Criminals are adding hundreds of malicious packages to npm
The packages try to fetch a stage-two payload to infect the machines
The crooks went to lengths to hide where they host the malware
Software developers, especially those working with cryptocurrencies, are once again facing a supply chain attack via open source code repositories.
Cybersecurity researchers from Phylum have warned a threat actor has uploaded hundreds of malicious packages to the open source package repository npm. The packages are typosquatted versions of Puppeteer and Bignum.js. Developers who are in need of these packages for their products, might end up downloading the wrong version by mistake, since they all come with similar names.
If used, the package will connect to a hidden server, fetch the malicious second-stage payload, and infect the developers’ computers. “The binary shipped to the machine is a packed Vercel package,” the researchers explained.
Hiding the IP address
Furthermore, the attackers wanted to execute something else during package installation, but since the file wasn’t included in the package, the researchers couldn’t analyze it. “An apparent oversight by the malicious package author,” they say.
What makes this campaign stand out from other similar typosquatting supply chain campaigns is the lengths the crooks went to hide the servers they controlled.
Advertisement
“Out of necessity, malware authors have had to endeavor to find more novel ways to hide intent and to obfuscate remote servers under their control,” the researchers said. “This is, once again, a persistent reminder that supply chain attacks are alive and well.”
The IP cannot be seen in the first-stage code. Instead, the code will first access an Ethereum smart contract, where the IP is stored. This ended up being a double-edged sword, since the blockchain is permanent and immutable, and thus allowed the researchers to observe all of the IP addresses the crooks ever used.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Since the targets are developers working with cryptocurrency, the goal was most likely to steal their seed phrases, and gain access to their wallets.
Advertisement
Software developers, particularly those working in the Web3 space, are often targets of such attacks. Therefore, double-checking the names of all downloaded packages is a must.
Raffael “Dr. B” Boccamazzo, the clinical director of Take This, will leave the nonprofit for gaming mental health at the end of this year.
Take This made the announcement after Boccamazzo posted the change on his LinkedIn account.
“It’s been a year of transition at Take This, and it is with bittersweet sentiment that we share that Dr. B, Take This’ clinical director, will be leaving at the end of this year,” Take This said on its web site. “We want to express our heartfelt appreciation for Dr. B’s decade of dedication to Take This. His kindness, insight, and knowledge has been invaluable, and his impact on the Take This team and community will not be forgotten. Below is a heartfelt letter from Dr. B about the upcoming change.”
Boccamazzo joined Take This as a volunteer/staffer in 2014. It was started to serve the game industry in 2012 by Russ Pitts and Mark Kline after the suicide of game journalist Matt Hughes. Kline served as the founding clinical director and Boccamazzo replaced him after Kline left. Boccamazzo’s pending departure comes just a week after Eve Crevoshay, longtime executive director, also resigned from Take This. Kelli Dunlap filled Crevoshay’s role.
Advertisement
“There’s so much I’m proud to have done with the org,” Boccamazzo said. “However, the truth is that nonprofit life is hard. Since I became a dad earlier this year, I find my focus is more on my family. I can’t commit to all the extra hours required of being a director at a small nonprofit organization while maintaining the focus on my family that they deserve.”
He added, “I’d end up underserving everyone on both sides of that coin. As my schedule allows, I’d eventually like to find ways to support the org in a more limited capacity, but for now I need to focus on me and my family.”
Both Crevoshay and Boccamazzo were frequent speakers at game industry events where they stressed the importance of mental health for game developers. And they both spoke at GamesBeat events. Boccamazzo spoke in 2021 in a virtual GamesBeat event on how to avoid burnout as well as a panel on employee mental health in 2022. Crevoshay received the Vanguard Award from Games for Change and she also received our Up-and-Comer Award for GamesBeat.
Boccamazzo said he looked forward to the remaining staff at Take This to take the organization and continue its mission.
“I don’t entirely know what’s next for me, other than focusing on my family and the psychology practice I run,” Boccamazzo said. “I’d like to keep at least one toe dipped in games. If you might need a psychologist with a decade of experience working within the game industry on things like burnout, mental health representation in media, content creator mental health, tabletop roleplaying games, crunch culture, and other things, I’ll be around, and I’d love to hear from you.”
