Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Microsoft 365: A guide to the updates

Computerworld.com [Hacking News] - 12 Listopad, 2024 - 17:30

Microsoft 365 (and Office 365) subscribers get more frequent software updates than those who have purchased Office without a subscription, which means subscribers have access to the latest features, security patches, and bug fixes. But it can be hard to keep track of the changes in each update and know when they’re available. We’re doing this for you, so you don’t have to.

Following are summaries of the updates to Microsoft 365/Office 365 for Windows over the past year, with the latest releases shown first. We’ll add info about new updates as they’re rolled out.

Note: This story covers updates released to the Current Channel for Microsoft 365/Office 365 subscriptions. If you’re a member of Microsoft’s Office Insider preview program or want to get a sneak peek at upcoming features, see the Microsoft 365 Insider blog.

Version 2410 (Build 18129.20158)

Release date: November 12, 2024

This build fixes a variety of bugs, including one in Word in which all characters didn’t appear correctly when creating an Outlook task from OneNote, and one in PowerPoint in which embedded BMP images in the PowerPoint slide were not opening.

This build also includes a variety of security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2410 (Build 18129.20158).

Version 2410 (Build 18129.20116)

Release date: October 28, 2024

This build enables filtering capabilities for the comment pane in Excel and fixes a variety of bugs, including one in Word in which the title bar no longer showed a “Saved” status for locally saved files, and one in PowerPoint in which a graphics-related issue caused the app to close unexpectedly at times.

Get more info about Version 2410 (Build 18129.20116).

Version 2409 (Build 18025.20160)

Release date: October 15, 2024

This build fixes a single bug in Word, in which emails with linked SVG content couldn’t be saved or sent.

Get more info about Version 2409 (Build 18025.20160).

Version 2409 (Build 18025.20140)

Release date: October 8, 2024

This build fixes a variety of bugs, including one in Word in which text wasn’t clearly visible in High Contrast Mode when using “Draft with Copilot” and referencing a meeting under “Reference your content.”

This build also includes multiple security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2409 (Build 18025.20140).

Version 2409 (Build 18025.20104)

Release date: September 25, 2024

This build fixes a single bug, in which when you saved a file in Word, the save status was missing from the Title bar.

Get more info about Version 2409 (Build 18025.20104).

Version 2409 (Build 18025.20096)

Release date: September 23, 2024

This build improves the user experience for selecting which users should have which permissions when a sensitivity label configured for user-defined permissions is applied to a file or when configuring standalone Information Rights Management through the Restrict Access feature. This change affects Excel, PowerPoint, and Word.

The build also fixes a variety of bugs, including one in Word in which Document Mode would switch from “editing” to “viewing” if user enabled “Track Changes” and set “For Everyone.”

Get more info about Version 2409 (Build 18025.20096).

Version 2408 (Build 17928.20156)

Release date: September 10, 2024

This update will remove Flip video support when the service goes offline on October 1, 2024. The build also includes a variety of security updates. Go here for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2408 (Build 17928.20156).

Version 2408 (Build 17928.20114)

Release date: August 26, 2024

This build allows you to disable connected experiences for privacy concerns without impacting data security policies, such as sensitivity labels. Services associated with Microsoft Purview (e.g., sensitivity labels and rights management) are no longer controlled by policy settings to manage privacy controls for Microsoft 365 Apps. Instead, these services will rely on their existing security admin controls in Purview portals.

The build also fixes a variety of bugs, including one in Outlook that caused default SMIME labels to fail to apply when a user replied to or forwarded an unlabeled message, and one for the entire suite in which people couldn’t install Microsoft 365 apps on an enrolled device.

Get more info about Version 2408 (Build 17928.20114).

Version 2407 (Build 17830.20166)

Release date: August 13, 2024

This build includes a variety of security updates for Excel, Outlook, PowerPoint, Project, Visio, and the entire Office suite. See Microsoft’s Release notes for Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2407 (Build 17830.20166).

Version 2407 (Build 17830.20138)

Release date: August 1, 2024

This build fixes a wide variety of bugs, including one in which coauthoring on text boxes in Excel sometimes gave unexpected results, another in PowerPoint in which line widths were not preserved when exporting arrow shapes to PDF, and another in Word in which revisions were sometimes skipped when reviewing using VBA.

