Kategorie

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails," OpenJS Newsroomhttp://www.blogger.com/profile/[email protected]

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside Newsroomhttp://www.blogger.com/profile/[email protected]

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in Newsroomhttp://www.blogger.com/profile/[email protected]

AMD’s latest desktop and laptop processors put the company squarely in the emerging AI PC market with the integration of generative-AI (genAI) technology into some of its most popular chip lines.

The idea of an AI PC is relatively straightforward, with hardware makers like Intel, Nvidia and AMD building dedicated AI chips into processors for desktop and laptop use, delivering substantive improvements on AI-specific tasks such as text-to-image generation, content creation, and image and video processing.

The first new chips, AMD said in a briefing last week, are part of the popular Ryzen line of desktop processors, with updates in the Ryzen 7 PRO, 5 PRO and 3 PRO designs designated as the 8000 series. The larger 8-core Ryzen 7 PRO, as well as one variant of the Ryzen 5 PRO lines, will now feature dedicated neural processing units (NPUs).

Similar AI-focused upgrades are coming to AMD’s main laptop chipsets in the new 8040 series processors. Available in several configurations, with varying numbers of cores and clock speeds, all but the 8540U variant will get access to Ryzen AI.

AMD said the basic idea is to increase productivity by enabling AI to help in four key enterprise areas:

• Automation and efficiency, abstracting away repetitive tasks, summarizing information quickly and providing translation and transcription for video calling. 
• Optimization and predictive maintenance, with genAI tools being able to understand potential device failure and catching performance drop-offs early. 
• NPU integration to help content creators with common tasks and the localized ability to do faster video editing, optimization and “stable diffusion” text-to-image tasks. 
• And advantages in security, including automated threat detection and faster diagnosis and resolution of security issues.

AMD is not alone in moving to integrate NPUs, and their associated AI capabilities, into endpoint chipsets. Dell announced in February that it would partner with Intel to use the latter’s Core Ultra NPU-equipped chipsets, saying it hoped to bring energy efficiency to its desktops and laptops, as well as local AI performance improvements.

The hype around the AI PC movement is rising, but some experts say the reality of what customers can expect to see is limited by several factors. First, most popular genAI applications are likely to run almost exclusively in large public clouds for the foreseeable future. GenAI designed to run on a new generation of NPU-equipped endpoints is much more likely to be limited in scope, and feature more feature-light versions of popular tools. Another limiting factor is Microsoft, or more specifically, Windows. The company is more focused on providing its own AI features via the cloud, as mentioned, and hasn’t really outlined a cohesive vision for local AI.

Nevertheless, the AI PC concept clearly has believers, and it seems evident that there is a demand for the technology, according to TIRIAS Research principal analyst Jim McGregor. He sees several AI-based improvements coming to desktops and laptops.

“I think the best thing is going to be enhanced capabilities in the productivity apps, and I think we’re going to see digital systems,” he said. “I’d want it scanning my emails and being able to summarize them and tell you what’s important.”

The true holy grail of the technology, McGregor said, is in personalization — making AI use seamless and tailored to individual users, rather than a relatively anonymous interaction with a chatbot.

“The real pot of gold is the application that can really personalize it,” he said. “If AI knows the type of information that you track or the sources you trust, it’s going to be more intelligent around you.”

The new Ryzen chips will cost between $200 and $360 each, depending on their specific capabilities, and will be available via OEMs such as HP and Lenovo within the next couple of months, AMD said.

AMD, CPUs and Processors, Generative AI

Adobe will bring its Firefly generative AI (genAI) video model to its Premiere Pro video editing app later this year, and plans to provide access to third-party AI video creation tools such as OpenAI’s Sora, too. 

Adobe offered a glimpse of the Firefly video AI model in action on Monday, with new features planned for Premiere Pro. 

There’s “object addition and removal,” which lets users replace or remove items from a scene. Here, an AI “smart masking” tool lets users select objects that can then be modified — such as changing the color of an actor’s tie — or taken out of a shot altogether, such as removing a mic boom or a branded coffee mug in a medieval fantasy show.

A text-to-video tool enables the creation of new content in Premiere Pro, which can be useful for creating supplementary B-roll footage, said Adobe.

Finally, the generative extend feature will add new frames to a clip, allowing an editor to hold a shot longer. “You can use the extra media to fine tune your edits, hold for that extra beat, or cover a transition,” an Adobe spokesperson said during a briefing ahead of the announcement. 

