Last week, NVIDIA systems were compromised by the attack of a hacking group called LAPSUS$. It has been a few days since the attack happened, and we managed to see source code of various software leaks through third-party anonymous tipsters and next-generation GPU codenames making an appearance. Today, NVIDIA issues a statement for the German PC enthusiast website Hardwareluxx, and we manage to see it below fully. The key takeaway from this quote is that NVIDIA believes that the compromised files will not impact the company's business in any meaningful manner, and operations continue as usual for NVIDIA's customers. The company's security team is analyzing the situation, and you can check out the complete statement below.

NVIDIA StatementOn February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.

We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.

Security is a continuous process that we take very seriously at NVIDIA - and we invest in the protection and quality of our code and products daily.

CyberLink Corp. a pioneer of AI and facial recognition technologies, will showcase several new, cutting-edge applications of its market-leading solution, FaceMe, at CES 2022 in Las Vegas. Learn how FaceMe can be deployed across use cases covering security, access control, health & safety, contactless payment, identity verification, visitor analytics, and more at booth #9543, North Hall, in the Las Vegas Convention Center, January 4-8, 2022.

FaceMe offers a broad and growing set of features and tools powered by CyberLink's highly ranked AI facial recognition engine. It is at the forefront of biometric solutions with innovation that pushes standards for accuracy, performance, security, and flexibility across a wide range of industries. Since the launch of FaceMe in late 2018, CyberLink has collaborated with over a hundred global partners, including hardware makers, solution providers, and system integrators, deploying its technology across multiple scenarios.

AMD EPYC class of enterprise processors has gotten infected by as many as 22 different security vulnerabilities. These vulnerabilities range anywhere from medium to high severity, affecting all three generations of AMD EPYC processors. This includes AMD Naples, Rome, and Milan generations, where almost all three are concerned with the whole 22 exploits. There are a few exceptions, and you can find that on AMD's website. However, not all seems to be bad. AMD says that "During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages."

AMD has already shipped new mitigations in the form of AGESA updates, and users should not fear if they keep their firmware up to date. If you or your organization is running on AMD EPYC processors, you should update the firmware to avoid any exploits from happening. The latest updates in question are NaplesPI-SP3_1.0.0.G, RomePI-SP3_1.0.0.C, and MilanPI-SP3_1.0.0.4 AGESA versions, which fix all of 22 security holes.

Over the past couple of years there has been a huge increase in ransomware attacks, and now scientists claim to have a solution that could help protect SSDs from getting encrypted by ransomware. The SSD-Insider++, as the solution has been named, claims to be able to detect ransomware activity and reverse the encryption on the fly.

SSD-Insider++ was developed by a group of engineers from South Korea's Inha University, Daegu Institute of Science and Technology, and the Cyber Security Department at Ewha Womans University (EWU), as well as a researcher from the University of Central Florida in the US. It's a firmware level based protection that looks for patterns of ransomware activity on the drive and stops it before any damage has been done.

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced an intent to form the Open 3D Foundation to accelerate developer collaboration on 3D game and simulation technology. The Open 3D Foundation will support open source projects that advance capabilities related to 3D graphics, rendering, authoring, and development. As the first project governed by the new foundation, Amazon Web Services, Inc. (AWS) is contributing an updated version of the Amazon Lumberyard game engine as the Open 3D Engine (O3DE), under the permissive Apache 2.0 license. The Open 3D Engine enables developers and content creators to build 3D experiences unencumbered by commercial terms and will provide the support and infrastructure of an open source community through forums, code repositories, and developer events. A developer preview of O3DE is available on GitHub today. For more information and/or to contribute, please visit: https://o3de.org

3D engines are used to create a range of virtual experiences, including games and simulations, by providing capabilities such as 3D rendering, content authoring tools, animation, physics systems, and asset processing. Many developers are seeking ways to build their intellectual property on top of an open source engine where the roadmap is highly visible, openly governed, and collaborative to the community as a whole. More developers look to be able to create or augment their current technological foundations with highly collaborative solutions that can be used in any development environment. O3DE introduces a new ecosystem for developers and content creators to innovate, build, share, and distribute immersive 3D worlds that will inspire their users with rich experiences that bring the imaginations of their creators to life.

