Malicious hackers have been hammering servers with attacks that exploit the recently discovered SpringShell vulnerability in an attempt to install cryptomining malware, researchers said.
SpringShell came to light late last month when a researcher demonstrated how it could be used to remotely execute malicious code on servers that run the Spring model-view-controller or WebFlux applications on top of Java Development Kit versions 9 or higher. Spring is the most widely used Java framework for developing enterprise-level applications in Java. The framework is part of a sprawling ecosystem that provides tools for things like cloud, data, and security apps.
Earlier this month, security firm Trend Micro said it began detecting attempts. From April 1 to April 12, company researchers detected an average of roughly 700 attempts per day to exploit the vulnerability to install cryptomining software. By running the malware on powerful enterprise servers, criminals can mine Bitcoin or other types of digital cash using the resources and electricity of an unwitting victim.
The number of exploit attempts peaked on April 3 at almost 3,000.
The hackers first sent commands that were designed to discern if the vulnerable servers were running Windows or Linux. Then they ran exploit code that tried to install a type of interface known as a web shell, which allows a remote user to run commands using a Web-based window.
The URI corresponding to the encoded exploit looked like this, with the web shell being “zbc0fb.jsp” and parameters w and l standing for the Windows and Linux payloads, which are Base64-encoded.
1. The firewall is turned off using the netsh utility.
2. Other known cryptocurrency miners such as kthreaddi, sysrv, and sysrv012 are stopped or killed.
3. Other running processes listening on ports 3333, 4444, 5555, 7777, and 9000 are stopped.
4. If the process kthreaddk does not exist, the cryptocurrency miner downloads a binary, sys.exe, from 194[.]145[.]227[.]21 to C:\Users\\AppData\Roaming\.exe.
5. The cryptocurrency miner then starts the process with a hidden window to avoid having the user observe visual hints of the process being executed.
6. A scheduled task with the name “BrowserUpdate” is created later, running every minute. In addition, the Windows run key is modified to run the binary sys.exe.
Trend Micro researchers don’t know how many, if any, of the exploit attempts were successful. Earlier this month, company researchers said they had also uncovered attempts to exploit SpringShell to install the Mirai botnet. Anyone running the Spring model-view-controller or WebFlux applications on the JDK version 9 or higher should patch the flaw as soon as practical.
As the weekend winds down, news has come out from The Wrap that Doctor Strange in the Multiverse of Madness, directed by Sam Raimi, has earned over 800 million dollars officially passing The Batman’s theatrical runs, the last big superhero flick to hit the theaters. Doctor Strange 2 is still a decent chunk of change away from the last Marvel outing–Spider-Man: No Way Home earned 1.89 billion dollars during its release.
The Northman continues to draw audiences, although its release to VOD has made it so that there will likely be little more movement after this weekend. To date the Robert Eggers-directed historical action film earned about 64 million. The film stars Alexander Skarsgård and Anya Taylor-Joy as they attempt to seek revenge and escape the clutches of a dismal fate.
This weekend also saw the first returns for Downton Abbey: A New Era, which brought in 16 million after its opening weekend. Universal Pictures, a specialty production from Universal Studios, released the sequel to 2019’s Downton Abbey, which in turn was a follow-up to the hit television series that ran from 2010 to 2015 and became an international phenomenon. The show follows the aristocratic Crawley family and their domestic help across six seasons and fifty-two episodes.
Alex Garland’s horror film of “toxic masculinity,” aptly titled Men, had a solid opening weekend as well (Entertainment Weekly). While 3.3 million might seem modest compared to the big releases, the film is a challenging and divisive watch distributed by the indie darling A24. For a better comparison we can look at the opening numbers for Everything Everywhere All at Once, another A24-distributed film, which netted 3.2 million on its opening weekend.
Want more io9 news? Check out when to expect the latest Marvel and Star Wars releases, what’s next for the DC Universe on film and TV, and everything you need to know about House of the Dragon and Lord of the Rings: The Rings of Power.
G/O Media may get a commission
Apple AirPods Max
Experience Next-Level Sound Spatial audio with dynamic head tracking provides theater-like sound that surrounds you
Some high-end iPhone and iPad models have a LiDAR scanner integrated into the camera module on the back of the device. This effectively gives your device 3D scanning abilities with a few unique and interesting applications.
RELATED:What Is LiDAR, and How Will It Work on the iPhone?
What Does the LiDAR Scanner Do?
LiDAR stands for Light Detection And Ranging, but it may also be commonly referred to as “3D laser scanning” or some variation thereon. The technology works by bouncing light waves at surfaces and measuring the reaction time to determine the shape and distance of objects in the area.
Think of it like RADAR (RAdio Detection And Ranging) but for light waves. Unlike RADAR imaging, LiDAR can provide more detailed and crisper scans with smaller equipment. LiDAR uses signals that work in the nanometer range, whereas RADAR requires the use of antennas that produce radio waves at much lower frequencies.
Coupled with the software on your iPhone, the LiDAR scanner can be used to create 3D representations of objects and their surroundings. To do this you’ll need the appropriate software which you can download from the App Store. Some core iPhone features, like the Camera app, will use LiDAR in other ways.
