Microsoft's Window Defender engineering team has finally found the time to address a long term bug within its anti-malware software - relating to performance issues with Mozilla's Firefox web browser. User feedback stretching back to five years ago indicates extremely sluggish web surfing experiences, caused by a Windows "Anti-malware Service Executable" occupying significant chunks of CPU utilization (more than 30%). The combination of Firefox and Windows Defender running in parallel would guarantee a butting of (software) heads - up until last week's bug fix. A Microsoft issued update has reduced the "MsMpEng.exe" Defender component's CPU usage by a maximum of 75%.

Microsoft and Mozilla developers have collaborated on addressing the disharmonious relationship between Defender and Firefox. A plucky member of the latter's softwareengineering team has been very transparent about the sluggish browser experience. Yannis Juglaret has provided a string of project updates via Mozilla's Bugzilla tracking system - one of his latest entries provide details about the fix: "You may read online that Defender was making too many calls to VirtualProtect, and that global CPU usage will now go down by 75% when browsing with Firefox. This is absolutely wrong! The impact of this fix is that on all computers that rely on Microsoft Defender's Real-time Protection feature (which is enabled by default in Windows), MsMpEng.exe will consume much less CPU than before when monitoring the dynamic behavior of any program through Event Tracing for Windows (ETW). Nothing less, nothing more."

MSI has issued a warning to its customers after the company detected it has suffered from a cyberattack on its "information systems". Although it's not clear exactly what was attacked, the company has detected what it calls anomalies on its network and has since kicked in "relevant defense mechanisms" which among other things included reporting the incident to local law enforcement agencies and cybersecurity units.

MSI states that the company has been gradually restoring its systems back to normal operations and that the attack has had negligible impact on its business. However, MSI is warning its customers not to download MSI BIOS/UEFI/firmware updates or drivers from any other source than MSI's official website, or any of its software. Although MSI doesn't state if whoever performed the attack might have gotten hold of any of its software, this seems to suggest such things and it's clear that MSI is worried that there might be software appearing in the near future that will be compromised in one way or another.

IBM today unveiled new single frame and rack mount configurations of IBM z16 and IBM LinuxONE 4, expanding their capabilities to a broader range of data center environments. Based on IBM's Telum processor, the new options are designed with sustainability in mind for highly efficient data centers, helping clients adapt to a digitized economy and ongoing global uncertainty.

Introduced in April 2022, the IBM z16 multi frame has helped transform industries with real-time AI inferencing at scale and quantum-safe cryptography. IBM LinuxONE Emperor 4, launched in September 2022, features capabilities that can reduce both energy consumption and data center floor space while delivering the scale, performance and security that clients need. The new single frame and rack mount configurations expand client infrastructure choices and help bring these benefits to data center environments where space, sustainability and standardization are paramount.

Microsoft Corp. on Tuesday announced it is bringing the next generation of AI to cybersecurity with the launch of Microsoft Security Copilot, giving defenders a much-needed tool to quickly detect and respond to threats and better understand the threat landscape overall. Security Copilot will combine Microsoft's vast threat intelligence footprint with industry-leading expertise to augment the work of security professionals through an easy-to-use AI assistant.

"Today the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against relentless and sophisticated attackers," said Vasu Jakkal, corporate vice president, Microsoft Security. "With Security Copilot, we are shifting the balance of power into our favor. Security Copilot is the first and only generative AI security product enabling defenders to move at the speed and scale of AI."

DFI, the global leader in embedded motherboards and industrial computers, has stepped into the electric vehicle (EV) market in recent years. Alongside VicOne, the automotive cybersecurity expert and the subsidiary of Trend Micro, they will demonstrate technologies related to vehicle software security application that enable more comprehensive network security protection for smart cities.

This year, to demonstrate the AI computing and vehicle-to-everything technology used in Connected Vehicles and Smart Poles, DFI has built an actual smart traffic intersection at the venue with road side units (RSU), digital signage, intelligent edge computers, onboard units (OBU), in-vehicle AI computers, and driver HMIs.

