Toggle light / dark theme

Researchers at the cybersecurity firm Eclypsium, which focuses on firmware, reported today that they have found a secret backdoor in the firmware of motherboards manufactured by the Taiwanese manufacturer Gigabyte’s components are often used in gaming PCs and other high-performance systems. Eclypsium discovered that whenever a computer with the affected Gigabyte motherboard restarts, code inside the motherboard’s firmware silently triggers the launch of an updater application, which then downloads and runs another piece of software on the machine. Researchers discovered that the hidden code was built in an unsafe manner, making it possible for the mechanism to be hijacked and used to install malware rather than Gigabyte’s intended software.

Despite the fact that Eclypsium claims the hidden code is intended to be a harmless utility to keep the motherboard’s firmware updated, researchers determined that the implementation was vulnerable. And since the updater application is activated from the computer’s firmware rather than the operating system, it is difficult for users to either delete it or even detect it on their own. In the blog post, the company details the 271 different versions of Gigabyte motherboards that the researchers think are vulnerable. According to experts, individuals who are interested in discovering the motherboard that is used by their computer may do so by selecting “Start” in Windows and then selecting “System Information.”

Users who don’t trust Gigabyte to silently install code on their machine with a nearly invisible tool may have been concerned by Gigabyte’s updater alone. Other users may have been concerned that Gigabyte’s mechanism could be exploited by hackers who compromise the motherboard manufacturer to exploit its hidden access in a software supply chain attack. The update process was designed and built with obvious flaws that left it susceptible to being exploited in the following ways: It downloads code to the user’s workstation without properly authenticating it, and in certain cases, it even does it through an unsecured HTTP connection rather than an HTTPS one. This would make it possible for a man-in-the-middle attack to be carried out by anybody who is able to intercept the user’s internet connection, such as a malicious Wi-Fi network. The attack would enable the installation source to be faked.

Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT.

“Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT,” the JPCERT Coordination Center (JPCERT/CC) said in a report published today.

The compromise of an internet-exposed router is followed by the deployment of a loader script that acts as a conduit for delivering GobRAT, which, when launched, masquerades as the Apache daemon process (apached) to evade detection.

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement.

The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023.

“Persistence is achieved via timed processors or entries to cron,” said Dr. Johannes Ullrich, dean of research for SANS Technology Institute. “The attack script is not saved to the system. The attack scripts are kept in memory only.”

Baidu Inc. is investing 1 billion yuan ($140 million) to nurture Chinese startups that explore generative AI, leveraging its Ernie AI model to help drive innovation.

Baidu Inc., China’s internet search leader, is investing 1 billion yuan ($140 million) to incubate Chinese startups that focus on generative AI. As reported in Bloomberg, the move makes Baidu a part of the global investment wave centering on ChatGPT-like services.


Baidu’s $140 Million Venture into Generative AI Startups

According to a statement released by Baidu, the investment will be used to foster projects utilizing its Ernie AI model, with funding potentially as high as 10 million yuan each. Venture investors, including IDG Capital, will evaluate pitches from founders, who will then create demo products before a decision on seed funding.

This incubation program merges one of China’s top startup investment firms with its leading player in AI development. This represents another leap forward in China’s aggressive AI investment strategy, catalyzed by the media buzz surrounding the debut of OpenAI’s ChatGPT.

Google, the internet-spanning librarian of all of digital time and space, is expanding access to its new generative AI experience for Search — and you could be among the lucky few to try out this new feature in just a few clicks.

The generative AI experience for Search was unveiled at Google I/O and seeks to provide Googlers with a speedier, more natural approach to finding the information they want online — similar to the offerings of Microsoft’s Bing Chat. One key difference between the two being people actually use Google Search.

Program & apply to join: https://foresight.org/existential-hope/
Foresight Existential Hope Group.

Kevin kelly, wired magazine | pioneering visions of a high-tech future.

In this episode of Foresight’s Existential Hope Podcast, our special guest is Kevin Kelly, an influential figure in technology, culture, and optimism for the future. As the founding executive editor of Wired and former editor of Whole Earth Review, Kelly’s ideas and perspectives have shaped generations of thinkers and technologists.

Join our hosts Allison Duettmann and Beatrice Erkers as they delve into Kelly’s philosophies and experiences, from witnessing technological shifts over the decades to fostering optimism about the future. Kelly shares details about his latest book, a collection of optimistic advice in tweet form, and talks about his current project envisioning a desirable hi-tech future 100 years from now.

He also discusses the transformative power of the internet as an accelerant for learning, the underestimated long-term effects of being online, and the culture-changing potential of platforms like YouTube. If you’re interested in the intersection of technology, optimism, and the future, this is a must-see.

Join us:

Engineers in Japan just shattered the world record for the fastest internet speed, achieving a data transmission rate of 319 Terabits per second (Tb/s), according to a paper presented at the International Conference on Optical Fiber Communications in June. The new record was made on a line of fibers more than 1,864 miles (3,000 km) long. And, crucially, it is compatible with modern-day cable infrastructure.

Not perfect, but very impressive.


Sponsored:
Use my special link https://www.privateinternetaccess.com/AIDRIVR for an 83% discount, 4 months free and 30-day money-back guarantee on the best VPN — Private Internet Access.

Version: 11.4.1 [2023.7.5]

Consider supporting this channel on Patreon: https://patreon.com/AIDRIVR

Filming Equipment: