WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • Top Ways That AI Improves Cybersecurity

    Top Ways That AI Improves Cybersecurity

    Given the massive and unprecedented online threats we’re facing, can we possibly harness AI technology to keep us safe? Cybersecurity experts believe we can do precisely that, given the far-reaching implications of strategically-deployed AI resources. So, let’s take a look at eight ways that AI improves cybersecurity.

    IP blocking

    AI-based systems can be used to block known malicious IP addresses and websites. Automated systems that use machine learning algorithms can quickly identify known malicious IP addresses and websites based on past data. These systems can then automatically block access to these addresses or sites, preventing users from accidentally accessing them. 

    Spam filtering

    We can use machine learning to develop better spam filters that are more effective at identifying and blocking unwanted emails. Spam email is one of the most common types of attacks organizations face today. To combat this, machine learning algorithms are often used to develop spam filters that are more effective at identifying and blocking unwanted emails. 

    AI encryption

    We can use AI-based systems to encrypt data so that it is unreadable by unauthorized users. Data encryption is one of the essential tools available for protecting information from being accessed by unauthorized individuals. We can use AI-based systems to encrypt data so that it is unreadable by anyone who does not have the proper key or password automatically. 

    Browser protection

    Smart browser-protection tools like WOT can enhance your cybersecurity by helping you to avoid malware, scams, viruses, and other online threats. These tools offer powerful anti-Phishing functions, popup blockers, real-time threat protection, and suspicious site detection, all within a powerful machine-learning construct—the perfect AI vehicle for keeping you safe online. 

    Firewalls

    We can use machine learning to develop better firewalls that are more effective at blocking malicious traffic while allowing legitimate traffic through firewalls. These are among the most important tools available for protecting networks from attack. However, traditional firewalls tend to be less effective at blocking malicious traffic while still allowing legitimate traffic. Machine learning-based firewalls can be trained to be more effective at distinguishing between different types of traffic and selectively blocking only the malicious traffic while still allowing the good traffic to pass through. 

    Algorithms

    We can use machine learning algorithms to analyze large volumes of data looking for patterns that could indicate a security breach. One of the most common ways cybercriminals gain access to sensitive information is through large-scale data breaches. To prevent this from happening, we can use machine learning algorithms to analyze large volumes of data looking for patterns that could indicate the presence of a security breach. 

    AI Chatbots

    We can use AI-based chatbots to intercept phishing attempts and other attacks. Phishing attacks often use email or other messages to lure victims into entering their sensitive information into a harmful website. To prevent this from happening, we can use AI-based chatbots to intercept these phishing attempts and notify the user before they have had a chance to enter any sensitive information. 

    Machine Learning

    We can use machine learning to develop better intrusion detection systems that are more effective at identifying and responding to attacks. Intrusion detection systems are designed to identify and respond to malicious activity on a network. However, traditional intrusion detection systems tend to have a high rate of false positives, leading to unnecessary alerts and wasted time and resources. We can train machine learning-based intrusion detection systems to be more effective at identifying and responding to actual attacks while reducing the number of false positives.

    In Summary

    AI is playing an increasingly important role in cybersecurity, with machine learning-based solutions being developed to address many of the challenges faced by organizations today. By leveraging the power of AI, organizations can improve their ability to block known threats, detect new attacks, and respond quickly and effectively to security breaches.

    While it is still in its early developmental stages, AI technology has already shown great promise in cybersecurity. For example, AI-based systems can quickly identify and block known malicious IP addresses and websites by using machine learning algorithms. 

    In addition, we can use machine learning to develop better spam filters that are more effective at identifying and blocking unwanted emails. Finally, we can use AI-based chatbots to intercept phishing attempts and other types of attacks.

  • Mailchimp Was Hacked, Compromising 100+ Customers’ Data

    Mailchimp Was Hacked, Compromising 100+ Customers’ Data

    Mailchimp has admitted being hacked, with more than 100 customers’ data compromised.

