Since 2023, a malicious campaign called ClearFake has been used to display fake web browser update banners on compromised websites that distribute information-stealing malware. In 2024, a new campaign called ClickFix was introduced that shares many similarities with ClearFake but instead pretends to be software error messages with included fixes. However, these “fixes” are PowerShell scripts that, when executed, will download and install information-stealing malware.

Last week, GoDaddy reported that the ClearFake/ClickFix threat actors have breached over 6,000 WordPress sites to install malicious plugins that display the fake alerts associated with these campaigns. “The GoDaddy Security team is tracking a new variant of ClickFix (also known as ClearFake) fake browser update malware that is distributed via bogus WordPress plugins,” explains GoDaddy security researcher Denis Sinegubko. “These seemingly legitimate plugins are designed to appear harmless to website administrators but contain embedded malicious scripts that deliver fake browser update prompts to end-users.”

The malicious plugins utilize names similar to legitimate plugins, such as Wordfense Security and LiteSpeed Cache, while others use generic, made-up names. Website security firm Sucuri also noted that a fake plugin named “Universal Popup Plugin” is also part of this campaign. When installed, the malicious plugin will hook various WordPress actions depending on the variant to inject a malicious JavaScript script into the HTML of the site. When loaded, this script will attempt to load a further malicious JavaScript file stored in a Binance Smart Chain (BSC) smart contract, which then loads the ClearFake or ClickFix script to display the fake banners. From web server access logs analyzed by Sinegubko, the threat actors appear to be utilizing stolen admin credentials to log into the WordPress site and install the plugin in an automated manner.

In an Oct. 15 statement, NASA said it will use Crew Dragon for both the Crew-10 mission to the ISS, scheduled for no earlier than February 2025, and the Crew-11 mission scheduled for no earlier than July. Crew-10 will fly NASA astronauts Anne McClain and Nichole Ayers along with astronaut Takuya Onishi from the Japanese space agency JAXA and Roscosmos cosmonaut Kirill Peskov. NASA has not yet announced the crew for the Crew-11 mission.

Earlier this year, NASA had hoped that Boeing’s CST-100 Starliner would be certified in time to fly the early 2025 mission. Problems with the Crew Flight Test mission, which launched in June with NASA astronauts Butch Wilmore and Suni Williams on board, led NASA to conclude in July that the spacecraft would not be certified in time. It delayed that Starliner-1 mission from February to August 2025, moving up Crew-10 to February. NASA also announced then that it would prepare Crew-11 in parallel with Starliner-1 for launch in that August 2025 slot.

37Signals is not a company that makes its policy or management decisions quietly. The productivity software company was an avowedly Mac-centric shop until Apple’s move to kill home screen web apps (or Progressive Web Apps, or PWAs) led the firm and its very-public-facing co-founder, David Heinemeier Hansson, to declare a “Return to Windows,” followed by a stew of Windows/Mac/Linux. The company waged a public battle with Apple over its App Store subscription policies, and the resulting outcry helped nudge Apple a bit. 37Signals has maintained an active blog for years, its co-founders and employees have written numerous business advice books, and its blog and social media posts regularly hit the front pages of Hacker News.

So when 37Signals decided to pull its seven cloud-based apps off Amazon Web Services in the fall of 2022, it didn’t do so quietly or without details. Back then, Hansson described his firm as paying “an at times almost absurd premium” for defense against “wild swings or towering peaks in usage.” In early 2023, Hansson wrote that 37Signals expected to save $7 million over five years by buying more than $600,000 worth of Dell server gear and hosting its own apps.

Late last week, Hansson had an update: it’s more like $10 million (and, he told the BBC, more like $800,000 in gear). By squeezing more hardware into existing racks and power allowances, estimating seven years’ life for that hardware, and eventually transferring its 10 petabytes of S3 storage into a dual-DC Pure Storage flash array, 37Signals expects to save money, run faster, and have more storage available. “The motto of the 2010s and early 2020s — all-cloud, everything, all the time — seems to finally have peaked,” Hansson writes. “And thank heavens for that!” He adds the caveat that companies with “enormous fluctuations in load,” and those in early or uncertain stages, still have a place in the cloud.

It’s a welcome change following years of pressure from environmental groups to stop plastic pollution flooding into oceans. The company is still working to reduce the use of single-use plastics more broadly in its packaging. The most prolific type of plastic litter near coastlines is plastic film — a material that makes up those once ubiquitous air pillows, according to Oceana. That film also happens to be the “deadliest” type of plastic pollution for large mammals like whales and dolphins that might ingest it, Oceana says.

