Security reporter Brian Krebs: The top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as among the most prevalent in phishing attacks over the past year. Researchers at Infoblox say they've been tracking what appears to be a three-year-old link shortening service that is catering to phishers and malware purveyors. Infoblox found the domains involved are typically three to seven characters long, and hosted on bulletproof hosting providers that charge a premium to ignore any abuse or legal complaints. The short domains don't host any content themselves, but are used to obfuscate the real address of landing pages that try to phish users or install malware.

Infoblox says it's unclear how the phishing and malware landing pages tied to this service are being initially promoted, although they suspect it is mainly through scams targeting people on their phones via SMS. A new report says the company mapped the contours of this link shortening service thanks in part to pseudo-random patterns in the short domains, which all appear on the surface to be a meaningless jumble of letters and numbers. "This came to our attention because we have systems that detect registrations that use domain name generation algorithms," said Renee Burton, head of threat intelligence at Infoblox. "We have not found any legitimate content served through their shorteners."

Apple's latest M3 Pro chip in the new 14-inch and 16-inch MacBook Pro has 25% less memory bandwidth than the M1 Pro and M2 Pro chips used in equivalent models from the two previous generations. From a report: Based on the latest 3-nanometer technology and featuring all-new GPU architecture, the M3 series of chips is said to represent the fastest and most power-efficient evolution of Apple silicon thus far. For example, the 14-inch and 16-inch MacBook Pro with M3 Pro chip is up to 40% faster than the 16-inch model with M1 Pro, according to Apple.

However, looking at Apple's own hardware specifications, the M3 Pro system on a chip (SoC) features 150GB/s memory bandwidth, compared to 200GB/s on the earlier M1 Pro and M2 Pro. As for the M3 Max, Apple says it is capable of "up to 400GB/s." This wording is because the less pricey scaled-down M3 Max with 14-core CPU and 30-core GPU has only 300GB/s of memory bandwidth, whereas the equivalent scaled-down M2 Max with 12-core CPU and 30-core GPU featured 400GB/s bandwidth, just like its more powerful 12-core CPU, 38-core GPU version.

Notably, Apple has also changed the core ratios of the higher-tier M3 Pro chip compared to its direct predecessor. The M3 Pro with 12-core CPU has 6 performance cores (versus 8 performance cores on the 12-core M2 Pro) and 6 efficiency cores (versus 4 efficiency cores on the 12-core M2 Pro), while the GPU has 18 cores (versus 19 on the equivalent M2 Pro chip).

Forty countries in a U.S.-led alliance plan to sign a pledge never to pay ransom to cybercriminals and to work toward eliminating the hackers' funding mechanism, a senior White House official said on Tuesday. From a report: The International Counter Ransomware Initiative comes as the number of ransomware attacks grows worldwide. The United States is by far the worst hit, with 46% of such attacks, Anne Neuberger, U.S. deputy national security adviser in the Biden administration for cyber and emerging technologies, told reporters on a virtual briefing. "As long as there is money flowing to ransomware criminals, this is a problem that will continue to grow," she said.

Apple has warned over a half dozen Indian lawmakers from Prime Minister Narendra Modi's main opposition of their iPhones being targets of state-sponsored attacks, these people said Tuesday, in a remarkable turn of events just months before the general elections in the South Asian nation. From a report: Rahul Gandhi, Indian opposition leader, said in a media briefing Tuesday that his team had received the said alert from Apple. Shashi Tharoor, a key figure from the Congress party; Akhilesh Yadav, the head of the Samajwadi Party; Mahua Moitra, a national representative from the All India Trinamool Congress; Priyanka Chaturvedi of Shiv Sena, a party with notable influence in Maharashtra reported that they too had been notified by Apple regarding a potential security attack on their iPhones. Asaduddin Owaisi, the leader of the All-India Majlis-e-Ittehadul Muslimeen (AIMIM); Raghav Chadha from AAP, originating from an anti-corruption crusade a decade prior and later securing a political foothold in the national capital region; Sitaram Yechury, the General Secretary of the Communist Party of India; alongside Congress spokesperson Pawan Khera were also impacted, they said. Journalists Siddharth Varadarajan and Sriram Karri, along with Observer Research Foundation (ORF) India President Samir Saran shared that they had been served with identical warnings from Apple.

