LinkedIn will allow most employees to opt for full-time remote work as offices gradually reopen, Chief People Officer Teuila Hanson told Reuters. From the report: This new policy from Microsoft's professional social networking site is a reversal of the company's initial indication last October that employees would be expected to work from an office 50% of the time, when COVID-19 pandemic restrictions lift. The updated policy, offering employees the flexibility to work remotely full-time or work at an office part-time, will apply to LinkedIn's global workforce of more than 16,000 employees. "We anticipate that we'll definitely see more remote employees than what we saw prior to the pandemic," Hanson said in a Wednesday interview ahead of the announcement, adding that some jobs would require in-office work.

An anonymous reader quotes a report from ZDNet: In reporting its Q4 FY21 earnings, Microsoft disclosed that both its Surface and Windows revenues were affected negatively by supply-chain constraints. While remote work has continued to fuel PC demand, Microsoft and its OEM partners have had problems getting enough components, including chips, power cords and other electronic components that are required for new PCs. In Q4, Microsoft's Surface revenue fell 20 percent, to $1.38 billion in the quarter. The year-ago quarter comparison was tough because Surface and other Windows PCs saw lots of demand as people needed to buy PCs to enable them to work from home. Chief Financial Officer Amy Hood told analysts on the earnings call that Microsoft anticipated that Surface revenues would continue to fall next quarter due to supply-chain constraints.

Supply-chain pressures also will continue to impact Microsoft's Xbox gaming consoles and PCs made by its partners, company officials conceded. Hood told analysts to expect Windows OEM revenues in Q1 FY22 to decline mid to high single digits and Surface revenue to decline by low teens. The Q4 numbers released today had Windows OEM Pro revenues down two percent compared to the year-ago quarter and non-Pro (consumer) OEM growth off by four percent. Supply-chain constraints don't seem to be impacting how quickly Microsoft can continue to build out its cloud footprint, however. Hood and other officials expect Microsoft to continue to grow its commercial cloud businesses, including Azure, Office 365 and Dynamics 365. Azure was up 51 percent (from some undisclosed base number) for the quarter and Dynamics 365 was up 49 percent from some undisclosed base -- its third consecutive quarter of growth.

An anonymous reader quotes a report from Ars Technica: Google's reputation for aggressively killing products and services is hurting the company's brand. Any new product launch from Google is no longer a reason for optimism; instead, the company is met with questions about when the product will be shut down. It's a problem entirely of Google's own making, and it's yet another barrier that discourages customers from investing (either time, money, or data) in the latest Google thing. The wide public skepticism of Google Stadia is a great example of the problem. A Google division with similar issues is Google Cloud Platform, which asks companies and developers to build a product or service powered by Google's cloud infrastructure. Like the rest of Google, Cloud Platform has a reputation for instability, thanks to quickly deprecating APIs, which require any project hosted on Google's platform to be continuously updated to keep up with the latest changes. Google Cloud wants to address this issue, though, with a new "Enterprise API" designation.

Enterprise APIs basically get a roadmap that promises stability for certain APIs. Google says, "The burden is on us: Our working principle is that no feature may be removed (or changed in a way that is not backwards compatible) for as long as customers are actively using it. If a deprecation or breaking change is inevitable, then the burden is on us to make the migration as effortless as possible." If Google needs to change an API, customers will now get a minimum of one year's notice, along with tools, documentation, and other materials. Google goes on to say, "To make sure we follow these tenets, any change we introduce to an API is reviewed by a centralized board of product and engineering leads and follows a rigorous product lifecycle evaluation."

Despite being one of the world's largest Internet companies and basically defining what modern cloud infrastructure looks like, Google isn't doing very well in the cloud infrastructure market. Analyst firm Canalys puts Google in a distant third, with 7 percent market share, behind Microsoft Azure (19 percent) and market leader Amazon Web Services (32 percent). Rumor has it (according to a report from The Information) that Google Cloud Platform is facing a 2023 deadline to beat AWS and Microsoft, or it will risk losing funding. Ex-Googler Steve Yegge laid out the problems with Google Cloud Platform last year in a post titled "Dear Google Cloud: Your Deprecation Policy is Killing You." Google's announcement seems to hit most of what that post highlights, like a lack of documentation and support, an endless treadmill of API upgrades, and Google Cloud's general disregard for backward compatibility. Yegge argues that successful platforms like Windows, Java, and Android (a group Yegge says is isolated from the larger Google culture) owe much of their success to their commitment to platform stability. AWS is the market leader partly because it's considered a lot more stable than Google Cloud Platform.

