#[1]alternate [2]News for nerds, stuff that matters [3]Search Slashdot [4]Slashdot RSS [5]Slashdot * [6]Stories * + Firehose + [7]All + [8]Popular * [9]Polls * [10]Software * [11]Newsletter * [12]Jobs [13]Submit Search Slashdot ____________________ (BUTTON) * [14]Login * or * [15]Sign up * Topics: * [16]Devices * [17]Build * [18]Entertainment * [19]Technology * [20]Open Source * [21]Science * [22]YRO * Follow us: * [23]RSS * [24]Facebook * [25]LinkedIn * [26]Twitter * [27]Youtube * [28]Mastodon * [29]Newsletter Want to read Slashdot from your mobile device? Point it at [30]m.slashdot.org and keep reading! Nickname: ____________________ Password: ____________________ [ ] Public Terminal __________________________________________________________________ Log In [31]Forgot your password? [32]Close binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror [33]Sign up for the Slashdot newsletter! OR [34]check out the new Slashdot job board to browse remote jobs or jobs in your area Do you develop on GitHub? You can keep using GitHub but automatically [35]sync your GitHub releases to SourceForge quickly and easily with [36]this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today! [37]× 172043203 story [38]Moon [39]India Plans To Land Astronauts On the Moon In 2040 [40](space.com) [41]12 Posted by [42]BeauHD on Thursday October 19, 2023 @06:00AM from the ambitious-goals dept. The government of India said on Tuesday that it [43]plans to put an astronaut on the moon by 2040 and build an Earth-orbiting space station by 2035. Space.com reports: On Aug. 23, India became just the [44]fourth nation ever to soft-land a spacecraft -- its Chandrayaan-3 lander-rover duo -- on the surface of the moon. In a recent meeting with the Indian government department that manages the country's space program, Prime Minister Narendra Modi "directed that India should now aim for new and ambitious goals," according to an official [45]statement. India's future moon exploration efforts will include a series of additional robotic Chandrayaan missions, a new launch pad and a heavy-lift launch vehicle, the statement added. India's delayed Gaganyaan human spaceflight program, now aiming to fly three astronauts to low Earth orbit in 2025, will feature 20 major tests, including three uncrewed missions to test the launch vehicle over the course of the remainder of this year and all of next. [...] By the middle of the 2030s, India hopes to have a 20-ton space station in a fixed orbit 248 miles (400 kilometers) above Earth, with capabilities to host astronauts for 15 to 20 days at a time, K. Sivan, former chairman of the Indian Space Research Organization (ISRO), has previously said. Further down the pipeline of missions, ISRO is planning a Venus orbiter called Shukrayaan-1 to study the surface of that hellishly hot planet. The payloads for that mission are currently being developed, current ISRO chairman S. Somanath had said last month. A second orbiter mission to Mars is also on the books, according to the latest statement. The nation's first, the Mars Orbiter Mission (MOM), was launched in 2013 and studied the Red Planet's atmosphere for eight years before it lost contact with Earth in April 2022. The follow-up mission, Mars Orbiter Mission 2 or MOM 2, will likely include cameras to study the planet's crust and may also include a lander, although many of the mission plans are yet to be finalized. apply tags__________ 172043161 story [46]Sci-Fi [47]US Is Receiving Dozens of UFO Reports a Month, Pentagon Official Says [48](cnn.com) [49]31 Posted by [50]BeauHD on Thursday October 19, 2023 @03:00AM from the data-overload dept. The U.S. government is [51]receiving dozens of reports of unidentified anomalous phenomena (UAP) each month. "The office has received approximately 800 reports of unidentified objects to investigate as of this past April, up from 650 reports in August 2022, Sean Kirkpatrick, who heads the All-domain Anomaly Resolution Office at the Pentagon told CNN." From the report: The vast majority are benign objects, such as balloons or drones, but some may be the result of America's adversaries trying to spy on the US, said Kirkpatrick. "There are some indicators that are concerning that may be attributed to foreign activity, and we are investigating those very hard," said Kirkpatrick, speaking exclusively to CNN ahead of the release of the annual report on unidentified aerial phenomena. A portion of the increase in reports comes from the Federal Aviation Administration, which monitors airspace around US airports starting to provide information to the Pentagon. About half of the reports contain enough data that they can be ruled out as "mundane things," such as errant balloons or floating trash, Kirkpatrick said, but 2-4% are truly anomalous and require further investigation. Asked if the Pentagon could definitively identify a sighting of an unidentified object as belonging to a foreign adversary, Kirkpatrick said that his office is "looking at some very interesting indicators of things, and that's about all I can tell you." But the office, which has more than 40 employees and is expected to grow, can't say that for sure yet. "There are ways to hide in our noise that always concern me," Kirkpatrick said, referring to the extraneous readings picked up by US radars and other sensors. "I am worried from a national security perspective." "The Pentagon is preparing for a flood of new reports as it readies two new portals for submissions: one for historical sightings from current or former government employees and contractors and a second for public submissions of new reports," notes CNN. "It is the opening of the public portal, still several months away, that Kirkpatrick says could flood the system with 'hundreds, if not thousands' of new reports to sort through." apply tags__________ 172043137 story [52]Displays [53]Adobe Unveils Dress That Can Change Its