Connect with us

Technology

SolarWinds backdoor gang pwned Microsoft support agent to turn sights on customers • The Register

Voice Of EU

Published

on

In Brief The spies who backdoored SolarWinds’ Orion software infiltrated Microsoft’s support desk systems last month and obtained information to use in cyber-attacks on some of the Windows giant’s customers, it was reported.

Redmond said it traced this latest intrusion to a member of a team it calls Nobelium, the suspected Kremlin-run crew that used tainted Orion updates to snoop on organizations around the world. Russia insists it had nothing to do with the supply-chain attack on SolarWinds.

Microsoft customers targeted by the support desk intruder have been alerted. The caper was detected during what sounds like an investigation into a wider phishing campaign that, as it turned out, hooked a Microsoft support agent, who had access to customers’ contact information, lists of their cloud subscriptions, and other records.

“A sophisticated nation-state associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,” the IT giant told those clients, Reuters reported first on Friday.

“The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.”

Mercedes-Benz USA this week said 1,000 or so customers’ sensitive personal information – such as credit card, driving license, and social security numbers, and dates of birth – were accidentally left out in the open on an insecure cloud storage system that has since been fixed. The data was collected from its website between January 2014 and June 2017.

It seems the exposed database had as many as 1.6 million unique records in it, and the majority of those were slightly less sensitive: names, home and email addresses, phone numbers, and some purchased vehicle info.

Earlier this month, Volkswagen and its subsidiary Audi told 3.3m people their personal info had been obtained by miscreants after a third-party supplier left the data facing the public internet. Again, most of the records were contact information and details of purchased vehicles, and for 90,000 folks, more sensitive info.

AWS buys Wickr

Amazon Web Services announced on Friday it has bought Wickr, the popular encrypted messaging system, for an undisclosed sum.

Wickr started out as a secure smartphone chat app for NGOs, with end-to-end encrypted messages that could be auto-deleted. Then it branched out to the desktop, and enterprise versions appeared for on-prem and cloud servers. It’s also used by the US military and law enforcement, not to mention an Australian Prime Minister.

“The need for this type of secure communications is accelerating,” said AWS chief information security officer Stephen Schmidt. “With the move to hybrid work environments, due in part to the COVID-19 pandemic, enterprises and government agencies have a growing desire to protect their communications across many remote locations.

“Wickr’s secure communications solutions help enterprises and government organizations adapt to this change in their workforces and is a welcome addition to the growing set of collaboration and productivity services that AWS offers customers and partners.”

Wickr is also popular with some journalists, though one wonders if they’ll keep using the software seeing as it’s now owned by a corporation that seems to relish badgering and nitpicking reporters and editors. The accountants at Juniper Networks may be happy: the Silicon Valley biz was a seed funder for Wickr, and one assumes it got a good return on its investment from this acquisition.

Mozilla starts Rally for privacy

In a somewhat quixotic move, Mozilla is asking its users to send their data to third parties in the hope that it’ll one day be better protected.

The scheme, dubbed Rally, will let Firefox users install a plugin that lets them share some of their user data and personal information with academics researching how people use the internet and what data they are actually having to share to do so. Users choose how much info they send and to which project, with teams at Princeton and Stanford are already signed up to participate.

“Quantitative research is essential for understanding tech policy problems and for holding platforms accountable. Here’s the problem: methods and data often aren’t adequate,” said Jonathan Mayer, a professor of computer science at Princeton.

“Platforms could help with these research barriers. But platforms, unsurprisingly, haven’t been very interested in enabling research that examines their own problems and misconduct. Rally doesn’t depend on platform gatekeepers — it’s entirely independent, powered by users.”

Moz also released a tool called WebScience for other academics that want to get involved. Now we may actually get some realistic data, if enough people take part.

Cryptomining malware Crackonosh targets gamers

The perils of piracy were highlighted yet again this week, this time in a report on Crackonosh, a malware outbreak among gamers that netted millions in Monero.

The Windows software nasty, Avast said, was hidden in cracked versions of popular games like Far Cry 5, NBA 2K19 and, somewhat ironically, Grand Theft Auto V. Once installed, the code shut down any security software it could find, and installed a Monero miner called XMRig, which takes advantage of gamers’ rigs.

