The US government is investigating the potential national security risks associated with China's involvement in the development of open-source RISC-V chip technology. According to a letter obtained by Reuters, the Department of Commerce has informed US lawmakers that it is actively reviewing the implications of China's work in this area. RISC-V, an open instruction set architecture (ISA) created in 2014 at the University of California, Berkeley, offers an alternative to proprietary and licensed ISAs like those developed by Arm. This open-source ISA can be utilized in a wide range of applications, from AI chips and general-purpose CPUs to high-performance computing applications. Major Chinese tech giants, including Alibaba and Huawei, have already embraced RISC-V, positioning it as a new battleground in the ongoing technological rivalry between the United States and China over cutting-edge semiconductor capabilities.

In November, a group of 18 US lawmakers from both chambers of Congress urged the Biden administration to outline its strategy for preventing China from gaining a dominant position in RISC-V technology, expressing concerns about the potential impact on US national and economic security. While acknowledging the need to address potential risks, the Commerce Department noted in its letter that it must proceed cautiously to avoid unintentionally harming American companies actively participating in international RISC-V development groups. Previous attempts to restrict the transfer of 5G technology to China have created obstacles for US firms involved in global standards bodies where China is also a participant, potentially jeopardizing American leadership in the field. As the review process continues, the Commerce Department faces the delicate task of balancing national security interests with the need to maintain the competitiveness of US companies in the rapidly evolving landscape of open-source chip technologies.

JEDEC Solid State Technology Association, the global leader in standards development for the microelectronics industry, today announced publication of the JESD79-5C DDR5 SDRAM standard. This important update to the JEDEC DDR5 SDRAM standard includes features designed to improve reliability and security and enhance performance in a wide range of applications from high-performance servers to emerging technologies such as AI and machine learning. JESD79-5C is now available for download from the JEDEC website.

JESD79-5C introduces an innovative solution to improve DRAM data integrity called Per-Row Activation Counting (PRAC). PRAC precisely counts DRAM activations on a wordline granularity. When PRAC-enabled DRAM detects an excessive number of activations, it alerts the system to pause traffic and to designate time for mitigative measures. These interrelated actions underpin PRAC's ability to provide a fundamentally accurate and predictable approach for addressing data integrity challenges through close coordination between the DRAM and the system.

Blink, an Amazon company, today announced the next-generation Blink Mini 2. The new Blink camera packs a punch in a compact, weather-resistant design that can now be used indoors or outdoors with the purchase of the new Blink Weather Resistant Power Adapter (sold as part of a bundle or separately). Blink Mini 2 offers enhanced image quality with improved low light performance, a wider field of view, and a built-in LED spotlight for night view in color. Powered by the company's custom-built chip, Blink Mini 2 utilizes on-device computer vision (CV) to support smart notifications, including person detection, which is available with a Blink Subscription Plan (sold separately).

"It is clear customers love Blink—in fact, the Blink business has grown 5x over the last four years," said Liz Hamren, chief executive officer at Blink. "We are building on this momentum with the addition of Mini 2 to Blink's affordable and easy-to-use suite of devices. Mini 2 was rebuilt from the inside out, keeping everything customers expect from Blink while adding even more utility through features like person detection, all at an incredible price point."

We have provided an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

2024 will be the year generative AI gets personal, the CEOs of NVIDIA and HP said today in a fireside chat, unveiling new laptops that can build, test and run large language models. "This is a renaissance of the personal computer," said NVIDIA founder and CEO Jensen Huang at HP Amplify, a gathering in Las Vegas of about 1,500 resellers and distributors. "The work of creators, designers and data scientists is going to be revolutionized by these new workstations."

