Google’s carbon emissions spike 48%, puts 2030 target at risk

andreasc
-
0
Google’s carbon emissions spike 48%, puts 2030 target at risk
[ad_1]

The AI craze has put Google‘s 2030 “net zero” target in serious doubt. The company is rapidly expanding its AI data centers, leading to an increase in carbon or greenhouse gas (GHG) emissions. It’s GHG emissions surged 48% between 2019 and 2024. The firm is still committed to the 2030 target but says the goal is “extremely ambitious,” which isn’t quite a positive outlook.

Google’s carbon emissions have increased drastically in recent years

Like most other tech companies, Google is putting in efforts to reduce carbon emissions and increase the use of renewable energy sources for a sustainable future. While it has made significant progress towards some of its mini-goals, like using plastic-free materials for packaging, its biggest goal appears to be going further away.

In its 2024 environmental report, Google revealed that its carbon emissions increased 13% year-on-year in 2023. As noted by Ars Technica, its pollution amounted to 14.3 million tonnes of carbon equivalent last year. That’s a massive 48% jump from 2019, a surprising movement in the opposite direction. The company should have been cutting its pollution but is adding to it.

Google says data center and supply chain expansions were the main reasons for this massive jump in carbon emissions. Its data center power consumption increased by 17% in 2023 and now accounts for 25% of the company-wide consumption. The firm’s data centers alone accounted for 7-10% of global data center energy consumption. The centers also consumed 17% more water in 2023.

Despite being headed in the wrong direction, Google is committed to the 2030 “net zero” target. The company says it’s an extremely ambitious goal made more challenging by the urgent need to bolster AI infrastructure. However, it is up for the challenge. “Scaling AI… is just as crucial as addressing the environmental impact associated with it,” Google said in its environmental report.

The company’s Chief Sustainability Officer Kate Brandt added that the firm was “working very hard” on reducing its carbon emissions. It has signed deals for clean energy and is exploring opportunities for AI-powered climate solutions. These efforts may bring the desired results in the long run. “We do still expect our emissions to continue to rise before dropping towards our goal,” said Brandt.

Google replenished 1 billion gallons of water in 2023

Google’s water stewardship projects replenished an estimated 1 billion gallons of water in 2023. That amounts to 18% of its freshwater consumption last year, a 3x jump from 6% in 2022. The packaging materials for products launched in 2023 were also at least 99% plastic-free, with the Pixel 8 and Pixel 8 Pro packaging using 100% plastic-free materials. Google says it is using AI to advance climate action by organizing information, improving prediction, and improving optimization.


[ad_2]
Source link

Hiap Seng Industries Servers Attacked by Ransomware

andreasc
-
0
Hiap Seng Industries Servers Attacked by Ransomware
[ad_1]

Hiap Seng Industries, a prominent engineering and construction company, has fallen victim to a ransomware attack that compromised its servers.

The company has swiftly taken measures to contain the breach and ensure the continuity of its business operations.

Upon discovering the ransomware attack by the Edge reports, Hiap Seng Industries immediately isolated its servers from the network to prevent the further spread of the malware.

The company activated its restoration and recovery protocols to maintain business continuity.

These steps are crucial in mitigating the impact of such cyberattacks, which can often lead to significant operational disruptions and financial losses.

Hiap Seng Industries reported that there has been no material impact on its business operations due to the incident.

This swift response highlights the company’s preparedness and resilience in the face of cyber threats.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

The company is committed to restoring normalcy and ensuring its clients and stakeholders experience minimal disruption.

Forensic Investigation and Cybersecurity Enhancement

Hiap Seng Industries has engaged third-party cybersecurity experts to conduct a thorough forensic investigation in response to the attack.

These experts will analyze the breach to understand how the ransomware infiltrated the system and identify any potential vulnerabilities.

The findings from this investigation will be pivotal in strengthening the company’s overall cybersecurity posture.

The appointment of external experts underscores Hiap Seng’s dedication to safeguarding its digital infrastructure.

By leveraging the expertise of seasoned cybersecurity professionals, the company aims to fortify its defenses against future cyber threats.

This proactive approach is essential when cyberattacks are becoming increasingly sophisticated and frequent.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files


[ad_2]
Source link

Gogs Vulnerabilities Let Attackers Hack Instances And Steal Source Code

andreasc
-
0
Gogs Vulnerabilities Let Attackers Hack Instances And Steal Source Code
[ad_1]

Gogs is a standard open-source code hosting system used by many developers.