Get more info about Version 2407 (Build 17830.20138).

Version 2406 (Build 17726.20160)

Release date: July 9, 2024

This build fixes several bugs, including one in Word and Excel in which characters don’t appear correctly in Text Box Gallery. It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2406 (Build 17726.20160).

Version 2406 (Build 17726.20126)

Release date: June 26, 2024

This build fixes a wide variety of bugs, including one in which Excel documents might be unexpectedly edited when a mandatory sensitivity label has not been applied, one that caused Outlook to exit unexpectedly shortly after launch for some users, and one in which pasting data from Word or Excel to an Outlook template as a link would cause an error message to appear.

Get more info about Version 2406 (Build 17726.20126).

Version 2405 (Build 17628.20164)

Release date: June 19, 2024

This build includes a variety of unspecified bug and performance fixes.

Get more info about Version 2405 (Build 17628.20164).

Version 2405 (Build 17628.20144)

Release date: June 11, 2024

This build fixes one bug, which prevented users from sending mail for a few hours after updating add-ins with on-send events. It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2405 (Build 17628.20144).

Version 2405 (Build 17628.20110)

Release date: May 30, 2024

This build fixes a wide variety of bugs, including one in Excel in which an embedded workbook in .xls format might not have closed properly, one that that caused Outlook to close when using Copilot Summarize, one in Word in which content controls may have been removed when coauthoring, and one for the entire Office suite in which the Organization Chart Add-In for Microsoft programs was not loading properly.

Get more info about Version 2405 (Build 17628.20110).

Version 2404 (Build 17531.20152)

Release date: May 14, 2024

This build fixes a number of bugs, including one in Word where content controls might be removed when coauthoring, and one that caused Sovereign users to be unable to create ToDo tasks from Outlook.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2404 (Build 17531.20152).

Version 2404 (Build 17531.20140)

Release date: May 7, 2024

This build fixes two bugs in Outlook, one in which it closed unexpectedly using the Scheduling Assistant when creating a new meeting or viewing an existing meeting, and another that caused add-in developers to hit timeouts when retrieving notifications from an Outlook client context.

Get more info about Version 2404 (Build 17531.20140) .

Version 2404 (Build 17531.20120)

Release date: April 29, 2024

This build reduces workbook size bloat from unnecessary cell formatting with a new “Check Performance” task pane. In addition, it fixes a wide variety of bugs, including one in Excel in which the default font could not be set; one in Outlook in which custom forms from MAPI form servers stopped responding; one in PowerPoint in which online videos did not play in some cases; one in which when opening certain Word documents would cause the error, “Word experienced an error trying to open the file”; and one in which the Office update installer appeared to be unresponsive.

Get more info about Version 2404 (Build 17531.20120) .

Version 2403 (Build 17425.20176)

Release date: April 9, 2024

This build fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2403 (Build 17425.20176).

Version 2402 (Build 17328.20184)

Release date: March 12, 2024

This build fixes three bugs: one in which Access closed unexpectedly, one in which Excel closed unexpectedly when opening files with pivot tables and table design in macro-enabled files, and one in which Word closed unexpectedly when the undo function was used.

This build also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2402 (Build 17328.20184).

Version 2402 (Build 17328.20162)

Release date: March 4, 2024

This build fixes several bugs, including one that crashed Outlook when a link was clicked on, and another for the entire Office suite in which opened Office apps didn’t automatically start when a laptop was reopened, and an error message appeared after manual relaunch.

Get more info about Version 2402 (Build 17328.20162).

Version 2402 (Build 17328.20142)

Release date: February 28, 2024

This build fixes a variety of bugs, including one that caused Outlook to exit unexpectedly when expanding a conversation in the search results from a search of “All Mailboxes,” and another in which users were not able to create a bullet list with hyphens in PowerPoint.

Get more info about Version 2402 (Build 17328.20142).

Version 2401 (Build 17231.20236)

Release date: February 13, 2024

This build fixes several bugs, including one in which macros were being corrupted when saving Excel files and another that affected the entire Office suite in which add-ins would not load after Click trust for content add-in was selected.