Google has updated the schedule for its introduction of "Privacy Sandbox" browser technology and the phasing out of third-party cookies. The Register reports: The new timeline has split the bundle of technologies in the Privacy Sandbox into five phases: discussion, testing, implementation in Chrome (called "Ready for adoption"), Transition State 1 during which Chrome will "monitor adoption and feedback" and then the next stage that involves winding down support for third-party cookies over a three-month period finishing "late 2023." Although "late 2023" might sound a long way off, the timeline has revealed that "discussion" of the contentious FLoC (Federated Learning of Cohorts) is planned to end in Q3 2021 -- just a couple of months away -- and that discussion for First Party Sets, rejected by the W3C Technical Architecture Group as "harmful to the web in its current form," is scheduled to end around mid-November.

Google said that "extended discussions and testing stages often produce better, more complete solutions, and the timeline for testing and ready for adoption of use cases might change accordingly," so the dates are not set in stone. There is no suggestion that any of the proposals will be withdrawn; the company appears to believe it can alleviate concerns by tweaking rather than abandoning its proposals. Discussion of the various pieces is set to take place in the W3C Web Incubator Community Group (WICG), though at a FLEDGE WICG Call last week, Google's Michael Kleber, tech lead for Privacy Sandbox, suggested that the W3C would not be deciding which technologies are implemented, at least in the context of FLEDGE (formerly TURTLEDOVE), which enables auctions for personalized ads in a more private manner than today.

FLEDGE is competing for attention with the Microsoft-devised PARAKEET and MaCAW. Asked by Julien Delhommeau, staff system architect at adtech company Xandr, if the WICG would get a say in whether FLEDGE or PARAKEET/MaCAW would be adopted, Kleber said: "The W3C doesn't get to be the boss of anyone, the decisions are going to be made at each of the browsers. The goal isn't to have one winner and everyone else losing -- the goal of W3C is to put out a bunch of ideas, understand the positives of each, and come to a chimera that has the most necessary features. Every browser seems to want convergence, long term, so figuring out how to make convergence happen is important." [...] According to Kleber, when asked if personalized advertising could be removed from the web, he said "while most of the sites in the world would lose 50-70 per cent of their revenue in the alternative you're advocating for, Google is not one of them." He made this claim on the basis that "Google makes most of its money from the ads that appear on Google Search," which do not require tracking technology.

A counterterrorism organization formed by some of the biggest U.S. tech companies including Facebook and Microsoft is significantly expanding the types of extremist content shared between firms in a key database, aiming to crack down on material from white supremacists and far-right militias, the group told Reuters. From the report: Until now, the Global Internet Forum to Counter Terrorism's (GIFCT) database has focused on videos and images from terrorist groups on a United Nations list and so has largely consisted of content from Islamist extremist organizations such as Islamic State, al Qaeda and the Taliban. Over the next few months, the group will add attacker manifestos -- often shared by sympathizers after white supremacist violence -- and other publications and links flagged by U.N. initiative Tech Against Terrorism. It will use lists from intelligence-sharing group Five Eyes, adding URLs and PDFs from more groups, including the Proud Boys, the Three Percenters and neo-Nazis. The firms, which include Twitter and Alphabet 's YouTube, share "hashes," unique numerical representations of original pieces of content that have been removed from their services. Other platforms use these to identify the same content on their own sites in order to review or remove it.

The threat intelligence team for Microsoft's 365 Defender security suite recently focused on an example of "modern mining malware infrastructure," describing how "Anything that can gain access to machines — even so-called commodity malware — can bring in more dangerous threats."

Specifically, it offered a case study of LemonDuck. The blog post's title? "When coin miners evolve..." Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.

LemonDuck's threat to enterprises is also in the fact that it's a cross-platform threat. It's one of a few documented bot malware families that targets Linux systems as well as Windows devices. It uses a wide range of spreading mechanisms — phishing emails, exploits, USB devices, brute force, among others — and it has shown that it can quickly take advantage of news, events, or the release of new exploits to run effective campaigns... Notably, LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access... LemonDuck spreads in a variety of ways, but the two main methods are (1) compromises that are either edge-initiated or facilitated by bot implants moving laterally within an organization, or (2) bot-initiated email campaigns.

