What do you when people hate your $10 billion selfie? "Mark Zuckerberg, in response to a torrent of critical memes mocking the graphics of Meta's newest project, has heard his critics — and changed his selfie," reports CNN: Zuckerberg debuted Horizon Worlds, a virtual reality social app, in France and Spain earlier this week, sharing a somewhat flat, goofy digital avatar in front of an animated Eiffel Tower and la Sagrada Família.

The internet immediately jumped in, mocking what many users viewed as (hopefully) preliminary graphics for a venture that Meta has spent at least $10 billion in the last year.

New York Times tech columnist Kevin Roose compared the graphics to "worse than a 2008 Wii game" on Twitter. Slate used the term " buttcheeks." Twitter was less kind: "eye-gougingly ugly" and "an international laughing stock" popping up. Many compared it to early 90's graphics and pointed out how lifeless and childish the Zuckerberg selfie looked. It quickly won the designation "dead eyes."

Well, Zuckerberg has apparently seen the memes, because on Friday he announced there are major updates coming — along with new avatar graphics.
In a CNBC report on how Zuckerberg "is getting dragged on the internet for how ugly the graphics of this game are," they'd actually quoted a Forbes headline that asked, "Does Mark Zuckerberg not understand how bad his metaverse is?"

"The very first results from the James Webb Space Telescope seem to indicate that massive, luminous galaxies had already formed within the first 250 million years after the Big Bang," reports Sky and Telescope.

"If confirmed, this would seriously challenge current cosmological thinking." Shortly after NASA published Webb's first batch of scientific data, the astronomical preprint server arXiv was flooded with papers claiming the detection of galaxies that are so remote that their light took some 13.5 billion years to reach us. Many of these appear to be more massive than the standard cosmological model that describes the universe's composition and evolution. "It worries me slightly that we find these monsters in the first few images," says cosmologist Richard Ellis (University College London)....

Before the community accepts these claims, the reported redshifts have to be confirmed spectroscopically. Mark McCaughrean, the senior science adviser of the European Space Agency (a major partner on Webb) commented on Twitter: "I'm sure some of them will be [confirmed], but I'm equally sure they won't all be. [...] It does all feel a little like a sugar rush at the moment."

Ellis agrees: "It's one thing to put a paper on arXiv," he says, "but it's quite something else to turn it into a lasting article in a peer-reviewed journal."
Since 1991, science writer Eric Lerner has been arguing that the Big Bang never happened. Now 75 years old, he writes: In the flood of technical astronomical papers published online since July 12, the authors report again and again that the images show surprisingly many galaxies, galaxies that are surprisingly smooth, surprisingly small and surprisingly old. Lots of surprises, and not necessarily pleasant ones. One paper's title begins with the candid exclamation: "Panic!"

Why do the JWST's images inspire panic among cosmologists? And what theory's predictions are they contradicting? The papers don't actually say. The truth that these papers don't report is that the hypothesis that the JWST's images are blatantly and repeatedly contradicting is the Big Bang Hypothesis that the universe began 14 billion years ago in an incredibly hot, dense state and has been expanding ever since. Since that hypothesis has been defended for decades as unquestionable truth by the vast majority of cosmological theorists, the new data is causing these theorists to panic. "Right now I find myself lying awake at three in the morning," says Alison Kirkpatrick, an astronomer at the University of Kansas in Lawrence, "and wondering if everything I've done is wrong...."

Even galaxies with greater luminosity and mass than our own Milky Way galaxy appear in these images to be two to three times smaller than in similar images observed with the Hubble Space Telescope (HST), and the new galaxies have redshifts which are also two to three times greater.This is not at all what is expected with an expanding universe, but it is just exactly what I and my colleague Riccardo Scarpa predicted based on a non-expanding universe, with redshift proportional to distance.... [T]he galaxies that the JWST shows are just the same size as the galaxies near to us, if it is assumed that the universe is not expanding and redshift is proportional to distance.....

