Tag Archives: Biz & IT

US-sanctioned currency exchange says $15 million heist done by “unfriendly states”

Grinex, a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, said it’s halting operations after experiencing a $13 million heist carried out by “western special services” hackers. Researchers from TRM, which has confirmed the theft, put the value of stolen assets at $15 million after discovering roughly 70 drained addresses, about 16 more than Grinex reported. Neither… Read More: US-sanctioned currency exchange says $15 million heist done by “unfriendly… »

Recent advances push Big Tech closer to the Q-Day danger zone

Interestingly, Amazon is using SigV4, an impromptu algorithm it developed in-house to make authentication quantum-safe. “AWS limits the transmission of these secrets to the moment of generation,” Campagna wrote. “Once initially distributed, it is never re-sent to the customer. While we made this decision to operate at the massive scale of AWS, we avoided the… Read More: Recent advances push Big Tech closer to the Q-Day danger… »

“Negative” views of Broadcom driving thousands of VMware migrations, rival says

Amid customer dissatisfaction around Broadcom’s VMware takeover, rivals have been trying to lure customers from the leading virtualization firm. One of VMware’s biggest competitors, Nutanix, claims to have swiped tens of thousands of VMware customers. Speaking at a press briefing at Nutanix’s .NEXT conference in Chicago this week, Nutanix CEO Rajiv Ramaswami said that “about… Read More: “Negative” views of Broadcom driving thousands of VMware migrations, rival… »

Iran-linked hackers disrupt operations at US critical infrastructure sites

Hackers working on behalf of the Iranian government are disrupting operations at multiple US critical infrastructure sites, likely in response to the country’s ongoing war with the US, a half-dozen government agencies are warning. In an advisory published Tuesday, the FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, Department of Energy,… Read More: Iran-linked hackers disrupt operations at US critical infrastructure sites »

Thousands of consumer routers hacked by Russia’s military

The Russian military is once again hacking home and small office routers in widespread operations that send unwitting users to sites that harvest passwords and credential tokens for use in espionage campaigns, researchers said Tuesday. An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries, were wrangled… Read More: Thousands of consumer routers hacked by Russia’s military »

OpenClaw gives users yet another reason to be freaked out about security

For more than a month, security practitioners have been warning about the perils of using OpenClaw, the viral AI agentic tool that has taken the development community by storm. A recently fixed vulnerability provides an object lesson for why. OpenClaw, which was introduced in November and now boasts 347,000 stars on Github, by design takes… Read More: OpenClaw gives users yet another reason to be freaked out… »

New Rowhammer attacks give complete control of machines running Nvidia GPUs

So where do we go now? The researchers said that both the RTX 3060 and RTX 6000 cards are vulnerable. Changing BIOS defaults to enable IOMMU closes the vulnerability, they said. Short for input-output memory management unit, IOMMU maps device-visible virtual addresses to physical addresses on the host memory. It can be used to make… Read More: New Rowhammer attacks give complete control of machines running Nvidia… »

Quantum computers need vastly fewer resources than thought to break vital encryption

The move, recently proposed by influential researcher Scott Aaronson, is a complete turnaround from the strict 90-day disclosure policies Google’s Project Zero pioneered two decades ago and an accepted norm that has driven security research for even longer. Other researchers are already criticizing the lack of details. “I think it’s alarmist to claim an immediate… Read More: Quantum computers need vastly fewer resources than thought to break… »

Google bumps up Q Day deadline to 2029, far sooner than previously thought

Google is dramatically shortening its readiness deadline for the arrival of Q Day, the point at which existing quantum computers can break public-key cryptography algorithms that secure decades’ worth of secrets belonging to militaries, banks, governments, and nearly every individual on earth. In a post published on Wednesday, Google said it is giving itself until… Read More: Google bumps up Q Day deadline to 2029, far sooner… »

Self-propagating malware poisons open source software and wipes Iran-based machines

In an email, Aikido researcher Charlie Eriksen said the canister was taken down Sunday night and is no longer available. “It wasn’t as reliable/untouchable as they expected,” Eriksen wrote. “But for a while, it would have wiped systems if infected.” Like previous TeamPCP malware, CanisterWorm, as Aikido has named the malware, targets organizations’ CI/CD pipelines… Read More: Self-propagating malware poisons open source software and wipes Iran-based machines »