Tag: cybersecurity

  • Nvidia Rejects US Chip Export Proposal: No Backdoors or Spyware

    Nvidia Rejects US Chip Export Proposal: No Backdoors or Spyware

    Key Takeaways

    1. Nvidia received a request from the Chinese cyberspace authority to clarify concerns about national security threats related to their chips.
    2. Nvidia firmly denies having “backdoors” in their chips that could allow remote access or control.
    3. The company opposes U.S. proposals for government backdoors and argues they would create vulnerabilities that hackers could exploit.
    4. Nvidia cites the failed Clipper Chip program from the 1990s as a lesson against implementing government backdoors in hardware.
    5. The company distinguishes between user-controlled software features and inherent hardware flaws, maintaining there are no security compromises in their products.


    Last week, it was reported by Reuters that the Chinese cyberspace authority officially requested Nvidia to clarify their position, expressing concerns about potential national security threats. In response, a representative from Nvidia stated, “Nvidia does not have ‘backdoors’ in our chips that would give anyone a remote way to access or control them.”

    Nvidia’s Stance on U.S. Proposals

    In a recent blog entry, Nvidia has voiced its disapproval of suggestions made by U.S. lawmakers while also addressing the worries raised by China’s cyberspace regulator. The blog post, which is named “No Backdoors, No Kill Switches, No Spyware,” explains that incorporating such measures would turn into a “gift to hackers and hostile actors,” leading to risky vulnerabilities that are easy to exploit. Nvidia likened this concept to “buying a car where the dealership keeps a remote control for the parking brake,” deeming it an excessive reaction that could jeopardize U.S. economic and national security.

    Historical Context and Lessons Learned

    The chip manufacturer pointed to the unsuccessful Clipper Chip program from the 1990s as a significant example, arguing that the endeavor to implement government backdoors within hardware resulted in centralized weaknesses and eroded user confidence. This historical context reinforces their stance against any measures that could compromise security.

    Differentiating Hardware from Software

    Furthermore, Nvidia dismissed any parallels drawn with smartphone features like “remote wipe,” clarifying that these are user-controlled software options rather than inherent and unmanageable flaws in hardware. In closing, the company emphasized that intentionally compromising essential infrastructure should never be a tactic employed by the government, firmly reaffirming their position: “There are no back doors in Nvidia chips. No kill switches. No spyware.”

    Source:
    Link


     

  • Nvidia Dismisses China’s H20 GPU Security Issues Amid US Export Rules

    Nvidia Dismisses China’s H20 GPU Security Issues Amid US Export Rules

    Key Takeaways

    1. Nvidia emphasizes the importance of cybersecurity and denies claims that its products allow remote access or control.
    2. China’s concerns arise from a draft U.S. law requiring disclosure of advanced chip locations to prevent exports to embargoed countries.
    3. The H20 chip, designed for the Chinese market, lacks a hardware tracking module found in restricted components.
    4. Experts have mixed opinions on China’s approach to Nvidia, with some seeing hardware as leverage and others viewing pressure as mostly symbolic.
    5. Despite regulatory challenges, demand for Nvidia products in China remains strong, with ongoing imports and investments in domestic alternatives.


    Nvidia has stated that “cybersecurity is very important” and denied claims that any of its products allow remote access or control. This statement came after the Cyberspace Administration of China (CAC) called the company to talk about possible risks to user data related to the H20 artificial-intelligence GPU.

    Beijing’s Response

    China’s worries are partly in reaction to a draft U.S. law that would require advanced chips sold internationally to disclose their location. This law aims to stop these chips from being sent to countries under embargo. This situation comes shortly after the U.S. lifted an April ban on H20 exports, which had already been adjusted to meet the 2023 performance limits.

    H20 Specifications

    The H20 chip is a simplified version of the H100 and does not include a hardware tracking module, unlike fully restricted components. Reports from the industry suggest that this chip was specifically designed for the Chinese market after tighter U.S. controls were put in place.

    Varying Opinions on China’s Strategy

    Experts have different views on how aggressively China will pursue this issue. Tilly Zhang from Gavekal Dragonomics believes that the government now views Nvidia hardware as leverage due to the rise of stronger domestic alternatives. On the other hand, Charlie Chai from 86Research thinks that the pressure will mainly be symbolic, since many Chinese developers are still heavily reliant on Nvidia’s CUDA software.