Big Bang theorists did expect to see badly mangled galaxies scrambled by many collisions or mergers. What the JWST actually showed was overwhelmingly smooth disks and neat spiral forms, just as we see in today's galaxies. The data in the "Panic!" article showed that smooth spiral galaxies were about "10 times" as numerous as what theory had predicted and that this "would challenge our ideas about mergers being a very common process". In plain language, this data utterly destroys the merger theory....

According to Big Bang theory, the most distant galaxies in the JWST images are seen as they were only 400-500 million years after the origin of the universe. Yet already some of the galaxies have shown stellar populations that are over a billion years old. Since nothing could have originated before the Big Bang, the existence of these galaxies demonstrates that the Big Bang did not occur....

While Big Bang theorists were shocked and panicked by these new results, Riccardo and I (and a few others) were not. In fact, a week before the JWST images were released we published online a paper that detailed accurately what the images would show. We could do this with confidence because more and more data of all kinds has been contradicting the Big Bang hypothesis for years....

Based on the published literature, right now the Big Bang makes 16 wrong predictions and only one right one — the abundance of deuterium, an isotope of hydrogen.
UPDATE: Kirkpatrick says her quote was was taken out of context, in an article from Space.com that dismises Eric Lerner as "a serial denier of the Big Bang since the late 1980s, preferring his personal pseudoscientific alternative."

Lenovo has taken issue with the design of the Framework Laptop and one of its power buttons. The Verge reports: In a tweet, the startup claims to have been contacted by Lenovo's legal team, who say the circular design of the power button on one of Framework's designs is too similar to the stylized "O" Lenovo uses in the wordmark for its "Legion" brand of gaming laptops. "Consumers could believe that Framework's Broken O Case or the motherboards they cover are produced by, sponsored, endorsed, licensed, or otherwise affiliated with Lenovo, when that is not the case," a screenshot of the legal letter from Lenovo posted by Framework reads.

The offending power button design doesn't appear on any of Framework's laptops. Instead, the circle can be found in the 3D printer case schematics that Framework released back in April, which allow customers to build their own Raspberry Pi-style miniature PCs using just the laptop's motherboard (these can be bought separately, as well as harvested from a Framework laptop). This YouTube video gives a nice overview of how the 3D-printed enclosure is supposed to work (the power button gets pressed at the 9:35 minute mark). [...] Framework doesn't physically sell anything with the offending power button design on it, so fixing the problem is theoretically as simple as uploading a replacement set of CAD files to GitHub. So, rather than fighting Lenovo, Framework is holding a competition for its users to submit new designs for its power button. Entries are open until August 25th, and the winner gets a free i5-1135G7 Mainboard.

John Carmack, a programmer who founded gaming firm id Software and served as chief technology officer of Oculus, has launched a new artificial general intelligence startup called Keen Technologies, and it has raised $20 million in a financing round co-led by former GitHub chief executive Nat Friedman and Cue founder Daniel Gross, Carmack said Friday. Stripe co-founder Patrick Collison, Shopify co-founder Tobi Lutke, storied venture fund Sequoia and microprocessor engineer Jim Keller also invested in the round, a name of which as well as the startup's valuation Carmack did not disclose. In a Twitter thread, Carmack adds: This is explicitly a focusing effort for me. I could write a $20M check myself, but knowing that other people's money is on the line engenders a greater sense of discipline and determination. I had talked about that as a possibility for a while, and I am glad Nat pushed me on it. I am continuing as a consultant with Meta on VR matters, devoting about 20% of my time there.

Europe is seriously considering developing space-based solar power to increase its energy independence and reduce greenhouse gas emissions, the leader of the European Space Agency said this week. Ars Technica reports: "It will be up to Europe, ESA and its Member States to push the envelope of technology to solve one of the most pressing problems for people on Earth of this generation," said Josef Aschbacher, director general of the space agency, an intergovernmental organization of 22 member states. Previously the space agency commissioned studies from consulting groups based in the United Kingdom and Germany to assess the costs and benefits of developing space-based solar power. ESA published those studies this week in order to provide technical and programmatic information to policymakers in Europe. Aschbacher has been working to build support within Europe for solar energy from space as a key to energy de-carbonization and will present his Solaris Program to the ESA Council in November. This council sets priorities and funding for ESA. Under Aschbacher's plans, development of the solar power system would begin in 2025.