Greater Speed and Security
"AI is the biggest thing to come to the PC in decades," said HP's Enrique Lores, in the runup to the announcement of what his company billed as "the industry's largest portfolio of AI PCs and workstations." Compared to running their AI work in the cloud, the new systems will provide increased speed and security while reducing costs and energy, Lores said in a keynote at the event. New HP ZBooks provide a portfolio of mobile AI workstations powered by a full range of NVIDIA RTX Ada Generation GPUs. Entry-level systems with the NVIDIA RTX 500 Ada Generation Laptop GPU let users run generative AI apps and tools wherever they go. High-end models pack the RTX 5000 to deliver up to 682 TOPS, so they can create and run LLMs locally, using retrieval-augmented generation (RAG) to connect to their content for results that are both personalized and private.

Cyberattacks are an existential risk, with 89% of organizations ranking ransomware as one of the top five threats to their viability, according to a November 2023 report from TechTarget's Enterprise Strategy Group, a leading analyst firm. And this is just one of many risks to corporate data—insider threats, data exfiltration, hardware failures, and natural disasters also pose significant danger. Moreover, as the just-released 2024 IBM X-Force Threat Intelligence Index states, as the generative AI market becomes more established, it could trigger the maturity of AI as an attack surface, mobilizing even further investment in new tools from cybercriminals. The report notes that enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn't require novel tactics from attackers to target.

To help clients counter these threats with earlier and more accurate detection, we're announcing new AI-enhanced versions of the IBM FlashCore Module technology available inside new IBM Storage FlashSystem products and a new version of IBM Storage Defender software to help organizations improve their ability to detect and respond to ransomware and other cyberattacks that threaten their data. The newly available fourth generation of FlashCore Module (FCM) technology enables artificial intelligence capabilities within the IBM Storage FlashSystem family. FCM works with Storage Defender to provide end-to-end data resilience across primary and secondary workloads with AI-powered sensors designed for earlier notification of cyber threats to help enterprises recover faster.

IBM has announced IBM LinuxONE 4 Express, extending the latest performance, security and AI capabilities of LinuxONE to small and medium sized businesses and within new data center environments. The pre-configured rack mount system is designed to offer cost savings and to remove client guess work when spinning up workloads quickly and getting started with the platform to address new and traditional use cases such as digital assets, medical imaging with AI, and workload consolidation.

Building an integrated hybrid cloud strategy for today and years to come
As businesses move their products and services online quickly, oftentimes, they are left with a hybrid cloud environment created by default, with siloed stacks that are not conducive to alignment across businesses or the introduction of AI. In a recent IBM IBV survey, 84% of executives asked acknowledged their enterprise struggles in eliminating silo-to-silo handoffs. And 78% of responding executives said that an inadequate operating model impedes successful adoption of their multicloud platform. With the pressure to accelerate and scale the impact of data and AI across the enterprise - and improve business outcomes - another approach that organizations can take is to more carefully identify which workloads should be on-premises vs in the cloud.

New York-based security firm Trail of Bits has identified a security vulnerability with various GPU models, which include AMD, Qualcomm, and Apple. This vulnerability, named LeftoverLocals, could potentially allow attackers to steal large amounts of data from a GPU's memory. Mainstream client-GPUs form a sizable chunk of the hardware accelerating AI and LLMs, as they cost a fraction of purpose-built data-center GPUs, and are available in the retail market. Unlike CPUs, which have undergone extensive hardening against data leaks, GPUs were primarily designed for graphics acceleration and lack similar data privacy architecture. To our knowledge, none of the client GPUs use virtualization with their graphics memory. Graphics acceleration in general is a very memory sensitive application, and requires SIMD units to have bare-metal access to memory, with as little latency as possible.

First the good news—for this vulnerability to be exploited, it requires the attacker to have access to the target device with the vulnerable GPU (i.e. cut through OS-level security). The attack could break down data silos on modern computers and servers, allowing unauthorized access to GPU memory. The potential data breach could include queries, responses generated by LLMs, and the weights driving the response. The researchers tested 11 chips from seven GPU makers and found the vulnerability in GPUs from Apple, AMD, and Qualcomm. While NVIDIA, Intel, and Arm first-party GPUs did not show evidence of the vulnerability, Apple, Qualcomm, and AMD confirmed to wired that their GPUs are affected, and that they're working on a security response. Apple has released fixes for its latest M3 and A17 processors, but older devices with previous generations of Apple silicon remain vulnerable. Qualcomm is providing security updates, and AMD plans to offer mitigations through driver updates in March 2024.

