Crypto-driven GPU crash makes Nvidia miss Q2 projections by $1.4 billion

Crypto-driven GPU crash makes Nvidia miss Q2 projections by $1.4 billion

Enlarge (credit: Getty Images)

Nvidia doesn’t officially announce its second-quarter financial results until the end of the month, but the company is trying to soften the blow by announcing preliminary results today. And as with so many other tech companies in the last month, the results are mixed at best. With $6.7 billion in revenue, Nvidia managed to eke out year-over-year growth, but the results are still bad news because that number is down from a previously forecasted $8.1 billion, a miss of $1.4 billion.

Nvidia blamed this shortfall on weaker-than-expected demand for its gaming products, including its GeForce graphics processors. Nvidia pointed to “a reduction in channel partner sales,” meaning that partners like Evga, MSI, Asus, Zotac, Gigabyte, and others were selling fewer new GPUs than anticipated. This drop can be attributed partly to a crash in the value of mining-based cryptocurrencies like Bitcoin and Ethereum—fewer miners are buying these cards, and miners looking to unload their GPUs on the secondhand market are also giving gamers a cheaper source for graphics cards.

“As we expect the macroeconomic conditions affecting sell-through to continue, we took actions with our Gaming partners to adjust channel prices and inventory,” said Nvidia CEO Jensen Huang. That means we may see further price drops for existing GeForce GPUs, which have already been dropping in price throughout the year. Some cards still haven’t reverted to their originally advertised prices, but they’re getting closer all the time.

Read 3 remaining paragraphs | Comments

#biz-it, #gaming-culture, #nvidia, #tech

Excel esports on ESPN show world the pain of format errors

Ladies and gentlemen, let's get ready to modelllllllll!

Enlarge / Ladies and gentlemen, let’s get ready to modelllllllll! (credit: FMWC)

If you watched ESPN2 during its stint last weekend as “ESPN8: The Ocho,” you may have seen some odd, meme-friendly competitions, including corgi racing, precision paper airplane tossing, and slippery stair climbing.

Or you might have seen “Excel Esports: All-Star Battle,” a tournament in which an unexpected full-column Flash Fill is announced like a 50-yard Hail Mary. It’s just the latest mainstream acknowledgment of Excel as a viable, if quirky, esport, complete with down-to-the-wire tension and surprising comebacks.

The full Excel Esports All-Star Battle.

The Financial Modeling World Cup (FMWC) hosts regular international competitions, both invitational and open to anyone, in which Excel pros strive to solve as many questions as possible from a complex task. You can download all three of the tasks used in last weekend’s battle for free.

Read 5 remaining paragraphs | Comments

#biz-it, #espn, #esports, #excel, #fmwc, #gaming-culture, #microsoft-excel

Cyberattack on Albanian government suggests new Iranian aggression

Tirane, Albania.

Enlarge / Tirane, Albania. (credit: Pawel Toczynski | Getty Images)

In mid-July, a cyberattack on the Albanian government knocked out state websites and public services for hours. With Russia’s war raging in Ukraine, the Kremlin might seem like the likeliest suspect. But research published on Thursday by the threat intelligence firm Mandiant attributes the attack to Iran. And while Tehran’s espionage operations and digital meddling have shown up all over the world, Mandiant researchers say that a disruptive attack from Iran on a NATO member is a noteworthy escalation.

The digital attacks targeting Albania on July 17 came ahead of the “World Summit of Free Iran,” a conference scheduled to convene in the town of Manëz in western Albania on July 23 and 24. The summit was affiliated with the Iranian opposition group Mujahadeen-e-Khalq, or the People’s Mojahedin Organization of Iran (often abbreviated MEK, PMOI, or MKO). The conference was postponed the day before it was set to begin because of reported, unspecified “terrorist” threats.

Read 6 remaining paragraphs | Comments

#biz-it, #cyberattack, #iran, #nato

“Huge flaw” threatens US emergency alert system, DHS researcher warns

Obstruction light with bokeh city background

Enlarge / Obstruction light with bokeh city background

The US Department of Homeland Security is warning of vulnerabilities in the nation’s emergency broadcast network that makes it possible for hackers to issue bogus warnings over radio and TV stations.

“We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network),” the DHS’s Federal Emergency Management Agency (FEMA) warned. “This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.”

Pyle told reporters at CNN and Bleeping Computer that the vulnerabilities reside in the Monroe Electronics R189 One-Net DASDEC EAS, an Emergency Alert System encoder and decoder. TV and radio stations use the equipment to transmit emergency alerts. The researcher told Bleeping Computer that “multiple vulnerabilities and issues (confirmed by other researchers) haven’t been patched for several years and snowballed into a huge flaw.”

Read 2 remaining paragraphs | Comments

#biz-it, #department-of-homeland-security, #dhs, #emergency-alert-system

North Korea-backed hackers have a clever way to read your Gmail

North Korea-backed hackers have a clever way to read your Gmail

Enlarge (credit: Getty Images)

Researchers have unearthed never-before-seen malware that hackers from North Korea have been using to surreptitiously read and download email and attachments from infected users’ Gmail and AOL accounts.

The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers, Volexity reported in a blog post. The extension can’t be detected by the email services, and since the browser has already been authenticated using any multifactor authentication protections in place, this increasingly popular security measure plays no role in reining in the account compromise.

The malware has been in use for “well over a year,” Volexity said, and is the work of a hacking group the company tracks as SharpTongue. The group is sponsored by North Korea’s government and overlaps with a group tracked as Kimsuky by other researchers. SHARPEXT is targeting organizations in the US, Europe, and South Korea that work on nuclear weapons and other issues North Korea deems important to its national security.

Read 12 remaining paragraphs | Comments

#biz-it

Intel’s loss is AMD’s gain as EPYC server CPUs benefit from Intel’s delays

AMD's EPYC server processors are benefitting from Intel's delays.

Enlarge / AMD’s EPYC server processors are benefitting from Intel’s delays. (credit: AMD)

Earnings reports for tech companies this quarter have been mixed at best. AppleMicrosoft, Alphabet, and others have managed to eke out a little growth, while the likes of Meta and Nintendo shrank a little, and most companies’ projections for the next quarter are also less-than-optimistic.

One company that has been hit particularly hard is Intel, which saw its revenues decline from $19.6 billion in Q2 of 2021 to $15.3 billion in 2022. The company’s earnings presentation (PDF) showed weakness across the board for a variety of reasons: weaker demand for consumer PCs, money invested in getting the Arc dedicated graphics products off the ground, and “competitive pressure” in the server CPU market.

