Encryption

Ransomware Crew Abuses AWS Native Encryption, Sets Data-Destruct Timer for 7 Days (theregister.com) 18

A new ransomware group called Codefinger targets AWS S3 buckets by exploiting compromised or publicly exposed AWS keys to encrypt victims' data using AWS's own SSE-C encryption, rendering it inaccessible without the attacker-generated AES-256 keys. While other security researchers have documented techniques for encrypting S3 buckets, "this is the first instance we know of leveraging AWS's native secure encryption infrastructure via SSE-C in the wild," Tim West, VP of services with the Halcyon RISE Team, told The Register. "Historically AWS Identity IAM keys are leaked and used for data theft but if this approach gains widespread adoption, it could represent a significant systemic risk to organizations relying on AWS S3 for the storage of critical data," he warned. From the report: ... in addition to encrypting the data, Codefinder marks the compromised files for deletion within seven days using the S3 Object Lifecycle Management API â" the criminals themselves do not threaten to leak or sell the data, we're told. "This is unique in that most ransomware operators and affiliate attackers do not engage in straight up data destruction as part of a double extortion scheme or to otherwise put pressure on the victim to pay the ransom demand," West said. "Data destruction represents an additional risk to targeted organizations."

Codefinger also leaves a ransom note in each affected directory that includes the attacker's Bitcoin address and a client ID associated with the encrypted data. "The note warns that changes to account permissions or files will end negotiations," the Halcyon researchers said in a report about S3 bucket attacks shared with The Register. While West declined to name or provide any additional details about the two Codefinger victims -- including if they paid the ransom demands -- he suggests that AWS customers restrict the use of SSE-C.

"This can be achieved by leveraging the Condition element in IAM policies to prevent unauthorized applications of SSE-C on S3 buckets, ensuring that only approved data and users can utilize this feature," he explained. Plus, it's important to monitor and regularly audit AWS keys, as these make very attractive targets for all types of criminals looking to break into companies' cloud environments and steal data. "Permissions should be reviewed frequently to confirm they align with the principle of least privilege, while unused keys should be disabled, and active ones rotated regularly to minimize exposure," West said.
An AWS spokesperson said it notifies affected customers of exposed keys and "quickly takes any necessary actions, such as applying quarantine policies to minimize risks for customers without disrupting their IT environment."

They also directed users to this post about what to do upon noticing unauthorized activity.
Cloud

Euro-Cloud Anexia Moves 12,000 VMs Off VMware to Homebrew KVM Platform (theregister.com) 57

The Register's Simon Sharwood reports: Broadcom has lost another sizable customer for its VMware platform: Austrian cloud provider Anexia has moved 12,000 VMs, some of them rented by major European businesses, to an open-source system based on the KVM hypervisor. Anexia was founded in 2006, is based in Austria, and provides cloud services from over 100 locations around the world by placing equipment in third party datacenters. Clients include remote access and control vendor TeamViewer, and airline Lufthansa -- plus plenty more outfits that need reliable hosting and service to match.

CEO Alexander Windbichler told The Register that after Broadcom acquired VMware, increased licensing costs, and made big changes to its partner program, Anexia remained eligible to operate a VMware-powered cloud. But Windbichler felt he couldn't afford to continue, because Broadcom offered new terms that saw the cost of VMware licenses rise sharply. The CEO preferred not to enumerate the increase precisely however The Register understands it exceeded 500 percent. Whatever the actual figure, Windbichler said the cost increase "Would have been existential for us."

"We used to pay for VMware software one month in arrears," he said. "With Broadcom we had to pay a year in advance with a two-year contract." That arrangement, the CEO said, would have created extreme stress on company cashflow. "We would not be able to compete with the market," he said. "We had customers on contracts, and they would not pay for a price increase." Windbichler considered legal action, but felt the fight would have been slow and expensive. Anexia therefore resolved to migrate, a choice made easier by its ownership of another hosting business called Netcup that ran on a KVM-based platform.

Privacy

Database Tables of Student, Teacher Info Stolen From PowerSchool In Cyberattack (theregister.com) 18

An anonymous reader quotes a report from The Register: A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers' personal data -- including some Social Security Numbers and medical info -- stolen. PowerSchool says its cloud-based student information system is used by 18,000 customers around the globe, including the US and Canada, to handle grading, attendance records, and personal information of more than 60 million K-12 students and teachers. On December 28 someone managed to get into its systems and access their contents "using a compromised credential," the California-based biz told its clients in an email seen by Register this week.

