Popular router manufacturer TP-Link is being investigated by US authorities over an alleged connection to cyberattacks emanating from the PRC. According to the Wall Street Journal, the Commerce, Justice and Defense departments are all investigating the company and the Commerce Department has gone as far as issuing a subpoena to TP-Link. The WSJ states that TP-Link holds close to a 65 percent market share in the US consumer router market, which puts the company in a unique market position.

The end results of the investigations, assuming either US authority finds any wrongdoings, could lead to TP-Link being banned from selling its routers in the US. A spokeswoman for TP-Link in the US issued the following statement to the WSJ "We welcome any opportunities to engage with the U.S. government to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the U.S. market, U.S. consumers, and addressing U.S. national security risks".

IBM has announced the official opening of the new IBM X-Force Cyber Range in Washington, DC. The range includes new custom training exercises specifically designed to help U.S. federal agencies, their suppliers and critical infrastructure organizations more effectively respond to persistent and disruptive cyberattacks, and threats posed by AI. The state-of-the-art facility is designed to help everyone from legal and mission-critical leaders, to the C-Suite and technical security leaders prepare for a real-world cyber incident. According to IBM's 2023 Cost of a Data Breach report the global average cost of a data breach reached $4.45 million, with the US facing the highest breach costs across all regions. Organizations that formed an incident response (IR) team and tested their IR plan experienced faster incident response times and lower costs than organizations that did neither. In fact, the report found that high levels of IR planning and testing saved industry and government nearly $1.5 million in breach costs and 54 days from the data breach lifecycle.

"From national security threats to supply chain disruptions impacting the goods and services we rely on every day, cyberattacks on government and critical infrastructure can have ramifications that go far beyond the balance sheet," said Alice Fakir, Partner, Lead of Cybersecurity Services, US Federal Market for IBM Consulting. "The elite and highly customizable cyber response training we provide at our new DC range helps organizations and federal agencies better defend against existing and emerging threats, and also addresses federal mandates like those in the Biden Administration's Executive Order 14028 focused on improving the nation's cybersecurity."

Today, during the latest Xbox Partner Preview broadcast—as a surprise for Xbox gamers everywhere—GSC Game World launched the S.T.A.L.K.E.R. Legends of the Zone Trilogy for Xbox One and Xbox Series X|S (via backwards compatibility). That's right - it's available today! The Legends of the Zone Trilogy bundle—available on the Microsoft Store for $39.99 USD—includes all three iconic games that make up the original S.T.A.L.K.E.R. Trilogy: Shadow of Chernobyl, Clear Sky, and Call of Pripyat—or you can pick up each of the games individually for $19.99 USD each. Every element from the original games has been maintained and faithfully ported to console thanks to the hard work of GSC Game World and their partners at Mataboo. This all makes for a great opportunity for Xbox gamers everywhere to get some foundational knowledge of S.T.A.L.K.E.R.'s universe in the lead-up to the launch of S.T.A.L.K.E.R. 2: Heart of Chornobyl, coming day one to Game Pass on September 5, 2024.

But translating these hardcore PC games to an Xbox controller has been no small feat. For a series that is known for blending a variety of genres like horror, first-person shooter, exploration, and immersive sim, it was important for the team to get it right. Speaking with GSC Game World PR Specialist Zakhar Bocharov, we wanted to learn more about what this process was like, bringing these cult-classic, hardcore PC titles to console, and some of the innovative design and UI adjustments the team had to make to bring all three games to Xbox.

Cyberattacks are an existential risk, with 89% of organizations ranking ransomware as one of the top five threats to their viability, according to a November 2023 report from TechTarget's Enterprise Strategy Group, a leading analyst firm. And this is just one of many risks to corporate data—insider threats, data exfiltration, hardware failures, and natural disasters also pose significant danger. Moreover, as the just-released 2024 IBM X-Force Threat Intelligence Index states, as the generative AI market becomes more established, it could trigger the maturity of AI as an attack surface, mobilizing even further investment in new tools from cybercriminals. The report notes that enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn't require novel tactics from attackers to target.

