News Posts matching #cybersecurity

Return to Keyword Browsing

Lenovo launches ThinkShield Firmware Assurance for Deep Protection Above and Below the Operating System

Today, Lenovo announced the introduction of ThinkShield Firmware Assurance as part of its portfolio of enterprise-grade cybersecurity solutions. ThinkShield Firmware Assurance is one of the only computer OEM solutions to enable deep visibility and protection below the operating system (OS) by embracing Zero Trust Architecture (ZTA) component-level visibility to generate more accurate and actionable risk management insights.

As a security paradigm, ZTA explicitly identifies users and devices to grant appropriate levels of access so a business can operate with less risk and minimal friction. ZTA is a critical framework to reduce risk as organizations endeavor to complete Zero-Trust implementations.

New Linux RCE Vulnerability Leaks Ahead of Disclosure - Allows Arbitrary Code Execution via CUPS Print Scheduler

A new vulnerability was recently discovered in a widely used print server that is installed by default on many Linux and Unix-based systems with a graphical user interface. The primary attack vector for the vulnerability is the CUPS (Common Unit Printing System) print scheduler, specifically cups-browsed, and has the potential to execute code remotely with zero user interaction required.

The vulnerability has reportedly been given a CVSS score of 9.9 by RHEL and Canonical, although this score is hotly debated, with some arguing it should have a lower score, because, although code can be remotely downloaded to the system, it cannot be executed without user intervention. Fortunately, there is no evidence of the vulnerability having been exploited, although the disclosure was leaked online ahead of a planned private reveal in October, prompting the developer that discovered the vulnerability to post the full explanation in a write-up on their blog. This being the case, the vulnerability could very well start being exploited by malicious actors.

Faulty Windows Update from CrowdStrike Hits Banks and Airlines Around the World

A faulty software update to enterprise computers by cybersecurity firm CrowdStrike has taken millions of computers offline, most of which are in a commercial or enterprise environment, or are Azure deployments. CrowdStrike provides periodic software and security updates to commercial PCs, enterprise PCs, and cloud instances, with a high degree of automation. The latest update reportedly breaks the Windows bootloader, causing bluescreens of death (BSODs), and if configured, invokes Windows Recovery. Enterprises tend to bulletproof the bootloaders of their client machines, and disable generic Windows Recovery tools from Microsoft, which means businesses around the world are left with large numbers of machines that will each take manual fixing. The so-called "Windows CrowdStrike BSOD deluge" has hit critical businesses such as banks, airlines, supermarket chains, and TV broadcasters. Meanwhile, sysadmins on Reddit are wishing each other a happy weekend.

AMD Investigates Claims of a Data Breach by a Hacking Group

AMD has reportedly suffered a cybersecurity breach, with an organization that goes by "IntelBroker" claiming to have stolen company data on future products, customer databases, and financial records, among others. In a statement to Reuters, AMD said that it is working closely with law enforcement agencies and a third-party hosting partner, to investigate the claim of a data breach by IntelBroker. "We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data," the company said. The AMD stock traded slightly down (by 2.38% as of this writing) on Tuesday.

HackRead goes into the details of the data IntelBroker claims to have stolen. There are broadly two categories of data in the breach—IP and product information; and business information. In terms of IP, IntelBroker claims to have done away with files related to device firmware, ROMs, source code, IP files, future AMD product plans, and technical specifications. The business information leaked includes employee databases, customer databases, financial information, user IDs (probably of employees), job designation, employment statuses, and business phone numbers.

AEWIN Introduces SCB Network Appliances Powered by AMD EPYC 8004

AEWIN provides a series of performant Network Appliances and Edge Server powered by single AMD Zen 4c EPYC 8004 processor codenamed Siena. The latest AMD Siena CPU is produced with 5 nm manufacturing technology to have up to 64 cores (extreme density of 2CCX/CCD) and 225 W TDP with lower energy consumption compared to EPYC SP5. Siena SP6 CPU has the best performance per watt and is with the support of rich I/O and CXL 1.1.

