Miscellaneous Tech News
-
Apple Issues Emergency Security Updates to Close a Spyware Flaw
Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click.
FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild
-
Apple releases fix for zero click vulnerability in all apple devices
If you haven't seen it, update your apple gear now. A zero click has been discovered, created by NSO, that allows for zero click ownership of any Apple Device.
-
Apple issues urgent iPhone software update to address critical spyware vulnerability
If you still haven't seen it, update your apple devices!
-
TikTok faces privacy investigations by EU watchdog
TikTok is under investigation by The Irish Data Protection Commission (DPC) - its lead regulator in the EU - over two privacy-related issues.
The watchdog is looking into its processing of children's personal data, and whether TikTok is in line with EU laws about transferring personal data to other countries, such as China. TikTok said privacy was "our highest priority". The Irish DPC said it was specifically looking into GDPR-related issues. These are the EU privacy laws which can potentially lead to enormous fines of up to 4% of a company's global turnover. It said the first inquiry would examine "the processing of personal data... for users under age 18, and age verification measures for persons under 13". It will also look into how transparent TikTok has been about how it processes such data. -
Cryptocurrency launchpad hit by $3 million supply chain attack
SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether. -
@mlnews said in Miscellaneous Tech News:
Cryptocurrency launchpad hit by $3 million supply chain attack
SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.
Guessing they used that term since it's hot news right now.
-
@stacksofplates said in Miscellaneous Tech News:
@mlnews said in Miscellaneous Tech News:
Cryptocurrency launchpad hit by $3 million supply chain attack
SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.
Guessing they used that term since it's hot news right now.
Yeah - like calling everything a zero day exploit when it's not.
-
@stacksofplates said in Miscellaneous Tech News:
@mlnews said in Miscellaneous Tech News:
Cryptocurrency launchpad hit by $3 million supply chain attack
SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.
Guessing they used that term since it's hot news right now.
I wonder if that isn't a supply chain attack anyway. Private repo or not, shouldn't make a difference in that determination. "Private" is just private in the sense that you have to be invited to contribute.
What makes it a supply chain attack is that the hacker didn't attack any production servers. He attacked the software supply chain by injecting malicious code in their repository. Which eventually got deployed and ended up running.
If he had gained access to production servers somehow and made the exact same changes on the software running, it would not have been a supply chain attack.
Don't know how the sushi-thing works but they say it's community driven and decentralized which sound like the malicious code might have ended up deployed in many places.
-
@pete-s said in Miscellaneous Tech News:
@stacksofplates said in Miscellaneous Tech News:
@mlnews said in Miscellaneous Tech News:
Cryptocurrency launchpad hit by $3 million supply chain attack
SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.
Guessing they used that term since it's hot news right now.
I wonder if that isn't a supply chain attack anyway. Private repo or not, shouldn't make a difference in that determination. "Private" is just private in the sense that you have to be invited to contribute.
What makes it a supply chain attack is that the hacker didn't attack any production servers. He attacked the software supply chain by injecting malicious code in their repository. Which eventually got deployed and ended up running.
If he had gained access to production servers somehow and made the exact same changes on the software running, it would not have been a supply chain attack.
Don't know how the sushi-thing works but they say it's community driven and decentralized which sound like the malicious code might have ended up deployed in many places.
It's not that it's a private repo. It's that the person was allowed to modify the code base. Supply chain isn't opening a PR to a project and having it approved, that's just insider malicious coding.
-
@mlnews said in Miscellaneous Tech News:
TikTok faces privacy investigations by EU watchdog
TikTok is under investigation by The Irish Data Protection Commission (DPC) - its lead regulator in the EU - over two privacy-related issues.
The watchdog is looking into its processing of children's personal data, and whether TikTok is in line with EU laws about transferring personal data to other countries, such as China. TikTok said privacy was "our highest priority". The Irish DPC said it was specifically looking into GDPR-related issues. These are the EU privacy laws which can potentially lead to enormous fines of up to 4% of a company's global turnover. It said the first inquiry would examine "the processing of personal data... for users under age 18, and age verification measures for persons under 13". It will also look into how transparent TikTok has been about how it processes such data.I'd be okay if TikTok was blocked by ever ISP - and every (TikTok) server combusted...
-
Critical bug being exploited in Zoho ManageEngine.
-
Ubuntu 18.04.6 LTS
https://wiki.ubuntu.com/BionicBeaver/ReleaseNotesWhen next year comes around, we will have three active LTS releases plus 16.04 LTS if you have extended security maintenance.