This build also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2401 (Build 17231.20236).

Version 2401 (Build 17231.20194)

Release date: February 1, 2024

This build fixes a single bug in which expanded groups in the message list collapsed when users changed which column they were arranged by.

Get more info about Version 2401 (Build 17231.20194).

Version 2401 (Build 17231.20182)

Release date: January 30, 2024

This build fixes a wide variety of bugs, including one in which Excel would stop responding when saving changes, one in PowerPoint in which Notes and Slide layout would open with incorrect proportions when a file was opened from a protected view, and one in Word in which comment cards appeared too wide and cut off text when changing or switching the screen in use.

Get more info about Version 2401 (Build 17231.20182).

Version 2312 (Build 17126.20132)

Release date: January 9, 2024

This build fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2312 (Build 17126.20132).

Version 2312 (Build 17126.20126)

Release date: January 4, 2023

This build introduces a new sensitivity toolbar in Word, Excel, and PowerPoint that helps users understand the security policies that apply to their documents. It’s available when users are creating copies of their documents in File / Save As. In addition, Office now had a new default theme, which Microsoft says is “more modern and accessible.”

It also fixes a wide variety of bugs, including one in Excel in which Custom Menu text was truncated when right-clicking in a cell, one in PowerPoint in which restoring a previous version of a presentation was not working as expected when using Version History, and one in Word in which the content control end tag was marked at the end of the document automatically if the document was edited in Word Online and then opened in Word desktop.

Get more info about  Version 2312 (Build 17126.20126).

Version 2311 (Build 17029.20108)

Release date: December 12, 2023

This build fixes one bug in Outlook, in which the message list was blank when switching between the “Focused” and “Other” views.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2311 (Build 17029.20108).

Version 2311 (Build 17029.20068)

Release date: November 29, 2023

This build automatically inserts image captioning for Excel’s images. When you insert an image into a spreadsheet, accessibility image captioning is automatically generated for you.

It also fixes a wide variety of bugs, including one in Excel in which list box controls would not respond to mouse clicks after scrolling using the mouse wheel, and one in Word in which the language of a presentation was not retained when saving or exporting the presentation to a PDF file.

Get more info about Version 2311 (Build 17029.20068).

Version 2310 (Build 16924.20150)

Release date: November 14, 2023

This build fixes several bugs, including one in which Outlook failed to comply with the default browser settings for some users, and another in which new lines were added to an Outlook signature when pressing Enter in the body of the email.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2310 (Build 16924.20150).

Version 2310 (Build 16924.20124)

Release date: Oct. 31, 2023

This build fixes a bug that caused Outlook to exit unexpectedly when clicking the More link in the Search results list.

Get more info about Version 2310 (Build 16924.20124).

Version 2310 (Build 16924.20106)

Release date: Oct. 25, 2023

In this build, the Teams Meeting App works in Outlook, too. With it, you’ll be able to configure a meeting app while scheduling an invite in Outlook. The meeting app will be ready to use when you chat or join the meeting on Teams.

A wide variety of bugs have also been fixed, including one in Excel where certain Pivot Tables would load slowly; one in which OneNote would close unexpectedly when rapidly navigating from one .PDF file to another .PDF file between different sections, or when performing an undo operation on a .PDF printout insertion; and one in the entire Office suite that caused unexpected black borders to appear around screen captures added with the Insert Screenshot functionality.

Get more info about Version 2310 (Build 16924.20106).

Version 2309 (Build 16827.20166)

Release date: October 10, 2023

This build fixes two bugs, one in which users were missing their Outlook add-ins, and another in Word in which subheading numbering with a custom Style would disappear if the file was saved and reopened. It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2309 (Build 16827.20166).

Version 2309 (Build 16827.20130)

Release date: September 28, 2023

This build introduces two new features, including the ability to disable specific types of automatic data conversions in Excel and support for the “Present in Teams” button to present local files in PowerPoint Live in Microsoft Teams.

Several bugs have also been fixed, including one in which the setting to control how Outlook opens previous items at start-up was missing from the Options window, and another in Word in which the Add-ins tab was not visible when using custom toolbar information.