A pair of new vulnerabilities has been found in the TPM 2.0 library by cybersecurity company Quarkslab, that has security experts worried, as both of the flaws have potential far reaching implications. The two vulnerabilities go under the CVE identifiers of CVE-2023-1017 and CVE-2023-1018, where the first one allows for out-of-bounds writes, whereas the second one enables out-of-bounds reads, also known as buffer overflow vulnerabilities. This in itself might not sound particularly concerning, but as both can be triggered from user-mode applications, they're a pretty big deal, as it would enable malicious commands to be sent to a TPM 2.0 module, which could in turn enable malicious software to be installed on the device with the TPM 2.0 module.

According to Quarkslab, billions of devices could be affected, as TPM 2.0 authentication modules are used in everything from servers to IoT devices and has been the main hardware-based crypto solution for almost a decade by now. The attacker using the vulnerabilities would have to know what they're doing to be able to take advantage of these two flaws in TPM 2.0, but as it relies on the TPM command interface, there's no easy way to protect against an attack, if someone has gained user access to the system in question. The Trusted Computing Group (TCG) which is in charge of the TPM standard, has already issued an errata which includes instructions on how to address the two vulnerabilities and we're like to see updates from all major hardware vendors as they see fit.

Fortinet, the global cybersecurity leader driving the convergence of networking and security, today announced FortiSP5, the latest breakthrough in ASIC technology from Fortinet, propelling major leaps forward in securing distributed network edges. Building on over 20 years of ASIC investment and innovation from Fortinet, FortiSP5 delivers significant secure computing power advantages over traditional CPU and network ASICs, lower cost and power consumption, the ability to enable new secure infrastructure across branch, campus, 5G, edge compute, operational technologies, and more.

"With the introduction of FortiSP5, Fortinet once again sets new industry records for performance, cost, and energy efficiency. As the only cybersecurity vendor leveraging purpose-built ASICs, an over 20-year investment in innovation, Fortinet delivers the secure computing power that will support the next generation of secure infrastructure." Ken Xie, Founder, Chairman of the Board, and Chief Executive Officer at Fortinet

The UEFI Secure Boot feature is designed to prevent malicious code from executing during the system boot process, and has been a cybersecurity staple since the late-2000s, when software support was introduced with Windows 8. Dawid Potocki, a New Zealand-based IT student and cybersecurity researcher, discovered that as many as 300 motherboard models by MSI have a faulty Secure Boot implementation with certain versions of their UEFI firmware, which allows just about any boot image to load. This is, however, localized to only certain UEFI firmware versions, that are released as beta versions.

Potocki stumbled upon this when he found that his PRO Z790-A WiFi motherboard failed to verify the cryptographic signature boot-time binaries at the time of system boot. "I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not." He then began examining other motherboard models, and discovered close to 300 MSI motherboard models with a broken Secure Boot implementation. He clarified that MSI laptops aren't affected, and only their desktop motherboards are. Potocki says that affected MSI motherboards have an "always execute" policy set for Secure Boot, which makes the mechanism worthless, and theorized a possible reason. "I suspect this is because they probably knew that Microsoft wouldn't approve of it and/or that they get less tickets about Secure Boot causing issues for their users."

BBT.live, the Tel Aviv-based startup that has developed an all-in-one, tech-agnostic, software-defined connectivity solution, has announced a new technology innovation powered by NVIDIA. As a result, BBT.live, the software-defined connectivity platform, will run on NVIDIA BlueField data processing units (DPUs) to unlock the benefits of cloud-based connectivity solutions to businesses at every scale.

Modern workloads are experiencing an ever-growing need for network efficiency, privacy, and security. Businesses and enterprises that depend on solutions require additional hardware and integration, which introduces additional complexity and points of failure. BBT.live's proprietary technology, recognized by the Israel Innovation Authority, is device agnostic. It integrates with a variety of different hardware platforms (uCPE) without the need for time-consuming customization.

After a thorough investigation and verification process, QNAP Systems, Inc. (QNAP) today addressed vulnerability CVE-2021-36260 of Hikvision cameras and provides the following recommendations to QVR Pro and QVR Elite users who may be potentially affected. According to the security advisory by Hikvision, if these cameras are installed in the same LAN network, and this network cannot be accessed externally, attackers will NOT be able to exploit this vulnerability.