Advertisement
VB Daily
Stay in the know! Get the latest news in your inbox daily
Amber Hill spent 14 years as a medical researcher. She didn’t mind the work, but there was one thing she consistently hated: administrative tasks.
“I think most people do, especially in research,” she told TechCrunch. She would rather be analyzing data or building relationships with patients, she said. “But I was spending so much time doing manual tasks that didn’t require any medical expertise. It’s a process that’s completely broken, and I knew it could be fixed.”
So, she did what any problem solver would do: She launched a company.
Her startup, called Research Grid, was founded in London in 2020. The company is trying to make clinical trials more efficient by automating administrative and data management workflow. It hails itself as the the only software that can automate full back-office trials.
Advertisement
Research Grid on Tuesday announced a $6.4 million seed round, led by Fuel Ventures, with participation from firms including Ada Ventures and Morgan Stanley Inclusive Ventures Lab.
Research Grid consists of two patent products: Inclusive and Trial Engine. Together, the products handle tasks such as flagging protocol errors, data extraction, and workflow. Right now, clinical trials use a more manual process supported by legacy software systems that often cause expensive delays during a trial.
“They are built on old codebases, which means it’s almost impossible for them to innovate,” she said. “Our tech is already superior, and while the displacement of large players won’t happen overnight, it’s going to happen, and I don’t see why it won’t be us that does it.”
But there are other issues Research Grid hopes to tackle, such as making clinical recruitment faster and better handling of the pressure that often comes from the Federal Drug Administration (FDA) regarding compliance. Recruitment can take months, “it’s manual, administrative, and hard to find people,” she said. It’s also hard to do consistently when it comes to finding people who fit in a narrow, strict criteria for a research trial.
Advertisement
Right now, it’s a very manual process, using non-targeted social ads and parsing health records. “If there’s not enough participation, researchers can’t understand if a drug or intervention is safe and effective, which ultimately means it’s not approved by regulators to go to the people who might need it most.”
Plus, the FDA has now made it a requirement to make clinical trials more diverse, since women and people of color are often left out of medical trials. Hill sought to build a customer relationship management feature in Research Grid that has more than 80,000 groups, across 157 countries, representing around 2,000 medical conditions, she said. “It uses AI to extend far beyond traditional methods of finding people,” she said. “It helps out partners to find who they need to find in seconds rather than months.”
Hill was introduced to her lead investor by the EMEA team of the venture firm Plug and Play, who came into this round early. The company, which has raised $8 million in venture funding to date, will use this latest funding to invest in more research and development, build out its engineering team, and further expand into the U.S. and Asian markets.
“The next challenge is mostly about setting up the corporate infrastructure to seamlessly serve these partners,” she said of operating in the U.S., U.K., and Asia.
Advertisement
Though this company, like many great ones, was built out of a frustration point, Hill said she always had a passion for entrepreneurship. She ran a nonprofit while studying for her doctorate as a way to widen her access to research. Running the business taught her how to be resilient and resourceful, and how to work with different types of people. “I kept a volunteer team together over three years without financial resources,” she recalled. “We fundraised the ‘old school’ hard way in buckets and took it to the bank.”
Her first tech idea was to use AI to automate all the work that goes into running a nonprofit. “We’ve come full circle because that idea morphed into our pre-trial product and meaningful IP,” she said. When she knew she wanted to launch Research Grid, she applied to an incubator program to help switch her “mindset from nonprofit to for-profit,” from “academic to an entrepreneur.” Then she went through an accelerator program that put her in front of some of the largest investors in London; she raised her first £1 million — a feat in a country where Black founders raise less than 2% of all venture capital. And from 2019 to 2023, only eight Black women raised more than $1 million in venture funding, as TechCrunch previously reported.
The hardest part for Hill was getting the company off the ground during the pandemic as a solo founder. She managed through and is now in growth mode. Revenue grew over 20x last year and is expected to continue to grow, she said. The company is working across Big Pharma, Contract Research Organisations, and Clinical Sites, hiring more experts, and improving their AI technology.
“AI is expediting precision medicine, drug development operations, and changing the care pathway for everyone,” she said. “It’s here to stay.”
Suzuki and Toyota have been working together on a new 4WD-capable electric SUV, and in Italy yesterday, Suzuki revealed the fruits of the collaboration: a new compact called the E Vitara. It’s the automaker’s first EV, and it’s scheduled for production at Suzuki Motor Gujarat in India starting next spring.