To help clients counter these threats with earlier and more accurate detection, we're announcing new AI-enhanced versions of the IBM FlashCore Module technology available inside new IBM Storage FlashSystem products and a new version of IBM Storage Defender software to help organizations improve their ability to detect and respond to ransomware and other cyberattacks that threaten their data. The newly available fourth generation of FlashCore Module (FCM) technology enables artificial intelligence capabilities within the IBM Storage FlashSystem family. FCM works with Storage Defender to provide end-to-end data resilience across primary and secondary workloads with AI-powered sensors designed for earlier notification of cyber threats to help enterprises recover faster.

AEWIN is glad to announce our latest High-Performance Network Appliance powered by Intel latest 5th Gen Xeon Scalable Processors, SCB-1942 Series. It is a series of flagship products powered by dual Intel Emerald Rapids CPUs, having up to 128 CPU cores (64 cores per CPU) for the extreme computing power pursued in the market. SCB-1942 series has multiple SKU with various PCIe slots options for great expandability to fulfill customer's solutions.

The SCB-1942A is a 2U, 2-socket network computing platform having 16x memory socket of DDR5 up to 5600 MHz, and 8x PCIe 5.0 expansion slots for AEWIN wide coverage NIC cards with 1G/10/25/40/100G copper/fiber interfaces or other Accelerators & NVMe SSDs for flexible functionality enhancement. The SCB-1942A provides the flexibility to change the 2x PCIe slots to 1x PCIe x16 slot for standard PCIe form factor which can install off-the-shelf add-on card for additional function required. It can support 400G NIC card installed such as Mellanox PCIe 5.0 NIC. In addition, the SCB-1942 series support 10 SATA which make it also suitable for various kinds of storage applications.

Samsung Electronics today announced the first step in a plan to reimagine mobile device security for business customers in partnership with Microsoft. This collaboration has led to the industry's first on-device, mobile hardware-backed device attestation solution that works equally well on both company and personally owned devices.

Device attestation can help ensure a device's identity and health, verifying that it has not been compromised. On-device, mobile hardware-backed device attestation—available on Samsung Galaxy devices and combined with protection from Microsoft Intune—now adds enhanced security and flexibility. For enterprises, this is an extra layer of protection against compromised devices falsely claiming to be known and healthy, gaining access to sensitive corporate data. Additionally, organizations can now enable employees to bring their own device (BYOD) to work with the confidence that they are protected with the same level of security as company owned devices. For employees, this means added flexibility for their personal Galaxy devices to safely access their work environment.

MSI suffered a massive data breach at the start of April and the Taiwanese electronics company promptly alerted its customers about the cyberattack on its "information systems." A few days later it emerged that a relatively young ransomware group "Money Message" was behind the hacking effort - these cybercriminals stated that they had infiltrated MSI's internal network. Gang members proceeded to acquire sensitive company files, database information and source code. At the time, Money Message demanded that MSI pay them a ransom of $4 million, with the added threat of stolen data getting leaked to the general public on the internet (in the event of MSI failing to pay up).

Money Message has this week claimed that MSI has refused to meet their demands - as a result, an upload of stolen data started on Thursday with files appearing on the group's own website, and spreading to the dark web soon after. Binarly, a cybersecurity firm, has since analyzed the leaked files and discovered the presence of many private code signing keys within the breached data dump. Alex Matrosov, Binarly's CEO states via Twitter: "Recently, MSI USA announced a significant data breach. The data has now been made public, revealing a vast number of private keys that could affect numerous devices. FW Image Signing Keys: 57 products (and) Intel Boot Guard BPM/KM Keys: 166 products." Binary has provided a list of affected MSI devices (gaming laptops & mobile workstations) on their GitHub page.

It appears that MSI's data breach is more significant than originally thought and according to recent information, a new ransomware group known as "Money Message" was behind the attack, stealing databases and source code from MSI's network.

According to a report over from the BleepingComputer, Money Message claims to have stolen 1.5 TB of data from MSI's systems, including CTMS and ERP databases, software source code, private keys, and BIOS firmware. Money Message is threatening to publish these allegedly stolen documents and asking a ransom payment of $4 million. MSI has already warned its customers about the cyberattack, has started the "relevant defense mechanisms," and has been gradually restoring its systems back to normal operations.