AMD processors have been very good at the field of security, on par with its main competitor, Intel. However, from time to time, researchers find new ways of exploiting a security layer and making it vulnerable to all kinds of attacks. Today, we have information that two new research papers are being published at this year's 15th IEEE Workshop on Offensive Technologies (WOOT'21) happening on May 27th. Both papers are impacting AMD processor security, specifically, they show how AMD's Secure Encrypted Virtualization (SEV) is compromised. Researchers from the Technical University of Munich and the University of Lübeck are going to present their papers on CVE-2020-12967 and CVE-2021-26311, respectfully.

While we do not know exact details of these vulnerabilities until papers are presented, we know exactly which processors are affected. As SEV is an enterprise feature, AMD's EPYC lineup is the main target of these two new exploits. AMD says that affected processors are all of the EPYC embedded CPUs and the first, second, and third generation of regular EPYC processors. For third-generation EPYC CPUs, AMD has provided mitigation in SEV-SNP, which can be enabled. For prior generations, the solution is to follow best security practices and try to avoid an exploit.

The US Government, specifically the Department of Defense (DoD), has under the Trump administration blacklisted the Chinese smartphone maker Xiaomi. This was a way to impose sanctions on the Chinese company as it was believed that Xiaomi was involved with the Chinese military, thus the Trump organization had problems having US investors taking a share of it. However, the company has issued legal proceedings against the US government for making such claims, and now the US govt., administrated by the President Joe Biden, has reached an agreement with the company. Xiaomi managed to prove that it is not owned or controlled by the Chinese military, so the US DoD has removed the company from its blacklist.

This has caused the company shares to soar on the Hong Kong stock exchange by as much as 6.7% after the news appeared. "The Biden Administration is deeply concerned about potential U.S. investments in companies linked to the Chinese military and fully committed to keeping up pressure on such companies", said Emily Horne, a spokeswoman for the White House National Security Council.

Starting today, Microsoft Defender for Endpoint expands its use of Intel Threat Detection Technology (Intel TDT) beyond accelerated memory scanning capabilities to activate central processing unit (CPU) based cryptomining machine learning (ML) detection. This move further accelerates endpoint detection and response for millions of customers without compromising experience.

"This is a true inflection point for the security industry as well as our SMB, mid-market and enterprise customers that have rapidly adopted Windows 10 with built-in endpoint protections. Customers who choose Intel vPro with the exclusive Intel Hardware Shield now gain full-stack visibility to detect threats out of the box with no need for IT configuration. The scale of this CPU-based threat detection rollout across customer systems is unmatched and helps close gaps in corporate defenses," said Michael Nordquist, senior director of Strategic Planning and Architecture in the Business Client Group at Intel.

NVIDIA today announced the NVIDIA BlueField -3 DPU, its next-generation data processing unit, to deliver the most powerful software-defined networking, storage and cybersecurity acceleration capabilities available for data centers.

The first DPU built for AI and accelerated computing, BlueField-3 lets every enterprise deliver applications at any scale with industry-leading performance and data center security. It is optimized for multi-tenant, cloud-native environments, offering software-defined, hardware-accelerated networking, storage, security and management services at data-center scale.

Addressing the demands of the modern data center, Xilinx, Inc. (NASDAQ: XLNX) today announced a range of new data center products and solutions, including a new family of Alveo SmartNICs, smart world AI video analytics applications, an accelerated algorithmic trading reference design for sub-microsecond trading, and the Xilinx App Store.

Today's most demanding and complex applications, from networking and AI analytics to financial trading, require low-latency and real-time performance. Achieving this level of performance has been limited to expensive and lengthy hardware development. With these new products and solutions, Xilinx is eliminating the barriers for software developers to quickly create and deploy software-defined, hardware accelerated applications on Alveo accelerator cards.

The security of PCs has been an issue in the past few years as cyber-attack methods have been undergoing a transformation to hardware-specific malware that exploits different vulnerabilities of CPUs. That is why Microsoft, the developer of the most popular operating system, Windows 10, decided to engineer a hardware processor that will protect the OS and its user by having a specific job of maintaining the platform security. In collaboration with AMD, Intel, and Qualcomm, Microsoft is today introducing the Pluton security processor. The collaborator companies are going to integrate the new Pluton processor inside their CPUs and thus embed a new level of security in their PCs.

