WASHINGTON, Nov 8 (Reuters) — The United States and Russia are expected to meet soon and discuss resuming inspections under the New START nuclear arms reduction treaty that have been paused since before Russia’s invasion of Ukraine, U.S. State Department spokesperson Ned Price said on Tuesday.

Speaking at a daily press briefing, Price said the bilateral consultative commission (BCC), the mechanism for implementation of the last remaining arms control agreement between the world’s two largest nuclear powers, will meet “in the near future.”

Russia in August suspended cooperation with inspections under the treaty, blaming travel restrictions imposed by Washington and its allies over Moscow’s February invasion of Ukraine, but said it was still committed to complying with the provisions of the treaty.

A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA.

It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by allowing mission-critical devices (like flight controls and life support systems) and less important devices (like passenger WiFi or data collection) to coexist on the same network hardware. This blend of devices on a single network arose as part of a push by many industries to reduce network costs and boost efficiency.

That coexistence has been considered safe for more than a decade, predicated on a design that prevented the two types of network traffic from interfering with one another. The team’s attack, called PCspooF, was the first of its kind to break this isolation.

Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware.

“Xenomorph is a trojan that steals credentials from banking applications on users’ devices,” Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday.

“It is also capable of intercepting users’ SMS messages and notifications, enabling it to steal one-time passwords and multi-factor authentication requests.”

He added: “Being asked to sign up for a mortgage when you have no interest in that whatsoever is annoying and spam.”

The Tesla CEO went on to describe his own penchant for social-media shopping and his targeted product advertising strategy would facilitate it.

“I’d love to see ads for gizmos. If I saw ads for gizmos, I love gizmos, of course, I’d buy them all in a click,” he said. “Even if they’re not that great, I’ll still buy gizmos. I love technology. I’ll see content for gizmos but not an ad or an ability to actually buy the gizmo.”

SAN FRANCISCO — Two weeks after closing a $44 billion deal to buy Twitter, Elon Musk painted a bleak financial picture for the social media company and outlined a series of changes for employees in his first companywide emails to staff.

In two emails sent to workers late on Wednesday, Mr. Musk said the economy was challenging. He added that he planned to end Twitter’s remote work policy and wanted employees to renew their focus on generating revenue and fighting spam.

“Sorry that this is my first email to the company, but there is no way to sugarcoat the message,” Mr. Musk, 51, wrote in one email. “The economic picture ahead is dire.” Twitter was too heavily dependent on advertising and vulnerable to pullbacks in brand spending, he added, and would need to bolster the revenue it gets from subscriptions.

Experts do not want to hack it.

Juan Gilbert, a professor of computer science at the University of Florida, has claimed that he has built the ultimate unhackable voting machine that can put concerns to rest over machine-related voting, Undark.

Electronic voting systems have the U.S. divided, with advocates calling them reliable aides to the voting process, helping people with disabilities to vote, and reducing invalid ballots. On the other hand, critics have called for their boycott since they can be hacked and can tilt the vote in favor of a person or party.

Companies engaged in building voting machines, an industry with annual revenues of $300 million, do not help matters as they chose to remain secretive about how their machines work and refuse to talk to researchers or the press, the Undark report said. Under these circumstances, Gilbert’s work is commendable since he has built a system that works using open-source software.

Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers’ machines with a malware called W4SP Stealer.

“The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22,” software supply chain security company Phylum said in a report published this week.

The list of offending packages is as follows: typesutil, typestring, sutiltype, duonet, fatnoob, strinfer, pydprotect, incrivelsim, twyne, pyptext, installpy, faq, colorwin, requests-httpx, colorsama, shaasigma, stringe, felpesviadinho, cypress, pystyte, pyslyte, pystyle, pyurllib, algorithmic, oiu, iao, curlapi, type-color, and pyhints.

Researchers detail a new malware campaign by Pakistani hackers targeting Indian government organizations, revealing their new tools and techniques.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation.

Prominent among them is a set of three flaws affecting ETIC Telecom’s Remote Access Server (RAS), which “could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines,” CISA said.

Bias in AI systems is proving to be a major stumbling block in efforts to more broadly integrate the technology into our society.

A new initiative that will reward researchers for finding any prejudices in AI systems could help solve the problem.

The effort is modeled on the bug bounties that software companies pay to cybersecurity experts who alert them of any potential security flaws in their products.