    Despite facing regulatory challenges—including an ongoing antitrust probe—demand for Nvidia accelerators in China remains strong. Reuters has reported a recent order for about 300,000 H20 units from TSMC. Other U.S. suppliers like Micron have also gone through similar security assessments, highlighting Beijing’s strategy of using these investigations while local semiconductor capabilities develop.

    Future Outlook

    Currently, the CAC has not provided specific counter-measures. Without a strong large-scale alternative, analysts predict that China will continue to import Nvidia GPUs, but with increased scrutiny, while also boosting investments in domestically produced accelerators from companies like Huawei, Biren, and Cambricon.

    Source:
    Link


     

  • Microsoft Stops Technical Support for Defense Cloud in China

    Microsoft Stops Technical Support for Defense Cloud in China

    Key Takeaways

    1. Microsoft will no longer allow Chinese employees to assist with technical support for Pentagon cloud projects following an investigation.
    2. The company is enhancing its security measures in partnership with national security partners.
    3. The “escort model” involved U.S. citizens supervising foreign engineers, raising concerns about their ability to detect harmful code.
    4. Senator Tom Cotton has requested information on contractors using Chinese workers, highlighting the threat of China’s cyber capabilities.
    5. Security experts warn of significant risks associated with foreign contractors accessing classified infrastructure, urging the Pentagon to conduct thorough audits.


    Microsoft has decided to stop allowing its Chinese employees to assist with technical support on cloud projects for the Defense Department. This move comes after an investigation by ProPublica that uncovered the company’s use of engineers from China, who were supervised by U.S. “digital escorts,” to maintain sensitive systems for the Pentagon.

    Changes in Technical Support

    Frank Shaw, the chief communications officer, announced on X that Microsoft had “made changes … to assure that no China‑based engineering teams are providing technical assistance” to the Pentagon. He also mentioned that the company would continue to update its security measures in collaboration with national security partners.

    Details of the Escort Model

    ProPublica’s investigation elaborated on the escort model. One escort shared that U.S. citizens with security clearances monitored the work of foreign engineers, yet they often did not possess the technical knowledge needed to identify harmful code. Many of these monitors earned just above the minimum wage while overseeing colleagues who had much stronger coding abilities.

    Senator Tom Cotton requested Defense Secretary Pete Hegseth to provide a list of contractors that employed Chinese workers, along with training records related to the escort program. He cautioned that China’s cyber capabilities are one of the most significant threats to the United States. In response, Hegseth ordered a two-week review of all cloud contracts and stated, “China will no longer have any involvement whatsoever in our cloud services, effective immediately.”

    Concerns Over Security

    Experts on security pointed out that, even without clear proof of espionage, allowing foreign contractors access to classified infrastructure presents a significant risk. They urged the Pentagon to audit every system that the foreign teams could reach, emphasizing that a single missed backdoor could compromise an otherwise secure network.

    The review by the Pentagon is expected to wrap up in early August. The results will help decide if additional restrictions or more comprehensive contractor reforms are necessary to safeguard military operations in the cloud.

    Source:
    Link

  • Security Risk in Ubuntu and Fedora Laptops: Full System Compromise

    Security Risk in Ubuntu and Fedora Laptops: Full System Compromise

    Key Takeaways

    1. A serious flaw in the Initial RAM Filesystem (initramfs) can lead to evil maid attacks on encrypted Linux laptops, despite using Secure Boot and password-secured bootloaders.
    2. Attackers can exploit the vulnerability by entering incorrect disk decryption passwords, accessing a low-level debug shell, and injecting malicious scripts.
    3. The initramfs is not cryptographically signed, allowing hackers to modify it without triggering security alerts.
    4. This vulnerability highlights a design flaw prioritizing system recoverability over security, often overlooked in hardening manuals and evaluations.
    5. Users can enhance security by changing kernel settings to prevent the launch of a debug shell after failed password attempts.


    Cybersecurity experts have uncovered a serious flaw that threatens the safety of many encrypted Linux laptops, opening the door to evil maid attacks. A new report from Ernw reveals that even when systems use established protections like Secure Boot and password-secured bootloaders, a major lapse in security can lead to total system takeover.

    The Attack Method

    The vulnerability is found in the Initial RAM Filesystem (initramfs), which is a temporary setup used during the boot process to get the main operating system ready. By deliberately entering the wrong disk decryption password multiple times, an attacker can push the system into a potent, low-level debug shell.