Several Gogs vulnerabilities have been discovered recently by the cybersecurity researchers at SonarSource. 

Gogs can be hacked through these flaws, which put its instances at risk of source code theft, backdoor implantation as well as code removal.

Gogs Vulnerabilities

Despite Gogs’ widespread use, with more than 44,000 GitHub stars and 90 million Docker image downloads, these vulnerabilities remain unpatched.

This finding highlights the need to secure development tools and self-hosted code repositories.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

The Gogs’ built-in SSH server contains an Argument Injection Vulnerability that allows authenticated attackers to execute any command on the server.

The vulnerability exploits the ‘–split-string‘ option in the ‘env’ command to bypass security measures.

As a result, this vulnerability continues to be unpatched even in the latest Gogs release (0.13.0).

This security issue is consequently exposed in about 7,300 open Gogs instances on Shodan that largely endangers source code integrity and server protection for several organizations using Gogs for code hosting, reads SonarSource report.

Shodan report (Source – Sonar)

In order to exploit the Gogs SSH server vulnerability, three conditions must be met:- 

  • The built-in SSH server needs to be switched on.
  • There is a necessity for an authentic SSH key.
  • The use of “env -–split-string” compatible version.

Exploitable set-ups typically employ GNU core-utils in Ubuntu or Debian, while Alpine Linux-based Docker images and Windows installations are not affected.

If registration is enabled, attackers can easily create accounts and add SSH keys. Admins can confirm this vulnerability by checking their SSH settings in the admin panel and look if ‘env –help’ shows ‘–split-string’ among its options.

Gogs maintainers ceased communication after initially accepting vulnerability reports, leaving all four reported issues unpatched in the latest version. 

As a result, users must implement their own mitigations to protect their installations.

Recommendations

Here below we have mentioned all the recommendations and mitigations provided by the security analysts:-

  • Disable the built-in SSH server
  • Disable user registration
  • Switch to Gitea
  • Argument Injection in the built-in SSH server
  • Argument Injection when tagging new releases

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files


[ad_2]
Source link

Data of 210,715 Customers Exposed

andreasc
-
0
Data of 210,715 Customers Exposed
[ad_1]

TotalEnergies Clientes SAU has reported a significant cyberattack that has compromised the personal data of 210,715 customers.

The incident has raised serious concerns about data security and the integrity of digital infrastructures in the energy sector.

Unauthorized Access Detected

TotalEnergies Clientes SAU detected unauthorized access to one of its sales management computer systems, which exposed sensitive customer information.

The company has expressed deep displeasure at the breach, highlighting the potential risks such incidents pose to the market’s proper functioning.

“We apologize and condemn this type of criminal act that puts the proper functioning of the market at risk and harms both customers and companies that respect current legislation on data protection,” stated company sources.

In response to the breach, TotalEnergies emphasized its commitment to data protection and confidentiality.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

The company stated in a public announcement that “the protection and confidentiality of our customers’ data is an absolute priority.”

TotalEnergies acted swiftly to address the issue, collaborating closely with the Police and the Spanish Data Protection Agency.

The company is determined to initiate all relevant legal actions against those responsible for the cyberattack.

Industry Impact and Future Measures

This cyberattack on TotalEnergies Clientes SAU underscores the growing threat of cybercrime in the energy sector.

The breach affects the company’s customers and raises broader concerns about the security measures in place across the industry.

TotalEnergies’ prompt response and cooperation with authorities highlight the importance of robust cybersecurity protocols and the need for continuous vigilance.

As investigations continue, TotalEnergies assures its customers that it is taking all necessary steps to prevent future incidents and enhance its cybersecurity framework.

The company’s proactive stance reminds us of the critical importance of data protection in an increasingly digital world.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files


[ad_2]
Source link

Galaxy Z Flip 6 specs leak again and leave little to the imagination

andreasc
-
0
Galaxy Z Flip 6 specs leak again and leave little to the imagination
[ad_1]

The Samsung Galaxy Z Flip 6 will arrive in a week, and its specs have just leaked again. This time around, the details are coming from Ishan Agarwal, a well-known tipster. This is not the first time we’ve seen the phone’s specs, though this leak is quite detailed.

The Galaxy Z Flip 6 specs have just leaked again, and there’s not much left to hide at this point

Qualcomm’s Snapdragon 8 Gen 3 SoC will fuel the Galaxy Z Flip 6. That is not exactly a secret at this point. That same chip will also fuel the Galaxy Z Fold 6, which is coming alongside the Galaxy Z Flip 6.

