A new policing system is being developed that will send autonomous drones equipped with shot-locating technology to the source of gunshots. "By analyzing the live video from its onboard camera, police officers can then gain a better sense of the situation they're heading into," reports New Atlas. From the report: Already in use in over 120 cities in the US, South Africa and the Caribbean, the American ShotSpotter system utilizes a network of microphones within a neighborhood to detect "loud, impulsive sounds." Whenever such a sound is detected, its geographical originating point can be triangulated by analyzing the millisecond differences in the times at which it was picked up by the different microphones -- the closer a mic was to the gun, the earlier it will have detected the sound of that gun firing. That said, a combination of AI software and human staff (at a control center) is used to determine if the sound is indeed gunfire.

In the existing version of the system, police are quickly dispatched to the location. If they're using ground transportation, however, it may take a while for them to get there. And even if the police department has a helicopter, performing pre-flight checks, etc will still take some time -- assuming the aircraft isn't already in the air on patrol, that is. With these potential limitations in mind, Israeli drone manufacturer Airobotics has teamed up with ShotSpotter to add autonomous drones to the mix. In the new version of the setup, police will still be dispatched, but so will the closest system-specific drone. That aircraft will be in the air within seconds, immediately flying to the source of the gunshots. By analyzing the live video from its onboard camera, police officers can then gain a better sense of the situation they're heading into.

Researchers say a second family of ransomware has been growing in usage for attack attempts that exploit the critical vulnerability in Apache Log4j, including in the U.S. and Europe. VentureBeat reports: A number of researchers, including at cybersecurity giant Sophos, have now said they've observed the attempted deployment of a ransomware family known as TellYouThePass. Researchers have described TellYouThePass as an older and largely inactive ransomware family -- which has been revived following the discovery of the vulnerability in the widely used Log4j logging software. TellYouThePass is the second family of ransomware that's been observed to exploit the vulnerability in Log4j, known as Log4Shell, joining the Khonsari ransomware, according to researchers.

While previous reports indicated that TellYouThePass was mainly being directed against targets in China, researchers at Sophos told VentureBeat that they've observed the attempted delivery of TellYouThePass ransomware both inside and outside of China -- including in the U.S. and Europe. "Systems in China were targeted, as well as some hosted in Amazon and Google cloud services in the U.S. and at several sites in Europe," said Sean Gallagher, a senior threat researcher at Sophos Labs, in an email to VentureBeat on Tuesday. Sophos detected attempts to deliver TellYouThePass payloads by utilizing the Log4j vulnerability on December 17 and December 18, Gallagher said. TellYouThePass has versions that run on either Linux or Windows, "and has a history of exploiting high-profile vulnerabilities like EternalBlue," said Andrew Brandt, a threat researcher at Sophos, in an email. The Linux version is capable of stealing Secure Socket Shell (SSH) keys and can perform lateral movement, Brandt said. Sophos initially disclosed its detection of TellYouThePass ransomware in a December 20 blog post.

The first report of TellYouThePass ransomware exploiting the Log4j vulnerability appears to have come from the head of Chinese cybersecurity group KnownSec 404 Team on December 12. The attempted deployment of TellYouThePass in conjunction with Log4Shell was subsequently confirmed by additional researchers, according to researcher community Curated Intelligence. In a blog post Tuesday, Curated Intelligence said its members can now confirm that TellYouThePass has been seen exploiting the vulnerability "in the wild to target both Windows and Linux systems." TellYouThePass had most recently been observed in July 2020, Curated Intelligence said. It joins Khonsari, a new family of ransomware identified in connection with exploits of the Log4j vulnerability.

Luke Plunkett writes via Kotaku: Justin Kan, a co-founder of Twitch and the dude Justin.TV was named for, last week decided to launch a site called Fractal. It was to be a 'marketplace' where in-game items could be bought and sold as NFTs. Later, in Fractal's Discord server, a link appeared advertising a drop of 3,333 NFTs. You may have guessed what happened next. As Twitch reporter Zach Bussey has detailed, the message, which appeared legit since it was coming from inside the house, had actually been posted by someone gaining access to Fractal's Discord bot, pointing towards 'Fractai', not Fractal. The scammers managed to "sell" 3,294 NFTs before the plug was pulled. There were of course no actual NFTs being sold at all, just money being straight up stolen -- over $150,000 -- though you'd be forgiven for wondering what the difference is.

In response, the Fractal team issued a statement acknowledging the breach, along with a promise they are "going to make this right." [...] ractal say they are "planning to fully compensate these 373 victims," before adding the extraordinary warning, "We must use our best judgement as there's no 'undo button' in crypto," making the entire post read like a textbook example of showcasing why this is such a shitty space. Meanwhile, Kan issued a short video statement of his own, alongside warnings that this Discord scam had been perpetrated on other NFT communities as well.