Get more info about Version 2309 (Build 16827.20130).

Version 2308 (Build 16731.20234)

Release date: September 12, 2023

This build fixes several bugs, including one that caused Outlook to close unexpectedly when viewing an email, and another in PowerPoint in which the presenter view slide section zoomed in and out when zooming in the notes section.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2308 (Build 16731.20234).

Kategorie: Hacking & Security

Volt Typhoon rebuilds malware botnet following FBI disruption

Bleeping Computer - 12 Listopad, 2024 - 16:49
The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard. [...]
Kategorie: Hacking & Security

Box adds AI agent and no-code app builder tools

Computerworld.com [Hacking News] - 12 Listopad, 2024 - 15:49

Box is developing new AI and automation tools to help customers tap into unstructured data stored in its content management platform; Box AI Studio and Box Apps were both unveiled at the company’s Box Works event Tuesday. 

Box AI Studio lets customers build custom AI agents that workers can interact with via a natural language chatbot. Each agent can be prompted to respond in a particular way to specific groups of workers. There could be a legal contract review agent that knows all about a company’s contracting policies, for example, or a sales agent that staff can consult for advice. 

“You could be inside of your sales portal, trying to get sales advice for a deal you’re working on, and talk to the sales agent that’s using the information from within your sales portal,” said Box CEO and founder Aaron Levie.

The agents are built with a no-code interface, with customers able to select large language models (LLMs) from third-party providers such as Anthropic, Google, and Microsoft. 

“Then we’re going to obviously have to figure out how we get the agents to all interact with each other — that’s going be the next frontier of interoperability,” Levie said.

Generative AI (genAI) technologies such as Box AI Studio will “disrupt how organizations create, manage and leverage unstructured content and documents” said Holly Muscolino, group vice president for Workplace Solutions at IDC. While business adoption of genAI has been slow so far — due lack of clear ROI, trust around data access, and change management challenges when deploying tools to workers — there’s potential for “large improvements in productivity, customer and employee experience and other business metrics,” she said. 

Box is rolling out generative AI tools designed to help users build custom AI agents they can interact with via a chatbot.

Box

“We believe that they will eventually be table stakes and part of baseline solutions. Note that Box is not unique in rolling out these capabilities, but they are very good at marketing them,” Muscolino said. 

AI Studio is just the first step in Box’s vision for AI agents: Levie said the company is also working on “agentic workflows” that will let customers build AI assistants that can be set up to act autonomously on behalf of workers; these will arrive in the “medium term,” with no specific timeline set. 

“We anticipate that any knowledge worker within an enterprise will probably be interacting with dozens, if not hundreds, of agents to do their work,” said Levie. 

Not all those agents will be created within Box, he said, with all software vendors eventually creating their own agents. “You’ll have one agent help you with a contract process, another review information for some strategic decision, and another that gets your calendar organized,” he said. 

The other major feature addition unveiled Tuesday is Box Apps, a no-code app development framework that includes features such as a custom UI interface, metadata extraction, workflow automations, and content dashboards.

The idea is to automate common content-intensive businesses processes such as contract management and invoice processing. To run these processes, customers would typically have to either build an entire custom app on top of Box’s APIs, or use bespoke technology platforms, said Levie. This means customers must move data out of the Box platform, bypassing security controls in place. 

With Box Apps, these custom apps can be created directly within Box. “You can have a contract management system, you can have an invoice processing system, you can have a digital asset management system, and in a matter of hours, if not minutes, you can build that entire application and deploy it to people in your organization,” said Levie. 

“So, this is going to be a real kind of a breakthrough in delivering no-code applications for every business process in the enterprise.”

Box Apps is built on technology from business process app builder Crooze — one of two acquisitions Box made this year. Box also intends to release functionality based on another recent acquisition, Polish startup Alphamoon, next year, said Levie. 

“Both of those acquisitions added important capabilities to Box’s portfolio by providing data extraction and metadata management,” said Muscolino. 