    Mailchimp is a popular email marketing platform, and was recently acquired by Intuit. The deal was based on Mailchimp rounding out Intuit’s suite of tools and products aimed at small businesses. Unfortunately, it appears Intuit also inherited a security issue.

    According to TechCrunch, Mailchip has revealed it was hacked in late March. Fortunately, the company quickly identified the breach and took action while the perpetrators were still working.

    “We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected,” Mailchimp CISO Siobhan Smyth said.

    Unfortunately, the hackers were able to download audience data for 102 accounts before Mailchimp personnel were able to lock them out and secure their systems.

    “When we become aware of any unauthorized account access, we notify the account owner and immediately take steps to suspend any further access,” Smyth told TechCrunch. “We also recommend two-factor authentication and other account security measures for our users as added measures to keep accounts and passwords secure.”

  • Globant Is the Latest Lapsus$ Hacking Victim

    Globant Is the Latest Lapsus$ Hacking Victim

    Globant, a company that helps others prepare “for digital and cognitive future,” is the latest victim of the Lapsus$ ransomware group.

    Lapsus$ has been racking up a significant list of victim companies, including Nvidia, Microsoft, Okta, and Samsung. The group recently claimed it hacked Globant as well, posting some of the company’s source code as proof.

    The company has acknowledged the breach, but said the scope of access was limited.

    “We have recently detected that a limited section of our company’s code repository has been subject to unauthorized access,” the company wrote on their site. “We have activated our security protocols and are conducting an exhaustive investigation.

    “According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients. To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.

    “We are taking strict measures to prevent further incidents.”

  • Kaspersky Lab Labeled ‘a Threat to National Security’

    Kaspersky Lab Labeled ‘a Threat to National Security’

    The Federal Communications Commission (FCC) has labeled Kaspersky Lab “a threat to national security,” a first for a Russian firm.

    Kaspersky Lab is a popular provider of antivirus software and other cybersecurity software. The company is often on the front lines of identifying and combating viruses, trojans, ransomware, and other malware. The company is also based in Moscow, and therefore subject to Russian law and governance.

    That last point has helped land the company on the FCC’s Covered List, a list of entities “that have been deemed a threat to national security.” Chinese firms China Telecom and China Mobile International USA Inc, were also added at the same time.

    “Last year, for the first time, the FCC published a list of communications equipment and services that pose an unacceptable risk to national security, and we have been working closely with our national security partners to review and update this list,” said Chairwoman Jessica Rosenworcel. “Today’s action is the latest in the FCC’s ongoing efforts, as part of the greater whole-of-government approach, to strengthen America’s communications networks against national security threats, including examining the foreign ownership of telecommunications companies providing service in the United States and revoking the authorization to operate where necessary. Our work in this area continues.”

    The news was met with support from the agency’s other commissioners, including Commissioner Brendan Carr.

    “The FCC’s decision to add these three entities to our Covered List is welcome news,” wrote Carr. The FCC plays a critical role in securing our nation’s communications networks, and keeping our Covered List up to date is an important tool we have at our disposal to do just that. In particular, I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold necessary to add these entities to our list. Their addition, as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state backed entities seeking to engage in espionage and otherwise harm America’s interests.

    “I applaud Chairwoman Rosenworcel for working closely with our partners in the Executive Branch on these updates. As we continue our work to secure America’s communications networks, I am confident that we will have more entities to add to our Covered List.”

  • Nvidia CEO Calls Lapsus$ Hack a ‘Wake-Up Call’

    Nvidia CEO Calls Lapsus$ Hack a ‘Wake-Up Call’

    Nvidia suffered a major attack at the hands of ransomware group Lapsus$, an attack CEO Jensen Huang is calling a “wake-up call.”

    Lapsus$ is a somewhat different type of ransomware gang. Rather than gaining access and delivering a ransomware payload that encrypts a target’s systems, Lapsus$ tries to gain access to source code repositories, stealing code and demanding a ransom to not release it to the public.