That competitor is AMD, whose EPYC line of server processors was just one bright spot in a record quarter for the company. Revenue increased from $3.9 billion in Q2 of 2021 to $6.6 billion this year, with $673 million of that additional revenue coming from EPYC processor sales and the company’s data center division. This is a big deal for AMD, which had some success with its Opteron server CPUs way back in the mid-2000s but had mostly ceded that ground to Intel throughout the 2010s.

Read 3 remaining paragraphs | Comments

#amd, #biz-it, #intel, #tech

Post-quantum encryption contender is taken out by single-core PC and 1 hour

Post-quantum encryption contender is taken out by single-core PC and 1 hour

Enlarge (credit: Getty Images)

In the US government’s ongoing campaign to protect data in the age of quantum computers, a new and powerful attack that used a single traditional computer to completely break a fourth-round candidate highlights the risks involved in standardizing the next generation of encryption algorithms.

Last month, the US Department of Commerce’s National Institute of Standards and Technology, or NIST, selected four post-quantum computing encryption algorithms to replace algorithms like RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman, which are unable to withstand attacks from a quantum computer.

In the same move, NIST advanced four additional algorithms as potential replacements pending further testing in hopes one or more of them may also be suitable encryption alternatives in a post-quantum world. The new attack breaks SIKE, which is one of the latter four additional algorithms. The attack has no impact on the four PQC algorithms selected by NIST as approved standards, all of which rely on completely different mathematical techniques than SIKE.

Read 14 remaining paragraphs | Comments

#biz-it, #encryption, #national-institute-of-standards-and-technology, #nist, #quantum-computing, #uncategorized

Charter loses home Internet customers, blames end of COVID subsidy program

Charter CEO Tom Rutledge gesturing with his hands and speaking at a conference.

Enlarge / Charter CEO Tom Rutledge speaks during The New York Times DealBook conference in New York on Thursday, Nov. 10, 2016. (credit: Getty Images | Bloomberg)

The two largest home Internet providers in the US both lost subscribers in the second quarter of 2022.

On Friday, Charter Communications reported a loss of 42,000 residential Internet customers, leaving it with 28,259,000 households buying Spectrum Internet service. Charter also gained 21,000 small and medium business (SMB) customers, bringing it up to 1,994,000 in that category.

Charter is the second biggest Internet provider after Comcast. Last week, Comcast reported a loss of 10,000 residential broadband customers, leaving it with 29,826,000 Internet-subscribing households. Comcast also gained 10,000 business broadband customers, giving it 2,337,000 business subscribers.

Read 12 remaining paragraphs | Comments

#biz-it, #charter, #spectrum

No code, no problem—we try to beat an AI at its own game with new tools

Is our machine learning yet?

Enlarge / Is our machine learning yet?

Over the past year, machine learning and artificial intelligence technology have made significant strides. Specialized algorithms, including OpenAI’s DALL-E, have demonstrated the ability to generate images based on text prompts with increasing canniness. Natural language processing (NLP) systems have grown closer to approximating human writing and text. And some people even think that an AI has attained sentience. (Spoiler alert: It has not.)

And as Ars’ Matt Ford recently pointed out here, artificial intelligence may be artificial, but it’s not “intelligence”—and it certainly isn’t magic. What we call “AI” is dependent upon the construction of models from data using statistical approaches developed by flesh-and-blood humans, and it can fail just as spectacularly as it succeeds. Build a model from bad data and you get bad predictions and bad output—just ask the developers of Microsoft’s Tay Twitterbot about that.

For a much less spectacular failure, just look to our back pages. Readers who have been with us for a while, or at least since the summer of 2021, will remember that time we tried to use machine learning to do some analysis—and didn’t exactly succeed. (“It turns out ‘data-driven’ is not just a joke or a buzzword,” said Amazon Web Services Senior Product Manager Danny Smith when we checked in with him for some advice. “‘Data-driven’ is a reality for machine learning or data science projects!”) But we learned a lot, and the biggest lesson was that machine learning succeeds only when you ask the right questions of the right data with the right tool.

Read 26 remaining paragraphs | Comments

#ai, #ai-ml, #aws, #biz-it, #feature, #feature-report, #features, #low-code-no-code, #low-code, #machine-learning, #ml, #no-code, #sagemaker

How Tor is fighting—and beating—Russian censorship

How Tor is fighting—and beating—Russian censorship

Enlarge (credit: Rafael Henrique/SOPA Images/Getty)

For years, the anonymity service Tor has been the best way to stay private online and dodge web censorship. Much to the ire of governments and law enforcement agencies, Tor encrypts your web traffic and sends it through a chain of computers, making it very hard for people to track you online. Authoritarian governments see it as a particular threat to their longevity, and in recent months, Russia has stepped up its long-term ambition to block Tor—although not without a fight.

In December 2021, Russia’s media regulator, Roskomnadzor, enacted a 4-year-old court order that allows it to order Internet service providers (ISPs) to block the Tor Project website, where the Tor Browser can be downloaded, and restrict access to its services. Since then, censors have been locked in a battle with Tor’s technical team and users in Russia, who are pushing to keep the Tor network online and allow people to access the uncensored web, which is otherwise heavily restricted in the country.

Read 15 remaining paragraphs | Comments

#biz-it

Comcast stock falls as company fails to add Internet users for first time ever

Comcast CEO Brian Roberts speaking at an event.

Enlarge / Comcast CEO Brian Roberts at an event in Beijing on October 17, 2019.

Comcast is the largest Internet provider in the US with over 29.8 million residential broadband customers, but the company’s long streak of adding Internet subscribers each quarter is finally over.

In Q2 2022 earnings announced today, Comcast said it has 29,826,000 residential broadband customers, a drop of 10,000 since Q1 2022, and 2,337,000 business broadband customers, a gain of 10,000. The overall tally of 32,163,000 residential and business Internet customers remained unchanged.

Comcast CEO Brian Roberts said the company’s cable division is experiencing “a unique and evolving macroeconomic environment that is temporarily putting pressure on the volume of our new customer connects.” Comcast also lost cable-TV and VoIP phone customers in the quarter but added wireless phone subscribers.

Read 19 remaining paragraphs | Comments

#biz-it, #comcast

0-days sold by Austrian firm used to hack Windows users, Microsoft says

The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

Enlarge (credit: Getty Images)

Microsoft said on Wednesday that an Austria-based company named DSIRF used multiple Windows and Adobe Reader zero-days to hack organizations located in Europe and Central America.

Multiple news outlets have published articles like this one, which cited marketing materials and other evidence linking DSIRF to Subzero, a malicious toolset for “automated exfiltration of sensitive/private data” and “tailored access operations [including] identification, tracking and infiltration of threats.”