The phone will feature a foldable 6.7-inch fullHD+ display with a 120Hz refresh rate. The tipster also says that a 4,000mAh battery will be included on the inside. What’s interesting here is that he also mentioned 35W charging.

Ishan doesn’t seem to be sure about the charging info, however. Previous rumors said 25W charging will be included, and some certifications agree with that. So chances are we’ll be getting 25W charging, not 35W charging.

A camera improvement is in the cards

In any case, two cameras will sit on the back of the phone… well, on the front if the phone is folded. A 50-megapixel main camera (f/1.8 aperture) will be backed by a 12-megapixel ultrawide unit (f/2.2 aperture).

On the main display, the phone will also include a selfie camera, of course. A 10-megapixel (f/2.2 aperture) unit is the camera Samsung chose to use here.

In regards to RAM, only one variant will be available, a 12GB one. Samsung will almost certainly use LPDDR5X RAM here. You will be able to choose between 256GB and 512GB storage options, however. UFS 4.0 flash storage will hopefully be used.

The Samsung Galaxy Z Flip 6 will measure 165 x 71.7 x 7.4mm when folded, based on Ishan’s info. That’s basically all the information that he shared. The phone will launch on July 10 during the company’s event in Paris, France.


[ad_2]
Source link

Samsung unveils powerful new Exynos W1000, its first 3nm chip

andreasc
-
0
Samsung unveils powerful new Exynos W1000, its first 3nm chip
[ad_1]

Samsung has launched its first 3nm processor, the Exynos W1000. The new chip will probably power the Galaxy Watch 7 and Galaxy Watch Ultra arriving next week. The company touts “groundbreaking performance” to improve your health, fitness, and productivity from your wrist.

Exynos W1000 finally arrives as Samsung’s first 3nm mobile chip

Samsung started 3nm mass production two years ago but never made a mobile chip on its first-gen 3nm GAA (gate all around) process node. The Exynos W1000 is fabricated on the second-gen 3nm node, its most advanced fabrication process yet. This is already a massive upgrade over the 5nm Exynos W930 powering the Galaxy Watch 6 series. The Galaxy Watch 4 and Watch 5’s Exynos W920 is also a 5nm chip but with a slightly slower CPU.

Speaking of the CPU, Samsung has upgraded the new chip to a penta-core design (five CPU cores), up from two cores. The Exynos W1000 has one ARM Cotex-A78 prime core clocked at 1.6GHz and four Cortex-A55 efficiency cores at 1.5GHz. The company says this CPU setup redefines smartwatch performance capabilities. This architecture brings a 3.4x boost in single-core performance and a 3.7x boost in multi-core performance over the previous generation.

In practical terms, apps will launch faster (up to 2.7x quicker), while switching between apps will also feel smoother. The Exynos W1000’s FOPLP (fan-out panel-level packaging) technology and other technological advancements, coupled with a 3nm process node, make it extremely compact and more power-efficient. This significantly improves the battery life as Samsung can utilize the extra space to equip the watch with a bigger battery.

Samsung Exynos W1000 official 1

The Exynos W100 also boasts a 2.5D always-on display (AOD) engine for a more refined AOD experience without taking a toll on the battery life. The Mali-G68 MP2 GOU seemingly carries over unchanged. It can handle qHD displays at up to 640 x 640 pixels or 960 x 540 pixels resolution. The chip supports 32GB of eMMC storage, LPDDR5 memory, and GPS, GLONASS, Beidou, and Galileo positioning systems. The integrated modem still lacks 5G support, though.

The Galaxy Watch 7 & Watch Ultra should debut this chip next week

Rumors have long said that Samsung’s first 3nm processor will debut with the Galaxy Watch 7 and Galaxy Watch Ultra. The new watches are set to go official at next week’s (July 10) Galaxy Unpacked event in Paris, France. Considering all the hardware upgrades on the Exynos W1000, the next generation of Samsung watches may bring a massive leap in power and performance. It won’t be long before we find out what the new chip is truly capable of.

Samsung Exynos W1000 official 3


[ad_2]
Source link

Juniper SRX Vulnerability Allows Attackers Trigger DoS Condition

andreasc
-
0
Juniper SRX Vulnerability Allows Attackers Trigger DoS Condition
[ad_1]

A vulnerability in Junos OS on SRX Series devices allows attackers to trigger a DoS attack by sending crafted valid traffic, which is caused by improper handling of exceptional conditions within the Packet Forwarding Engine (PFE) and leads to PFE crashes and restarts upon receiving the specific traffic. 