Pattern On the Fly [54](futurism.com) [55]35 Posted by [56]BeauHD on Wednesday October 18, 2023 @11:30PM from the what-will-they-think-of-next dept. An anonymous reader writes: Adobe has [57]unveiled a sparkling, interactive dress -- and got the research scientist who created it to model the high-tech couture. Video of the dress debut [58]shows researcher Christine Dierk wearing the slinky strapless number that, upon first glance, looks like the average sequined cocktail dress. With the click of a handheld remote, however, the dress began to shift patterns like something out of a fashion-forward science fiction film. Created under Adobe's "Project Primrose" initiative, this "digital dress," as Dierk described it for the audience at Adobe's MAX conference last week, "brings fabric to life." "Unlike traditional clothing, which is static, Primrose allows me to refresh my look in a moment," the Adobe scientist said, demonstrating the clothing's capabilities by having its colors go from light to dark in an instant. The digital dress patterns can also, as Dierks demonstrated, be animated, and will even respond to movement -- though that last feature appeared glitchy and didn't work at first. The researcher-turned-model also told the hosts of her portion of the convention that she not only designed the dress with the help of her team at Adobe, but also stitched it herself. While the specs of this particular smart garment haven't been published, the high-tech sequins used for smaller Project Primrose offerings, a handbag and a canvas, were described by Dierks and her co-researchers last year in an [59]article presented at a tech conference. As the article explains, those "sequins" are actually "reflective light-diffuser modules" that use reflective-backed polymer-dispersed liquid crystals (PDLC), which are most often used in smart lighting. Technically, all those sequins are tiny screens. apply tags__________ 172043035 story [60]Social Networks [61]'Apple Is Approaching Social On Vision Pro the Way Meta Should Have All Along' [62](roadtovr.com) [63]27 Posted by [64]BeauHD on Wednesday October 18, 2023 @09:50PM from the social-by-default dept. Apple is taking a different approach to social with its Vision Pro headset: [65]making apps social right out of the box. This, according to Road to VR's Ben Lang, is what Meta should have done all along. Instead, it's pioneered a social experience on the Quest platform that involves "jumping through a fragmented landscape of different apps and different ways to actually get into the same space with your friends." From the report: Apple is taking a fundamentally different approach with Vision Pro by making social the expectation rather than the rule, and providing a common set of tools and guidelines for developers to build from in order to make social feel cohesive across the platform. Apple's vision isn't about creating a server full of a virtual strangers and user-generated experiences, but to make it easy to share the stuff you already like to do with the people you already know. This obviously leans into the company's rich ecosystem of existing apps -- and the social technologies the company has already battle-tested on its platforms. SharePlay is the feature that's already present on iOS and MacOS devices that lets people watch, listen, and experience apps together through FaceTime. And on Vision Pro, Apple intends to use its SharePlay tech to make many of its own first-party apps -- like Apple TV, Apple Music, and Photos -- social right out of the box, and it expects developers to do so too. In the company's developer documentation, the company says it expects "most visionOS apps to support SharePlay." [...] Perhaps most importantly, Apple is leaning on every user's existing personal friend graph (ie: the people you already text, call, or email), rather than trying to create a bespoke friends list that lives only inside Vision Pro. Rather than launching an app and then figuring out how to get your friends into it, with SharePlay Apple is focused on getting together with your friends first, then letting the group seamlessly move from one app to the next as you decide what you want to do. Even apps that don't explicitly have multi-user experience built-in can be 'social' by default, by allowing one user to screen-share the app with others. Only the host will be able to interact with the content, but everyone else will be able to see and talk about it in real-time. It's the emphasis on 'social by default', 'things you already do', and 'people you already know' that will make social on Vision Pro feel completely different than what Meta is building on Quest with Horizon Worlds and its ecosystem of fragmented social apps. apply tags__________ 172042939 story [66]Open Source [67]AlmaLinux Stays Red Hat Enterprise Linux Compatible Without Red Hat Code [68](zdnet.com) [69]23 Posted by [70]BeauHD on Wednesday October 18, 2023 @09:10PM from the it-wasn't-easy dept. AlmaLinux is [71]creating a Red Hat Enterprise Linux (RHEL) without any Red Hat code. Instead, AlmaLinux OS will aim to be Application Binary Interface (ABI) compatible and use the CentOS Stream source code that Red Hat continues to offer. Additional code is pulled from Red Hat Universal Base Images, and upstream Linux code. Benny Vasquez, chairperson of the AlmaLinux OF Foundation, explained how all this works at the open-source community convention [72]All Things Open. ZDNet's Steven Vaughan-Nichols reports: The hardest part is Red Hat's Linux kernel updates because, added Vasquez, "you can't get those kernel updates without violating Red Hat's licensing agreements." Therefore, she continued, "What we do is we pull the security patches from various other sources, and, if nothing else, we can find them when Oracle releases them." Vasquez did note one blessing from this change in production: "AlmaLinux, no longer bound to Red Hat's