The mosquitofish threatens native fish populations in Australia — including two of the most criticially endangered, reports the New York Times. And in various parts of the world, "For decades scientists have been trying to figure out how to control it, without damaging the surrounding ecosystem.

But in a new lab experiment, "the mosquitofish may have finally met its match: A menacing fish-shaped robot." It's "their worst nightmare," said Giovanni Polverino, a behavioral ecologist at the University of Western Australia and the lead author of a paper published Thursday in iScience, in which scientists designed a simulacrum of the fish's natural predator, the largemouth bass, to strike at the mosquitofish, scaring it away from its prey. The robot not only freaked the mosquitofish out, but scarred them with such lasting anxiety that their reproduction rates dropped; evidence that could have long term implications for the species' viability, according to the paper. "You don't need to kill them," Dr. Polverino said. Instead, he said, "we can basically inject fear into the system, and the fear kills them slowly...."

[S]cientists say there is a long way to go before the robot could be released into the wild. "It's an important proof of concept," said Peter Klimley, a marine biologist and a recently retired professor from the University of California, Davis, who was not involved in the study. But he questioned the feasibility of introducing the creature into a real-world environment.

"This study won't be a solution to the problem," Dr. Polverino said, adding that the next phase of their project would involve testing the robots in a larger, outdoor, freshwater pool. He said the robot should be thought of as a tool that can reveal a pest's weaknesses. "We've built a sort of vulnerability profile," Dr. Polverino said, that could help biologists and others to reimagine how to control invasive species. "This fear," he added, "has a collateral effect."
Their robot fish uses a built-in camera to differentiate between mosquitofish and the native tadpoles it's trying to protect.

Thanks to long-time Slashdot reader fahrbot-bot for the link!

Regulators in Washington may crack down on the industry behind "buy now, pay later," the increasingly popular method for consumers to purchase things online. From a report: The Consumer Financial Protection Bureau said Thursday that it is looking to "collect information on the risks and benefits of these fast-growing loans" from five leading BNPL companies: Affirm; Australia's Afterpay, which is getting bought by Square owner Block; PayPal; privately held Swedish fintech Klarna; and Zip, another BNPL firm headquartered in Australia. "Buy now, pay later is the new version of the old layaway plan, but with modern, faster twists where the consumer gets the product immediately but gets the debt immediately too," said CFPB Director Rohit Chopra in a statement Thursday. The CFPB said it was specifically worried about how quickly consumers can accumulate debt using BNPL services and also about how the BNPL companies may harvest data about their customers. It added that it is working with international partners in Australia, Sweden, Germany and the United Kingdom on the inquiry.

The first ever millipede with more than 1,000 legs been discovered in Western Australia. From a report: The species, which is the first "true" millipede, has 1,306 legs and was found up to 60 metres underground in a mining area in the Eastern Goldfields region of WA. Researchers have named the new species Eumillipes persephone, in reference to the Greek goddess of the underworld, Persephone. It breaks the previous record set by Illacme plenipes, which is found in central California and has up to 750 legs.

A team of researchers discovered the millipede while conducting a subterranean environmental impact assessment. Dr Bruno Buzatto, a biologist at Bennelongia Environmental Consultants, described the find as "incredibly lucky." "These animals were so unique," Buzatto said. "As soon as I realised how long they were ... I realised they had to be something completely different." The species has a long, thread-like body comprising up to 330 segments, with short legs and a cone-shaped head. Like other animals that live in constant darkness, it is blind and pale.

Companies and governments around the world rushed over the weekend to fend off cyberattacks looking to exploit a serious flaw in a widely used piece of Internet software that security experts warn could give hackers sweeping access to networks. From a report: Cybersecurity researchers said the bug, hidden in an obscure piece of server software called Log4j, represents one of the biggest risks seen in recent years because the code is so widely used on corporate networks. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued an urgent alert about the vulnerability and urged companies to take action. CISA Director Jen Easterly said on Saturday, "To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector." Germany's cybersecurity organization over the weekend issued a "red alert" about the bug. Australia called the issue "critical."

