A powerful 8.0 magnitude earthquake hit the Amazon rainforest in north-central Peru on Sunday morning, according to the United States Geological Survey ...
View full coverage on Google News
https://www.accuweather.com/en/weather-news/powerful-80-magnitude-earthquake-cuts-power-causes-damage-in-north-central-peru/70008367
In today's roundup we're dissecting Apple's latest patent filing, which reveals new details of a revamped Touch ID that could come to the next generation of iPhones. We're also breaking down all the most important changes to the new MacBook Pros, including what the company's doing about the keyboard. And in case that wasn't enough, Apple also sent out WWDC invites this week revealing some potential clues about what it will announce at its next developer's conference.
Now playing:Watch this:
Apple's latest patent hints at iPhone 12 feature
6:37
Apple could bring Touch ID back to the next iPhone
There have been plenty of rumors about an in-screen fingerprint scanner on the next iPhone, dating back to the pre-Face ID days. But Apple's latest patent all but confirms the company's plans to bring back Touch ID in the future. Just maybe not all that soon.
The latest patent, published in Patently Apple, shows how the company plans to embed pinhole cameras behind the screen of the phone, which would be capable of creating a 3D map of your fingerprint regardless of where you position your finger.
Apple likely wouldn't be replacing Face ID anytime soon, but it this new in-screen Touch ID could be used as a supplementary form of biometric identification to make your iPhone even more secure.
What's exciting about this patent is that it shows pictures of a working prototype, meaning Apple is pretty far along in the development process. The bad news is that it likely wouldn't be ready to go into mass production until the 2020 cycle. This is also the year Apple is rumored to be bringing 5G connectivity to the iPhone after reaching a settlement with Qualcomm to use they're 5G chips. And 2020 can't come soon enough.
This year's iPhone 11 is rumored to have few major changes, aside from a three-camera array on the back and reverse wireless charging. An in-screen fingerprint scanner might have helped entice users to upgrade with the next iPhone release.
Apple's new MacBook Pros get a power boost
Apple announced its new MacBook Pros this week with important but practically imperceptible upgrades. On the outside they could be easily confused with last year's models, but they're now powered by Intel's ninth-generation Core i7 and Core i9 CPUs, in both six-core and eight-core versions, making them the first MacBooks with an eight-core processor, the most powerful ever.
As for the keyboard on the new machines, they still have the traditional butterfly switch mechanism that has caused so many keyboard issues for Apple in previous models, but this time around it's using a new material Apple says will help solve its sticky key problem.
Apple was vague about details regarding the changes in material, but a few days later, repair site iFixit had already published its own teardown of the machine detailing the changes. According to the report, Apple seems to have swapped out the silicone membrane found underneath each key that helps protect against dust and other "contaminants." iFixit also said that the "metal dome" -- what gets pushed down when you press a key, then pops back up when you release -- also may have been changed, but it is less certain of that switch.
But even with the full teardown, it's hard to know how these subtle changes will affect the performance of these new keyboards and the jury's still out on Apple's latest fix.
Apple's plan to fix its keyboard issue for good
The new material wasn't Apple's only attempt at fixing its keyboard problems. The same day the company launched the new MacBook Pros, it also announced it would be extending its Keyboard service program to replace all MacBooks' faulty keyboards from 2015 onward, and that the repair program would be sped up to get users back up and running faster.
In 2015, Apple switched from the traditional scissor mechanism to a butterfly-switch keyboard. This new solution debuted on the 12-inch Retina Macbook and allowed Apple to build a thinner machine. Soon after, users began to complain about unresponsive or sticky keys and letters or characters that would repeat unexpectedly when typing or would just flat-out refuse to type.
After years of brushing the issue aside, Apple finally acknowledged in June of last year that " a very small percentage of keyboards" were experiencing issues and offered free repairs.
But the fix only covered first-generation and second-generation keyboards, and repairs could take over a week. The news now extends the repair program to all models, including third-generation keyboards as well as the ones in the newest MacBooks. And those who've already paid for repairs can contact Apple for a refund.
Apple sends out official WWDC 2019 invites
We've known the dates of Apple's next developers' conference for a while now: the first week in June, just like every other year. But this week the company sent out the official invitations for its opening keynote, which is set to take place at the McEnery Convention Center in San Jose on June 3 at 10 a.m. PT.