ASUS today announced the RT-AX57 Go tri-mode travel router, a dual-band model that offers ultra-fast WiFi 6 up to 3,000 Mbps. It provides tri-mode connectivity for travel, work and home, including 4G and 5G mobile tethering, public WiFi mode (WISP), router mode, subscription-free security and multiple VPN features. With support for 160 MHz WiFi channels, RT-AX57 Go can also support up to 70 devices, four times the capacity of previous models.

Frequent travelers often face situations where no WiFi is available. The RT-AX57 Go can provide an easy and secure connection through the mobile hotspot feature that can share WiFi with multiple devices. Travelers may also experience a limit on the number of devices that can connect to hotel or airport WiFi, and expensive connection fees. RT-AX57 Go can help sidestep these hassles by letting users easily set up private WiFi connections anywhere, whether in a hotel room, on a cruise ship, at an airport terminal, or even a recreational vehicle at a camp site.

Phison Electronics Corp., a global leader in NAND flash controller and storage solutions, today announced the company's predictions for 2024 trends in NAND flash infrastructure deployment. The company predicts that rapid proliferation of artificial intelligence (AI) technologies will continue apace, with PCIe 5.0-based infrastructure providing high-performance, sustainable support for AI workload consistency as adoption rapidly expands. PCIe 5.0 NAND flash solutions will be at the core of a well-balanced hardware ecosystem, with private AI deployments such as on-premise large language models (LLMs) driving significant growth in both everyday AI and the infrastructure required to support it.

"We are moving past initial excitement over AI toward wider everyday deployment of the technology. In these configurations, high-quality AI output must be achieved by infrastructure designed to be secure, while also being affordable. The organizations that leverage AI to boost productivity will be incredibly successful," said Sebastien Jean, CTO, Phison US. "Building on the widespread proliferation of AI applications, infrastructure providers will be responsible for making certain that AI models do not run up against the limitations of memory - and NAND flash will become central to how we configure data center architectures to support today's developing AI market while laying the foundation for success in our fast-evolving digital future."

Chinese chipmaker Montage Technology has unveiled new data center processors under its Jintide brand based on Intel's latest Emerald Rapids Xeon architecture. The 5th generation Jintide lineup offers anywhere from 16-core to 48-core options for enterprise customers needing advanced security specific to China's government and enterprise requirements. Leveraging a long-running joint venture with Intel, Jintide combines standard high-performance Xeon microarchitectures with added on-die monitoring and encryption blocks, PrC (Pre-check) and DSC (Dynamic Security Check), which are security-hardened for sensitive Chinese use cases. The processors retain all core performance attributes of Intel's vanilla offerings thanks to IP access, only with extra protections mandated by national security interests. While missing the very highest core counts, the new Jintide chips otherwise deliver similar Emerald Rapids features like 8-channel DDR5-5600 memory, 80 lanes of speedy PCIe 5.0, and elevated clock speeds over 4.0 GHz at peak. The Jintide processors have 2S scaling, which allows for dual-socket systems with up to 96 cores and 192 threads.

Pricing remains unpublished but likely carries a premium over Intel list prices thanks to the localized security customization required. However, with Jintide uniquely meeting strict Chinese government and data regulations, cost becomes secondary for target customers needing compliant data center hardware. After matching lockstep with Intel's last several leading Xeon generations, Jintide's continued iteration highlights its strategic value in enabling high-performance domestic infrastructure as China eyes IT supply chain autonomy. Intel gets expanded access to the growing Chinese server market, while Chinese partners utilize Intel IP to strengthen localized offerings without foreign dependency. It manifests the delicate balance of advanced chip joint ventures between global tech giants and rising challengers. More details about the SKUs are listed in the table below.

