New Side-Channel Attack Risks All CPUs

0
[ad_1]

Researchers have identified a new side-channel attack impacting all existing processors. Named “Collide+Power”, this side-channel attack exploits target CPU’s measured power consumption following a collision between the attackers’ and the other apps’ datasets in cache memory. While severe, the researchers deem it a low-risk attack with fewer exploitability probabilities in real-world scenarios.

Collide+Power Attack Affects Most Processors

A team of researchers from Graz University of Technology, Austria, and CISPA Helmholtz Center for Information Security, California, have shared details about a new side-channel attack, “Collide+Power” that impacts most CPUs.

The researchers discovered a vulnerability, CVE-2023-20583, impacting the CPU hardware that allows sensitive data leaks. That’s what the researchers exploited to demonstrate the Colllide+Power attack.

The attack involves measured CPU power consumption values when the dataset from other apps collides with attackers’ data to overpower it in the CPU cache memory. It involves three steps: 1) introducing arbitrary data to the targeted CPU component, 2) forcing the target (victim) data to overwrite the attacker’s data, and 3) measuring the subsequent power consumption changes due to overwriting attackers’ data by the victim data, which allows estimating the secret data values.

The researchers demonstrated two attack variants. The first involves constantly accessing the shared component triggering collisions between the secret data and the attackers’ data. Executing this attack requires hyperthreading enabled. In contrast, the second variant does not depend on hyperthreading. It involves using a prefetch gadget to introduce arbitrary data to the shared CPU component, forcing collisions. This variant, however, is less efficient as it exhibits a reduced leakage rate.

The researchers have set up a dedicated web page elaborating on the Collide+Power attack.

Attack Limitations And Mitigations

While the vulnerability affects almost all existing processors, potentially appearing as a severe threat, the researchers clarified that it isn’t so severe. First, the information leak happens at a prolonged rate, making it practically unfeasible in a real-world attack.

Besides, vendors may deploy hardware or software-level mitigations to prevent data collisions. Although, implementing such restrictions seems difficult as it requires complex structural changes in the CPUs’ shared hardware components.

Another possible mitigation includes preventing the attacker from observing power-related signals, such as by restricting access to the RAPL interface. These mitigations also address the previously known PLATYPUS and Hertzbleed attacks, so implementing them sounds feasible.

The researchers have responsibly disclosed the vulnerability to Intel, ARM, and AMD, which then released the guidelines accordingly.

Let us know your thoughts in the comments.


[ad_2]
Source link

The GPay app slims down to just two tabs

0
[ad_1]

Easy navigation is a big part of the app experience and, sometimes, less is more. Google has its payment platform called GPay, and we knew that the app was getting a redesign for a while. Now, the company is finally pushing this redesign, and it shows that the app has slimmed down, according to 9To5Google.

If you don’t know what GPay is, it’s a simple app you can use to make and manage your payments. You can use it to make contactless payments, track your spending, send and receive money, and more. It’s different from Google Wallet which allows you to add a plethora of different cards like gift cards, loyalty cards, and even IDs and passports eventually. GPay is mostly a payment platform.

The GPay redesign is finally rolling out to the public

We knew that Google was planning on redesigning the GPay app We got the news of this change back in February. However, it’s been in testing ever since then with only a few people able to see the change.

Now, it’s rolling out to more people. The GPay app redesign will slim the app down and make the interface even simpler. Before, the app’s bottom bar had three tabs: Explore, Pay, and Insights. Well, the Explore tab is going away. Instead, you’ll see a card in the Pay tab called Top Deals For You. This takes the place of the Explore tab.

When you tap on the card, it will open up a page with a list of different deals for you. GPay bases the list on your spending habits. If you eat at a lot of pizza joints, then you’ll see a lot of deals at local pizza places. Each item on the list will have several chips in them showing you what category they fall under.

This isn’t a major change, but it does make the app a little more streamlined. The update is rolling out to the public starting today, so you might see it soon. Make sure that your app is updated.

 


[ad_2]
Source link

New Google ‘mind-reading’ AI can predict what music you listened to

0
[ad_1]

In recent years, the development in the AI field has truly been astounding, with generative AIs like ChatGPT quickly becoming a part of our lives. Now, as part of these efforts, scientists at Google have achieved a significant breakthrough in ‘mind-reading’ AI, allowing them to decode individuals’ music preferences by analyzing their brain signals.

