Sergei K. Shoigu said troops would withdraw from the area by May 1, citing a training exercise there that had ended. But the plan includes leaving some armored vehicles in field camps near Ukraine.
In a state-of-the nation speech, President Vladimir Putin warned of a “fast and tough” response to security threats, in a message seemingly aimed at President Biden and delivered amid large protests.
With an air of moral superiority, the Russian president seems intent on teaching President Biden and other Western leaders a lesson.
Few analysts believe that Moscow intends to invade. But as Russia’s military buildup proceeds, the tension is rising in war-weary Eastern Ukraine.
The imprisoned Russian opposition leader was moved for what the authorities described as vitamin treatment. The U.S. has warned of “consequences” should he die.
Doctors said recent blood tests indicated that the Russian opposition leader, who is nearly three weeks into a hunger strike, was at risk of heart failure and “could die at any moment.”
The unit has also been implicated in the 2018 nerve agent attack in Salisbury, England, on Sergei Skripal, a former Russian spy, and his daughter.
Vladimir Putin may be able to save his nemesis’s life. He must.
Russia’s massing of tanks and infantry along its southwestern border with Ukraine was meant to send a message, analysts say.
The Russian government announced the expulsion of 10 diplomats and a travel ban for some U.S. officials in a response to sanctions.
A Treasury Department document shed more light on links between the campaign and Russian spies.
The available evidence supporting a stunning C.I.A. assessment — which President Donald J. Trump’s inaction on prompted bipartisan uproar — remains less than definitive proof.
US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent actions.
In a joint advisory, the National Security Agency, FBI, and Cybersecurity and Information Security Agency said that Russia’s Foreign Intelligence Service, abbreviated as the SVR, carried out the supply-chain attack on customers of the network management software from Austin, Texas-based SolarWinds.
The operation infected SolarWinds’ software build and distribution system and used it to push backdoored updates to about 18,000 customers. The hackers then sent follow-up payloads to about 10 US federal agencies and about 100 private organizations. Besides the SolarWinds supply-chain attack, the hackers also used password guessing and other techniques to breach networks.
Following years of wrist slaps under President Donald J. Trump, the new measures are designed to have a noticeable impact on the Russian economy.
Following years of wrist slaps under President Donald J. Trump, the new measures are designed to have a noticeable impact on the Russian economy.
It wasn’t all sweats and leggings. A whirlwind tour of how the pandemic affected what we wore, from India to Italy.
Administration officials were determined to draft a response that would impose real costs on Moscow, as many previous rounds of sanctions have been shrugged off.
Officials said that China’s push for global power posed a threat to the United States, and they dwelled on climate change, domestic extremism and more.
The annual intelligence assessment does not predict a military confrontation with either Russia or China, but it suggests that so-called gray-zone battles for power will intensify.
Tolkien fans received an unexpected gift with the rediscovery of an all-but-forgotten 1991 production. They were also left with questions, like “why is Gollum wearing a lettuce on his head?”
The country’s official coronavirus death toll is 102,649. But at least 300,000 more people died last year during the pandemic than were reported in Russia’s most widely cited official statistics.
Russia has asked Slovakia to return 200,000 doses of Sputnik V COVID-19 vaccine after Slovak testing indicated serious quality control issues.
The Slovak regulatory agency, the State Institute for Drug Control, reported that the batches it received did not “have the same characteristics and properties” as the Sputnik vaccine that was peer-reviewed in the Lancet and found to be 91.6 percent effective.
In light of Slovakia’s doubts about the quality of the vaccine doses, Russia went on the attack on Twitter. Russia’s official “Sputnik V” Twitter account claimed in a thread that the Slovak regulator has “launched a disinformation campaign against #SputnikV and plans additional provocations.” The account labeled the agency’s testing results as “fake news.”
Russia has amassed more troops on the Ukrainian border than at any time since 2014. Western governments are asking: Why now?
Cybercriminals have taken out a number of Facebook ads masquerading as a Clubhouse app for PC users in order to target unsuspecting victims with malware, TechCrunch has learned.
TechCrunch was alerted Wednesday to Facebook ads tied to several Facebook pages impersonating Clubhouse, the drop-in audio chat app only available on iPhones. Clicking on the ad would open a fake Clubhouse website, including a mocked-up screenshot of what the non-existent PC app looks like, with a download link to the malicious app.