Security experts warned that it could take weeks or more to assess the extent of the damage and that hackers exploiting the vulnerability could access sensitive data on networks and install back doors they could use to maintain access to servers even after the flawed software has been patched. "It is one of the most significant vulnerabilities that I've seen in a long time," said Aaron Portnoy, principal scientist with the security firm Randori. Security experts noted that many companies have other processes in place that would prevent a malicious hacker from running software and breaking into these companies, potentially limiting the fallout from the bug. Microsoft, in an alert to customers, said "attackers are probing all endpoints for vulnerability." Amazon.com, Twitter and Cisco were among the companies that have said they were carrying out investigations into the depth of the problem. Amazon, the world's biggest cloud computing company, said in a security alert, "We are actively monitoring this issue, and are working on addressing it."

The market for manure -- from pigs, horses, cattle and even humans -- has never been so hot, thanks to a global shortage of chemical fertilizers. From a report: Just ask Andrew Whitelaw, a grains analyst at Thomas Elder Markets based in Melbourne, Australia who runs a commercial pig farm in his spare time. Whitelaw said that he's completely sold clean of animal waste, as farmers hunt for alternatives to the more commonly used phosphate- and nitrogen-based fertilizers that are vital to boosting crop yields. "We don't have any left," he said. "In a normal year, you'd probably get a couple phone calls a year, not a couple of phone calls a week." It may be some time before he sees the interest in pig poop taper. Prices of synthetic fertilizer, which rely on natural gas and coal as raw materials, have soared amid an energy shortage and export restrictions by Russia and China. That's adding to challenges for agricultural supply chains at a time when global food costs are near a record high and farmers scramble for fertilizers to prevent losses to global crop yields for staples.

The Green Markets North American Fertilizer Price Index is hovering around an all-time high at $1,072.87 per short ton, while in China, spot urea has soared more than 200% this year to a record. The demand for dung is playing out globally. In Iowa, manure is selling for between $40 to $70 per short ton, up about $10 from a year ago and the highest levels since 2012, according to Daniel Anderson, assistant professor at Iowa State University and a specialist on manure. Manure is mostly a local market and truckloads won't go further than 50 miles (80 kilometers), Anderson said. When crop, fertilizer and manure prices soared about a decade ago, more farmers reintroduced animals such as hogs and cattle onto their land, in part for their manure. That option could again be on farmers' minds as fertilizer costs soar.

"Russian hackers have stolen and published the personal data of tens of thousands of employees..." reports the Australian Financial Review.

Government officials have confirmed the breach — part of a ransomware attack — and say the stolen data may even include info on the country's premier, according to an Australian public broadcaster: The government said the records of at least 38,000 employees, but potentially up to 80,000 workers, have been accessed in a cyber-attack on external payroll software provider Frontier Software. The data includes names, dates of birth, tax file numbers, home addresses, bank account details, remuneration and superannuation contributions... Treasurer Rob Lucas said politicians, including Premier Steven Marshall, could be among those affected.
The treasurer added the breach potentially impacted "The highest of the high to the lowest of the low and all of the rest of us in between." Except for schoolteachers, and the Department of Education, who did not use Frontier's software.

The website publishing the 3.75 gigabytes of data claimed it was just 10% of the total amount, according to the Australian Financial Review, which "understands Russian organised crime group Conti, which claimed credit for launching the cyberattack on Queensland's energy network CS Energy, published the information." Australian Payroll Association chief executive Tracy Angwin said the hack was a wake-up call to employers using remotely accessed payroll systems to ensure they were secure...

Frontier Software said the hacker responsible for the incident was known to employ a "double extortion" strategy, which included encrypting systems and stealing the data.
In another report, Bleeping Computer describes Conti as "a long-lived Ransomware as a Service operation" that "still manages to evade prosecution even after high-profile incidents against vital national resources such as Ireland's Department of Health." The gang is believed to be behind the recent revival of the notorious Emotet botnet, which could lead to a massive new wave of ransomware infections. This week, Conti took responsibility for the attack against Nordic Choice Hotels, a Scandinavian hotel chain with 200 properties.
Thanks to Macfox (Slashdot reader #50,100) for tipping us off to the news.

