The world's freight-carrying trucks and ships use GPS-based satellite tracking and navigation systems, reports ZDNet. But "Criminals are turning to cheap GPS jamming devices to ransack the cargo on roads and at sea, a problem that's getting worse...." Jammers work by overpowering GPS signals by emitting a signal at the same frequency, just a bit more powerful than the original. The typical jammers used for cargo hijackings are able to jam frequencies from up to 5 miles away rendering GPS tracking and security apparatuses, such as those used by trucking syndicates, totally useless. In Mexico, jammers are used in some 85% of cargo truck thefts. Statistics are harder to come by in the United States, but there can be little doubt the devices are prevalent and widely used. Russia is currently availing itself of the technology to jam commercial planes in Ukraine.

As we've covered, the proliferating commercial drone sector is also prey to attack.... During a light show in Hong Kong in 2018, a jamming device caused 46 drones to fall out of the sky, raising public awareness of the issue.
While the problem is getting worse, the article also notes that companies are developing anti-jamming solutions for drone receivers, "providing protection and increasing the resiliency of GPS devices against jamming attacks.

"By identifying and preventing instances of jamming, fleet operators are able to prevent cargo theft."

While there is a lot of noise about the hottest programming languages and the evolution of Web3, blockchain and the metaverse, none of this will matter if the industry doesn't have highly skilled software developers to build them," argues ZDNet.

So they spoke to Ori Bendet, VP of product management at CheckMarx, a builder software that tests application security. His prediction? Automatic code generators (ACG) like Github CoPilot, AWS CodeWhisperer and Tab9 will eventually replace "traditional" coding. "Although ACG is not as good as developers may think," Bendet says, "over the next few years, every developer will have their code generated, leaving them more time to focus on their core business." As businesses turn to automation as a means of quickly building and deploying new apps and digital services, low code and no code tools will play a fundamental role in shaping the future of the internet. According to a 2021 Gartner forecast, by 2025, 70% of new applications developed by enterprises will be based on low-code or no-code tools, compared to less than 25% in 2020. A lot of this work will be done by 'citizen developers' — employees who build business apps for themselves and other users using low code tools, but who don't have formal training in computer programming. In order to build a proficient citizen developer workforce, companies will need an equally innovative approach to training.

"Low code and no code tools are democratizing software development and providing opportunities for more people to build technology, prompting more innovation across industries," says Prashanth Chandrasekar, CEO of Stack Overflow....

The rise of low-code and no-code will also help to further democratize tech jobs, creating more opportunities for talented individuals from non-tech or non-academic backgrounds. A 2022 survey by developer recruitment platforms CoderPad and CodinGame found that 81% of tech recruiters now readily hire from 'no-degree' candidate profiles. CodinGame COO Aude Barral believes this trend will only grow as the demand for software professionals intensifies.
Stack Overflow's CEO sees some limitations. "Without taking the time to learn the fundamentals of writing code or the context in which code is used, developers using low-code or code suggestion tools will hit a limit in the quality and functionality of their code."

How is this playing out in the real world of professional IT? I'd like to invite Slashdot's readers to share their own experiences in the comments.

Are you seeing low-code and no-code development replacing traditional coding?

The makers of the secure telnet client PuTTY also sell a service monitoring company security services — and this July Mandiant Managed Defense "identified a novel spear phish methodology," according to a post on the company's blog: [The threat cluster] established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility.... This activity was identified by our Mandiant Intelligence: Staging Directories mission, which searches for anomalous files written to directories commonly used by threat actors....

The amazon_assessment.iso archive held two files: an executable and a text file. The text file named Readme.txt had connection details for use with the second file: PuTTY.exe.... [T]he PuTTY.exe binary in the malicious archive does not have a digital signature. The size of the PuTTY binary downloaded by the victim is also substantially larger than the legitimate version. Upon closer inspection, it has a large, high entropy .data section in comparison to the officially distributed version. Sections like these are typically indicative of packed or encrypted data. The suspicious nature of the PuTTY.exe embedded in the ISO file prompted Managed Defense to perform a deeper investigation on the host and the file itself.

The execution of the malicious PuTTY binary resulted in the deployment of a backdoor to the host.
"The executable embedded in each ISO file is a fully functional PuTTY application compiled using publicly available PuTTY version 0.77 source code," the blog post points out.

