The US Cybersecurity and Infrastructure Security Agency (CISA) has issued, with the FBI and the Coast Guard, a Joint Advisory warning that CVE-2021-40539, a vulnerability in Zoho's password manager and single-sign-on solution ManageEngine ADSelfService Plus, is being actively exploited in the wild. Zoho fixed the bug on September 6th, and CISA urges users to apply the patch as soon as practicable. The software is of concern to CISA because it's used by "critical infrastructure companies, US-cleared defense contractors, [and] academic institutions."
Bloomberg writes that Chinese police are increasing their enforcement of laws against illicit alt-coin mining, which is producing a noticeable drain on the country's electrical power. Many cryptocurrency miners evaded the law by representing themselves as data researchers or storage facilities. Chinese coin-miners have held 46% of the global hash rate.
MIT Technology Review reports that Facebook's engagement maximization algorithms automatically pushed usually inflammatory, often false, troll-farmed content into American users' news feeds during the 2020 election season, reaching as many as a hundred-forty-million individuals per month. An internal Facebook study concluded, “Instead of users choosing to receive content from these actors, it is our platform that is choosing to give [these troll farms] an enormous reach.” The social network did seek to put "guardrails" in place to keep content from veering too far from some approximation of truth and normality, and it continued its work against coordinated inauthenticity, but its own algorithms were stacked against its better intentions.
Bravo, Bitdefender, for releasing a free decryptor for REvil/Sodinokibi ransomware.