Monday, December 26, 2022 // (IG): BB // THM:Windows RE // Coffee for Bob
3nm Chips From Apple Supplier TSMC to Enter Mass Production This Week
FROM THE MEDIA: Apple's main chip supplier TSMC will kick off mass production of 3nm chips this week, with Apple being the primary customer of the new process, which could first be used in upcoming M2 Pro chips expected to power updated MacBook Pro and Mac mini models. According to the new report by DigiTimes, TSMC will start mass production of its next-generation 3nm chip process on Thursday, December 29, in line with reports from earlier in the year that said 3nm mass production would begin later in 2022. From the report: “TSMC is scheduled to hold a ceremony at Fab 18 at the Southern Taiwan Science Park (STSP) on December 29 to mark the start of commercial production of chips using 3nm process technology. The pure-play foundry will also detail plans to expand 3nm chip production at the fab, according to sources at semiconductor equipment companies.”
READ THE STORY: MACRUMORS
Huawei patents EUV lithography tools used to make <10nm chips
FROM THE MEDIA: In context: Lithography machines are some of the most complex and expensive used in chip manufacturing. They generate steady beams of light in the ultraviolet spectrum and filter that light until it resembles the inverse of the floorplan of a microprocessor. They focus and point the light at a photosensitive wafer with a degree of precision in the tens of nanometers to carve out the floorplan. Huawei has patented one component used in EUV lithography systems that is required to make high-end processors on sub-10 nm nodes. It solves the problem of interference patterns created by the ultraviolet light that would otherwise make the wafer uneven. Huawei has solved an issue in the last step of chip manufacturing that's caused by the tiny wavelengths of extreme ultraviolet (EUV) light. Its patent describes an array of mirrors that split the beam of light into multiple sub-beams that collide with their own microscopic mirrors.
READ THE STORY: TECHSPOT
China Develops First Home-Grown DPU Chip
FROM THE MEDIA: A group of Chinese researchers in a Beinjing-based tech firm, YUSUR Technology Co. Ltd, has been said to have recorded a huge milestone in the domestic chip industry of China following its development of the country’s first Data Processing Unit (DPU) chip which has been described as an integral part of the homogeneous computing that will shape the future generation of intelligent computing. The DPU named “K2” was developed using a 28 nanometres process and has also been tagged the “third main chip” suggesting an incremental innovation on previous chips such as the Central Processing Unit (CPU) and the Graphics Processing Unit (GPU).
READ THE STORY: TEKEDIA
The Semiconductor Industry and its future
FROM THE MEDIA: Since the Covid19 outbreak and the onset of the Russia-Ukraine war, many industrialised and developing nations have understood the significance of supply chains and the risks they provide. This has been seen in the situations of numerous items, such as food and oil, whose supply was affected by the Russia-Ukraine war; it is now especially evident in the case of semiconductors. Every nation, whether developed or developing, requires semiconductors since they are utilised in every electronic device and in a range of areas, including medical, healthcare, defence, renewable energy initiatives, and a number of upcoming projects, such as quantum computing. The leaders in the semiconductors race on the worldwide market are the United States, whose 2020 market share was valued at over $200 billion.
READ THE STORY: Modern Diplomacy
Don’t let Grinch bots put coal in your stocking
FROM THE MEDIA: From a cybersecurity perspective, the end of 2021 had two newsworthy events: The Log4j zero-day exploit and widespread use of Grinch bots. While the former has hopefully been resolved, even if it is still being felt by security teams, the latter doesn’t have an easy solution. To make matters more difficult, we expect to see an increase in bots impacting both the online shopping experience and retail organizations as we enter 2023. Ultimately, it will take an industry-wide effort to combat these bots and bring the joy back to virtual shopping. Just like its namesake, a Grinch bot actively works to steal gifts from under the noses of holiday shoppers. Grinch bots are designed to quickly buy products online as they become available. These bots are often created to purchase a product that’s on sale, then sell it for a profit.
READ THE STORY: VB
Israel, spyware that modifies surveillance camera images has been sold to Western governments
FROM THE MEDIA: After, after Pegasus caseHe. She Spying programs that evencell phone activity from the French president Emmanuel Macron there is a new one startup companies – always made in Tel Aviv – which raises questions about the use of Israeli technology. About pious, a company with software capable of accessing all video surveillance cameras, modifying captured images in real time and even modifying previous recordings by pulling them from the archives. It is a tool that leaves no trace, according to the newspaper’s investigation Haaretz – I live in Italy from courier – It will be able to overcome any obstacle: perhaps the first program of its kind in the world. Toka, the owner company, was founded by the former Israeli Prime Minister Ehud Barak Former Head of the Information Technology Division of the Israeli Army, Yaron Rosen.
