Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security – Page 20

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday.

The network security company’s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of unknown provenance.

The security vulnerability, tracked as CVE-2024–3400 (CVSS score: 10.0), is a command injection flaw that enables unauthenticated attackers to execute arbitrary code with root privileges on the firewall.

Read more | >

PRESS RELEASE — The full power of next-generation quantum computing could soon be harnessed by millions of individuals and companies, thanks to a breakthrough by scientists at Oxford University Physics guaranteeing security and privacy. This advance promises to unlock the transformative potential of cloud-based quantum computing and is detailed in a new study published in the influential U.S. scientific journal Physical Review Letters.

Quantum computing is developing rapidly, paving the way for new applications which could transform services in many areas like healthcare and financial services. It works in a fundamentally different way to conventional computing and is potentially far more powerful. However, it currently requires controlled conditions to remain stable and there are concerns around data authenticity and the effectiveness of current security and encryption systems.

Several leading providers of cloud-based services, like Google, Amazon, and IBM, already separately offer some elements of quantum computing. Safeguarding the privacy and security of customer data is a vital precursor to scaling up and expending its use, and for the development of new applications as the technology advances. The new study by researchers at Oxford University Physics addresses these challenges.

Read more | >

The third proof point is both the increase in manufacturing capacity investment and the change in how that investment will be managed. With the interest in governments to secure future semiconductor manufacturing for both supply security and economic growth, Mr. Gelsinger went on a spending spree with investment in expanding capacity in Oregon, Ireland, and Israel, as well as six new fabs in Arizona, Ohio, and Germany. Most of the initial investment was made without the promise of government grants, such as the US Chips Act. However, Intel has now secured more than $50B from US and European government incentives, customer commitments starting with its first five customers on the 18A process node, and its financial partners. Intel has also secured an additional $11B loan from the US government and a 25% investment tax credit.

In addition to it’s own investment in fab capacity, Intel is partnering with Tower Semiconductor and UMC, two foundries with long and successful histories. Tower will be investing in new equipment to be installed in Intel’s New Mexico facility for analog products, and UMC will partner with Intel to leverage three of the older Arizona fabs and process nodes, starting with the 12nm, to support applications like industrial IoT, mobile, communications infrastructure, and networking.

The second side of this investment is how current and future capacity will be used. As strictly an IDM, Intel has historically capitalized on its investments in the physical fab structures by retrofitting the fabs after three process nodes, on average. While this allowed for the reuse of the structures and infrastructure, it eliminated support for older process nodes, which are important for many foundry customers. According to Omdia Research, less than 3% of all semiconductors are produced on the latest process nodes. As a result, Intel is shifting from retrofitting fabs for new process nodes to maintaining fabs to support extended life cycles of older process nodes, as shown in the chart below. This requires additional capacity for newer process nodes.

Read more | >

Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening. ICS calendar files after installing the December 2023 Outlook Desktop security updates.

The December Patch Tuesday security updates behind these inaccurate warnings patch the CVE-2023–35636 Microsoft Outlook information disclosure vulnerability, which attackers can exploit to steal NTLM hashes via maliciously crafted files.

These credentials are used to authenticate as the compromised Windows user in pass-the-hash attacks, to gain access to sensitive data or spread laterally on their network.

Read more | >

The software development sector stands at the dawn of a transformation powered by artificial intelligence (AI), where AI agents perform development tasks. This transformation is not just about incremental enhancements but a radical reimagining of how software engineering tasks are approached, executed, and delivered. Central to this shift is introducing AI-driven frameworks that transcend traditional code assistance tools, marking a leap toward more autonomous, efficient, and secure software development methodologies.

The integration of AI in software development has been confined largely to providing code suggestions and aiding in file manipulation. This approach, while beneficial, barely scratches the surface of what is technologically feasible. AI-powered tools operate within a constrained scope, missing out on Integrated Development Environments (IDEs)’ vast capabilities, such as comprehensive code building, testing, and version control operations. This limitation underscores a critical gap in the software development toolkit, where the potential for AI to contribute more profoundly to the development lifecycle remains largely untapped.

Microsoft researchers present AutoDev, which empowers AI agents to tackle a broad spectrum of software engineering tasks autonomously, from intricate code editing and comprehensive testing to advanced git operations. This framework is designed to focus on autonomy, efficiency, and security. By housing operations within Docker containers, AutoDev ensures that development processes are streamlined and secure, safeguarding user privacy and project integrity through meticulously designed guardrails.

Read more | >