Source: Hacker News
Source: Ars Technica
Enlarge (credit: Getty Images)
Researchers have unpacked a major cybersecurity find—a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced.
The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows.
On Monday, researchers from Kaspersky profiled CosmicStrand, the security firm’s name for a sophisticated UEFI rootkit that the company detected and obtained through its antivirus software. The find is among only a handful of such UEFI threats known to have been used in the wild. Until recently, researchers assumed that the technical demands required to develop UEFI malware of this caliber put it out of reach of most threat actors. Now, with Kaspersky attributing CosmicStrand to an unknown Chinese-speaking hacking group with possible ties to cryptominer malware, this type of malware may not be so rare after all.
Source: Ars Technica
Enlarge (credit: tupungato | iStock Editorial / Getty Images Plus)
When T-Mobile compromised the sensitive personal information of more than 76 million current, former, and prospective customers in 2021, plaintiffs involved in a class action lawsuit complained that the company continued profiting off their data while attempting to cover up “one of the largest and most consequential data breaches in US history.”
Now, T-Mobile has admitted no guilt but has agreed to pay a $500 million settlement (pending a judge’s approval), out of which $350 million will go to the settlement fund and “at least $150 million” will go toward enhancing its data security measures through 2023.
T-Mobile declined to tell Ars about specific upcoming plans to improve data security, instead linking to a statement that outlines measures it has taken to “double down” on security in the past year. That includes creating a Cybersecurity Transformation Office that directly reports to T-Mobile CEO Mike Sievert; collaborating with cybersecurity firms to “further transform our cybersecurity program;” ramping up employee cybersecurity training; and investing “hundreds of millions of dollars to enhance our current cybersecurity tools and capabilities.”
Source: Engadget
Intel and MediaTek have formed a strategic partnership to build chips for "a range of smart edge devices" using Intel Foundry Services (IFS), Intel announced. The aim is to help MediaTek build a "more balanced, resilient supply chain," with added capacity in the US and Europe.
MediaTek is a fabless chipmaker that supplies processors for smartphones made by OnePlus, Samsung and others, with most of its capacity currently handled by fab giant TSMC. However, it looks like Intel will build chips for less glamorous devices used for industrial computing, medical devices, internet-of-things applications and more. Intel currently manufactures chips for MediaTek used in its 5G data card business.
Very excited to announce a new foundry partnership with @MediaTek. Intel Foundry Services is ready to provide the advanced technologies to support their growth while building a more balanced, resilient #supplychain. Read more https://t.co/RpSyanElJt
— Randhir Thakur (@Randhir_Intel) July 25, 2022
Still, the partnership meets Intel CEO Pat Gelsinger's pledge to seek customers for its foundry business. Intel launched IFS in 2021 to take advantage of surging demand for semiconductor manufacturing by offering "leading-edge process and packaging technology," along with committed capacity in the US and Europe. As one of the leading fabless chip makers, MediaTek would be a key client.
Last year, Intel announced that it would build chips for Qualcomm as part of its foundry launch. It also detailed its "IDM 2.0" strategy to catch rivals TSMC and Samsung by 2025, kicking it off with a $20 billion investment in two Arizona fabrication plants. Later in 2021, the Biden administration spurned plans by Intel to manufacture silicon wafers in China as a way to relieve global chip shortage issues, citing security concerns.
The US Senate is set to vote on the CHIPS Act designed to bolster domestic semiconductor manufacturing with tax credits and up to $52 billion in subsidies. However, some industry players are concerned that it could unduly favor Intel, to the detriment of smaller manufacturers like AMD, Qualcomm and NVIDIA. Those companies design their own chips but don't manufacture them, so would see no direct benefit from subsidies.
Source: Hacker News
Source: Hacker News
Source: The Verge - All Posts
Google says it’s rolling back its decision to remove a section from the Play Store that listed which permissions an app uses. The company had more or less replaced that info with its Data Safety section, which is supposed to give you an idea of what data apps are collecting and how that data is used.
The problem, as several commentators pointed out, is that the information in the Data Safety section came from developers, whereas the app permissions section was generated by Google. By removing it, Google made it impossible for users to do a quick fact-check by comparing the two sections or to use the info from both to get a more complete picture of what an app is up to and what it has access to.
In a Twitter thread on Thursday spotted by...
Source: Hacker News