releases, has been able to release upstream security fixes faster than Red Hat. "For example, the AMD microcode exploits were patched before Red Hat because they took a little bit of extra time to get out the door. We then pulled in, tested, and out the door about a week ahead of them." The overall goal remains to maintain RHEL compatibility. "Any breaking changes between RHEL and AlmaLinux, any application that stops working, is a bug and must be fixed." That's not to say AlmaLinux will be simply an excellent RHEL clone going forward. It plans to add features of its own. For instance, Red Hat users who want programs not bundled in RHEL often turn to [73]Extra Packages for Enterprise Linux (EPEL). These typically are programs included in Fedora Linux. Besides supporting EPEL software, AlmaLinux has its own extra software package -- called [74]Synergy -- which holds programs that the AlmaLinux community wants but are not available in either EPEL or RHEL. If one such program is subsequently added to EPEL or RHEL, AlmaLinux drops it from Synergy to prevent confusion and duplication of effort. This has not been an easy road for AlmaLinux. Even a 1% code difference is a lot to write and maintain. For example, when AlmaLinux tried to patch CentOS Stream code to fix a problem, Red Hat was downright grumpy about AlmaLinux's attempt to fix a security hole. Vasquez acknowledged it was tough sledding at first, but noted: "The good news is that they have been improving the process, and things will look a little bit smoother." AlmaLinux, she noted, is also not so much worried as aware that Red Hat may throw a monkey wrench into their efforts. Vasquez added: "Internally, we're working on stopgap things we'd need to do to anticipate Red Hat changing everything terribly." She doesn't think Red Hat will do it, but "we want to be as prepared as possible." apply tags__________ 172042643 story [75]Android [76]Android Will Now Scan Sideloaded Apps For Malware At Install Time [77](arstechnica.com) [78]27 Posted by [79]BeauHD on Wednesday October 18, 2023 @08:30PM from the safety-first dept. Ron Amadeo reports via Ars Technica: To help combat the surge of sideloaded malware, Google Play [80]can now pop up a malware scanner at install time if it decides the app you're trying to sideload is interesting. Google Play's malware system, called "[81]Google Play Protect," has always been able to check sideloaded apps for malware, but it used faster techniques like a definition file, and this happened quietly in the background. This new technique will delay your app installation with a full-screen "scanning" interface while Google runs a deep scan of the app code. Google's blog post says this is "real-time scanning at the code-level to combat novel malicious apps" and that Google Play Protect can "recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats." The scan will involve sending bits and pieces of the app to Google for analysis. Google says: "Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection." [...] Google is first rolling this feature out in India -- a country that topped the malware distribution charts in that 2018 report -- with the company saying the feature "will expand to all regions in the coming months." apply tags__________ 172042519 story [82]Businesses [83]Tesla Announces Cybertruck Deliveries In November, Claims 125K Production Capacity [84](electrek.co) [85]58 Posted by [86]BeauHD on Wednesday October 18, 2023 @07:50PM from the it's-finally-happening dept. An anonymous reader quotes a report from Electrek: Today, Tesla [87]released (PDF) its Q3 2023 financial results and as expected, there was an update about Cybertruck in there. In the quarterly presentation, Tesla mentioned that "pilot production" of the Cybertruck has begun: "At Gigafactory Texas, we began pilot production of the Cybertruck, which remains on track for initial deliveries this year." While that doesn't include any new information, in the photo section of the presentation, Tesla added a comment confirming that "[88]deliveries will begin in November 2023." The previous official comment from CEO Elon Musk was that Tesla was aiming for the end of Q3, which ended last month. Interestingly, Tesla also updated its "installed annual vehicle capacity" and added capacity for the Cybertruck for the first time. Surprisingly, Tesla already claims a capacity of "over 125,000 Cybertrucks" at Gigafactory Texas. In a company post [89]on X, Tesla specifies that its first Cybertruck deliveries are scheduled for November 30th at Giga Texas. These are the highlights of Tesla's Q3 shareholder update, as mentioned in the company's X post: "Cybertruck production remains on track for later this year, with first deliveries scheduled for November 30th at Giga Texas. Production of our higher density 4680 cell is progressing as planned & we continue building capacity for cathode production & lithium refining in the US. In Europe, Model Y remains the best-selling vehicle of any kind (based on latest available data as of August) Thank you to our European owners! We have more than doubled the size of our AI training compute, accommodating for both our growing data set & Optimus, which is currently being trained for simple tasks through AI rather than hardcoded software, while its hardware continues to improve. All Hertz rentals in the US & Canada now allow Tesla app access, enabling renters to use keyless lock/unlock via phone key, remotely precondition the cabin & more. In addition, we redesigned the in-app service experience for owners, making scheduling & tracking service appointments & loaner access much simpler." Energy deployments increased 90% YoY to 4GWh -- our highest quarterly deployment ever! apply tags__________ 172042465 story [90]Bitcoin [91]Binance.US Halts Direct Dollar Withdrawals [92](coindesk.com) [93]24 Posted by [94]BeauHD on Wednesday October 18, 2023 @07:10PM from the