EnGenius, a leading innovator in connectivity solutions, is thrilled to announce the launch of its latest product, the XG60-FIT gateway, a solution designed specifically for small businesses' security and networking needs. With the XG60-FIT gateway, small businesses can efficiently manage remote worker networks and branch locations, ensuring secure communication and data protection without needing dedicated IT teams.

Robust Cybersecurity and Seamless Network Performance
The XG60-FIT gateway provides dependable connectivity, efficient security, and easy management. This robust connectivity solution offers high throughput performance and real-time protection for businesses' networks, allowing for collaboration and secure data sharing. Its innovative approach to simplicity makes VPN setup a breeze, enabling quick and secure connections between branches or remote workers with just a few clicks. To enhance network reliability, the gateway features dual-WAN ports for load balancing and failover support, with cellular WAN serving as a backup connection in case of WAN failures. Additionally, it offers multiple gigabit ports and a PoE+ port to power Wi-Fi access points, delivering high-performance Wi-Fi for small businesses, branch offices, and WFH employees.

Linksys, an iconic Home and Small Office connectivity company, announces in a statement of direction the new Cognitive Security capability, which will complement the newly released Designer Series through the end of the year. Cognitive Security technology will then be released in the soon-to-be announced Icon Series later this year.

The term "Cognitive" in the technology space refers to "thinking technologies," which can deterministically, either by user selection or automation, solve problems. In Phase 1 of its implementation, Linksys Cognitive Security was developed entirely based on user input and feedback, focusing on saving users time and effort.

Symantec, a division of Broadcom Inc., is partnering with Google Cloud to embed generative AI (gen AI) into the Symantec Security platform in a phased rollout that will give customers a significant technical edge for detecting, understanding, and remediating sophisticated cyber attacks.

Symantec is leveraging the Google Cloud Security AI Workbench and security-specific large language model (LLM)--Sec-PaLM 2-across its portfolio to enable natural language interfaces and generate more comprehensive and easy-to-understand threat analyses. With Security AI Workbench-powered summarization of complex incidents and alignment to MITRE ATT&CK context, security operations center (SOC) analysts of all levels can better understand threats and be able to respond faster. That, in turn, translates into greater security and higher SOC productivity.

IBM has announced the expansion of the their Cloud Security and Compliance Center, a suite of modernized cloud security and compliance solutions designed to help enterprises mitigate risk and protect data across their hybrid, multicloud environments and workloads. As clients look for ways to address new threats across the supply chain and manage evolving global regulations, the solution suite helps to support their resiliency, performance, security, and compliance needs while helping to minimize operational costs.

"IBM Cloud has a long history of working with clients in financial services and other highly regulated industries, especially when it comes to helping them to drive innovation while protecting their sensitive data," said Rohit Badlaney, General Manager, IBM Cloud Product and Industry Platform. "The expansion of the IBM Cloud Security and Compliance Center demonstrates our continued focus on industry-specific capabilities that help address real world business challenges for our clients. For example, clients have the ability to utilize the IBM Cloud Framework for Financial Services, which can help them address evolving rules, laws and regulations surrounding cloud risk. The new capabilities showcase our commitment to supporting clients on their hybrid cloud modernization journeys, designed for security, compliance, privacy, and trust at the forefront of our product roadmap."

Today, McAfee Corp., a global leader in online protection, announced the launch of its new McAfee Privacy & Identity Guard product available at Staples stores nationwide. McAfee's Privacy & Identity Guard will help Staples customers safeguard their identity and privacy online. In the U.S. 70% of adults are concerned about their ability to keep their information private. And more than half (52%) of U.S. adults want to be more in control of personal information and data online. Therefore, regaining control of personal data, and the data often most sought after by cybercriminals, has never been more important.