SCB-1945 (1U) and SCB-1947A (2U) are two performant Network Appliances supporting 12x DDR5 sockets and 4x/8x PCIe Gen 5 slots for AEWIN self-design NICs with 1G to 100G copper/fiber interfaces (with/without bypass function) or other accelerators and NVMe SSDs. Both models provide the flexibility to change 2x front panel PCIe slots to 1x PCIe x16 slot for installing off-the-shelf add-on card for additional functions required. It can support 400G NIC card installed such as NVIDIA Mellanox PCIe 5.0 NIC.

NVIDIA Calls for Global Investment into Sovereign AI

Nations have long invested in domestic infrastructure to advance their economies, control their own data and take advantage of technology opportunities in areas such as transportation, communications, commerce, entertainment and healthcare. AI, the most important technology of our time, is turbocharging innovation across every facet of society. It's expected to generate trillions of dollars in economic dividends and productivity gains. Countries are investing in sovereign AI to develop and harness such benefits on their own. Sovereign AI refers to a nation's capabilities to produce artificial intelligence using its own infrastructure, data, workforce and business networks.

Why Sovereign AI Is Important
The global imperative for nations to invest in sovereign AI capabilities has grown since the rise of generative AI, which is reshaping markets, challenging governance models, inspiring new industries and transforming others—from gaming to biopharma. It's also rewriting the nature of work, as people in many fields start using AI-powered "copilots." Sovereign AI encompasses both physical and data infrastructures. The latter includes sovereign foundation models, such as large language models, developed by local teams and trained on local datasets to promote inclusiveness with specific dialects, cultures and practices. For example, speech AI models can help preserve, promote and revitalize indigenous languages. And LLMs aren't just for teaching AIs human languages, but for writing software code, protecting consumers from financial fraud, teaching robots physical skills and much more.

Microsoft Reveals Cyberattack & Theft of Internal Source Code

We have provided an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

IBM Opens State-of-the-Art "X-Force Cyber Range" in Washington DC

IBM has announced the official opening of the new IBM X-Force Cyber Range in Washington, DC. The range includes new custom training exercises specifically designed to help U.S. federal agencies, their suppliers and critical infrastructure organizations more effectively respond to persistent and disruptive cyberattacks, and threats posed by AI. The state-of-the-art facility is designed to help everyone from legal and mission-critical leaders, to the C-Suite and technical security leaders prepare for a real-world cyber incident. According to IBM's 2023 Cost of a Data Breach report the global average cost of a data breach reached $4.45 million, with the US facing the highest breach costs across all regions. Organizations that formed an incident response (IR) team and tested their IR plan experienced faster incident response times and lower costs than organizations that did neither. In fact, the report found that high levels of IR planning and testing saved industry and government nearly $1.5 million in breach costs and 54 days from the data breach lifecycle.

"From national security threats to supply chain disruptions impacting the goods and services we rely on every day, cyberattacks on government and critical infrastructure can have ramifications that go far beyond the balance sheet," said Alice Fakir, Partner, Lead of Cybersecurity Services, US Federal Market for IBM Consulting. "The elite and highly customizable cyber response training we provide at our new DC range helps organizations and federal agencies better defend against existing and emerging threats, and also addresses federal mandates like those in the Biden Administration's Executive Order 14028 focused on improving the nation's cybersecurity."

Jensen Huang Believes That Every Country Needs Sovereign AI

Every country needs to own the production of their own intelligence, NVIDIA founder and CEO Jensen Huang told attendees Monday at the World Governments Summit in Dubai. Huang, who spoke as part of a fireside chat with the UAE's Minister of AI, His Excellency Omar Al Olama, described sovereign AI—which emphasizes a country's ownership over its data and the intelligence it produces—as an enormous opportunity for the world's leaders. "It codifies your culture, your society's intelligence, your common sense, your history - you own your own data," Huang told Al Olama during their conversation, a highlight of an event attended by more than 4,000 delegates from 150 countries.