The company swapped out plastic air pillows and single-use delivery bags for paper and cardboard alternatives in Europe in 2022. It also ditched plastic film packaging at its facilities in India in 2020. The US is Amazon’s largest market, and the company hasn’t managed to fully eliminate plastic packaging in North America just yet. It says it plans to reduce the amount of deliveries containing “Amazon-added plastic delivery packaging” in North America to just one-third of shipments by December, down from two-thirds in December 2023.

The large-scale outage affects roughly 150 of the 500 cameras perched on surveillance towers along the U.S.-Mexico border. It was due to “several technical problems,” according to the memo. The officials, who spoke on the condition of anonymity to discuss a sensitive issue, blamed outdated equipment and outstanding repair issues.

The camera systems, known as Remote Video Surveillance Systems, have been used since 2011 to “survey large areas without having to commit hundreds of agents in vehicles to perform the same function.” But according to the internal memo, 30% were inoperable. It is not clear when the cameras stopped working.Two Customs and Border Protections officials said that some repairs have been made this month but that there are still over 150 outstanding requests for camera repairs. The officials said there are some areas that are not visible to Border Patrol because of broken cameras.

A Customs and Border Protection spokesperson said the agency has installed roughly 300 new towers that use more advanced technology. “CBP continues to install newer, more advanced technology that embrace artificial intelligence and machine learning to replace outdated systems, reducing the need to have agents working non-interdiction functions,” the spokesperson said.

The Chinese technology giant’s Doubao ChatGPT-like generative AI model is the country’s most popular AI chatbot. “The individual was an intern with the [advertising] technology team and has no experience with the AI Lab,” ByteDance said in a statement. “Their social media profile and some media reports contain inaccuracies.” Its commercial online operations, including its large language AI models, were unaffected by the intern’s actions, the company added.

ByteDance also denied reports that the incident caused more than $10 million of damage by disrupting an AI training system made up of thousands of powerful graphics processing units (GPU). As well as firing the person in August, ByteDance said it had informed the intern’s university and industry bodies about the incident.

T-Mobile and AT&T say US regulators should drop a plan to require unlocking of phones within 60 days of activation, claiming that locking phones to a carrier’s network makes it possible to provide cheaper handsets to consumers. “If the Commission mandates a uniform unlocking policy, it is consumers — not providers — who stand to lose the most,” T-Mobile alleged in an October 17 filing with the Federal Communications Commission. The proposed rule has support from consumer advocacy groups who say it will give users more choice and lower their costs.

T-Mobile has been criticized for locking phones for up to a year, which makes it impossible to use a phone on a rival’s network. T-Mobile claims that with a 60-day unlocking rule, “consumers risk losing access to the benefits of free or heavily subsidized handsets because the proposal would force providers to reduce the line-up of their most compelling handset offers.” If the proposed rule is enacted, “T-Mobile estimates that its prepaid customers, for example, would see subsidies reduced by 40 percent to 70 percent for both its lower and higher-end devices, such as the Moto G, Samsung A15, and iPhone 12,” the carrier said. “A handset unlocking mandate would also leave providers little choice but to limit their handset offers to lower cost and often lesser performing handsets.”

Gorman joined Disney’s board less than a year ago and was named the head of the succession planning committee in August. He will continue to lead that committee after he takes over as board chairman from Nike Executive Chairman Parker. “The Disney board has benefited tremendously from James Gorman’s expertise and guidance, and we are lucky to have him as our next chairman — particularly as the board continues to move forward with the succession process,” Iger said in a statement. “I’m extremely grateful to Mark Parker for his many years of board service and leadership, which have been so valuable to this company and its shareholders, and to me as CEO.” […]

Disney had initially targeted 2025 to announce a successor, as CNBC reported last year. Pushing the date back to early 2026 will give the board more time to conduct due diligence on both internal and external candidates, according to people familiar with the matter, who asked not to be named because the discussions are private.

The first hint of that is the headset’s Fresnel lenses, which iFixit’s Shahram Mokhtari writes in a blog post are “100% compatible” with those used by the Quest 2. The headset has the older headset’s IPD adjustment mechanism, as well; and it shares the same single LCD panel, rather than using one panel per eye, like the Meta Quest 3.

Legacy parts aside, iFixit found that the 3S uses two IR sensors for depth mapping instead of a single depth sensor. That “rare iterative improvement over the Quest 3” performed “exceptionally well in unlit spaces,” Mokhtari writes in the blog. And of course, it uses the same Qualcomm Snapdragon XR2 SoC as the Quest 3, and works with Meta’s newer Touch Plus controllers, which are sold separately.