An anonymous reader quotes a report from Gizmodo: A new report released by Ookla placed the U.S. at the very top of a list of 40 countries in terms of 5G availability. To determine this, Ookla tested to see what percent of users with 5G devices spent the majority of their time actually on 5G during Q3. Under that criteria, the U.S. ranked number one with 49.2% availability. But hold on, don't whip out your red, white, and blue foam finger just yet, it's not all good news. The actual download and upload speeds (in other words, the whole point) of 5G networks still vary significantly by country according to the report. Though the U.S. ranked first in availability, its actual download speeds were amongst the worst of early 5G adopter nations. Ookla placed median 5G download speeds at 93.73 Mbps in the US, far lower than the UK's 184.2 Mbps median and far lower still than South Korea, which led the pack at 492.48 Mbps. The U.S. placed around the same relative position for upload speeds as well. And while U.S. wireless customers can take some solace knowing they're on the top of the availability list, the list itself is unimpressive as a whole, especially in relation to the types of coverage necessary for 5G's most ambitious promises.

AltMachine writes: "Chinese regulators on Wednesday suspended an information-sharing partnership with Alibaba Cloud Computing, a subsidiary of e-commerce conglomerate Alibaba Group, over accusations it failed to promptly report and address [the Log4Shell vulnerability]," reports Reuters, citing state-backed media reports. Alibaba Cloud recently discovered a major remote code execution vulnerability in the Apache Log4j2 component, notifying the U.S.-based Apache Software Foundation, but did not immediately report it to Ministry of Industry and Information Technology (MIIT,) China's telecommunications regulator.

MIIT said it then received a report from a third party about the issue (days after), rather than from Alibaba Cloud. "In response, MIIT suspended a cooperative partnership with the cloud unit regarding cybersecurity threats and information-sharing platforms, to be reassessed in six months and revived depending on the company's internal reforms," reports Reuters. According to Chinese laws, companies must report new vulnerabilities within 48 hours.

Microsoft has notified earlier this month a select group of Azure customers impacted by a recently discovered bug that exposed the source code of their Azure web apps since at least September 2017. The vulnerability was discovered by cloud security firm Wiz and reported to Microsoft in September. The issue was fixed in November, and Microsoft has spent the last few weeks investigating how many customers were impacted. The Record reports: The issue, nicknamed NotLegit, resides in Azure App Service, a feature of the Azure cloud that allows customers to deploy websites and web apps from a source code repository. Wiz researchers said that in situations where Azure customers selected the "Local Git" option to deploy their websites from a Git repository hosted on the same Azure server, the source code was also exposed online.

All PHP, Node, Ruby, and Python applications deployed via this method were impacted, Microsoft said in a blog post today. Only apps deployed on Linux-based Azure servers were impacted, but not those hosted on Windows Server systems. Apps deployed as far back as 2013 were impacted, although the exposure began in September 2017, when the vulnerability was introduced in Azure's systems, the Wiz team said in a report today. [...] The most dangerous exposure scenarios are situations where the exposed source code contained a .git configuration file that, itself, contained passwords and access tokens for other customer systems, such as databases and APIs.

An anonymous reader quotes a report from the Associated Press: Intel has told workers that unvaccinated people who don't get an exemption for religious or medical reasons will be on unpaid leave beginning in April. The California-based semiconductor company told employees last month they had a Jan. 4 deadline to be vaccinated against COVID-19 or seek an exemption, citing a government mandate for federal contractors.

In a Dec. 7 memo to employees, Chief People Officer Christy Pambianchi told employees the Jan. 4 vaccine deadline remains in place. She wrote that employees who aren't vaccinated must seek a medical or religious accommodation and submit to weekly testing, regardless of whether they are still working remotely. Intel will review employees' exemption requests until March 15. Pambianchi said employees who don't receive an exemption will begin unpaid leave on April 4 for at least three months but "will not be terminated." She said Intel will continue providing health care benefits to unvaccinated employees on leave.

Germany is set to close almost half of its nuclear power capacity before the end of the year, putting further strain on European grids already coping with one of the worst energy crunches in the region's history. From a report: The shutdowns of Grohnde, Gundremmingen C and Brokdorf -- part of the country's nuclear phaseout -- will leave just three atomic plants, which will be taken offline by the end of 2022. Beyond the squeeze on supply, the closures remove a key source of low-carbon power in a nation where emissions are on the rise. After the 2011 Fukushima disaster, Germany vowed to ditch all of its reactors. At the time, the country was a leader in renewables, but the phaseout has left it more reliant on coal and lignite for electricity generation. The nation fell behind in the net-zero race after making major concessions to the coal lobby, to protesters against wind farms and to manufacturers, particularly carmakers.