LemonDuck acts as a loader for many other follow-on activities, but one if its main functions is to spread by compromising other systems. Since its first appearance, the LemonDuck operators have leveraged scans against both Windows and Linux devices for open or weakly authenticated SMB, Exchange, SQL, Hadoop, REDIS, RDP, or other edge devices that might be vulnerable to password spray or application vulnerabilities... Other common methods of infection include movement within the compromised environment, as well as through USB and connected drives. These processes are often kicked off automatically and have occurred consistently throughout the entirety of LemonDuck's operation.

In April of 2020, Jeff Bezos announced Amazon would spend their next quarter focusing on people instead of profits, remembers the New York Times: At the end of July 2020, Amazon announced quarterly results. Rather than earning zero, as Mr. Bezos had predicted, it notched an operating profit of $5.8 billion — a record for the company. The months since have established new records. Amazon's margins, which measure the profit on every dollar of sales, are the highest in the history of the company, which is based in Seattle... Amazon's pandemic triumph was echoed all over the world of technology companies.

Even as 609,000 Americans have died and the Delta variant surges, as corporate bankruptcies hit a peak for the decade, as restaurants, airlines, gyms, conferences, museums, department stores, hotels, movie theaters and amusement parks shut down and as millions of workers found themselves unemployed, the tech industry flourished. The combined stock market valuation of Apple, Alphabet, Nvidia, Tesla, Microsoft, Amazon and Facebook increased by about 70 percent to more than $10 trillion. That is roughly the size of the entire U.S. stock market in 2002. Apple alone has enough cash in its coffers to give $600 to every person in the United States. And in the next week, the big tech companies are expected to report earnings that will eclipse all previous windfalls.

Silicon Valley, still the world headquarters for tech start-ups, has never seen so much loot. More Valley companies went public in 2020 than in 2019, and they raised twice as much money when they did. Forbes calculates there are now 365 billionaires whose fortunes derive from tech, up from 241 before the virus.

No single industry has ever had such power over American life, dominating how we communicate, shop, learn about the world and seek distraction and joy. What will Silicon Valley do with this power? Who if anyone might restrain tech, and how much support will they have...? The biggest, and perhaps the only, threat to tech now is from government...

Beyond the threat of misuse of tech lurks an even darker possibility: a misplaced confidence in the ability of one loosely regulated sector to run so much of the world.

A four-year-old startup says it has built an inexpensive battery that can discharge power for days using one of the most common elements on Earth: iron. From a report: Form Energy's batteries are far too heavy for electric cars. But it says they will be capable of solving one of the most elusive problems facing renewable energy: cheaply storing large amounts of electricity to power grids when the sun isn't shining and wind isn't blowing. The work of the Somerville, Mass., company has long been shrouded in secrecy and nondisclosure agreements. It recently shared its progress with The Wall Street Journal, saying it wants to make regulators and utilities aware that if all continues to go according to plan, its iron-air batteries will be capable of affordable, long-duration power storage by 2025.

Its backers include Breakthrough Energy Ventures, a climate investment fund whose investors include Microsoft co-founder Bill Gates and Amazon founder Jeff Bezos. Form recently initiated a $200 million funding round, led by a strategic investment from steelmaking giant ArcelorMittal one of the world's leading iron-ore producers. Form is preparing to soon be in production of the "kind of battery you need to fully retire thermal assets like coal and natural gas" power plants, said the company's chief executive, Mateo Jaramillo, who developed Tesla's Powerwall battery and worked on some of its earliest automotive powertrains. On a recent tour of Form's windowless laboratory, Mr. Jaramillo gestured to barrels filled with low-cost iron pellets as its key advantage in the rapidly evolving battery space. Its prototype battery, nicknamed Big Jim, is filled with 18,000 pebble-size gray pieces of iron, an abundant, nontoxic and nonflammable mineral.

For a lithium-ion battery cell, the workhorse of electric vehicles and today's grid-scale batteries, the nickel, cobalt, lithium and manganese minerals used currently cost between $50 and $80 per kilowatt-hour of storage, according to analysts. Using iron, Form believes it will spend less than $6 per kilowatt-hour of storage on materials for each cell. Packaging the cells together into a full battery system will raise the price to less than $20 per kilowatt-hour, a level at which academics have said renewables plus storage could fully replace traditional fossil-fuel-burning power plants. A battery capable of cheaply discharging power for days has been a holy grail in the energy industry, due to the problem that it solves and the potential market it creates.

