Researchers at the Allen Institute for Brain Science, a Seattle nonprofit dedicated to neuroscience, have been painstakingly recording every brain cell and every connection between those neurons in mice for the past several years. The result represents major progress since an earlier, simpler map they released in 2016. The now-complete map encompasses about 100 million cells, the institute reported in a paper published today (May 7) in the journal Cell.
[…]
Typically, researchers trace connections between brain cells using thin slices of tissue that can be imaged and explored layer by layer. To build a comprehensive, three-dimensional map, the Allen Institute team instead broke the mouse brain into “voxels” — 3D pixels — and then mapped the cells and connections within each voxel.
The result comprises an “average” of the brains of 1,675 laboratory mice, to make sure the map was as standard as possible.
Mice are common “model organisms” in neuroscience. Their brains have fairly similar structures to humans’, they can be trained, they breed easily, and researchers have already developed robust understandings of how their brains work.
The hope is that the map will bring that understanding to a new level, the Allen Institute said. In doing so, neuroscientists will have a tool with which to develop new research programs and accelerate research already underway. The institute compared its achievement to 1990s-era efforts to sequence different organisms’ DNA for the first time, projects that transformed the way biologists work
Syed Shah usually buys and sells stocks and currencies through his Interactive Brokers account, but he couldn’t resist trying his hand at some oil trading on April 20, the day prices plunged below zero for the first time ever. The day trader, working from his house in a Toronto suburb, figured he couldn’t lose as he spent $2,400 snapping up crude at $3.30 a barrel, and then 50 cents. Then came what looked like the deal of a lifetime: buying 212 futures contracts on West Texas Intermediate for an astonishing penny each.
What he didn’t know was oil’s first trip into negative pricing had broken Interactive Brokers Group Inc. Its software couldn’t cope with that pesky minus sign, even though it was always technically possible — though this was an outlandish idea before the pandemic — for the crude market to go upside down. Crude was actually around negative $3.70 a barrel when Shah’s screen had it at 1 cent. Interactive Brokers never displayed a subzero price to him as oil kept diving to end the day at minus $37.63 a barrel.
At midnight, Shah got the devastating news: he owed Interactive Brokers $9 million. He’d started the day with $77,000 in his account.
“I was in shock,” the 30-year-old said in a phone interview. “I felt like everything was going to be taken from me, all my assets.”
To be clear, investors who were long those oil contracts had a brutal day, regardless of what brokerage they had their account in. What set Interactive Brokers apart, though, is that its customers were flying blind, unable to see that prices had turned negative, or in other cases locked into their investments and blocked from trading. Compounding the problem, and a big reason why Shah lost an unbelievable amount in a few hours, is that the negative numbers also blew up the model Interactive Brokers used to calculate the amount of margin — aka collateral — that customers needed to secure their accounts.
Thomas Peterffy, the chairman and founder of Interactive Brokers, says the journey into negative territory exposed bugs in the company’s software. “It’s a $113 million mistake on our part,” the 75-year-old billionaire said in an interview Wednesday. Since then, his firm revised its maximum loss estimate to $109.3 million. It’s been a moving target from the start; on April 21, Interactive Brokers figured it was down $88 million from the incident.
Customers will be made whole, Peterffy said. “We will rebate from our own funds to our customers who were locked in with a long position during the time the price was negative any losses they suffered below zero.”
[…]
Besides locking up because of negative prices, a second issue concerned the amount of money Interactive Brokers required its customers to have on hand in order to trade. Known as margin, it’s a vital risk measure to ensure traders don’t lose more than they can afford. For the 212 oil contracts Shah bought for 1 cent each, the broker only required his account to have $30 of margin per contract. It was as if Interactive Brokers thought the potential loss of buying at one cent was one cent, rather than the almost unlimited downside that negative prices imply, he said.
“It seems like they didn’t know it could happen,” Shah said.
But it was known industrywide that CME Group Inc.’s benchmark oil contracts could go negative. Five days before the mayhem, the owner of the New York Mercantile Exchange, where the trading took place, sent a notice to all its clearing-member firms advising them that they could test their systems using negative prices. “Effective immediately, firms wishing to test such negative futures and/or strike prices in their systems may utilize CME’s ‘New Release’ testing environments” for crude oil, the exchange said.
Interactive Brokers got that notice, Peterffy said. But he says the firm needed more time to upgrade its trading platform.
IT services provider Cognizant said in an earnings call this week that a ransomware incident that took place last month in April 2020 will negatively impact its Q2 revenue.
“While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter,” said Karen McLoughlin, Cognizant Chief Financial Officer in an earnings call yesterday.
McLoughlin also expects the incident to incur additional and unforeseen legal, consulting, and other costs associated with the investigation, service restoration, and remediation of the breach.
The Cognizant CFO says the company has now fully recovered from the ransomware infection and restored the majority of its services.
Incident only impacted internal network
Speaking on the ransomware attack, Cognizant CEO Brian Humphries said the incident only impacted its internal network, but not customer systems.
More precisely, Humphries said the ransomware incident impacted (1) Cognizant’s select system supporting employees’ work from home setups and (2) the provisioning of laptops that Cognizant was using to support its work from home capabilities during the COVID-19 pandemic.
[…]
Cognizant held meetings with customers, however, the meetings did not go smoothly as Cognizant avoided sharing any actual details of what had happened.