Staples customers will have access to McAfee Privacy & Identity Guard and will be able to proactively monitor and remove data online to help prevent potential identity theft and fraud. With an industry-leading set of features, McAfee Privacy & Identity Guard provides visibility into the risky places personal information is available, including the dark web, data broker sites, and sites that hold data tied to unused or old accounts. Customers can then take action to reduce the amount of personal data online and, in turn, lower the risk of identity theft.

Samsung Electronics today announced the first step in a plan to reimagine mobile device security for business customers in partnership with Microsoft. This collaboration has led to the industry's first on-device, mobile hardware-backed device attestation solution that works equally well on both company and personally owned devices.

Device attestation can help ensure a device's identity and health, verifying that it has not been compromised. On-device, mobile hardware-backed device attestation—available on Samsung Galaxy devices and combined with protection from Microsoft Intune—now adds enhanced security and flexibility. For enterprises, this is an extra layer of protection against compromised devices falsely claiming to be known and healthy, gaining access to sensitive corporate data. Additionally, organizations can now enable employees to bring their own device (BYOD) to work with the confidence that they are protected with the same level of security as company owned devices. For employees, this means added flexibility for their personal Galaxy devices to safely access their work environment.

IBM today announced that it has received an additional Trusted Supplier accreditation from the Department of Defense (DoD) Defense Microelectronics Activity (DMEA) for delivery of embedded security services customized for a U.S.-based advanced microelectronics manufacturer. IBM Consulting's accredited security services were previously recognized with the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award for overall security program excellence in 2022.

Microelectronics are used in most defense technology platforms—from mobile devices to computers and advanced weapons systems. This makes microelectronics supply chains critical to our national security and economic prosperity. However, they also represent one of the most complex defense-critical supply chains to secure because of their global reach and manufacturing. IBM Consulting's award-winning accredited security services takes this complexity into account, allowing for not only the identification, but also the remediation of microelectronics supply chain vulnerabilities.

A new vulnerability has been discovered in AMD Zen 2 based CPUs by Tavis Ormandy, a Google Information Security researcher. Ormandy has named the new vulnerability Zenbleed—also known as CVE-2023-20593—and it's said to affect all Zen 2 based AMD processors, which means Ryzen 3000, 4000 and 5000-series CPUs and APUs, as well as EPYC server chips. The reason why Zenbleed is of concern is because it doesn't require a potential attacker to have physical access to the computer or server in question and it's said to be possible to trigger the vulnerability via executing a javascript on a webpage. This means that the attack vector ends up being massive, at least when we're talking about something like a webhosting company.

Zenbleed is said to allow a potential attacker to gain access to things like encryption keys and user logins via triggering something called "the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper." Apparently this requires some precision for the vulnerability to work, but due to these registers being used system wide, even a sandboxed attacker can gain access to them. AMD has already issued a patch for its EPYC server CPUs, which obviously are the most vulnerable systems in question and the company is planning to release patches for all of its Zen 2 based CPUs before the end of the year. Hit up the source links for more details about Zenbleed.

Earlier today Logitech International was invited and honored to participate in the US National Label for Consumer IoT Security launch at the White House in Washington DC. The event, sponsored by the National Security Council, was led by chairwoman of the FCC, Jessica Rosenworcel, and included members of both organizations, as well as other leading tech companies focused on and making strides in product security for consumers.

Logitech is an active contributor in industry efforts to integrate security into the core standards that its products use. Through its participation in the Product Security Working Group (PSWG) and Matter Working Group within the Connectivity Standards Alliance (CSA), the company continues to work with others in the industry to write and certify the standards by which next generation products will operate.

Today, U.S. Deputy National Security Advisor Anne Neuberger, Chairwoman of the Federal Communications Commission (FCC) Jessica Rosenworcel, and Laurie Locascio, Director of the National Institute of Standards and Technology (NIST) unveiled the U.S. national IoT security label at the White House.

Infineon Technologies AG supports this action to address the growing need for IoT security. The new label supports the IoT security requirements under NISTIR 8425, which resulted from an Executive Order to improve the nation's cybersecurity. This label will recognize products that meet these requirements by permitting them to display a U.S. government label and be listed in a registry indicating that these products meet U.S. cybersecurity standards.