Members of the Microsoft Threat Intelligence Center, or MSTIC, said they have found Subzero malware infections spread through a variety of methods, including the exploitation of what at the time were Windows and Adobe Reader zero-days, meaning the attackers knew of the vulnerabilities before Microsoft and Adobe did. Targets of the attacks observed to date include law firms, banks, and strategic consultancies in countries such as Austria, the UK, and Panama, although those aren’t necessarily the countries in which the DSIRF customers who paid for the attack resided.

Read 8 remaining paragraphs | Comments

#biz-it, #exploits, #microsoft, #zerodays

Newly found Lightning Framework offers a plethora of Linux hacking capabilities

A stylized skull and crossbones made out of ones and zeroes.

Enlarge (credit: Getty Images)

The software framework has become essential to developing almost all complex software these days. The Django Web framework, for instance, bundles all the libraries, image files, and other components needed to quickly build and deploy web apps, making it a mainstay at companies like Google, Spotify, and Pinterest. Frameworks provide a platform that performs common functions like logging and authentication shared across an app ecosystem.

Last week, researchers from security firm Intezer revealed the Lightning Framework, a modular malware framework for Linux that has gone undocumented until now. Lightning Framework is post-exploit malware, meaning it gets installed after an attacker has already gained access to a targeted machine. Once installed, it can provide some of the same efficiencies and speed to Linux compromises that Django provides for web development.

“It is rare to see such an intricate framework developed for targeting Linux systems,” Ryan Robinson, a security researcher at Intezer, wrote in a post. “Lightning is a modular framework we discovered that has a plethora of capabilities, and the ability to install multiple types of rootkit, as well as the capability to run plugins.”

Read 5 remaining paragraphs | Comments

#biz-it

How big is the risk that someone will hack an EV charging network?

There are many good reasons why an EV charger should be networked, but it does come with vulnerabilities.

Enlarge / There are many good reasons why an EV charger should be networked, but it does come with vulnerabilities. (credit: Aurich Lawson | Getty Images)

The Infrastructure Investment and Jobs Act, as passed by Congress last November, authorizes $7.5 billion to help meet US President Joe Biden’s goal of installing 500,000 stations by 2030. Biden aims to have EVs represent half of all new vehicles being sold in the US by 2030. But as the number of stations increases, the number of vulnerabilities does as well.

For the past several years, hackers have been busy aiming their attacks at electrical system vulnerabilities. In the case of charging stations, some of these soft spots are located inside the stations; some are located inside the equipment that controls connections between the grid and the station; and still, others are inside assets that sit on the grid side of the relationship, and these are mostly owned by utilities. Europe-based wind power companies (Deutsche Windtechnik AG, Enercon GmbH, and Nordex SE) have suffered attacks focused on stopping the flow of electrons, identity theft attacks, and stolen payments. In most cases, the results can be service disruptions affecting customers and revenue reductions for the providers of electrons and/or asset owners.

Hackers perpetually seek out ways to use any and all system vulnerabilities to their maximum advantage. This is a problem for the consumer, just as it is for commercial enterprises. Added to the stresses created by several types of hacker disruptions—physical destruction; electronic jamming; creating a “Denial of Service”—are concerns about weak control systems. From his perch at PlugInAmerica.org, Ron Freund worries that the existing supervisory control and data acquisition hardware is primate.

Read 14 remaining paragraphs | Comments

#biz-it, #cars, #cybersecurity, #electric-vehicle-charging

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Enlarge (credit: Getty Images)

Researchers have unpacked a major cybersecurity find—a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced.

The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows.

Exotic, yes. Rare, no.

On Monday, researchers from Kaspersky profiled CosmicStrand, the security firm’s name for a sophisticated UEFI rootkit that the company detected and obtained through its antivirus software. The find is among only a handful of such UEFI threats known to have been used in the wild. Until recently, researchers assumed that the technical demands required to develop UEFI malware of this caliber put it out of reach of most threat actors. Now, with Kaspersky attributing CosmicStrand to an unknown Chinese-speaking hacking group with possible ties to cryptominer malware, this type of malware may not be so rare after all.

Read 19 remaining paragraphs | Comments

#biz-it, #bootkit, #features, #rootkit, #uefi

Russia is quietly ramping up its Internet censorship machine

Russia is quietly ramping up its Internet censorship machine

Enlarge (credit: Kremlin official photo)

Since 2019, Vladimir Putin has supercharged his plan to separate Russia from the global Internet. The country’s sovereign Internet law, which came into force that November, gives officials the power to block access to websites for millions of Russians. The law was used to hit Facebook, Instagram, and Twitter with blocks and followed Russia’s invasion of Ukraine in February.

Since then, Russian officials have continuously dripped out new policies and measures to further control the Internet, boosting the state’s censorship and surveillance powers. Each small move continues to push Russia toward a more isolated, authoritarian version of the web—restricting the rights of those inside its border and damaging the foundational ideas of an open web.

Read 15 remaining paragraphs | Comments

#biz-it, #policy

Global shortage of fiber optic cable threatens digital growth

Global shortage of fiber optic cable threatens digital growth

Enlarge (credit: Getty Images)

A worldwide shortage of fiber optic cable has driven up prices and lengthened lead times, endangering companies’ ambitious plans to roll out state-of-the-art telecommunications infrastructure.

Europe, India, and China are among the regions most affected by the crunch, with prices for fiber rising by up to 70 percent from record lows in March 2021, from $3.70 to $6.30 per fiber km, according to Cru Group, a market intelligence firm.

Although the pandemic prompted some of the biggest tech and telecoms groups to slash their capex, there has been a surge in demand for Internet and data services, leading to a shortfall in availability of the crucial but often overlooked material.

Read 14 remaining paragraphs | Comments

#biz-it

Hardcoded password in Confluence app has been leaked on Twitter

Hardcoded password in Confluence app has been leaked on Twitter

Enlarge (credit: Getty Images)

What’s worse than a widely used Internet-connected enterprise app with a hardcoded password? Try said enterprise app after the hardcoded password has been leaked to the world.

Atlassian on Wednesday revealed three critical product vulnerabilities, including CVE-2022-26138 stemming from a hardcoded password in Questions for Confluence, an app that allows users to quickly receive support for common questions involving Atlassian products. The company warned the passcode was “trivial to obtain.”

The company said that Questions for Confluence had 8,055 installations at the time of publication. When installed, the app creates a Confluence user account named disabledsystemuser, which is intended to help admins move data between the app and the Confluence Cloud service. The hardcoded password protecting this account allows for viewing and editing of all non-restricted pages within Confluence.