ZDNet learned of the incident as it was going on, at the time, on April 17, when several disgruntled customers had reached out to this reporter about the company attempting to hide a major security breach under the guise of “technical issues” and cutting off access to a series of services.
Initially, customers feared that a hacker had either stole user data from servers, or a ransomware incident had taken place, and the ransomware spread to customer servers, encrypting their data and the servers becoming inaccessible.
Customers were thrown in full paranoia mode after Cognizant sent an internal alert to all customers, urging clients to block traffic for a list of IP addresses.
[…]
Cognizant losses from the incident are in the same range reported last year by aluminum producer Norsk Hydro, which reported that a March 2019 ransomware incident would cause total revenue losses of more than $40 million, a number it later adjusted to nearly $70 million during the year.
Humphries said that Cognizant is now working to address the concerns of customers who opted to suspend Cognizant services in the wake of the ransomware attack, which also impacted Cognizant’s current bottom line.
Cognizant reported a Q1 2020 revenue of $4.2 billion, up 2.8% over Q1 2019.
The number of SEC filings listing ransomware as a major forward-looking risk factor to companies’ profits has skyrocketed in recent years from 3 filings in 2014 to 1,139 in 2019, and already 743 in 2020. Companies are seeing today ransomware attacks as a real risk for their bottom lines as ransomware incidents tend to cause reputational damage to stock prices and financial losses due to lost revenue as most victims take weeks and months to fully recover.
Samsung has patched a serious security hole in its smartphones that can be exploited by maliciously crafted text messages to hijack devices.
It appears no user interaction is required: if Samsung’s messaging app bundled with phones since 2015 receives a booby-trapped MMS, it will parse it automatically before the user even opens it. This will trigger a vulnerability in the Skia graphics library, used by the app to decode the message’s embedded Qmage image. The end result is code execution on the device, allowing the miscreant who sent it to potentially snoop on their victim and come up with other mischief.
The remote-code execution flaw, labeled SVE-2020-16747, was discovered and reported by Google Project Zero’s Mateusz Jurczyk. You can find an in-depth explanation of the bug here.
Today I’m happy to release new research I’ve been working on for a while: 0-click RCE via MMS in all modern Samsung phones (released 2015+), due to numerous bugs in a little-known custom “Qmage” image codec supported by Skia on Samsung devices. Demo: https://t.co/8KRIhy4Fpk
Samsung has pushed out updates to supported phones to squash the bug, which should be installed ASAP before someone weaponizes an exploit for this programming blunder. If you are still waiting for a patch, switching your default message app to another messaging application, and not Samsung’s, and disabling automatic MMS parsing, may help.
The patch coincides with Android’s monthly release of security fixes: all owners of devices running supported versions of Android will want to check for and install relevant updates in May’s patch batch.
This latest wedge includes fixes for a remote code execution flaw in the Android AAC decoder (CVE-2020-0103) and a critical Android framework elevation-of-privilege bug (CVE-2020-0096) that together can be exploited to gain total control of the device.
The other vulnerabilities at the 01 patch level are as follows. For the Android framework, two additional elevation-of-privilege bugs (CVE-2020-0097, CVE-2020-0098) that grant malware already on the device not-quite-total control over a device, and for the media framework, one EoP flaw (CVE-2020-0094) and three information disclosure bugs (CVE-2020-0093, CVE-2020-0100, CVE-2020-0101).
The Android system patches cover the aforementioned AAC remote code bug as well as four EoP (CVE-2020-0102, CVE-2020-0109, CVE-2020-0105, CVE-2020-0024) and three information disclosure bugs (CVE-2020-0092, CVE-2020-0106, CVE-2020-0104) holes.
At the 05 level, patches for components outside of the core Android package, fixes were posted for two kernel flaws allowing EoP (CVE-2020-0110) and information disclosure (CVE-2019-19536). Four fixes were posted for information disclosure bugs in MediaTek components (CVE-2020-0064, CVE-2020-0065, CVE-2020-0090, CVE-2020-0091).
A total of 18 patches were posted for flaws in Qualcomm components, though the details on those bugs were not given.
Those with supported Google-branded devices should get the May fixes directly from the Chocolate Factory, while other Android devices should see the fixes come from their respective vendors and carriers. This can happen anywhere from immediately to several weeks from now, to never, depending on the supplier.
Privacy Enhancements for Android (PE for Android) is a platform for exploring concepts in regulating access to private information on mobile devices. The goal is to create an extensible privacy system that abstracts away the details of various privacy-preserving technologies. PE for Android allows app developers to safely leverage state-of-the-art privacy techniques without knowledge of esoteric underlying technologies. Further, PE for Android helps users to take ownership of their private information by presenting them with more intuitive controls and permission enforcement. The platform was developed as a fork of the Android Open Source Project (AOSP) release for Android 9 “Pie” and can be installed as a Generic System Image (GSI) on a Project Treble-compliant device.
Under DARPA’s Brandeis program, a team of researchers led by Two Six Labs and Raytheon BBN Technologies have developed a platform called Privacy Enhancements for Android (PE for Android) to explore more expressive concepts in regulating access to private information on mobile devices. PE for Android seeks to create an extensible privacy system that abstracts away the details of various privacy-preserving technologies, allowing application developers to utilize state-of-the-art privacy techniques, such as secure multi-party computation and differential privacy, without knowledge of their underlying esoteric technologies. Importantly, PE for Android allows mobile device users to take ownership of their private information by presenting them with more intuitive controls and permission enforcement options.