"We completely subscribe to that vision," Al Olama said. "That's why the UAE is moving aggressively on creating large language models and mobilizing compute." Huang's appearance in the UAE comes as the Gulf State is moving rapidly to transform itself from an energy powerhouse into a global information technology hub. Dubai is the latest stop for Huang in a global tour that has included meetings with leaders in Canada, France, India, Japan, Malaysia, Singapore and Vietnam over the past six months. The Middle East is poised to reap significant benefits from AI, with PwC projecting a $320 billion boost to the region's economy by 2030.

IBM Introduces LinuxONE 4 Express, a Value-oriented Hybrid Cloud & AI Platform

IBM has announced IBM LinuxONE 4 Express, extending the latest performance, security and AI capabilities of LinuxONE to small and medium sized businesses and within new data center environments. The pre-configured rack mount system is designed to offer cost savings and to remove client guess work when spinning up workloads quickly and getting started with the platform to address new and traditional use cases such as digital assets, medical imaging with AI, and workload consolidation.

Building an integrated hybrid cloud strategy for today and years to come
As businesses move their products and services online quickly, oftentimes, they are left with a hybrid cloud environment created by default, with siloed stacks that are not conducive to alignment across businesses or the introduction of AI. In a recent IBM IBV survey, 84% of executives asked acknowledged their enterprise struggles in eliminating silo-to-silo handoffs. And 78% of responding executives said that an inadequate operating model impedes successful adoption of their multicloud platform. With the pressure to accelerate and scale the impact of data and AI across the enterprise - and improve business outcomes - another approach that organizations can take is to more carefully identify which workloads should be on-premises vs in the cloud.

Durabook Announces Windows 11 Secured-core PCs in its Mobile Rugged Computing Portfolio

In collaboration with Microsoft, Durabook today announced the availability of Windows 11 Secured-core PCs for its mobile rugged computing portfolio. The Durabook S15 Rugged Laptop and U11 Rugged Tablet with advanced Windows 11 security are immediately available to protect sensitive data for professionals on the move.

Mobile, Rugged, Secure for a Perilous World
Executives, military officers, and other professionals who work in potentially hazardous environments are often responsible for highly sensitive data such as financial information, classified intelligence, and intellectual property. They are also often on the road where their computing devices are exposed to abundant cybersecurity threats, including malware and firmware attacks. These attacks are in addition to the physical perils such as being dropped, exposed to dust and potentially combustible fine particulate in the air, extreme temperatures, high humidity and water intrusion.

NVIDIA and IQM Quantum Computers to Advance Future Hybrid Quantum Applications

IQM Quantum Computers (IQM), a global leader in building quantum computers, today announced a collaboration with NVIDIA to advance future hybrid quantum applications through NVIDIA CUDA Quantum, an open-source platform for integrating and programming quantum processing units in one system. As part of this collaboration, users of IQM's quantum processing units across enterprises and research institutions can program and develop the next generation of hybrid quantum-classical applications with NVIDIA CUDA Quantum.

The collaboration aims to accelerate the development and utilization of quantum computing in various applications, fostering innovation, collaboration, and potential breakthroughs in science and industry. Leading institutions, such as CSC - IT Centre for Science and the VTT Technical Research Centre of Finland, plan to utilise CUDA Quantum on VTT's 5-qubit quantum computer developed in co-innovation partnership by IQM and VTT.

Flexxon Announces Xsign, a Physical Security Key in USB or microSD/SD Card Formats

Hardware cybersecurity pioneer and industrial NAND storage specialist, Flexxon, today announced the launch of its latest security product, Xsign. Now available globally, the Xsign provides enhanced security through an innovative approach to unlocking sensitive data reserved only for authorized personnel.