The E Vitara will launch in Europe, India, and Japan “around” the summer of next year, and there will be a Toyota-badged version, which will probably look a lot like the Urban SUV Concept Toyota revealed in 2023. Toyota similarly shares its mediocre bZ4X EV with Subaru, which is rebadged as the Solterra EV.
Toyota and Suzuki have been slow to adopt EVs into their lineups, with Toyota refocusing on building more hybrids and a three-row electric SUV for the US market. As reported by Autocar, Suzuki’s previously announced target of launching multiple EVs by 2030 is on hold, with President Toshihiro Suzuki saying the company will “monitor the situation” due to cooling EV demand.
As for the E Vitara, the vehicle will be powered by a lithium iron phosphate battery in either 49 kWh or 60 kWh capacities. Both batteries can be offered in 2WD drivetrains, but 4WD versions only come with the larger one. According to The Japan Times, Suzuki said the E Vitara can get up to 400km (about 248 miles) on a single charge.
Advertisement
At its peak, the E Vitara motor is capable of 135 kW output. It’s fairly underpowered compared to the 150 kW output of the similarly-sized Chevy Bolt, which is just 130mm shorter in length than the 4,275mm E Vitara.
There’s currently no pricing for the E Vitara, and like Hyundai’s Inster, the US market is not in the launch plans for this tiny EV.
Good morning! Let’s play Connections, the NYT’s clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need clues.
SPOILER WARNING: Information about NYT Connections today is below, so don’t read on if you don’t want to know the answers.
Your Connections expert
Your Connections expert
Marc McLaren
NYT Connections today (game #514) – today’s words
Today’s NYT Connections words are…
Advertisement
STOP
POEM
DIFFERENT
MESSAGE
NEW
NOVEL
YARDSTICK
FURNITURE
PLAY
TEXT
BIPED
RECORD
CORRESPOND
ORIGINAL
PAUSE
WRITE
NYT Connections today (game #514) – hint #1 – group hints
What are some clues for today’s NYT Connections groups?
Yellow: Or they could be on a VCR (if you’re old enough to remember those)
Green: Not seen before
Blue: Tell someone what you think
Purple: They can’t all walk, despite the thing they have in common
Need more clues?
We’re firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today’s NYT Connections puzzles…
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
NYT Connections today (game #514) – hint #2 – group answers
What are the answers for today’s NYT Connections groups?
YELLOW: DVR BUTTONS
GREEN: GROUNDBREAKING
BLUE: COMMUNICATE THROUGH WRITING
PURPLE: THINGS WITH FEET
Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON’T WANT TO SEE THEM.
NYT Connections today (game #514) – the answers
The answers to today’s Connections, game #514, are…
Advertisement
YELLOW: DVR BUTTONS PAUSE, PLAY, RECORD, STOP
GREEN: GROUNDBREAKING DIFFERENT, NEW, NOVEL, ORIGINAL
BLUE: COMMUNICATE THROUGH WRITING CORRESPOND, MESSAGE, TEXT, WRITE
PURPLE: THINGS WITH FEET BIPED, FURNITURE, POEM, YARDSTICK
My rating: Moderate
My score: Perfect
I lost my Connections streak yesterday, so it was good to get back on track today. I was helped by a couple of pretty simple ones for yellow and green. The first of those was DVR BUTTONS, though it could easily have been buttons on a VCR or DVD or stereo or whatever. The second was GROUNDBREAKING, with answers of DIFFERENT, NEW, NOVEL and ORIGINAL. I nearly got tripped up by the final two, with POEM looking like it could potentially match with MESSAGE and TEXT, but putting those two with CORRESPOND and WRITE to form COMMUNICATE THROUGH WRITING made more sense, so I had no need to solve purple today.
NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.
On the plus side, you don’t technically need to solve the final one, as you’ll be able to answer that one by a process of elimination. What’s more, you can make up to four mistakes, which gives you a little bit of breathing room.
It’s a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.
It’s playable for free via the NYT Games site on desktop or mobile.
Picking a streaming service isn’t as easy as it used to be. With the most popular streaming services delivering a combination of classic favorites, and new original content, viewers have more choices than ever before. Of the many live TV streaming services out there, Hulu Plus Live TV and Sling TV both deliver an excellent experience.