Ars Technica notes that Mandiant's researchers believe it's being pushed by groups with ties to North Korea: The executable file installed the latest version of Airdry, a backdoor the US government has attributed to the North Korean government. The US Cybersecurity and Infrastructure Security Agency has a description here. Japan's community emergency response team has this description of the backdoor, which is also tracked as BLINDINGCAN.

An anonymous reader quotes a report from Ars Technica: On Thursday, a few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI. Using a newly discovered technique called a "prompt injection attack," they redirected the bot to repeat embarrassing and ridiculous phrases. The bot is run by Remoteli.io, a site that aggregates remote job opportunities and describes itself as "an OpenAI driven bot which helps you discover remote jobs which allow you to work from anywhere." It would normally respond to tweets directed to it with generic statements about the positives of remote work. After the exploit went viral and hundreds of people tried the exploit for themselves, the bot shut down late yesterday.

This recent hack came just four days after data researcher Riley Goodside discovered the ability to prompt GPT-3 with "malicious inputs" that order the model to ignore its previous directions and do something else instead. AI researcher Simon Willison posted an overview of the exploit on his blog the following day, coining the term "prompt injection" to describe it. "The exploit is present any time anyone writes a piece of software that works by providing a hard-coded set of prompt instructions and then appends input provided by a user," Willison told Ars. "That's because the user can type 'Ignore previous instructions and (do this instead).'"

The concept of an injection attack is not new. Security researchers have known about SQL injection, for example, which can execute a harmful SQL statement when asking for user input if it's not guarded against. But Willison expressed concern about mitigating prompt injection attacks, writing, "I know how to beat XSS, and SQL injection, and so many other exploits. I have no idea how to reliably beat prompt injection!" The difficulty in defending against prompt injection comes from the fact that mitigations for other types of injection attacks come from fixing syntax errors, noted a researcher named Glyph on Twitter. "Correct the syntax and you've corrected the error. Prompt injection isn't an error! There's no formal syntax for AI like this, that's the whole point." GPT-3 is a large language model created by OpenAI, released in 2020, that can compose text in many styles at a level similar to a human. It is available as a commercial product through an API that can be integrated into third-party products like bots, subject to OpenAI's approval. That means there could be lots of GPT-3-infused products out there that might be vulnerable to prompt injection.

LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. BleepingComputer reports: In an update to the security incident notification published last month, Lastpass' CEO Karim Toubba also said that the company's investigation (carried out in partnership with cybersecurity firm Mandiant) found no evidence the threat actor accessed customer data or encrypted password vaults. "Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults," Toubba said.

While method through which the attacker was able to compromise a Lastpass developer's endpoint to access the Development environment, the investigation found that the threat actor was able to impersonate the developer after he "had successfully authenticated using multi-factor authentication." After analyzing source code and production builds, the company has also not found evidence that the attacker tried to inject malicious code. This is likely because only the Build Release team can push code from Development into Production, and even then, Toubba said the process involves code review, testing, and validation stages. Additionally, he added that the LastPass Development environment is "physically separated from, and has no direct connectivity to" Lastpass' Production environment. The company says it has since "deployed enhanced security controls including additional endpoint security controls and monitoring," as well as additional threat intelligence capabilities and enhanced detection and prevention technologies in both Development and Production environments.

Uber says there is "no evidence" that any of its users' private information was compromised in a breach of its internal computer systems discovered Thursday. From a report: All of the company's products, including its ride-hail and Uber Eats food delivery services, are currently "operational," and law enforcement has been notified, Uber said in a statement this afternoon. The hack, which was discovered Thursday, forced the company to take several of its internal systems offline, including Slack, Amazon Web Services, and Google Cloud Platform. Uber is continuing to investigate how a hacker, who claims to be 18 years old, was able to gain administrator access to the company's internal tools. Those internal software tools were taken offline yesterday afternoon as "a precaution" and started to come back online earlier today, the company says.

An anonymous reader shares a report: Here's a fun new feature for Chrome for Android: fingerprint-protected Incognito tabs. 9to5Google discovered the feature in the Chrome 105 stable channel, though you'll have to dig deep into the settings to enable it at the moment. If you want to add a little more protection to your private browsing sessions, type "chrome://flags/#incognito-reauthentication-for-android" into the address bar and hit enter. After enabling the flag and restarting Chrome, you should see an option to "Lock Incognito tabs when you leave Chrome." If you leave your Incognito session and come back, an "unlock Incognito" screen will appear instead of your tabs, and you'll be asked for a fingerprint scan.