When opened, the malicious app tries to communicate with a command and control server to obtain instructions on what to do next. One sandbox analysis of the malware showed the malicious app tried to infect the isolated machine with ransomware.
But overnight, the fake Clubhouse websites — which were hosted in Russia — went offline. In doing so, the malware also stopped working. Guardicore’s Amit Serper, who tested the malware in a sandbox on Thursday, said the malware received an error from the server and did nothing more.
It’s not uncommon for cybercriminals to tailor their malware campaigns to piggyback off the successes of wildly popular apps. Clubhouse reportedly topped more than 8 million global downloads to date despite an invite-only launch. That high demand prompted a scramble to reverse-engineer the app to build bootleg versions of it to evade Clubhouse’s gated walls, but also government censors where the app is blocked.
Each of the Facebook pages impersonating Clubhouse only had a handful of likes, but were still active at the time of publication. When reached, Facebook wouldn’t say how many account owners had clicked on the ads pointing to the fake Clubhouse websites.
At least nine ads were placed this week between Tuesday and Thursday. Several of the ads said Clubhouse “is now available for PC,” while another featured a photo of co-founders Paul Davidson and Rohan Seth. Clubhouse did not return a request for comment.
Slovakia says that Sputnik V doses it received did “not have the same characteristics and properties” as a version endorsed by a respected British medical journal.
Russia has implemented a novel censorship method in an ongoing effort to silence Twitter. Instead of outright blocking the social media site, the country is using previously unseen techniques to slow traffic to a crawl and make the site all but unusable for people inside the country.
Research published Tuesday says that the throttling slows traffic traveling between Twitter and Russia-based end users to a paltry 128kbps. Whereas past Internet censorship techniques used by Russia and other nation-states have relied on outright blocking, slowing traffic passing to and from a widely used Internet service is a relatively new technique that provides benefits for the censoring party.
Easy to implement, hard to circumvent
“Contrary to blocking, where access to the content is blocked, throttling aims to degrade the quality of service, making it nearly impossible for users to distinguish imposed/intentional throttling from nuanced reasons such as high server load or a network congestion,” researchers with Censored Planet, a censorship measurement platform that collects data in more than 200 countries, wrote in a report. “With the prevalence of ‘dual-use’ technologies such as Deep Packet Inspection devices (DPIs), throttling is straightforward for authorities to implement yet hard for users to attribute or circumvent.”
Aleksei A. Navalny, the jailed Russian opposition leader who is nearly a week into a hunger strike at a penal colony, showed signs of respiratory illness, prison doctors said.
The meeting between Maria Butina and Aleksei A. Navalny came after the Russian opposition leader had declared a hunger strike to demand access to a doctor because of deteriorating health.
A microstate surrounded by Italy, San Marino feared being left behind in Europe’s inoculation campaign. Now it has jumped ahead, with the Sputnik vaccine sent by an unlikely, faraway friend.
Aleksei A. Navalny, one of Russia’s most prominent opposition leaders, said he would not end the strike until he receives proper medical treatment and asked to see a doctor of his choice.
Apple is adding two new voices to Siri’s English offerings, and eliminating the default ‘female voice’ selection in the latest beta version of iOS. This means that every person setting up Siri will choose a voice for themselves and it will no longer default to the voice assistant being female, a topic that has come up quite a bit with regards to bias in voice interfaces over the past few years.
The beta version should be live now and available to program participants.
I believe that this is the first of these assistants to make the choice completely agnostic with no default selection made. This is a positive step forward as it allows people to choose the voice that they prefer without the defaults bias coming into play. The two new voices also bring some much needed variety to the voices of Siri, offering more diversity in speech sound and pattern to a user picking a voice that speaks to them.
in some countries and languages Siri already defaults to a male voice. But this change makes the choice the users’ for the first time.
“We’re excited to introduce two new Siri voices for English speakers and the option for Siri users to select the voice they want when they set up their device,” a statement from Apple reads. “This is a continuation of Apple’s long-standing commitment to diversity and inclusion, and products and services that are designed to better reflect the diversity of the world we live in.”
The two new voices use source talent recordings that are then run through Apple’s Neural text to speech engine, making the voices flow more organically through phrases that are actually being generated on the fly.
I’ve heard the new voices and they sound pretty fantastic, with natural inflection and smooth transitions. They’ll be a welcome addition of choice to iOS users. I’ll embed some samples here after the beta drops.