Although this vulnerability does not directly influence QNAP surveillance products, it is highly recommended to update the firmware of the cameras listed in the advisory to reduce the possibility of being exposed to potential risks. These risks include, but is not limited to, failure to record from cameras that stop working, or receiving forged data from cameras.

Intel improves software reliability by building silicon enhancements realized through logic inside the processor. Today, the company described a new technique to complement existing software mitigations for fault injection attacks. Tunable Replica Circuit (TRC) - Fault Injection Protection uses hardware-based sensors to explicitly detect circuit-based timing failures that occur as the result of an attack. TRC is first delivered in the 12th Gen Intel Core processor family. It adds fault injection detection technology to the Intel Converged Security and Management Engine (Intel CSME), where it is designed to detect non-invasive physical glitch attacks on the pins supplying clock and voltage. TRC is also designed to detect electromagnetic fault injections.

"Software protections have hardened with virtualization, stack canaries and code authentication before execution," said Daniel Nemiroff, senior principal engineer at Intel. "This has driven malicious actors to turn their attention to physically attacking computing platforms. A favorite tool of these attackers is fault injection attacks via glitching voltage, clock pins and electromagnetic radiation that cause circuit timing faults and may allow execution of malicious instructions and potential exfiltration of secrets."

Even as the Russo-Ukrainian war continues grassing with no end in sight, Microsoft has warned that Russia is increasing its cyberwarfare-based attacks against Ukraine and the countries that have vowed to support it against external aggressions. The Redmond-based company says that Russia is increasing the rate and complexity of its attacks not only on government agencies, but also on supporting infrastructures such as think thanks, telecommunications, energy, and defense companies. Even humanitarian groups, which have been tirelessly providing Ukraine's population with the resources needed for bare survival, have been in the sights of the former Soviet Union.

All in all, Microsoft has registered attacks 102 organizations from as many as 42 countries. Microsoft's numbers place around 60% of the attacks against NATO members - with the US being one of the favorite targets. Poland too has been particularly affected, being one of the distribution centers for provisions - and a hub for refugees to leave the embattled country. Despite that, Microsoft says only around 29% of the attacks have been successful - likely a testament to both Russia's technological difficulties and the overall reinforced networks and cybersecurity defenses of NATO countries. Even so, resources spent fighting Russia's attacks have an opportunity cost - they can't be spent elsewhere.

L7 Defense Ltd., a pioneering developer of AI-based cybersecurity solutions, announced today that it has successfully completed the integration of its API security solution Ammune with the NVIDIA BlueField-2 SmartNIC. The integration elevates the Kubernetes nodes' security posture with maximum "zero trust" in-and-out traffic protection. Furthermore, it does not interfere with the day-to-day efficiency of serving applications. Installed on BlueField-2, the Ammune real-time AI workload is offloaded to the BlueField-2 DPU, reducing nodes' CPU usage for security to the essential minimum.

"Thanks to the successful integration, the server CPU utilization with the BlueField DPU was reduced by almost a factor of 8 in cases of high traffic analysis, in comparison to CPU utilization without the DPU," said Dr. Doron Chema, L7 Defense's CEO. "Ammune is a pure AI product. The real-time AI security agent is going to be further accelerated by more BlueField functionality. The Ammune analytical near-real-time AI unit will gain more acceleration with the NVIDIA Morpheus cybersecurity AI application framework in the near future."

In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms. Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.

The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.

Last week, NVIDIA systems were compromised by the attack of a hacking group called LAPSUS$. It has been a few days since the attack happened, and we managed to see source code of various software leaks through third-party anonymous tipsters and next-generation GPU codenames making an appearance. Today, NVIDIA issues a statement for the German PC enthusiast website Hardwareluxx, and we manage to see it below fully. The key takeaway from this quote is that NVIDIA believes that the compromised files will not impact the company's business in any meaningful manner, and operations continue as usual for NVIDIA's customers. The company's security team is analyzing the situation, and you can check out the complete statement below.

NVIDIA StatementOn February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.

We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.