Intel is replacing its Pentium and Celeron brands with just Intel Processor. The new branding will replace both existing brands in 2023 notebooks and supposedly make things easier when consumers are looking to purchase budget laptops. From a report: Intel will now focus on its Core, Evo, and vPro brands for its flagship products and use Intel Processor in what it calls "essential" products. "Intel is committed to driving innovation to benefit users, and our entry-level processor families have been crucial for raising the PC standard across all price points," explains Josh Newman, VP and interim general manager of mobile client platforms at Intel. "The new Intel Processor branding will simplify our offerings so users can focus on choosing the right processor for their needs."

The end of the Pentium brand comes after nearly 30 years of use. Originally introduced in 1993, flagship Pentium chips were first introduced in high-end desktop machines before making the move to laptops. Intel has largely been using its Core branding for its flagship line of processors ever since its introduction in 2006, and Intel repurposed the Pentium branding for midrange processors instead. Celeron was Intel's brand name for low-cost PCs. Launched around five years after Pentium, Celeron chips have always offered a lot less performance at a lot less cost for laptop makers and, ultimately, consumers. The first Celeron chip in 1998 was based on a Pentium II processor, and the latest Celeron processors are largely used in Chromebooks and low-cost laptops.

Ethereum's big software update on Thursday may have turned the second-largest cryptocurrency into a security in the eyes of a top U.S. regulator. From a report: Securities and Exchange Commission Chairman Gary Gensler said Thursday that cryptocurrencies and intermediaries that allow holders to "stake" their coins might pass a key test used by courts to determine whether an asset is a security. Known as the Howey test, it examines whether investors expect to earn a return from the work of third parties. "From the coin's perspective...that's another indicia that under the Howey test, the investing public is anticipating profits based on the efforts of others," Mr. Gensler told reporters after a congressional hearing. He said he wasn't referring to any specific cryptocurrency.

Issuers of securities -- a category of assets that includes stocks and bonds -- are required to file extensive disclosures with the SEC under laws passed in the 1930s. Exchanges and brokers that facilitate the trading of securities must comply with strict rules designed to protect investors from conflicts of interest. Cryptocurrency issuers and trading platforms face strict liabilities if they sell any assets that are deemed to be securities by the SEC or courts. Staking is one of two ways in which cryptocurrency networks verify transactions. Used by some of the largest cryptocurrencies -- including Solana, Cardano and, as of this week, ether -- it allows investors to lock up their tokens for a specified amount of time to receive a return.

Uber discovered its computer network had been breached on Thursday, leading the company to take several of its internal communications and engineering systems offline as it investigated the extent of the hack. From a report: The breach appeared to have compromised many of Uber's internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. "They pretty much have full access to Uber," said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. "This is a total compromise, from what it looks like."

An Uber spokesman said the company was investigating the breach and contacting law enforcement officials. Uber employees were instructed not to use the company's internal messaging service, Slack, and found that other internal systems were inaccessible, said two employees, who were not authorized to speak publicly. Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, "I announce I am a hacker and Uber has suffered a data breach." The message went on to list several internal databases that the hacker claimed had been compromised. BleepingComputers adds: According Curry, the hacker also had access to the company's HackerOne bug bounty program, where they commented on all of the company's bug bounty tickets. Curry told BleepingComputer that he first learned of the breach after the attacker left the above comment on a vulnerability report he submitted to Uber two years ago. Uber runs a HackerOne bug bounty program that allows security researchers to privately disclose vulnerabilities in their systems and apps in exchange for a monetary bug bounty reward. These vulnerability reports are meant to be kept confidential until a fix can be released to prevent attackers from exploiting them in attacks.

Curry further shared that an Uber employee said the threat actor had access to all of the company's private vulnerability submissions on HackerOne. BleepingComputer was also told by a source that the attacker downloaded all vulnerability reports before they lost access to Uber's bug bounty program. This likely includes vulnerability reports that have not been fixed, presenting a severe security risk to Uber. HackerOne has since disabled the Uber bug bounty program, cutting off access to the disclosed vulnerabilities.