This latest beta also upgrades the Siri voices in Ireland, Russia and Italy to Neural TTS, bringing the total voices using the new tech to 38. Siri now handles 25 billion requests per month on over 500M devices and supports 21 languages in 36 countries.
The new voices are available to English speaking users around the world and Siri users can select a personal preference of voice in 16 languages.
It seems very likely that these two new voices are just the first expansion in Siri’s voice selections. More diversity in voice, tone and regional dialect can only be a positive development for how inclusive smart devices feel. Over the past few years we have finally begun to see some movement from Amazon, Google and Apple to aggressively correct situations where the assistants have revealed bias in their responses to queries that use negative or abusive language. Improvements there, as well as in queries on social justice topics and overall accessibility improvements are incredibly key as we continue to see an explosion of voice-first or voice-native interfaces. These kinds of choices matter, especially at a scale of hundreds of millions of people.
Article updated to note that in some countries and languages Siri currently defaults to a male voice.
Researchers are exploring the possible benefits of pairing doses from two different Covid-19 vaccines.
A neutrino-spotting telescope beneath Russia’s frozen Lake Baikal in Russia is close to delivering scientific results after four decades of setbacks.
Russia has held up the Sputnik vaccine as a triumph of its scientists. But the country’s inoculation program still relies on cross-border trade.
Aleksei A. Navalny, a Russian opposition leader who survived a poisoning last year, has numbness in one leg so severe that he cannot put weight on it.
A court has confined 10 prominent opposition politicians and dissidents to house arrest, ostensibly for violating coronavirus safety rules.
Beginning in April, new iPhones and other iOS devices sold in Russia will include an extra setup step. Alongside questions about language preference and whether to enable Siri, users will see a screen that prompts them to install a list of apps from Russian developers. It’s not just a regional peculiarity. It’s a concession Apple has made to legal pressure from Moscow—one that could have implications far beyond Russia’s borders.
The law in question dates back to 2019, when Russia dictated that all computers, smartphones, smart TVs, and so on sold there must come preloaded with a selection of state-approved apps that includes browsers, messenger platforms, and even antivirus services. Apple has stopped short of that; the suggested apps aren’t pre-installed, and users can opt not to download them. But the company’s decision to bend its rules on pre-installs could inspire other repressive regimes to make similar demands—or even more invasive ones.
It may look like the bad old days of the Cold War, but today’s bitter superpower competition is about technology, cyberconflict and influence operations.
The Kremlin described the U.S. president’s response to an interview question as “very bad,” and recalled its ambassador to “analyze what needs to be done” about the countries’ relations.
A newly declassified intelligence report made clear that government agencies long knew of Russia’s work to aid Donald Trump, but he and allies muddied the waters.
The assessment was the intelligence community’s most comprehensive look at foreign efforts to interfere in the election.
Cloud Paper, the startup whose bamboo toilet paper (and celebrity and billionaire backers including Robert Downey Jr., Gwyneth Paltrow, Marc Benioff, Dara Khosrowshahi, and Mark Cuban) made a splash last year, is getting into the paper towel racket.
Starting today, the company is taking pre-orders for its 12 pack boxes of sustainably sourced bamboo paper towels, which will retail for $34.99.
The Seattle-based company was founded by two ex-Uber employees, Ryan Fritsch and Austin Watkins, who went on to take roles at the logistics startup Convoy, before launching Cloud Paper. Their toilet paper (and now paper towel company) is one of several businesses trying to get consumers to make the switch to bamboo-based consumer products.
Cozy Earth and Ettitude sell bamboo sheets and bedding; The Bamboo Clothing Co., Thought, Tasc, Free Fly Apparel, all make bamboo clothing; and Bite has a bamboo toothbrush to go with its plastic-free toothpastes and flosses.
But (I’m quoting myself here) Cloud Paper may be the only one to get such super wealthy, high profile investors to flush it with wads of cash. Even so, companies like Grove, Tushy, Reel, and the aptly named Who gives a crap, Inc. are all angling to wipe up a piece of the $10.4 billion market for toilet paper.
The company’s founders are on a mission to make the paper industry more sustainable, according to co-founder Ryan Fritsch, and they’re looking to do it one roll at a time.
While other companies look at bamboo as a replacement for cotton or plastics, the Cloud Paper co-founder said this company is squarely focused on toilet paper and paper towels because those products make up most of the crap that’s most wasteful in the paper industry.