MicrosoftOur vision for the future of Windows PCs is security at the very core, built into the CPU, where hardware and software are tightly integrated in a unified approach designed to eliminate entire vectors of attack. This revolutionary security processor design will make it significantly more difficult for attackers to hide beneath the operating system, and improve our ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs.

Intel today announced that Lawrence Livermore National Laboratory (LLNL) will leverage Intel Xeon Scalable processors in "Ruby," its latest high performance computing cluster. The Ruby system will be used for unclassified programmatic work in support of the National Nuclear Security Administration's (NNSA) stockpile stewardship mission, for researching therapeutic drugs and designer antibodies against SARS-CoV-2, the virus that causes COVID-19, and for other open science work at LLNL.

Ruby was built in collaboration with Intel, LLNL, Supermicro and Cornelis Networks. The system consists of more than 1,500 nodes, each outfitted with Intel Xeon Scalable processors, and features 192 gigabytes of memory. Ruby will deliver 6 petaflops of peak performance and is expected to rank among the world's top 100 most powerful supercomputers.

Intel today unveiled the suite of new security features for the upcoming 3rd generation Intel Xeon Scalable platform, code-named "Ice Lake." Intel is doubling down on its Security First Pledge, bringing its pioneering and proven Intel Software Guard Extension (Intel SGX) to the full spectrum of Ice Lake platforms, along with new features that include Intel Total Memory Encryption (Intel TME), Intel Platform Firmware Resilience (Intel PFR) and new cryptographic accelerators to strengthen the platform and improve the overall confidentiality and integrity of data.

Data is a critical asset both in terms of the business value it may yield and the personal information that must be protected, so cybersecurity is a top concern. The security features in Ice Lake enable Intel's customers to develop solutions that help improve their security posture and reduce risks related to privacy and compliance, such as regulated data in financial services and healthcare.

The Singaporean Infocomm Media Development Authority (IMDA) has recently unveiled a suite of new security requirements for home routers. The new security requirements will include requiring unique login credentials, and automatic security patch updates. The new requirements were developed by IMDA in collaboration with private industry and the public. The mandates will apply to all new home routers sold in Singapore from 13 April 2021 however a grace period will apply for existing models until 12 October 2021. Singapore is one of the first countries to introduce such requirements after Japan, while the UK is currently evaluating such measures.

Today at the Intel Industrial Summit 2020, Intel announced new enhanced internet of things (IoT) capabilities. The 11th Gen Intel Core processors, Intel Atom x6000E series, and Intel Pentium and Celeron N and J series bring new artificial intelligence (AI), security, functional safety and real-time capabilities to edge customers. With a robust hardware and software portfolio, an unparalleled ecosystem and 15,000 customer deployments globally, Intel is providing robust solutions for the $65 billion edge silicon market opportunity by 2024.

"By 2023, up to 70% of all enterprises will process data at the edge. 11th Gen Intel Core processors, Intel Atom x6000E series, and Intel Pentium and Celeron N and J series processors represent our most significant step forward yet in enhancements for IoT, bringing features that address our customers' current needs, while setting the foundation for capabilities with advancements in AI and 5G," said John Healy, Intel vice president of the Internet of Things Group and general manager of Platform Management and Customer Engineering.

Security researcher Volodymyr Diachenko has discovered a security breach over at hardware peripheral manufacturer Razer. Reportedly, Mr. Volodymyr found a badly configured Elasticsearch cluster filled with over 100,000 data entries of Razer customers. That means that anywhere from customer email, physical address and phone number have been exposed to the public, making this leak potentially dangerous. What is even more dangerous is that the Elasticsearch cluster was not only exposed to the internet, however, it was also indexed by a search engine, making the data more easily searchable and discoverable. This is a pure admin fail, no hacking was required, they just left the front door open. Razer issued an official response to the incident below:

RazerWe were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed.
The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.
We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.

Underscoring its mission to enable the world to solve its biggest data challenges by building a data infrastructure with next-gen security, Western Digital (NASDAQ: WDC) today introduced the ArmorLock Security Platform. A data encryption platform that rethinks how data security should be done, the ArmorLock Security Platform was created to help with the diverse security demands of data-centric and content-critical storage use cases in industries as varied as finance, government, healthcare, IT enterprise, legal, and media and entertainment. As data security concerns continue to rise in visibility, Western Digital plans to apply the platform across a range of storage solutions.