MSI has issued a warning to its customers after the company detected it has suffered from a cyberattack on its "information systems". Although it's not clear exactly what was attacked, the company has detected what it calls anomalies on its network and has since kicked in "relevant defense mechanisms" which among other things included reporting the incident to local law enforcement agencies and cybersecurity units.

MSI states that the company has been gradually restoring its systems back to normal operations and that the attack has had negligible impact on its business. However, MSI is warning its customers not to download MSI BIOS/UEFI/firmware updates or drivers from any other source than MSI's official website, or any of its software. Although MSI doesn't state if whoever performed the attack might have gotten hold of any of its software, this seems to suggest such things and it's clear that MSI is worried that there might be software appearing in the near future that will be compromised in one way or another.

Earlier this week a 160 GB hoard consisting of 2869 files from Acer internal systems appeared for sale on a shady internet forum. The hacker claims to have stolen the data over the course of February 2023, and that it contains valuable files including confidential product data, technical manuals, binaries, backend infrastructure data, product model documentation, BIOS and ROM components, product keys, ISOs, and internal information on various laptops, phones, and tablets. Alongside the list of ill-gotten data they provided a snapshot of the trove to prove the authenticity, and requested payment via the cryptocurrency Monero (XMR).

Acer confirmed the breach on Tuesday to multiple sources stating:

We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server."

Riot Games provided its first response to last week's cyberattack on its company network. The company alleges that the attackers have exfiltrated with the source-codes for "League of Legends," "Teamfight Tactics," and a proprietary anti-cheat software that's no longer in use. Riot Games assures all that no game user data was compromised with this attack (particularly passwords or payment-instrument details); and at worst the stolen source code could help the attackers create cheats. The company also received a ransom e-mail from the attackers demanding payment, failing which they threaten to release the source code to public; but Riot said that it does not intend to pay. Since user information isn't compromised, and the games themselves are protected by IP laws globally, there's little reason to pay up.

The latest episode in the saga of the cyberattacks on NVIDIA servers that unleashed the motherlode of confidential information, the group behind the hack made its second set of demands. The first one was for a ransom to prevent public-disclosure, which NVIDIA possibly didn't meet. The second one is a demand for making GeForce proprietary drivers open-source on all platforms. Failing this, the group plans to release its next chunk of the leak public.

This, the group claims, includes sensitive files related to the company's silicon design, including Verilog (.v) files, and VG files. They also claim to be in possession of files related to upcoming hardware, including the elusive RTX 3090 Ti, and upcoming revisions of existing silicon. The group sets until 4th March (Friday) to meet its demand.

Possible streaming multiprocessor (SM) counts of the various NVIDIA "Ada Lovelace" client-graphics GPUs surfaced, allegedly pieced together from code seen in the recent NVIDIA cyberattack data-leak. According to this, the top-dog "AD102" silicon has 144 SM, the next-best "AD103" has 84. The third-largest "AD104" silicon has 60. The performance-segment "AD106" has 36, and the mainstream "AD107" has 24. Assuming the number of CUDA cores per SM in the "Ada Lovelace" graphics architecture is unchanged from that of "Ampere," we're looking at 18,432 CUDA cores for the "AD102," an impressive 10,752 for the "AD103," 7,680 cores for the "AD104," 4,608 for the "AD106," and 3,072 for the "AD107."

The mother of all cyberattacks hit NVIDIA over the weekend, putting out critical driver source-code, the ability to disable LHR for mining, and even insights into future NVIDIA hardware, such as the Blackwell architecture. An anonymous tipster sent us this screenshot showing a list of files they claim are the source-code of DLSS.

The list, which looks credible enough, includes C++ files, headers, and assets that make up DLSS. There is also a super-convenient "Programming Guide" document to help developers make sense of the code and build correctly. Our tipsters who sent this screenshot are examining the code to see the inner workings of DLSS, and whether there's any secret sauce. Do note that this is DLSS version 2.2, so a reasonably recent version including the latest DLSS 2.2 changes. This code leak could hold the key for the open-source Linux driver community to bring DLSS to the platform, or even AMD and Intel learning from its design. Stealing Intellectual Property is a big deal of course and NVIDIA's lawyers will probably be busy picking apart every new innovation from their competitors, but ultimately it'll be hard to prove in a court of law.