The genAI features for Premiere Pro will be available in beta by the end of this year, when the Firefly AI video model launches, Adobe said.

“Generative AI models are increasingly becoming multi-modal — incorporating modalities such as images, speech and video — in both input and output,” said Arun Chandrasekaran, Gartner distinguished vice president analyst. Although existing text-to-video capabilities are “quite nascent today,” the potential is “immense.”

With other AI video creation models also drawing attention, most notably Sora, Adobe appears eager to build out its own capabilities. According to a recent Bloomberg report, Adobe is paying photographers and artists around $3 per minute of content for video content that can be used to train its AI models. 

While Adobe will face competition from the likes of OpenAI and others, it will also benefit from its status as incumbent in the market, said Forrester senior analyst Nikhil Lai. 

“I anticipate demand from editors to access Adobe’s AI features because many have indelible muscle memory for the look and feel of Adobe’s tools,” said Lai.

Adobe also unveiled plans to partner with other vendors, with plans to incorporate third-party models in Premiere Pro. This includes Sora, as well as models from Pika Labs and Runway. These are just the start, said Adobe’s spokesperson during the briefing call. 

“Customers told us that they want choice, and we see a future in which thousands of different customized models are going to emerge, each strong in their own niche,” he said.

Adobe said it will apply its existing “content credentials” feature to assets generated by third-party models. This provides information on how a video was modified using AI, and which models were used. 

The use of multiple third-party tools could increase the risk of generating assets trained on copyright material, however. To help Premiere Pro users avoid adding copyright-infringing content to videos, a green checkmark will be visible in a menu of available third-party modes to show those deemed commercially safe. But customers will still need to do their own due diligence when accessing AI models from other vendors, an Adobe spokesperson said. 

Work to integrate third-part tools is at this point “exploratory,” Adobe said, with no launch date yet set. 

Adobe Systems, Generative AI, Video Editors

The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus

The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and MarcusNewsroomhttp://www.blogger.com/profile/[email protected]

I don’t know whether to be amazed or horrified at how much out-of-date technology we’re still using. Maybe both. Both is good.

It’s been 10 years since Windows XP support expired. That’s a whole decade, people! But when I recently posted a meme “celebrating” the occasion, I started hearing from people who — God help them — are still using XP.

One person told me he believes XP still lives on at NASA’s Goddard Space Flight Center on old systems still running Windows XP Embedded (XPe). Why? Because their manufacturers wouldn’t (couldn’t?) update their systems. Of course, NASA could replace them… but at a six-figure price for new gear, no one has the budget to do it. 

I can believe that — I used to work at Goddard in the late 1980s, and one of my projects was running an online system to track the real-time status of NASA Space Shuttle communication links. Among the systems I ran herd on was a tertiary Shuttle data connection that was a 110-baud Telex line to Bermuda dating to the 1950s. It worked, but that’s all you could say about it.

Then, as now, we kept it going because NASA didn’t have the money to replace it. (NASA, by the way, has never had anything like the budget it needs since the 1960s and the Apollo moon landings.)

But I digress. 

NASA’s not the only one stuck with running XP. Several people told me their medical facilities are still running XPe systems, too. Yet another tells me his engineering lab is doing the same thing. The reason? Once more, it works and there’s no money to replace the equipment. 

But, you say, those are corner cases, oddball situations. No one is really running XP on a PC anymore are they? ARE THEY?

Yes, in fact, they are. 

According to StatCounter, as of March 2024, 0.39% of desktops are still running Windows XP. Let’s do a little math. Microsoft claims there are 1.4 billion Windows PCs in the world, so that means we still have not quite 5.5 million XP computers up and running dsomewhere. And since StatCounter gets its numbers from systems connected to the Internet, that means we have about 5.5 million compromised PCs around the globe.

Eek!

The classic justification is that, “It’s working just fine! Why should I spend any money on it!?” My 1991 Toyota MR-2 worked just fine for decades, too, but I still wouldn’t drive in a demolition derby without brakes or a seat belt.

It’s not just XP though. There’s a lot of archaic systems still out there in production. 

For example, if you think XP is way too old to run for work, consider the German railroad company that was recently looking for a Windows for Workgroups 3.11 administrator! It turns out this software runs the “driver’s cab display system on high-speed and regional trains [which] shows the driver the most important technical data in real-time.” 

I love trains, but I think I might avoid German ones.

