ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Miscellaneous Tech News

    Scheduled Pinned Locked Moved News
    7.4k Posts 83 Posters 3.8m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stacksofplatesS
      stacksofplates @mlnews
      last edited by

      @mlnews said in Miscellaneous Tech News:

      Cryptocurrency launchpad hit by $3 million supply chain attack

      SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
      SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

      Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.

      Guessing they used that term since it's hot news right now.

      DashrenderD 1 2 Replies Last reply Reply Quote 1
      • DashrenderD
        Dashrender @stacksofplates
        last edited by

        @stacksofplates said in Miscellaneous Tech News:

        @mlnews said in Miscellaneous Tech News:

        Cryptocurrency launchpad hit by $3 million supply chain attack

        SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
        SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

        Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.

        Guessing they used that term since it's hot news right now.

        Yeah - like calling everything a zero day exploit when it's not.

        1 Reply Last reply Reply Quote 0
        • 1
          1337 @stacksofplates
          last edited by 1337

          @stacksofplates said in Miscellaneous Tech News:

          @mlnews said in Miscellaneous Tech News:

          Cryptocurrency launchpad hit by $3 million supply chain attack

          SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
          SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

          Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.

          Guessing they used that term since it's hot news right now.

          I wonder if that isn't a supply chain attack anyway. Private repo or not, shouldn't make a difference in that determination. "Private" is just private in the sense that you have to be invited to contribute.

          What makes it a supply chain attack is that the hacker didn't attack any production servers. He attacked the software supply chain by injecting malicious code in their repository. Which eventually got deployed and ended up running.

          If he had gained access to production servers somehow and made the exact same changes on the software running, it would not have been a supply chain attack.

          Don't know how the sushi-thing works but they say it's community driven and decentralized which sound like the malicious code might have ended up deployed in many places.

          stacksofplatesS 1 Reply Last reply Reply Quote 0
          • stacksofplatesS
            stacksofplates @1337
            last edited by stacksofplates

            @pete-s said in Miscellaneous Tech News:

            @stacksofplates said in Miscellaneous Tech News:

            @mlnews said in Miscellaneous Tech News:

            Cryptocurrency launchpad hit by $3 million supply chain attack

            SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
            SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

            Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.

            Guessing they used that term since it's hot news right now.

            I wonder if that isn't a supply chain attack anyway. Private repo or not, shouldn't make a difference in that determination. "Private" is just private in the sense that you have to be invited to contribute.

            What makes it a supply chain attack is that the hacker didn't attack any production servers. He attacked the software supply chain by injecting malicious code in their repository. Which eventually got deployed and ended up running.

            If he had gained access to production servers somehow and made the exact same changes on the software running, it would not have been a supply chain attack.

            Don't know how the sushi-thing works but they say it's community driven and decentralized which sound like the malicious code might have ended up deployed in many places.

            It's not that it's a private repo. It's that the person was allowed to modify the code base. Supply chain isn't opening a PR to a project and having it approved, that's just insider malicious coding.

            1 Reply Last reply Reply Quote 0
            • gjacobseG
              gjacobse @mlnews
              last edited by

              @mlnews said in Miscellaneous Tech News:

              TikTok faces privacy investigations by EU watchdog

              TikTok is under investigation by The Irish Data Protection Commission (DPC) - its lead regulator in the EU - over two privacy-related issues.
              The watchdog is looking into its processing of children's personal data, and whether TikTok is in line with EU laws about transferring personal data to other countries, such as China. TikTok said privacy was "our highest priority". The Irish DPC said it was specifically looking into GDPR-related issues. These are the EU privacy laws which can potentially lead to enormous fines of up to 4% of a company's global turnover. It said the first inquiry would examine "the processing of personal data... for users under age 18, and age verification measures for persons under 13". It will also look into how transparent TikTok has been about how it processes such data.

              I'd be okay if TikTok was blocked by ever ISP - and every (TikTok) server combusted...