The company has already ordered 1 million rolls of toilet paper for production and shipped hundreds of thousands of toilet paper, but the rationale for adoption has shifted, the company said.
“It definitely had its moment when the COVID shutdowns happened,” said Fritsch. “But [consumption] shifted from a TP panic to ‘There’s an easy and convenient, sustainable, option out there.’ It’s less of an all-out craze,” Fritsch said.
No less august a body than the National Resources Defense Council has come out swinging against how much waste is sacrificed to the commode.
For instance, the logging industry in Canada degrades over a million acres of its climate-critical forest, in part to feed U.S. demand for toilet paper, according to the NRDC. Demand from the U.S. has grown so substantially that, in recent years, Canada has ranked third globally in its rate of intact forest loss—behind only Russia and Brazil—mostly due to logging, the NRDC said.
Ninety percent of that is clearcutting, which exacerbates climate change. By the most conservative estimates, “logging in the boreal releases 26 million metric tons of carbon through driving emissions from the forest’s carbon-rich soils and eroding the forest’s ability to absorb carbon,” the NRDC wrote in 2020 report. “Toilet paper’s impact is even more severe because, since it is so short-lived, it quickly releases its remaining carbon into the atmosphere. That is why, according to the Environmental Paper Network, toilet paper made from trees has three times the climate impact as toilet paper created using recycled materials.”
That’s why wiping out forested paper can be a real boon in the climate fight.
“The lion’s share of usage is number one is toilet paper and number two is paper towels, after that the size of the market really really shrinks. We’re going to be continuing on the paper space,” said Fritsch.
The company’s next act will be working with businesses like restaurants, hotels, and even stadiums and arenas to make the swithc.
“We launched the company as a B2B company. We were working with WeWork and restaurants and the market — if you look at where our paper products were being used,” Fritsch said. “So another big focus will be building products for our commercial customers where there’s higher capacity.”
In an Instagram post, the Russian opposition leader says he is well and has not been subject to violence, but described a dystopian existence in the prison camp where he will likely spend the next two years.
Usually it’s foreigners who cavort at the world’s deepest lake in winter. But with many borders closed, Russians are arriving in droves to make TikTok videos and snap Instagram pictures.
The intelligence agencies missed massive intrusions by Russia and China, forcing the administration and Congress to look for solutions, including closer partnership with private industry.
Many victims of Stalin’s gulag are still unable to return to their families’ hometowns. Despite a court order, Moscow isn’t helping them.
This is https://speed.gulag.link/, a speedtest application that demonstrates Roskomnadzor throttling to Russian users it impacts. [credit: Jim Salter ]
Last night, a confidential source at a Russian ISP contacted Ars with confirmation of the titanic mistake Roskomnadzor—Russia’s Federal Service for Supervision of Communications, Information Technology, and Mass Media—made when attempting to punitively throttle Twitter’s link-shortening service
Our source tells us that Roskomnadzor distributes to all Russian ISPs a hardware package that must be connected just behind that ISP’s BGP core router. At their small ISP, Roskomnadzor’s package includes an EcoFilter 4080 deep package inspection system, a pair of Russian-made 10Gbps aggregation switches, and two Huawei servers. According to our source, this hardware is “massive overkill” for its necessary function and their experienced traffic level—possibly because “at some point in time, government planned to capture all the traffic there is.”
Currently, the Roskomnadzor package does basic fiation for the list of banned resources—and, as of this week, has begun on-the-fly modifications of DNS requests as well. The DNS mangling also caused problems when first enabled—according to our source, YouTube DNS requests were broken for most of a day. Roskomnadzor eventually plans to require all Russian ISPs to replace the real root DNS servers with its own, but that project has met with resistance and difficulties.
An industry known for boom-bust cycles is resisting the temptation to pump more oil — for now.
Kentik Director of Internet Analysis Doug Madory observed this morning that traffic to Russian state ISP Rostelecom dropped significantly in the wake of its attempt to throttle Twitter. The outages seem to have been caused by a poorly crafted substring in a blocklist/network shaping tool maintained by Russia’s Roskomnadzor bureau.
What Roskomnadzor intended was to slow down access to Twitter’s link shortening service, t.co. All links embedded in tweets are automatically wrapped through this service, which enables Twitter to monitor the types and quality of links its users share.