This is where the company usually announces its new software updates for iOS, MacOS, WatchOS and TVOS, and this year will be no exception. But the details of each update are still vague, which is why the invite is important. Apple often likes to hide clues as Easter eggs hinting at what it will announce in the invitation. And if you like teasers, CNET editor Patrick Holland disusses what Apple's WWDC 2019 invite teases about the next iOS and MacOS in this article.
The Yankees beat the Royals, 6-5, to earn a sweep in today's split doubleheader at Kauffman Stadium. >> Box score
Four takeaways from Saturday's game...
1) After Chad Green allowed a first inning run as the Yankees opener, the team turned to Chance Adams, the club's 26th man for the doubleheader. Adams pitched well, despite his line as his defense was atrocious behind him and the official scorer handed out some gift hits to the Royals that probably should have been ruled errors. Regardless, anyone watching had to like how Adams got the ball back each time his defense failed him, threw strikes and worked at a very good pace. He earned his first career MLB win.
2) The Yankees shot out to a 5-1 lead in the second inning, scoring all the runs before registering an out in the frame with Austin Romine and Cameron Maybin notching two-RBI hits. Romine ended up with three hits and Maybin recorded two knocks on the night.
3) The Yankees six through nine hitters did most of the damage for the Yanks, going 7-for-13 with five walks, five runs and five RBIs.
4) After Adams left the game, Jonathan Holder and Tommy Kahnle tossed hitless scoreless innings. Zack Britton allowed a hit in the eighth, but no runs, which stretched his scoreless streak to 10 games. Finally, Aroldis Chapman closed out the game, recording his 14th save despite allowing a run.
The Yankees will send RHP Domingo Germán (9-1, 2.60 ERA) to the mound in the series finale against Kansas City's LHP Danny Duffy (3-1, 3.45 ERA) on Sunday at 2:15 p.m.
The American League East-leading New York Yankees will close out their weekend series on the road at Kauffman Stadium against the Kansas City Royals on Sunday afternoon.
After an 8-10 start riddled with countless injuries, the Yankees have suddenly won 24 of their last 31 games with a depleted roster to catapult themselves into a 2.5-game lead in the division race. New York can extend that lead this weekend with a very winnable series in Kansas City against a Royals team that is just 17-32 on the year. Can the Yankees continue their unlikely run by closing their series at Kauffman Stadium with a win on Sunday?
German turning into unlikely ace for Yankees
With James Paxton, C.C. Sabathia and Luis Severino all spending time on the injured list, right-hander Domingo German has emerged as the unlikely ace in the starting rotation. The second-year starter has made a major leap forward this season, compiling an impressive 9-1 overall record and a 2.60 ERA through 10 appearances (nine starts). German has reigned in his command and cut down on his walk-rate, but some regression could be on the way for the 25-year-old. While German is still striking out better than a batter per inning, he’s benefited from a .229 BABIP, which is almost 80 points lower than the .300 BABIP he posted in 2018, and his 3.81 xFIP is more than a run higher than his current ERA.
German’s lone loss of the season came against the Royals on April 18. He allowed three earned runs and was victimized by two long balls in six innings of work versus the Royals.
According to Baseball Savant, the current Royals’ roster is batting .261 in 21 plate appearances off of German. StatCast projects KC hitters for an expected batting average of .284 and an expected slugging percentage of .542 versus German for Sunday’s start.
Duffy pitching well for Royals after late start to year
Starting pitching has been a major issue for the Royals this season. Kansas City starters have compiled a 5.39 earned run average this season — 25th in baseball. That’s half a run worse than the mark in 2018. Three men in the rotation — Jakob Junis, Homer Bailey and Jorge Lopez — have earned run averages of 5.69 or worse.
Kansas City will counter with 30-year-old lefty Danny Duffy, who is off to a fine start after a late beginning to the season. Through five starts, Duffy has allowed three runs or less on four occasions, winning each of his last three decisions. He comes in with a 3-1 overall record to go along with a 3.45 ERA and he’s racked up three quality outings over his last four starts.
Duffy has performed well against the Yankees as of late, posting a 3.15 ERA in five appearances (three starts) against them dating back to 2016. However, his last start against New York didn’t go so well, as he gave up five earned runs in four innings in a loss last season.
According to Baseball Savant, the current Yankees’ roster is batting .241 in 59 plate appearances off of Duffy, who sports a 6.84 FIP heading into this matchup despite striking out Yankees hitters 27.1 percent of the time. StatCast projects New York for an expected batting average of .310 and an expected slugging percentage of .641 off of Duffy heading into Sunday’s showdown.
