that a marine particle can become densely colonized by bacteria. This growth of bacteria causes extensive respiration leading to low oxygen concentrations on the particle, which ultimately allows for the anaerobic process of N2 fixation", explains first-author and postdoc at the Department of Biology, University of Copenhagen, Subhendu Chakraborty.

With their model the researchers could also show the depth distribution of N2 fixation in the marine water column. They found, that among other things, the N2 fixation is dependent on the size, density and sinking speed of the marine snow particles. Moreover, they demonstrated that their modelled rates were comparable to actual rates measured in marine waters.

Marine water sampler

Marine water samples are often taken with bottles attached to a so-called rosette, as seen here. Photo: L.asse Riemann

-- "This comparison gave us confidence in the model", says corresponding author Lasse Riemann, Professor at the Department of Biology. He continues: "We are very proud of our study, because it provides the first explanation of how marine-snow-associated N2 fixation can take place. Furthermore, the results indicate that this process is important for the global marine nitrogen cycling and thereby for plankton growth and productivity".

The researchers hope their study will inspire future work on microbial life on marine particles, due to its seemingly pivotal role in the cycling of many nutrients in the ocean.

###