If you own one of several recent ASUS router models, then you're being urged by ASUS to upgrade your firmware to the latest release as soon as possible, due to a few serious security flaws. The two most severe being CVE-2022-26376 and CVE-2018-1160, both of which are rated 9.8 on a scale of 10 in terms of severity. However, if you're running the third party Asuswrt-Merlin firmware, you're apparently safe, as the author of the third party firmware has already patched all the known security issues that ASUS has announced patches for.

The affected models are the GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. That's 18 different models in total, all of which should be built around Broadcom hardware. It's unclear if more models are affected or not, but these are the ones ASUS has issued updates for. The security flaws in question could allow someone to take over an unpatched router and make it a part of a botnet or similar. ASUS has suggested turning off features like DDNS and VPN servers, as well as more obvious things like WAN access, port forwarding, port triggers and DMZ until the firmware has been updated on the affected models.

At Xbox, we have the fundamental commitment to provide all players with a safe and secure experience on our platform - and this is especially true for our youngest players. We frequently iterate on our safety measures, in collaboration and with feedback from the community, regulators and partners. We recently entered into a settlement with the U.S. Federal Trade Commission (FTC) to update our account creation process and resolve a data retention glitch found in our system. Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures. We believe that we can and should do more, and we'll remain steadfast in our commitment to safety, privacy, and security for our community.

Our two decades of safety experience has taught us that all players want, and need, safety and privacy protections. Since 2005, when we launched the first console that could connect players online, we've continued to invest in tools and technologies to protect our community. That work evolved into a multifaceted safety strategy. Our suite of safety, privacy and security measures are designed to respect player privacy and safety, and empower players, as well as parents and caregivers, to have control over their gaming experiences.

GIGABYTE Technology, one of the leading global manufacturers of motherboards, graphics cards, and hardware solutions, has always prioritized cybersecurity and information security. GIGABYTE remains committed to fostering close collaboration with relevant units and implementing robust security measures to safeguard its users. GIGABYTE engineers have already mitigated potential risks and uploaded the Intel 700/600 and AMD 500/400 series Beta BIOS to the official website after conducting thorough testing and validation of the new BIOS on GIGABYTE motherboards.

To fortify system security, GIGABYTE has implemented stricter security checks during the operating system boot process. These measures are designed to detect and prevent any possible malicious activities, providing users with enhanced protection:

• 1. Signature Verification: GIGABYTE has bolstered the validation process for files downloaded from remote servers. This enhanced verification ensures the integrity and legitimacy of the contents, thwarting any attempts by attackers to insert malicious code.
• 2. Privilege Access Limitations: GIGABYTE has enabled standard cryptographic verification of remote server certificates. This guarantees that files are exclusively downloaded from servers with valid and trusted certificates, ensuring an added layer of protection.

BIOS updates for the Intel 500/400 and AMD 600 series chipset motherboards will also be released on the GIGABYTE official website later today, along with updates for previously released motherboards. GIGABYTE recommends that users regularly visit the official GIGABYTE website for future BIOS updates.

Technology is creating amazing opportunities for our industry and the world, and Windows 11 is at the center of innovation with new experiences that transform how we interact with the Windows PC and each other. With Windows 11, we're seeing record engagement, our highest customer satisfaction over any previous version of Windows in the U.S., and accelerated growth in commercial deployments. In fact, we recently shared as part of our latest earnings report that over 90% of Fortune 500 companies are currently trialing or have already deployed Windows 11.

In February, we brought the new AI-powered Bing to the taskbar and other features to improve the way people get things done on their PCs. Today, we are providing a look at new features and enhancements for Windows 11 that will start to become available tomorrow, May 24, that focus on business needs, such as security and IT management, and new benefits that enhance professional and personal usability. For developers building on Windows, this week we are announcing new innovation at Microsoft Build.