The ransomware attacks in Baltimore and other US cities appear to have a common thread: they're using NSA tools on the agency's home soil. In-the-know security experts talking to the New York Times said the malware in the cyberattacks is using the NSA's stolen EternalBlue as a "key component," much like WannaCry and NotPetya. While the full list of affected cities isn't available, San Antonio and the Pennsylvania city of Allentown have reportedly been victims of EternalBlue-based campaigns.
Microsoft has issued fixes for affected Windows version after the NSA disclosed the long-secret vulnerabilities. However, these attacks frequently succeed due to fragmented local governments that tend to be cautious about upgrades. In addition to using a mishmash of software and configurations that complicates updates, cities may be hesitant to patch or upgrade their software due to compatibility concerns and tight budgets.
And unfortunately, the NSA isn't likely to help. While it helped Microsoft patch the security hole after EternalBlue became public in 2017, it has so far turned down discussion of the flaw and hasn't even acknowledged that the code loss took place. The NSA and FBI have declined to comment on the new revelations.
Whatever its involvement, incidents like Baltimore's highlight a problem with the NSA and other intelligence agencies hoarding exploits. The practice only works so long as officials have total control over vulnerabilities and the matching hacking tools. If data for either gets out, they effectively give criminals and foreign spies an advantage over an unprepared public. And when these exploits seldom discriminate between countries, they can cause plenty of damage at home.
For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.
But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.
Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.
It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.
The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.
Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly N.S.A. breach in history,” more damaging than the better-known leak in 2013 from Edward Snowden, the former N.S.A. contractor.
“The government has refused to take responsibility, or even to answer the most basic questions,” Mr. Rid said. “Congressional oversight appears to be failing. The American people deserve an answer.”
The N.S.A. and F.B.I. declined to comment.
Since that leak, foreign intelligence agencies and rogue actors have used EternalBlue to spread malware that has paralyzed hospitals, airports, rail and shipping operators, A.T.M.s and factories that produce critical vaccines. Now the tool is hitting the United States where it is most vulnerable, in local governments with aging digital infrastructure and fewer resources to defend themselves.
Image
On May 7, city workers in Baltimore had their computers frozen by hackers. Officials have refused to pay the $100,000 ransom.Credit.
Before it leaked, EternalBlue was one of the most useful exploits in the N.S.A.’s cyberarsenal. According to three former N.S.A. operators who spoke on the condition of anonymity, analysts spent almost a year finding a flaw in Microsoft’s software and writing the code to target it. Initially, they referred to it as EternalBluescreen because it often crashed computers — a risk that could tip off their targets. But it went on to become a reliable tool used in countless intelligence-gathering and counterterrorism missions.
EternalBlue was so valuable, former N.S.A. employees said, that the agency never seriously considered alerting Microsoft about the vulnerabilities, and held on to it for more than five years before the breach forced its hand.
The Baltimore attack, on May 7, was a classic ransomware assault. City workers’ screens suddenly locked, and a message in flawed English demanded about $100,000 in Bitcoin to free their files: “We’ve watching you for days,” said the message, obtained by The Baltimore Sun. “We won’t talk more, all we know is MONEY! Hurry up!”
Today, Baltimore remains handicapped as city officials refuse to pay, though workarounds have restored some services. Without EternalBlue, the damage would not have been so vast, experts said. The tool exploits a vulnerability in unpatched software that allows hackers to spread their malware faster and farther than they otherwise could.
North Korea was the first nation to co-opt the tool, for an attack in 2017 — called WannaCry — that paralyzed the British health care system, German railroads and some 200,000 organizations around the world. Next was Russia, which used the weapon in an attack — called NotPetya — that was aimed at Ukraine but spread across major companies doing business in the country. The assault cost FedEx more than $400 million and Merck, the pharmaceutical giant, $670 million.
The damage didn’t stop there. In the past year, the same Russian hackers who targeted the 2016 American presidential election used EternalBlue to compromise hotel Wi-Fi networks. Iranian hackers have used it to spread ransomware and hack airlines in the Middle East, according to researchers at the security firms Symantec and FireEye.
“It’s incredible that a tool which was used by intelligence services is now publicly available and so widely used,” said Vikram Thakur, Symantec’s director of security response.
One month before the Shadow Brokers began dumping the agency’s tools online in 2017, the N.S.A. — aware of the breach — reached out to Microsoft and other tech companies to inform them of their software flaws. Microsoft released a patch, but hundreds of thousands of computers worldwide remain unprotected.