In concept, space-based solar power is fairly straightforward. Satellites orbiting well above Earth's atmosphere collect solar energy and convert it into current; this energy is then beamed back to Earth via microwaves, where they are captured by photovoltaic cells or antennas and converted into electricity for residential or industrial use. The primary benefits of gathering solar power from space, rather than on the ground, is that there is no night or clouds to interfere with collection; and the solar incidence is much higher than at the northern latitudes of the European continent.

The two consulting reports discuss development of the technologies and funding needed to start to bring a space-based power system online. Europe presently consumes about 3,000 TWh of electricity on an annual basis, and the reports describe massive facilities in geostationary orbit that could meet about one-quarter to one-third of that demand. Development and deployment of these systems would cost hundreds of billions of euros. Why so much? Because facilitating space-based solar power would require a constellation of dozens of huge, sunlight-gathering satellites located 36,000 km from Earth. Each of these satellites would have a mass 10 times larger, or more, than that of the International Space Station, which is 450 metric tons and required more than a decade to assemble in low Earth orbit. Launching the components of these satellites would ultimately require hundreds or, more likely, thousands of launches by heavy lift rockets. "Using projected near-term space lift capability, such as SpaceX's Starship, and current launch constraints, delivering one satellite into orbit would take between 4 and 6 years," a report by British firm Frazer-Nash states. "Providing the number of satellites to satisfy the maximum contribution that SBSP could make to the energy mix in 2050 would require a 200-fold increase over current space-lift capacity." Critics of the concept include Elon Musk and physicist Casey Handmer, among others, which take issue with the poor photon to electron to photon conversion efficiency and prohibitively expensive transmission losses, thermal losses, and logistics costs.

A Saudi woman has been sentenced to 34 years in prison for retweeting activists through her Twitter account and sharing posts that spoke in favor of the right of women to drive. The Verge reports: Salma al-Shehab was a PhD candidate at the University of Leeds in the UK and was detained in January 2021 after returning to Saudi Arabia for a vacation. Shehab was initially sentenced to six years for using social media to "disturb public order and destabilize the security and stability of the state," based on having reshared tweets from Saudi activists living in exile who called for the release of political prisoners in the kingdom. The incident was reported in an editorial board piece from The Washington Post, which called it "yet another glimpse at the brutal underside of the Saudi dictatorship under its crown prince and de facto head of state, Mohammed bin Salman."

The Post reports that prosecutors in the appeal to Shehab's case argued for a more severe punishment under Saudi cybercrime and anti-terrorism laws, leading to a drastically increased sentence of 34 years, handed down on August 8th. The Freedom Initiative nonprofit, which advocates for the rights of prisoners detained in the Middle East, states that this is the longest known sentence for a women's rights activist in Saudi Arabia.

An anonymous reader quotes a report from Bleeping Computer: North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. The name of the false document was "Coinbase_online_careers_2022_07." When launched, it displays the decoy PDF above and loads a malicious DLL that ultimately allows the threat actor to send commands to the infected device. Security researchers at cybersecurity company ESET found that the hackers also had malware ready for macOS systems. They said that the malicious file is compiled for Macs with both Intel and Apple silicon, meaning that users of both older and newer models were targeted. In a thread on Twitter, they note that the malware drops three files [...].

ESET linked the recent macOS malware to Operation In(ter)ception, a Lazarus campaign that targeted high-profile aerospace and military organizations in a similar way. Looking at the macOS malware, the researchers noticed that it was signed on July 21 (as per the timestamp value) with a certificate issued in February to a developer using the name Shankey Nohria and team identifier 264HFWQH63. On August 12, the certificate had not been revoked by Apple. However, the malicious application was not notarized -- an automatic process that Apple uses to check software for malicious components. Compared to the previous macOS malware attributed to the Lazarus group of hackers, ESET researchers observed that the downloader component connects to a different command and control (C2) server, which was no longer responding at the time of the analysis.