READ THE STORY: HP
Defrost Finance Hacked in Attack Some Say May Have Been a Rug Pull
FROM THE MEDIA: Decentralized finance protocol Defrost Finance said it was hacked Dec. 23, though blockchain security firm Peckshield, citing “community intel,” said the exploit may have been a rug pull that made off with $12 million. In a tweet thread posted Dec. 25, the Defrost team said a first attack used a flash loan to drain funds out of its V2 product. A second larger attack used the owner key to exploit V1. The protocol, which offers leveraged trading on the Avalanche blockchain, didn’t say how much had been taken. A rug pull can occur when developers create and establish a liquidity pool and then remove the funds after investors have bought the related token. The total value of funds locked on Defrost Finance, which peaked at $95 million in February, was about $13 million in recent weeks, Defi Llama data show. That dropped to less than $93,000 on Dec. 25.
READ THE STORY: CoinDesk
Musk's SpaceX wants to increase Hubble telescope's life. They are readying a plan
FROM THE MEDIA: Nearly three decades and several maintenance later, the Hubble space telescope continues to unravel the mysteries of the universe. The spacecraft has been operating in an orbit around Earth, since the 1990s and has not only helped humans look beyond the Solar System, but also find exoplanets, nebulas, and other cosmic phenomena. Elon Musk-led SpaceX is now conducting a non-exclusive study to see if it is possible to re-boost the flying observatory and give it new life. The American space agency, Nasa, has asked for additional information about commercial capabilities available to re-boost a satellite in orbit. However, Nasa has cleared, "There are no plans at this time for Nasa to conduct or fund a dedicated Hubble servicing mission."
READ THE STORY: India Today
Experts warn of attacks exploiting WordPress gift card plugin
FROM THE MEDIA: Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. The YITH WooCommerce Gift Cards Premium plugin allows websites of online stores to sell gift cards, a WordPress plugin used on over 50,000 websites. The CVE-2022-45359 flaw is an Arbitrary File Upload issue that can allow an unauthenticated attacker to upload files to vulnerable sites, including web shells that provide full access to the site. The issue was discovered on November 22, 2022, and was addressed with the release of version 3.20.0. Due to the presence of a lot of websites that are still using vulnerable versions of the plugin, threat actors are exploring the flaw in attacks in the wild to upload backdoors on the e-stores.
READ THE STORY: Security Affairs
Critical Linux Kernel flaw affects SMB servers with ksmbd enabled
FROM THE MEDIA: A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network. An unauthenticated, remote attacker can execute arbitrary code on vulnerable installations of the Linux Kernel. The flaw resides in the processing of SMB2_TREE_DISCONNECT commands. “This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.” reads the advisory published by ZDI. “The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the kernel.”
READ THE STORY: Security Affairs
Free REVIL ransomware master decrypter released
FROM THE MEDIA: Hundreds of victims—and counting—have successfully been able to decrypt their data, which is good news. We also wanted to let you know that we fixed a problem that might have affected a limited number of victims who were using the decryptor in a specific situation. We promptly changed the decryptor’s configuration, and within hours we sent out an update. All encryption modes can be safely decrypted by victims. For REvil/Sodinokibi, Bitdefender announced the release of a global decryptor. This solution, developed in partnership with a dependable law enforcement partner, assists those whose files have been encrypted by the REvil ransomware in recovering from attacks that occurred before July 13, 2021. Parts of Ravil’s infrastructure fell unavailable on July 13 of this year, making it impossible for infected people who hadn’t paid the ransom to decrypt their data. These victims will now have the option to regain control of their data and assets thanks to this decryption tool.
READ THE STORY: Technology Malt
A threat actor is claiming they have obtained data of 400,000,000 Twitter users and is offering it for sale
FROM THE MEDIA: A threat actor claims they have obtained data of 400,000,000 Twitter users and is attempting to sell it. The seller claims the database is private, he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more. The seller, a member of data breach forums named Ryushi, claims the data was scraped via a vulnerability, it includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of OG and special usernames. The seller is also inviting Twitter and Elon Musk to buy the data to avoid GDPR lawsuits. “Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data exclusively.” reads the advertising.
READ THE STORY: Security Affairs
North Korean hackers stealing NFTs using nearly 500 phishing domains
FROM THE MEDIA: Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims. Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects. Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, X2Y2 and Rarible.
READ THE STORY: CoinTelegraph
Pop-ups From Google are Now Blocked by DuckDuckGo
FROM THE MEDIA: DuckDuckGo, a search engine, and browser that has been synonymous with privacy and data protection for years, launched a new feature that captures one of the most common pop-up advertisements on the web, Sign in with Google. Some sites produce this Google pop-up, such as Reddit (opens in new tab), Zillow (opens in new tab), and Booking.com (opens in new tab), that are frequently led to this Google pop-up when they load a website for the first time. There is a new feature that captures one of the most common pop-up advertisements on the web, Sign in with Google by DuckDuckGo, a search engine, and browser that has been synonymous with privacy and data protection for years. Aside from providing a privacy-focused search engine, DuckDuckGo also offers email services, mobile apps, and extensions designed to protect data in the browser. There is also an attempt to produce a standalone web browser, which is currently in beta and is only available for Mac computers.