New submitter SofiaWW writes: A few days ago, at Microsoft Inspire, it was announced that Windows 11 would ship with dark mode activated by default. This was not a case of rumor or speculation, this was an announcement made at an official Microsoft event by a Microsoft employee. But now it transpires that the statement was not correct. Microsoft has now clarified that it "will ship Windows 11 SKUs in light mode on by default." No explanation for the miscommunications has yet been given.

An anonymous reader quotes a report from Threatpost: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights. The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.

According to researchers, the vulnerability exists in a function inside the driver that accepts data sent from User Mode via Input/Output Control (IOCTL); it does so without validating the size parameter. As the name suggests, IOCTL is a system call for device-specific input/output operations. "This function copies a string from the user input using 'strncpy' with a size parameter that is controlled by the user," according to SentinelOne's analysis, released on Tuesday. "Essentially, this allows attackers to overrun the buffer used by the driver." Thus, unprivileged users can elevate themselves into a SYSTEM account, allowing them to run code in kernel mode, since the vulnerable driver is locally available to anyone, according to the firm.

The printer-based attack vector is perfect for cybercriminals, according to SentinelOne, since printer drivers are essentially ubiquitous on Windows machines and are automatically loaded on every startup. "Thus, in effect, this driver gets installed and loaded without even asking or notifying the user," explained the researchers. "Whether you are configuring the printer to work wirelessly or via a USB cable, this driver gets loaded. In addition, it will be loaded by Windows on every boot. This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected." Affected models and associated patches can be found here and here.

"While HP is releasing a patch (a fixed driver), it should be noted that the certificate has not yet been revoked at the time of writing," according to SentinelOne. "This is not considered best practice since the vulnerable driver can still be used in bring-your-own-vulnerable-driver (BYOVD) attacks." Some Windows machines may already have the vulnerable driver without even running a dedicated installation file, since it comes with Microsoft Windows via Windows Update.

China has rejected an accusation by Washington and its Western allies that Beijing is to blame for a hack of the Microsoft Exchange email system and complained Chinese entities are victims of damaging U.S. cyberattacks. From a report: A foreign ministry spokesman demanded Washington drop charges announced Monday against four Chinese nationals accused of working with the Ministry of State Security to try to steal U.S. trade secrets, technology and disease research. The announcement that the Biden administration and European allies formally blame Chinese government-linked hackers for ransomware attacks increased pressure over long-running complaints against Beijing but included no sanctions.

"The United States ganged up with its allies to make unwarranted accusations against Chinese cybersecurity," said the spokesman, Zhao Lijian. "This was made up out of thin air and confused right and wrong. It is purely a smear and suppression with political motives. China will never accept this," Zhao said, though he gave no indication of possible retaliation. China is a leader in cyberwarfare research along with the United States and Russia, but Beijing denies accusations that Chinese hackers steal trade secrets and technology. Security experts say the military and security ministry also sponsor hackers outside the government.

Microsoft said Wednesday it's acquiring CloudKnox, a start-up whose software helps companies reduce the amount of access they provide to their cloud resources. Terms of the deal weren't disclosed. From a report: The move represents another step Microsoft is taking to expand its security business, in addition to working to keep Windows and its other products secure. In January, Microsoft said it had generated over $10 billion in security revenue in the previous 12 months, up more than 40% year over year, meaning that it's growing faster than most other product areas. Just last week Microsoft announced the acquisition of another security company, RiskIQ, which can spot threats across a given company's entire information-technology footprint. CloudKnox's software works with Microsoft's Azure public cloud, as well as the Amazon and Google clouds. The software spots and can remove cases of permissions for employees and virtual identities that aren't being actively used, and it can show alerts about unusual activity.

Tencent has announced plans to buy British video game company Sumo Group for $1.27 billion. The Verge reports: The Chinese tech giant already has an 8.75-percent stake in the developer, as Gamesindustry.biz reports, and the offer represents a 43-percent premium on Sumo's current valuation. Based in Sheffield, England, Sumo's well-regarded core studio Sumo Digital has carried out contract work for many of the biggest names in gaming. It developed Sony's PlayStation 5 launch title Sackboy: A Big Adventure and was the primary studio behind Microsoft's Crackdown 3 for Xbox consoles and PC. In 2017 Sumo released Snake Pass for multiple platforms, its first foray into original IP.