              1 Reply Last reply Reply Quote 1
              • 1
                1337
                last edited by

                Critical bug being exploited in Zoho ManageEngine.

                https://us-cert.cisa.gov/ncas/alerts/aa21-259a

                1 Reply Last reply Reply Quote 0
                • black3dynamiteB
                  black3dynamite
                  last edited by

                  Ubuntu 18.04.6 LTS
                  https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes

                  When next year comes around, we will have three active LTS releases plus 16.04 LTS if you have extended security maintenance.

                  1 Reply Last reply Reply Quote 0
                  • mlnewsM
                    mlnews
                    last edited by

                    Bitcoin mining producing tonnes of waste

                    Bitcoin mining produces electronic waste (e-waste) annually comparable to the small IT equipment waste of a place like the Netherlands, research shows.
                    Miners of the cryptocurrency each year produce 30,700 tonnes of e-waste, Alex de Vries and Christian Stoll estimate. That averages 272g (9.5oz) per transaction, they say. By comparison, an iPhone 13 weighs 173g (6.1oz). Miners earn money by creating new Bitcoins, but the computing used consumes large amounts of energy. They audit Bitcoin transactions in exchange for an opportunity to acquire the digital currency. Attention has been focused on the electricity this consumes - currently more than the Philippines - and the greenhouse gas pollution caused as a result.

                    1 Reply Last reply Reply Quote 0
                    • mlnewsM
                      mlnews
                      last edited by

                      NFT-based fantasy football card firm raises $680m

                      French firm Sorare, which sells football trading cards in the form of non-fungible tokens (NFTs), has raised $680m (£498m).
                      The NFT-based cards are used by fans to create fantasy football teams which can then "play" each other. The funding was led by tech investor Softbank, with ex-England international Rio Ferdinand also putting in money. NFTs are controversial, with concerns over financial risk and environmental impact. An NFT is a "one-of-a-kind" digital asset that can be bought and sold like any other piece of property. As with crypto-currency, a record of who owns what is stored on a shared ledger known as the blockchain and maintained by thousands of computers around the world.

                      1 Reply Last reply Reply Quote 0
                      • mlnewsM
                        mlnews
                        last edited by

                        Security audit raises severe warnings on Chinese smartphone models

                        The audit red-flagged Xiaomi and Huawei phones but gave OnePlus a pass.
                        The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei's P40 5G, Xiaomi's Mi 10T 5G, and OnePlus' 8T 5G. Sufficiently determined US shoppers can find the P40 5G on Amazon and the Mi 10T 5G on Walmart.com—but we will not be providing direct links to those phones, given the results of the NCSC's security audit. The Xiaomi phone includes software modules specifically designed to leak data to Chinese authorities and to censor media related to topics the Chinese government considers sensitive. The Huawei phone replaces the standard Google Play application store with third-party substitutes the NCSC found to harbor sketchy, potentially malicious repackaging of common applications.

                        1 1 Reply Last reply Reply Quote 0
                        • 1
                          1337 @mlnews
                          last edited by

                          @mlnews said in Miscellaneous Tech News:

                          Security audit raises severe warnings on Chinese smartphone models

                          The audit red-flagged Xiaomi and Huawei phones but gave OnePlus a pass.
                          The Lithuanian National Cyber Security Centre (NCSC) recently published a security assessment of three recent-model Chinese-made smartphones—Huawei's P40 5G, Xiaomi's Mi 10T 5G, and OnePlus' 8T 5G. Sufficiently determined US shoppers can find the P40 5G on Amazon and the Mi 10T 5G on Walmart.com—but we will not be providing direct links to those phones, given the results of the NCSC's security audit. The Xiaomi phone includes software modules specifically designed to leak data to Chinese authorities and to censor media related to topics the Chinese government considers sensitive. The Huawei phone replaces the standard Google Play application store with third-party substitutes the NCSC found to harbor sketchy, potentially malicious repackaging of common applications.