An anonymous reader quotes a report from Decrypt: Today, the publisher behind Assassin's Creed and Just Dance revealed Ubisoft Quartz, a platform that lets players earn and purchase in-game items that are tokenized as NFTs on the Tezos blockchain. Quartz will launch first in the PC version of Tom Clancy's Ghost Recon Breakpoint, the latest online game in the long-running tactical shooter series. Quartz will launch in beta on December 9 in the United States, Canada, France, Germany, Spain, Italy, Belgium, Brazil, and Australia. Ghost Recon Breakpoint players who have reached XP level 5 in the game can access the NFT drops. Ubisoft's release says that players must be at least 18 years old to create a Tezos wallet for use with the game.

Ubisoft is referring to its NFT drops as "Digits" and plans to release free NFTs for early adopters on December 9, 12, and 15, with further drops planned for 2022. An infographic shows items such as weapon skins and unique armor and apparel, along with a message that teases future initiatives: "This is just the beginning" [...] Much of Ubisoft's announcement today highlights the difference in environmental impact between the proof-of-stake Tezos blockchain and the energy-intensive Bitcoin. Tezos claims that a single transaction on its network uses "more than 2 million times less energy" than Bitcoin, the leading cryptocurrency. It also suggests that a single Tezos transaction uses about as much energy as a 30-second streaming video, whereas a Bitcoin transaction is estimated to measure up to the environmental impact of a full, uninterrupted year of streaming video footage.

An indestructible "black box" is set to be built upon a granite plain on the west coast of Tasmania, Australia, in early 2022. Its mission: Record "every step we take" toward climate catastrophe, providing a record for future civilizations to understand what caused our demise, according to the Australian Broadcasting Corporation. From a report: The project, led by marketing communications company Clemenger BBDO in collaboration with University of Tasmania researchers, is currently in beta and has already begun collecting information at its website. The structure is designed to be about the size of a city bus, made of 3-inch-thick steel and topped with solar panels. Its interior will be filled with "storage drives" that gather climate change-related data such as atmospheric carbon dioxide levels and average temperatures. In addition, using an algorithm, it will scour the web for tweets, posts, news and headlines.

The developers estimate that storage will run out in 30 to 50 years, according to the ABC. There are plans to increase the storage capacity and provide a more long-term solution, but it's unclear how the structure will be maintained -- how its solar panels might be replaced before the end of civilization, how well those drives hold up after decades and how impervious the vault will be to vandalism or sabotage. Its remote location, around four hours from the closest major city, is one deterrent -- but will that be enough?

Criminals have been selling fake vaccine certificates online and may be able to fool an EU system designed to verify the certificates' validity, researchers warn. BankInfoSecurity reports: [A] report released last week, "COVID-19 Vaccination Certificates in the Dark Web," which has not yet been peer-reviewed, notes that some darknet markets continue to sell supposed vaccine certificates for use in multiple countries. Four researchers - Dimitrios Georgoulias, Jens Myrup Pedersen, Morten Falch, Emmanouil Vasilomanolakis - who are all part of the Cyber Security Group at Aalborg University in Copenhagen, Denmark, reviewed vaccination certificate offerings from 17 marketplaces and 10 vendor shops. The researchers found that at least one vendor appears to be selling digital certificates, registered in Italy, that are being read as valid by mobile COVID-19 certificate-checking apps developed by both France and Denmark.

The Aalborg University researchers, however, note that many darknet markets forbid any listing containing any items related to COVID-19. But others, they say, do allow both physical and digital vaccine certificates to be offered for sale, and in some cases also "yellow vaccination cards" or other vaccination record cards that can be used as proof of vaccination, albeit only inside the country in which they were supposedly issued. "The listings are heavily focused on European countries and the United States, but there are also listings from other continents and countries, such as Brazil, Canada, Mexico and Australia," as well as Russia, the researchers write. "The pricing differs greatly between the different listings, with the cheapest certificate starting at $39 and the highest price reaching almost $2,800, which included both a physical and a digital certificate, registered in the United Kingdom," they write. Most markets accept bitcoin and monero cryptocurrencies as payment, they add, while a smaller number also take such digital coins as ethereum, cardano, litecoin and zcash. [...] The Aalborg University researchers note that buying a fake digital certificate gives the seller ample opportunity to scam a buyer.