Read 12 remaining paragraphs | Comments

#atlassian, #biz-it, #confluence, #passwords, #vulnerabilities

Zero-day used to infect Chrome users could pose threat to Edge and Safari users, too

A computer screen filled with ones and zeros also contains a Google logo and the word hacked.

Enlarge (credit: Getty Images)

A secretive seller of cyberattack software recently exploited a previously unknown Chrome vulnerability and two other zero-days in campaigns that covertly infected journalists and other targets with sophisticated spyware, security researchers said.

CVE-2022-2294, as the vulnerability is tracked, stems from memory corruption flaws in Web Real-Time Communications, an open source project that provides JavaScript programming interfaces to enable real-time voice, text, and video communications capabilities between web browsers and devices. Google patched the flaw on July 4 after researchers from security firm Avast privately notified the company it was being exploited in watering hole attacks, which infect targeted websites with malware in hopes of then infecting frequent users. Microsoft and Apple have since patched the same WebRTC flaw in their Edge and Safari browsers, respectively.

Avast said on Thursday that it uncovered multiple attack campaigns, each delivering the exploit in its own way to Chrome users in Lebanon, Turkey, Yemen, and Palestine. The watering hole sites were highly selective in choosing which visitors to infect. Once the watering hole sites successfully exploited the vulnerability, they used their access to install DevilsTongue, the name Microsoft gave last year to advanced malware sold by an Israel-based company named Candiru.

Read 8 remaining paragraphs | Comments

#biz-it, #chrome, #edge, #safari, #vulnerability, #webrtc, #zeroday

Pro-Russia hack campaigns are running rampant in Ukraine

Pro-Russia hack campaigns are running rampant in Ukraine

Enlarge (credit: Getty Images)

Pro-Russian threat actors are continuing their unrelenting pursuit of Ukrainian targets, with an array of campaigns that include fake Android apps, hack attacks exploiting critical vulnerabilities, and email phishing attacks that attempt to harvest login credentials, researchers from Google said.

One of the more recent campaigns came from Turla, a Russian-speaking advanced persistent threat actor that’s been active since at least 1997 and is among the most technically sophisticated in the world. According to Google, the group targeted pro-Ukrainian volunteers with Android apps that posed as launchpads for performing denial-of-service attacks against Russian websites.

(credit: Google)

“All you need to do to launch the process is install the app, open it and press start,” the fake website promoting the app claimed. “The app immediately begins sending requests to the Russian websites to overwhelm their resources and cause the denial of service.”

Read 11 remaining paragraphs | Comments

#biz-it

Netflix loses 970,000 subscribers, says ads and new fees are key to recovery

A person's hand holding a TV remote control with a Netflix button.

Enlarge (credit: Getty Images | Christopher Ames)

Netflix yesterday reported a loss of 970,000 paid streaming subscribers in its Q2 earnings after having lost 200,000 customers in the first quarter of 2022. The company’s worldwide paid memberships decreased from 221.64 million to 220.67 million in Q2, and revenue growth has slowed dramatically.

It’s the first time in Netflix’s history that the company reported consecutive quarters of subscriber losses, The Wall Street Journal wrote. But the result was better than forecasted, as Netflix had told investors to expect a second-quarter loss of 2 million subscribers.

Netflix co-CEO Reed Hastings said in a call with analysts yesterday that “losing 1 million and calling it a success” is “tough,” but he added that Netflix is “set up very well for the next year,” according to a Seeking Alpha transcript. The newest season of Stranger Things apparently helped prevent larger subscriber losses.

Read 8 remaining paragraphs | Comments

#biz-it, #netflix

Critical flaws in GPS tracker enable “disastrous” and “life-threatening” hacks

Critical flaws in GPS tracker enable “disastrous” and “life-threatening” hacks

Enlarge

A security firm and the US government are advising the public to immediately stop using a popular GPS tracking device or to at least minimize exposure to it, citing a host of vulnerabilities that make it possible for hackers to remotely disable cars while they’re moving, track location histories, disarm alarms, and cut off fuel.

An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers. BitSight found the device in use in 169 countries, with customers including governments, militaries, law enforcement agencies, and aerospace, shipping, and manufacturing companies.

BitSight discovered what it said were six “severe” vulnerabilities in the device that allow for a host of possible attacks. One flaw is the use of unencrypted HTTP communications that makes it possible for remote hackers to conduct adversary-in-the-middle attacks that intercept or change requests sent between the mobile application and supporting servers. Other vulnerabilities include a flawed authentication mechanism in the mobile app that can allow attackers to access the hardcoded key for locking down the trackers and the ability to use a custom IP address that makes it possible for hackers to monitor and control all communications to and from the device.

Read 10 remaining paragraphs | Comments

#biz-it, #global-positioning-system, #gps, #vulnerabilities

Netflix adds “extra home” fee, will block usage in other homes if you don’t pay

In this photo illustration a Netflix app logo is displayed on a smartphone with dollar bills in the background.

Enlarge

Four months ago, Netflix began its crackdown on password sharing by creating an “extra member” fee for users who share accounts with people they don’t live with. The extra member fee of about $2 to $3 per month was implemented in Chile, Costa Rica, and Peru, with Netflix saying it would evaluate the rollout before making changes in other countries.

On Monday this week, Netflix announced a different kind of fee it will charge customers who share accounts. The new one requires customers to pay for “extra homes” and will be charged starting August 22 in Argentina, the Dominican Republic, El Salvador, Guatemala, and Honduras.

“Beginning August 22, 2022, if your Netflix account is being used on a TV outside of your home, you will need to pay an extra $2.99 per month for each extra home. You will only be charged when you or someone who uses your account chooses to add an extra home—this fee will NOT be automatically charged,” Netflix says on its Honduras pricing page.

Read 9 remaining paragraphs | Comments

#biz-it, #netflix

Servers running Digium Phones VoiP software are getting backdoored

Servers running Digium Phones VoiP software are getting backdoored

Enlarge (credit: Getty Images)

Servers running the open source Asterisk communication software for Digium VoiP services are under attack by hackers who are managing to commandeer the machines to install web shell interfaces that give the attackers covert control, researchers have reported.

Researchers from security firm Palo Alto Networks said they suspect the hackers are gaining access to the on-premises servers by exploiting CVE-2021-45461. The critical remote code-execution flaw was discovered as a zero-day vulnerability late last year, when it was being exploited to execute malicious code on servers running fully updated versions of Rest Phone Apps, aka restapps, which is a VoiP package sold by a company called Sangoma.

The vulnerability resides in FreePBX, the world’s most widely used open source software for Internet-based Private Branch Exchange systems, which enable internal and external communications in organizations’ private internal telephone networks. CVE-2021-45461 carries a severity rating of 9.8 out of 10 and allows hackers to execute malicious code that takes complete control of servers.

