, known as Spectre and Meltdown . The new designs have of course been patchedVulnerability-related.PatchVulnerabilityagainst those weaknesses . The new architecture ( said to be part of the Ice Lake-U CPU ) comes with a lot of new promises such as faster core , 5 allocation units and upgrades to the L1 and L2 caches . There is also support for the AVX-512 or Advanced Vector Extensions instructions set which will improve performance for neural networks and other vector arithmetic . Another significant change is the support for 52-bits of physical space and 57 bits of linear address support . Today ’ s x64 CPUs can only use bit 0 to bit 47 for an address space spanning 256TB . The additional bits mean a bump to a whooping 4 PB of physical memory and 128 PB of virtual address space . The new offering was demoed under the company ’ s 10nm process which incidentally is the same as the previously launched Cannon Lake . The new processors are due in the second half of 2019 and are being heavily marketed as a boon for the Cryptography and Artificial Intelligence Industries . The claim is that for AI , memory to CPU distance has been reduced for faster access , and that special cryptography-specific instructions have been added .
Mere days after thousands of MongoDB databases were hit by ransomware attacksAttack.Ransom, cybercriminals have set their sights on ElasticSearch servers , according to reports . Hackers have reportedly hijacked insecure servers exposedVulnerability-related.DiscoverVulnerabilityto the internet with weak and easy-to-guess passwords . ElasticSearch is a Java-based search engine , commonly used by enterprises for information cataloguing and data analysis . According to security researcher Niall Merrigan , who has been monitoring the attacksAttack.Ransom, the cybercriminals are currently closing in on around 3,000 ElasticSearch servers . Merrigan told IBTimes UK : `` We found the first one on the 12th of Jan and then started tracking the different IOCs ( Indicators Of Compromise ) . The first actor has levelled off and looks like it has stopped . However , a second and third actor have joined in and are continuing to compromise servers . `` Attackers are finding open servers where there is no authentication at all . This can be done via a number of services and tools . Unfortunately , system admins and developers have been leaving these unauthenticated systems online for a while and attackers are just picking off the low hanging fruit right now . '' The recent MongoDB attacksAttack.Ransomsaw hackers demand ransomAttack.Ransomand erasing data to ensure victims ' compliance . In the ongoing ElasticSearch attacksAttack.Ransom, the cybercriminals demand a ransomAttack.Ransomof 0.2 Bitcoins , according to a report by BleepingComputer . However , according to Merrigan , $ 20,000 in Bitcoins have already been paidAttack.Ransomby victims of the MongoDB attackAttack.Ransom. Despite paying the ransomAttack.Ransom, the victims have not received their data back . `` So in this case it is a scam , '' the researcher said .
With everything that ’ s gone down in 2016 it ’ s easy to forget Tim Cook ’ s and Apple ’ s battle with the FBI over data encryption laws . Apple took a strong stance though , and other tech giants followed suite leading to a victory of sorts for ( the little guy in ) online privacy . In this era of web exposure , it was a step in the right direction for those who feel our online identities are increasingly vulnerable on the web . All of this stands for little though when a security flaw in your operating system allows carefully encrypted messages to be effectively decrypted offline . That ’ s what happened to Apple with its iOS 9.2 operating system . Though the patches that ensued largely fixedVulnerability-related.PatchVulnerabilitythe problem , the whole issue has understandably left iOS users with questions . What really happened and are we at immediate risk ? A paper released in March by researchers at John Hopkins University exposedVulnerability-related.DiscoverVulnerabilityweaknesses in Apple ’ s iMessage encryption protocol . It was foundVulnerability-related.DiscoverVulnerabilitythat a determined hacker could intercept the encrypted messages between two iPhones and reveal the 64-digit key used to decrypt the messages . As iMessage doesn ’ t use a Message Authentication Code ( MAC ) or authenticated encryption scheme , it ’ s possible for the raw encryption stream , or “ ciphertext ” to be tampered with . iMessage instead , uses an ECDSA signature which simulates the functionality . It ’ s still no easy feat exploiting the security flaw detailedVulnerability-related.DiscoverVulnerabilityby the researchers . The attacker