The first product to leverage this advanced technology, the new G-Technology ArmorLock encrypted NVMe SSD, is designed to deliver an easy-to-use, high-performance, high-grade security storage solution for creators in the media and entertainment industry. Facing the threat of hijacked media files and leaked films, studios, agencies, and especially investors are demanding a better way to protect critical content. While much of the industry's focus has been on cloud security, data often remains vulnerable on the portable storage devices holding critical commercial content.

IBM today revealed the next generation of its IBM POWER central processing unit (CPU) family: IBM POWER10. Designed to offer a platform to meet the unique needs of enterprise hybrid cloud computing, the IBM POWER10 processor uses a design focused on energy efficiency and performance in a 7 nm form factor with an expected improvement of up to 3x greater processor energy efficiency, workload capacity, and container density than the IBM POWER9 processor.

Designed over five years with hundreds of new and pending patents, the IBM POWER10 processor is an important evolution in IBM's roadmap for POWER. Systems taking advantage of IBM POWER10 are expected to be available in the second half of 2021. Some of the new processor innovations include:

Intel has had quite a lot of work trying to patch all vulnerabilities discovered in the past two years. Starting from Spectre and Meltdown which exploited speculative execution of the processor to execute malicious code. The entire process of speculative execution relies on the microarchitectural technique for adding more performance called speculative branch prediction. This technique predicts branch paths and prepared them for execution, so the processor spends less time figuring out where and how will instructions flow through the CPU. So far, lots of these bugs have been ironed out with software, but a lot of older CPUs are vulnerable.

However, an attacker has always thought about doing malicious code execution on a CPU core shared with the victim, and never on multiple cores. This is where the new CrossTalk vulnerability comes in. Dubbed Special Register Buffer Data Sampling (SRBDS) by Intel, it is labeled as CVE-2020-0543 in the vulnerability identifier system. The CrossTalk is bypassing all intra-core patches against Spectre and Meltdown so it can attack any CPU core on the processor. It enables attacker-controlled code execution on one CPU core to leak sensitive data from victim software executing on a different core. This technique is quite dangerous for users of shared systems like in the cloud. Often, one instance is shared across multiple customers and until now they were safe from each other. The vulnerability uses Intel's SGX security enclave against the processor so it can be executed. To read about CrossTalk in detail, please visit the page here.

Dutch researcher from the Eindhoven University of Technology has found a new vulnerability in Thunderbolt port that allows attackers with physical access to unlock any PC running Windows or Linux kernel-based OS in less than 5 minutes. The researcher of the university called Björn Ruytenberg found a method which he calls Thunderspy, which can bypass the login screen of any PC. This attack requires physical access to the device, which is, of course, dangerous on its own if left with a person of knowledge. The Thunderbolt port is a fast protocol, and part of the reason why it is so fast is that it partially allows direct access to computer memory. And anything that can access memory directly is a potential vulnerability.

The Thunderspy attack relies on just that. There is a feature built into the Thunderbolt firmware called "Security Level", which disallows access to untrusted devices or even turns off Thunderbolt port altogether. This feature would make the port be a simple USB or display output. However, the researcher has found a way to alter the firmware setting of Thunderbolt control chip in a way so it allows any device to access the PC. This procedure is done without any trace and OS can not detect that there was a change. From there, the magic happens. Using an SPI (Serial Peripheral Interface) programmer with a SOP8 clip that connects the pins of the programmer device to the controller, the attacker just runs a script from there. This procedure requires around $400 worth of hardware. Intel already put some protection last year for the Thunderbolt port called Kernel Direct Memory Access Protection, but that feature isn't implemented on PCs manufactured before 2019. And even starting from 2019, not all PC manufacturers implement the feature, so there is a wide group of devices vulnerable to this unfixable attack.