Read 6 remaining paragraphs | Comments

#biz-it

Cryptocurrency flowing into “mixers” hits an all-time high. Wanna guess why?

Cryptocurrency flowing into “mixers” hits an all-time high. Wanna guess why?

Enlarge (credit: Getty Images)

The amount of cryptocurrency flowing into privacy-enhancing mixer services has reached an all-time high this year as funds from wallets belonging to government-sanctioned groups and criminal activity almost doubled, researchers reported on Thursday.

Mixers, also known as tumblers, obfuscate cryptocurrency transactions by creating a disconnect between the funds a user deposits and the funds the user withdraws. To do this, mixers pool funds deposited by large numbers of users and randomly mix them. Each user can withdraw the entire amount deposited, minus a cut for the mixer, but because the coins come from this jumbled pool, it’s harder for blockchain investigators to track precisely where the money went.

Significant money-laundering risk

Some mixers provide additional obfuscation by allowing users to withdraw funds in differing amounts sent to different wallet addresses. Others try to conceal the mixing activity altogether by changing the fee on each transaction or varying the type of deposit address used.

Read 8 remaining paragraphs | Comments

#biz-it

Microsoft wins deal to serve ads on Netflix, edging out Comcast and Google

A TV screen showing various shows available on Netflix.

Enlarge (credit: Netflix)

Netflix has hired Microsoft to provide the advertising technology for the streaming service’s planned ad-supported tier, the companies announced Wednesday. Comcast’s NBCUniversal subsidiary and Google were reportedly “top contenders” to serve ads on Netflix before Microsoft won the contract.

Microsoft will be the “global advertising technology and sales partner” for the “new lower priced ad-supported subscription plan,” Netflix said Wednesday.

“Microsoft has the proven ability to support all our advertising needs as we work together to build a new ad-supported offering,” Netflix said. “More importantly, Microsoft offered the flexibility to innovate over time on both the technology and sales side, as well as strong privacy protections for our members.” The ad-supported streaming subscription will be offered “in addition to our existing ads-free basic, standard and premium plans,” Netflix said.

Read 5 remaining paragraphs | Comments

#biz-it

Vulnerabilities allowing permanent infections affect 70 Lenovo laptop models

Vulnerabilities allowing permanent infections affect 70 Lenovo laptop models

Enlarge (credit: Lenovo)

For owners of more than 70 Lenovo laptop models, it’s time once again to patch the UEFI firmware against critical vulnerabilities that attackers can exploit to install malware that’s nearly impossible to detect or remove.

The laptop maker on Tuesday released updates for three vulnerabilities that researchers found in the UEFI firmware used to boot up a host of its laptop models, including the Yoga, ThinkBook, and IdeaPad lines. The company assigned a medium severity rating to the vulnerabilities, which are tracked CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 and affect the ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe drivers, respectively.

“The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features,” security firm ESET said. “These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable. An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call.”

Read 3 remaining paragraphs | Comments

#biz-it, #firmware, #lenovo, #malware, #uefi, #vulnerabilities

Ongoing phishing campaign can hack you even when you’re protected with MFA

Ongoing phishing campaign can hack you even when you’re protected with MFA

Enlarge (credit: Getty Images)

On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they’re protected with multi-factor authentication measures designed to prevent such takeovers. The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees into sending the hackers money.

Multi-factor authentication—also known as two-factor authentication, MFA, or 2FA—is the gold standard for account security. It requires the account user to prove their identity in the form of something they own or control (a physical security key, a fingerprint, or face or retina scan) in addition to something they know (their password). As the growing use of MFA has stymied account-takeover campaigns, attackers have found ways to strike back.

The adversary in the middle

Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user. Once the authentication was completed, the threat actor stole the session cookie the legitimate site sent, so the user doesn’t need to be reauthenticated at every new page visited. The campaign began with a phishing email with an HTML attachment leading to the proxy server.

Read 7 remaining paragraphs | Comments

#2-factor-authentication, #2fa, #biz-it, #two-factor-authentication

New working speculative execution attack sends Intel and AMD scrambling

Intel and AMD CPUs vulnerable to a new speculative execution attack

Enlarge

Some microprocessors from Intel and AMD are vulnerable to a newly discovered speculative execution attack that can covertly leak password data and other sensitive material, sending both chipmakers scrambling once again to contain what is proving to be a stubbornly persistent vulnerability.

Researchers from ETH Zurich have named their attack Retbleed because it exploits a software defense known as retpoline, which chipmakers introduced in 2018 to mitigate the harmful effects of speculative execution attacks. Speculative execution attacks, also known as Spectre, exploit the fact that when modern CPUs encounter a direct or indirect instruction branch, they predict the address for the next instruction they’re about to receive and automatically execute it before the prediction is confirmed. Spectre works by tricking the CPU into executing an instruction that accesses sensitive data in memory that would normally be off-limits to a low-privileged application. Retbleed then extracts the data after the operation is canceled.

Is it a trampoline or a slingshot?

Retpoline works by using a series of return operations to isolate indirect branches from speculative execution attacks, in effect erecting the software equivalent of a trampoline that causes them to safely bounce. Stated differently, a retpoline works by replacing indirect jumps and calls with returns, which many researchers presumed weren’t susceptible. The defense was designed to counter variant 2 of the original speculative execution attacks from January 2018. Abbreviated as BTI, the variant forces an indirect branch to execute so-called “gadget” code, which in turn creates data to leak through a side channel.

Read 14 remaining paragraphs | Comments

#amd, #biz-it, #cpus, #intel, #speculative-execution

Russian ‘hacktivists’ are causing trouble far beyond Ukraine

Russian ‘hacktivists’ are causing trouble far beyond Ukraine

Enlarge (credit: Getty Images | Sergey Balakhnichev)

The attacks against Lithuania started on June 20. For the next 10 days, websites belonging to the government and businesses were bombarded by DDoS attacks, overloading them with traffic and forcing them offline. “Usually the DDoS attacks are concentrated on one or two targets and generate huge traffic,” says Jonas Sakrdinskas, acting director of Lithuania’s national cybersecurity center. But this was different.

Days before the attacks started, Lithuania blocked coal and metal from being moved through its country to the Russian territory of Kaliningrad, further bolstering its support for Ukraine in its conflict with Russia. Pro-Russian hacker group Killnet posted “Lithuania are you crazy? 🤔” on its Telegram channel to 88,000 followers. The group then called on hacktivists—naming a number of other pro-Russian hacking groups—to attack Lithuanian websites. A list of targets was shared.