                          It's outrageous! Phones are only allowed to leak information to the US authorities!

                          1 Reply Last reply Reply Quote 2
                          • 1
                            1337
                            last edited by 1337

                            EU Commision proposes USB-C as mandatory standard for chargers.

                            In an effort to curb electronic waste:

                            "USB-C will become the standard port for all smartphones, tablets, cameras, headphones, portable speakers and handheld videogame consoles."
                            https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4613

                            Apple is furious at EU plan.
                            https://news.yahoo.com/apple-furious-eu-plan-standard-142010661.html

                            gjacobseG 1 Reply Last reply Reply Quote 4
                            • gjacobseG
                              gjacobse @1337
                              last edited by

                              @pete-s said in Miscellaneous Tech News:

                              EU Commision proposes USB-C as mandatory standard for chargers.

                              In an effort to curb electronic waste:

                              "USB-C will become the standard port for all smartphones, tablets, cameras, headphones, portable speakers and handheld videogame consoles."
                              https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4613

                              Apple is furious at EU plan.
                              https://news.yahoo.com/apple-furious-eu-plan-standard-142010661.html

                              Apple user: Can I borrow your Lightning cable?
                              ff4f7b53-75f7-4dc3-9bc2-cd108904c3a9-image.png

                              1 Reply Last reply Reply Quote 3
                              • mlnewsM
                                mlnews
                                last edited by

                                Russia arrests cybersecurity expert on treason charge

                                Ilya Sachkov is founder of Group-IB, which specializes in ransomware attack prevention.
                                The founder of one of Russia’s largest cybersecurity companies has been arrested on suspicion of state treason and will be held in a notorious prison run by the security services for the next two months, a Moscow court said on Wednesday. The charges against Ilya Sachkov, founder of Group-IB, are classified and details of them were not immediately clear. State-run news agency Tass cited an anonymous source who said Sachkov denied passing on secret information to foreign intelligence services. Group-IB, which specializes in preventing cybercrime and ransomware, confirmed that law enforcement raided its officers yesterday but said it did not know the reason for Sachkov’s arrest. “Group-IB’s team is confident in the innocence of the company’s CEO and his business integrity,” the company said in a statement.

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  We have customers reporting that Vitelity is losing calls now, too.

                                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Miscellaneous Tech News:

                                    We have customers reporting that Vitelity is losing calls now, too.

                                    Theirs is not a DDoS. They have had multiple technical issues over recent weeks.
                                    https://status.vitelity.com/history

                                    scottalanmillerS 1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @JaredBusch
                                      last edited by

                                      @jaredbusch said in Miscellaneous Tech News:

                                      @scottalanmiller said in Miscellaneous Tech News:

                                      We have customers reporting that Vitelity is losing calls now, too.

                                      Theirs is not a DDoS. They have had multiple technical issues over recent weeks.
                                      https://status.vitelity.com/history

                                      Oh, just general problems with similar timing.

                                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                                      • mlnewsM
                                        mlnews
                                        last edited by

                                        Researcher refuses Telegram’s bounty award, discloses auto-delete bug

                                        Telegram took months to fix "self-destruct" message bug. Then requested silence.
                                        Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn't pleased with Telegram's months-long turnaround time—and an offered $1,159 (€1,000) bounty award in exchange for his silence. Like other messaging apps, Telegram allows senders to set communications to "self-destruct," such that messages and any media attachments are automatically deleted from the device after a set period of time. Such a feature offers extended privacy to both the senders and the recipients intending to communicate discreetly.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Massive outage....

                                          • Facebook
                                          • Twitter
                                          • WhatsApp
                                          • Instagram
                                          • BBC
                                          • CNN
                                          • Slack
                                          • Teams
                                          • Al Jazeera

                                          Telegram is up. Zoho is up.

                                          dbeatoD 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            Heard a rumor that AWS is down.

                                            DashrenderD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 372
                                            • 373
                                            • 4 / 373
                                            • First post
                                              Last post