An anonymous reader quotes a report from Ars Technica: A successful phishing attack at SMS services company Twilio may have exposed the phone numbers of roughly 1,900 users of the secure messaging app Signal -- but that's about the extent of the breach, says Signal, noting that no further user data could be accessed. In a Twitter thread and support document, Signal states that a recent successful (and deeply resourced) phishing attack on Twilio allowed access to the phone numbers linked with 1,900 users. That's "a very small percentage of Signal's total users," Signal writes, and all 1,900 affected users will be notified (via SMS) to re-register their devices. Signal, like many app companies, uses Twilio to send SMS verification codes to users registering their Signal app.

With momentary access to Twilio's customer support console, attackers could have potentially used the verification codes sent by Twilio to activate Signal on another device and thereby send or receive new Signal messages. Or an attacker could confirm that these 1,900 phone numbers were actually registered to Signal devices. No other data could be accessed, in large part because of Signal's design. Message history is stored entirely on user devices. Contact and block lists, profile details, and other user data require a Signal PIN to access. And Signal is asking users to enable registration lock, which prevents Signal access on new devices until the user's PIN is correctly entered. "The kind of telecom attack suffered by Twilio is a vulnerability that Signal developed features like registration lock and Signal PINs to protect against," Signal's support document reads. The messaging app notes that while Signal doesn't "have the ability to directly fix the issues affecting the telecom ecosystem," it will work with Twilio and other providers "to tighten up their security where it matters for our users."

Nearly three years after Adam Neumann stepped down as CEO of WeWork following a failed attempt to take the company public, he is said to once again be in charge of a billion-dollar real estate startup. CNN Business reports: Andreessen Horowitz, the prominent venture capital firm known for its early investments in Twitter and Airbnb, has pumped about $350 million into Neumann's newest venture, called Flow, according to The New York Times, citing unnamed sources briefed on the deal. The investment valued the startup at more than $1 billion, according to the report. In a blog post Monday, Marc Andreessen, cofounder and general partner at the VC firm, announced the investment, without disclosing financial details. He also explained his thinking for backing Flow, a residential real estate company, and Neumann despite the founder's high-profile fall from grace at WeWork.

"Adam is a visionary leader who revolutionized the second largest asset class in the world -- commercial real estate -- by bringing community and brand to an industry in which neither existed before," Andreessen wrote in his post Monday. "Adam, and the story of WeWork, have been exhaustively chronicled, analyzed, and fictionalized -- sometimes accurately. For all the energy put into covering the story, it's often under appreciated that only one person has fundamentally redesigned the office experience and led a paradigm-changing global company in the process: Adam Neumann." It's not immediately clear how Flow seeks to revolutionize the residential housing industry. Flow currently has a bare bones website, with the slogan "Live life in flow" and two words stating it will launch in 2023.

Andreessen positioned the new company as a long-awaited solution to the nation's "housing crisis." He used a mix of jargon-filled terms -- "community-driven, experience-centric service" -- to explain how the new startup would "create a system where renters receive the benefits of owners." "We think it is natural that for his first venture since WeWork, Adam returns to the theme of connecting people through transforming their physical spaces and building communities where people spend the most time: their homes," Andreessen wrote. "Residential real estate -- the world's largest asset class -- is ready for exactly this change."

At a military convention in Russia, a local company is showing off a robot dog that's carrying a rocket launcher. From a report: Russian news agency RIA Novosti today filmed the four-legged bot at the Army 2022 convention, which is taking place near Moscow and sponsored by the country's Ministry of Defense. The robot was recorded trotting along on the convention floor while wielding a rocket-propelled grenade launcher on its back. The robot is also capable of crouching on the floor, making it harder to spot, while it presumably waits to fire off a rocket. It remains unclear if the robot will ever be used on the field when Russia is locked in a war with Ukraine, and already using air-based drones at least for recon and targeting purposes. But according to RIA Novosti, the bot is dubbed the M-81 system and comes from a Russian engineering company called "Intellect Machine." The developers say the robot dog is being designed to both transport weapons and ammunition and fire them during combat missions.