“Crackonosh has been circulating since at least June 2018 and has yielded over $2,000,000 USD for its authors in Monero from over 222,000 infected systems worldwide,” Avast claimed.

“As long as people continue to download cracked software, attacks like these will continue to be profitable for attackers. The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.”

Oklahoma! where the data goes blowing on the web

The City of Tulsa, Oklahoma, has admitted that files snatched from its police department computers have been released onto the web by extortionists.

Over 18,000 police citations and internal department files were leaked, it said, and “out of an abundance of caution, anyone who has filed a police report, received a police citation, made a payment with the City, or interacted with the City in any way where PII was shared,” should check their bank accounts.

Tulsa got hit by a major ransomware infection on May 6. Mayor G.T. Bynum refused to pay up, saying: “Know that your tax dollars are not going to go into the hands of criminals,” and vowed the city wouldn’t pay “a nickel.”

Canadian Navy bests the rest in military cyber contest

US Cyber Command’s annual war games were held this week and, despite America fielding the majority of the players, it was its upstairs neighbor who scooped the top prize.

This year’s Cyber Flag 21-2, or “Big Flag,” contest saw a simulated computer attack on a major logistics facility (sound familiar?) by two adversaries. The 430 military and civilian keyboard warriors from the US, Canada, and UK scored points for thwarting these infections, defending against threats, and shoring up unsafe systems.

“Cyber Flag 21-2 tested the best and brightest cyber protection teams. This exercise assessed their tactical cyber skills while collectively improving our cyber resiliency. I’d also like to congratulate the Royal Canadian Navy’s Cyber Protection Team, the winner of this year’s event,” said General Paul Nakasone, US Cyber Command commander, presumably through slightly gritted teeth. ®



Source link

Technology

Elon Musk’s Twitter lawsuit: what you need to know | Elon Musk

Voice Of EU

Published

on

Elon Musk did not become the world’s wealthiest person through a lack of confidence.

But the Tesla CEO revealed on Tuesday that he had sold $6.9bn (£5.7bn) worth of shares in the carmaker, in case he loses his attempt to walk away from a $44bn takeover of Twitter.

Twitter is suing Musk in Delaware over his abandonment of the deal and wants to make him buy the company.

In a countersuit released last week, Musk put his side of the argument. According to him: Twitter misled investors; it breached the agreement by failing to provide enough information on spam accounts; another breach occurred when Twitter failed to consult with him on business moves such as firing senior employees; and its misstatement of user numbers constitutes a material adverse effect, which substantially alters Twitter’s value and therefore invalidates the deal agreement.

Here is a breakdown of Musk’s suit.

The relationship between both sides remains poor

There is $44bn at stake and the language in Musk’s countersuit is just as punchy as Twitter’s in the original lawsuit, when the company described his behaviour as “a model of bad faith”. In the preliminary statement Twitter is accused of making financial disclosures to the US financial watchdog that were “far from true”.

“Instead, they contain numerous, material misrepresentations or omissions that distort Twitter’s value and caused the Musk parties to agree to acquire the company at an inflated price. Twitter’s complaint, filled with personal attacks against Musk and gaudy rhetoric more directed at a media audience than this court, is nothing more than an attempt to distract from these misrepresentations,” said the lawsuit.

Strong words, but Musk will need strong evidence as well to convince the judge.

Musk’s core argument is about user numbers

From the moment the deal started to go sour, the focus was on the veracity of Twitter’s numbers. It is at the centre of Musk’s countersuit as well. He argues that the number of monetisable daily average users (mDAUs) – authentic, active accounts that can see adverts (hence monetisable) – is falsely inflated by Twitter miscounting the number of false and spam accounts on the platform. As well as being a threat to the ad income on which Twitter depends, Musk said his plan to introduce a subscription service for Twitter would be affected because there would be fewer customers to target than first thought.

Twitter has consistently stated that it estimates the number of false or spam accounts on the platform to be less than 5% of its mDAUs base, which stands at just under 238 million currently.