[...] "We believe the unauthorized actor extracted two tables within the student information system database," a spokesperson told us. "These tables primarily include contact information with data elements such as name and address information for families and educators. "For a certain subset of the customers, these tables may also include Social Security Number, other personally identifiable information, and limited medical and grade information. "Not all PowerSchool student information system customers were impacted, and we anticipate that only a subset of impacted customers will have notification obligations."
While the company has tightened security measures and offered identity protection services to affected individuals, cybersecurity firm Cyble suggests the intrusion "may have been more serious and gone on much longer than has been publicly acknowledged so far," reports The Register. The cybersecurity vendor says the intrusion could have occurred as far back as June 16, 2011, with it ending on January 2 of this year.

"Critical systems and applications such as Oracle Netsuite ERP, HR software UltiPro, Zoom, Slack, Jira, GitLab, and sensitive credentials for platforms like Microsoft login, LogMeIn, Windows AD Azure, and BeyondTrust" may have been compromised, too.
Open Source

VLC Tops 6 Billion Downloads, Previews AI-Generated Subtitles (techcrunch.com) 68

VLC media player, the popular open-source software developed by nonprofit VideoLAN, has topped 6 billion downloads worldwide and teased an AI-powered subtitle system. From a report: The new feature automatically generates real-time subtitles -- which can then also be translated in many languages -- for any video using open-source AI models that run locally on users' devices, eliminating the need for internet connectivity or cloud services, VideoLAN demoed at CES.
Cloud

Microsoft Kills Free OneDrive Storage Loophole (theregister.com) 18

Microsoft will begin enforcing storage limits on unlicensed OneDrive accounts from January 27, 2025, ending a loophole that allowed organizations to retain departed employees' data without cost.

Data from accounts unlicensed for over 93 days will move to recycle bins for another 93 days before permanent deletion, unless under retention policies. Archived data retrieval will cost $0.60 per gigabyte plus $0.05 monthly per gigabyte. Organizations must either retrieve data, add licenses, or risk losing access, Microsoft has warned.
China

Akamai To Quit Its CDN in China (theregister.com) 23

An anonymous reader shares a report: Akamai has decided to end its content delivery network services in China, but not because it's finding it hard to do business in the Middle Kingdom. News of Akamai's decision to end CDN services in China emerged in a letter it recently published and sent to customers and partners that opens by reminding them the company has a "commitment to providing world-class delivery and security solutions" -- and must therefore inform them that "Effective June 30, 2026, all China CDN services will reach their decommission date."

Customers are offered a choice: do nothing and then be moved to an Akamai CDN located outside China, or use similar services from Chinese companies Tencent Cloud and Wangsu Science & Technology.

Microsoft

Microsoft Plans $3 Billion AI, Cloud Investment in India (techcrunch.com) 7

Microsoft plans to invest $3 billion to expand its artificial intelligence and cloud Azure services in India, turning to the world's most populous nation to fuel its revenue growth engine. From a report: The firm, which has been operating in India for more than two decades, will also train an additional 10 million people in the country with AI, Microsoft CEO Satya Nadella said at an event in Bengaluru Tuesday.

"The investments in infrastructure and skilling we are announcing today reaffirm our commitment to making India AI-first, and will help ensure people and organizations across the country benefit broadly," said Nadella. "The diffusion rate of AI in India is exciting." India is a key overseas market for American tech giants that have poured tens of billions of dollars in building and scaling their operations in the South Asian market over the past two decades as they work to court businesses serving hundreds of millions of users.

Intel

Intel Says New Laptop Chips Will Extend Computer Battery Life (yahoo.com) 29

Intel, which has been fending off mounting competition in notebook processors, says a new range of chips will help enable the longest battery life available in laptops. From a report: New computers based on the latest version of its Core Ultra processors will go on sale starting this month, the company said Monday at CES, an annual consumer electronics show.

Intel was for decades the world's largest chipmaker thanks to its dominance of the computer processor market. Production technology stumbles and slow product introductions have opened the door to both long-time rivals and firms just entering the space. The company's board last month ousted its chief executive officer, citing the need to improve its offerings.

The new chips, intended for corporate PCs and high-end consumer devices, are aimed at boosting performance in two areas the company considers key selling points: battery life and the ability to run artificial intelligence functions. According to Intel, an HP laptop that uses one of the new processors can run Microsoft's Teams software for as long as 10.5 hours on a single charge. It can go 20.3 hours between charges when the user is running Microsoft's cloud-based 365 suite, Intel added. By comparison, Intel says a Dell device using a Qualcomm Snapdragon processor can last as long as 9.2 hours and 18.5 hours, respectively, under those conditions.