SonicWall, the publisher of the world's most quoted ransomware threat intelligence, today released the 2022 SonicWall Cyber Threat Report. The bi-annual report details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021 including: ransomware, encrypted threats, IoT malware and cryptojacking. "Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases," said SonicWall President and CEO Bill Conner. "Securing information in a boundless world is a near impossible and thankless job, especially as the boundaries of organizations are ever-expanding to limitless endpoints and networks."

SonicWall Capture Labs threat researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105% increase. Ransomware volume has risen 232% since 2019. High-profile ransomware attacks impacted businesses, state and federal governments, schools, hospitals and even individuals. Attacks hit supply chains, causing widespread system downtime, economic loss and reputational damage. Following global trends, all industries faced large increases of ransomware volume, including government (+1,885%), healthcare (755%), education (152%) and retail (21%).

IBM today unveiled IBM FlashSystem Cyber Vault to help companies better detect and recover quickly from ransomware and other cyberattacks. The company also announced new FlashSystem storage models, based on IBM Spectrum Virtualize to provide a single and consistent operating environment, that are designed to increase cyber resilience and application performance within a hybrid cloud environment.

According to the IBM Cyber Resilient Organization study, 46 percent of respondents surveyed reported experiencing a ransomware attack over the past two years. With cyberattacks continuing to grow, and with average recovery time lasting days or even weeks, business and reputational risks are unprecedented. Even with prevention and detection tactics in place, organizations also must be ready to recover their operations quickly to minimize loss of business and other costs.

TerraMaster, a professional brand that specializes in providing innovative storage products for home, businesses and enterprises, presents its comprehensive suite of cybersecurity features to provide excellent protection against all variants of ransomware, viruses, and other forms of cyberattack. There has been an increase in new variants of ransomware that specifically target NAS devices. TerraMaster continuously bolsters the suite of cybersecurity features on its NAS devices to provide effective protection even to the newest ransomware variants. TerraMaster has taken the necessary steps for help users avoid common pitfalls that are targeted by attackers. TerraMaster also provides the necessary security features to protect against cybersecurity attacks.

TerraMaster NAS users can get alert notifications for system events, power failures, and others. This helps managers in real-time monitoring even at home, ensuring that you are always up to date with the status of your TNAS. TerraMaster NAS device has disabled the default administrator account. This ensures users will create a new administrator account and set their own password at first use.

Acer has reportedly been hit with a REvil ransomware attack covering financial spreadsheets, bank balances, and bank communications. The actors are demanding a 50 million USD ransom which is one of the highest amounts ever demanded in a breach of this type. Acer has not confirmed the report instead stating that they "reported recent abnormal situations" to the relevant authorities. Communication between REvil and Acer began on March 14th with the attackers demanding payment in XMR cryptocurrency via a Tor website in return for the decryptor, a vulnerability report, and the deletion of stolen files. The cause of the attack appears to be a vulnerability in Microsoft Exchange which has now been patched but was not updated by Acer. The group is demanding payment before March 28th or the price will double to 100 million USD.

Lenovo today announced a significant expansion of Secured-core PCs within its ThinkShield portfolio. In addition to offering a wider selection of these devices, Lenovo also introduced its new Secured-core PC Enablement Service to support customers with custom imaging, BIOS protection, and configuration of operating system settings. Designed to simplify and further secure the deployment of these devices within an organization, this new factory service can be purchased as an add-on to the device.

Integrating hardware, firmware, software and identity protection, Windows 10 Secured-core PCs offer a deeper level of protection against highly advanced threats and increasing risks of cyberattacks and malware. Since their introduction in October 2019, Lenovo has offered two devices that are capable of being ordered as Secured-core PCs, the ThinkPad X1 Yoga Gen 4 and the ThinkPad X1 Carbon Gen 7. As part of the recent Secured-core PC portfolio expansion, Lenovo will now offer ten additional devices: the ThinkPad X1 Carbon Gen 8, ThinkPad X1 Yoga Gen 5, ThinkPad X13, ThinkPad X13 Yoga, ThinkPad T14s, ThinkPad T14, ThinkPad T15, ThinkPad P1 Gen 3, ThinkPad P14s and ThinkPad P15s premium laptops. These Modern Standby enabled laptops focus on providing a smarter and more secure working experience and feature several innovations to empower remote workers. Emerging technologies including PrivacyGuard, WiFi 6 and up to CAT 16 WWAN can be invaluable in meeting the needs and desires of remote workers.