An attacker can exploit this by continuously sending the malicious traffic, causing a sustained DoS condition and potentially impacting network resource availability. 

An unauthenticated attacker on the network could use a vulnerability in Junos OS versions starting with 21.4R1 to affect SRX Series devices by causing a Denial-of-Service (DoS) condition. 

Severity Assessment (CVSS) Score

This vulnerability, which achieves a high severity rating according to both CVSS v3 (7.5) and v4 (8.7) scoring systems, allows an attacker to crash a critical process (PFE) by sending specific valid traffic to the device, which will lead to a service outage until the device is rebooted.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

A recently discovered vulnerability in Juniper’s Junos OS for SRX Series firewalls can cause a denial-of-service (DoS) condition, which exists in the Packet Forwarding Engine (PFE) and allows an unauthenticated attacker to crash the PFE through specifically crafted valid traffic. 

All Junos OS versions on SRX devices starting from 21.4R1 (including 21.4, 22.1, 22.2, 22.3, and 22.4) are susceptible if they haven’t been patched with the following updates: 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, or 22.3R3 (for 22.3).

While Juniper has not identified any active exploitation, applying the security patches is crucial to mitigating potential DoS attacks. 

Software releases 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, 22.3R3, 22.4R3, and 23.2R1, and all subsequent versions have been identified and resolved.

Be aware that versions 21.4R3-S7.9, 22.1R3-S5.3, and 22.2R3-S4.11 are updates of prior releases, so pay close attention to the complete version number, especially the last digits. 

The issue (1719594) identified on the Customer Support website cannot be evaluated by Juniper’s Security Incident Response Team (SIRT) because their policy excludes investigating releases that have surpassed either the End of Engineering (EOE) or the End of Life (EOL). 

The Security Incident Response Team (SIRT) inspects only software versions that are actively supported for security vulnerabilities. 

An issue was identified and documented on July 1st, 2024.

After investigation, it was determined that no temporary solutions or alternative methods (workarounds) are currently available to address this problem. This indicates that the issue is likely complex and may require a more permanent fix, such as a software patch or hardware update. 

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files


[ad_2]
Source link

Ulefone Note 18 Ultra benchmark test: Video

andreasc
-
0
Ulefone Note 18 Ultra benchmark test: Video
[ad_1]

The Ulefone Note 18 Ultra was announced as the first 5G smartphone in the company’s ‘Note’ lineup. That device was announced a while back and the Ulefone Note 18 Ultra benchmark/performance test video is now available.

The Ulefone Note 18 Ultra benchmark test is here… in a video format

This video was published on the company’s YouTube page, and it’s embedded below the article. It has a duration of about a minute and a half. In it, Ulefone visibly runs various benchmarks on the device, to show you the results.

You can easily check out the video below if you’d like to know more. Alternatively, we’ll talk a bit about the results now. First and foremost, do note that the Ulefone Note 18 Ultra comes with the MediaTek Dimensity 720 chip. That SoC has six cores.

The first test is the AnTuTu test. It tests CPU, GPU, MEM (memory and storage), and UX (user experience). The phone managed to get a total score of 379,587 points. The CPU score was 119,167 points, a GPU score was 68,940 points, a MEM score was 86,888 points, and a UX score was 104,592 points.

Geekbench 6 is one of the tests used by Ulefone

Geekbench 6, on the other hand, tests single-core and multi-core performance. The Note 18 Ultra scored 640 points in the single-core test. When it comes to a multi-core test, it managed to score 104,592 points.

3DMark Wild Life test measures the overall gaming performance of the phone. The Ulefone Note 18 Ultra scored 1,340 points in that test.

PCMark is next. PCMark Work 3.0 was used, and it measures the performance and battery life of the device by mimicking regular tasks. The phone scored 9,107 points in the PCMark Work 3.0 test.

And finally, AndroBench. This one is focused on the phone’s storage. The Ulefone Note 18 Ultra managed to reach 854,44MB/s read and 194.81MB/s sequential write speeds.

You can check out all of this below. Also, do note that Ulefone is currently running a Euro 2024 contest. You can learn more about it via one of the links below, and win the Ulefone Armor 25T Pro even.