The suit says that Musk became alarmed about how Twitter accounts for its mDAUs when, three days after signing the deal agreement, it admitted it had overstated its mDAU total for three years, by between 1.4 million and 1.9 million users per quarter. Twitter denies that the user change was a “restatement” (it describes the alteration as “updated values”) but admits it did not give the information to Musk prior to the deal being signed on 25 April.

Musk is not happy with Twitter’s verification processes

After agreeing to buy the business with minimal due diligence, the suit says Musk was “astonished” to learn about how “meagre” Twitter’s processes for identifying spam accounts were. It said 100 accounts a day were sampled by human reviewers in order to come up with the less-than-5% figure. Twitter’s CEO and chief financial officer were unable to explain how these accounts were selected to be a representative sample.

“Musk realised that, at best, Twitter’s reliance on and touting of its process was reckless; at worst, it was intentionally misleading,” says the suit.

Twitter argues that it uses a much more layered process for weeding out dodgy accounts, including using automated systems. It also pointed to the detailed explanations of how it polices spam accounts, which had been given to Musk, the press, the Securities and Exchange Commission and the public via a Twitter thread by CEO Parag Agrawal. In the most notorious episode of this takeover saga, Musk replied to the latter with a poo emoji.

But according to the countersuit at least Agrawal and Musk agreed on one thing. The document states that on 8 April Musk sent the CEO an example of a spam tweet saying: “I am so sick of stuff like this.” Agrawal replied, acknowledging “[w]e should be catching this.”

Musk’s counter-estimates

Citing “preliminary expert estimates”, the countersuit claims that in early July one-third of visible accounts may have been false or spam. This means that the true proportion of spam accounts among Twitter’s user base is at least 10%.

It says users that see zero or almost no ads account for almost all the growth in monetisable daily users. The majority of ads are served to less than 16 million users, the suit claims.

Twitter says that although not every user sees ads on a given day, in the first quarter “significantly more than” 229 million accounts contributed to Twitter’s average quarterly user number.

Regarding the 10% number, Twitter says it was based on a publicly available web tool, botometer, that has designated Musk’s own account as a likely bot.

Twitter made decisions without consulting Musk

One of the clauses in the merger agreement states Musk must be told when Twitter is deviating from its obligation to conduct its business in the “ordinary course”. In the countersuit, Musk claims that Twitter has made several “significant” changes – including firing two executives, starting a hiring freeze and initiating a legal clash with the Indian government – that occurred without his consent.

Twitter’s response is that axing employees or acting to protect users’ rights in foreign jurisdictions are part of the day-to-day business of running a company.

Information was not forthcoming

Musk is also claiming that Twitter failed to provide him with all the data and information that he requested “for any reasonable business purpose related to the consummation of the transaction”. The suit says Musk was sent reams of “stale data” that didn’t answer his questions.

It says, pointedly, that Twitter was happy to send data such as “a copy of its agreement with the Golden State Warriors for courtside basketball tickets and VIP parking”.

After more back-and-forth arguments over increasingly detailed information requests, the suit claims “the only conclusion the Musk parties could draw from Twitter’s obfuscation and delay was that Twitter knew that it had something to hide”.



Source link

Continue Reading

Technology

Economic uncertainty can’t stop cloud growth • The Register

Voice Of EU

Published

on

The hyperscalers and public cloud providers are barreling ahead, unfazed by a rapidly deteriorating economic outlook, according to a recent Dell’Oro Group report.

In fact, these internet behemoths stand to benefit from the current market conditions in more ways than one, analyst Baron Fung told The Register.

As chipmakers like Intel, Nvidia, Micron, and others face increased pricing pressure across their lineups due to declining demand, hyperscalers are well-positioned to take advantage of this and add more capacity on the cheap, he explained.

“Looking at the recent Q2 earnings, it was really pretty impressive from a growth standpoint,” Fung said of the cloud providers.

Amazon and Azure in particular saw robust revenue gains in their most recent quarters. AWS saw revenues climb 36 percent from the prior year, while Microsoft reported its cloud biz saw year-over-year growth of 40 percent. However, things weren’t as peachy for Google, which saw a otherwise strong quarter for cloud revenue tempered by a $858 million loss in income.