no-longer-FDIC-insured dept. Sandali Handagama reports via CoinDesk: Binance.US users can [95]no longer withdraw dollars directly from the platform after the exchange updated its [96]terms of use on Monday. "In the event that customers wish to withdraw U.S. dollar funds from their account, they may do so by converting U.S. dollar funds to stablecoin or other digital assets, which can subsequently be withdrawn," the email said. In early June, the firm [97]suspended dollar deposits, saying the U.S. Securities and Exchange Commission's (SEC) "extremely aggressive and intimidating tactics" against the crypto industry had left banking partners reluctant to engage with the sector. In the same message, Binance.US warned customers that its banking partners were preparing to pause dollar withdrawals as early as June 13. apply tags__________ 172042425 story [98]Transportation [99]Amazon Plans To Deploy Delivery Drones In the UK and Italy Next Year [100](theverge.com) [101]13 Posted by [102]BeauHD on Wednesday October 18, 2023 @06:30PM from the heads-up dept. Amazon [103]announced today that it [104]plans to expand its Prime Air drone delivery program to Italy and United Kingdom, as well as one more yet-to-be-named U.S. city. "The new Prime Air locations will be announced in the coming months, with an anticipated launch date of late 2024," reports The Verge. From the report: Another step by Amazon today suggests it's ready to make drones a more serious part of its actual delivery network. The company said it plans to add Prime Air delivery to its existing fulfillment network -- specifically by adding delivery drones to some of its same-delivery sites. Prime Air drones currently only operate out of the two standalone sites in Texas and California, so expanding drones to other sites means a wider delivery range and closer integration with Amazon's delivery network. Amazon also gave us a sneak peek of its new Prime Air delivery drone that it claims flies twice as far as its current model. Even more critically, the drones will be able to operate in light rain and what Amazon calls more "diverse weather." The company [105]released photos of the MK30 drone today, which it said will replace its existing delivery drones by late 2024. The MK30 is also smaller and quieter than the existing Prime Air model, Amazon claims. The new drone can deliver objects of up to five pounds, with a typical delivery time of "one hour or less." The new drone includes a "sense and avoid" feature that can help it avoid pets, people, and property. The new design will hopefully result in smoother flights. "Not only will this help boost the economy, offering consumers even more choice while helping keep the environment clean with zero emission technology, but it will also build our understanding how to best use the new technology safely and securely," said UK's Aviation Minister Baroness Vere in a statement in Amazon's announcement. apply tags__________ 172042323 story [106]Privacy [107]Hacker Leaks Millions More 23andMe User Records On Cybercrime Forum [108](techcrunch.com) [109]18 Posted by [110]BeauHD on Wednesday October 18, 2023 @05:50PM from the more-questions-than-answers dept. An anonymous reader quotes a report from TechCrunch: The same hacker who leaked a trove of user data stolen from the genetic testing company 23andMe [111]two weeks ago has now leaked millions of new user records. On Tuesday, a hacker who goes by Golem published a new dataset of 23andMe user information [112]containing records of four million users on the known cybercrime forum BreachForums. TechCrunch has found that some of the newly leaked stolen data matches known and public 23andMe user and genetic information. Golem claimed the dataset contains information on people who come from Great Britain, including data from "the wealthiest people living in the U.S. and Western Europe on this list." On October 6, 23andMe [113]announced that hackers had obtained some user data, claiming that to amass the stolen data the hackers used credential stuffing -- a common technique where hackers try combinations of usernames or emails and corresponding passwords that are already public from other data breaches. In response to the incident, 23andMe prompted users to change their passwords and encouraged switching on multi-factor authentication. On its official page addressing the incident, 23andMe said it has launched an investigation with help from "third-party forensic experts." 23andMe blamed the incident on its customers for reusing passwords, and an opt-in feature called [114]DNA Relatives, which allows users to see the data of other opted-in users whose genetic data matches theirs. If a user had this feature turned on, in theory it would allow hackers to scrape data on more than one user by breaking into a single user's account. apply tags__________ 172041655 story [115]Robotics [116]Amazon Tests Humanoid Robot in Warehouse Automation Push [117](bloomberg.com) [118]31 Posted by msmash on Wednesday October 18, 2023 @03:20PM from the welcome-to-the-future dept. Amazon says it's testing two new technologies to increase automation in its warehouses, [119]including a trial of a humanoid robot. From a report: The humanoid robot, called Digit, is bipedal and can squat, bend and grasp items using clasps that imitate hands, the company said in a blog post Wednesday. It's built by Agility Robotics and will initially be used to help employees consolidate totes that have been emptied of items. Amazon invested in Agility Robotics last year. [...] In addition to Digit, Amazon is testing a technology called Sequoia, which will identify and sort inventory into containers for employees, who will then pick the items customers have ordered, the company said. Remaining products are then consolidated in bins by a robotic arm called Sparrow, which the company revealed last year. The system is in use at an Amazon warehouse