    Exploiting the Weakness

    From within this shell, the essence of the vulnerability can be taken advantage of. Since the initramfs isn’t cryptographically signed — only the kernel and its modules are — a hacker can extract it, add harmful scripts, and repackage it without triggering any security alerts. When the laptop is next booted and the user types in their password correctly, the concealed malware activates with the highest privileges, which allows it to steal the decryption key, record keystrokes, or send out data.

    The researchers emphasize that this issue is more a flaw in design prioritizing system recoverability than a simple bug related to physical security. Importantly, this attack method is frequently overlooked in typical hardening manuals and security evaluations.

    Simple Solutions

    Luckily, addressing the issue is quite easy. Users and system admins who are concerned can change their system’s kernel settings to make sure the computer stops or restarts instead of launching a debug shell after failed password entries. The findings serve as a clear warning that even strong security measures can be compromised by one weak point.

    Source:
    Link

  • HONOR Launches Global AI Deepfake Detection in April 2025

    HONOR Launches Global AI Deepfake Detection in April 2025

    Key Takeaways

    1. HONOR’s AI Deepfake Detection feature will launch globally in April 2025 to help users identify manipulated audio and video content in real time.
    2. Deepfake technology is a growing concern, with incidents reported every five minutes and 59% of people struggling to differentiate between human and AI-generated content.
    3. The detection system uses advanced AI algorithms to find subtle inconsistencies in media, alerting users when altered content is detected.
    4. There has been a significant rise in deepfake attacks, with digital document forgeries increasing by 244% and specific industries experiencing deepfake incidents up to 1520%.
    5. Experts, including Marco Kamiya from UNIDO, praise the technology as a vital security feature for mobile devices to combat digital manipulation.


    HONOR has revealed that its AI Deepfake Detection feature will launch globally in April 2025. This initiative is designed to assist users in recognizing manipulated audio and video content in real time.

    Growing Concern of Deepfake Technology

    Deepfake technology, which employs AI to create highly convincing but fake media, is becoming an increasing worry for both individuals and businesses. According to the Entrust Cybersecurity Institute, in 2024, a deepfake incident occurred every five minutes. Deloitte’s 2024 Connected Consumer Study also discovered that 59% of participants found it difficult to distinguish between human-created content and that generated by AI. Furthermore, 84% of those using generative AI expressed a desire for clear labels on AI-produced content.

    Advanced Detection Features

    HONOR first showcased its AI Deepfake Detection technology at the IFA 2024 event. This system utilizes sophisticated AI algorithms that detect subtle inconsistencies that are often unnoticed by the human eye. These inconsistencies may include pixel-level errors, problems with border blending, irregularities across video frames, and unusual facial traits like face-to-ear proportions or odd hairstyle features. When the system detects altered content, it issues an alert, allowing users to avoid potential risks.

    Increasing Incidents of Deepfake Attacks

    This global launch aligns with the rising number of deepfake attacks. Between 2023 and 2024, digital document forgeries surged by 244%. Industries like iGaming, fintech, and crypto have faced significant challenges, with deepfake occurrences increasing by 1520%, 533%, and 217%, respectively, year over year.

    HONOR’s efforts are part of a broader industry movement to tackle deepfake issues. Groups such as the Content Provenance and Authenticity (C2PA), established by Adobe, Arm, Intel, Microsoft, and Truepic, are developing technical standards to confirm the authenticity of digital content. Microsoft is also rolling out AI tools to help prevent deepfake misuse, including an automatic face-blurring feature for images uploaded to Copilot. Additionally, Qualcomm’s Snapdragon X Elite NPU enables local deepfake detection using McAfee’s AI models, preserving user privacy.

    Expert Praise for Deepfake Detection

    Marco Kamiya from the United Nations Industrial Development Organization (UNIDO) commended this technology, stating that AI Deepfake Detection is an essential security feature for mobile devices and can protect users from digital manipulation.


  • Verizon and AT&T Hit by Major Chinese Cyberattack

    Verizon and AT&T Hit by Major Chinese Cyberattack

    A Chinese state-backed hacking group, referred to as Salt Typhoon, has allegedly infiltrated the systems of prominent U.S. broadband companies, such as Verizon, AT&T, and Lumen Technologies. This cyber intrusion is reported to have lasted for several months, and it’s a significant issue. Authorities are currently viewing it as a major national security concern. The hackers might have accessed systems used for legal wiretapping requests, raising alarm about the potential compromise of U.S. intelligence and communication data.