Google says it'll issue a system update to fix a major storage bug in Android 14 that has caused some users to be locked out of their devices. Ars Technica reports: Apparently one more round of news reports was enough to get the gears moving at Google. Over the weekend the Issue tracker bug has been kicked up from a mid-level "P2" priority to "P0," the highest priority on the issue tracker. The bug has been assigned to someone now, and Googlers have jumped into the thread to make official statements that Google is looking into the matter. Here's the big post from Google on the bug tracker [...]. The highlights here are that Google says the bug affects devices with multiple Android users, not multiple Google accounts or (something we thought originally) users with work profiles. Setting up multiple users means going to the system settings, then "Multiple users," then "Allow multiple users," and you can add a user other than the default one. If you do this, you'll have a user switcher at the bottom of the quick settings. Multiple users all have separate data, separate apps, and separate Google accounts. Child users are probably the most popular reason to use this feature since you can lock kids out of things, like purchasing apps.

Shipping a Google Play system update as a quick Band-Aid is an interesting solution, but as Google's post suggests, this doesn't mean the problem is fixed. Play system updates (these are alternatively called Project Mainline or APEX modules) allow Google to update core system components via the Play Store, but they are really not meant for critical fixes. The big problem is that the Play system updates don't aggressively apply themselves or even let you know they have been downloaded. They just passively, silently wait for a reboot to happen so they can apply. For Pixel users, it feels like the horse has already left the barn anyway -- like most Pixel phones have automatically applied the nearly 13-day-old update by now. Users can force Play system updates to happen themselves by going to the system settings, then "Security & Privacy," then "System & updates," then "Google Play system update." If you have an update, you'll be prompted to reboot the phone. Also note that this differs from the usual OS update checker location, which is in system settings, then "System," then "System update." The system update screen will happily tell you "Your system is up to date" even if you have a pending Google Play system update. It would be great to have a single location for OS updates, Google Play System/Mainline updates, and app updates, but they are scattered everywhere and give conflicting "up to date" messages.

A Russian-speaking hacking group obtained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice as part of the sprawling MOVEit hack last summer, according to a report on the wide-ranging attack obtained through a Freedom of Information Act request. From a report: The report, by the US Office of Personnel Management, provides new details about a cyberattack in which hackers exploited flaws in MOVEit, a popular file-transfer tool. Federal cybersecurity officers previously confirmed that government agencies were compromised by the attack but have provided little information on the scope of the attack, nor did they name the agencies affected.

The Office of Personnel Management, in a July report on the incident submitted to a congressional committee, said an unauthorized actor obtained access to government email addresses, links to government employee surveys administered by OPM and internal OPM tracking codes. The impacted employees were at the Department of Justice and various parts of the Defense Department: the Air Force, Army, US Army Corps of Engineers, the Office of the Secretary of Defense, the Joint Staff and Defense Agencies and Field Activities.

"More developers are looking for or are open to a new job now compared to the last two years," writes Stack Overflow's senior analyst for market research and insights — citing the results of their latest survey of developers in 107 different countries.

"More than 1,000 developers responded to this year's survey about jobs and 79% are at least considering new opportunities if not actively looking." New insights from these survey results show that new tech talent and late-career developers are both more likely to be looking. New developers have increasingly switched jobs compared to early- and mid-career developers in the last three years... Interest in looking for a new job drops as developers get older for new to mid-career (44 and younger) respondents (86% to 74%), but picks back up for those 55 to 64 (88%). Late-career developers acknowledge curiosity about other companies as their second top reason to look for a new job this year behind "better salary," which all age groups rank as their top reason. Curiosity grew in importance for late-career developers since last year more than all other age groups (32% vs. 22%) and is more important to this group than reasons other groups ranked higher such as working with new technology and growth opportunities...