If these fake COVID-19 certificates can indeed pass for valid ones, then one unanswered question remains: How? Many of the sites claim to have access to the systems used to issue certificates, either by hacking into them remotely, or having insiders who work at a healthcare or other health organization, the researchers say. "In the specific case of a listing on the Russian marketplace Hydra, the description even mentioned the exact location and hospital that the system was accessed from," they say. Another possibility, however, is that criminals have somehow stolen one or more private keys for the European system, which were issued to participating health organizations. If so, it would be difficult to revoke these keys, the researchers say, since doing so would invalidate what might be a large quantity of legitimate certificates too.

Australians have been named the heaviest drinkers in the world after spending more time drunk in 2020 than any other nation. The Guardian reports: An international survey (PDF) has found Australians drank to the point of drunkenness an average of 27 times a year, almost double the global average of 15. Almost a quarter of Australians reported feeling regret for becoming intoxicated. The Global Drug Survey asked more than 32,000 people from 22 countries what their drug and alcohol consumption was last year. On average, Australians drank alcohol in line with the global average of two nights a week, and became heavily drunk about once every two weeks. The French topped that metric, drinking around three times a week. Australian participants also tripled the global average on seeking emergency care for their drinking (3.9% compared with the global average of 1.2%). "Global Drug Survey researcher Dr Monica Barratt said Australia's high rate of drunkenness might be related to most of the country avoiding Covid lockdowns in 2020," the report adds. "Bar Victoria, most states and territories only went through short and sharp lockdowns, with relatively few cases or deaths, allowing hospitality venues to remain open and events to continue."

On the opposite end of the spectrum were New Zealanders, who became intoxicated "fewer times than almost any other country in the survey, getting drunk about 10 times a year," reports the Guardian. "Danes and Finns spent the most time drinking to excess after Australians, tied at 23.8 times a year. Americans came in third place, becoming intoxicated an average of 23 times in 2020, followed by the British (22.5 times)."

Facebook's parent company, Meta, has worked with the U.K.-based nonprofit Revenge Porn Helpline to build a tool that lets people prevent their intimate images from being uploaded to Facebook, Instagram and other participating platforms without their consent. From a report: The tool, which builds on a pilot program Facebook started in Australia in 2017, launched Thursday. It allows people who are worried that their intimate photos or videos have been or could be shared online, for example by disgruntled ex-partners, to submit the images to a central, global website called StopNCII.org, which stands for "Stop Non-Consensual Intimate Images."

"It's a massive step forward," said Sophie Mortimer, the helpline's manager. "The key for me is about putting this control over content back into the hands of people directly affected by this issue so they are not just left at the whims of a perpetrator threatening to share it." Karuna Nain, Meta's director of global safety policy, said the company had shifted its approach to use an independent website to make it easier for other companies to use the system and to reduce the burden on the victims of image-based abuse to report content to "each and every platform." During the submission process, StopNCII.org gets consent and asks people to confirm that they are in an image. People can select material on their devices, including manipulated images, that depict them nude or nearly nude. The photos or the videos will then be converted into unique digital fingerprints known as "hashes," which will be passed on to participating companies, starting with Facebook and Instagram.

In the early hours of Tuesday, at a ceremony attended by hundreds of masked officials, a prince and at least one pop star, the Caribbean island of Barbados became a republic, cutting ties with Queen Elizabeth II and casting off the last major vestige of its colonial past. The New York Times: The nation swore in its first president, Sandra Mason, a former governor general who had been appointed by the queen. A 21-gun salute rang out as the national anthem played. The red, yellow and navy blue royal flag was lowered -- exactly 55 years after the country gained independence from Britain. "Today, debate and discourse have become action," Ms. Mason, 72, told the onlookers gathered in the capital, Bridgetown. "Today, we set our compass to a new direction."