in Houston, the company said in a statement. apply tags__________ 172041531 story [120]United States [121]American Employees Reinvent the Sick Day [122](msn.com) [123]263 Posted by msmash on Wednesday October 18, 2023 @02:40PM from the tragedy dept. The bar for taking a sick day is getting lower, and some bosses say [124]that's a problem. From a report: U.S. workers have long viewed an unwillingness to take sick days as a badge of honor. That's a laurel workers care much less about these days. The number of sick days Americans take annually has soared since the pandemic, employee payroll data show. Covid-19 and a rise in illnesses such as RSV, which can require days away from work, are one reason. Managers and human-resources executives also attribute the jump to a bigger shift in the way many Americans relate to their jobs. For one, more workers are using up sick time often for reasons such as mental health. And unlike older workers, who might have been loath to call in sick for fear of seeming weak or unreliable, younger workers feel more entitled to take full advantage of the benefits they've been given, executives and recruiters say. That confidence has only grown as record low unemployment persists. So far this year, 30% of white-collar workers with access to paid leave have taken sick time, up from 21% in 2019, according to data from payroll and benefits software company Gusto. Employees between ages 25 and 34 are taking sick days most often, with their use rates jumping 45% from before the pandemic. [...] Younger workers used to follow the example of their older peers and come in even when under the weather, says Crystal Williams, chief human resources officer at global business payments company Fleetcor, which has around 5,000 U.S. employees. She suspects early-career employees aren't taking cues from older co-workers in the same way now that five days a week at the office is no longer the norm. Prepandemic, Fleetcor workers in their 20s and 30s took one or two sick days a year, she says. Now, it's more like three to five. apply tags__________ 172041159 story [125]Chrome [126]Google is Tweaking Chrome's Search Bar To Make It Easier To Navigate the Web [127](theverge.com) [128]23 Posted by msmash on Wednesday October 18, 2023 @02:00PM from the moving-forward dept. Google is making a few changes to the way its search and address bar -- known as the omnibox -- works in the Chrome browser. The changes are individually pretty small, but there's an important and somewhat unexpected trend in them all: Google is making it easier for you to [129]move around the web without having to do so many Google searches. From a report: If you're in Chrome on desktop or mobile, the browser will now try and correct your URL typos, so when you type thevrege.com or ninteendo.com, you'll get autocomplete suggestions based on the right site and not whatever is behind those misspelled domains. The omnibox's autocomplete will now be smarter in general, predicting the site you're looking for based on keywords rather than just guessing what URL you're typing. Chrome can also now search within your bookmarks for sites and files related to what you're typing. All those features are based on your own browsing history and bookmarks, so it's just Chrome becoming slightly more personalized. But the last change is web-wide and is pretty off-brand for Google: when you start to type in the name of a popular website, the omnibox will show that site's URL in the list of suggestions, and you can select it to go right to that site. (You might have seen this one already: it's been rolling out for a couple of weeks and should be live to everyone now.) apply tags__________ 172041123 story [130]United Kingdom [131]Scientists Call on Ministers To Cut Limits For 'Forever Chemicals' in UK Tap Water [132](theguardian.com) [133]15 Posted by msmash on Wednesday October 18, 2023 @01:20PM from the growing-concern dept. Acceptable levels of "forever chemicals" in drinking water [134]should be reduced tenfold and a new national chemicals agency created to protect public health, the Royal Society of Chemistry (RSC) has told the UK government. From a report: The chartered body wants to see a reduction in the cap on levels of per- and polyfluoroalkyl substances (PFAS) in tap water. PFAS are a family of about 10,000 widely used chemicals that do not break down easily in the environment. Some have been linked to cancers, liver and thyroid disease, immune and fertility problems, and developmental defects in unborn children. The current limit in UK drinking water, which is a guideline and not a statutory cap, is 100 nanograms a litre for individual PFAS. The RSC wants this reduced to 10ng/l and a new overall limit introduced of 100ng/l for a wider range of PFAS in drinking water. "In the Drinking Water Inspectorate's (DWI) own words, levels above 10ng/l pose a medium or high risk to public health," said Stephanie Metzger, a policy adviser at the RSC. "We're seeing more studies that link PFAS to a range of very serious medical conditions, and so we urgently need a new approach for the sake of public health." apply tags__________ 172040983 story [135]Security [136]Russia and China-backed Hackers Are Exploiting WinRAR Zero-Day Bug, Google Says [137](techcrunch.com) [138]34 Posted by msmash on Wednesday October 18, 2023 @12:41PM from the security-woes dept. Google security researchers say they have found evidence that government-backed hackers linked to Russia and China are [139]exploiting a since-patched vulnerability in WinRAR, the popular shareware archiving tool for Windows. From a report: The WinRAR vulnerability, first discovered by cybersecurity company Group-IB earlier this year and tracked as CVE-2023-38831, allows attackers to hide malicious scripts in archive files that masquerade as seemingly innocuous images or text documents. Group-IB said the flaw was exploited as a zero-day -- since the developer had zero time to fix the bug before it was exploited -- as far back as April to compromise the devices of at least 130 traders. Rarlab, which makes the archiving tool, released an updated version of WinRAR (version 6.23) on August 2 to patch the vulnerability. Despite this, Google's Threat Analysis Group (TAG) said this week that its researchers have observed multiple government-backed hacking groups exploiting the security flaw, noting that "many users" who have not updated the app remain vulnerable. In research shared with TechCrunch ahead of its publication, TAG says it has observed multiple campaigns exploiting the WinRAR zero-day bug, which it has tied to state-backed hacking groups with links to Russia and China. apply tags__________ [140]« Newer [141]Older » Slashdot Top Deals Slashdot Top Deals [142]Slashdot Deals Slashdot Poll What's your favorite machine to play games on? (*) Xbox ( ) PlayStation ( ) Nintendo ( ) PC ( ) Smartphone (BUTTON) vote now [143]Read the 86 comments | 23346 votes Looks like someone has already voted from this IP. If you would like to vote please login and try again. What's your favorite machine to play games on? 0 Percentage of others that also voted for: * [144]view results * Or * * [145]view more [146]Read the 86 comments | 23346 voted Most Discussed * 259 comments [147]American Employees Reinvent the Sick Day * 129 comments [148]Tech Leaders Say AI Will Change What It Means To Have a Job * 128 comments [149]American Work-From-Home Rates Drop To Lowest Since the Pandemic * 118 comments [150]Google Asks Congress To Not Ban Teens From Social Media * 112 comments [151]Joseon Becomes First-ever Globally Recognized Cyber Nation-state [152]Your Rights Online * [153]Hacker Leaks Millions More 23andMe User Records On Cybercrime Forum * [154]Private Torrent Tracker FileList to Shut Down After 16 Years * [155]IRS Will Pilot Free, Direct Tax Filing In 2024 * [156]Meta Will Now Let You Stop Instagram From Tracking You Across the Web * [157]Tech CEO Sentenced To 5 Years in IP Address Scheme [158]This Day on Slashdot 2010 [159]Steve Jobs Lashes Out At Android 864 comments 2009 [160]Student Loan Interest Rankles College Grads 1259 comments 2005 [161]Senator Wants to Keep U.N. Away From the Internet 1149 comments 2004 [162]IE Shines On Broken Code 900 comments 2002 [163]Gnarly Error Messages 1315 comments [164]Sourceforge Top Downloads * [165]TrueType core fonts 2.2B downloads * [166]Notepad++ Plugin Mgr 1.5B downloads * [167]VLC media player 899M downloads * [168]eMule 686M downloads * [169]MinGW 631M downloads Powered By [170]sf [171]Slashdot * [172]Today * [173]Wednesday * [174]Tuesday * [175]Monday * [176]Sunday * [177]Saturday * [178]Friday * [179]Thursday * [180]Submit Story The bogosity meter just pegged. * [181]FAQ * [182]Story Archive * [183]Hall of Fame * [184]Advertising * [185]Terms * [186]Privacy Statement * [187]About * [188]Feedback * [189]Mobile View * [190]Blog * * (BUTTON) Icon Do Not Sell My Personal Information Copyright © 2023 Slashdot Media. All Rights Reserved. × [191]Close [192]Close [193]Slashdot [njs.gif?40] Working... References Visible links: 1. https://m.slashdot.org/ 2. https://slashdot.org/ 3. https://slashdot.org/search.pl 4. https://rss.slashdot.org/Slashdot/slashdotMain 5. https://slashdot.org/ 6. https://slashdot.org/ 7. https://slashdot.org/recent 8. https://slashdot.org/popular 9. https://slashdot.org/polls 10. https://slashdot.org/software/ 11. https://slashdot.org/newsletter 12. https://slashdot.org/jobs 13. https://slashdot.org/submission 14. https://slashdot.org/my/login 15. https://slashdot.org/my/newuser 16. https://devices.slashdot.org/ 17. https://build.slashdot.org/ 18. https://entertainment.slashdot.org/ 19. https://technology.slashdot.org/ 20. https://slashdot.org/?fhfilter=opensource 21. https://science.slashdot.org/ 22. https://yro.slashdot.org/ 23. https://rss.slashdot.org/Slashdot/slashdotMain 24. https://www.facebook.com/slashdot 25. https://www.linkedin.com/company/slashdot 26. https://twitter.com/slashdot 27. https://www.youtube.com/channel/UCsW36751Gy-EAbHQwe9WBNw 28. https://mastodon.cloud/@slashdot 29. https://slashdot.org/newsletter 30. http://m.slashdot.org/ 31. https://slashdot.org/my/mailpassword 32. https://slashdot.org/ 33. https://slashdot.org/newsletter 34. https://slashdot.org/jobs-2 35. https://sourceforge.net/p/forge/documentation/GitHub Importer/ 36. https://sourceforge.net/p/import_project/github/ 37. https://slashdot.org/ 38. https://slashdot.org/index2.pl?fhfilter=moon 39. https://science.slashdot.org/story/23/10/18/2336241/india-plans-to-land-astronauts-on-the-moon-in-2040 40. https://www.space.com/india-land-astronauts-moon-2040 41. https://science.slashdot.org/story/23/10/18/2336241/india-plans-to-land-astronauts-on-the-moon-in-2040#comments 42. https://twitter.com/BeauHD 43. https://www.space.com/india-land-astronauts-moon-2040 44. https://science.slashdot.org/story/23/08/23/1238217/india-becomes-the-first-country-to-land-spacecraft-on-moons-south-pole 45. https://pib.gov.in/PressReleseDetailm.aspx?PRID=1968368 46. https://slashdot.org/index2.pl?fhfilter=scifi 47. https://entertainment.slashdot.org/story/23/10/18/2330232/us-is-receiving-dozens-of-ufo-reports-a-month-pentagon-official-says 48. https://www.cnn.com/2023/10/18/politics/us-ufo-reports-pentagon/index.html 49. https://entertainment.slashdot.org/story/23/10/18/2330232/us-is-receiving-dozens-of-ufo-reports-a-month-pentagon-official-says#comments 50. https://twitter.com/BeauHD 51. https://www.cnn.com/2023/10/18/politics/us-ufo-reports-pentagon/index.html 52. https://slashdot.org/index2.pl?fhfilter=displays 53. https://hardware.slashdot.org/story/23/10/18/2324230/adobe-unveils-dress-that-can-change-its-pattern-on-the-fly 54. https://futurism.com/the-byte/adobe-dress-smart-sequins 55. https://hardware.slashdot.org/story/23/10/18/2324230/adobe-unveils-dress-that-can-change-its-pattern-on-the-fly#comments 