Read 16 remaining paragraphs | Comments

#biz-it

Microsoft makes major course reversal, allows Office to run untrusted macros

Microsoft makes major course reversal, allows Office to run untrusted macros

Enlarge (credit: Getty Images)

Microsoft has stunned core parts of the security community with a decision to quietly reverse course and allow untrusted macros to be opened by default in Word and other Office applications.

In February, the software maker announced a major change it said it enacted to combat the growing scourge of ransomware and other malware attacks. Going forward, macros downloaded from the Internet would be disabled entirely by default. Whereas previously, Office provided alert banners that could be disregarded with the click of a button, the new warnings would provide no such way to enable the macros.

“We will continue to adjust our user experience for macros, as we’ve done here, to make it more difficult to trick users into running malicious code via social engineering while maintaining a path for legitimate macros to be enabled where appropriate via Trusted Publishers and/or Trusted Locations,” Microsoft Office Program Manager Tristan Davis wrote in explaining the reason for the move.

Read 10 remaining paragraphs | Comments

#biz-it, #macros, #microsoft, #office, #security

New Starlink Maritime brings Internet to your yacht for $5,000 a month

A large boat on the open sea equipped with two Starlink satellite dishes.

Enlarge / Starlink Maritime puts dual terminals on large boats. (credit: Starlink)

SpaceX yesterday announced a Starlink Maritime service that will bring satellite Internet service to large boats for $5,000 per month and an up-front hardware purchase of $10,000.

“From merchant vessels to oil rigs to premium yachts, Starlink Maritime allows you to connect from the most remote waters across the world, just like you would in the office or at home,” the service’s webpage says.

Starlink Maritime advertises download speeds of up to 350Mbps and the ability to “pause and un-pause service at any time” while being billed in one-month increments. There’s also “secure fleet management” and remote monitoring to “manage your Starlink fleet from a single portal.”

Read 6 remaining paragraphs | Comments

#biz-it, #spacex, #starlink

I sent my yoga studio a web form, and all I got was this lousy malware attack

I sent my yoga studio a web form, and all I got was this lousy malware attack

Enlarge (credit: Getty Images)

On the last day of May, one of my inboxes began receiving emails, purportedly from one of the owners of the yoga studio I visit. It concerned a message I sent in January through the studio’s website that had been resolved the following day in an email sent by the co-owner. Now, here she was, four months later, emailing me again.

“Listed below the documents we chatted regarding last week,” the email author wrote. “Contact me if you’ve got any queries about the attached files.” There was a password-protected zip file attached. Below the body of the message was the response the co-owner sent me in January. These emails started coming once or twice daily for the next couple of weeks, each from a different address. The files and passwords were often changed, but the basic format, including the January email thread, remained consistent.

With the help of researchers at security firm Proofpoint, I now know that the emails are the work of a crime group they call TA578. TA578 is what’s known in the security industry as an initial access broker. That means it compromises end-user devices en masse in an opportunistic fashion, spamming as many addresses as possible with malicious files. The gang then sells access to the machines it compromises to other threat actors, for use in ransomware, cryptojacking, and other types of campaigns.

Read 8 remaining paragraphs | Comments

#biz-it, #malicious-spam, #malware

Why Lockdown mode from Apple is one of the coolest security ideas ever

Why Lockdown mode from Apple is one of the coolest security ideas ever

Enlarge (credit: Apple)

Mercenary spyware is one of the hardest threats to combat. It targets an infinitesimally small percentage of the world, making it statistically unlikely for most of us to ever see. And yet, because it selects only the most influential individuals (think diplomats, political dissidents, and lawyers), the sophisticated malware private companies sell to nation-state governments has a devastating effect that’s far out of proportion to the small number of people infected.

This puts device and software makers in a bind. How do you build something to protect what’s likely well below 1 percent of your user base against malware built by companies like NSO Group, maker of clickless exploits that instantly convert fully updated iOS and Android devices into sophisticated bugging devices.

No security snake oil here

On Wednesday, Apple previewed an ingenious option it plans to add to its flagship OSes in the coming months to counter the mercenary spyware menace. The company is upfront—almost in your face—that Lockdown mode is an option that will degrade the user experience and is intended for only a small number of users.

Read 10 remaining paragraphs | Comments

#apple, #biz-it

The cryptopocalypse is nigh! NIST rolls out new encryption standards to prepare

Conceptual computer artwork of electronic circuitry with blue and red light passing through it, representing how data may be controlled and stored in a quantum computer.

Enlarge / Conceptual computer artwork of electronic circuitry with blue and red light passing through it, representing how data may be controlled and stored in a quantum computer. (credit: Getty Images)

In the not-too-distant future—as little as a decade, perhaps, nobody knows exactly how long—the cryptography protecting your bank transactions, chat messages, and medical records from prying eyes is going to break spectacularly with the advent of quantum computing. On Tuesday, a US government agency named four replacement encryption schemes to head off this cryptopocalypse.

Some of the most widely used public-key encryption systems—including those using the RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman algorithms—rely on mathematics to protect sensitive data. These mathematical problems include (1) factoring a key’s large composite number (usually denoted as N) to derive its two factors (usually denoted as P and Q) and (2) computing the discrete logarithm that keys are based on.

The security of these cryptosystems depends entirely on classical computers’ difficulty in solving these problems. While it’s easy to generate keys that can encrypt and decrypt data at will, it’s impossible from a practical standpoint for an adversary to calculate the numbers that make them work.

Read 12 remaining paragraphs | Comments

#biz-it, #encryption, #nist, #quantum-computing

Google allowed sanctioned Russian ad company to harvest user data for months

Google allowed sanctioned Russian ad company to harvest user data for months

Enlarge (credit: NurPhoto | Getty Images)

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

The day after Russia’s February invasion of Ukraine, Senate Intelligence Committee Chairman Mark Warner sent a letter to Google warning it to be on alert for “exploitation of your platform by Russia and Russian-linked entities,” and calling on the company to audit its advertising business’s compliance with economic sanctions.

But as recently as June 23, Google was sharing potentially sensitive user data with a sanctioned Russian ad tech company owned by Russia’s largest state bank, according to a new report provided to ProPublica.

Read 44 remaining paragraphs | Comments

#biz-it, #dont-be-evil, #google, #policy, #russia, #sanctions, #tech

Google closes data loophole amid privacy fears over abortion ruling

Google closes data loophole amid privacy fears over abortion ruling

Enlarge (credit: Lari Bat | Getty Images)

Google is closing a loophole that has allowed thousands of companies to monitor and sell sensitive personal data from Android smartphones, an effort welcomed by privacy campaigners in the wake of the US Supreme Court’s decision to end women’s constitutional right to abortion.