    Lapsus$ has been on a string of attacks, compromising Microsoft, Samsung, and Nvidia. In the case of the latter, the group made off with GPU source code, demanding the company open source its drivers or see the code released publicly.

    According to Yahoo Finance, the hack got Huang’s attention, who was happy it wasn’t worse.

    “It was a wake-up call for us,” Huang told Yahoo Finance. “Fortunately, we didn’t lose any customer information and any sensitive information. They got access to source code, which of course we don’t like, but nothing that is harmful to us.”

    Ransomware has been on the rise, becoming one of the most popular, and profitable, forms of cybercrime. The CEO of Nvidia calling the Lapsus$ attack a “wake-up call” should serve as a cautionary tale to companies large and small.

  • Windows 10 and 11 Have a Critical, Seven Month-Old Zero-Day Flaw

    Windows 10 and 11 Have a Critical, Seven Month-Old Zero-Day Flaw

    Windows has a critical, zero-day flaw and the worst part is that Microsoft has known about it for seven months and can’t seem to fix it.

    The exploit in question impacts Windows 10, Windows 11, and Windows Server, allowing a user to gain administrative privileges, according to BleepingComputer. Microsoft has already released two separate patches to address the issue, but neither of them has successfully fixed it.

    To make matters even worse, Microsoft’s latest effort to fix the vulnerability actually broke an unofficial patch that did fix it. 0patch (Zero Patch) is an independent security organization that provides patches for issues Microsoft cant/won’t fix, as well as older, end-of-life versions of Windows that Microsoft no longer supports. 0patch had successfully patched the fix, but now Microsoft’s patch has broke it.

    When BleepingComputer asked Microsoft for info on their future plans to fix the issue, they received this response:

    “We’re aware of this report and will take action as needed to protect customers.”

    0patch has once again issued a fix that actually works, leading some to wonder why Microsoft can’t seem to do that with a product they made in the first place.

  • Microsoft Confirms Lapsus$ Hack, Interrupted It In Progress

    Microsoft Confirms Lapsus$ Hack, Interrupted It In Progress

    Microsoft has confirmed it was at least partially compromised by hacking group Lapsus$, saying it interrupted the attack in progress.

    Lapsus$ is a ransomware group that operates somewhat differently than most. Rather than compromising a system and installing a ransomware payload, the group tries to steal source code and intellectual property, and then threatens to release it if a ransom is not paid. The group claimed to have compromised Microsoft, saying it made off with source code for Bing, Bing Maps, and Cortana.

    In a blog post, Microsoft says it interrupted DEV-0537 (Microsoft’s codename for Lapsus$) mid-operation.

    This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.

    Microsoft has been monitoring Lapsus$ for some time, and have noted the group’s ability to prey on the interconnected nature of modern systems.

    Early observed attacks by DEV-0537 targeted cryptocurrency accounts resulting in compromise and theft of wallets and funds. As they expanded their attacks, the actors began targeting telecommunication, higher education, and government organizations in South America. More recent campaigns have expanded to include organizations globally spanning a variety of sectors. Based on observed activity, this group understands the interconnected nature of identities and trust relationships in modern technology ecosystems and targets telecommunications, technology, IT services and support companies–to leverage their access from one organization to access the partner or supplier organizations. They have also been observed targeting government entities, manufacturing, higher education, energy, retailers, and healthcare.

    Microsoft’s revelations come on the heels of several high-profile attacks by the group, including a major successful attack against Nvidia, and an attempted hack of Okta.

  • AI Represents Major Risk to Banking Cybersecurity

    AI Represents Major Risk to Banking Cybersecurity

    Artificial intelligence (AI) may be the banking industry’s Achilles heel, making it more vulnerable to Russian cyberattacks.