Dubbed Brain2Music, the system utilizes functional magnetic resonance imaging (fMRI) data, which tracks the blood flow to different brain regions, and brain-computer interfaces (BCIs) to capture neural activity patterns as listeners hear different songs. According to Timo Denk, a co-author of the study and a software engineer at Google in Switzerland, the AI successfully predicted the agreement between the mood of the reconstructed music and the original music about 60% of the time.

“The method is pretty robust across the five subjects we evaluated. If you take a new person and train a model for them, it’s likely that it will also work well,” said Denk.

How does Brain2Music work?

Google says it first trains the AI using a subset of brain imaging data and accompanying song clips with the objective of establishing connections between various musical elements—such as instruments, genre, rhythm, and mood—and the participants’ brain signals. Then, as participants listen to music, the AI system meticulously analyzes neural patterns and cross-references them with music metadata.

Over time, the machine learning models become adept at recognizing distinct patterns associated with specific musical elements, such as rhythm, melody, and harmony, and subsequently associate them with corresponding songs in the database.

 

Ethical complications

While this breakthrough represents a significant development for Google in the AI field and could have immense potential for various neurotechnology applications, the mind-reading capabilities of the AI have once again prompted questions about privacy, consent, and data usage. Therefore, if Google plans to commercialize this technology in the future, it would need to implement stringent data protection measures to ensure user information remains confidential.


[ad_2]
Source link

Elite North Korean Hackers Breach Russian Missile Developer

0
[ad_1]
  • North Korean hackers breached a major Russian missile developer, NPO Mashinostroyeniya, for at least five months.
  • Cyber-espionage teams ScarCruft and Lazarus installed stealthy digital backdoors into NPO Mash’s systems.
  • It remains unclear if data was stolen or linked to North Korea’s ballistic missile program developments.
  • Experts warn that North Korea targets even its allies to acquire critical technologies.
  • The breach exposes vulnerabilities in cybersecurity and raises concerns about sensitive technology transfers.

It has been uncovered that an elite group of North Korean hackers successfully breached the computer networks of a major Russian missile developer for an extended period last year.

The evidence, reviewed by Reuters and analyzed by security researchers, points to cyber-espionage teams associated with the North Korean government, namely ScarCruft (aka APT37, InkySquid, Reaper, and Ricochet Chollima). The same group was also reported to have used the Dolphin Backdoor against South Korea in December 2022.

The researchers also noted tracks of the infamous North Korean state-backed group, Lazarus, in these attacks. This was identified after researchers noted the presence of OpenCarrot Windows OS backdoor. The backdoor is known to be used by the Lazarus group.

These hackers discreetly installed stealthy backdoors into systems at NPO Mashinostroyeniya, commonly referred to as NPO Mash, a prominent rocket design bureau located in Reutov, on the outskirts of Moscow.

Reuters’ investigation did not ascertain whether any data was taken during the intrusion or what information might have been accessed. Nonetheless, it is noteworthy that in the months following the breaches, North Korea declared significant advancements in its banned ballistic missile program, raising suspicions about a possible connection to the breach.

Technical data reveals that the intrusion began approximately in late 2021 and persisted until May 2022 when the company’s IT engineers, as per internal communications reviewed by Reuters, detected the hackers’ activities.

Tom Hegel, a security researcher with US cybersecurity firm SentinelOne, who first uncovered the compromise, highlighted the importance of these findings, providing rare insight into clandestine cyber operations that often elude public scrutiny. Hegel’s team stumbled upon the hack when an NPO Mash IT staffer inadvertently leaked the company’s internal communications while attempting to investigate the North Korean attack by uploading evidence to a private cybersecurity research portal.

With a high level of confidence, we attribute this intrusion to threat actors independently associated with North Korea. Based on our assessment, this incident stands as a compelling illustration of North Korea’s proactive measures to covertly advance their missile development objectives, as evidenced by their direct compromise of a Russian Defense-Industrial Base (DIB) organization.

Tom Hegel – SentinelOne

Two independent computer security experts, Nicholas Weaver and Matt Tait, verified the exposed email content’s authenticity by cross-referencing cryptographic signatures with a set of keys controlled by NPO Mash. SentinelOne expressed confidence that North Korea was responsible for the hack, as the cyberspies reused previously known malware and malicious infrastructure utilized in other intrusions.

The information potentially accessed by North Korean hackers includes details about NPO Mash’s hypersonic missile, “Zircon,” which Russian President Vladimir Putin had praised as a promising product capable of reaching speeds around nine times that of sound.