Privacy

Online Gift Card Store Exposed Hundreds of Thousands of People's Identity Documents (techcrunch.com) 15

An anonymous reader quotes a report from TechCrunch: A U.S. online gift card store has secured an online storage server that was publicly exposing hundreds of thousands of customer government-issued identity documents to the internet. A security researcher, who goes by the online handle JayeLTee, found the publicly exposed storage server late last year containing driving licenses, passports, and other identity documents belonging to MyGiftCardSupply, a company that sells digital gift cards for customers to redeem at popular brands and online services.

MyGiftCardSupply's website says it requires customers to upload a copy of their identity documents as part of its compliance efforts with U.S. anti-money laundering rules, often known as "know your customer" checks, or KYC. But the storage server containing the files had no password, allowing anyone on the internet to access the data stored inside. JayeLTee alerted TechCrunch to the exposure last week after MyGiftCardSupply did not respond to the researcher's email about the exposed data. [...]

According to JayeLTee, the exposed data -- hosted on Microsoft's Azure cloud -- contained over 600,000 front and back images of identity documents and selfie photos of around 200,000 customers. It's not uncommon for companies subject to KYC checks to ask their customers to take a selfie while holding a copy of their identity documents to verify that the customer is who they say they are, and to weed out forgeries.
MyGiftCardSupply founder Sam Gastro told TechCrunch: "The files are now secure, and we are doing a full audit of the KYC verification procedure. Going forward, we are going to delete the files promptly after doing the identity verification." It's not known how long the data was exposed or if the company would commit to notifying affected individuals.
China

Alibaba Slashes Prices On LLMs By Up To 85% As China AI Rivalry Heats Up 12

Alibaba is cutting prices on its large language models by up to 85% to attract more enterprise users and strengthen its position in China's competitive AI market. CNBC reports: The Hangzhou-based e-commerce firm's cloud computing division, Alibaba Cloud, said in a WeChat post that it's offering the price cuts on its visual language model, Qwen-VL, which is designed to perceive and understand both texts and images. [...] Major Chinese tech firms including Alibaba, Tencent, Baidu, JD.com, Huawei and TikTok parent company Bytedance have all launched their own large language models over the past 18 months, looking to capitalize on the hype around the technology.

It's not the first time Alibaba has announced price cuts to incentivize businesses to use its AI products. In February, the company announced price reductions of as much as 55% on a wide range of core cloud products. More recently, in May, the company reduced prices on its Qwen AI model by as much as 97% in a bid to boost demand. [...] In Alibaba's case, the company is focusing its LLM efforts on the enterprise segment rather than launching a consumer AI chatbot like OpenAI's ChatGPT. In May, the company said its Qwen models have been deployed by over 90,000 enterprise users.
XBox (Games)

Russia Admits Its Homegrown Consoles Can't Match the PS5 or Xbox Series (techspot.com) 52

Earlier this year, Russia President Vladimir Putin called on the government to develop its own domestically produced gaming consoles with proprietary operating systems and cloud-based platforms. "With Russia heavily sanctioned and looking to promote its own products, one of its in-development consoles is powered by the Elbrus processor," notes TechSpot. However, the processor is "designed primarily for domestic applications in critical infrastructure, defense, and other sensitive areas" and "can't match high-end CPUs from Intel, AMD, and Arm." From the report: The Russian government admits that this device isn't going to be on the same level as current-gen machines. "I hope my colleagues will approach this task with full responsibility and come up with something truly groundbreaking," said Anton Gorelkin, Deputy Chairman of the State Duma Committee on Information Policy. "It is obvious to everyone: Elbrus processors are not yet at the level required to compete equally with the PS5 and Xbox, which means the solution must be unconventional." Gorelkin said that Russian consoles aren't being designed only to play ports of hundreds of old, less-demanding games. He added that they should primarily serve the purpose of promoting and popularizing domestic video game products.

Another organization following Putin's instructions is Russian telecommunications firm MTS. Its console (above) will use the company's cloud-based gaming platform, called Fog Play. It allows owners of high-end PCs to rent out their computing power to those with less-powerful equipment, charging an hourly price. Those with more powerful PCs can access games on the service and use their own hardware to play them. MTS' device is expected to cost no more than $45 and come with an Xbox-like controller, suggesting it's unlikely to appeal to those who enjoy current-gen console games.

Crime

US Army Soldier Arrested In AT&T, Verizon Extortions (krebsonsecurity.com) 10

An anonymous reader quotes a report from KrebsOnSecurity: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea. Cameron John Wagenius was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records. The sparse, two-page indictment (PDF) doesn't reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius' mother -- Minnesota native Alicia Roen -- filled in the gaps.