Worsening macroeconomic factors may end up helping cloud providers as enterprises look for alternatives to capex-heavy server refreshes. We saw this phenomenon once before – in the early days of the pandemic.

These factors, combined with a wave of enabling technology – next-generation CPUs, GPUs, smartNICs, and CXL-enabled components to name a handful – will further accelerate hyperscaler spending, which is expected to grow 13 percent over the next five years, Fung said.

So it’s no surprise many chipmakers are optimistic about their cloud and datacenter-related revenues over the next few quarters, despite a slump in PC and gaming demand.

The analyst firm expects next-generation CPU platforms from the likes of Intel, AMD, and Ampere will be among the strongest drivers of hyperscale spending in the near term.

Intel and AMD are expected to launch their next-generation server processors later this year. Both of these chips pack a bevy of new features, including DDR5, and PCIe 5.0, in addition to having substantially higher core counts compared to the previous generation.

These chips are also among the first to support the CXL interconnect standard, “which will enable a new kind of paradigm in the datacenter,” according to Fung.

In its first iteration, the technology will allow systems builders to pack larger quantities of memory into servers than there are DIMM slots, using CXL memory-expansion modules. And in the years to come, the technology has provisions for tiered memory, memory pooling, and disaggregated compute architectures.

The operational and resource efficiencies enabled by the tech may eventually trickle down to customers in the form of lower prices, Fung added.

But it won’t just be the x86 stalwarts leading the charge in the datacenter. Fung also expects Arm chipmakers, like Ampere, to continue gaining traction in the hyperscale arena. Here, the chipmaker’s Altra and Altra Max processors have already attracted several high-profile customers including Microsoft Azure, Google, Cloudflare, and Oracle – to name just a few.

Finally, Dell’Oro predicts hyperscalers will drive edge infrastructure deployments – a market that Intel currently dominates – to 8 percent of the total datacenter infrastructure market by 2026. ®

Source link

Continue Reading

Technology

Limerick researchers’ findings show potential of food to treat heart disease

Voice Of EU

Published

on

The Irish-based study lead said food scientists, medical scientists and pharma companies must work together to produce functional foods to treat chronic conditions.

A team of researchers based at the Bernal Institute in University of Limerick (UL) have developed a new guide to designing functional foods to treat various chronic conditions.

Functional foods are foods that provide nutrition and act in a way that positively affects the body, similar to medicine.

According to the research, food has the potential to help in the treatment of heart diseases such as atherosclerosis.

“The capacity for our food to do more than provide us with nutrition is huge and relatively unexplored,” said study lead Daniel Granato, professor in food science and health at UL.

“Cardiovascular diseases are a main cause of death but they can be prevented. By bringing food scientists, medical scientists and pharma companies together we can employ the same methods used in producing medicinal drugs and produce foods that might mitigate health conditions,” Granato added.

The study has been published in Trends in Food Science & Technology, an academic journal. The UL researchers were joined on the project by academics from the Federal University of Alfenas and Universidade Federal de Minas Gerais in Brazil.

Granato and his team proposed an accurate computational approach to designing functional foods by predicting their bioactivity. This allowed the researchers to map how different food components benefit the body.

The study also drew attention to the potential of functional foods to treat illnesses and lessen the burden on the world’s health services. Functional foods are not too available on the market, despite their potential to help prevent conditions such as type-2 diabetes and glucose intolerance. These are both major contributors to heart disease.

Food science, cardiovascular disease therapy and computer modelling should be linked to produce functional foods that can mitigate atherosclerosis, according to Granato. He urged food and pharma companies to take note.

“This is critical to achieve United Nations Sustainable Development Goals in good health and wellbeing, as well as ensuring healthy lives and promoting wellbeing for all at all ages, by optimising discovery of bioactive compound sources, and reducing time to market for new functional foods,” he said.

Granato’s co-author and senior lecturer in the UL Department of Biological Sciences, Dr Andreas Grabrucker, said this approach could go far beyond heart disease.

“It will be the basis of a new research project at UL that aims to identify functional foods that lower the risk for neurodegenerative disorders such as Alzheimer’s disease,” he claimed.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!