Box AI Studio and Box Apps will be available in January in a new Enterprise Advanced payment plan that will also include premium features such as Box Archive for long-term content management, and Doc Gen, a custom document creation tool now in a beta preview. Enterprise Advanced will be the next tier up from the Enterprise Plus plan that arrived in 2021. 

Box said it would announce pricing for Enterprise Advanced closer to launch. 

Muscolino noted that pricing for genAI tools is “still all over the place.” While customers may be happy to pay additional fees for the latest AI-powered features, many of these will eventually … be an expected component of a content management system,” she said.

“Of course, prices won’t come down, but these features will not command a premium,” said Muscolino.

Kategorie: Hacking & Security

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

The Hacker News - 12 Listopad, 2024 - 15:01
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the
Kategorie: Hacking & Security

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

The Hacker News - 12 Listopad, 2024 - 15:01
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

The Hacker News - 12 Listopad, 2024 - 15:00
Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub
Kategorie: Hacking & Security

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

The Hacker News - 12 Listopad, 2024 - 15:00
Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

North Korean Hackers Target macOS Using Flutter-Embedded Malware

The Hacker News - 12 Listopad, 2024 - 14:00
Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built
Kategorie: Hacking & Security

North Korean hackers create Flutter apps to bypass macOS security

Bleeping Computer - 12 Listopad, 2024 - 14:00
North Korean threat actors target Apple macOS systems using trojanized Notepad apps and minesweeper games created with Flutter, which are signed and notarized by legitimate Apple developer IDs. [...]
Kategorie: Hacking & Security

North Korean Hackers Target macOS Using Flutter-Embedded Malware

The Hacker News - 12 Listopad, 2024 - 14:00
Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

5 Ways Behavioral Analytics is Revolutionizing Incident Response

The Hacker News - 12 Listopad, 2024 - 12:00
Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more
Kategorie: Hacking & Security

5 Ways Behavioral Analytics is Revolutionizing Incident Response

The Hacker News - 12 Listopad, 2024 - 12:00
Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Will the CHIPS Act survive a Trump presidency?

Computerworld.com [Hacking News] - 12 Listopad, 2024 - 12:00

President-elect Donald J. Trump has made no bones about it: legislation passed under the Biden Administration could be on the chopping block once he enters office on Jan. 20, including the bipartisan CHIPS and Science Act.

The CHIPS Act allocates billions of dollars in funding and tax incentives to semiconductor companies to help bring chip manufacturing back to the US.

On the Joe Rogan Experience podcast late last month, Trump said CHIPS Act is “so bad,” and said instead of helping fund new fabrication (fab) and R&D centers, the US should have put tariffs on overseas semiconductor makers. He compared the semiconductor industry to the auto industry as to how tariffs could work to bring back manufacturing.

Trump said, “paying a lot of money to have people build chips, that’s not the way. You tariff it so high that they will come and build their chip companies for nothing. We put up billions of dollars for rich companies to come in and borrow the money and build chip companies here, and they’re not going to give us the good companies anyway. Taiwan, they stole our chip business. They want us to protect [them]. They don’t give us any money to protect them.”

Trump was in all likelihood referring to Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest producer of computer chips. Computerworld reached out to Trump campaign officials after last week’s election, but did not receive a response.

TSMC is currently building two major semiconductor manufacturing facilities in Arizona — one a 5nm chip fab, the other a 3nm fab plant. The semiconductor designer and manufacturer is being promised $6.6 billion in CHIPS Act funding; in return, the company pledged to bring its most advanced 2nm process technology to US shores and added plans for a third fabrication plant to its Arizona site.

TSMC CEO CC Wei told investors last month he expects volume production of the company’s first Arizona fab to start in early 2025. “We are confident [it will] deliver the same level of manufacturing quality and reliability…as from our fabs in Taiwan,” Wei said. “Our second and third fabs will utilize more advanced technologies based on our customer’s needs. The second fab is scheduled to begin volume production in 2028 and our third fab will begin production by the end of the decade.”

An Intel manufacturing technician at Fab 11X in Rio Ranco, NM, inspects a semiconductor wafer.

Intel Corp.

Jack Gold, principal analyst with tech industry research firm J. Gold Associates, said Trump’s plan to enact tariffs on oversea chip makers is simply “wrong.”