    President Joe Biden issued a warning to American businesses of the likelihood of increased cyberattacks from Russian, in retaliation for the sanctions it is experiencing as a result of its invasion of Ukraine. Many ransomware gangs already operate within Russia, due to that country’s willingness to turn a blind eye to attacks on the West. Full-fledged support from the Kremlin would likely send attacks into overdriver, however, and banks may be particularly vulnerable.

    Banks have been aggressively rolling out AI and automated systems in an effort to provide better customer support, as well as better identify and prevent fraud. Unfortunately, experts are warning that those very systems also make banks far more vulnerable to potential attack.

    “It’s a huge unaccounted-for risk,” Andrew Burt, Managing Partner at AI-focused law firm BNH and former policy adviser to the FBI’s head of cyber division, told The Wall Street Journal. “The vulnerabilities of AI and complex analytic systems are significant and very widely overlooked by many of the organizations employing them.”

    Much of the problem stems from AI systems still being in their infancy, compared to previous, time-tested systems banks relied on.

    “Machine-learning security is not just a combination of security and machine learning; it’s a novel field.…When you introduce machine learning into any kind of software infrastructure, it opens up new attack surfaces, new modalities for how a system’s behavior might be corrupted,” Abhishek Gupta, founder of Montreal AI Ethics Institute, told WSJ.

    “There’s a sense of brittleness in that entire architecture, like a house of cards. You don’t know which of the cards that you pull out will lead to the whole thing collapsing entirely,” he added.

    Given the increased risk of attack, it’s a safe bet firms specializing in AI security are about to see a major boost.

  • Okta CEO Confirms Breach Attempt in January, No Major Concern Now

    Okta CEO Confirms Breach Attempt in January, No Major Concern Now

    On the heels of news Lapsus$ was claiming it breached Okta, the company’s CEO has confirmed an attempt in January.

    Okta is a leading identity and authentication services provider, meaning a successful breach against the company could have disastrous consequences for wide range of industries. Ransomware group Lapsus$ claimed to have successfully breached the company, even providing screenshots as proof. Fortunately, the screenshots Lapsus$ provided are likely from an attempt made in January, one that was contained and poses little risk in the present.

    Okta CEO Todd McKinnon made the announcement on Twitter.

    In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. (1 of 2)

    We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January. (2 of 2)

    Todd McKinnon (@toddmckinnon), March 22, 2022

    The revelation is good news for Okta users, provided no additional details emerge from the company’s investigation.

  • LAPSUS$ May Have Hacked Microsoft

    LAPSUS$ May Have Hacked Microsoft

    Continuing its string of high-profile attacks, Lapsus$ may have hacked Microsoft’s code repositories.

    As BleepingComputer points out, Lapsus$ operates differently than many ransomware gangs. Rather than targeting a company’s desktop machines and servers, holding them for a ransom, Lapsus$ targets companies’ code repositories. Once the group has compromised a repository, it demands a ransom in exchange for not releasing the company’s source code and intellectual property (IP) to the world.

    According to BleepingComputer, the group claims it has successfully compromised Microsoft’s source code repositories, specifically its Azure DevOps server. Microsoft has not been able to confirm the claims, but is investigating to see if they are true.

    We will continue to monitor this story and report on any additional details.

  • LAPSUS$ May Have Hacked Okta

    LAPSUS$ May Have Hacked Okta

    Identification and authentication services firm Okta is investigating the possibility it may have been hacked by LAPSUS$.

    LAPSUS$ has accomplished a number of high-profile hacks in recent weeks, including stealing the Samsung Galaxy code and the Nvidia GPU code. According to Reuters, the group is now claiming to have hacked Okta, one of the leading providers of identity and authentication services.

    Okta says it is investigating whether the claims are true. If they are, however, the repercussions could be nothing short of disastrous, depending on how badly the company has been compromised. Companies around the world, large and small, rely on Okta to authenticate their users and services.

    We will continue to monitor this story and report updates as details become available.