Russian authorities have railed against Twitter for some time due to the service’s failure or refusal to remove content illegal in Russia. This includes content that is illegal in most of the world and violates Twitter’s own terms of service, such as self harm and child sexualization—but Roskomnadzor only claims 2,000 or so such posts over the course of a year. It seems likely that the real sticking point for the agency is posts encouraging children to join Russian opposition protests.
Microsoft last week revealed a new hacking group it calls Hafnium, which operates in, and is backed by, China. Hafnium used four previously unreported vulnerabilities — or zero-days — to break into at least tens of thousands of organizations running vulnerable Microsoft Exchange email servers and steal email mailboxes and address books.
It’s not clear what Hafnium’s motives are. Some liken the activity to espionage — a nation-state gathering intelligence or industrial secrets from larger corporations and governments.
But what makes this particular hacking campaign so damaging is not only the ease with which the flaws can be exploited, but also how many — and how widespread — the victims are.
Security experts say the hackers automated their attacks by scanning the internet for vulnerable servers, hitting a broad range of targets and industries — law firms and policy think tanks, but also defense contractors and infectious disease researchers. Schools, religious institutions, and local governments are among the victims running vulnerable Exchange email servers and caught up by the Hafnium attacks.
While Microsoft has published patches, the U.S. federal cybersecurity advisory agency CISA said the patches only fix the vulnerabilities — and won’t close any backdoors left behind by the hackers.
There is little doubt that larger, well-resourced organizations have a better shot at investigating if their systems were compromised, allowing those victims to prevent further infections, like destructive malware or ransomware.
But that leaves the smaller, rural victims largely on their own to investigate if their networks were breached.
“The types of victims we have seen are quite diverse, many of whom outsource technical support to local IT providers whose expertise is in deploying and managing IT systems, not responding to cyber threats,” said Matthew Meltzer, a security analyst at Volexity, a cybersecurity firm that helped to identify Hafnium.
Without the budget for cybersecurity, victims can always assume they are compromised – but that doesn’t equate to knowing what to do next. Patching the flaws is just one part of the recovery effort. Cleaning up after the hackers will be the most challenging part for smaller businesses that may lack the cybersecurity expertise.
It’s also a race against the clock to prevent other malicious hackers from discovering or using the same vulnerabilities to spread ransomware or launch destructive attacks. Both Red Canary and Huntress said they believe hacking groups beyond Hafnium are exploiting the same vulnerabilities. ESET said at least ten groups were also exploiting the same server flaws.
Katie Nickels, director of intelligence at threat detection firm Red Canary, said there is “clearly widespread activity” exploiting these Exchange server vulnerabilities, but that the number of servers exploited further has been fewer.
“Cleaning up the initial web shells will be much easier for the average IT administrator than it would be to investigate follow-on activity,” said Nickels.
Microsoft has published guidance on what administrators can do, and CISA has both advice and a tool that helps to search server logs for evidence of a compromise. And in a rare statement, the White House’s National Security Council warned that patching alone “is not remediation,” and urged businesses to “take immediate measures.”
How that advice trickles down to smaller businesses will be watched carefully.
Cybersecurity expert Runa Sandvik said many victims, including the mom-and-pop shops, may not even know they are affected, and even if they realize they are, they’ll need step-by-step guidance on what to do next.
“Defending against a threat like this is one thing, but investigating a potential breach and evicting the actor is a larger challenge,” said Sandvik. “Companies have people who can install patches — that’s the first step — but figuring out if you’ve been breached requires time, tools, and logs.”
Security experts say Hafnium primarily targets U.S. businesses, but that the attacks are global. Europe’s banking authority is one of the largest organizations to confirm its Exchange email servers were compromised by the attack.
Norway’s national security authority said that it has “already seen exploitation of these vulnerabilities” in the country and that it would scan for vulnerable servers across Norway’s internet space to notify their owners. Slovenia’s cybersecurity response unit, known as SI-CERT, said in a tweet that it too had notified potential victims in its internet space.
Sandvik said the U.S. government and private sector could do more to better coordinate the response, given the broad reach into U.S. businesses. CISA proposed new powers in 2019 to allow the agency to subpoena internet providers to identify the owners of vulnerable and unpatched systems. The agency just received those new powers in the government’s annual defense bill in December.
“Someone needs to own it,” said Sandvik.
Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using SecureDrop.