An anonymous reader quotes a report from The New York Times: The Food and Drug Administration on Monday warned 12 sellers of dietary supplements to stop claiming their products can cure diseases ranging from Alzheimer's to cancer to diabetes. At the same time, Dr. Scott Gottlieb, the agency's commissioner, suggested that Congress strengthen the F.D.A.'s authority over an estimated $40 billion industry, which sells as many as 80,000 kinds of powders and pills with little federal scrutiny. These products range from benign substances like vitamin C or fish oil to more risky mineral, herbal and botanical concoctions that can be fatal.

"People haven't wanted to touch this framework or address this space in, really, decades, and I think it's time we do it," Dr. Gottlieb said in an interview. He is particularly concerned about supplements that purport to cure diseases for which consumers should seek medical attention. "We know there are effective therapies that can help patients with Alzheimer's," he said. "But unproven supplements that claim to treat the disease but offer no benefits can prevent patients from seeking otherwise effective care." The companies included TEK Naturals, Pure Nootropics and Sovereign Laboratories. In a letter to TEK Naturals, the F.D.A. and the Federal Trade Commission chastised the company for marketing Mind Ignite as a product "clinically shown to help diseases of the brain such as Alzheimer's and even dementia."

An innocent-looking image -- sent either via the internet or text -- could open your Android phone up to hacking. "While this certainly doesn't apply to all images, Google discovered that a maliciously crafted PNG image could be used to hijack a wide variety of Androids -- those running Android Nougat (7.0), Oreo (8.0), and even the latest Android OS Pie (9.0)," reports CSO Online. From the report: The latest bulletin lists 42 vulnerabilities in total -- 11 of which are rated as critical. The most severe critical flaw is in Framework; it "could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process." Although Google had no report of the security flaws being actively exploited, it remains to be seen if and how long it will take before attackers use the flaw for real-world attacks. Android owners were urged to patch as soon as security updates becomes available. But let's get real: Even if your Android still receives security updates, there's no telling how long it will be (weeks or months) before manufacturers and carriers get it together to push out the patches.

Sen. Amy Klobuchar (D-Minn.) said she wanted to "guarantee" net neutrality for all Americans during her 2020 presidential campaign kickoff speech. "[T]he senator bringing it up in her announcement marked perhaps the most high-profile stage the issue has had in terms of recent presidential politics," reports The Daily Dot. From the report: The Minnesota senator brought up the issue among other technology platform goals, including privacy and cybersecurity. "Way too many politicians have their heads stuck in the sand when it comes to the digital revolution. 'Hey guys, it's not just coming. It's here.' If you don't know the difference between a hack and Slack, it's time to pull off the digital highway," she said. "What would I do as president? We need to put some digital rules of the road into law when it comes to people's privacy."

She added: "For too long the big tech companies have been telling you, don't worry, we've got your back," she said. "While your identities, in fact, are being stolen and your data is being mined. Our laws need to be as sophisticated as the people who are breaking them. We must revamp our nation's cybersecurity and guarantee net neutrality for all. And we need to end the digital divide by pledging to connect every household to the internet by 2022, and that means you, rural America." Other Democrats seeking the 2020 nomination have shown support for net neutrality in the past. Rep. Tulsi Gabbard (D-Hawaii) tweeted late last month about reports suggesting that telecom investments have not risen since the FCC's controversial repeal of net neutrality, calling the decision "another handout to big corporations & telecom giants."

Sen. Elizabeth Warren (D-Mass.) also told a crowd in Iowa last month that she believed "in net neutrality the same way I believe everybody should have access to electricity," according to the Washington Post.

An anonymous reader quotes a report from ZDNet: One of the great security fears about containers is that an attacker could infect a container with a malicious program, which could escape and attack the host system. Well, we now have a security hole that could be used by such an attack: RunC container breakout, CVE-2019-5736. RunC is the underlying container runtime for Docker, Kubernetes, and other container-dependent programs. It's an open-source command-line tool for spawning and running containers. Docker originally created it. Today, it's an Open Container Initiative (OCI) specification. It's widely used. Chance are, if you're using containers, you're running them on runC.

According to Aleksa Sarai, a SUSE container senior software engineer and a runC maintainer, security researchers Adam Iwaniuk and Borys Popawski discovered a vulnerability, which "allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command (it doesn't matter if the command is not attacker-controlled) as root." To do this, an attacker has to place a malicious container within your system. But, this is not that difficult. Lazy sysadmins often use the first container that comes to hand without checking to see if the software within that container is what it purports to be. Red Hat technical product manager for containers, Scott McCarty, warned: "The disclosure of a security flaw (CVE-2019-5736) in runc and docker illustrates a bad scenario for many IT administrators, managers, and CxOs. Containers represent a move back toward shared systems where applications from many different users all run on the same Linux host. Exploiting this vulnerability means that malicious code could potentially break containment, impacting not just a single container, but the entire container host, ultimately compromising the hundreds-to-thousands of other containers running on it. While there are very few incidents that could qualify as a doomsday scenario for enterprise IT, a cascading set of exploits affecting a wide range of interconnected production systems qualifies...and that's exactly what this vulnerability represents."

U.S. President Donald Trump on Monday will sign an executive order asking federal government agencies to dedicate more resources and investment into research, promotion and training on artificial intelligence (AI), Reuters reports, citing a senior administration official said. From the report: Under the American AI Initiative, the administration will direct agencies to prioritize AI investments in research and development, increase access to federal data and models for that research and prepare workers to adapt to the era of AI. There was no specific funding announced for the initiative, the administration official said on a conference call, adding that it called for better reporting and tracking of spending on AI-related research and development. The initiative aims to make sure the United States keeps its research and development advantage in AI and related areas, such as advanced manufacturing and quantum computing. Trump, in his State of the Union speech last week, said he was willing to work with lawmakers to deliver new and important infrastructure investment, including investments in the cutting-edge industries of the future, calling it a "necessity."