As extra aspects of every day life go digital, it is extra paramount now than ever to be proactive about on-line safety. As 2022 proved, nonetheless, staying secure is not only a fashionable concern as vulnerabilities have been round for years – a long time, even – and might crop up in probably the most sudden locations and methods.
Safety researchers exhibit the RTX 4090’s password cracking energy
The brand new GPU considerably reduces the time required to acquire or get better consumer passwords
Safety researcher and password cracker Sam Croley posted benchmarks highlighting the RTX 4090’s password-cracking muscle. Nvidia’s latest flagship GPU shattered the RTX 3090’s earlier benchmark information and doubled efficiency throughout nearly each algorithm examined. The cracked passwords adhered to safety finest practices and included random letter circumstances, symbols, and numbers.
For years, some Gigabyte and Asus motherboards carried UEFI malware
The CosmicStrand rootkit is the most recent indication that UEFI malware could also be extra frequent than beforehand thought
Safety agency ESET found the primary UEFI rootkit that had been used within the wild again in 2018. One of these persistent menace was the topic of theoretical discussions amongst safety researchers, however over the previous years, it is develop into clear that it is much more frequent than beforehand thought, regardless of being comparatively onerous to develop.
Janet Jackson music from 1989 declared a cybersecurity vulnerability for crashing onerous drives
Rhythm Nation would not ship out good vibrations
Folks of the world immediately, are we on the lookout for a greater lifestyle?” sang Janet Jackson on her 1989 hit Rhythm Nation, not realizing that the higher lifestyle she was speaking about did not embrace sure onerous drives. It is simply been revealed that the music has the ability to crash explicit fashions of laptops, and it has now been acknowledged as a cybersecurity vulnerability.
GameStop “wiretapped” prospects with out consent, claims lawsuit
It bought secret transcripts to a advertising and marketing agency to construct profiles utilizing private info
If it wasn’t silly sufficient that GameStop dove headfirst into the NFT and crypto market proper earlier than the bubble burst, cling on for a second — the corporate desires you to carry its beer. It’s now being sued for recording customer support chats with out consent and promoting transcripts to a advertising and marketing agency.
QNAP points ransomware warning to customers: safe your gadgets or disconnect unprotected NAS
Ransomware and brute drive assaults from unidentified sources are actively concentrating on community gadgets
QNAP issued a safety assertion urging their NAS customers to take rapid motion and safe their knowledge in opposition to ongoing ransomware and brute drive assaults. Whereas the accountable events haven’t been recognized, the widespread assaults seem to focus on any weak community gadgets. The corporate has offered safety setting directions and mitigation actions that any QNAP NAS customers ought to implement instantly.
Nvidia allegedly hacked its hackers, stole its knowledge again
Hacking group Lapsus$ claims to nonetheless have a replica of the info
A number of on-line safety teams are reporting that the South American hacker group Lapsus$ is claiming to have been behind the current cyberattack on Nvidia. It is also claiming that Nvidia hacked them in return, encrypted the stolen knowledge, and ransomed again their machines. For now, that is simply rumour, however makes for an excellent turning-the-tables story.
A number of safety flaws emerge in Australian digital driver’s licenses
Presumably much less safe than bodily ID playing cards
The federal government of New South Wales in Australia launched digital driver’s licenses in late 2019, claiming they had been more durable to forge than bodily identification. A safety firm not too long ago outlined a number of explanation why this is not the case.
Nvidia hackers leak 190GB of delicate knowledge from Samsung
The leaks consists of Samsung’s encryption knowledge and supply code
Lapsus$, a hacking group that leaked confidential info from Nvidia simply final week, has reportedly moved to a brand new goal: Samsung. The hackers have claimed an assault that leaked 190GB of confidential info from the South Korean expertise big, together with encryption knowledge and supply code for Samsung’s most up-to-date gadgets.
Teen hacker beneficial properties distant management of over 20 Teslas
Full management over automotive doorways, safety system, and extra
This week, a young person reported that he has gained distant entry to round two dozen Tesla vehicles in a number of international locations and is attempting to contact their house owners. The record of issues he can do to the affected autos is lengthy and harmful.
Supply code for Alder Lake BIOS was posted to GitHub
It may’ve uncovered some safety vulnerabilities
Obvious supply code for Alder Lake BIOS has been shared on-line. It appears to have been leaked in its entirety at 5.9 GB uncompressed, probably by somebody working at a motherboard vendor, or by accident by a Lenovo manufacturing companion.