In our 2023 Developer Survey, we started asking about AI and the sentiment around it in our developer community; results were very similar when we checked in again through this pulse survey (70% are using AI or planning to). Developers may also feel less enthusiastic about learning opportunities now that AI tools are rapidly developing to help many be more productive in their jobs (30% cite this as the top benefit).
Other interesting findings from the survey:

• Compared to the 2023 Developer Survey, 8% of developers have exited the technology industry and are increasingly filling roles in manufacturing and supply chain companies (11% vs. 7%)

• Technology is the industry most developers currently work in (46%), followed by manufacturing/supply chain (14%) and financial services (13%)

• New tech talent is onboarding at as many jobs by 24 as those up to 10 years their senior and this rapid experience cycle could rival the knowledge and experience of those they report to.

To explore America's "transition to a post-quantum world," the Washington Post interviewed U.S. federal official Nick Polk, who is focused on national security issues including quantum computing and is also a senior advisor to a White House federal chief information security officer): The Washington Post: The U.S. is in the early stages of a major shift focused on bolstering government network defenses, pushing federal agencies to adopt a new encryption standard known as post-quantum cryptography that aims to prevent systems from being vulnerable to advanced decryption techniques enabled by quantum computers in the near future...

Nick Polk: We've been using asymmetric encryption for a very long time now, and it's been ubiquitous since about 2014, when the U.S. government and some of the large tech companies decided that they're going to make it a default on most web browsers... Interestingly enough, regarding the post-quantum cryptographic standards being developed, the only thing that's quantum about them is that it has "quantum" in the name. It's really just a different type of math that's much more difficult for a quantum computer to be able to reverse-engineer. The National Institute of Standards and Technology is looking at different mathematical models to cover all their bases. The interesting thing is that these post-quantum standards are actually being used to protect classical computers that we have now, like laptops...

Given the breadth of the U.S. government and the amount of computing power we use, we really see ourselves and our role as a steward of the tech ecosystem. One of the things that came out of [this week's Inside Quantum Technology conference in New York City] was that we are very quickly moving along with the private sector to migrate to post-quantum cryptography. I think you're gonna see very shortly a lot of very sensitive private sector industries start to migrate or start to advertise that they're going to migrate. Banks are a perfect example. That means meeting with vendors regularly, and testing their algorithms to ensure that we can accurately and effectively implement them on federal systems...

The administration and national security memorandum set 2035 as our deadline as a government to migrate our [national security] systems to post-quantum cryptography. That's supposed to time with the development of operational quantum computers. We need to ensure that we start now, so that we don't end up not meeting the deadline before computers are operational... This is a prioritized migration for the U.S. government. We're going to start with our most critical systems — that includes what we call high-value assets, and high-impact systems. So for example, we're gonna prioritize systems that have personal health information.

That's our biggest emphasis — both when we talk to private industry and when we encourage agencies when they talk to their contractors and vendors — to really think about where your most sensitive data is and then prioritize those systems for migration.

PC Magazine reports: A powerful piece of malware has been disguising itself as a trivial cryptocurrency miner to help it evade detection for more than five years, according to antivirus provider Kaspersky. This so-called "StripedFly" malware has infected over 1 million Windows and Linux computers around the globe since 2016, Kaspersky says in a report released Thursday...

StripedFly incorporated a version of EternalBlue, the notorious NSA-developed exploit that was later leaked and used in the WannaCry ransomware attack to infect hundreds of thousands of Windows machines back in 2017. According to Kaspersky, StripedFly uses its own custom EternalBlue attack to infiltrate unpatched Windows systems and quietly spread across a victim's network, including to Linux machines. The malware can then harvest sensitive data from infected computers, such as login credentials and personal data. "Furthermore, the malware can capture screenshots on the victim's device without detection, gain significant control over the machine, and even record microphone input," the company's security researchers added.

To evade detection, the creators behind StripedFly settled on a novel method by adding a cryptocurrency mining module to prevent antivirus systems from discovering the malware's full capabilities.