    Ongoing Investigations

    Although the breach was only recently uncovered, the full scope of it remains under investigation by U.S. government agencies and private cybersecurity companies. Investigators think that the hackers focused on network infrastructure to capture internet traffic, which could impact millions of Americans. There are also signs that providers outside the U.S. might have faced similar threats.

    Verizon’s Response

    In reaction to the breach, Verizon has established a “war room” at its facility in Ashburn, Virginia, collaborating with the FBI, Microsoft, and Google’s Mandiant—a cybersecurity firm that specializes in threat detection, incident response, and security consulting—to evaluate the situation. While U.S. officials have not yet verified whether the attackers accessed lists of surveillance targets or their communications, the severity of the incident warranted a briefing for President Joe Biden, according to reports.

    Broader Implications

    The Salt Typhoon operation, which has been active since 2020, is part of a wider Chinese espionage campaign, with signs indicating possible involvement from China’s Ministry of State Security. The FBI and U.S. intelligence agencies continue to probe the extent of the breach and what sensitive data may have been taken. Microsoft, along with other cybersecurity companies, is helping to assess the level of data compromise.

  • Your iPhone could be infected with a virus

    Your iPhone could be infected with a virus

    There was an unexpected development. A virus affecting the Android side turned out to affect the iOS operating system as well. This dangerous virus can spread your various information on the internet or take over your bank account. So read the article carefully and let’s take a look at what we can do against emerging viruses.

    Dangerous virus affects everyone

    Based on the Golddigger Android trojan, the GoldPickaxe virus is now affecting iOS and all operating systems are at risk. Users need to take precautions against such viruses. Group-IB’s research has confirmed that the latest virus that has emerged takes your facial recognition data and also steals bank accounts.

    GoldPickaxe virus

    The GoldPickaxe.iOS virus can use social engineering to gain access to your bank accounts, which can end badly for you. The new virus has been found to be common in regions such as Vietnam and Thailand. It is also expected to spread started from the US to other regions in the future. Group-IB researchers continue to investigate the GoldPickaxe virus and say they have sent reports to the relevant brands.

    If you have an Android or iOS operating system, we recommend that you do not install applications/files, etc. from unknown sources. New viruses that have emerged in recent days may cause your information to be stolen. You should take steps to protect your smartphone.

  • Romania Experiences Widespread Ransomware Attack Targeting 18 Hospitals

    Romania Experiences Widespread Ransomware Attack Targeting 18 Hospitals

    A recent ransomware attack has caused significant disruption to 18 hospitals across Romania, putting a halt to their operations. The attack targeted the Hipocrate Information System (HIS), which is essential for managing patient care and medical records. As a result, the system is currently down, leaving hospitals struggling to maintain their usual level of care.

    The patient care and medical records are currently unavailable

    The attack occurred overnight between February 11 and 12, 2024, leading to encrypted databases and files. The Romanian Ministry of Health has acknowledged the severity of the situation and is actively working on a solution. Efforts to recover the affected systems are in progress, with IT and cybersecurity experts from the National Cyber Security Directorate (DNSC) leading the charge.

    The impact of the ransomware attack is widespread, affecting a variety of medical facilities including regional hospitals and cancer treatment centers. To prevent further damage, the Ministry of Health has enhanced security measures for other hospitals that were not affected by the attack.

    Details about the attack and compromised data remain unclear

    Currently, the details about the ransomware group behind the attack or the specifics of the data compromised are not clear. The provider of the HIS system, RSC, has not yet made a public statement regarding the incident.

    Incidents such as these expose the vulnerability of healthcare systems to cyberattacks and further boost the importance of robust cybersecurity measures to protect sensitive patient data and ensure the continuous operation of critical healthcare services. This is one sector that can’t afford serious downtime like these, and for obvious reasons too!

  • Play Protect’s real-time update effectively combats financial fraud

    Play Protect’s real-time update effectively combats financial fraud

    Since its launch, Google Play Protect has been scanning installed apps for malware, however this still does not guarantee that customers’ banking apps are 100% safe. Hackers merely need to gain access to the one-time password (OTP) that users received through SMS, enter the right verification code, and they can easily access the victim’s bank account.

    Fraud protection on Google Play Protect

    Play Protect will now check on the permissions an app requires, the ones that hackers most frequently abuse: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accesibility. This is a brand-new functionality that Google revealed for the Play Protect. Hackers can view incoming SMS messages and notifications with these permissions, and they can even use the device without the user’s awareness with accesibility permission.