Long-time Slashdot reader drinkypoo writes: John Deere, current and historic American producer of farming equipment, has long been maligned for their DRM-based lockdowns of said equipment which can make it impossible for farmers to perform their own service. Now a new security bypass has been discovered for some of their equipment, which has revealed that it is in general based on outdated versions of Linux and Windows CE.

Carried out by Sick Codes, the complete attack involves attaching hardware to the PCB inside a touchscreen controller, and ultimately produces a root terminal.

In the bargain and as a result, the question is being raised about JD's GPL compliance.
Sick Codes isn't sure how John Deere can eliminate this vulnerability (beyond overhauling designs to add full disk encryption to future models). But Wired also notes that "At the same time, though, vulnerabilities like the ones that Sick Codes found help farmers do what they need to do with their own equipment."

Although the first thing Sick Codes did was get the tractor running a farm-themed version of Doom.

Last year Rodolfo Castro made baseball history. Called up to the Major Leagues in April, the 22-year-old eventually recorded his first hit — a home run. But his next four recorded hits were all also home runs, something no player had done since 1901.

CBS News reports that this week, finally called back up to the Major Leagues, Castro again made history — of another sort: Modern technology has allowed people to take their phones, as well as the power of the internet, with them anywhere they go. Pittsburgh Pirates second baseman Rodolfo Castro took his around the bases against the Arizona Diamondbacks on Tuesday night.
Yep — an iPhone made a bizarre cameo in the 4th inning, reports the Associated Press: Castro and third base coach Mike Rabelo stood and stared, mortified.... Even third base umpire Adam Hamari had the perfect reaction, pointing at the phone that came flying out of Castro's back pocket during a head-first slide, trying not to giggle at the absurdity of the situation.

Those around the sport cringed along with them. "That's obviously not something that should happen," Yankees manager Aaron Boone said.... This faux pas just happened to be at a televised big league game, creating a video clip seen by millions.

"I just remember getting dressed, putting my pants on, getting something to eat, using the restroom," the 23-year-old Castro said through a translator Tuesday night after the Pirates lost 6-4 to Arizona. "Never did it ever cross my mind that I still had my cellphone on me...."

It's far from the first time a phone has made a cameo on a pro sports field. One of the most famous examples came nearly 20 years ago when New Orleans Saints receiver Joe Horn pulled out a flip phone — remember those? — that he had hidden in the padding around the goalpost and then acted like he was taking a call after scoring a touchdown.

NBC News reports: Facebook, once the go-to social media platform for many, has plummeted in popularity among younger users, according to a new Pew Research Center survey.... The share of 13- to 17-year-olds who said they use Facebook dropped from 71% in the 2015 study to 32% today, Pew found.

As Facebook's popularity sinks, YouTube has become the dominating platform among teens, who are also using social media apps like TikTok, Snapchat and [Meta-owned] Instagram... While Facebook still beats out Twitter among Gen Z teens, Snapchat and Instagram have dwarfed its popularity. Sixty-two percent of teens use Instagram and 59% use Snapchat, according to Pew. TikTok also beats Facebook in popularity, with 67% of respondents saying they use the short-form video app, Pew reported....

The most popular platform among 13- to 17-year-olds is YouTube, which is used by 95% of teens, the research found.
There's an interesting graph showing trends in Pew's announcement. It's handy way to visualize that over the last seven years usage has dropped for Facebook, Twitter, and Tumbler — while usage increased for Instagram and Snapchat.

But YouTube hovers above them all with 95% usage.

"The fate of Warner Bros. DC Comics movies is looking grim," writes the Verge.