Security is a continuous process that we take very seriously at NVIDIA - and we invest in the protection and quality of our code and products daily.

IBM (NYSE: IBM) today announced the new IBM Power E1080 server, the first in a new family of servers based on the new IBM Power10 processor, designed specifically for hybrid cloud environments. The IBM Power10-equipped E1080 server is engineered to be one of the most secured server platforms and is designed to help clients operate a secured, frictionless hybrid cloud experience across their entire IT infrastructure.

The IBM Power E1080 server is launching at a critical time for IT. As organizations around the world continue to adapt to unpredictable changes in consumer behaviors and needs, they need a platform that can deliver their applications and insights securely where and when they need them. The IBM Institute of Business Value's 2021 CEO Study found that, of the 3,000 CEOs surveyed, 56% emphasized the need to enhance operational agility and flexibility when asked what they'll most aggressively pursue over the next two to three years.

TerraMaster, a professional brand that specializes in providing innovative storage products for home, businesses and enterprises, presents its comprehensive suite of cybersecurity features to provide excellent protection against all variants of ransomware, viruses, and other forms of cyberattack. There has been an increase in new variants of ransomware that specifically target NAS devices. TerraMaster continuously bolsters the suite of cybersecurity features on its NAS devices to provide effective protection even to the newest ransomware variants. TerraMaster has taken the necessary steps for help users avoid common pitfalls that are targeted by attackers. TerraMaster also provides the necessary security features to protect against cybersecurity attacks.

TerraMaster NAS users can get alert notifications for system events, power failures, and others. This helps managers in real-time monitoring even at home, ensuring that you are always up to date with the status of your TNAS. TerraMaster NAS device has disabled the default administrator account. This ensures users will create a new administrator account and set their own password at first use.

Perhaps the most controversial system requirement of the upcoming Windows 11 operating system is the need for a hardware trusted platform module that meets TPM 2.0 specs. Most modern computers fulfill this requirement using fTPM (firmware TPM) solutions built into their processors; and those that don't, have TPM headers for add-on TPMs, which scalpers have their eye on. It turns out, that Microsoft is designing special variants of Windows 11 for special contracts Microsoft will execute.

Computers sold under the scheme will be marked "special purpose systems," and the Windows 11 version running them will do away with the TPM 2.0 requirement. These systems are very likely to be Government or Military; or perhaps even variants Microsoft exports to countries like China and Russia, which have their own specialized cybersecurity policies and dictate software to be written a certain way to be sold in the country.

Kingston Digital, Inc., the flash memory affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, is proud to announce it has won the following Global InfoSec Awards for its encrypted USB solutions family from Cyber Defense Magazine (CDM), the industry's leading electronic information magazine: Data Loss Prevention Market Leader; Encryption Market Leader; Wireless, Mobile, or Portable Device Security—Most Innovative.

Kingston is the market leader in encrypted USB drives featuring solutions that range from FIPS 197-certified encryption, all the way to the toughest FIPS 140-2 Level 3 IronKey S1000, that is armed with an on-device cryptochip to protect the most sensitive data. Kingston's encrypted drives are an important tool for the government and military, as well as organizations that adhere to strict regulations, including FIPS, HIPAA, Sarbanes-Oxley, GDPR and CCPA.

Phison Electronics Corp., a global leader in NAND flash controllers and a complete line of storage solutions, and Cigent Technology, Inc., the leader in embedded cybersecurity technology, today unveiled design details behind the partnership that has delivered the industry's first and only line of self-defending storage devices with cybersecurity built into the firmware itself to protect against ransomware, data theft and malicious insider theft.

Phison's innovative and robust NAND flash solutions support a broad range of applications including embedded, consumer, enterprise and automotive. The Phison Crypto-SSD is a line of TCG enabled Self-Encrypting Drives that are designed to pass FIPS 140-3 Level 2 certification. Phison is committed to data security which helps to protect business and government users against loss or theft. Phison's collaboration with Cigent expands the E12DC Crypto-SSD security architecture to add additional compute capabilities, attack detectors and sensors directly on the drive. Together with Cigent, Phison has created a product that raises the bar of data security to a whole new level.