At present, only the iPhone 12 Pro, iPhone 13 Pro, iPad Pro 11-inch (2nd and 3rd generation), and iPad Pro 12.9-inch (4th and 5th generation) are equipped with LiDAR scanners. If you look at the camera array on your device, the LiDAR scanner looks like a small round black circle.
RELATED:How to Use the iPhone Camera App: The Ultimate Guide
Create 3D Scans of Places You Love
Imagine if you had an interactive 3D model of your childhood home or a treehouse you built when you were young. Most of us keep photographs to remind us of places we once lived and loved, but what if instead of flat images we were able to take 3D scans instead?
This is possible with apps like Polycam, RoomScan LiDAR, and Canvas: Pocket 3D Room Scanner. Most of these apps are free to use, though there are paid upgrades that remove certain restrictions and improve the quality of the scans that you make. You can see LiDAR scanning in action in a YouTube video published by Polycam.
RELATED:How to See 3D Walking Directions in Google Maps
Buying a House? Redecorating? Scan First
Capturing a 3D model of a room or building has some very practical uses. If you’re currently looking to rent or buy a house, taking a scan of the building can help you make up your mind whether or not the place is for you. The process is very similar to taking a walk-through video or series of photographs, both of which are common practices in the real estate world.
Not only is a 3D scan more immersive, but it’s also easier to compare sizes, layout, practical space, and potential for renovation and other major work. We’d recommend taking detailed photos and videos in addition to your scan, which works best with apps like Polycam and RoomScan LiDAR.
If you’re planning major work in a home you already own, a 3D scan can give you a base from which to work in a 3D modeling app like Blender (if you’re comfortable working in such an app). Alternatively, it can provide a nice “before and after” comparison to look back on.
And lastly, selling your house without a real estate agent is surging in popularity. These apps allow you to provide 3D environment scans to potential buyers while still cutting down on expensive agent fees.
Photogrammetry is the act of creating 3D objects from photographic data, and it’s a time-consuming process. While the assets that photogrammetry provides are often highly accurate and detailed, the process of taking an item from a series of photographs to a finished model you can use can take hundreds of hours.
By comparison, a scan made on an iPhone or iPad with an app like Polycam can take a matter of minutes. Scanning an object is a bit like taking a video, and when you’re finished you can export a file that can be used in 3D modeling apps like Blender. Once you’ve tidied up your scan you can import objects into 3D engines like Unity and Unreal.
These engines are used heavily in game development, film, and interactive media. Conor O’Kane is a game developer with a YouTube channel who has not only used this technique but created a tutorial showing how to do this and why small developers might be interested in the process.
Scan and Share Interesting or Cherished Items
Are you a collector? Whatever it is you collect—art, plants, games consoles, or even cars—you might get a kick out of exhibiting it online, in a 3D format. Polycam is perfect for this since it includes built-in model sharing with the rest of the Polycam community, or “polyworld” as the app refers to it.
Some people share ice cream or rock crystals, others share their extensive sneaker collection. Even if you don’t have a LiDAR scanner on your iPhone or iPad, Polycam may still be worth the download just to see what people are scanning and sharing.
It’s like Instagram but for 3D models with an interactive element that other forms of media don’t come close to. It’s easy too, even if you make a bit of a mess while scanning the app has intuitive crop controls that allow you to remove background or surface objects.
Tip: For best results, place your item on a stand, pedestal, or stool before scanning
Take Better Photos in the Dark
Your iPhone and iPad already do this, so you don’t need to activate anything to get the benefit. However, if you’re putting off taking photos in the dark since you don’t trust your device’s autofocus, you might want to reconsider if you have a LiDAR-equipped device.
Since LiDAR is capable of judging distances based on how long it takes the light waves to return to the sensor, autofocus in the dark can be better calculated.
You may not have realized this but Apple includes an app called Measure with iOS by default. If you’ve previously discounted and deleted it you can download Measure again for free from the App Store.
The app uses augmented reality to measure real-world distances simply by pointing your phone at a surface. Tap the plus “+” icon to start the measurement and move your device to see it in action.
With a LiDAR scanner, augmented reality is vastly improved on the iPhone and iPad. Measure has gone from being a fun party trick to surprisingly accurate. In our tests, the app was right most of the time, with a margin of error of around 1 cm. This may depend more on how shaky your hands are than anything.
RELATED:How to Measure Distances With Your iPhone
Get More From AR Apps
Measure is just one such AR app that performs better when paired with a LiDAR-equipped iPhone or iPad. Every other AR app can benefit from the sensor, which provides a more stable experience by gauging distance using light rays rather than estimations derived from a “flat” image.
LiDAR really helps to improve the AR experience across the board, like when you’re creating art in apps like World Brush, SketchAR, and Assemblr. Need to provide remote assistance for a real-world problem? Vuforia Chalk allows you to scribble on real-world objects to help relay the point.
Try out various bits of IKEA furniture in your house with IKEA Place, or bring your child’s LEGO sets to life with LEGO Hidden Side, as demonstrated in the above YouTube video published by the Brothers Brick. If you’d rather have a more educational AR experience, Playground AR provides a whole physics sandbox to play around with.
Of course, these experiences are available on just about any recent iPhone, but the experience is considerably more stable with a LiDAR scanner. Find even more apps to enjoy in Review Geek’s roundup of the best AR apps for iPhone and Android.