With the use of the Xsign hardware security key, organisations will be provided with a tailored software platform that syncs only with the Xsign key, thereby granting access to pre-defined users. Beyond its function as a security key, the Xsign also operates as a traditional storage card, equipped with Flexxon's industry leading reliability and performance. Key beneficiaries of the solution include industries that handle personal and sensitive data like the healthcare, finance, and government and defense sectors.

Quantinuum's H1 Quantum Computer Successfully Executes a Fully Fault-tolerant Algorithm

Fault-tolerant quantum computers that offer radical new solutions to some of the world's most pressing problems in medicine, finance and the environment, as well as facilitating a truly widespread use of AI, are driving global interest in quantum technologies. Yet the various timetables that have been established for achieving this paradigm require major breakthroughs and innovations to remain achievable, and none is more pressing than the move from merely physical qubits to those that are fault-tolerant.

In one of the first meaningful steps along this path, scientists from Quantinuum, the world's largest integrated quantum computing company, along with collaborators, have demonstrated the first fault-tolerant method using three logically-encoded qubits on the Quantinuum H1 quantum computer, Powered by Honeywell, to perform a mathematical procedure.

Logitech Among Industry Leaders Driving Increased IoT Product Security and Privacy

Earlier today Logitech International was invited and honored to participate in the US National Label for Consumer IoT Security launch at the White House in Washington DC. The event, sponsored by the National Security Council, was led by chairwoman of the FCC, Jessica Rosenworcel, and included members of both organizations, as well as other leading tech companies focused on and making strides in product security for consumers.

Logitech is an active contributor in industry efforts to integrate security into the core standards that its products use. Through its participation in the Product Security Working Group (PSWG) and Matter Working Group within the Connectivity Standards Alliance (CSA), the company continues to work with others in the industry to write and certify the standards by which next generation products will operate.

Infineon Welcomes Introduction of a Voluntary U.S. IoT Security Label

Today, U.S. Deputy National Security Advisor Anne Neuberger, Chairwoman of the Federal Communications Commission (FCC) Jessica Rosenworcel, and Laurie Locascio, Director of the National Institute of Standards and Technology (NIST) unveiled the U.S. national IoT security label at the White House.

Infineon Technologies AG supports this action to address the growing need for IoT security. The new label supports the IoT security requirements under NISTIR 8425, which resulted from an Executive Order to improve the nation's cybersecurity. This label will recognize products that meet these requirements by permitting them to display a U.S. government label and be listed in a registry indicating that these products meet U.S. cybersecurity standards.

Money Message Ransomware Group Uploads Stolen MSI Data to Dark Web

MSI suffered a massive data breach at the start of April and the Taiwanese electronics company promptly alerted its customers about the cyberattack on its "information systems." A few days later it emerged that a relatively young ransomware group "Money Message" was behind the hacking effort - these cybercriminals stated that they had infiltrated MSI's internal network. Gang members proceeded to acquire sensitive company files, database information and source code. At the time, Money Message demanded that MSI pay them a ransom of $4 million, with the added threat of stolen data getting leaked to the general public on the internet (in the event of MSI failing to pay up).

Money Message has this week claimed that MSI has refused to meet their demands - as a result, an upload of stolen data started on Thursday with files appearing on the group's own website, and spreading to the dark web soon after. Binarly, a cybersecurity firm, has since analyzed the leaked files and discovered the presence of many private code signing keys within the breached data dump. Alex Matrosov, Binarly's CEO states via Twitter: "Recently, MSI USA announced a significant data breach. The data has now been made public, revealing a vast number of private keys that could affect numerous devices. FW Image Signing Keys: 57 products (and) Intel Boot Guard BPM/KM Keys: 166 products." Binary has provided a list of affected MSI devices (gaming laptops & mobile workstations) on their GitHub page.