56. https://twitter.com/BeauHD 57. https://futurism.com/the-byte/adobe-dress-smart-sequins 58. https://www.youtube.com/watch?v=EvGquKkSFMM 59. https://dl.acm.org/action/cookieAbsent 60. https://slashdot.org/index2.pl?fhfilter=social 61. https://tech.slashdot.org/story/23/10/18/236232/apple-is-approaching-social-on-vision-pro-the-way-meta-should-have-all-along 62. https://www.roadtovr.com/apple-vision-pro-social-multiplayer-shareplay/ 63. https://tech.slashdot.org/story/23/10/18/236232/apple-is-approaching-social-on-vision-pro-the-way-meta-should-have-all-along#comments 64. https://twitter.com/BeauHD 65. https://www.roadtovr.com/apple-vision-pro-social-multiplayer-shareplay/ 66. https://slashdot.org/index2.pl?fhfilter=opensource 67. https://linux.slashdot.org/story/23/10/18/2253222/almalinux-stays-red-hat-enterprise-linux-compatible-without-red-hat-code 68. https://www.zdnet.com/article/how-almalinux-stays-red-hat-enterprise-linux-compatible-without-red-hat-code/ 69. https://linux.slashdot.org/story/23/10/18/2253222/almalinux-stays-red-hat-enterprise-linux-compatible-without-red-hat-code#comments 70. https://twitter.com/BeauHD 71. https://www.zdnet.com/article/how-almalinux-stays-red-hat-enterprise-linux-compatible-without-red-hat-code/ 72. https://2023.allthingsopen.org/ 73. https://docs.fedoraproject.org/en-US/epel/ 74. https://wiki.almalinux.org/repos/Synergy.html 75. https://slashdot.org/index2.pl?fhfilter=android 76. https://it.slashdot.org/story/23/10/18/2148248/android-will-now-scan-sideloaded-apps-for-malware-at-install-time 77. https://arstechnica.com/gadgets/2023/10/android-will-now-scan-sideloaded-apps-for-malware-at-install-time/ 78. https://it.slashdot.org/story/23/10/18/2148248/android-will-now-scan-sideloaded-apps-for-malware-at-install-time#comments 79. https://twitter.com/BeauHD 80. https://arstechnica.com/gadgets/2023/10/android-will-now-scan-sideloaded-apps-for-malware-at-install-time/ 81. https://security.googleblog.com/2023/10/enhanced-google-play-protect-real-time.html 82. https://slashdot.org/index2.pl?fhfilter=business 83. https://tech.slashdot.org/story/23/10/18/2123232/tesla-announces-cybertruck-deliveries-in-november-claims-125k-production-capacity 84. https://electrek.co/2023/10/18/tesla-cybertruck-deliveries-november-production-capacity/ 85. https://tech.slashdot.org/story/23/10/18/2123232/tesla-announces-cybertruck-deliveries-in-november-claims-125k-production-capacity#comments 86. https://twitter.com/BeauHD 87. https://digitalassets.tesla.com/tesla-contents/image/upload/IR/TSLA-Q3-2023-Update-3.pdf 88. https://electrek.co/2023/10/18/tesla-cybertruck-deliveries-november-production-capacity/ 89. https://x.com/Tesla/status/1714737600991248796?s=20 90. https://slashdot.org/index2.pl?fhfilter=bitcoin 91. https://slashdot.org/story/23/10/18/2114216/binanceus-halts-direct-dollar-withdrawals 92. https://www.coindesk.com/policy/2023/10/17/binanceus-halts-direct-dollar-withdrawals/ 93. https://slashdot.org/story/23/10/18/2114216/binanceus-halts-direct-dollar-withdrawals#comments 94. https://twitter.com/BeauHD 95. https://www.coindesk.com/policy/2023/10/17/binanceus-halts-direct-dollar-withdrawals/ 96. https://www.binance.us/terms-of-use?utm_source=email&utm_medium=email-b&utm_campaign=notice&utm_content=tou-10-2023 97. https://news.slashdot.org/story/23/06/09/1715238/binanceus-to-halt-dollar-deposits-after-sec-crackdown 98. https://slashdot.org/index2.pl?fhfilter=transportation 99. https://tech.slashdot.org/story/23/10/18/216250/amazon-plans-to-deploy-delivery-drones-in-the-uk-and-italy-next-year 100. https://www.theverge.com/2023/10/18/23922910/amazon-prime-air-delivery-drone-italy-united-kingdom 101. https://tech.slashdot.org/story/23/10/18/216250/amazon-plans-to-deploy-delivery-drones-in-the-uk-and-italy-next-year#comments 102. https://twitter.com/BeauHD 103. https://www.aboutamazon.com/news/operations/amazon-prime-air-drone-delivery-updates 104. https://www.theverge.com/2023/10/18/23922910/amazon-prime-air-delivery-drone-italy-united-kingdom 105. https://www.aboutamazon.com/news/transportation/amazon-prime-air-drone-delivery-mk30-photos 106. https://slashdot.org/index2.pl?fhfilter=privacy 107. https://yro.slashdot.org/story/23/10/18/2049228/hacker-leaks-millions-more-23andme-user-records-on-cybercrime-forum 108. https://techcrunch.com/2023/10/18/hacker-leaks-millions-more-23andme-user-records-on-cybercrime-forum/ 109. https://yro.slashdot.org/story/23/10/18/2049228/hacker-leaks-millions-more-23andme-user-records-on-cybercrime-forum#comments 110. https://twitter.com/BeauHD 111. https://yro.slashdot.org/story/23/10/06/2018201/23andme-scraping-incident-leaked-data-on-13-million-users 112. https://techcrunch.com/2023/10/18/hacker-leaks-millions-more-23andme-user-records-on-cybercrime-forum/ 113. https://blog.23andme.com/articles/addressing-data-security-concerns 114. https://customercare.23andme.com/hc/en-us/articles/212170838 115. https://slashdot.org/index2.pl?fhfilter=robot 116. https://hardware.slashdot.org/story/23/10/18/1836226/amazon-tests-humanoid-robot-in-warehouse-automation-push 117. https://www.bloomberg.com/news/articles/2023-10-18/amazon-tests-humanoid-robot-in-warehouse-automation-push 118. https://hardware.slashdot.org/story/23/10/18/1836226/amazon-tests-humanoid-robot-in-warehouse-automation-push#comments 119. https://www.bloomberg.com/news/articles/2023-10-18/amazon-tests-humanoid-robot-in-warehouse-automation-push 120. https://slashdot.org/index2.pl?fhfilter=usa 121. https://news.slashdot.org/story/23/10/18/1810228/american-employees-reinvent-the-sick-day 122. https://www.msn.com/en-us/money/companies/bosses-have-a-problem-people-are-actually-using-sick-days/ar-AA1ioHGQ 123. https://news.slashdot.org/story/23/10/18/1810228/american-employees-reinvent-the-sick-day#comments 124. https://www.msn.com/en-us/money/companies/bosses-have-a-problem-people-are-actually-using-sick-days/ar-AA1ioHGQ 