Three Iranian nationals charged with hacking into US-based computer networks sent ransom demands to the printers of at least some of their victims, according to an indictment unsealed today. The ransom demands allegedly sought payments in exchange for BitLocker decryption keys that the victims could use to regain access to their data. The three defendants remain at large and outside the US, the DOJ said. From a report: "The defendants' hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims' computer systems," the US Department of Justice said in a press release. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein, "and others also conducted encryption attacks against victims' computer systems, denying victims access to their systems and data unless a ransom payment was made." The indictment in US District Court for the District of New Jersey describes a few incidents in which ransom demands were sent to printers on hacked networks. In one case, a printed message sent to an accounting firm allegedly said, "We will sell your data if you decide not to pay or try to recover them." In another incident, the indictment said a Pennsylvania-based domestic violence shelter hacked in December 2021 received a message on its printers that said, "Hi. Do not take any action for recovery. Your files may be corrupted and not recoverable. Just contact us."

TikTok repeatedly declined to commit to US lawmakers on Wednesday that the short-form video app will cut off flows of US user data to China, instead promising that the outcome of its negotiations with the US government "will satisfy all national security concerns." From a report: Testifying before the Senate Homeland Security Committee, TikTok Chief Operating Officer Vanessa Pappas first sparred with Sen. Rob Portman over details of TikTok's corporate structure before being confronted -- twice -- with a specific request. "Will TikTok commit to cutting off all data and data flows to China, China-based TikTok employees, ByteDance employees, or any other party in China that might have the capability to access information on US users?" Portman asked.

The question reflects bipartisan concerns in Washington about the possibility that US user data could find its way to the Chinese government and be used to undermine US interests, thanks to a national security law in that country that compels companies located there to cooperate with data requests. US officials have expressed fears that China could use Americans' personal information to identify useful potential agents or intelligence targets, or to inform future mis- or disinformation campaigns. TikTok does not operate in China, Pappas said, though it does have an office in China. TikTok is owned by ByteDance, whose founder is Chinese and has offices in China. [...] Pappas affirmed in Wednesday's hearing that the company has said, on record, that its Chinese employees do have access to US user data. She also reiterated that TikTok has said it would "under no circumstances ... give that data to China" and denied that TikTok is in any way influenced by China. However, she avoided saying whether ByteDance would keep US user data from the Chinese government or whether ByteDance may be influenced by China.

Craig Wright told a Norwegian court on Wednesday that he "stomped on the hard drive" that contained the "key slices" required to grant him access to Satoshi Nakamoto's private keys, making it "incredibly difficult" to cryptographically prove he is the creator of Bitcoin -- a title he has claimed but failed to prove since 2016. From a report: Wright's inability to back up his claims with acceptable evidence is the issue at the center of his trial in Norway, one of two simultaneous legal battles between Wright and crypto Twitter personality Hodlonaut (real name Magnus Granath) over a series of tweets Hodlonaut -- then, a public school teacher with roughly 8,000 Twitter followers -- wrote in March 2019, deeming Wright a pretender and calling him a "scammer" and a "fraud."

Wright previously attempted to prove he was Satoshi in 2016 by demonstrating "proof" that he controlled Satoshi's private keys -- first, in private "signing sessions" with Bitcoin developer Gavin Andresen and former Bitcoin Foundation Director Jon Matonis (Andresen later said he'd been "bamboozled" by Wright and Matonis went on to work for a company owned by Wright), and later, in a public blog post offering "proof" that was thoroughly debunked by several well-known cryptography experts. In Norway, however, Wright is no longer attempting to convince the court he is Satoshi with cryptographic evidence -- partly because he claims to have intentionally destroyed his only proof shortly after attempting suicide in May 2016, following his signing session with Andresen, and partly because he now claims cryptographic proof is inconclusive and that "identity is not related to keys."

An anonymous reader quotes a report from The Register: About 40 percent of industry professionals say their organizations have reduced their usage of open source software due to concerns about security, according to a survey conducted by data science firm Anaconda. The company's 2022 State of Data Science report solicited opinions in April and May from 3,493 individuals from 133 countries and regions, targeting academics, industry professionals, and students. About 16 percent of respondents identified as data scientists. About 33 percent of surveyed industry professionals said they had not scaled back on open source, 7 percent said they had increased usage, and 20 percent said they weren't sure. The remaining 40 percent said they had.

By industry professionals, or commercial respondents as Anaconda puts it, the biz means a data-science-leaning mix of business analysts, product managers, data and machine-learning scientists and engineers, standard IT folks such as systems administrators, and others in technology, finance, consulting, healthcare, and so on. And by scale back, that doesn't mean stop: 87 percent of commercial respondents said their organization still allowed the use of open source. It appears a good number of them, though, are seeking to reducing the risk from relying on too many open source dependencies.