It also took a further step on Friday to limit the risk that smartphone data could be used to police new abortion restrictions, announcing it would automatically delete the location history on phones that have been close to a sensitive medical location such an abortion clinic.

The Silicon Valley company’s moves come amid growing fears that mobile apps will be weaponized by US states to police new abortion restrictions in the country.

Read 18 remaining paragraphs | Comments

#android, #biz-it, #google, #period-trackers, #policy, #privacy, #roe-v-wade

Billing fraud apps can disable Android Wi-Fi and intercept text messages

Billing fraud apps can disable Android Wi-Fi and intercept text messages

Enlarge (credit: Aurich Lawson)

Android malware developers are stepping up their billing fraud game with apps that disable Wi-Fi connections, surreptitiously subscribe users to pricey wireless services, and intercept text messages, all in a bid to collect hefty fees from unsuspecting users, Microsoft said on Friday.

This threat class has been a fact of life on the Android platform for years, as exemplified by a family of malware known as Joker, which has infected millions of phones since 2016. Despite awareness of the problem, little attention has been paid to the techniques that such “toll fraud” malware uses. Enter Microsoft, which has published a technical deep dive on the issue.

The billing mechanism abused in this type of fraud is WAP, short for wireless application protocol, which provides a means of accessing information over a mobile network. Mobile phone users can subscribe to such services by visiting a service provider’s web page while their devices are connected to cellular service, then clicking a button. In some cases, the carrier will respond by texting a one-time password (OTP) to the phone and requiring the user to send it back in order to verify the subscription request. The process looks like this:

Read 5 remaining paragraphs | Comments

#android, #biz-it, #joker, #malware, #microsoft

Microsoft Exchange servers worldwide hit by stealthy new backdoor

Microsoft Exchange servers worldwide hit by stealthy new backdoor

Enlarge (credit: Getty Images)

Researchers have identified stealthy new malware that threat actors have been using for the past 15 months to backdoor Microsoft Exchange servers after they have been hacked.

Dubbed SessionManager, the malicious software poses as a legitimate module for Internet Information Services (IIS), the web server installed by default on Exchange servers. Organizations often deploy IIS modules to streamline specific processes on their web infrastructure. Researchers from security firm Kaspersky have identified 34 servers belonging to 24 organizations that have been infected with SessionManager since March 2021. As of earlier this month, Kaspersky said, 20 organizations remained infected.

Stealth, persistence, power

Malicious IIS modules offer an ideal means to deploy powerful, persistent, and stealthy backdoors. Once installed, they will respond to specifically crafted HTTP requests sent by the operator instructing the server to collect emails, add further malicious access, or use the compromised servers for clandestine purposes. To the untrained eye, the HTTP requests look unremarkable, even though they give the operator complete control over the machine.

Read 5 remaining paragraphs | Comments

#biz-it, #exchange-server, #iis, #malware, #microsoft, #uncategorized

China lured graduate jobseekers into digital espionage

China lured graduate jobseekers into digital espionage

Enlarge (credit: FT montage | Getty Images | Dreamstime)

Chinese university students have been lured to work at a secretive technology company that masked the true nature of their jobs: researching western targets for spying and translating hacked documents as part of Beijing’s industrial-scale intelligence regime.

The Financial Times has identified and contacted 140 potential translators, mostly recent graduates who have studied English at public universities in Hainan, Sichuan and Xi’an. They had responded to job adverts at Hainan Xiandun, a company that was located in the tropical southern island of Hainan.

The application process included translation tests on sensitive documents obtained from US government agencies and instructions to research individuals at Johns Hopkins University, a key intelligence target.

Read 31 remaining paragraphs | Comments

#biz-it, #china, #espionage, #hacking, #policy

YouTube content creator credentials are under siege by YTStealer malware

YouTube content creator credentials are under siege by YTStealer malware

Enlarge (credit: Getty Images)

In online crime forums, specialization is everything. Enter YTStealer, a new piece of malware that steals authentication credentials belonging to YouTube content creators.

“What sets YTStealer aside from other stealers sold on the Dark Web market is that it is solely focused on harvesting credentials for one single service instead of grabbing everything it can get ahold of,” Joakim Kennedy, a researcher at security firm Intezer wrote in a blog post on Wednesday. “When it comes to the actual process, it is very similar to that seen in other stealers. The cookies are extracted from the browser’s database files in the user’s profile folder.”

As soon as the malware obtains a YouTube authentication cookie it opens a headless browser and connects to YouTube’s Studio page, which content creators use to manage the videos they produce. YTStealer then extracts all available information about the user account, including the account name, number of subscribers, age, and whether channels are monetized.

Read 4 remaining paragraphs | Comments

#biz-it, #credential-harvesters, #malware, #youtube

A wide range of routers are under attack by new, unusually sophisticated malware

A wide range of routers are under attack by new, unusually sophisticated malware

Enlarge (credit: Getty Images)

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on Tuesday.

So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, infecting routers made by Cisco, Netgear, Asus, and DayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.

A high level of sophistication

The discovery of custom-built malware written for the MIPS architecture and compiled for small office and home office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive and remain undetected is the hallmark of a highly sophisticated threat actor.

Read 11 remaining paragraphs | Comments

#biz-it, #malware, #small-office-home-office-router

Pro-Russia threat group Killnet is pummeling Lithuania with DDoS attacks

Ones and zeros appear to float in the water next to a drowning man.

Enlarge / Drowning in a sea of data. (credit: Getty Images)

Internet services in Lithuania came under “intense” distributed denial of service attacks on Monday as the pro-Russia threat-actor group Killnet took credit. Killnet said its attacks were in retaliation regarding Lithuania’s recent banning of shipments sanctioned by the European Union to the Russian exclave of Kaliningrad.

Lithuania’s government said that the flood of malicious traffic disrupted parts of the Secure National Data Transfer Network, which it says is “one of the critical components of Lithuania’s strategy on ensuring national security in cyberspace” and “is built to be operational during crises or war to ensure the continuity of activity of critical institutions.” The country’s Core Center of State Telecommunications was identifying the sites most affected in real time and providing them with DDoS mitigations while also working with international web service providers.

“It is highly probable that such or even more intense attacks will continue into the coming days, especially against the communications, energy, and financial sectors,” Jonas Skardinskas, acting director of Lithuania’s National Cyber Security Center, said in a statement. The statement warned of website defacements, ransomware, and other destructive attacks in the coming days.