Ms. Mason received a majority vote in Parliament in October to take on the role. In a speech afterward, Prime Minister Mia Mottley said: "We believe that the time has come for us to claim our full destiny. It is a woman of the soil to whom this honor is being given." The island nation, a democracy of about 300,000 people, announced in September that it would remove Queen Elizabeth as head of state, the latest Caribbean island to do so. It joined Guyana, which gained independence in 1966 and became a republic in 1970; Trinidad and Tobago, which became independent in 1962 and a republic in 1976; and Dominica, which gained full independence as a republic in 1978. Australia, Canada, Jamaica, New Zealand and Papua New Guinea are among the nations that still call the queen their head of state. Barbados will remain part of the Commonwealth, a voluntary association of 54 countries with roots in the British Empire.

LG has appointed a new CEO to lead its electronics business. Starting December 1st, current Chief Strategy Officer William Cho will take over for Bong-seok Kwon as the CEO of LG Electronics. From a report: Meanwhile, according to The Korea Herald, Kwon will head up LG's main holding company. Cho has been with LG Electronics since 1987. Prior to his most recent role, he served as the president of LG Canada, and later had the same role at LG Australia and LG USA. Cho is about to take the reins of LG Electronics at an inflection point for the company. It recently shut down its mobile division in July after the unit failed to make a profit in 23 consecutive quarters. At this point, LG Electronics is probably best known for its TVs and monitors, but there too it faces tough competition from Samsung and a variety of Chinese competitors.

Australia's defense minister on Wednesday won a defamation case over a six-word tweet that called him a "rape apologist." From a report: Critics and experts said the court case exemplified the conservative government's heavy-handed approach toward regulating damaging commentary on social media -- what Prime Minister Scott Morrison called "a coward's palace." The case also represented a troubling shift as politicians bring more lawsuits against ordinary citizens, they said. The dispute began when Shane Bazzi, an advocate for refugees who has 13,000 Twitter followers, wrote a Twitter post in February about Peter Dutton, then the country's home affairs minister and now the defense minister.

"Peter Dutton is a rape apologist," the tweet said, and linked to an article about comments Mr. Dutton had made that women seeking asylum in Australia used rape claims as an excuse to enter the country. The post was published on the same day that Mr. Dutton also used the phrase "she said, he said" in reference to explosive accusations by Brittany Higgins, a former government staff member, who said she had been sexually assaulted in Australia's Parliament House. Mr. Dutton began defamation proceedings soon after, saying that the post had "deeply offended" him and had wrongly suggested he condoned and excused rape. Mr Bazzi's blue Twitter check mark, Mr. Dutton also argued, implied recognition by the social media giant and had led the minister to believe that the post was not just the "rant of somebody randomly on Twitter."

The Israeli government has restricted the list of countries to which local security firms are allowed to sell surveillance and offensive hacking tools by almost two-thirds, cutting the official cyber export list from 102 to 37 entries. From a report: The new list, obtained by Israeli business newspaper Calcalist earlier today, only includes countries with proven democracies, such as those from Europe and the Five Eyes coalition: Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Portugal, Romania, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, the Netherlands, the UK, and the US.

The list noticeably removes autocratic regimes, to which Israeli companies have often supplied surveillance tools. Spyware developed by Israeli companies like Candiru and the NSO Group has been linked in recent years to human rights abuses in tens of countries, with the tools being used by the local governments to spy on reporters, activists, dissidents, and political rivals.

An anonymous reader quotes a report from The Verge: Tile popularized marking items and tracking them from your phone with its small Bluetooth tags, but suddenly faces more competition from giants like Apple, Amazon, Google, and Samsung. The company that started out of an incubator and crowdfunding campaign has announced it will be acquired by Life360, which calls itself a "leading family safety platform." The deal is valued at $205 million and is expected to close in the first quarter of 2022. Tile has developed its product line over the years with a variety of different trackers and partnerships with other companies to use its technology. It also has a subscription service, Tile Premium, with extra features, battery replacements, and insurance against potential losses. However, the game may have changed once Apple and Google started building their own item-locating features into iPhones and Android devices.

Life360 bills itself as an overall family safety app, with location sharing between family members, crash detection, and other features. Over the summer, it announced that it has over 1 million paying customers and reported its valuation had crossed $1 billion. It also acquired another item locating hardware startup, Jiobit, which makes cellular-connected trackers for kids and pets. Life360 expects the deal will increase the global footprint for both companies, Tile's non-Bluetooth Finding Network, and create a larger combined subscriber base. Currently listed on the stock exchange in Australia, Life360 says it has plans for a "potential dual listing in the US" next year.