Anaconda's report found that incidents like Log4j and reports of "protestware" prompted users of open source software to take security concerns more seriously. Of the 40 percent who scaled back usage of open source, more than half did so after the Log4j fiasco. Some 31 percent of respondents said security vulnerabilities represent the biggest challenge in the open source community today. Most organizations use open source software, according to Anaconda. But among the 8 percent of respondents indicating that they don't, more than half (54 percent, up 13 percent since last year) cited security risks as the reason. Other reasons for not using open source software include: lack of understanding (38 percent); lack of confidence in organizational IT governance (29 percent); "open-source software is deemed insecure, so it's not allowed" (28 percent); and not wanting to disrupt current projects (26 percent).

An anonymous reader quotes a report from Ars Technica: FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat actors used their control of FishPig's systems to carry out a supply chain attack that infected customer systems using FishPig's fee-based Magento 2 modules with Rekoobe, a sophisticated backdoor discovered in June. Rekoobe masquerades as a benign SMTP server and can be activated by covert commands related to handling the startTLS command from an attacker over the Internet. Once activated, Rekoobe provides a reverse shell that allows the threat actor to remotely issue commands to the infected server.

"We are still investigating how the attacker accessed our systems and are not currently sure whether it was via a server exploit or an application exploit," Ben Tideswell, the lead developer at FishPig, wrote in an email. "As for the attack itself, we are quite used to seeing automated exploits of applications and perhaps that is how the attackers initially gained access to our system. Once inside though, they must have taken a manual approach to select where and how to place their exploit."

FishPig is a seller of Magento-WordPress integrations. Magento is an open source e-commerce platform used for developing online marketplaces. The supply-chain attack only affects paid Magento 2 modules. Tideswell said the last software commit made to its servers that didn't include the malicious code was made on August 6, making that the earliest possible date the breach likely occurred. Sansec, the security firm that discovered the breach and first reported it, said the intrusion began on or before August 19. Tideswell said FishPig has already "sent emails to everyone who has downloaded anything from FishPig.co.uk in the last 12 weeks alerting them to what's happened." Tideswell declined to say how many active installations of its paid software there are. This post indicates that the software has received more than 200,000 downloads, but the number of paid customers is smaller. In a disclosure published after the Sansec advisory, FishPig describes how the intruders pulled off the intrusion and remained hidden for so long.

Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on. BleepingComputer reports: "This attack does not require special permissions or advanced malware to get away with major internal damage," Connor Peoples at cybersecurity company Vectra explains in a report this week. The researcher adds that by taking "control of critical seats -- like a company's Head of Engineering, CEO, or CFO -- attackers can convince users to perform tasks damaging to the organization." Vectra researchers discovered the problem in August 2022 and reported it to Microsoft. However, Microsoft did not agree on the severity of the issue and said that it doesn't meet the criteria for patching.

With a patch unlikely to be released, Vectra's recommendation is for users to switch to the browser version of the Microsoft Teams client. By using Microsoft Edge to load the app, users benefit from additional protections against token leaks. The researchers advise Linux users to move to a different collaboration suite, especially since Microsoft announced plans to stop supporting the app for the platform by December.

The US government's cyber defense agency is recommending for the first time that companies embrace automated continuous testing to protect against longstanding online threats. From a report: The guidance, from a cluster of US and international agencies published on Wednesday, urges businesses to shore up their defenses by continually validating their security program against known threat behaviors, rather than a more piecemeal approach. "The authoring agencies recommend continually testing your security program, at scale," according to an alert from the Cybersecurity and Infrastructure Security Agency and several other US and international agencies. The alert warned malicious cyber actors allegedly affiliated with the Iranian Government's Islamic Revolutionary Guard Corps are exploiting known vulnerabilities for ransom operations. An official at CISA told Bloomberg ahead of the announcement that emulating adversaries and testing against them is key to defending against cyberattacks. Central to the effort is a freely available list of cyberattackers' most common tactics and procedures that was first made public in 2015 by MITRE, a federally funded research and development center, and is now regularly updated. While many organizations and their security contractors already consult that list, too few check if their systems can actually detect and overcome them, the CISA official said.