Both may have the channels you want, at a price you’re willing to pay, but they each have their own perks. Sling TV is easily the more affordable of the two, and offers up a variety of add-ons to their channels to allow you some degree of customizing your viewing. On the other hand, Hulu Plus Live TV has an ace up its sleeve, thanks to the bundles it has available.
At their most basic, Sling TV and Hulu Plus Live TV work a little differently. Sling TV has a couple of tracks of channels you’ll choose from up front. There’s Sling Orange and Sling Blue. They cost $40 and $5 per month, respectively, on their own, or $60 if you get both of them. There are a couple dozen overlapping channels, so Sling TV is really sort of steering you that way. You’ll then have a number of add-ons called Sling “Extras,” with which you can add additional channels in a number of categories.
Perfect for watching NFL, NBA, and more, you can score $10 off your first month of live TV with Sling TV. Channels available include ABC, NBC, and Fox, as well as ESPN, Bravo, FX, National Geographic, and even TNT.
Advertisement
Hulu Plus Live TV is a different sort of animal. Start with the name. For $83 per month you’ll get Hulu Plus Live TV’s live channels. And you also get Hulu’s vast on-demand catalog, from new movies and series, to old favorites, with new titles coming and going every month. That in and of itself is a pretty big differentiator and a likely reason why Hulu Plus Live TV is twice as popular as Sling TV.
But then there’s the trump card known as the Disney Bundle. Subscribe to Hulu Plus Live TV, and you’ll automatically get ESPN+ — which has all kinds of live sports (and original series) you can’t get anywhere else — and Disney+, which is home to all things Disney, Marvel, Pixar, National Geographic, and Star Wars.
That’s a big deal and is something that no other live-streaming service has.
This really is where the rubber meets the road, as they say. If a streaming service doesn’t have the channels you want to watch, everything else is moot. As always, you’ll want to check with the service to make sure all channels are available where you live. But here’s how things break down as of Autumn 2024:
Advertisement
Sling TV channels
Channels exclusive to Sling Orange: Disney Channel, ESPN, ESPN2, ESPN3, ESPN4K, FreeForm, and Motor Trend.
Channels that are exclusive to Sling Blue: Bravo, Discovery Channel, E!, FS1, FS1 4K, FX, Fox News, HLN, MSNBC, NFL Network, National Geographic, SYFY, TLC, USA, and TruTV.
The following channels are available on either track: A&E, AMC, AXS TV, BBC America, BET, Bloomberg, Charge!, CNN, Cartoon Network, Comedy Central, Comet, Food Network, Fuse, HGTV, History Channel, IFC, Investigation Discovery, Lifetime, Local Now, MGM+ Drive-In, Nick Jr., QVC, Sling scapes, Sling scapes2, TBS, TNT, Travel Channel, and Vice.
Hulu Plus Live TV channels
A&E, ABC, ABC News Live, ACC Network, Adult Swim, Animal Planet, BET, Big Ten Network, Bloomberg Television, Boomerang, Bravo, Cartoon Network, CBS, CBS News, CBS Sports Network, Cheddar News, CMT, CNBC, CNN, CNN International, Comedy Central, COZI, Crime & Investigation, CW, DABL, Discovery, Disney Channel, Disney Junior, Disney XD,
E!, ESPN, ESPN College Extra, ESPN2, ESPNews, ESPNU, Food Network, Fox, Fox Business, Fox News, Freeform, FS1, FS2, FX, FXM, FXX, FYI, Golf Channel, HGTV, History, HLN, Investigation Discovery, Lifetime, Lifetime Movies, Localish, Military History, MotorTrend, MSNBC, MTV,
NASA, Nat Geo Wild, National Geographic, NBC, NBC News Now, NBCLX, News Nation, NFL Network, Nick Jr., Nickelodeon, Olympic Channel, OWN, Oxygen, Paramount Network, Pop, QVC, SEC Network, Smithsonian Channel, Start TV, SYFY, TBS, TCM, Telemundo, TLC, TNT, Travel Channel, Tru TV, TV Land, Universal Kids, USA, VH-1, Vice.
One feature important to a lot of streaming subscribers is the ability to watch your local broadcast channels. In that sense, Hulu Plus Live TV definitely wins out here.