  • Biden Warns of Russian Cyberattacks

    Biden Warns of Russian Cyberattacks

    President Joe Biden is warning American businesses of increased risk of cyberattacks as Russia looks to retaliate against sanctions.

    Russia has born the brunt of some of the most intense sanctions in international history, a response to its invasion of Ukraine. The country has seen company after company pull out and abandon its Russian business, and is even struggling to find enough storage space to keeps its IT operations running.

    In response to the international sanctions, experts believe Russia may increase cyberattacks on foreign targets, especially in the US. President Biden issued a statement warning American businesses of the possibility.

    This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience. I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.

    After touting the efforts his administration has taken to harden US cyber defenses, President Biden called on the private sector to do the same.

    If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year. You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely. We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.

  • Severe Vulnerability Impacts Linux and Android

    A new, severe vulnerability is putting Linux computers and many Android phones at risk.

    According to Ars Technica the new vulnerability has been dubbed “Dirty Pipe.” The issue allows anyone with an account “to add an SSH key to the root user’s account.” Once done, the user would be able to remotely access to the machine with full root access.

    The vulnerability can also be used for other exploits, such as overwriting read-only files, creating a root shell, setting up a backdoor, and more.

    In addition to impacting computers with Linux installed, the vulnerability also impacts some versions of Android, since the mobile OS runs a modified version of the Linux kernel. While some might be inclined to believe newer versions of Android would be immune, the exact opposite is the case.

    Newer devices, like the Pixel 6 and Samsung S22 run newer versions of the Android kernel, which are vulnerable to the exploit. In contrast, older devices like the Pixel 4 are running older versions of the kernel, which are not vulnerable.

    All Linux and Android users should be on the lookout for a security update.

  • Google Buying Mandiant For $5.4 Billion

    Google Buying Mandiant For $5.4 Billion

    Google and Mandiant have confirmed a deal for Google to acquire the cybersecurity firm for $5.4 billion.

    Mandiant is a long-time, well-respected member of the cybersecurity community, dating back to its founding in 2004. The company was among the first to directly tie China to cyber espionage, raising its stature in the industry. Microsoft originally was in talks to purchase Mandiant, but ultimately abandoned negotiations over concerns the company wasn’t a good fit, opening the way for Google to move in.

    Google sees Mandiant as a way to help it bolster cloud security, as Google Cloud continues to grow and challenge AWS and Microsoft Azure.

    “Cyber security is a mission, and we believe it’s one of the most important of our generation. Google Cloud shares our mission-driven culture to bring security to every organization,” said Kevin Mandia, CEO, Mandiant. “Together, we will deliver our expertise and intelligence at scale via the Mandiant Advantage SaaS platform, as part of the Google Cloud security portfolio. These efforts will help organizations to effectively, efficiently and continuously manage and configure their complex mix of security products.”

    “The Mandiant brand is synonymous with unmatched insights for organizations seeking to keep themselves secure in a constantly changing environment,” said Thomas Kurian, CEO, Google Cloud. “This is an opportunity to deliver an end-to-end security operations suite and extend one of the best consulting organizations in the world. Together we can make a profound impact in securing the cloud, accelerating the adoption of cloud computing, and ultimately make the world safer.”

    The deal must pass regulatory approval, and be approved by Mandiant stockholders. If everything goes well, the deal is expected to close later this year.

  • Microsoft Backs Out of Mandiant Talks, Google Now the Frontrunner

    Microsoft Backs Out of Mandiant Talks, Google Now the Frontrunner

    Microsoft has dropped out of talks to acquire security firm Mandiant, with Google taking its place as the likely buyer.

    In mid-February, reports indicated Microsoft was in talks to acquire Mandiant in an effort to further its cybersecurity presence. Mandiant has a long history in the cybersecurity market, and was viewed as a good fit for Microsoft.

    According to The Seattle Times, Microsoft has withdrawn from the negotiations, concerned Mandiant’s services and tools weren’t quite the match some analysts thought. Google is reportedly now pursuing a deal.