Ulefone Note 18 Ultra (more info)

Ulefone’s Euro 2024 contest

Ulefone Armor 25T Pro (more info)


[ad_2]
Source link

US government revoked eight Huawei export licenses in 2024

andreasc
-
0
US government revoked eight Huawei export licenses in 2024
[ad_1]

In May, the US Department of Commerce said it had revoked “certain licenses” for exports to Huawei. It turns out the Joe Biden-led US government has canceled as many as eight licenses so far in 2024. This is the Biden administration’s latest effort to cripple the Chinese tech titan.

The US government revokes more licenses to contain Huawei’s growth

Huawei is fighting a battle like no other major tech company. The Chinese firm that once threatened to overthrow Samsung as the world’s largest smartphone company has been reduced to a shadow of itself by the US sanctions. This happened after the US government placed it on the Entity List in 2019. The Donald Trump administration labeled Huawei a national security threat over its potential ties with the Chinese government.

This effectively blocked the firm’s access to the latest smartphone technologies made or originated in the US. It couldn’t source advanced chips, Google services and apps, and other components and equipment to make powerful new 5G phones. The US government allowed some American companies to do business with Huawei by obtaining special licenses. However, those licenses still came with several restrictions.

The situation didn’t change when Joe Biden came into power in 2021. In the meantime, Huawei started building a domestic supply chain. Backed by the state fund and citizen’s sympathy, it is slowly rising from the ashes, at least in China. The special licenses enabled it to remain afloat in the industry during this difficult phase. The US government has realized this and has revoked some of those licenses to try and contain Huawei’s growth.

“We continuously assess how our controls can best protect our national security and foreign policy interests, taking into consideration a constantly changing threat environment and technological landscape. As part of this process, as we have done in the past, we sometimes revoke export licenses,” the Commerce Department said in May. A document seen by Reuters reveals the US government has revoked eight such licenses in 2024.

Qualcomm & Intel are among the affected companies

According to Reuters, the Commerce Department prepared this document in response to an inquiry by Republican Congressman Michael McCaul. The document doesn’t name the US companies whose licenses have been revoked. However, it was revealed in May that Qualcomm and Intel are among the affected companies. These chip firms are reportedly no longer doing any business with Huawei.

Licenses that are still valid include those for exports of “exercise equipment and office furniture and low-technology components for consumer mass-market items, such as touchpad and touchscreen sensors for tablets,” the new report states. Interestingly, the Commerce Department said it didn’t revoke these licenses because the said items are already “widely available in China from Chinese and foreign sources.”

The US government seems to be trying to block Huawei’s technological advancements in chipmaking. It recently launched powerful new phones with chips made by Chinese firm SMIC. This helped its smartphone sales grow 64% year on year in the first six weeks of 2024. It remains to be seen if the new moves derail the progress. Sooner or later, Huawei may eventually come out of the mess though.

[ad_2]
Source link

Affirm says Evolve Bank data breach also compromised some of its customers

andreasc
-
0
Affirm says Evolve Bank data breach also compromised some of its customers
[ad_1]

‘Buy now, pay later’ payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust.

In a form 8-K, submitted to the Securities and Exchange Commission (SEC), Affirm states:

“Because the Company [Affirm Holdings, Inc] shares the Personal Information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, the Company believes that the Personal Information of Affirm Card users was compromised as part of Evolve’s cybersecurity incident.”

According to Evolve, the attack started after “an employee inadvertently clicked on a malicious internet link.” Evolve refused to pay the ransom, and so the attackers leaked the data they downloaded.

Affirm isn’t the only fintech company affected by the Evolve breach. Business bank Mercury also notified customers that the data stolen from Evolve Bank & Trust included some account numbers, deposit balances, business owner names, and emails associated with Mercury and other fintech accounts.

“Affected Mercury customers have been notified of the breach and the preventative steps we are taking to keep customer funds secure.”

Money transfer service and payment platform builder Wise also published a statement on its website, informing customers it had shared full names, addresses, contact details, Social Security numbers, and other sensitive information with Evolve as part of a partnership between 2020 and 2023.

So, it’s entirely possible that other financials may come forward with similar notifications. Reportedly, Evolve has active partnerships with multiple fintech companies, including Shopify, Bilt, Plaid, and Stripe.

Keep your eyes and ears open and be wary of phishing attempts related to these breaches.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.


[ad_2]
Source link
1...606162...1,452Page 61 of 1,452