Singapore cybersecurity firm Flexxon on Monday launched the world's first solid-state drive (SSD) embedded with artificial intelligence (AI) data security. As the "last line of defence" to protect data at the hardware level, the SSD is able to guard against both remote and physical attacks, boasting a range of features including temperature sensors to detect unusual movements that occur. In the event of such an incursion, the device - also known as X-PHY - will alert the user via email and lock itself to prevent any physical tampering. Users may then unlock the device via a dynamic authentication process. For clients with high security needs, such as the military, data may be automatically wiped should the device fall into the wrong hands.

Minister for Foreign Affairs and Minister-in-charge of Singapore's Smart Nation Initiative Vivian Balakrishnan said that the innovation was a "breakthrough" and a significant step in increasing security and safety for end users, having put AI into the firmware layer of an SSD. Congratulating Flexxon on its new product, Dr Balakrishnan - who was the guest-of-honour at the launch - also called on similar companies to include research institutes, universities and the private sector to enhance local research and development efforts in AI.

Dell notebooks and desktops dating all the way back since 2009—hundreds of millions of them the PC giant has shipped since—are vulnerable to unauthorized privilege escalation attacks, due to a faulty OEM driver the company uses to update the computer's BIOS or UEFI firmware, according to findings by cybersecurity researchers at SentinelLabs. "DBUtil," a driver that Dell machines load during automated or unattended BIOS/UEFI update processes initiated by the user from within the OS, is found to have vulnerabilities that malware can exploit to "escalate privileges from a non-administrator user to kernel mode privileges."

SentinelLabs chronicled its findings in CVE-2021-21551, which details five individual flaws. Two of these point out flaws that can escalate user privileges through controlled memory corruption, two with lack of input validation; and one with denial of service. Organizations that have remote updates enabled for their client machines are at risk, since the flaw can be exploited over network. "An attacker with access to an organization's network may also gain access to execute code on unpatched Dell systems and use this vulnerability to gain local elevation of privilege. Attackers can then leverage other techniques to pivot to the broader network, like lateral movement," writes SentielLabs in its paper.

QNAP Systems, Inc. (QNAP), a leading computing, networking and storage solution innovator, today issued a statement in response to recent user reports and media coverage that two types of ransomware (Qlocker and eCh0raix) are targeting QNAP NAS and encrypting users' data for ransom. QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS. The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. QNAP is urgently working on a solution to remove malware from infected devices.

QNAP has released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack. If user data is encrypted or being encrypted, the NAS must not be shut down. Users should run a malware scan with the latest Malware Remover version immediately, and then contact QNAP Technical Support at this page.

OWC, the premier zero-emissions Mac and PC technology company, and a respected provider of Memory, External Drives, SSDs, Mac & PC docking solutions, and performance upgrade kits, announces partnership with Acronis, making Acronis True Image OEM software available on OWC storage solutions that include SoftRAID today and will consist of additional or all OWC storage solutions in the future. Integrating best-of-breed backup and recovery with AI-enhanced anti-ransomware technology, Acronis' solution ensures that a user's digital life is protected - photos, files, applications, operating systems, and the devices they're on.

Backing up and protecting data is critically important, yet too often the task falls to the bottom of the to-do list. Acronis True Image OEM is designed to complement a user's existing workflow. And with modern ransomware targeting backup files and processes, it is the world's first solution to unify backup and anti-ransomware capabilities in one to ensure data is protected from accidents, failures, and cyber attacks.

NVIDIA today introduced a new class of NVIDIA-Certified Systems, bringing AI within reach for organizations that run their applications on industry-standard enterprise data center infrastructure. These include high-volume enterprise servers from top manufacturers, which were announced in January and are now certified to run the NVIDIA AI Enterprise software suite—which is exclusively certified for VMware vSphere 7, the world's most widely used compute virtualization platform.

Further expanding the NVIDIA-Certified servers ecosystem is a new wave of systems featuring the NVIDIA A30 GPU for mainstream AI and data analytics and the NVIDIA A10 GPU for AI-enabled graphics, virtual workstations and mixed compute and graphics workloads, also announced today.