"From a pure emissions perspective, it was always a questionable idea to shut down German nuclear before the plants have reached the end of their lifetime," said Hanns Koenig, head of commissioned projects at Aurora Energy Research. "It was always clear that the nuclear phaseout would need coal and gas plants to run more and therefore cause substantial extra emissions." Atomic plants are designed to generate power around the clock, providing valuable backup when the wind doesn't blow or the sun doesn't shine. While the shutdowns have been known about for years and are unlikely to cause a spike in prices, the removal of 4 gigawatts of baseload output highlights a dwindling reserve of buffer capacity in Germany. It's one reason why prices are higher next year: electricity for delivery in 2022 has jumped more than fivefold this year.

South Africa's huge wave of omicron cases appears to be subsiding just as quickly as it grew in the weeks after the country first announced to the world that a new coronavirus variant had been identified. From a report: South Africa's top infectious-disease scientist, who has been leading the countryâ(TM)s pandemic response, said Wednesday that the country had rapidly passed the peak of new omicron cases and, judging by preliminary evidence, he expected "every other country, or almost every other, to follow the same trajectory."

"If previous variants caused waves shaped like Kilimanjaro, omicron's is more like we were scaling the North Face of Everest," Salim Abdool Karim said in an interview, referring to the near-vertical increase in infections that South Africa recorded in the first weeks of December. "Now we're going down, right back down, the South Face -- and that is the way we think it may work with a variant like omicron, and perhaps even more broadly what we'll see with subsequent variants at this stage of the pandemic," he said. Just a week ago, South Africa was seeing skyrocketing positivity rates and massive lines for testing. But during the first days of this week, there has been a turnaround in rates and stress on testing facilities. In addressing the surge of infections, South Africa had decided not to impose a lockdown or other major restrictions, although many countries, including the United States, imposed restrictions on travelers originating in South Africa and neighboring countries.

Kim Jong Un marked a decade as supreme leader of North Korea in December. Whether he can hold on to power for another 10 years may depend on state hackers, whose cybercrimes finance his nuclear arms program and prop up the economy. From a report: According to the U.S. Cybersecurity & Infrastructure Security Agency, North Korea's state-backed "malicious cyberactivities" target banks around the world, steal defense secrets, extort money through ransomware, hijack digitally mined currency, and launder ill-gotten gains through cryptocurrency exchanges. Kim's regime has already taken in as much as $2.3 billion through cybercrimes and is geared to rake in even more, U.S. and United Nations investigators have said. The cybercrimes have provided a lifeline for the struggling North Korean economy, which has been hobbled by sanctions. Kim has shown little interest in returning to negotiations that could lead to a lifting of sanctions if North Korea winds down its nuclear arms program.

Money from cybercrimes represents about 8% of North Korea's estimated economy in 2020, which is smaller than when Kim took power, according to the Bank of Korea in Seoul. (The bank for years has provided the best available accounting on the economic activity of the secretive state.) Kim's decision to shut borders because of Covid-19 suspended the little legal trade North Korea had and helped send the economy into its biggest contraction in more than two decades. Kim's regime has two means of evading global sanctions, which were imposed to punish it for nuclear and ballistic missile tests. One is the ship-to-ship transfer of commodities such as coal: A North Korean vessel will shift its cargo to another vessel, or the other way around, and both vessels typically try to cloak their identity. The other is the cyberarmy. Its documented cybercrimes include attempts to steal $2 billion from the Swift (Society for Worldwide Interbank Financial Telecommunication) system of financial transactions. North Korea has also illegally accessed military technology that could be used for financial gain, according to a UN Security Council panel charged with investigating sanctions-dodging by the government.

The US Food and Drug Administration on Wednesday authorized Pfizer's antiviral pill, Paxlovid, to treat Covid-19. From a report: This is the first antiviral Covid-19 pill authorized for ill people to take at home, before they get sick enough to be hospitalized. High-risk individuals age 12 and older who weigh at least 88 pounds and have a positive SARS-CoV-2 test are eligible for this treatment and will need to have it prescribed by a doctor. The pill "should be initiated as soon as possible after diagnosis of Covid-19 and within five days of symptom onset," according to an FDA statement. Paxlovid combines a new antiviral drug named nirmatrelvir and an older one called ritonavir and is administered as three pills given twice a day for five days.