Roen said that prior to her son's arrest he'd acknowledged being associated with Connor Riley Moucka, a.k.a. "Judische," a prolific cybercriminal from Canada who was arrested in late October for stealing data from and extorting dozens of companies that stored data at the cloud service Snowflake. In an interview with KrebsOnSecurity, Judische said he had no interest in selling the data he'd stolen from Snowflake customers and telecom providers, and that he preferred to outsource that to Kiberphant0m and others. Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon. On November 26, KrebsOnSecurity published a story that followed a trail of clues left behind by Kiberphantom indicating he was a U.S. Army soldier stationed in South Korea.

[...] Immediately after news broke of Moucka's arrest, Kiberphant0m posted on the hacker community BreachForums what they claimed were the AT&T call logs for President-elect Donald J. Trump and for Vice President Kamala Harris. [...] On that same day, Kiberphant0m posted what they claimed was the "data schema" from the U.S. National Security Agency. On Nov. 5, Kiberphant0m offered call logs stolen from Verizon's push-to-talk (PTT) customers -- mainly U.S. government agencies and emergency first responders. On Nov. 9, Kiberphant0m posted a sales thread on BreachForums offering a "SIM-swapping" service targeting Verizon PTT customers. In a SIM-swap, fraudsters use credentials that are phished or stolen from mobile phone company employees to divert a target's phone calls and text messages to a device they control.

Intel

Intel Suffers Worst Year Since 1971 IPO (cnbc.com) 34

Intel's market value plunged 61% in 2024, marking its worst performance since going public in 1971, while rival chipmaker Broadcom saw shares surge 111% on AI advances. Broadcom, now valued at $1.1 trillion, leverages its custom XPU chips and networking gear for major cloud providers including Google, helping companies build AI infrastructure at lower costs than Nvidia's GPUs.

Further reading: Intel Weighed $20 Billion Nvidia Takeover in 2005.
Technology

QR-Style Codes Could Replace Barcodes 'Within Two Years' (theguardian.com) 80

Traditional barcodes are set to be replaced by next-generation QR-style codes by 2027, offering enhanced functionality such as embedding sell-by dates, allergens, and recycling information. The Guardian reports: Tesco has started using them on some products, and other trials have suggested that waste of perishable food such as poultry can be cut by embedding sell-by dates in the new QR-style codes, allowing for more dynamic discounting. QR (quick response) codes will allow customers to instantly access more information about the product, including how to recycle batteries, clothes and building materials when tougher environmental regulations bite. But they will also put a greater demand on the world's cloud computing resources, where the extra data they contain will be stored -- meaning a potentially greater carbon footprint.

The first barcode was read in an Ohio supermarket in June 1974 when a packet of Juicy Fruit chewing gum was rung up. It was devised by Joe Woodland, an inventor who had been implored by a retailer frustrated at losing profits, to speed up checkout queues and stocktaking. Coca-Cola has used the new generation of codes in parts of Latin America for refillable bottles, with the QR code allowing the counting of refills so that a requirement of 25 before recycling can be enforced. The Australian supermarket chain Woolworths is said to have reduced food waste by up to 40% in some areas, as the codes allow stores to better spot products approaching expiry and discount more efficiently.
"We've defined an ambition that by the end of 2027 all retailers in the world will be able to read those next-generation barcodes," said Renaud de Barbuat, the president and chief executive of GS1. "We think it's doable ... It represents some investment on the part of retailers to adapt their point-of-sale systems, but it's already well under way."

Anne Godfrey, the chief executive of GS1 UK, said: "This has been in the works for some time, but Covid really accelerated it. During the pandemic, everyone got used to pointing their phones at QR codes in pubs and restaurants to access the menu."
Government

US Treasury Says Chinese Hackers Stole Documents In 'Major Incident' (reuters.com) 34

An anonymous reader quotes a report from Reuters: Chinese state-sponsored hackers broke into the U.S. Treasury Department earlier this month and stole documents from its workstations, according to a letter to lawmakers that was provided to Reuters on Monday. The hackers compromised a third-party cybersecurity service provider and were able to access unclassified documents, the letter said, calling it a "major incident."

According to the letter, hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able override the service's security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users." After being alerted by cybersecurity provider BeyondTrust, the Treasury Department said it was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack's impact.
Developing...
Open Source

Nvidia Open-Sources Run:ai, the Software It Acquired For $700 Million (venturebeat.com) 8

Nvidia has completed its acquisition of Run:ai, a provider of GPU cloud orchestration software for AI workloads, and announced plans to open-source the platform. The deal, valued at $700 million, brings the Israel-based startup under Nvidia's umbrella after their collaboration since 2020.

Run:ai's software helps enterprises manage and schedule Nvidia GPU resources for AI applications across cloud and on-premises environments. Founded in 2018, the company's platform currently supports only Nvidia GPUs, but open-sourcing will enable expansion to other AI ecosystems, according to founders Omri Geller and Ronen Dar. The acquisition strengthens Nvidia's software portfolio as the company, now valued at $3.56 trillion, expands beyond its core graphics chip business into AI infrastructure management.
Privacy

Massive VW Data Leak Exposed 800,000 EV Owners' Movements (carscoops.com) 69

A new report reveals that the VW Group left sensitive data for 800,000 electric vehicles from Audi, VW, Seat, and Skoda poorly secured on an Amazon cloud, exposing precise GPS locations, battery statuses, and user habits for months. Carscoops reports: It gets worse. A more tech-savvy user could reportedly connect vehicles to their owners' personal credentials, thanks to additional data accessible through VW Group's online services Crucially, in 466,000 of the 800,000 cases, the location data was so precise that anyone with access could create a detailed profile of each owner's daily habits. As reported by Spiegel, the massive list of affected owners isn't just a who's-who of regular folks. It includes German politicians, entrepreneurs, Hamburg police officers (the entire EV fleet, no less), and even suspected intelligence service employees. Yes, even spies may have been caught up in this digital debacle.

This glaring error originated from Cariad, a VW Group company that focuses on software, due to an error that occurred in the summer of 2024. An anonymous whistleblower used freely accessible software to dig up the sensitive information and promptly alerted Chaos Computer Club (CCC), Europe's largest hacker association. CCC wasted no time contacting Lower Saxony's State Data Protection Officer, the Federal Ministry of the Interior, and other security bodies. They also gave VW Group and Cariad 30 days to address the issue before going public. According to CCC, Cariad's technical team "responded quickly, thoroughly and responsibly," blocking unauthorized access to its customers' data.

Microsoft

Microsoft Bundling Practices Focus of Federal Antitrust Probe (propublica.org) 7

The Federal Trade Commission has launched a broad antitrust investigation into Microsoft's business practices, focusing on how the company bundles its Office products with cybersecurity and cloud computing services.

The probe follows ProPublica reporting that revealed Microsoft offered free temporary upgrades of federal agencies' software licenses to include advanced cybersecurity features, leading to long-term contracts once the trial period ended. The strategy helped Microsoft expand its government business while displacing competitors in both cybersecurity and cloud computing markets.

The investigation includes scrutiny of Microsoft's identity management product Entra ID, formerly Azure Active Directory. The FTC has issued a civil investigative demand compelling the company to turn over information. The probe represents one of FTC Chair Lina Khan's final moves before leadership changes under the Biden administration. Microsoft confirmed receiving the demand but called it "broad, wide ranging, and requests things that are out of the realm of possibility to even be logical."
Microsoft

Microsoft-OpenAI Deal Defines AGI as $100 Billion Profit Milestone (theinformation.com) 55

OpenAI CEO Sam Altman is negotiating major changes to the company's $14 billion partnership with Microsoft. The companies have defined artificial general intelligence (AGI) as systems generating $100 billion in profits [non-paywalled source] -- the point at which OpenAI could end certain Microsoft agreements, The Information reports.

According to their contract, AGI means AI that surpasses humans at "most economically valuable work." The talks focus on Microsoft's equity stake, cloud exclusivity, and 20% revenue share as OpenAI aims to convert from nonprofit to for-profit status. The AI developer projects $4 billion in 2024 revenue.
Apple

How Apple Developed an Nvidia Allergy 38

Apple has long avoided directly purchasing Nvidia's chips and is now developing its own AI server chip with Broadcom, aiming for production by 2026, The Information reported Tuesday, shedding broader light on why the two companies don't get along so well.

The relationship deteriorated after a 2001 meeting where Steve Jobs accused Nvidia of copying technology from Pixar, which he then controlled. Relations worsened in 2008 when Nvidia's faulty graphics chips forced Apple to extend MacBook warranties without full compensation.

Rather than buying Nvidia's dominant AI processors directly like its tech peers, the Information reports, Apple rents them through cloud providers while also using Google's custom chips for training large AI models. The company's new chip project, code-named Baltra, marks its most ambitious effort yet to reduce reliance on external AI processors, despite being one of the largest indirect users of Nvidia chips through cloud services.

Slashdot Top Deals