125. https://slashdot.org/index2.pl?fhfilter=chrome 126. https://it.slashdot.org/story/23/10/18/176209/google-is-tweaking-chromes-search-bar-to-make-it-easier-to-navigate-the-web 127. https://www.theverge.com/2023/10/18/23922396/google-chrome-search-typos-bookmarks-autocomplete 128. https://it.slashdot.org/story/23/10/18/176209/google-is-tweaking-chromes-search-bar-to-make-it-easier-to-navigate-the-web#comments 129. https://www.theverge.com/2023/10/18/23922396/google-chrome-search-typos-bookmarks-autocomplete 130. https://slashdot.org/index2.pl?fhfilter=uk 131. https://news.slashdot.org/story/23/10/18/172254/scientists-call-on-ministers-to-cut-limits-for-forever-chemicals-in-uk-tap-water 132. https://www.theguardian.com/environment/2023/oct/18/scientists-call-on-ministers-to-cut-limits-for-forever-chemicals-in-uk-tap-water 133. https://news.slashdot.org/story/23/10/18/172254/scientists-call-on-ministers-to-cut-limits-for-forever-chemicals-in-uk-tap-water#comments 134. https://www.theguardian.com/environment/2023/oct/18/scientists-call-on-ministers-to-cut-limits-for-forever-chemicals-in-uk-tap-water 135. https://slashdot.org/index2.pl?fhfilter=security 136. https://it.slashdot.org/story/23/10/18/1640258/russia-and-china-backed-hackers-are-exploiting-winrar-zero-day-bug-google-says 137. https://techcrunch.com/2023/10/18/russia-sandworm-fancy-bear-china-winrar-zero-day/ 138. https://it.slashdot.org/story/23/10/18/1640258/russia-and-china-backed-hackers-are-exploiting-winrar-zero-day-bug-google-says#comments 139. https://techcrunch.com/2023/10/18/russia-sandworm-fancy-bear-china-winrar-zero-day/ 140. https://slashdot.org/ 141. https://slashdot.org/?page=1 142. http://deals.slashdot.org/ 143. https://slashdot.org/poll/3246/whats-your-favorite-machine-to-play-games-on 144. https://slashdot.org/poll/3246/whats-your-favorite-machine-to-play-games-on 145. https://slashdot.org/polls 146. https://slashdot.org/poll/3246/whats-your-favorite-machine-to-play-games-on 147. https://news.slashdot.org/story/23/10/18/1810228/american-employees-reinvent-the-sick-day?sbsrc=md 148. https://tech.slashdot.org/story/23/10/18/1339249/tech-leaders-say-ai-will-change-what-it-means-to-have-a-job?sbsrc=md 149. https://news.slashdot.org/story/23/10/18/0016220/american-work-from-home-rates-drop-to-lowest-since-the-pandemic?sbsrc=md 150. https://tech.slashdot.org/story/23/10/17/0231233/google-asks-congress-to-not-ban-teens-from-social-media?sbsrc=md 151. https://news.slashdot.org/story/23/10/18/0155240/joseon-becomes-first-ever-globally-recognized-cyber-nation-state?sbsrc=md 152. https://yro.slashdot.org/ 153. https://yro.slashdot.org/story/23/10/18/2049228/hacker-leaks-millions-more-23andme-user-records-on-cybercrime-forum?utm_source=rss0.9mainlinkanon&utm_medium=feed&sbsrc=yro 154. https://yro.slashdot.org/story/23/10/18/0045247/private-torrent-tracker-filelist-to-shut-down-after-16-years?utm_source=rss0.9mainlinkanon&utm_medium=feed&sbsrc=yro 155. https://yro.slashdot.org/story/23/10/17/2243227/irs-will-pilot-free-direct-tax-filing-in-2024?utm_source=rss0.9mainlinkanon&utm_medium=feed&sbsrc=yro 156. https://tech.slashdot.org/story/23/10/17/1918203/meta-will-now-let-you-stop-instagram-from-tracking-you-across-the-web?utm_source=rss0.9mainlinkanon&utm_medium=feed&sbsrc=yro 157. https://yro.slashdot.org/story/23/10/17/1912243/tech-ceo-sentenced-to-5-years-in-ip-address-scheme?utm_source=rss0.9mainlinkanon&utm_medium=feed&sbsrc=yro 158. https://slashdot.org/ 159. https://apple.slashdot.org/story/10/10/19/187242/steve-jobs-lashes-out-at-android?sbsrc=thisday 160. https://news.slashdot.org/story/09/10/18/2356226/student-loan-interest-rankles-college-grads?sbsrc=thisday 161. https://politics.slashdot.org/story/05/10/19/1433203/senator-wants-to-keep-un-away-from-the-internet?sbsrc=thisday 162. https://tech.slashdot.org/story/04/10/19/0236213/ie-shines-on-broken-code?sbsrc=thisday 163. https://ask.slashdot.org/story/02/10/18/2255203/gnarly-error-messages?sbsrc=thisday 164. https://slashdot.org/ 165. https://sourceforge.net/projects/corefonts/?source=sd_slashbox 166. https://sourceforge.net/projects/npppluginmgr/?source=sd_slashbox 167. https://sourceforge.net/projects/vlc/?source=sd_slashbox 168. https://sourceforge.net/projects/emule/?source=sd_slashbox 169. https://sourceforge.net/projects/mingw/?source=sd_slashbox 170. https://sourceforge.net/?source=sd_slashbox 171. https://slashdot.org/ 172. https://apple.slashdot.org/?issue=20231019&view=search 173. https://apple.slashdot.org/?issue=20231018&view=search 174. https://apple.slashdot.org/?issue=20231017&view=search 175. https://apple.slashdot.org/?issue=20231016&view=search 176. https://apple.slashdot.org/?issue=20231015&view=search 177. https://apple.slashdot.org/?issue=20231014&view=search 178. https://apple.slashdot.org/?issue=20231013&view=search 179. https://apple.slashdot.org/?issue=20231012&view=search 180. https://slashdot.org/submit 181. https://slashdot.org/faq 182. https://slashdot.org/archive.pl 183. https://slashdot.org/hof.shtml 184. https://slashdotmedia.com/advertising-and-marketing-services/ 185. https://slashdotmedia.com/terms-of-use/ 186. https://slashdotmedia.com/privacy-statement/ 187. https://slashdot.org/faq/slashmeta.shtml 188. mailto:feedback@slashdot.org 189. https://slashdot.org/ 190. https://slashdot.org/blog 191. https://slashdot.org/ 192. https://slashdot.org/ 193. https://slashdot.org/ Hidden links: 195. https://slashdot.org/tag/ 196. https://slashdot.org/tag/ 197. https://slashdot.org/tag/ 198. https://slashdot.org/tag/ 199. https://slashdot.org/tag/ 200. https://slashdot.org/tag/ 201. https://slashdot.org/tag/ 202. https://slashdot.org/tag/ 203. https://slashdot.org/tag/ 204. https://slashdot.org/tag/ 205. https://slashdot.org/tag/ 206. https://slashdot.org/tag/ 207. https://slashdot.org/newsletter 208. https://slashdot.org/