Since April's merger between Warner Brothers and Discovery, they call it "fairly obvious" that "the new guard at Warner Bros. Discovery wants to jettison or at the very least put some distance between itself and the DC Extended Universe's current iteration (along with all the baggage associated with the endeavor.)" The DC Extended Universe was plagued by a number of issues long... like a general lack of cohesion, subpar storytelling, and an association with a toxic fandom whose obsession eventually devolved into harassment campaigns against studio executives. Looking back, Justice League as it was released in 2017 was a haphazard attempt to catch up to the Marvel Cinematic Universe that put far too much faith in the power of people's general familiarity with characters like Wonder Woman, Cyborg, and Aquaman who didn't really have presences in the DC Extended Universe at the time.
Screen Rant calls Justice League "a movie that polarized audiences and was less successful than Man of Steel at the box office" — then explains what happened next: The DC Extended Universe had been struggling with highly divisive or critically panned movies, such as Batman v Superman: Dawn of Justice and Suicide Squad, but it was not until Justice League that the franchise really took a significant financial hit. In addition, Justice League was also the start of a series of behind-the-scenes controversies, and at this point, it is difficult to picture the Justice League cast all returning for a sequel....

With Ben Affleck seemly done with Batman and the studio wanting to move away from everything Justice League-related, DC needed a way to combine what had been working, such as Jason Momoa's Aquaman and Gal Gadot's Wonder Woman, with new strategies, such as Michael Keaton's [appearing in the upcoming Flash movie as] Batman. The answer seemed simple — the multiverse....

The fact that Batgirl, a movie that would have shown the aftermath of The Flash's multiverse journey, was canceled [last week] proves that the multiverse is no longer a priority for DC. Not only that but right before Batgirl's cancelation was announced, it was reported that Ben Affleck would replace Michael Keaton's rumored cameo in Aquaman and the Lost Kingdom.... During Warner Bros. Discovery's earning calls on August 5, CEO David Zaslav mentioned that the new management will make upcoming DC Extended Universe movies like Black Adam and The Flash "even better", suggesting that reshoots could be on the way.

One of the most popular media player software and streaming media server VLC media player, developed by VideoLAN project, is no longer working in India. India Today reports: As per a report by MediaNama, VLC Media Player has been blocked in India nearly 2 months ago. Neither the company nor the Indian government has revealed any details about the ban. Some reports suggest that VLC Media Player has been blocked in the country because the platform was China-backed hacking group Cicada was using it for cyber attacks. Just a few months ago, security experts discovered that Cicada was using VLC Media Player to deploy a malicious malware loader as part of a long-running cyber attack campaign.

Since it was a soft ban, neither the company, nor the Indian government officially announced the banning of the media platform. Some users on Twitter are still discovering the restrictions of the platform. One of the Twitter users by the name Gagandeep Sapra tweeted a screenshot of the VLC website that shows âoethe website has been blocked as per order Ministry of Electronics and Information Technology under IT Act, 2000." Currently, the VLC Media Player website and download link are blocked in the country. In simple words, this means that no one in the country can access the platform for any work. This is seemingly the case for users who have the software installed on their device. It is said that VLC Media Player is blocked on all major ISPs including ACTFibernet, Jio, Vodafone-idea and others.

Epson has gained some scrutiny in recent weeks after the company disabled a printer that was otherwise working fine, leading to accusations of planned obsolescence. Epson knows its printers will stop working without simple maintenance at a predictable point in the future, and it knows that it won't be cost-effective for many owners to send their home printers in for service. So why not build them to be user serviceable in the first place? The Verge: The inciting post from @marktavern mentions that his wife was unable to use her "very expensive Epson printer" after an end-of-service error message appeared. This isn't anything new for Epson printers, sadly. Reports going back several years mention an infamous error message that reads "parts inside the printer have reached the end of their service life." Epson confirmed to The Verge that the error is related to the printer's ink pads, which had likely become saturated through extended use and were now at risk of spilling into the rest of the printer mechanism.