"The three founders of Sumo, who work in the business, Paul Porter, Darren Mills and I are passionate about what we do and are fully committed to continuing in our roles," says Sumo CEO Carl Cavers in a statement. "The opportunity to work with Tencent is one we just couldn't miss. It would bring another dimension to Sumo, presenting opportunities for us to truly stamp our mark on this amazing industry, in ways which have previously been out-of-reach." Cavers says Tencent has "demonstrated its commitment to backingâ Sumo's client work, as well as its own original IP, so things are unlikely to change too quickly. The buyout does, however, give Tencent yet another foothold in the international gaming industry, following prominent investments in companies like Epic, Riot, Activision, and Ubisoft. "Tencent intends to bring its expertise and resources to accelerate the growth of Sumo both in the UK and abroad, supporting Sumo in the market for top-notch creative talent, and the UK as a hub for game innovation," says Tencent's chief strategy officer James Mitchell. "We believe the proposed transaction benefits all stakeholders, delivers compelling value for Sumo shareholders, while enhancing the Sumo business for the future."

An anonymous reader quotes a report from ZDNet: iFixit co-founder and CEO Kyle Wiens has exposed how companies including Apple, Samsung, and Microsoft manipulate the design of their products and the supply chain to prevent consumers and third-party repairers from accessing necessary tools and parts to repair products such as smartphones and laptops. Speaking during the Productivity Commission's virtual right to repair public hearing on Monday, Weins took the opportunity to draw on specific examples of how some of the largest tech companies are obstructing consumers from a right to repair.

"We've seen manufacturers restrict our ability to buy parts. There's a German battery manufacturer named Varta that sells batteries to a wide variety of companies. Samsung happens to use these batteries in their Galaxy earbuds ... but when we go to Varta and say can we buy that part as a repair part, they'll say 'No, our contract with Samsung will not allow us to sell that.' We're seeing that increasingly," he said. "Apple is notorious for doing this with the chips in their computers. There's a particular charging chip on the MacBook Pro ... there is a standard version of the part and then there's the Apple version of the part that sits very slightly tweaked, but it's tweaked enough that it's only required to work in this computer, and that company again is under contractual requirement with Apple."

He continued, highlighting that a California-based recycler was contracted by Apple to recycle spare parts that were still in new condition. "California Apple stops providing service after seven years, so this was at seven years and Apple have warehouses full of spare parts, and rather than selling that out in the marketplace -- so someone like me who eagerly would've bought them -- they were paying the recycler to destroy them," Wiens said. Weins also pointed to an example involving a Microsoft Surface laptop. "[iFixit] rated it on our repairability score, we normally rate products from one to 10; the Surface laptop got a zero. It had a glued-in battery ... we had to actually cut our way into the product and destroyed it in the process of trying to get inside," he said.

The U.S. and a coalition of allies on Monday formally attributed the sweeping campaign against Microsoft Exchange email servers to hackers affiliated with China's Ministry of State Security. From a report: The group assessed with "high confidence" that Beijing-linked digital operators carried out the attack that ensnared hundreds of thousands of systems worldwide, a senior Biden administration official told reporters on Sunday. In addition, the partners alleged the ministry -- which oversees the civilian arm of Beijing's intelligence gathering operations -- has utilized contract hackers to conduct other malicious cyber activities around the globe, including a ransomware attack on an American company, and other pursuits to line the pockets of MSS officials.

The use of such hired muscle "was really eye-opening and surprising for us," said the official, who was only authorized to speak anonymously. The coalition includes the U.S., the so-called "Five Eye" nations, Japan, the European Union and NATO. Monday's announcement marks the first time the transatlantic alliance has condemned Chinese digital activities, the official said. The massive Exchange hack was first disclosed in March -- at the same time the Biden administration was dealing with the SolarWinds breach that has since been formally attributed to Russia's foreign intelligence service.

After Watson triumphed on the gameshow Jeopardy in 2011, its star scientist had to convince IBM that it wasn't a magic answer box, and "explained that Watson was engineered to identify word patterns and predict correct answers for the trivia game."

