AT&T Inc. and Verizon Communications Inc. rejected a U.S. request to delay this week’s launch of a new variation of 5G mobile service that airlines said might interfere with aircraft electronics, posing a safety hazard.
Category: electronics – Page 50
New Malware Uses SSD Over-Provisioning to Bypass Security Measures
An almost perfect way to stealthily store malware.
Korean researchers have detected a vulnerability in SSDs that allows malware to plant itself directly in an SSD’s empty over-provisioning partition. As reported by BleepingComputer, this allows the malware to be nearly invincible to security countermeasures.
Over-provisioning is a feature included in all modern SSDs that improves the lifespan and performance of the SSD’s built-in NAND storage. Over-provisioning in essentially just empty storage space. But, it gives the SSD a chance to ensure that data is evenly distributed between all the NAND cells by shuffling data to the over-provisioning pool when needed.
While this space is supposed to be inaccessible by the operating system — and thus anti-virus tools — this new malware can infiltrate it and use it as a base of operations.
A Cybertruck-Inspired Remote-Controlled EV Could Help You Clear Snow
While the CyberKAT starts at $1,299, you’ll need to fork out an additional $120 for the electronics kit to power it and another $80 for the optional radio. The first models are currently estimated to start shipping in January or February 2022, which means the CyberKAT will likely beat the Cybertruck to market.
The additional fittings would mean that you could build the beast yourself. What better than a good DIY project to begin the new year.
Source: https://interestingengineering.com/a-cybertruck-inspired-rem…clear-snow.
CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities
Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache’s Log4j software library by nefarious adversaries.
“These vulnerabilities, especially Log4Shell, are severe,” the intelligence agencies said in the new guidance. “Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021–45046, and CVE-2021–45105 in vulnerable systems. These vulnerabilities are likely to be exploited over an extended period.”
CISA releases Apache Log4j scanner to find vulnerable apps
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021–44228 and CVE-2021–45046.
“log4j-scanner is a project derived from other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities,” the cybersecurity agency explains.
This scanning solution builds upon similar tools, including an automated scanning framework for the CVE-2021–44228 bug (dubbed& Log4Shell)& developed by cybersecurity company FullHunt.
Putin threatens “retaliatory military-technical” measures as standoff with U.S. and NATO over Ukraine escalates
=O-O=.
Moscow — President Vladimir Putin used some of his most direct language to date on Tuesday in his escalating standoff with the U.S. and its European allies. The Russian leader warned that if the U.S. and NATO do not halt what Moscow considers aggressive actions along the country’s border with Ukraine 0, Russia would respond in a “retaliatory military” manner.
“If the obviously aggressive line of our Western colleagues continues, we will take adequate, retaliatory military-technical measures [and] react toughly to unfriendly steps,” Putin told senior military officials during a meeting in remarks carried by Russian state TV. “I want to emphasize that we have every right to do so.”