There’s another ancient system still “driving” public transportation. In San Francisco, the San Francisco Municipal Transportation Agency (SFMTA), still uses 5.25-in. floppy disks to run the city’s Muni Metro light rail. Every morning, the system boots up three floppy disks to load the Automatic Train Control System (ATCS) software. ATCS enables the human train operators to supervise while the train drives itself.

This takes “If it ain’t broke, don’t fix it” to scary new levels.

At least San Francisco is upgrading its system — if officials can get the budget.  

Now, I use old technology all the time. Under my main work desk, I keep my 1982 vintage KayPro II computer. It still boots from its floppy drives. But I haven’t used it for work this century. I keep it purely out of nostalgia since it was my first PC.

But I’m sensible about it. I keep all the other computers at hand up to date with the latest patches and updates. You should, too. Doing otherwise is just asking for trouble.

But, before I leave you, color me curious. What’s the oldest system you’re still using for real work?

Microsoft, Windows, Windows PCs

In today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground

In today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground The Hacker Newshttp://www.blogger.com/profile/[email protected]

The U.S. Federal Trade Commission (FTC) has ordered mental telehealth company Cerebral from using or disclosing personal medical data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to third-parties for advertising purposes and failed to honor its easy cancellation policies. "Cerebral

The U.S. Federal Trade Commission (FTC) has ordered mental telehealth company Cerebral from using or disclosing personal medical data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to third-parties for advertising purposes and failed to honor its easy cancellation policies. "Cerebral Newsroomhttp://www.blogger.com/profile/[email protected]

The US has committed $6.4 billion in grants to help Samsung expand its semiconductor manufacturing facilities in Texas in a bid to strengthen America’s position in chip production.

The funding, under the CHIPS and Science Act, will construct a comprehensive semiconductor manufacturing ecosystem in Taylor and expand an existing facility in Austin, the Department of Commerce said in a statement.

Samsung is expected to invest more than $40 billion in the region in the coming years, which could create over 20,000 jobs.

“Because of investments like Samsung’s, the United States is projected to be on track to produce roughly 20 percent of the world’s leading-edge logic chips by 2030,” the statement said.

The announcement follows an $8.5 billion grant given to Intel and $6.6 billion to Taiwan’s TSMC earlier this year to boost local production. Adding Samsung to the cohort could help support the supply chains of local tech firms.

“Samsung’s expanded chip production in the US is set to bolster the supply chains of US tech firms, particularly in aerospace, defense, automotive, and other industries,” said Charlie Dai, VP and principal analyst at Forrester. “This move will enhance supply chain resilience against global disruptions, improve security through closer collaboration with defense contractors, and reduce costs and shipping times.”

Danish Faruqui, CEO of Fab Economics, pointed out that although the direct funding grant awarded to Samsung is lower than those awarded to Intel and TSMC, it is the largest relative to the size of the company’s promised investment. TSMC’s investment is expected to exceed $65 billion. Intel anticipates its investments will surpass $100 billion over the next five years.

Investing in two separate locations

The proposed investment to Samsung is planned for two separate locations in Central Texas.

In Taylor, the funds will help establish a comprehensive, advanced manufacturing ecosystem. This will include two advanced logic foundry fabs dedicated to the mass production of 4nm and 2nm process technologies, an R&D fab for the development of future technology generations, and an advanced packaging facility focused on 3D High Bandwidth Memory and 2.5D packaging, both critical for AI applications.

In Austin, the investment will expand existing facilities to enhance the production of fully depleted silicon-on-insulator (FD-SOI) process technologies. This expansion aims to support crucial US industries, including aerospace, defense, and automotive, by upgrading their technological capabilities and innovation potential.

Challenges to overcome

While analysts agree that this move could potentially stimulate the domestic tech industry, becoming a leader in chip manufacturing may not be easy for the US.

Faruqui said that a significant challenge is the non-competitive Fab/ATP site-level Total Cost of Ownership (TCO), which aggregates all Capex and Opex cost structures for each year of construction and high-volume operation.

This becomes a crucial point as US faces stiff competition from Asian countries who have, for long, held a monopoly in advanced chip manufacturing.

“Challenges may arise in competing with Asian manufacturers, who have established cost advantages and a mature ecosystem for semiconductor manufacturing,” Dai said. “The US will need to address these challenges by focusing on developing a skilled workforce and offering competitive incentives to ensure the sustainability and growth of its domestic tech sector.”