    Fraud protection on Play Protect

    Since this functionality was developed in collaboration with Cyber Security of Singapore, Google only makes it available in Singapore for now. Users in Singapore will be the first to receive this fraud prevention tool from Google. This is a new feature from Google that always keeps an eye on what apps are doing in the background regarding permissions.

    Google states that this allows users to use banking apps safely. Play Protect fraud protection kicks in when users install a third-party application, such as an APK file downloaded from the internet. If the app requests all 4 permissions, a report will be provided to the user.

    It’s a really smart move to check these four permissions: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accesibility. This stops hackers from spying on SMS and notifications coming into the user’s phone, thereby limiting users’ data given to the app so hackers can’t access the user’s bank account.

  • Inappropriate Content Generation Exploit Uncovered by Microsoft Staffer in OpenAI’s DALL-E 3

    Inappropriate Content Generation Exploit Uncovered by Microsoft Staffer in OpenAI’s DALL-E 3

    Shane Jones, a manager in Microsoft’s software engineering department, recently discovered a vulnerability in OpenAI’s DALL-E 3 model, which is known for generating text-based images. This flaw allows the model to bypass AI Guardrails and generate inappropriate NSFW (Not Safe for Work) content. Upon discovering this vulnerability, Jones reported it to both Microsoft and OpenAI. However, instead of receiving a satisfactory response, he was met with a “Gagging Order” from Microsoft, which prohibited him from publicly disclosing the vulnerability.

    Jones, concerned about the potential security risks associated with this vulnerability, decided to share the information publicly despite Microsoft’s directive. He took to LinkedIn to write an open letter, urging OpenAI to temporarily suspend the DALL-E 3 model until the flaw could be addressed. However, Microsoft downplayed the severity of the vulnerability and questioned its success rate.

    Despite his efforts to communicate internally with Microsoft about the issue, Jones received no response. Frustrated by the lack of action, he made the decision to disclose the vulnerability to the media and relevant authorities. Jones also linked the vulnerability to recent incidents of AI-generated inappropriate content featuring Taylor Swift, which were allegedly created using Microsoft’s Designer AI function, which relies on the DALL-E 3 model.

    Microsoft’s legal department and senior executives warned Jones to stop disclosing information externally, but the vulnerability remained unpatched. As media outlets like Engadget sought an official response from Microsoft, the company finally acknowledged the concerns raised by Jones. Microsoft assured the public that it would address the issues and work towards fixing the vulnerabilities.


    Concerns over Vulnerability in OpenAI’s DALL-E 3 Model Uncovered by Microsoft Manager

    A vulnerability in OpenAI’s DALL-E 3 model, discovered by Shane Jones, a manager in Microsoft’s software engineering department, has raised concerns about potential security risks. The flaw enables the model to generate inappropriate NSFW content by bypassing AI Guardrails. Despite reporting the issue to both Microsoft and OpenAI, Jones faced a “Gagging Order” from Microsoft, preventing him from disclosing the vulnerability publicly.

    Downplayed Severity and Lack of Response

    Jones stumbled upon the vulnerability during independent research in December. He promptly informed Microsoft and OpenAI about the issue, emphasizing the security risks associated with it. In an open letter on LinkedIn, Jones urged OpenAI to temporarily suspend the DALL-E 3 model until the flaw was addressed. However, Microsoft responded by instructing him to remove the LinkedIn post without providing any explanation.

    Despite seeking internal communication with Microsoft to address the issue, Jones received no response. Frustrated by the lack of action, he decided to disclose the vulnerability to the media and relevant authorities. Jones also linked the vulnerability to instances of AI-generated inappropriate content featuring Taylor Swift, allegedly created using Microsoft’s Designer AI function, which relies on the DALL-E 3 model.

    Unpatched Vulnerability and Media Attention

    Microsoft’s legal department and senior executives warned Jones to stop disclosing information externally. However, even with these warnings, the vulnerability remained unpatched. Media outlets, including Engadget, sought an official response from Microsoft, which finally acknowledged the concerns raised by Jones. The company assured the public that it would address the issues and work towards fixing the vulnerabilities.

    It is crucial for organizations to take vulnerabilities seriously and prioritize their resolution to ensure the security and integrity of their products and services. While the exact nature and impact of this vulnerability are not explicitly stated, it is clear that Jones’s concerns should be acknowledged and addressed promptly. The incident also highlights the importance of responsible disclosure and effective communication between researchers and companies to mitigate potential security risks.