In a recently updated support document, Epson offers several solutions to resolve the problem. These include sending the printer into Epson to replace the ink pads or having a local certified technician do it. Previously (via Wayback Machine), just before the issue gained notoriety, Epson conceded that "repair may not be a good investment for lower cost printers because the printer's other components also may be near the end of usable life." It then added that "most consumers who are out of warranty elect to replace a lower-cost printer when they receive an end of life service message." Now, Epson suggests the feel-good option of sending the bricked unit in for recycling.

Mailchimp appears to have suspended the accounts of several crypto-related firms, according to the affected outlets. Crypto firms on the chopping board include intelligence platform Messari. From a report: Founder Ryan Selkis posted on Twitter revealing the suspension and expressing his disappointment. Crypto wallet provider Edge, NFT artist Ocarina, and Jesse Friedland -- the founder of NFT collection Cryptoon Goonz -- are among prominent names that appear to have had their accounts suspended in the last several weeks, according to the Decrypt report.

An anonymous reader quotes a report from BleepingComputer: Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee's account. "Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors," a Cisco spokesperson told BleepingComputer. "Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations. On August 10 the bad actors published a list of files from this security incident to the dark web. We have also implemented additional measures to safeguard our systems and are sharing technical details to help protect the wider security community."

The Yanluowang threat actors gained access to Cisco's network using an employee's stolen credentials after hijacking the employee's personal Google account containing credentials synced from their browser. The attacker convinced the Cisco employee to accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang that impersonated trusted support organizations. The threat actors finally tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user. Once they gained a foothold on the company's corporate network, Yanluowang operators spread laterally to Citrix servers and domain controllers.

"They moved into the Citrix environment, compromising a series of Citrix servers and eventually obtained privileged access to domain controllers," Cisco Talos said. After gaining domain admin, they used enumeration tools like ntdsutil, adfind, and secretsdump to collect more information and installed a series of payloads onto compromised systems, including a backdoor. Ultimately, Cisco detected and evicted them from its environment, but they continued trying to regain access over the following weeks. [...] Last week, the threat actor behind the Cisco hack emailed BleepingComputer a directory listing of files allegedly stolen during the attack. The threat actor claimed to have stolen 2.75GB of data, consisting of approximately 3,100 files. Many of these files are non-disclosure agreements, data dumps, and engineering drawings.

Iran has announced it used cryptocurrency to pay for imports, raising the prospect that the nation is using digital assets to evade sanctions. The Register reports: Trade minister Alireza Peyman Pak revealed the transaction with the tweet [here], which translates as "This week, the first official import order was successfully placed with cryptocurrency worth ten million dollars. By the end of September, the use of cryptocurrencies and smart contracts will be widespread in foreign trade with target countries."

It is unclear what Peman Pak referred to with his mention of widespread use of crypto for foreign trade, and the identity of the foreign countries he mentioned is also obscure. But the intent of the announcement appears clear: Iran will use cryptocurrency to settle cross-border trades.

Pew Research has published a new report that examines social media usage trends among US teens. The organization found that a whopping 95 percent of them use YouTube, while 19 percent are on the platform "almost constantly." Engadget reports: Perhaps unsurprisingly, two-thirds (67 percent) said they used TikTok, with 16 percent claiming they are on the app "almost constantly." The third most-popular social media platform among teens is Instagram, per Pew, with 62 percent using it. A tenth say they use it almost all the time -- despite the app occasionally telling them to take a break. A previous poll conducted in 2014-15 found that 52 percent were using Instagram (Pew didn't ask about YouTube usage for that survey and TikTok didn't exist at the time).

Snapchat also rose among teens, with 59 percent using it in 2022, compared with 41 percent in the previous poll. Facebook was the top social media app among teens seven years ago, with 71 percent of them using it, but that figure has dropped to 32 percent. Teen adoption of Twitter (down from 33 percent to 23 percent) and Tumblr (14 percent to five percent) has fallen over the same period too. The 2014-15 poll didn't ask about Twitch, WhatsApp or Reddit. These days, a fifth of teens use Twitch, 17 percent are on WhatsApp and 14 percent are accessing Reddit.