VentureBeat reports: Thursday San Francisco-based Oxide, a startup founded by computing experts from Joyent and Dell, launched what it calls the world's first "commercial cloud computer," a rack-scale system that enterprises can own to reap the benefits and flexibility of cloud computing on-premises, right within their data center. The company believes the new offering can finally put an end to the "cloud vs on-prem" dilemma enterprises face while setting up their infrastructure...

It also announced $44 million in a series A round of funding, led by Eclipse VC with participation from Intel Capital, Riot Ventures, Counterpart Ventures and Rally Ventures. Oxide plans to use this money to accelerate the adoption of its cloud computer, giving teams a new, better option to serve their customers... The round brings Oxide's total financing raised to date to $78 million.
Since 2019 Oxide has thrown a team of 60 technologists at the problem — and Thursday, Oxide also revealed an impressive list of current customers: There's the U.S. Department of Energy — specifically its Idaho National Laboratory (which has historically been involved in nuclear research) — as well as "a well-known financial services firm". Oxide also announced that within just a few months, there'll be additional installments at multiple Fortune 1000 companies. And beyond that, Oxide is also boasting that they now have "a long wait list of customers ready to install once production catches up with demand...."

Will Coffield, a partner at Riot Ventures, quipped that Oxide had "essentially wrapped all the hopes and dreams of a software engineer, IT manager, and a CFO into a single box...." Steve Tuck, CEO and co-founder of Oxide, pointed out that cloud computing "remains restricted to a centralized, rental-only model." There are many reasons why an enteprise might want to own their infrastructure — security, reliability, cost, and response time/latency issues — and as Tuck sees it, "the rental-only model has denied them modern cloud capabilities for these use cases.

"We are changing that."
Earlier this year on the Software Engineering Daily podcast, CTO/co-founder Bryan Cantrill remembered that when doing their compliance testing, "The folks at the compliance lab — they see a lot of servers — and they're like, 'Are you sure it's on?' Because it's so quiet!" (This June article notes that later on the podcast Cantrill argued that the acoustics of today's data centers are "almost like an odor. It is this visceral reminder that this domain has suffered for lack of real systemic holistic thinking...")

Oxide's press packet lays out other advantages for their servers. "Power usage is 2x efficient, takes up half the space, and can be up and running in just four hours instead of three months."

An anonymous reader quotes a report from OPP.Today: Android 14, the latest operating system from Google, is facing a major storage bug that is causing users to be locked out of their devices. This issue is particularly affecting users who utilize the "multiple profiles" feature. Reports suggest that the bug is comparable to being hit with "ransomware," as users are unable to access their device storage. Initially, it was believed that this bug was limited to the Pixel 6, but it has since been discovered that it impacts a wider range of devices upgrading to Android 14. This includes the Pixel 6, 6a, 7, 7a, Pixel Fold, and Pixel Tablet. The Google issue tracker for this bug has garnered over 350 replies, but there has been no response from Google so far. The bug has been assigned the medium priority level of "P2" and remains unassigned, indicating that no one is actively investigating it.

Users who have encountered this storage bug have shared log files containing concerning messages such as "Failed to open directory /data/media/0: Structure needs cleaning." This issue leads to various problematic situations, with some users experiencing boot loops, others stuck on a "Pixel is starting..." message, and some unable to take screenshots or access their camera app due to the lack of storage. Users are also unable to view files on their devices from a PC over USB, and the System UI and Settings repeatedly crash. Essentially, without storage, the device becomes practically unusable.

Android's user-profile system, designed to accommodate multiple users and separate work and personal profiles, appears to be the cause of this rarely encountered bug. Users have reported that the primary profile, which is typically the most important one, becomes locked out.

Intel CEO Pat Gelsinger has downplayed the threat of rival chipmakers creating processors based on the Arm architecture for PCs. From a report: "Arm and Windows client alternatives, generally they've been relegated to pretty insignificant roles in the PC business," he told analysts during the x86 giant's Q3 earnings call Thursday. "We take all our competition seriously, but I think history is our guide here. We don't see these as potentially being all that significant overall," he added, a sentiment somewhat at odds with Microsoft which last week cited analyst research predicting Arm's PC market share will grow from its curernt 14 percent to 25 percent by 2027.