It was only a few weeks ago when we reported that Dr. Mordechai Guri and his team had devised a new cyberattack known as Air-ViBeR which could use the vibrations of a PC's fans to steal data by regulating fan speed and recording the sounds on a nearby smartphone. This time Dr. Mordechai and his team have discovered a way to silently transmit data from the ultrasonic frequencies put out by a PC power supply they have dubbed this new attack POWER-SUPPLaY. The cyberattack involves a piece of malware that can alter system load by changing the CPU workload, this causes the PC power supply to change its ultrasonic frequencies which can be detected by a smartphone at a maximum distance of 5 m.

While this cyberattack is certainly technologically impressive, it is unlikely to ever be used out of anything but a Hollywood movie due to some fatal limitations. The attack requires the computer to be compromised and for a mobile device to be within listening distance for a prolonged time, the transmission rate of the attack is only 50 bits per second, or equivalent to about 22.5 kB per hour. With such a low transmission rate the only data that could be feasibly transmitted would be plain text at a rate of 10,000 words an hour.

The Kudankulam Nuclear Power Plant (KKNPP) is India's largest, with two operational 1,000 MWe reactors, and four more under construction, making up a nameplate capacity of 6,000 MWe (electrical output) when fully built. Last Saturday (26th October), unit 2 was taken offline due to an "SG level low" (steam generator level low) error. This event, roughly coinciding with Twitter chatter on an alleged cyber-attack on the plant's computers on Tuesday, spread panic. Twitter threads from cyber-security handles chronicle a possible DTrack malware attack that gained access to the plant's domain controller.

On Tuesday, state-owned Nuclear Power Corporation of India (NPCIL), which operates KKNPP, put out a press-release denying these rumors. In the press release, plant spokesperson R. Ramdoss states that the plant's computers are isolated from the Internet, and that an external cyberattack is "impossible." He stated that Unit 2 was taken offline due to a mechanical problem in its turbine hall (levels of steam being too low to turn the turbine). It's important to understand that a "Unit" in power plant jargon is a combination of a reactor and its turbine hall. The reactor splits atoms to heat water and make steam, the turbine hall uses this steam to make electricity. A "unit" being offline doesn't necessary mean that its reactor is, but that it's simply not putting out power to the grid. Ramdoss stated that as of Tuesday, units 1 and 2 were putting out 1,000 MWe and 600 MWe, respectively.Update (late-Wednesday, 10/30): NPCIL retracted its earlier statement denying a cyber-attack, and released another press-release, stating that one of its PCs in the plant's administrative block that was exposed to the Internet, was infected by malware, and is being cleaned. This PC is isolated from the plant's internal network that operates the various critical systems. The investigation also revealed that the plant's internal computers are unaffected. The new press-release is pictured above. From the looks of it, the operational error on Saturday is unrelated to the cyber-attack.

In today's world, computer security is becoming very important due the exponential increase in malware and ransomware attacks. Various studies have shown that a single malicious attack can cost companies millions of dollars and can require significant recovery time. With the growth of employees working remotely and connected to a network considered less secure than traditional corporate network, employee's computer systems can be perceived as a weak security link and a risk to overall security of the company. Operating System (OS) and independent hardware vendors (IHV) are investing in security technologies which will make computers more resilient to cyberattacks.

Having the world's most pervasive operating system (or office suite) is sure to leave a big mark on any company when it comes to exploitation attempts from hackers. It's a simple equation: aim your efforts at a software that runs in millions (if not billions) of machines and even a light chink in the armor could be enough to cause a cascading effect through that many users.

This principle applies to almost everything: a small effect across a billion users usually provides greater returns than a large effect on one or two players. Kaspersky labs on its security report, presented at the Security Analyst Summit, reported that the favorite target for cyber attacks was Microsoft's Office suite - a 70% figure suggests an incredible attention given to Office, really. These Office-related cyber attacks don't directly relate to the suite itself; there are other, OS-integrated components that can be targeted, or simply that Office file extensions are used as clever, headache-inducing ways of disguising malware as the second greatest evil in the world - spreadsheets.