South Australia on Sunday became the first gigawatt scale grid in the world to reach zero demand when the combined output of rooftop solar and other small non-scheduled generators exceeded all the local customer load requirements. Renew Economy reports: The landmark event was observed by several energy analysts, including at Watt Clarity and NEMLog, where Geoff Eldridge noted that a number of measures for South Australia demand notched up record minimums for system normal conditions. It was later confirmed by the Australian Energy Market Operator, which noted that "scheduled" demand -- local demand minus the output of rooftop solar and small unscheduled generators such as small solar farms and bio-energy -- fell to minus 38MW in a five minute period at 1235pm (grid time, or AEST).

Minimum demand is now possibly the biggest challenge for market operators like AEMO, because under current market settings it needs to have a certain amount of synchronous generation to maintain system strength and grid stability. It does this by running a minimum amount of gas generation, and through the recent commissioning of spinning machines called synchronous condensers that do not burn fuel. It also needs a link to a neighboring grid, in this case Victoria, so it can export surplus production.

An anonymous reader writes: Given the widespread understanding that sophisticated hackers are regularly using zero-day vulnerabilities to break into high-value systems, why is it that when I search for "zero day" on Australia's most popular job search engine only one "real" job comes up? Is the security of the Internet totally dependent on dedicated hobbyists, part-time showboats, and people willing to take meagre bug bounties (on average paying $3,650 for a critical vulnerability) instead of selling their findings (sometimes for millions of dollars) to dubious buyers?
Are they all in-house security people hunting for zero-days as part of their regular responsibilities? Share your own thoughts in the comments.

Where are all the jobs preventing zero-day exploits?

The U.S. government, along with counterparts in Australia and the U.K, have warned that Iranian state-backed hackers are targeting U.S. organizations in critical infrastructure sectors -- in some cases with ransomware. From a report: The rare warning linking Iran with ransomware landed in a joint advisory Wednesday, issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the U.K's National Cyber Security Centre (NCSC). The advisory said that Iran-backed attackers have been exploiting Fortinet vulnerabilities since at least March and a Microsoft Exchange ProxyShell vulnerability since October to gain access to U.S. critical infrastructure organizations in the transport and public health sectors, as well as organizations in Australia. The aim of the hackers is ultimately to leverage this access for follow-on operations such as data exfiltration, extortion and ransomware deployment. In May this year, for example, the hackers abused Fortigate gear to access a web server hosting the domain for a U.S. municipal government. The following month, CISA and the FBI observed the hackers exploiting Fortinet vulnerabilities to access the networks of a U.S.-based hospital specializing in healthcare for children. The joint advisory has been released alongside a separate report from Microsoft on the evolution of Iranian APTs, which are "increasingly utilizing ransomware to either collect funds or disrupt their targets." In the report, Microsoft said it has been tracking six Iranian threat groups that have been deploying ransomware and exfiltrating data in attacks that started in September 2020.

A new space mission to hunt for potentially habitable planets around Earth's closest neighbouring star system is under way. From a report: In a project with echoes of the 2009 film Avatar, an international collaboration of scientists in Australia and the US will search in the Alpha Centauri star system for earth-like planets that could sustain life. Alpha Centauri -- Earth's closest neighbouring star system -- consists of two sun-like stars, known as Alpha Centauri A and B, and a more distant red dwarf star. The Toliman mission, named after the ancient Arabic-derived name for the star system, will search for potential planets orbiting Alpha Centauri A and B.

The Toliman telescope, which is under construction, is set to be launched into low-earth orbit in 2023. It seeks to discover new planets in the "Goldilocks orbit" -- at the right distance, so the planet is neither too hot nor too cold to sustain life. Project leader Prof Peter Tuthill, of the University of Sydney, said: "If we're looking for life as we know it, usually the gold standard is a planet where liquid water could be present at the surface of the planet â" so it's not like a frozen snowball, and it doesn't boil all the water up into the atmosphere." "We know that life has evolved at least once, around a sun-like star on an earth-like planet," Tuthill said. "We try to look for other examples that are as close to that configuration as possible."