News

The intersection of math, computers, and everything else | MIT News

Shardul Chiplunkar, a senior in Course 18C (mathematics with computer science), entered MIT interested in computers, but soon he was trying everything from spinning fire to building firewalls. He dabbled in audio engineering and glass blowing, was a tenor for the MIT/Wellesley Toons a capella group, and learned to sail.

“When I was entering MIT, I thought I was just going to be interested in math and computer science, academics and research,” he says. “Now what I appreciate the most is the diversity of people and ideas.”

Academically, his focus is on the interface between people and programming. But his

Read More

Tech 101: What to do when your computer freezes

Pop quiz: How often do you need to restart your computer for best performance? 

Here’s a hint. If you only do it when your machine crashes or needs to update, that’s not enough. Tap or click for my recommendation for keeping your computer happy

It’s frustrating to deal with a slow, lagging computer day in and day out. Tap or click for six easy tactics to speed up an old PC. 

Sometimes the issues are more acute. If your computer is unresponsive, slow down and follow these steps.

Restart first 

OK, this step is obvious, but there is often

Read More

Chinese and Iranian hackers exploit Log4j computer flaw, affecting hundreds of millions

Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. Firms including Microsoft say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.

The Department of Homeland Security has sounded a dire alarm, ordering federal agencies to urgently find and patch bug instances because it’s so easily exploitable — and telling those with public-facing networks to put up firewalls if they can’t be sure. A small piece of code, the affected software often undocumented.

Lodged in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything

Read More

Windows 10 21H2 adds ransomware protection to security baseline

Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit.

“This Windows 10 feature update brings very few new policy settings,” Microsoft security consultant Rick Munck said.

“One setting has been added for this release for printer driver installation restrictions (which was also added to the Windows 11 release). Additionally, all Microsoft Edge Legacy settings have been removed,”

Protection from human-operated ransomware

However, the highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default (this

Read More

T-Mobile says it blocked 21 billion scam calls this year

T-Mobile says it blocked 21 billion scam, spam, and unwanted robocalls this year through its free Scam Shield robocall and scam protection service, amounting to an average of 1.8 billion scam calls identified or blocked every month.

Furthermore, based on data through early December 2021, the carrier fund that scam call traffic has reached an all-time high, jumping over 116% from 2020 to a total of roughly 425 million scam call attempts every week.

Last year, when it announced the Scam Shield service, T-Mobile said it could detect or block approximately 12 billion scam calls in 2019 and that around

Read More

2easy now a significant dark web marketplace for stolen data

A dark web marketplace named ‘2easy’ is becoming a significant player in the sale of stolen data “Logs” harvested from roughly 600,000 devices infected with information-stealing malware.

“Logs” are archives of data stolen from compromised web browsers or systems using malware, and their most important aspect is that they commonly include account credentials, cookies, and saved credit cards.

2easy launched in 2018 and has experienced rapid growth since last year when it only sold data from 28,000 infected devices and was considered a minor player.

Based on an analysis by researchers at Israeli dark web intelligence firm KELA, the sudden

Read More

Major services including Slack, AWS, Hulu, Imgur facing outages

Major services across the internet are currently facing ongoing networking outages.

Popular sites and apps can’t be reached

These services include Amazon, AWS, Hulu, Slack, Imgur, Asana, Grindr, Scruff, HubSpot, Zendesk, among other popular sites and services.

outage impacts major services
Today’s outage has hit major online services and apps (DownDetector)

Tests by BleepingComputer confirmed that IMs and file uploads have been failing on Slack, and connectivity is also impacted.

Users are receiving errors when sending or editing messages on Slack, such as: 

“Couldn’t send message. Your message, along with any files and attachments, has been saved to your drafts,” or “Sorry,

Read More

Microsoft warns of easy Windows domain takeover via Active Directory bugs

Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.

The company released security updates to address the two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278 and reported by Andrew Bartlett of Catalyst IT) during the November 2021 Patch Tuesday.

Redmond’s warning to immediately patch the two bugs — both allowing attackers to impersonate domain controllers — comes after a proof-of-concept (PoC) tool that can leverage these vulnerabilities was shared on Twitter and GitHub on December 11.

“When combining these two vulnerabilities, an attacker can

Read More

New Dell BIOS updates cause laptops and desktops not to boot

Recently released Dell BIOS updates are reportedly causing serious boot problems on multiple laptops and desktop models.

Impacted models include Dell Latitude laptops (5320 and 5520), as well as Dell Inspiron 5680 and Alienware Aurora R8 desktops.

Customer reports shared on social media platforms, including Dell’s official community website [1, 2] and Reddit [1, 2], warn that the latest BIOS version (version 1.14.3 for Latitude laptops, 2.8.0 for Inspiron, and 1.0.18 for Aurora R8) will cause booting issues.

Although the impacted systems will power up, users say peripheral lights and displays will not turn

Read More

Dark Mirai botnet targeting RCE on popular TP-Link router

The botnet known as Dark Mirai (aka MANGA) has been observed exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular inexpensive home router released in 2017.

The flaw is tracked as CVE-2021-41653 and is caused by a vulnerable ‘host’ variable that an authenticated user can abuse to execute commands on the device.

TP-Link fixed the flaw by releasing a firmware update (TL-WR840N(EU)_V5_211109) on November 12, 2021. However, many users have not applied the security update yet.

The researcher who discovered the vulnerability published a proof of concept (PoC) exploit for the RCE, leading to threat actors using

Read More