Image
Microsoft employees reviewing malware data at the company’s offices in Redmond, Wash. EternalBlue exploits a flaw in unpatched Microsoft software.CreditKyle Johnson for The New York Times
Hackers seem to have found a sweet spot in Baltimore, Allentown, Pa., San Antonio and other local, American governments, where public employees oversee tangled networks that often use out-of-date software. Last July, the Department of Homeland Security issued a dire warning that state and local governments were getting hit by particularly destructive malware that now, security researchers say, has started relying on EternalBlue to spread.
Microsoft, which tracks the use of EternalBlue, would not name the cities and towns affected, citing customer privacy. But other experts briefed on the attacks in Baltimore, Allentown and San Antonio confirmed the hackers used EternalBlue. Security responders said they were seeing EternalBlue pop up in attacks almost every day.
Amit Serper, head of security research at Cybereason, said his firm had responded to EternalBlue attacks at three different American universities, and found vulnerable servers in major cities like Dallas, Los Angeles and New York.
The costs can be hard for local governments to bear. The Allentown attack, in February last year, disrupted city services for weeks and cost about $1 million to remedy — plus another $420,000 a year for new defenses, said Matthew Leibert, the city’s chief information officer.
He described the package of dangerous computer code that hit Allentown as “commodity malware,” sold on the dark web and used by criminals who don’t have specific targets in mind. “There are warehouses of kids overseas firing off phishing emails,” Mr. Leibert said, like thugs shooting military-grade weapons at random targets.
The malware that hit San Antonio last September infected a computer inside Bexar County sheriff’s office and tried to spread across the network using EternalBlue, according to two people briefed on the attack.
This past week, researchers at the security firm Palo Alto Networks discovered that a Chinese state group, Emissary Panda, had hacked into Middle Eastern governments using EternalBlue.
“You can’t hope that once the initial wave of attacks is over, it will go away,” said Jen Miller-Osborn, a deputy director of threat intelligence at Palo Alto Networks. “We expect EternalBlue will be used almost forever, because if attackers find a system that isn’t patched, it is so useful.”
Image
Adm. Michael S. Rogers, who led the N.S.A. during the leak, has said the agency should not be blamed for the trail of damage.CreditErin Schaff for The New York Times
Until a decade or so ago, the most powerful cyberweapons belonged almost exclusively to intelligence agencies — N.S.A. officials used the term “NOBUS,” for “nobody but us,” for vulnerabilities only the agency had the sophistication to exploit. But that advantage has hugely eroded, not only because of the leaks, but because anyone can grab a cyberweapon’s code once it’s used in the wild.
Some F.B.I. and Homeland Security officials, speaking privately, said more accountability at the N.S.A. was needed. A former F.B.I. official likened the situation to a government failing to lock up a warehouse of automatic weapons.
In an interview in March, Adm. Michael S. Rogers, who was director of the N.S.A. during the Shadow Brokers leak, suggested in unusually candid remarks that the agency should not be blamed for the long trail of damage.
“If Toyota makes pickup trucks and someone takes a pickup truck, welds an explosive device onto the front, crashes it through a perimeter and into a crowd of people, is that Toyota’s responsibility?” he asked. “The N.S.A. wrote an exploit that was never designed to do what was done.”
At Microsoft’s headquarters in Redmond, Wash., where thousands of security engineers have found themselves on the front lines of these attacks, executives reject that analogy.
“I disagree completely,” said Tom Burt, the corporate vice president of consumer trust, insisting that cyberweapons could not be compared to pickup trucks. “These exploits are developed and kept secret by governments for the express purpose of using them as weapons or espionage tools. They’re inherently dangerous. When someone takes that, they’re not strapping a bomb to it. It’s already a bomb.”
Brad Smith, Microsoft’s president, has called for a “Digital Geneva Convention” to govern cyberspace, including a pledge by governments to report vulnerabilities to vendors, rather than keeping them secret to exploit for espionage or attacks.
Last year, Microsoft, along with Google and Facebook, joined 50 countries in signing on to a similar call by French President Emmanuel Macron — the Paris Call for Trust and Security in Cyberspace — to end “malicious cyber activities in peacetime.”
Notably absent from the signatories were the world’s most aggressive cyberactors: China, Iran, Israel, North Korea, Russia — and the United States.
Chris Carelli, SNY.TV 