A production company for Blade Runner 2049 has sued (PDF) Tesla, which allegedly fed images from the movie into an artificial intelligence image generator to create unlicensed promotional materials. Alcon Entertainment, in a lawsuit filed Monday in California federal court, accuses Elon Musk and his autonomous vehicle company of misappropriating the movie’s brand to promote its robotaxi at a glitzy unveiling earlier this month. The producer says it doesn’t want Blade Runner 2049 to be affiliated with Musk because of his “extreme political and social views,” pointing to ongoing efforts with potential partners for an upcoming TV series.

The complaint, which brings claims for copyright infringement and false endorsement, also names Warner Bros. Discovery for allegedly facilitating the partnership. “Any prudent brand considering any Tesla partnership has to take Musk’s massively amplified, highly politicized, capricious and arbitrary behavior, which sometimes veers into hate speech, into account,” states the complaint. “Alcon did not want BR2049 to be affiliated with Musk.” […] The lawsuit cites an agreement, the details of which are unknown to Alcon, for Warners to lease or license studio lot space, access and other materials to Tesla for the event. Alcon alleges that the deal included promotional elements allowing Tesla to affiliate its products with WBD movies. WBD was Alcon’s domestic distributor for the 2017 release of Blade Runner 2049. It has limited clip licensing rights, though not for Tesla’s livestream TV event, the lawsuit claims.

Alcon says it wasn’t informed about the brand deal until the day of the unveiling. According to the complaint, Musk communicated to WBD that he wanted to associate the robotaxi with the film. He asked the company for permission to use a still directly from the movie, which prompted an employee to send an emergency request for clearance to Alcon since international rights would be involved, the lawsuit says. The producer refused, spurring the creation of the AI images. […] Alcon seeks unspecified damages, as well as a court order barring Tesla from further distributing the disputed promotional materials.

With the help of water testing and machine learning, the researchers determined that there might be five million to 19 million tons of lithium — more than enough to meet all of the world’s demand for the metal — in a geological area known as the Smackover Formation. Several companies, including Exxon Mobil, are developing projects in Arkansas to produce lithium, which is dissolved in underground brine.

Energy and mining companies have long produced oil, gas and other natural resources in the Smackover, which extends from Texas to Florida. And the federal and state researchers said lithium could be extracted from the waste stream of the brines from which companies extracted other forms of energy and elements. The energy industry, with the Biden administration’s encouragement, has been increasingly working to produce the raw materials needed for the lithium-ion batteries in the United States. A few projects have started recently, and many more are in various stages of study and development across the country.

Most of the world’s lithium is produced in Australia and South America. A large majority of it is then processed in China, which also dominates the manufacturing of electric vehicle batteries. “The potential for increased U.S. production to replace imports has implications for employment, manufacturing and supply chain resilience,” David Applegate, the director of the United States Geological Survey, said in a statement announcing the study. “This study illustrates the value of science in addressing economically important issues.”

The “C” button’s function is vestigial. Back when calculators were commercialized, starting in the mid-1960s, their electronics were designed to operate as efficiently as possible. If you opened up a desktop calculator in 1967, you might have found a dozen individual circuit boards to run and display its four basic mathematical functions. Among these would have been an input buffer or temporary register that could store an input value for calculation and display. The “C” button, which was sometimes labeled “CE” (Clear Entry) or “CI” (Clear Input), provided a direct interface to zero out — or “clear” — such a register. A second button, “AC” (All Clear), did the same thing, but for other parts of the circuit, including previously stored operations and pending calculations. (A traditional calculator’s memory buttons — “M+,” “M-,” “MC” — would perform simple operations on a register.)

By 1971, Mostech and Texas Instruments had developed a “calculator on a chip,” which condensed all of that into a single integrated circuit. Those chips retained the functions of their predecessors, including the ones that were engaged by “C” and “AC” buttons. And this design continued on into the era of pocket calculators, financial calculators, and even scientific calculators such as the ones you may have used in school. Some of the latter were, in essence, programmable pocket computers themselves, and they could have been configured with a backspace key. They were not.

“The most significant change we’re seeing over the past 18 to 20 months is the accuracy of those answers from the large language models,” gushed the CEO at last week’s Harvard Business Review Future of Business Conference. “I think over the past 18 months, that problem has pretty much been solved — meaning when you talk to a chatbot, a frontier model-based chatbot, you can basically trust the answer,” he added.

Li also described the AI sector as in an “inevitable bubble,” similar to the dot-com bubble in the ‘90s. “Probably one percent of the companies will stand out and become huge and will create a lot of value or will create tremendous value for the people, for the society. And I think we are just going through this kind of process,” stated Li. The CEO also guesstimated it will be another 10 to 30 years before human jobs are displaced by the technology. “Companies, organizations, governments and ordinary people all need to prepare for that kind of paradigm shift,” he warned.