-
Bitcoin mining producing tonnes of waste
Bitcoin mining produces electronic waste (e-waste) annually comparable to the small IT equipment waste of a place like the Netherlands, research shows.
Miners of the cryptocurrency each year produce 30,700 tonnes of e-waste, Alex de Vries and Christian Stoll estimate. That averages 272g (9.5oz) per transaction, they say. By comparison, an iPhone 13 weighs 173g (6.1oz). Miners earn money by creating new Bitcoins, but the computing used consumes large amounts of energy. They audit Bitcoin transactions in exchange for an opportunity to acquire the digital currency. Attention has been focused on the electricity this consumes - currently more than the Philippines - and the greenhouse gas pollution caused as a result. -
NFT-based fantasy football card firm raises $680m
French firm Sorare, which sells football trading cards in the form of non-fungible tokens (NFTs), has raised $680m (£498m).
The NFT-based cards are used by fans to create fantasy football teams which can then "play" each other. The funding was led by tech investor Softbank, with ex-England international Rio Ferdinand also putting in money. NFTs are controversial, with concerns over financial risk and environmental impact. An NFT is a "one-of-a-kind" digital asset that can be bought and sold like any other piece of property. As with crypto-currency, a record of who owns what is stored on a shared ledger known as the blockchain and maintained by thousands of computers around the world. -
Security audit raises severe warnings on Chinese smartphone models
The audit red-flagged Xiaomi and Huawei phones but gave OnePlus a pass.
The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei's P40 5G, Xiaomi's Mi 10T 5G, and OnePlus' 8T 5G. Sufficiently determined US shoppers can find the P40 5G on Amazon and the Mi 10T 5G on Walmart.com—but we will not be providing direct links to those phones, given the results of the NCSC's security audit. The Xiaomi phone includes software modules specifically designed to leak data to Chinese authorities and to censor media related to topics the Chinese government considers sensitive. The Huawei phone replaces the standard Google Play application store with third-party substitutes the NCSC found to harbor sketchy, potentially malicious repackaging of common applications. -
@mlnews said in Miscellaneous Tech News:
Security audit raises severe warnings on Chinese smartphone models
The audit red-flagged Xiaomi and Huawei phones but gave OnePlus a pass.
The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei's P40 5G, Xiaomi's Mi 10T 5G, and OnePlus' 8T 5G. Sufficiently determined US shoppers can find the P40 5G on Amazon and the Mi 10T 5G on Walmart.com—but we will not be providing direct links to those phones, given the results of the NCSC's security audit. The Xiaomi phone includes software modules specifically designed to leak data to Chinese authorities and to censor media related to topics the Chinese government considers sensitive. The Huawei phone replaces the standard Google Play application store with third-party substitutes the NCSC found to harbor sketchy, potentially malicious repackaging of common applications.It's outrageous! Phones are only allowed to leak information to the US authorities!
-
EU Commision proposes USB-C as mandatory standard for chargers.
In an effort to curb electronic waste:
"USB-C will become the standard port for all smartphones, tablets, cameras, headphones, portable speakers and handheld videogame consoles."
https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4613Apple is furious at EU plan.
https://news.yahoo.com/apple-furious-eu-plan-standard-142010661.html -
@pete-s said in Miscellaneous Tech News:
EU Commision proposes USB-C as mandatory standard for chargers.
In an effort to curb electronic waste:
"USB-C will become the standard port for all smartphones, tablets, cameras, headphones, portable speakers and handheld videogame consoles."
https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4613Apple is furious at EU plan.
https://news.yahoo.com/apple-furious-eu-plan-standard-142010661.htmlApple user: Can I borrow your Lightning cable?
-
Russia arrests cybersecurity expert on treason charge
Ilya Sachkov is founder of Group-IB, which specializes in ransomware attack prevention.
The founder of one of Russia’s largest cybersecurity companies has been arrested on suspicion of state treason and will be held in a notorious prison run by the security services for the next two months, a Moscow court said on Wednesday. The charges against Ilya Sachkov, founder of Group-IB, are classified and details of them were not immediately clear. State-run news agency Tass cited an anonymous source who said Sachkov denied passing on secret information to foreign intelligence services. Group-IB, which specializes in preventing cybercrime and ransomware, confirmed that law enforcement raided its officers yesterday but said it did not know the reason for Sachkov’s arrest. “Group-IB’s team is confident in the innocence of the company’s CEO and his business integrity,” the company said in a statement. -
We have customers reporting that Vitelity is losing calls now, too.