However, missile expert Markus Schiller, who has researched foreign aid to North Korea’s missile program, downplayed the immediate impact of obtaining plans for the Zircon. Schiller asserted that merely possessing drawings wouldn’t be sufficient to replicate the missile’s capabilities, as the process involves more complexities than what appears on paper.

Nevertheless, NPO Mash’s role as a leading Russian missile designer and producer makes it a highly valuable target. As the company’s advancements could have strategic implications, the breach raises concerns about the potential transfer of sensitive missile-related technology to North Korea.

The incident underscores the isolated nation’s willingness to target even its allies, as evidenced by the breach of Russia’s defence technologies. NPO Mashinostroyeniya has played a crucial role in developing hypersonic missiles, satellite technologies, and newer generation ballistic armaments—areas of immense interest to North Korea in its pursuit of an Intercontinental Ballistic Missile (ICBM) capable of striking the mainland United States.

  1. CIA Wants Russians to Share Secret via its Darknet Site
  2. Russian hacking forums warming up to Chinese hackers
  3. Hackers steal personal data of 1,000 North Korean Defectors

[ad_2]
Source link

HarmonyOS 4 is official with new customization options & refreshed UI

0
[ad_1]

Huawei announced HarmonyOS 4 during the Huawei Developer Conference 2023. Do note that it got announced in China, so this info is based on that launch, as are the images you’ll see below.

That being said, HarmonyOS 4 will likely look the same globally, but without some China-focused functionality. Therefore, covering this makes all the sense in the world.

HarmonyOS 4 has been announced with a UI overhaul, new customization options & more

HarmonyOS 4 does bring a UI refresh, along with some new customization options. By ‘UI’ refresh, we mean a major redesign, basically, as it’s quite different than HarmonyOS 3, visually.

Huawei now offers you the chance to change system fonts, colors, clock, and widget styles. You can create your own combinations, and customize them as you please, basically. The company also allows users to set emoji wallpapers.

The company also introduced something called ‘Panorama Weather’, so that you can get great-looking weather updates right on your home screen. The conditions will update in real-time.

The notification center has been changed up

Huawei also changed up the notification center, as it needed a refresh. You do have an option to divide upcoming alerts, if you want. You can now also pin your preferred app notifications to the notification center.

Those rumors regarding Huawei’s very own Dynamic Island also came to fruition, kind of. Huawei now offers something called ‘Live Window’ in HarmonyOS 4. Apps that are supported will show you real-time alerts and notifications in a pill-shaped icon in the top-left corner of the device. You can expand that window with a single tap.

The company has also added more widgets with HarmonyOS 4. HarmonyOS 4 actually comes with Ark Engine below everything, and Huawei claims it offers 20% better performance. The system should launch apps quicker, and the animations should also be nicer without an impact on the battery.

HarmonyOS is running on over 700 million devices worldwide

We’re only scratching the surface here, though. Huawei did mention that the HarmonyOS ecosystem now powers over 700 million devices. That includes smartphones, tablets, smartwatches, TVs, and more.

The HarmonyOS 4 public beta is available for a ton of smartphones as we speak, though only their Chinese variants. We’re not sure when will Huawei announce a global version of HarmonyOS 4. Perhaps with the Mate 60 launch? We’ll see.


[ad_2]
Source link

Apple might bring a motion detection feature to Siri

0
[ad_1]

Apple is reportedly working on a motion detection feature for its voice assistant Siri. The company’s recent patent filing reveals that Siri might soon be able to read a user’s lips and get triggered without voice commands.

Voice assistants are becoming an integral part of our life, and you can now find them on smartphones, cars, and smart home gadgets. These tools are even getting more intelligent, thanks to AI. Apple’s Siri is one of the most popular voice assistants that can be found on the company’s devices. Traditionally, you need the famous “Hey Siri” commands to trigger the app. However, this pattern might soon change.

According to Apple Insider, Apple has filed a patent for Siri dubbed “Keyword Detection Using Motion Sensing.” The patent promises a lip and head detection feature that could be used for activating the app as well as enhancing its accuracy.

You might soon be able to trigger Siri through your lips and head movements

The patent application further explains that Siri gets a motion sensor to track and record a user’s movements as they speak. If Siri concludes that the movements are matched to a specific command, then it will perform the command.

Apple added that voice control systems can sometimes produce false responses due to the background noise or picking up ambient noise or speech from an unintended user. To prevent this, Siri motion sensors such as accelerometers and gyroscopes will track face, head, and neck movements.