would ultimately have to predict or know parts of the message they are decrypting in order to substitute these parts in the ciphertext . Knowing whether the substitution has been successful though , is a whole other process which may only be possible with attachment messages . The full details of the security flaw , and the complex way it can be exploitedVulnerability-related.DiscoverVulnerabilityare detailedVulnerability-related.DiscoverVulnerabilityin the John Hopkins paper . The paper includes the recommendation that , in the long run , “ Apple should replace the entirety of iMessage with a messaging system that has been properly designed and formally verified ” . One thing that should be made clear is that these weaknesses were exposedVulnerability-related.DiscoverVulnerabilityas a result of months of investigation by an expert team of cryptologists . The type of hacker that would take advantage of these weaknesses would undeniably be a sophisticated attacker . That of course doesn ’ t mean that Apple shouldn ’ t take great measures to eradicate this vulnerability in their system . Your messages , though , are not immediately at risk of being decrypted , and much less if you ’ ve installed the patches that came with iOS 9.3 and OS X 10.11.4 ( though they don ’ t completely fixVulnerability-related.PatchVulnerabilitythe problem ) . Tellingly , the flaws can ’ t be used to exploit numerous devices at the same time . As already mentioned , the process that was exposed by the John Hopskins paper is incredibly complex and relies on various steps that are by no means easy to complete successfully .
IOActive exposedVulnerability-related.DiscoverVulnerabilitynumerous vulnerabilities found in multiple home , business , and industrial robots available on the market today . The array of vulnerabilities identified inVulnerability-related.DiscoverVulnerabilitythe systems evaluated included many graded as high or critical risk , leaving the robots highly susceptible to attack . Attackers could employ the issues foundVulnerability-related.DiscoverVulnerabilityto maliciously spy via the robot ’ s microphone and camera , leak personal or business data , and in extreme cases , cause serious physical harm or damage to people and property in the vicinity of a hacked robot . “ There ’ s no doubt that robots and the application of Artificial Intelligence have become the new norm and the way of the future , ” said Cesar Cerrudo , CTO at IOActive . “ Robots will soon be everywhere – from toys to personal assistants to manufacturing workers – the list is endless . Given this proliferation , focusing on cybersecurity is vital in ensuring these robots are safe and don ’ t present serious cyber or physical threats to the people and organisations they ’ re intended to serve ” . During the past six months , IOActive ’ s researchers tested mobile applications , robot operating systems , firmware images , and other software in order to identifyVulnerability-related.DiscoverVulnerabilitythe flaws in several robots from vendors , including : “ In this research , we focused on home , business , and industrial robots , in addition to robot control software used by several robot vendors , ” said Lucas Apa , Senior Security Consultant at IOActive . “ Given the huge attack surface , we foundVulnerability-related.DiscoverVulnerabilitynearly 50 cybersecurity vulnerabilities in our initial research alone , ranging from insecure communications and authentication issues , to weak cryptography , memory corruption , and privacy problems , just to name a few ” . According to Cerrudo and Apa , once a vulnerability has been exploitedVulnerability-related.DiscoverVulnerability, a hacker could potentially gain control of the robot for cyber espionage , turn a robot into an insider threat , use a robot to expose private information , or cause a robot to perform unwanted actions when interacting with people , business operations , or other robots . In the most extreme cases , robots could be used to cause serious physical damage and harm to people and property . As robots become smarter , threats will also increase . Hacked robots could start fires in a kitchen by tampering with electricity , or potentially poison family members and pets by mixing toxic substances in with food or drinks . Family members and pets could be in further peril if a hacked robot was able to grab and manipulate sharp objects . “ We have already begun to see incidents involving malfunctioning robots doing serious damage to their surroundings , from simple property damage to loss of human life , and the situation will only worsen as the industry evolves and robot adoption continues to grow , ” continued Cerrudo .