Hackers Have Found an Entirely New Way To Backdoor Into Microsoft Windows

A university in Taiwan was breached with “a previously unseen backdoor (Backdoor.Msupedge) utilizing an infrequently seen technique,” Symantec reports.

The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic… The code for the DNS tunneling tool is based on the publicly available dnscat2 tool. It receives commands by performing name resolution… Msupedge not only receives commands via DNS traffic but also uses the resolved IP address of the C&C server (ctl.msedeapi[.]net) as a command. The third octet of the resolved IP address is a switch case. The behavior of the backdoor will change based on the value of the third octet of the resolved IP address minus seven…

The initial intrusion was likely through the exploit of a recently patched PHP vulnerability (CVE-2024-4577). The vulnerability is a CGI argument injection flaw affecting all versions of PHP installed on the Windows operating system. Successful exploitation of the vulnerability can lead to remote code execution.
Symantec has seen multiple threat actors scanning for vulnerable systems in recent weeks. To date, we have found no evidence allowing us to attribute this threat and the motive behind the attack remains unknown.

More from The Record:
Compared to more obvious methods like HTTP or HTTPS tunneling, this technique can be harder to detect because DNS traffic is generally considered benign and is often overlooked by security tools.
Earlier in June, researchers discovered a campaign by suspected Chinese state-sponsored hackers, known as RedJuliett, targeting dozens of organizations in Taiwan, including universities, state agencies, electronics manufacturers, and religious organizations. Like many other Chinese threat actors, the group likely targeted vulnerabilities in internet-facing devices such as firewalls and enterprise VPNs for initial access because these devices often have limited visibility and security solutions, researchers said.
Additional coverage at The Hacker News.

Thanks to Slashdot reader joshuark for sharing the article.

Read more of this story at Slashdot.

A Revolutionary Quantum Compass Could Soon Make GPS-Free Navigation a Reality

America’s Department of Energy has three R&D labs, according to Wikipedia, one of which is Sandia National Labs. And that New Mexico-based lab has just announced that “A milestone in quantum sensing is drawing closer, promising exquisitely accurate, GPS-free navigation.” with research into “a motion sensor so precise it could minimize the nation’s reliance on global positioning satellites.”

Until recently, such a sensor — a thousand times more sensitive than today’s navigation-grade devices — would have filled a moving truck. But advancements are dramatically shrinking the size and cost of this technology. For the first time, researchers from Sandia National Laboratories have used silicon photonic microchip components to perform a quantum sensing technique called atom interferometry, an ultra-precise way of measuring acceleration. It is the latest milestone toward developing a kind of quantum compass for navigation when GPS signals are unavailable. The team published its findings and introduced a new high-performance silicon photonic modulator — a device that controls light on a microchip — as the cover story in the journal Science Advances… The new modulator is the centerpiece of a laser system on a microchip. Rugged enough to handle heavy vibrations, it would replace a conventional laser system typically the size of a refrigerator…

Besides size, cost has been a major obstacle to deploying quantum navigation devices. Every atom interferometer needs a laser system, and laser systems need modulators. “Just one full-size single-sideband modulator, a commercially available one, is more than $10,000,” said Sandia scientist Jongmin Lee. Miniaturizing bulky, expensive components into silicon photonic chips helps drive down these costs. “We can make hundreds of modulators on a single 8-inch wafer and even more on a 12-inch wafer,” Kodigala said. And since they can be manufactured using the same process as virtually all computer chips, “This sophisticated four-channel component, including additional custom features, can be mass-produced at a much lower cost compared to today’s commercial alternatives, enabling the production of quantum inertial measurement units at a reduced cost,” Lee said.

As the technology gets closer to field deployment, the team is exploring other uses beyond navigation. Researchers are investigating whether it could help locate underground cavities and resources by detecting the tiny changes these make to Earth’s gravitational force. They also see potential for the optical components they invented, including the modulator, in LIDAR, quantum computing, and optical communications.

Thanks to Slashdot reader schwit1 for sharing the news.

Read more of this story at Slashdot.

Netflix Shares First Six Minutes of New Anime Series ‘Terminator Zero’

“It’s going to be violent,” warns the creator of Terminator Zero, an eight-episode anime series premiering Thursday August 29th on Netflix. “It’s going to be dark, it’s going to be horrific, and it’s going to be arresting.”