Backup and cloud storage company Backblaze has published data comparing the long-term reliability of solid-state storage drives and traditional spinning hard drives in its data center. Based on data collected since the company began using SSDs as boot drives in late 2018, Backblaze cloud storage evangelist Andy Klein published a report yesterday showing that the company's SSDs are failing at a much lower rate than its HDDs as the drives age. ArsTechnica: Backblaze has published drive failure statistics (and related commentary) for years now; the hard drive-focused reports observe the behavior of tens of thousands of data storage and boot drives across most major manufacturers. The reports are comprehensive enough that we can draw at least some conclusions about which companies make the most (and least) reliable drives. The sample size for this SSD data is much smaller, both in the number and variety of drives tested -- they're mostly 2.5-inch drives from Crucial, Seagate, and Dell, with little representation of Western Digital/SanDisk and no data from Samsung drives at all. This makes the data less useful for comparing relative reliability between companies, but it can still be useful for comparing the overall reliability of hard drives to the reliability of SSDs doing the same work.

Backblaze uses SSDs as boot drives for its servers rather than data storage, and its data compares these drives to HDDs that were also being used as boot drives. The company says these drives handle the storage of logs, temporary files, SMART stats, and other data in addition to booting -- they're not writing terabytes of data every day, but they're not just sitting there doing nothing once the server has booted, either. Over their first four years of service, SSDs fail at a lower rate than HDDs overall, but the curve looks basically the same -- few failures in year one, a jump in year two, a small decline in year three, and another increase in year four. But once you hit year five, HDD failure rates begin going upward quickly -- jumping from a 1.83 percent failure rate in year four to 3.55 percent in year five. Backblaze's SSDs, on the other hand, continued to fail at roughly the same 1 percent rate as they did the year before.

hackingbear shares a report from Gizmodo: China claims that America's National Security Agency used sophisticated cyber tools to hack into an elite research university on Chinese soil. The attack allegedly targeted the Northwestern Polytechnical University in Xi'an (not to be confused with a California school of the same name), which is highly ranked in the global university index for its science and engineering programs. The U.S. Justice Department has referred to the school as a "Chinese military university that is heavily involved in military research and works closely with the People's Liberation Army," painting it as a reasonable target for digital infiltration from an American perspective.

China's National Computer Virus Emergency Response Center (CVERC) recently published a report attributing the hack to the Tailored Access Operations group (TAO) -- an elite team of NSA hackers which first became publicly known via the Snowden Leaks back in 2013, helps the U.S. government break into networks all over the world for the purposes of intelligence gathering and data collection. [CVERC identified 41 TAO tools involved in the case.] One such tool, dubbed 'Suctionchar,' is said to have helped infiltrate the school's network by stealing account credentials from remote management and file transfer applications to hijack logins on targeted servers. The report also mentions the exploitation of Bvp47, a backdoor in Linux that has been used in previous hacking missions by the Equation Group -- another elite NSA hacking team. According to CVERC, traces of Suctionchar have been found in many other Chinese networks besides Northwestern's, and the agency has accused the NSA of launching more than 10,000 cyberattacks on China over the past several years.

On Sunday, the allegations against the NSA were escalated to a diplomatic complaint. Yang Tao, the director-general of American affairs at China's Ministry of Foreign Affairs, published a statement affirming the CVERC report and claiming that the NSA had "seriously violated the technical secrets of relevant Chinese institutions and seriously endangered the security of China's critical infrastructure, institutions and personal information, and must be stopped immediately."

VMware engineers have tested the Linux kernel's fix for the Retbleed speculative execution bug, and report it can impact compute performance by a whopping 70 percent. The Register reports: In a post to the Linux Kernel Mailing List titled "Performance Regression in Linux Kernel 5.19", VMware performance engineering staffer Manikandan Jagatheesan reports the virtualization giant's internal testing found that running Linux VMs on the ESXi hypervisor using version 5.19 of the Linux kernel saw compute performance dip by up to 70 percent when using single vCPU, networking fall by 30 percent and storage performance dip by up to 13 percent. Jagatheesan said VMware's testers turned off the Retbleed remediation in version 5.19 of the kernel and ESXi performance returned to levels experienced under version 5.18.

Because speculative execution exists to speed processing, it is no surprise that disabling it impacts performance. A 70 percent decrease in computing performance will, however, have a major impact on application performance that could lead to unacceptable delays for some business processes. VMware's tests were run on Intel Skylake CPUs -- silicon released between 2015 and 2017 that will still be present in many server fleets. Subsequent CPUs addressed the underlying issues that allowed Retbleed and other Spectre-like attacks.