Introducing a new way to trigger Siri doesn’t mean Apple wants to remove the microphone from its devices- like what it did with iPhone’s headphone jack. Instead, a motion detection feature would allow users to switch off the microphone, which is currently used for listening to “Siri” or “Hey, Siri” commands. The tech giant argues that switching off the microphone could save power and processing capacity.

Yet, it remains to be seen which Apple products will get Siri with a motion detection sensor. However, iPhones, AirPods, and Apple Vision Pro are the most likely candidates to get the feature.


[ad_2]
Source link

IBM SDK, Java Technology Flaw

0
[ad_1]

IBM has discovered a vulnerability in the IBM SDK, Java Technology Edition, that allows threat actors to execute arbitrary code on the system due to unsafe deserialization.

This vulnerability exists in the Object Request Broker (ORB) and is given a CVE ID: CVE-2022-40609.

ORB is a middleware application component that is used to make program calls between computers on the network using remote procedure calls (RPC). It also provided transparency about the location.

CVE-2022-40609: Unsafe Deserialization Flaw

A remote attacker can exploit this vulnerability by sending specially crafted data, which will result in arbitrary code execution on the system. The CVSS Score for this vulnerability is given as 8.1 (High).

Affected Products & Fixed in Versions

Affected Product(s)Version(s)Fixed in Version
IBM SDK, Java Technology Edition8.0.8.0 and earlier7.1.5.19
IBM SDK, Java Technology Edition7.1.5.18 and earlier8.0.8.5

This vulnerability is classified on the CWE (Common Weakness Enumeration) with CWE-502: Deserialization of Untrusted Data

In response to this vulnerability, Red Hat has also released patches for their products Red Hat Enterprise Linux 7 Supplementary, and Red Hat Enterprise Linux 8 in order to fix this vulnerability.

Red Hat Enterprise Linux 7 with Java 1.7.1-ibm was found to be Out of support scope, as mentioned by Red Hat in their policies and advisory.

Furthermore, Tenable has also released plugins for this vulnerability for scanning this vulnerability through Nessus.

Nessus Plugins:

Users of these products are recommended to upgrade to the latest versions for preventing exploitation from threat actors.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link

CEO confirms all Amazon divisions are working on generative AI

0
[ad_1]

Ever since its introduction late last year, generative AI has become the buzzword, with almost every tech giant currently working to integrate the technology into its services. Now, during a recent earnings call, Amazon CEO Andy Jassy announced that “every single one” of Amazon’s businesses is actively pursuing multiple generative AI initiatives.

Although Jassy did not confirm the specific areas the company is focusing on, he mentioned that their efforts to integrate AI would range from bolstering cost-effectiveness and operational efficiency to revolutionizing customer experiences. Additionally, he hinted towards AI improvements coming to Alexa, which the company might showcase at their upcoming event on September 20th.

“It’s true in our Stores business, it’s true in our AWS business, it’s true in our advertising business, it’s true in all our devices — and you can just imagine what we’re working on with respect to Alexa there — it’s true in our entertainment businesses… every single one. It is going to be at the heart of what we do. It’s a significant investment and focus for us,” said Jassy.

Not the only company focusing on AI

As mentioned before, Amazon is not the only company pushing its boundaries in the generative AI industry. This is because, Microsoft has already integrated its Bing AI chatbot into most of its services and is now looking to integrate generative AI into its Windows operating system.

Similarly, Google, after fearing competition from Microsoft, has also started testing a slew of generative AI services, including the new Google Search Generative Experience, which could revolutionize how we search for things on the internet. While Apple’s efforts in the AI industry have been cautious, the company is also reportedly working on an AI chatbot that will run on the company’s newly developed “Ajax” framework, a collaboration between Apple and Google’s JAX machine learning framework and Google Cloud.


[ad_2]
Source link

HONOR confirms global Magic V2 launch, September 1 is the date

0
[ad_1]

HONOR has just confirmed that the Magic V2 foldable will launch on September 1. This device will become official as part of IFA 2023 in Berlin. As a reminder, the Magic V2 did already launch, but in China only.

The global variant of the HONOR Magic V2 is coming, as the launch date has just been revealed

That phone managed to get a lot of attention, despite not launching globally just yet. Why? Well, HONOR managed to achieve something great here. The Magic V2 became the thinnest foldable smartphone on the market.

The Magic V2 is only 4.7-4.8mm thick when unfolded, and 9.9-10.1mm thick when folded, depending on the model. On top of that, the phone weighs only 231 or 237 grams, once again, depending on the model, as both glass and eco leather variants got announced. The eco-leather one is lighter.