Read 7 remaining paragraphs | Comments

#biz-it, #ddos, #distributed-denial-of-service-attack, #killnet, #lithuania, #russia

Basic home office hacks: 8 things you need to elevate your workspace

Basic home office hacks: 8 things you need to elevate your workspace

Enlarge (credit: Aurich Lawson | Getty Images)

Home offices have gotten a lot of attention over the last couple of years. When offices all over the world shut down at the beginning of the pandemic, we were all reminded how important it is to have a consistent, comfortable workspace with all the tools and tech you need to work successfully. But what’s next?

If you hastily created your home office during the pandemic, there are likely some luxuries you overlooked (or weren’t able to find in stock). If you’ve shifted to hybrid working, where you sometimes work remotely and sometimes go to an office, some home office upgrades could help ensure you’re always productive, regardless of where you’re working from. Long-standing home offices, meanwhile, also deserve some fresh hacks to keep up with your evolving needs.

If you’re ready to graduate to the next level of home office-ing, take a look at these eight pieces of tech we recommend for elevating your workspace. Today we’re focusing on general ideas rather than specific products.

Read 37 remaining paragraphs | Comments

#biz-it, #home-office, #monitors, #storage, #tech

How to get started with machine learning and AI

"It's a cookbook?!"

Enlarge / “It’s a cookbook?!” (credit: Aurich Lawson | Getty Images)

“Artificial Intelligence” as we know it today is, at best, a misnomer. AI is in no way intelligent, but it is artificial. It remains one of the hottest topics in industry and is enjoying a renewed interest in academia. This isn’t new—the world has been through a series of AI peaks and valleys over the past 50 years. But what makes the current flurry of AI successes different is that modern computing hardware is finally powerful enough to fully implement some wild ideas that have been hanging around for a long time.

Back in the 1950s, in the earliest days of what we now call artificial intelligence, there was a debate over what to name the field. Herbert Simon, co-developer of both the logic theory machine and the General Problem Solver, argued that the field should have the much more anodyne name of “complex information processing.” This certainly doesn’t inspire the awe that “artificial intelligence” does, nor does it convey the idea that machines can think like humans.

However, “complex information processing” is a much better description of what artificial intelligence actually is: parsing complicated data sets and attempting to make inferences from the pile. Some modern examples of AI include speech recognition (in the form of virtual assistants like Siri or Alexa) and systems that determine what’s in a photograph or recommend what to buy or watch next. None of these examples are comparable to human intelligence, but they show we can do remarkable things with enough information processing.

Read 23 remaining paragraphs | Comments

#ai, #ai-ml, #artificial-intelligence, #biz-it, #dall-e, #feature, #features, #machine-learning, #machine-learning-tools, #models, #notebooks, #open-ai

Mega says it can’t decrypt your files. New POC exploit shows otherwise

Mega says it can’t decrypt your files. New POC exploit shows otherwise

Enlarge

In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores.

On the company’s homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega’s lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not.

Over the years, the company has repeatedly reminded the world of this supposed distinction, which is perhaps best summarized in this blog post. In it, the company claims, “As long as you ensure that your password is sufficiently strong and unique, no one will ever be able to access your data on MEGA. Even in the exceptionally improbable event MEGA’s entire infrastructure is seized!” (emphasis added).

Read 18 remaining paragraphs | Comments

#biz-it, #encryption, #features, #key-recovery-attack, #mega

Police linked to hacking campaign to frame Indian activists

Bike rally by police personnel during "We Make Pune City Safe" awareness campaign on October 3, 2017, in Pune, India.

Enlarge / Bike rally by police personnel during “We Make Pune City Safe” awareness campaign on October 3, 2017, in Pune, India. (credit: Pratham Gokhale/Getty)

Police forces around the world have increasingly used hacking tools to identify and track protesters, expose political dissidents’ secrets, and turn activists’ computers and phones into inescapable eavesdropping bugs. Now, new clues in a case in India connect law enforcement to a hacking campaign that used those tools to go an appalling step further: planting false incriminating files on targets’ computers that the same police then used as grounds to arrest and jail them.

More than a year ago, forensic analysts revealed that unidentified hackers fabricated evidence on the computers of at least two activists arrested in Pune, India, in 2018, both of whom have languished in jail and, along with 13 others, face terrorism charges. Researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International have since linked that evidence fabrication to a broader hacking operation that targeted hundreds of individuals over nearly a decade, using phishing emails to infect targeted computers with spyware, as well as smartphone hacking tools sold by the Israeli hacking contractor NSO Group. But only now have SentinelOne’s researchers revealed ties between the hackers and a government entity: none other than the very same Indian police agency in the city of Pune that arrested multiple activists based on the fabricated evidence.

Read 14 remaining paragraphs | Comments

#biz-it

Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets

Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets

Enlarge (credit: Aurich Lawson | Getty Images)

A massive flood of malicious traffic that recently set a new distributed denial-of-service record came from an unlikely source. A botnet of just 5,000 devices was responsible as extortionists and vandals continue to develop ever more powerful attacks to knock sites offline, security researchers said.

The DDoS delivered 26 million HTTPS requests per second, breaking the previous record of 15.3 million requests for that protocol set only seven weeks ago, Cloudflare Product Manager ​​Omer Yoachimik reported. Unlike more common DDoS payloads such as HTTP, SYN, or SYN-ACK packets, malicious HTTPS requests require considerably more computing resources for the attacker to deliver and for the defender or victim to absorb.

4,000 times stronger

“We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale,” Yoachimik wrote.

Read 6 remaining paragraphs | Comments

#biz-it, #ddos, #distributed-denial-of-service-attack, #volumetric

Botched and silent patches from Microsoft put customers at risk, critics say

Shadowy figures stand beneath a Microsoft logo on a faux wood wall.

Enlarge (credit: Drew Angerer | Getty Images)

Blame is mounting on Microsoft for what critics say is a lack of transparency and adequate speed when responding to reports of vulnerabilities threatening its customers, security professionals said.

Microsoft’s latest failing came to light on Tuesday in a post that showed Microsoft taking five months and three patches before successfully fixing a critical vulnerability in Azure. Orca Security first informed Microsoft in early January of the flaw, which resided in the Synapse Analytics component of the cloud service and also affected the Azure Data Factory. It gave anyone with an Azure account the ability to access the resources of other customers.

From there, Orca Security researcher Tzah Pahima said, an attacker could:

Read 8 remaining paragraphs | Comments

#biz-it, #exploits, #follina, #microsoft, #vulnerabilities

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

Enlarge

Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday.

Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that’s considerably less demanding.

Targeting DVFS

The team discovered that dynamic voltage and frequency scaling (DVFS)—a power and thermal management feature added to every modern CPU—allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what’s required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely.

Read 9 remaining paragraphs | Comments

#amd, #biz-it, #cpu, #hertzbleed, #intel, #side-channel-attack