Microsoft Fixes Windows Defender Bug After Five Years of Firefox Slowdowns

Microsoft's Window Defender engineering team has finally found the time to address a long term bug within its anti-malware software - relating to performance issues with Mozilla's Firefox web browser. User feedback stretching back to five years ago indicates extremely sluggish web surfing experiences, caused by a Windows "Anti-malware Service Executable" occupying significant chunks of CPU utilization (more than 30%). The combination of Firefox and Windows Defender running in parallel would guarantee a butting of (software) heads - up until last week's bug fix. A Microsoft issued update has reduced the "MsMpEng.exe" Defender component's CPU usage by a maximum of 75%.

Microsoft and Mozilla developers have collaborated on addressing the disharmonious relationship between Defender and Firefox. A plucky member of the latter's softwareengineering team has been very transparent about the sluggish browser experience. Yannis Juglaret has provided a string of project updates via Mozilla's Bugzilla tracking system - one of his latest entries provide details about the fix: "You may read online that Defender was making too many calls to VirtualProtect, and that global CPU usage will now go down by 75% when browsing with Firefox. This is absolutely wrong! The impact of this fix is that on all computers that rely on Microsoft Defender's Real-time Protection feature (which is enabled by default in Windows), MsMpEng.exe will consume much less CPU than before when monitoring the dynamic behavior of any program through Event Tracing for Windows (ETW). Nothing less, nothing more."

MSI Warns Customers After Cyberattack on its Systems

MSI has issued a warning to its customers after the company detected it has suffered from a cyberattack on its "information systems". Although it's not clear exactly what was attacked, the company has detected what it calls anomalies on its network and has since kicked in "relevant defense mechanisms" which among other things included reporting the incident to local law enforcement agencies and cybersecurity units.

MSI states that the company has been gradually restoring its systems back to normal operations and that the attack has had negligible impact on its business. However, MSI is warning its customers not to download MSI BIOS/UEFI/firmware updates or drivers from any other source than MSI's official website, or any of its software. Although MSI doesn't state if whoever performed the attack might have gotten hold of any of its software, this seems to suggest such things and it's clear that MSI is worried that there might be software appearing in the near future that will be compromised in one way or another.

IBM z16 and LinuxONE 4 Get Single Frame and Rack Mount Options

IBM today unveiled new single frame and rack mount configurations of IBM z16 and IBM LinuxONE 4, expanding their capabilities to a broader range of data center environments. Based on IBM's Telum processor, the new options are designed with sustainability in mind for highly efficient data centers, helping clients adapt to a digitized economy and ongoing global uncertainty.

Introduced in April 2022, the IBM z16 multi frame has helped transform industries with real-time AI inferencing at scale and quantum-safe cryptography. IBM LinuxONE Emperor 4, launched in September 2022, features capabilities that can reduce both energy consumption and data center floor space while delivering the scale, performance and security that clients need. The new single frame and rack mount configurations expand client infrastructure choices and help bring these benefits to data center environments where space, sustainability and standardization are paramount.

With Security Copilot, Microsoft brings the power of AI to cyberdefense

Microsoft Corp. on Tuesday announced it is bringing the next generation of AI to cybersecurity with the launch of Microsoft Security Copilot, giving defenders a much-needed tool to quickly detect and respond to threats and better understand the threat landscape overall. Security Copilot will combine Microsoft's vast threat intelligence footprint with industry-leading expertise to augment the work of security professionals through an easy-to-use AI assistant.

"Today the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against relentless and sophisticated attackers," said Vasu Jakkal, corporate vice president, Microsoft Security. "With Security Copilot, we are shifting the balance of power into our favor. Security Copilot is the first and only generative AI security product enabling defenders to move at the speed and scale of AI."

DFI and VicOne To Create Safe and Smart Transportation Environment at Embedded World 2023

DFI, the global leader in embedded motherboards and industrial computers, has stepped into the electric vehicle (EV) market in recent years. Alongside VicOne, the automotive cybersecurity expert and the subsidiary of Trend Micro, they will demonstrate technologies related to vehicle software security application that enable more comprehensive network security protection for smart cities.