Which seems far from "pretty insignificant." Gelsinger's words also contrast markedly with past Intel CEO Andy Grove, who penned a book titled "Only the Paranoid Survive: How to Exploit the Crisis Points That Challenge Every Company." While Gelsinger doesn't see Arm as a threat, he said Intel Foundry Services is more than happy to work with chipmakers to build chips based on the architecture. "When you're thinking about other alternative architectures like Arm, we also say, 'Wow, what a great opportunity for our foundry'," he said. To that end, the in April 2023 the chipmaker announced a strategic partnership with Arm to make it easier to produce chips on the architecture in Intel foundries.

An anonymous reader shares a report: Microsoft is starting to roll out new changes to Windows Ink that let you write anywhere you can type in Windows 11. After months of previewing the changes, the handwriting-to-text conversion now works inside search boxes and other elements of Windows 11 where you'd normally type your input. [...] If you have a Surface device with a stylus or any other Windows tablet that supports Windows Ink then you'll immediately see this new feature if you head into Settings and start to write into a search box, or in other text edit fields in Windows 11.

iFixit has started selling genuine replacement parts for Microsoft Surface devices. From a report: The company now offers SSDs, batteries, screens, kickstands, and a whole bunch of other parts for 15 Surface products. Some of the devices on that list include the Surface Pro 9, Surface Laptop 5, Surface Go 4, Surface Studio 2 Plus, and others. You can check out the entire list of supported products and parts in this post on Microsoft's website. In addition to supplying replacement parts, iFixit also offers disassembly videos and guides for each product, as well as toolkits that include things like an opening tool, tweezers, drivers, and more.

Google has expanded its vulnerability rewards program (VRP) to include attack scenarios specific to generative AI. From a report: In an announcement shared with TechCrunch ahead of publication, Google said: "We believe expanding the VRP will incentivize research around AI safety and security and bring potential issues to light that will ultimately make AI safer for everyone." Google's vulnerability rewards program (or bug bounty) pays ethical hackers for finding and responsibly disclosing security flaws.

Given that generative AI brings to light new security issues, such as the potential for unfair bias or model manipulation, Google said it sought to rethink how bugs it receives should be categorized and reported. The tech giant says it's doing this by using findings from its newly formed AI Red Team, a group of hackers that simulate a variety of adversaries, ranging from nation-states and government-backed groups to hacktivists and malicious insiders to hunt down security weaknesses in technology. The team recently conducted an exercise to determine the biggest threats to the technology behind generative AI products like ChatGPT and Google Bard.

Hyundai said this week that it will set up "mobile clinics" at five U.S. locations to provide anti-theft software upgrades for vehicles now regularly targeted by thieves using a technique popularized on TikTok and other social media platforms. From a report: The South Korean automaker will hold the clinics, which will run for two to three days on or adjacent to weekends, in New York City; Chicago; Minneapolis; St. Paul, Minnesota; and Rochester, New York. The clinics will take place between Oct. 28 and Nov. 18. Hyundai said it will also support single-day regional clinics run by dealerships before the end of 2023, although it didn't name locations or dates.

Negotiations to merge Western Digital's semiconductor memory business and Japan's Kioxia Holdings have been terminated, Nikkei reported Thursday. From the report: The companies were aiming to reach an agreement by the end of October. U.S.-based Western Digital by Thursday had notified Kioxia that it would exit the talks after the merger failed to secure approval from SK Hynix, an indirect shareholder in Kioxia. The companies were also unable to agree on the merger's conditions with Bain Capital, Kioxia's top shareholder. Kioxia, formerly known as Toshiba Memory, and Western Digital have both suffered a downturn in earnings amid headwinds in memory chips. They are each seeking capital infusions and other measures to help bolster operations.