And the Netflix blog has now shared the first six minutes online:

In the world of Terminator, the future is never set, yet some things are guaranteed: The Terminator is still a cyborg that feels no remorse, pity, or fear. The anime series TERMINATOR ZERO, landing on Netflix on Aug. 29 — known to fans as Judgment Day — looks different from any incarnation of the Terminator franchise we’ve seen before, but you can tell from these opening six minutes that the brutal, sophisticated action will remain.
“I realized the first minutes of the show have to declare what it is,” creator and executive producer Mattson Tomlin tells Tudum. A joint production between Skydance and the Japanese animation studio Production I.G, TERMINATOR ZERO has the challenge of drawing in both anime fans and fans of the Terminator series. “The way to do that was to have a sequence that had no dialogue, that was really planting a flag in letting everybody know this is going to be violent, it’s going to be dark, it’s going to be action-driven, it’s going to be horrific, and it’s going to be arresting,” says Tomlin, who previously wrote Project Power for Netflix and is currently writing The Batman Part II. “That’s just what it has to be.”

The series follows “a new batch of characters who live in Japan in 1997,” writes CBR — and in an interview the show’s director said “There’s a balance” when representing Japan’s actual culture while keeping the show futuristic:
One of the things that I really took for granted was guns. [Points to self] Dumb American over here had to write a scene where Eiko gets into a parking lot and smashes the window of a car, goes to the glove box, takes out a revolver, and it instantly gets flagged. [Other people working on the series] were like, “No, we don’t have guns. What you are describing, that’s over there. We’re over here in civilization where that can’t happen.” That triggered a really fruitful and creatively challenging discussion about weapons. The military has guns and the police have guns. That’s kind of it. So these characters have to arm themselves. How are they going to do it? What could we do? And that’s why the Terminator has a crossbow. Eiko has all of these different weapons that she concocted from a hardware store. It was all born out of that.

Read more of this story at Slashdot.

Labor Board Confirms Amazon Drivers Are Employees, In Finding Hailed By Union

An anonymous reader quotes a report from Ars Technica: Amazon may be forced to meet some unionized delivery drivers at the bargaining table after a regional National Labor Relations Board (NLRB) director determined Thursday that Amazon is a joint employer of contractors hired to ensure the e-commerce giant delivers its packages when promised. This seems like a potentially big loss for Amazon, which had long argued that delivery service partners (DSPs) exclusively employed the delivery drivers, not Amazon. By rejecting its employer status, Amazon had previously argued that it had no duty to bargain with driver unions and no responsibility for alleged union busting, The Washington Post reported.

But now, after a yearlong investigation, the NLRB has issued what Amazon delivery drivers’ union has claimed was “a groundbreaking decision that sets the stage for Amazon delivery drivers across the country to organize with the Teamsters.” In a press release reviewed by Ars, the NLRB regional director confirmed that as a joint employer, Amazon had “unlawfully failed and refused to bargain with the union” after terminating their DSP’s contract and terminating “all unionized employees.” The NLRB found that rather than bargaining with the union, Amazon “delayed start times by grounding vans and not preparing packages for loading,” withheld information from the union, and “made unlawful threats.” Teamsters said those threats included “job loss” and “intimidating employees with security guards.” […]

Unless a settlement is reached, the NLRB will soon “issue a complaint against Amazon and prosecute the corporate giant at a trial” after finding that “Amazon engaged in a long list of egregious unfair labor practices at its Palmdale facility,” Teamsters said. Apparently downplaying the NLRB determination, Amazon is claiming that the Teamsters are trying to “misrepresent what is happening here.” Seemingly Amazon is taking issue with the union claiming that an NLRB determination on the merits of their case is a major win when the NLRB has yet to issue a final ruling. According to the NLRB’s press release, “a merit determination is not a ‘Board decision/ruling’ — it is the first step in the NLRB’s General Counsel litigating the allegations after investigating an unfair labor practice charge.” Sean M. O’Brien, the Teamsters general president, claimed the win for drivers unionizing not just in California but for nearly 280,000 drivers nationwide.

“Amazon drivers have taken their future into their own hands and won a monumental determination that makes clear Amazon has a legal obligation to bargain with its drivers over their working conditions,” O’Brien said. “This strike has paved the way for every other Amazon worker in the country to demand what they deserve and to get Amazon to the bargaining table.”

Read more of this story at Slashdot.