While things can occasionally vary depending on where you live, Hulu Plus Live TV should have the major broadcast networks available: ABC, CBS, Fox, NBC, and PBS.
Sling TV does have local channels, but they are available only in a limited number of markets. Many of those markets have a great many people in them, yes. But if you’re outside of those markets, you’re out of luck. And complicating things further is that not all channels are available in those markets.
And that’s before we even get to CBS, which isn’t available at all on Sling TV.
Advertisement
Instead, you’ll find that Sling TV often will push you toward something called AirTV, which essentially is Sling’s branded over-the-air tuner. You attach an antenna and scan for channels, and then your local broadcast networks will appear alongside all the streaming channels on your Sling TV plan. While we’re big fans of over-the-air TV, this highlights a pretty big discrepancy between Sling TV and its competitors.
Both Hulu Plus Live TV and Sling TV have a number of optional add-ons. Sling TV will appear to have far more because of its structure, with the lighter Sling Orange and Sling Blue plans bolstered by the “Extras” that can be used to flesh out the rest of your channels.
Sling TV also has options for additional recording storage and a healthy slate of premium channels.
The add-ons available for Hulu With Life TV perhaps are a bit more meager, but that’s balanced by the fact that you get more channels up front with your subscription — and don’t forget about Disney+ and ESPN+, which are included for free. Premium add-ons are limited to Cinemax, Max, Showtime, and STARZ.
Entertainment: American Heroes Channel, BET Her, Boomerang, Crime & Investigation, CNBC World, Cooking Channel, Destination America, Discovery Family, Discovery Life, Hallmark Drama, Military History, MTV Classic, MTV2, NickToons, Science, TeenNick
Español: CNN Español, Discovery en Español, Discovery Familia, ESPN Deportes, Fox Deportes, History Channel de Español, Hogar de HGTV, NBC Universo, The Weather Channel en Español.
Hulu Plus Live TV is the second-largest live service in the U.S., having finished 2023 with 4.6 million subscribers. That puts it at a bit more than half the size of YouTube TV and more than twice as large as Sling TV, which wrapped up the year with 2.06 million subscribers.
Advertisement
While Hulu Plus Live TV certainly has more subscribers, it’s also suffered the same sort of stagnation as Sling TV — though at least it’s been trending upward, albeit slowly. Hulu Plus Live TV finished 2022 with 4.4 million subscribers, up just 400,000 from the previous year-end.
Sling TV, meanwhile, hasn’t seen more than 2.5 million subscribers since the latter part of 2021.
Apple could finally add “charging time remaining” to the iPhone starting with the iOS 18.2 update. Hidden inside the incremental update are traces of code pointing to the new feature in addition to more Apple Intelligence features.
More Apple Intelligence features arriving with iOS 18.2
Apple started actively adding Apple Intelligence features to the iPhones starting with iOS 18. Eligible iOS smartphones received the first batch of Apple’s Generative Artificial Intelligence (Gen AI) features with iOS 18.1.
Apple has indicated that it will gradually roll out Apple Intelligence features and allow iPhone users to change default apps. Specifically speaking, the iOS 18.2 update, expected to arrive next month, should include Genmoji, Image Playgrounds, ChatGPT integration, and Visual Intelligence.
One such feature that Android smartphone users have long had, was the ability to see when their smartphones would be fully charged. In other words, newer versions of Android have allowed smartphone users to know the estimated time their devices would take to fully charge.
‘BatteryIntelligence’ framework in iOS 18.2 may show the charging time remaining
Hidden inside the OS 18.2 beta 2, which was released on Monday to developers, is a new framework called “BatteryIntelligence”. Although the feature appears in iOS 18.2, Apple has reportedly disabled the same, and it appears unfinished.
Apple currently offers a similar feature for MacBooks within the Battery menu. Hence, it is likely that the new framework inside iOS 18.2 may extend the feature to the iPhone.
Apple may allow iPhone users to see the charging time remaining from iOS 18.2. Since it’s Apple, the company may limit the feature to a notification. Apple may only alert users when their iPhones reach 80% charge. Needless to say, an estimation of the actual charging time remaining would be very handy primarily because there are several types of USB-C chargers, cables, and charging protocols.
You must be logged in to post a comment Login