The New York Times looks at what's happened in the decade since: Watson has not remade any industries. And it hasn't lifted IBM's fortunes. The company trails rivals that emerged as the leaders in cloud computing and A.I. — Amazon, Microsoft and Google. While the shares of those three have multiplied in value many times, IBM's stock price is down more than 10 percent since Watson's "Jeopardy!" triumph in 2011.... The company's missteps with Watson began with its early emphasis on big and difficult initiatives intended to generate both acclaim and sizable revenue for the company, according to many of the more than a dozen current and former IBM managers and scientists interviewed for this article... The company's top management, current and former IBM insiders noted, was dominated until recently by executives with backgrounds in services and sales rather than technology product experts. Product people, they say, might have better understood that Watson had been custom-built for a quiz show, a powerful but limited technology...

IBM insists that its revised A.I. strategy — a pared-down, less world-changing ambition — is working... But the grand visions of the past are gone. Today, instead of being a shorthand for technological prowess, Watson stands out as a sobering example of the pitfalls of technological hype and hubris around A.I. The march of artificial intelligence through the mainstream economy, it turns out, will be more step-by-step evolution than cataclysmic revolution.
One example: IBM technologists approached cancer medical centers, but "were frustrated by the complexity, messiness and gaps in the genetic data at the cancer center... At the end of last year, IBM discontinued Watson for Genomics, which grew out of the joint research with the University of North Carolina. It also shelved another cancer offering, Watson for Oncology, developed with another early collaborator, the Memorial Sloan Kettering Cancer Center..." IBM continued to invest in the health industry, including billions on Watson Health, which was created as a separate business in 2015. That includes more than $4 billion to acquire companies with medical data, billing records and diagnostic images on hundreds of millions of patients. Much of that money, it seems clear, they are never going to get back. Now IBM is paring back Watson Health and reviewing the future of the business. One option being explored, according to a report in The Wall Street Journal, is to sell off Watson Health...

Many outside researchers long dismissed Watson as mainly a branding campaign. But recently, some of them say, the technology has made major strides... The business side of Watson also shows signs of life. Now, Watson is a collection of software tools that companies use to build A.I.-based applications — ones that mainly streamline and automate basic tasks in areas like accounting, payments, technology operations, marketing and customer service. It is workhorse artificial intelligence, and that is true of most A.I. in business today. A core Watson capability is natural language processing — the same ability that helped power the "Jeopardy!" win. That technology powers IBM's popular Watson Assistant, used by businesses to automate customer service inquiries...

IBM says it has 40,000 Watson customers across 20 industries worldwide, more than double the number four years ago. Watson products and services are being used 140 million times a month, compared with a monthly rate of about 10 million two years ago, IBM says. Some of the big customers are in health, like Anthem, a large insurer, which uses Watson Assistant to automate customer inquiries.

"Adoption is accelerating," Mr. Thomas said.

Earlier this week, Netflix announced that it is planning an expansion into video games and has hired a former EA and Facebook executive to lead the effort. Now, according to a recent datamine, the streaming giant may be forming a partnership with PlayStation to bring some of the biggest PlayStation brands to Netflix. IGN reports: Reported by VGC, dataminer Steve Moser appears to have uncovered PlayStation brand imagery and content in the Netflix app code. Moser shared the information via a tweet, including images of both the Ghost of Tsushima box art and some PS5 controllers. It's unclear exactly what this means for Netflix, but if there is a burgeoning partnership between Netflix and PlayStation, it could see Ghost of Tsushima content come to the streaming service in some form.

Moser suggests that the gaming section of Netflix currently has the codename 'Shark', and the placement of PlayStation IP within that suggests a collaborative approach. This wouldn't be the first major deal between Sony and Netflix, as the two companies agreed a deal earlier this year that means movies from Sony Pictures Entertainment will come to Netflix first after their theatrical run. [...] Given that many first-party PlayStation games are narrative-driven adventure games with a focus on cinematic stories, it makes sense to try and adopt games like Ghost of Tsushima and the last of us into movies and TV. Whilst PlayStation already has a games streaming service, PlayStation Now, it could also potentially be looking to push gaming content beyond the PlayStation console ecosystem, as Microsoft has done with Xbox Game Pass.