READ THE STORY: CYSEC
W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
FROM THE MEDIA: Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, cybersecurity company Phylum found them all to be copies of W4SP Stealer. W4SP Stealer primarily functions to siphon user data, including credentials, cryptocurrency wallets, Discord tokens, and other files of interest. It's created and published by an actor who goes by the aliases BillyV3, BillyTheGoat, and billythegoat356. "For some reason, each deployment appears to have simply tried to do a find/replace of the W4SP references in exchange for some other seemingly arbitrary name," the researchers said in a report published earlier this week.
READ THE STORY: THN
Hacker wants Elon Musk or Twitter to buy back stolen data
FROM THE MEDIA: A hacker who is super-active on the hacking forum Ryushi is urging interested prospects to buy sensitive details that were stolen from over 400 million Twitter account users. The hacker claims to have obtained access to the data through a vulnerability on the database and is ready to sell it for a hefty price of $400,000,000. What appears strange in the incident is the hacker is also inviting Elon Musk or any of the Twitter staff to buy back the data to avoid penalties imposed by GDPR lawsuits ranging from 5.4m to 8.7m. The selling criminal also attested that Escrow payments will cover the sale in control of the forum admin…. that’s strange, isn’t it? Ireland’s Data Protection Commissioner has opened up an investigation into the probe and linked the current data possession claim related to a massive data breach that took place last month.
READ THE STORY: Cyber Security Insiders
5G New Radio: Updated Multi-Band Receiver Unveiled
FROM THE MEDIA: An ultra-wide-band receiver based on a harmonic selection technique to improve the operational bandwidth of 5G networks has been developed by Tokyo Tech researchers in a new study. Fifth generation (5G) mobile networks are now being used worldwide with frequencies of over 100 Hz. To keep up with the data traffic in these networks, appropriate receivers are necessary. In this regard, the proposed technology could revolutionize the world of next-generation communications. As next-generation communication networks are being developed, the technology used to deploy them must also evolve alongside. Fifth generation mobile network New Radio (5G NR) bands are continuously expanding to improve the channel capacity and data rate. To realize cross-standard communication and worldwide application using 5G NR, multi-band compatibility is, therefore, essential.
READ THE STORY: Mirage News
Hacker Drains $8M from User Accounts on DeFi Wallet BitKeep
FROM THE MEDIA: Users of Singapore-based multi-chain decentralized cryptocurrency wallet BitKeep have suffered an exploit leading to the theft of about $8 million in customer funds. According to BitKeep official, the exploit involved a hacked APK version of the BitKeep wallet, which some users downloaded. The incident is the latest in a line of hacks the cryptocurrency scene has suffered of late, including the recent Ankr Protocol hack and the FTX exploit, which occurred after the exchange suffered a shock implosion last month. Blockchain security platform Peck Shield first highlighted the development in a recent tweet.
READ THE STORY: The Crypto Basic
Chip startup JMEM TEK safeguards data security with hardware-software solution
FROM THE MEDIA: On the day of Nancy Pelosi's visit to Taiwan, people were shocked to see large public displays on building facades showing hostile contents planted by hackers warning of the consequences of the US House speaker's support for the island. The general public is seldom aware that IoT devices like public displays are potentially at risk of hacking. Information security has become ever more important in the era of the Internet of Things (IoT). JMEM Technology (JMEM TEK), a semiconductor information security startup founded three years ago by alumni of Taiwan's National Chiao-Tung University (NCTU), is unique in its approach to preventing hackers and protecting customers' IC intellectual properties.
READ THE STORY: DigiTimes Asia
Items of interest
Explained | What are ‘dark patterns’ in the Internet
FROM THE MEDIA: Some Internet-based firms have been tricking users into agreeing to certain conditions or clicking a few links. The unsuspecting users would not have accepted such terms or clicked URLs (uniform resource locator), but for the deceptive tactics deployed by tech firms. Such acceptances and clicks are flooding inboxes of the users with promotional emails they never wanted, making it hard to unsubscribe or request deletion. These are examples of “dark patterns,” also known as “deceptive patterns.” Such patterns are unethical user interface designs that deliberately make your Internet experience harder or even exploit you. In turn, they benefit the company or platform employing the designs. By using dark patterns, digital platforms take away a user’s right to full information about the services they are using, and reduce their control over their browsing experience.
READ THE STORY: The Hindu
Extracting Firmware from Embedded Devices (SPI NOR Flash) (Video)
FROM THE MEDIA: One of the first things you have to do when hacking and breaking embedded device security is to obtain the firmware. If you're lucky, you can download it from the manufacturer's website or, if you have a shell, you can just copy it over to your computer.
Rooting an Arlo Q Plus Camera (Video)
FROM THE MEDIA: In this short video we show you how we discovered and used a backdoor in Arlo Q Plus to gain a root access to a device.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com