CPUs and Processors, Technology Industry

Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers and enabled them to access victims' private communications, their login credentials, and

Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers and enabled them to access victims' private communications, their login credentials, and Newsroomhttp://www.blogger.com/profile/[email protected]

Security is vital for your Linux web apps, but keeping up with the latest exploits and meeting compliance standards can quickly become overwhelming.

IDC’s latest preliminary data on the smartphone market suggests Apple’s traditionally weakest smartphone quarter might be a little weaker than usual this year as political tension gnaws away at the company.

If IDC is correct, this unravelling has lopped a few more hairs from Apple’s Big Tech scalp, with Q1 iPhone sales down as much as 9.6%. That means Samsung is once again the temporary King of the Hill, even as China’s Xiaomi also makes gains. Comparative market share only tells part of the story, of course: Apple still allegedly sold 50 million iPhones in the first quarter of 2024, according to IDC. 

Morgan Stanley has a more optimistic view. In a client note received by Computerworld, analyst Erik Woodring wrote: “Contrary to market expectations, our Greater China Tech Hardware colleagues just raised their June quarter iPhone builds.”

Specifically, Woodring tells us analysts bumped up their “iPhone build expectations by 5%, or 2 [million] units, to 39 [million] units (-5% Y/Y) citing checks with Hon Hai and reflecting strength of legacy iPhone models in emerging markets, and relative stability elsewhere.”

Apple’s weakest quarter is weak, says IDC

When it comes to the overall market, IDC has a slightly rosy outlook. “The smartphone market is emerging from the turbulence of the last two years both stronger and changed,” said Nabila Popal, research director with IDC’s Worldwide Tracker team. 

The big trend is that global political realignment is evidencing itself in a new wave of smartphone competitors. “There is a shift in power among the Top 5 companies, which will likely continue as market players adjust their strategies in a post-recovery world,” said Popal.

It is inevitable US business will be affected by international political polarization. Indeed, as things continue to unravel, it is tempting to believe the architects of division on all sides will not rest until ordinary humans are once again reduced to speaking to each other using tin cans and string.

Hopefully we can avoid that outcome.

What can Apple do?

It’s never good to see an almost 10% decline in sales of a company’s most important product, but there are other reasons for provide optimism. Not only is Apple now actively engaged in developing new business plans for a more regulated industry, it’s also practicing its next pivot to pirouette around the twin themes of AR and AI. 

Claims Apple AI will run directly on the device should translate into an accelerant for iPhone sales, particularly among privacy/security conscious consumers and enterprise professionals. But there are other people who will welcome incredibly productive smartphones capable of handling complex tasks.

The value of new markets

Accurate recognition of the true value of growing markets remains a challenge for analysts looking to enumerate potential sales data in terms of specific company achievements. There is a possibility that Apple’s continued moves to build bigger business in India and elsewhere might not yet have been accurately baked into expectations. 

However, even if the IDC data is accurate, it’s worth reflecting that Apple’s move to make iPhones in India has been met by strong gains in local share — and there may be longer legs to find. Apple’s anticipated plan for more powerful iPhones with on-device edge AI will appeal to customers in growing markets, some of whom may have almost entirely skipped personal ownership of computers. These smart devices might yet turn out to be all the computer an even greater number of consumers need. They should be capable of replacing PCs for even more tasks.

Bicycle or hype cycle?

Indeed, while there’s plenty of excitement around AI/Generative AI (genAI) across mature markets (evidenced if by nothing else by the vast number of “Get Rich Quick” scams festooned across Twitter/X), it’s plausible to think that the true liberation of human potential will come from the democratization of access to computing these things represent. This, of course, is central to Apple’s core DNA, which has always described computers as “bicycles of the mind.”

The company won’t be alone, of course. Every tech firm is running to climb aboard the AI hype machine, in part to build big market slices in advance of inevitable regulation. But for Apple, if you also factor in second user and refurbished devices and think about actual devices in use, that means hundreds of millions will gain access to these new tools in a few months for no extra cost.

In fact, as consumers choose to use their handsets longer, the only thing that really matters when it comes to smartphone sales this year is the extent to which Apple’s forthcoming AI iOS upgrade is backwards compatible. Because today’s happy customers will become repeat customers in tomorrow’s upgrade cycle. That’s how this river flows.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grilland Apple Discussions groups on MeWe.

Apple, Generative AI, iOS, iPhone, Smartphones, Vendors and Providers

A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been observed. The malware's multifunctional nature is a notable characteristic, striking a chord with Linux admins, infosec professionals, internet security enthusiasts, and sysadmins who are likely familiar with the potential threat of versatile malware.