A jury found the Harvard chemist Charles Lieber guilty of lying to the federal government about his participation in China's Thousand Talents recruitment program. From a report: Charles Lieber, one of the country's top research chemists, sat miserably in a chair at the Harvard Police Department, trying to explain to two F.B.I. agents why he had agreed to partner with a lesser-known Chinese university in a relationship that had soured and landed him in trouble with the U.S. government. The university had money to spend -- "that's one of the things China uses to try to seduce people," Dr. Lieber said in the interrogation, clips of which were shown in court. But money wasn't the reason, he said. By training young scientists in the use of technology he had pioneered, he hoped to burnish his credentials with the committee that decides the ultimate scientific honor.

"This is embarrassing," he said. "Every scientist wants to win a Nobel Prize." On Tuesday, after deliberating for two hours and 45 minutes, a federal jury found Dr. Lieber guilty of two counts of making false statements to the U.S. government about whether he participated in Thousand Talents Plan, a program designed by the Chinese government to attract foreign-educated scientists to China. They also found him guilty of failing to declare income earned in China and failing to report a Chinese bank account.

Intel is facing criticism in China after it asked suppliers not to use Xinjiang labor or products, threatening to ensnare the U.S. chipmaker in a dispute over human rights in the far western Chinese region. From a report: Users on the Twitter-like Weibo service this week posted a letter sent by Intel in December that said it is required to ensure its supply chain didn't employ labor or procure goods and services sourced in Xinjiang. The nationalist news site Guancha accused the chipmaker of siding with Western governments, which have imposed restrictions on products from the region. A hashtag on the topic has generated more than 250 million views on Weibo.

From Mount Everest to the Mariana Trench, microplastics are everywhere -- even high in the Earth's troposphere where wind speeds allow them to travel vast distances, a new study has found. From a report: Microplastics are tiny fragments -- measuring less than 5mm -- that come from packaging, clothing, vehicles and other sources and have been detected on land, in water and in the air. Scientists from the French national research institute CNRS sampled air 2,877 metres above sea level at the Pic du Midi Observatory in the French Pyrenees, a so-called "clean station" because of the limited influence exerted on it by the local climate and environment. There they tested 10,000 cubic metres of air a week between June and October of 2017 and found all samples contained microplastics.

Using weather data, they calculated the trajectories of different air masses preceding each sample and discovered sources as far away as north Africa and North America. The study's main author, Steve Allen of Dalhousie University in Canada, told AFP that the particles were able to travel such distances because they were able to reach great altitudes. "Once it hits the troposphere, it's like a superfast highway," he said. The research also points to microplastic sources in the Mediterranean Sea and the Atlantic Ocean.

Seoul is reining in tech giants Kakao and Naver to save small business -- but it might be too little, too late. From a report: South Korea has left hard cash in the dust. The country is a virtually friction-free, digital payments dream, where just a fraction of purchases are done in notes and coins. Park Se-hwa's bookstore, on a commercial street in Seoul, is a holdout. Inside the narrow door, a sign reads: "The best way to support the bookstore is to pay cash." She bristles every time she processes a purchase by card, since it means she has to pay a fee to the bank, taking a slice out of the already thin income she brings in from book sales. Park refuses, on principle, to use payments services from local tech giants like KakaoPay or Naver Pay. She won't build a platform on Amazon, the e-commerce behemoth that built itself up by reinventing the publishing world. "Those big companies are the public enemy of booksellers," she said. Park, 31, has operated her bookstore for a little more than a year. Her first vocation out of college was in the national Air Force, working seven-hour shifts monitoring radar for signs of North Korean missile launches. She started again as an entrepreneur after spending years in a series of unfulfilling jobs, like an increasing number of young, educated Koreans.

With South Koreans' buying activity moving almost entirely online, and the margins of small businesses contracting, she worries that the texture is disappearing from Seoul's streets. "If you look in any new area, it's always just chain stores that open, the same corporate convenience stores and coffee shops. Independent stores can't compete with them," she told Rest of World. Park may seem an anomaly, but she isn't. Her fears reverberate as high up as South Korea's lawmakers and its steely antitrust commission, who have spent this year attempting to rein in the country's vastly powerful tech giants. Kakao and Naver, both multibillion-dollar, publicly-traded empires, are the main targets: They have rapidly expanded their tentacles into South Koreans' digital lives in a way that uncomfortably mirrors the country's previous generation of conglomerates, like Samsung and LG. The government worries that their growth is coming at the sacrifice of the country's small businesses, who they say are being crushed with fees and impossibly high levels of online competition. Over the second half of this year, the battle with regulators has intensified. Both Naver and Kakao recently backpedalled on plans to expand their fintech services when the Financial Services Commission abruptly tightened standards. As the companies' jitters mounted, KakaoPay twice delayed its plans for a stock debut, infecting potential investors with concern. A total of eight different bills, proposed by lawmakers from both main parties, are pending in the legislature. They look to impose stricter standards on what kinds of fees online platforms can charge users, how much they can charge advertisers, and other measures intended to rein in their growth.