    Google is in third-place in the cloud market. Purchasing Mandiant could help the company gain impetus in its efforts to acquire additional customers, especially security-conscious ones, as well as better protect the customers it has.

    As the Times points out, with a valuation of more than $5 billion, this could be the largest acquisition in Google’s history, with the exception of Motorola Mobility.

  • Lapsus$ Strikes Again: Hackers Steal Samsung Galaxy Code

    Lapsus$ Strikes Again: Hackers Steal Samsung Galaxy Code

    Hacker group Lapsus$ is in the news again, this time for stealing 190GB of Samsung data and Galaxy code.

    BleepingComputer reported last week that Lapsus$, the same group that stole Nvidia GPU source code, had stolen a treasure trove of Samsung data. The data included “source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control).” The code also included biometric unlock algorithms, bootloader source code, Samsung activation server code, confidential Qualcomm source code, as well as code for authenticating Samsung accounts.

    Samsung has now confirmed the breach, and the theft of the Galaxy source code, in a statement to *Bloomberg.*

    “There was a security breach relating to certain internal company data,” Samsung said. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

    It has not been a good few days for Samsung, with the company accused of throttling games and other apps on a wide array of its devices, including its most recent flagship S22. The company has promised to release a fix, but it’s not clear what long-term repercussions there may be.

    One thing is certain: A breach of this magnitude is only going to add to Samsung’s woes.

  • PSA: Update Mozilla Firefox, Thunderbird, and Focus Immediately

    PSA: Update Mozilla Firefox, Thunderbird, and Focus Immediately

    Mozilla has issued updates for Firefox, Firefox for Android, Thunderbird, and Firefox Focus to fix two vulnerabilities being actively exploited in the wild.

    Firefox, while not nearly as popular as Chrome, is one of the most important web browsers on the market, an open source alternative with a focus on privacy. Mozilla says both vulnerabilities are being actively exploited by bad actors, making it critically important to update immediately.

    Here’s Mozilla’s description of the two issues:

    CVE-2022-26485: Use-after-free in XSLT parameter processing: “Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.”

    CVE-2022-26486: Use-after-free in WebGPU IPC Framework: “An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.”

    Both issues have been addressed in these updates:

    • Firefox 97.0.2
    • Firefox ESR 91.6.1
    • Firefox for Android 97.3
    • Focus 97.3
    • Thunderbird 91.6.2
  • Open Source Drivers or Else: Nvidia Hackers Make Demands

    Open Source Drivers or Else: Nvidia Hackers Make Demands

    The hackers responsible for an Nvidia data breach have finally made their demands, wanting the company to release open source GPU drivers.

    Nvidia is notoriously opposed to open source drivers for its products. The issue is so well-known that it continues to be a problem in the Linux community, with some Linux distros specifically advertising themselves as being Nvidia-friendly by including the company’s official drivers, rather than the normal open source alternatives. The company has also angered some users by including measures to throttle its GPU performance when used for crypto mining.

    On March 1, it was reported that Nvidia had launched a counter-hacking operation against the LAPSU$ group in an effort to encrypt roughly 1TB of stolen data, so it could not be used in a ransomware demand. It’s unclear how successful that operation was, since the group is now making its demands, according to Ars Technica, targeting both complaints against the company.

    So, NVIDIA, the choice is yours! Either:

    –Officially make current and all future drivers for all cards open source, while keeping the Verilog and chipset trade secrets… well, secret

    OR

    –Not make the drivers open source, making us release the entire silicon chip files so that everyone not only knows your driver’s secrets, but also your most closely-guarded trade secrets for graphics and computer chipsets too!

    YOU HAVE UNTIL FRIDAY, YOU DECIDE!

    Given that today is Friday, we won’t have long to wait to see how this demand plays out, but our money is on Nvidia refusing.