Kioxia ranks third in global market share for NAND flash memory, while Western Digital ranks fourth. The proposed merger would have resulted in an entity that rivals market leader Samsung Electronics, and the companies had hoped the larger scale would lead to greater profits and growth. But SK Hynix officially declared its opposition to the deal on Thursday. SK Hynix had invested about 400 billion yen ($2.67 billion at current rates) in the Bain-led consortium that acquired what is now Kioxia from Toshiba. The South Korean company is now second only to Samsung in NAND memory, and was worried that the Western Digital-Kioxia merger would hurt its position while derailing partnerships it had been exploring with Kioxia.

An anonymous reader quotes a report from NPR: Two Ukrainian hacktivist groups are claiming to have broken into Russia's largest private bank, Alfa-Bank. In a blog post last week, the hackers from groups called KibOrg and NLB shared screenshots of what appears to be an internal database belonging to Alfa-Bank, as well as personal details of several Russian individuals as "confirmation" of the breach. Within the database, the hackers say there are over 30 million records including names, birthdates, account numbers and phone numbers of Russian customers.

Adding some legitimacy to those claims, a Ukrainian intelligence official who requested anonymity to discuss the sensitive operation confirmed to NPR that Ukraine's top counterintelligence agency, the SBU, helped the hacktivists breach Alfa-Bank. The official did not share additional details about how the SBU participated or any further plans for sharing the stolen data. Ukrainian journalists including from cybersecurity website The Record previously reported on the connection to the SBU. While the hacktivists did not immediately respond to a request to discuss the breach, they wrote in the blog post -- posted on their own site -- that they would be sharing the data obtained from Alfa-Bank with investigative journalists. Alfa-Bank has not publicly responded to the news of the hack.

Researchers have devised an attack that forces Apple's Safari browser to divulge passwords, Gmail message content, and other secrets by exploiting a side channel vulnerability in the A- and M-series CPUs running modern iOS and macOS devices. From a report: iLeakage, as the academic researchers have named the attack, is practical and requires minimal resources to carry out. It does, however, require extensive reverse-engineering of Apple hardware and significant expertise in exploiting a class of vulnerability known as a side channel, which leaks secrets based on clues left in electromagnetic emanations, data caches, or other manifestations of a targeted system. The side channel in this case is speculative execution, a performance enhancement feature found in modern CPUs that has formed the basis of a wide corpus of attacks in recent years. The nearly endless stream of exploit variants has left chip makers -- primarily Intel and, to a lesser extent, AMD -- scrambling to devise mitigations.

The researchers implement iLeakage as a website. When visited by a vulnerable macOS or iOS device, the website uses JavaScript to surreptitiously open a separate website of the attacker's choice and recover site content rendered in a pop-up window. The researchers have successfully leveraged iLeakage to recover YouTube viewing history, the content of a Gmail inbox -- when a target is logged in -- and a password as it's being autofilled by a credential manager. Once visited, the iLeakage site requires about five minutes to profile the target machine and, on average, roughly another 30 seconds to extract a 512-bit secret, such as a 64-character string.

Intel's latest 14th Gen chips aren't a huge improvement over the 13th Gen in gaming performance, but a new Intel Application Optimization (APO) feature might just change that. From a report: Intel's new APO app simply runs in the background, improving performance in games. It offers impressive boosts to frame rates in games that support it, like Tom Clancy's Rainbow Six Siege and Metro Exodus. Intel Application Optimization essentially directs application resources in real time through a scheduling policy that fine-tunes performance for games and potentially even other applications in the future.

It operates alongside Intel's Thread Director, a technology that's designed to improve how apps and games are assigned to performance or efficiency cores depending on the performance needs. The result is some solid gains to performance in certain games, with one Reddit poster seeing a 200fps boost in Rainbow Six Siege at 1080p. "Not all games benefit from APO," explained Intel VP Roger Chandler in a press briefing ahead of the 14th Gen launch. "As we test and verify games we will add those that benefit the most, so gamers can get the best performance from their systems."