“Tariffs are a penalty, while the CHIPS act is an incentive,” he said. “Incentives almost always work better than penalties. Also, you can put all the tariffs you want on chips, but it still takes three-to-four years to get a new fab up and running, and it’s extremely capital intensive.”

New semiconductor fabrication facilities cost from $20 billion to $40 billion, and many enterprises can’t afford that kind of investment without some form of subsidies or tax break, Gold said.

Additionally, every electronic device today has a chip in it, and so tariffs would likely increase the cost of products from cars and smartphones to toasters.

The CHIPS Act was passed overwhelmingly in 2022 by members of both houses of Congress to address computer chip supply chain shortages that surfaced during the COVID-19 pandemic. The legislation provided the US Department of Commerce (DoC) with $52.7 billion for a suite of programs under the CHIPS for America program to “revitalize” the US position in semiconductor research, development, and manufacturing.

“New fabs are a very high-risk venture, so with the CHIPS Act subsidies, the government is basically saying it will take on part of that risk,” Gold said.

To date, the DoC has allocated, but not dispensed, about $32 billion in funding among chipmakers, including IntelSamsungMicronTSMC, and Texas Instruments, all of whom have unveiled plans for a number of new US chip fabrication plants. In return, those chip designers and makers have pledged about $300 billion in current and future projects in the US, according to the White House.

With the CHIPS Act spurring them on, the likes of Qualcomm, in partnership with GlobalFoundries, also said it would invest $4.2 billion to double chip production in its Malta, NY facility.

In addition to Trump’s opposition, House Speaker Mike Johnson said recently that Republicans will likely repeal the CHIPS Act. Johnson, who voted against the act, later walked his comments back, saying he would like to “streamline” it, according to The Associated Press.

Rep. Brandon Williams (R-NY) said he spoke to Johnson after his remarks were published. “He apologized profusely, saying he misheard the question,” Williams said in a statement. “He clarified his comments on the spot and I trust local media to play his full comments on supporting repatriation of chips manufacturing to America.”

TSMC Arizona’s first fab will produce 5nm semiconductor process technology; it is scheduled to begin production in the first half of 2025. The second fab will utilize a 3nm process and a third plant is expected to use 2nm process technology. Those plants will be in operation beginning in 2028 and beyond.

Shutterstock/Wirestock Creators

“As I have further explained and clarified, I fully support Micron coming to Central NY, and the CHIPS Act is not on the agenda for repeal,” Johnson said in his own statement. “To the contrary, there could be legislation to further streamline and improve the primary purpose of the bill — to eliminate its costly regulations and Green New Deal requirements.”

New York State has become a major hub of semiconductor development. Micron plans to invest $100 billion to build a memory chip fabrication plant in the state that will be the size of 40 football fields and create about 50,000 jobs. It may spend up to an additional $100 billion over the next 20 years on the facility. In addition, the Biden Administration just announced plans to spend about $825 million to create a flagship national semiconductor R&D center in upstate New York, where the government-funded NanoTech Complex already exists.

Micron highlighted the bipartisan support for the CHIPS and Science Act, with a spokesperson saying it’s “a law that represents an important step toward solidifying American semiconductor and technology leadership for decades to come.”

Repealing the legislation, in any event, would take an act of Congress, and the CHIPS Act has strong bipartisan support among senior republicans, including Senate Minority Leader Mitch McConnell. McConnell argued that bolstering US semiconductor production was vital for both national security and economic competitiveness.

Sen. Todd Young (R-IN) was a key CHIPS Act supporter who emphasized the importance of semiconductor manufacturing for both economic growth and national defense and pushed for the bill’s provisions to help American businesses compete globally. Young echoed others in heralding its “broad bipartisan support, and the massive private investments spurred since then have made the legislation even more popular.

“If there are any regulations that can be streamlined to create even more jobs from our growing semiconductor industry in Indiana and across the country, count me in. But I’m confident the CHIPS Act is here to stay,” Young said in a response to Computerworld.