An anonymous reader quotes a report from ZDNet, written by Steven J. Vaughan-Nichols: Microsoft now has its very own, honest-to-goodness general-purpose Linux distribution: Common Base Linux, (CBL)-Mariner. And, just like any Linux distro, you can download it and run it yourself. Microsoft didn't make a big fuss about releasing CBL-Mariner. It quietly released the code on GitHub and anyone can use it. Indeed, Juan Manuel Rey, a Microsoft Senior Program Manager for Azure VMware, recently published a guide on how to build an ISO CBL-Mariner image. Before this, if you were a Linux expert, with a spot of work you could run it, but now, thanks to Rey, anyone with a bit of Linux skill can do it.

CBL-Mariner is not a Linux desktop. Like Azure Sphere, Microsoft's first specialized Linux distro, which is used for securing edge computing services, it's a server-side Linux. This Microsoft-branded Linux is an internal Linux distribution. It's meant for Microsoft's cloud infrastructure and edge products and services. Its main job is to provide a consistent Linux platform for these devices and services. Just like Fedora is to Red Hat, it keeps Microsoft on Linux's cutting edge. CBL-Mariner is built around the idea that you only need a small common core set of packages to address the needs of cloud and edge services. If you need more, CBL-Mariner also makes it easy to layer on additional packages on top of its common core. Once that's done, its simple build system easily enables you to create RPM packages from SPEC and source files. Or, you can also use it to create ISOs or Virtual hard disk (VHD) images.

As you'd expect the basic CBL-Mariner is a very lightweight Linux. You can use it as a container or a container host. With its limited size also comes a minimal attack surface. This also makes it easy to deploy security patches to it via RPM. Its designers make a particular point of delivering the latest security patches and fixes to its users. For more about its security features see CBL-Mariner's GitHub security features list. Like any other Linux distro, CBL-Mariner is built on the shoulders of giants. Microsoft credits VMware's Photon OS Project, a secure Linux, The Fedora Project, Linux from Scratch -- a guide to building Linux from source, the OpenMamba distro, and, yes, even GNU and the Free Software Foundation (FSF). To try it for yourself, you'll build it on Ubuntu 18.04. Frankly, I'd be surprised if you couldn't build it on any Ubuntu Linux distro from 18.04 on up. I did it on my Ubuntu 20.04.2 desktop. You'll also need the latest version of the Go language and Docker.

Government hackers from several countries used spyware made by an Israeli company to target victims all over the world, according to new research by digital rights watchdog Citizen Lab and Microsoft. From a report: The spyware leveraged two unknown vulnerabilities -- also known as zero-day exploits -- in Windows. Citizen Lab, which is housed at the University of Toronto's Munk School, and Microsoft worked together on the research, and published reports detailing their findings on Thursday. The company said it detected hacking attempts on more than 100 victims including "politicians, human rights activists, journalists, academics, embassy workers, and political dissidents" in Palestine, Israel, Iran, Lebanon, Spain, UK, and other countries. Citizen Lab said it was able to identify and reach out to a victim who let its researchers analyze their computer and extract the malware.

"This was someone who was targeted for their political positions and political beliefs, rather than someone who was the target of a terrorism investigation or something like this," Bill Marczak, one of the researchers at Citizen Lab who worked on the investigations, told Motherboard in a phone call. Citizen Lab concluded that the malware and the zero-days were developed by Candiru, a mysterious Israel-based spyware vendor that offers âoehigh-end cyber intelligence platform dedicated to infiltrate PC computers, networks, mobile handsets," according to a document seen by Haaretz. Candiru was first outed by the Israeli newspaper in 2019, and has since gotten some attention from cybersecurity companies such as Kaspersky Lab. But, until now, no one had published an analysis of Candiru's malware, nor found someone targeted with its spyware.

The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. Ars Technica reports: In a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a "likely Russian government-backed actor" exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn. Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said.

The campaign closely tracks to one Microsoft disclosed in May. In that instance, Microsoft said that Nobelium -- the name the company uses to identify the hackers behind the SolarWinds supply chain attack -- first managed to compromise an account belonging to USAID, a US government agency that administers civilian foreign aid and development assistance. With control of the agency's account for online marketing company Constant Contact, the hackers could send emails that appeared to use addresses known to belong to the US agency. In an email, Shane Huntley, the head of Google's Threat Analysis Group, confirmed the connection between the attacks involving USAID and the iOS zero-day, which resided in the WebKit browser engine.