  • Lawmakers Want Answers About the FBI’s Use of Pegasus Spyware

    Lawmakers Want Answers About the FBI’s Use of Pegasus Spyware

    Lawmakers want information about Pegasus, the spyware developed by NSO Group, demanding answers from Apple and the FBI about the latter’s use of it.

    Pegasus is a spyware application NSO markets to law enforcement and government agencies. In mid-2021, however, news broke that NSO had sold Pegasus to authoritarian regimes that were using the software to spy on journalists, human rights activists, and diplomats. The news was particularly notable over the fact that the software was being used to target Apple’s iPhone, a platform otherwise known for having good security.

    The reaction was swift and severe, with AWS banning NSO, Apple suing the company, and Congress adding it to the Entity List, essentially blacklisting it. Among the revelations, however, was that the FBI was one of NSO’s customers.

    Lawmakers want answers regarding the FBI’s use of the software, according to CNBC, sending letters to both Apple and the FBI to ascertain the scope of the FBI’s involvement.

    “The Committee is examining the FBI’s acquisition, testing, and use of NSO’s spyware, and potential civil liberty implications of the use of Pegasus or Phantom against U.S. persons,” reads the letter to Apple.

    The FBI has long been critical of the security and encryption modern devices provide users, seeking to undermine that security at nearly every opportunity. Its efforts have included supporting efforts to legislate weaker encryption, wanting Apple and others to develop backdoors in their security, and investing in tools —like Pegasus —that can break encryption.

  • Who Hacks the Hackers? Nvidia Does

    Who Hacks the Hackers? Nvidia Does

    Nvidia has taken a novel approach to hackers that stole its data, hacking them back and encrypting the data so it can’t be accessed.

    According to Tom’s Hardware, hackers from the LAPSU$ group stole some 1TB of data from Nvidia. Rather than pay a ransom or deal with the hackers, Nvidia opted to hack the group instead. Once it gained access to the hackers’ servers, the company encrypted its stolen data, ensuring it can’t be access.

    Hacker group Vx-underground reported on Twitter that Nvidia had pulled off the operation.

    LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data. LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successful ransomed their machines

    Nvidia has sent a clear signal: Mess with it at your own peril.

  • Samsung Broke Encryption On 100 Million Phones

    Samsung Broke Encryption On 100 Million Phones

    The world’s largest smartphone maker shipped roughly 100 million phones with broken encryption, putting its customers at risk.

    Modern smartphones rely on encryption to protect data on-device. Android and iOS store the hardware-based encryption keys on the device, taking extreme measures to protect them, given they form the basis of smartphone security.

    Unfortunately for Samsung users, the company’s cryptographic design was severely flawed. According to Threatpost, researchers at Tel Aviv University discovered the flaw that makes it possible for attackers to gain access to the cryptographic keys. Researchers are already condemning the company for its amateurish handling of basic cryptographic principles.

    “Loosely speaking, AES-GCM needs a fresh burst of securely chosen random data for every new encryption operation – that’s not just a ‘nice-to-have’ feature, it’s an algorithmic requirement,” Paul Ducklin, principal research scientist for Sophos, told Threatpost. “In internet standards language, it’s a MUST, not a SHOULD. That fresh-every-time randomness (12 bytes’ worth at least for the AES-GCM cipher mode) is known as a ‘nonce,’ short for Number Used Once – a jargon word that cryptographic programmers should treat as an *command*, not merely as a noun.”

    Unfortunately, Samsung didn’t use the numbers just once.

    “Indeed, it allowed an app running outside the secure encryption hardware component not only to influence the nonces used inside it, but even to choose those nonces exactly, deliberately and malevolently, repeating them as often as the app’s creator wanted,” Ducklin continued.

    The issue impacts a wide range of models, from the 2017 Galaxy S8 to 2021’s Galaxy S21.

    There’s no excuse for any company to be so cavalier in its handling of something as important as encryption. For a company with Samsung’s experience and resources to so blatantly ignore basic security principles is almost criminal.