The CHIPS Act has spurred $450 billion in private investment across 28 states, creating 58,000 jobs, according to the Semiconductory Industry Association

Despite widespread bipartisan backing, some members of Congress expressed concerns about certain provisions, such as the level of government subsidies or the potential for the bill to benefit only a few large tech companies. Still, the majority of both Democrats and Republicans recognized the strategic importance of boosting semiconductor production on US soil.

A DoC spokesperson pointed to the “overwhelming bipartisan support” for the act’s more than $400 billion in total investments as well as projections it will create more than 125,000 jobs. “Our team continues to implement this bipartisan law in accordance with statute, including announcing more than $36 billion in proposed funding for manufacturing incentives and several key R&D components. We will have more announcements in the coming weeks,” the spokesman said.

TSMC declined comment on the act’s future. Intel, which completed building a new fab in New Mexico and is awaiting CHIPS Act funds for that, was promised a total of $8.5 billion to support investments for fabs, packaging facilities and R&D centers among four states, including Arizona, Oregon, and Ohio.

Ohio is receiving a significant portion of the funding for semiconductor manufacturing. In particular, Intel is investing $20 billion to build two new semiconductor fabrication plants in Licking County, Ohio. Vice President-elect J.D. Vance is currently a US senator in his home state of Ohio.

“I’m betting that lawmakers, and especially Republican lawmakers from certain states that will benefit from the chips act (like Ohio and Arizona, and now New York), will have a lot of push back on [Trump’s] idea,” Gold said.

An Intel spokesperson pointed out that the idea behind the measure began during the first Trump Administration and it continues to maintain strong bipartisan support.“Restoring America’s semiconductor manufacturing leadership is integral to the country’s economic competitiveness and national security,” the spokesperson said. “As the only American company that designs and manufactures leading-edge chips, Intel has a critically important role to play, and we look forward to working with the Trump Administration on this shared priority.”

Over the past 30 years, the US share of global semiconductor production has fallen from 37% to just 12%, according to White House figures. Meanwhile, China’s share of chip manufacturing has grown nearly 50% over the past two years and now comprises about 18% of the world’s supply. That decline in domestic chip production was exposed by a worldwide supply-chain crisis during the Covid-19 pandemic that led to calls for reshoring manufacturing to the US — and ultimately the CHIPS Act.

Over the next three to four years, as new fabrication, packaging and R&D centers are built on US soil, the cost of production of semiconductors is likely to rise by 10% to 20%, according to Gold.

Additionally, it will cost 10% to 20% more to build chips in the US than the Far East, so it will make more sense to focus on higher-end and not commodity chips for US production. Unless Trump’s idea for tariffs is to use the money to help fund new fabrication plants in the US, which is not what the President-elect stated, it would be doing the very thing the CHIPS Act is already accomplishing, Gold said.

Kategorie: Hacking & Security

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

The Hacker News - 12 Listopad, 2024 - 07:00
Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend
Kategorie: Hacking & Security

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

The Hacker News - 12 Listopad, 2024 - 07:00
Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

iPhones now auto-restart to block access to encrypted data after long idle times

Bleeping Computer - 12 Listopad, 2024 - 01:19
Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle periods to re-encrypt data and make it harder to extract. [...]
Kategorie: Hacking & Security

VMware makes Workstation and Fusion free for everyone

Bleeping Computer - 11 Listopad, 2024 - 23:59
​VMware has announced that its VMware Fusion and VMware Workstation desktop hypervisors are now free to everyone for commercial, educational, and personal use. [...]
Kategorie: Hacking & Security

New Ymir ransomware partners with RustyStealer in attacks

Bleeping Computer - 11 Listopad, 2024 - 23:46
A new ransomware family called 'Ymir' has been spotted in the wild, being introduced onto systems that were previously compromised by the RustyStealer info-stealer malware. [...]
Kategorie: Hacking & Security

HIBP notifies 57 million people of Hot Topic data breach

Bleeping Computer - 11 Listopad, 2024 - 22:23
Have I Been Pwned warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers. [...]
Kategorie: Hacking & Security

Amazon confirms employee data breach after vendor hack

Bleeping Computer - 11 Listopad, 2024 - 20:10
Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. [...]
Kategorie: Hacking & Security
Syndikovat obsah