The global variant of the phone will offer the same exact design, but we still don’t know what variants will be available globally. The company’s press event will kick off at 10 AM CET/ 9 AM BST / 4 AM EST / 1 AM PST in Berlin, in case you’re interested.

Two HONOR foldables are coming, actually

That is not all, though. HONOR says that two foldable smartphones will become official at IFA. The first is the Magic V2, while the other is a mystery. If we had to guess, we’d say that HONOR’s first-ever clamshell foldable is coming.

We didn’t really hear much about that phone, so it really is a mystery. If that is, in fact, what we’re getting. We’ll just have to wait and see what HONOR is preparing for us, and who knows, perhaps that other phone leaks ahead of launch too.

All in all, HONOR will have a rather considerable presence at IFA 2023, and add two more foldable devices to the global market, which is surely appreciated. The more competition is present out there, the better for the end consumer.


[ad_2]
Source link

Malicious PyPI Package Mimicking Common Python Tools

0
[ad_1]
  1. ReversingLabs discovered a malicious PyPI package named VMConnect.
  2. The package imitated common Python tools & showed suspicious behavior.
  3. The attack started on 28th July with daily appearances of notorious packages.
  4. PyPI team swiftly removed the packages, but attackers kept replacing them.
  5. Objectives of the attack remain unclear to researchers.

Threat researchers at ReversingLabs, a software supply chain security and malware analysis platform, have discovered a malicious new PyPI package dubbed VMConnect on the Python Package Index (PyPI) repository.

ReversingLabs’ reverse engineer, Karlo Zanki, wrote in a technical blog post that around 24 malicious Python packages were identified on the PyPI open-source repository. These packages imitated three very common, open-source Python tools, including pyVmomi VMware vSphere bindings’ wrapper module vConnector, databases that allow asyncio support for different databases, and a set of tools used to test Ethereum-based applications called eth-tester.

According to the company, its static analysis engine Titanium Platform identified the suspicious PyPI packages while performing routine scanning. Further probing revealed suspicious behaviour, such as the packages established communication with a C2 server for downloading additional malicious software. However, researchers didn’t observe any commands when this C2 server was live.

Per their analysis, this campaign went active on 28 July 2023 as that is when the first malicious package was published, and packages kept appearing on a daily basis, each being more notorious than the previous ones.

“Additionally, these malicious packages were promptly removed from PyPI, likely due to internal system detections or external reports. However, the attackers quickly replaced the packages, indicating a well-organized and ongoing campaign.”

Karlo Zanki

Researchers have observed that campaign operators go to great lengths to make their malicious activities appear genuine. They achieve this by creating GitHub repositories with authentic-looking descriptions and even using legitimate source code. However, they deliberately remove any traces of their malicious behaviour from these repositories to build trust with potential victims.

Interestingly, this campaign managed to evade detection in the source code. Its presence was only discovered when researchers scanned the build process artifacts. This sets it apart from other recently discovered supply chain campaigns like “Brainleeches.”

VMCONNECT: Malicious PyPI Package Mimicking Common Python Tools
VMConnect package’s behaviour and description

Suspicious PyPI packages have been found to exhibit deceptive behaviour by fully emulating the functionalities of the modules they imitate. To add to the deceit, these packages link to GitHub projects where their malicious behaviour has been cleverly removed, creating a false sense of trust in the PyPI release package.

The swift action taken by PyPI administrators is commendable, as all the malicious packages, including VMConnect, were swiftly removed from the platform within just three days of their appearance. However, this incident raises serious concerns, as researchers are noticing a growing trend of exploiting open-source modules to distribute malicious code and carry out various types of supply chain attacks.

In the past, the majority of supply chain attacks were targeted at the NPM open-source repository. Surprisingly, the PyPI repository has now become the prime target for such malicious activities. For instance, in January 2023, researchers detected 41 suspicious PyPI packages posing as popular HTTP libraries, and in March, a PyPI package named “termcolour” (after a now-defunct package) with multiple versions of a three-stage downloader was discovered by ReversingLabs.

Despite intensive investigation, researchers have been unable to determine the objectives of this campaign or what happens in its later stages. The purpose behind these attacks, whether it involves stealing sensitive data, conducting surveillance, launching ransomware, or a combination of these, remains unclear.

  1. Malicious Packages are Swapping Out Your Crypto Addresses
  2. GitHub Abused to Distribute Malicious Packages on PyPI in Image Files
  3. Typosquatting: Legit Abquery Package Duped with Malicious Aabquerys

[ad_2]
Source link