The two sanctioned persons are Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, both key members of the Russia-aligned hacktivist group Cyber Army of Russia Reborn (CARR), according to a US Treasury press release.

Since 2022, CARR, which also uses the name Cyber Army of Russia, has conducted low-impact, unsophisticated DDoS attacks in Ukraine and against governments and companies located in countries that have supported Ukraine. In late 2023, CARR started to claim attacks on the industrial control systems of multiple U.S. and European critical infrastructure targets. Using various unsophisticated techniques, CARR has been responsible for manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in the U.S. and Europe.

cross-posted from: https://lazysoci.al/post/15908451

I've been saying this and people keep arguing.

Key Takeaways:

1. If you or someone you know has had any system instability issues with their 13th or 14th gen Intel processor/CPU, GN recommends on immediately filing an RMA with Intel even if a previous one was rejected.
2. If you're an owner of a 13 or 14th gen, please update the BIOS as soon as you can and keep an eye out for newer microcode patches/AGESA updates from Intel coming in mid-late August 2024.
3. Please continue to be informed/vigilant when buying second-hand/used Intel 13 and or 14th gen CPUs as you probably don't want to buy a defective CPU.

cross-posted from: https://feddit.org/post/1095016

Archived link

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools.

The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on this organization, the attackers exploited a vulnerability in an Apache HTTP server to deliver their MgBot malware."

Daggerfly, also known by the names Bronze Highland and Evasive Panda, was previously observed using the MgBot modular malware framework in connection with an intelligence-gathering mission aimed at telecom service providers in Africa. It's known to be operational since 2012.

Archived version

KnowBe4 needed a software engineer for our internal IT AI team. "We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person," the firm writes on its blog.

"We sent them their Mac workstation, and the moment it was received, it immediately started to load malware."

[Special points to KnowBe4 for publishing this on its blog. If this can happen to a security awareness firm, it can happen to everyone.]

Per author, if the treat passes as-is, it will hurt security and stifle speech.

while this treaty creates broad powers to fight things governments dislike, simply by branding them "cybercrime," it actually undermines the fight against cybercrime itself. Most cybercrime involves exploiting security defects in devices and services – think of ransomware attacks – and the Cybercrime Treaty endangers the security researchers who point out these defects, creating grave criminal liability for the people we rely on to warn us when the tech vendors we rely upon have put us at risk.

This is the granddaddy of tech free speech fights. Since the paper tape days, researchers who discovered defects in critical systems have been intimidated, threatened, sued and even imprisoned for blowing the whistle. Tech giants insist that they should have a veto over who can publish true facts about the defects in their products, and dress up this demand as concern over security.

Time and again, we've seen corporations rationalize their way into suppressing or ignoring bug reports.

The idea that users are safer when bugs are kept secret is called "security through obscurity" and no one believes in it – except corporate executives. As Bruce Schneier says, "Anyone can design a system that is so secure that they themselves can't break it. That doesn't mean it's secure – it just means that it's secure against people stupider than the system's designer"

the Cybercrime Treaty creates new obligations on signatories to help other countries' cops and courts silence and punish security researchers who make these true disclosures, ensuring that spies and criminals will know which products aren't safe to use, but we won't (until it's too late)

As an AWS focused solutions/systems architect, I've been feeling this for the last 10ish months too. I attended the first 9 re:Invent conferences (up until Covid upended things) but I was glad I didn't attend last year; and re:Inforce sounds like it was even worse.

A much needed reminder that Machine Learning and Large Language Models (so called 'AI') is plagiarism, don't necessarily agree it's theft in the strict legal definition (but definitely in the colloquial meaning), but it's definitely immoral and unethical and the used by those that want to contribute nothing themselves.

A new report unveils the discovery of a technology suite and its connection to Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia. The technology suite is composed of software, Domain Name System (DNS) configurations, website hosting, payment mechanisms, mobile apps, and more—a full cybercrime supply chain.

Tens of seemingly unrelated gambling brands that advertise by way of sponsorship deals with European sports teams use this technology. The owners of these brands prey on residents of Greater China and on victims across the globe to take advantage of the US$1.7 trillion illegal gambling economy.

The report names the actor who designed, developed, and operates this supply chain: Vigorish Viper.

Am I the only one that thinks Scaringe looks like Steve-O?

cross-posted from: https://feddit.org/post/1019342

Archived link

Preventing so-called technology leakage was top of the European Commission’s agenda when it in late 2023 named quantum technology as one of four critical fields it wanted to protect. Brussels has yet to publish a promised risk assessment, though, says Jeroen Groenewegen-Lau, Head of Program at the Mercator Institute for China Studies (MERICS).

Europe should also increase control over the export of critical components for quantum computers to China. All European countries should follow Spain, France and the UK in declaring these items dual-use, forcing exporters to apply for permits for components that can have military as well as civilian uses. As much equipment is too widely used for control through a dual-use lists, Europe should also add policy tools so that, like the US, it can restrict exports to companies and research institutions known to work against its interests.

Taking a clear stance on the risks of quantum technologies will also enable Europe to better compete in the field. More than in digital technologies like artificial intelligence, Europe is well positioned to profit from the technology’s power – optimizing flight routes or supply chains, simulating chemical and biological processes at the atomic level. Long-term investment in basic quantum research not only led to a Nobel Prize in 2022, but has spawned quantum valleys in München and Lower Saxony, a quantum delta in the Netherlands, and the “QuantAlps” around Grenoble, to name but a few clusters.

Steve from Gamers Nexus explicitly states that they "can't recommend Intel CPUs right now" until Intel provides information and assurance to customers

Intel what are you doing? Shit's on fire, yo

Happy BSOD Day!