Tails OS the operating system recommended by Edward Snowden, now works on systems with UEFI Secure Boot enabled. Tails OS is built from the ground up to offer maximum security and privacy running of a portable drive and leaving no trace on the host computer. The latest Tails OS 4.5 update added support for this crucial UEFI Secure Boot feature which was already found in most operating systems. Secure Boot uses cryptographic signatures to verify the integrity of firmware files loaded on system boot and insure they have not been tempered with.

Secure Boot has been available as part of the UEFI specification now for over two decades but is rarely used due to compatibility reasons. While not commonly used, the fact that a security focused operating system did not support this security feature was worrying for many as it meant Secure Boot had to be disabled on the host computer before the OS could boot. Work to add the feature has been ongoing over the last 6 years and is now complete and ready for use.

Researchers have found another vulnerability Inside Intel's Converged Security and Management Engine (CSME). For starters, the CSME is a tiny CPU within a CPU that has access to whole data throughput and is dedicated to the security of the whole SoC. The CSME system is a kind of a black box, given that Intel is protecting its documentation so it can stop its copying by other vendors, however, researchers have discovered a flaw in the design of CSME and are now able to exploit millions of systems based on Intel CPUs manufactured in the last five years.

Discovered by Positive Technologies, the flaw is lying inside the Read-Only Memory (ROM) of the CSME. Given that the Mask ROM is hardcoded in the CPU, the exploit can not be fixed by a simple firmware update. The researchers from Positive Technologies describe it as such: "Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform."

Kingston Digital Europe Co LLP, the Flash memory affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, announced its IronKey D300 Encrypted USB Flash Drive series has achieved NATO Restricted Level Certification. This indicates that, after a detailed validation process, the Kingston IronKey D300, IronKey D300S and IronKey D300SM have been listed in the NATO Information Assurance Product Catalogue (NIAPC) for security products that meet NATO's nations, civil and military bodies' operational requirements.

The NIAPC is established under an INFOSEC Directive and ensures only cryptographic products which are developed in a NATO member nation are evaluated and approved to use in accordance with NATO Security Policies. The IronKey D300 series is now included on this list, which means it is qualified as an encrypted Flash drive that meets the data protection levels established by NATO to protect information against loss or cyber-attacks. Sensitive data-in-transit needs to be protected as any loss or breach can result in harm to NATO's forces, its members or its mission.

Continuing our quick look series, this time we cover a product that came to us after our article on portable encrypted storage was published. That very article came about from two companies asking us if we would be interested in checking out their products, and when a startup company formed by Russians who specialize in data protection and embedded security asks you the same, you answer yes! Hawk Security was set up in 2018, and is actually based out of Hong Kong now, and offers data encryption solutions with military-grade encryption standards. They sent out their S-Drive, a portable solution with a 3D NAND-based memory and certification galore, with performance and privacy as the selling point.

The Hawk Security S-Drive ships in a thick cardboard box with a two-piece packaging, with aptly named security seals on the sides. The inner box slides out to reveal a premium unboxing experience with thick foam cut to shape, which in turn houses the user manual, the drive, and the connecting cable itself. The manual is handy for not only knowing the locking and unlocking procedures for this encrypted drive, but also the default password for using it the first time. The cable terminates in a standard USB 3.1 Gen 1 Type A connector on one end, but a 10-pin USB 3.1 Gen 1 Micro Type B super-speed connector on the other to help make the most of connection speeds. This means backwards compatibility with USB 2.0 ports is restricted to USB ports/hubs that provide enough power only, so keep that in mind. Read past the break for more on the drive.

Today, on January the 14th, Microsoft is officially ending support for Windows 7 operating system. After more than 10 years since its launch, Windows 7 has remained a primary operating system on many PCs, especially OEM PCs manufactured before 2015, when Windows 10 came out. The user transition from Windows 7 to Windows 10 has not been an easy task for Microsoft, however, by declaring that the product has reached End-Of-Life, Microsoft is trying to make millions of users pull the trigger and embrace the new operating system.

When January 14th arrives, Microsoft will stop giving Windows 7 users technical support, software updates with new features, and most importantly security updates. The official recommendation from Microsoft is to upgrade to the latest version of Windows, meaning Windows 10. As some of the older PCs may have compatibility issues with newer OS, it is also recommended to check your PC specifications. If you are a customer of the Extended Security Updates (ESU) program, you will continue to see further support in the future, however, for regular users, the support period is over.