This year, to demonstrate the AI computing and vehicle-to-everything technology used in Connected Vehicles and Smart Poles, DFI has built an actual smart traffic intersection at the venue with road side units (RSU), digital signage, intelligent edge computers, onboard units (OBU), in-vehicle AI computers, and driver HMIs.

New Vulnerabilities Found in TPM 2.0 Library That Could be a Potential Threat to Billions of Devices

A pair of new vulnerabilities has been found in the TPM 2.0 library by cybersecurity company Quarkslab, that has security experts worried, as both of the flaws have potential far reaching implications. The two vulnerabilities go under the CVE identifiers of CVE-2023-1017 and CVE-2023-1018, where the first one allows for out-of-bounds writes, whereas the second one enables out-of-bounds reads, also known as buffer overflow vulnerabilities. This in itself might not sound particularly concerning, but as both can be triggered from user-mode applications, they're a pretty big deal, as it would enable malicious commands to be sent to a TPM 2.0 module, which could in turn enable malicious software to be installed on the device with the TPM 2.0 module.

According to Quarkslab, billions of devices could be affected, as TPM 2.0 authentication modules are used in everything from servers to IoT devices and has been the main hardware-based crypto solution for almost a decade by now. The attacker using the vulnerabilities would have to know what they're doing to be able to take advantage of these two flaws in TPM 2.0, but as it relies on the TPM command interface, there's no easy way to protect against an attack, if someone has gained user access to the system in question. The Trusted Computing Group (TCG) which is in charge of the TPM standard, has already issued an errata which includes instructions on how to address the two vulnerabilities and we're like to see updates from all major hardware vendors as they see fit.

Fortinet Unveils New ASIC to Accelerate the Convergence of Networking and Security Across Every Network Edge

Fortinet, the global cybersecurity leader driving the convergence of networking and security, today announced FortiSP5, the latest breakthrough in ASIC technology from Fortinet, propelling major leaps forward in securing distributed network edges. Building on over 20 years of ASIC investment and innovation from Fortinet, FortiSP5 delivers significant secure computing power advantages over traditional CPU and network ASICs, lower cost and power consumption, the ability to enable new secure infrastructure across branch, campus, 5G, edge compute, operational technologies, and more.

"With the introduction of FortiSP5, Fortinet once again sets new industry records for performance, cost, and energy efficiency. As the only cybersecurity vendor leveraging purpose-built ASICs, an over 20-year investment in innovation, Fortinet delivers the secure computing power that will support the next generation of secure infrastructure." Ken Xie, Founder, Chairman of the Board, and Chief Executive Officer at Fortinet

About 300 MSI Motherboard Models Have a Faulty Secure Boot Implementation with Certain UEFI Firmware Versions

The UEFI Secure Boot feature is designed to prevent malicious code from executing during the system boot process, and has been a cybersecurity staple since the late-2000s, when software support was introduced with Windows 8. Dawid Potocki, a New Zealand-based IT student and cybersecurity researcher, discovered that as many as 300 motherboard models by MSI have a faulty Secure Boot implementation with certain versions of their UEFI firmware, which allows just about any boot image to load. This is, however, localized to only certain UEFI firmware versions, that are released as beta versions.

Potocki stumbled upon this when he found that his PRO Z790-A WiFi motherboard failed to verify the cryptographic signature boot-time binaries at the time of system boot. "I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not." He then began examining other motherboard models, and discovered close to 300 MSI motherboard models with a broken Secure Boot implementation. He clarified that MSI laptops aren't affected, and only their desktop motherboards are. Potocki says that affected MSI motherboards have an "always execute" policy set for Secure Boot, which makes the mechanism worthless, and theorized a possible reason. "I suspect this is because they probably knew that Microsoft wouldn't approve of it and/or that they get less tickets about Secure Boot causing issues for their users."
Return to Keyword Browsing
Dec 21st, 2024 11:53 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts