Amazon’s Kindle bookstore to quit China

Ampere: Cloud biz buy-ins prove our Arm server CPUs are the real deal

Startup teases 128+ core chip, disses Xeon and Epyc, unsurprisingly

Interview After two years of claiming that its Arm-powered server processors provide better performance and efficiency for cloud applications than Intel or AMD’s, Ampere Computing said real deployments by cloud providers and businesses are proving its chips are the real deal.

The Silicon Valley startup held its Annual Strategy and Product Roadmap Update last week to ostensibly give a product roadmap update. But the only update was the news that Ampere’s 5nm processor due later this year is called Ampere One, it’s sampling that with customers, and it will support PCIe Gen 5 connectivity and DDR5 memory.

Feeling highly stressed about your job? You must be a CISO

‘The attack surface has expanded exponentially’ during the work-from-home pandemic, says one

Almost all cybersecurity professionals are stressed, and nearly half (46 percent) have considered leaving the industry altogether, according to a DeepInstinct survey.

For its annual Voice of SecOps Report, the endpoint security biz commissioned a poll of 1,000 senior-level security professionals in the US, UK, Germany and France.

It found that although 91 percent of those surveyed experience at least a low-degree of work-related stress, and almost half (46 percent) of those professionals claimed their stress levels had risen over the past 12 months, their root causes differed based on their jobs. While six percent of all professionals claim to be “highly stressed” due to their work, among CISOs, ITOs, CTOs and global IT strategy directors, the number climbs to 33 percent.

New York to get first right-to-repair law for electronics

Hey, big Apple, how’d you like them Big Apples?

Right-to-repair advocates are applauding the passage of New York’s Digital Fair Repair Act, which state assembly members approved Friday in a 145–1 vote.

The law bill, previously green-lit by the state senate in a 49-14 vote, now awaits the expected signature of New York Governor Kathy Hochul (D).

Assuming the New York bill becomes law as anticipated, it will be the first US state legislation to address the repairability of electronic devices. A week ago, a similar right-to-repair bill died in California due to industry lobbying.

Even Russia’s Evil Corp now favors software-as-a-service

Albeit to avoid US sanctions hitting it in the wallet

The Russian-based Evil Corp is jumping from one malware strain to another in hopes of evading sanctions placed on it by the US government in 2019.

You might be wondering why cyberextortionists in the Land of Putin give a bit flip about US sanctions: as we understand it, the sanctions mean anyone doing business with or handling transactions for gang will face the wrath of Uncle Sam. Evil Corp is therefore radioactive, few will want to interact with it, and the group has to shift its appearance and operations to keep its income flowing.

As such, Evil Corp – which made its bones targeting the financial sector with the Dridex malware it developed – is now using off-the-shelf ransomware, most recently the LockBit ransomware-as-a-service, to cover its tracks and make it easier to get the ransoms they demand from victims paid, according to a report this week out of Mandiant.

Police want your happy childhood pictures to train AI to detect child abuse

Like the Hotdog, Not Hotdog app but more Kidnapped, Not Kidnapped

Australia’s federal police and Monash University are asking netizens to send in snaps of their younger selves to train a machine-learning algorithm to spot child abuse in photographs.

Researchers are looking to collect images of people aged 17 and under in safe scenarios; they don’t want any nudity, even if it’s a relatively innocuous picture like a child taking a bath. The crowdsourcing campaign, dubbed My Pictures Matter, is open to those aged 18 and above, who can consent to having their photographs be used for research purposes.

All the images will be amassed into a dataset in an attempt to train an AI model to tell the difference between a minor in a normal environment and an exploitative, unsafe situation. The software could, in theory, help law enforcement better automatically and rapidly pinpoint child sex abuse material (aka CSAM) in among thousands upon thousands of photographs under investigation, avoiding having human analysts inspect every single snap.

Taser maker offers electric-shock drones to stop school shootings

For $50,000 annually plus building work, budget-strapped teachers can (maybe) zap gunmen, for the kids

Rick Smith, founder and CEO of body camera and Taser maker Axon, believes he has a way to reduce the risk of school children being shot by people with guns.

No, it doesn’t involve reducing access to guns, which Smith dismisses as politically unworkable in the US. Nor does it involve relocating to any of the many countries where school shootings seldom, if ever, occur and – coincidentally – where there are laws that limit access to guns.

Here’s a hint – his answer involves Axon.

To cut off all nearby phones with these Chinese chips, this is the bug to exploit

Android patches incoming for NAS-ty memory overwrite flaw

A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people’s communications and deny services.

The vulnerability in the baseband – or radio modem – of UNISOC’s chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn’t just apply to lower-end smartphones but some smart TVs, too.

Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment’s cellular connectivity, at least, presumably until it’s rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC’s firmware would end in a heap memory overwrite.

Clipminer rakes in $1.7m in crypto hijacking scam

Crooks divert transactions to own wallets while running mining on the side

A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.

The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec’s Threat Intelligence Team.

The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.

Healthcare organizations face rising ransomware attacks – and are paying up

Via their insurance companies, natch

Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos.

The outfit’s team also found that while polled healthcare orgs are quite likely to pay ransoms, they rarely get all of their data returned if they do so. In addition, 78 percent of organizations are signing up for cyber insurance in hopes of reducing their financial risks, and 97 percent of the time the insurance company paid some or all of the ransomware-related costs.

However, while insurance companies pay out in almost every case and are fueling an improvement in cyber defenses, healthcare organizations – as with other industries – are finding it increasingly difficult to get insured in the first place.

The next time your program is ‘not responding,’ (do not) try these steps

Can’t open that tin of beans? Put it back in the cupboard and take it out again!

Something for the Weekend We’re standing still. The suspense is unbearable. One of us is going to crack.

On the large projector screen is a message: “The application is not responding.” Facing the large projector screen is a roomful of startup dudes. Staring back at them, and situated just underneath the projector screen, is the flailing, forlorn presenter himself: me.

“It’s never done that before,” I lie as I eventually give up frantically tapping the keyboard and jabbing the trackpad as if I was playing whack-a-mole.

That time a techie accidentally improved an airline’s productivity

Mainframe muddle means extra crossword time for today’s hero

On Call Welcome back to On Call wherein a Register reader accidentally improved an airline’s productivity by the simple virtue of knowing their stuff.

“Eric” (for that is not his name) spent much of his career working on systems in the airline industry. “Since airlines were the first commercial organisations to use large-scale transaction processing systems, many of their features date back to the late 1950s,” he said.

“Some of them were surprisingly sophisticated for the period. In the IBM mainframe world, each user terminal could support up to five simultaneous sessions which were designated by the letters A through E.”

Ampere: Cloud biz buy-ins prove our Arm server CPUs are the real deal

Startup teases 128+ core chip, disses Xeon and Epyc, unsurprisingly

Interview After two years of claiming that its Arm-powered server processors provide better performance and efficiency for cloud applications than Intel or AMD’s, Ampere Computing said real deployments by cloud providers and businesses are proving its chips are the real deal.

The Silicon Valley startup held its Annual Strategy and Product Roadmap Update last week to ostensibly give a product roadmap update. But the only update was the news that Ampere’s 5nm processor due later this year is called Ampere One, it’s sampling that with customers, and it will support PCIe Gen 5 connectivity and DDR5 memory.

Feeling highly stressed about your job? You must be a CISO

‘The attack surface has expanded exponentially’ during the work-from-home pandemic, says one

Almost all cybersecurity professionals are stressed, and nearly half (46 percent) have considered leaving the industry altogether, according to a DeepInstinct survey.

For its annual Voice of SecOps Report, the endpoint security biz commissioned a poll of 1,000 senior-level security professionals in the US, UK, Germany and France.

It found that although 91 percent of those surveyed experience at least a low-degree of work-related stress, and almost half (46 percent) of those professionals claimed their stress levels had risen over the past 12 months, their root causes differed based on their jobs. While six percent of all professionals claim to be “highly stressed” due to their work, among CISOs, ITOs, CTOs and global IT strategy directors, the number climbs to 33 percent.

New York to get first right-to-repair law for electronics

Hey, big Apple, how’d you like them Big Apples?

Right-to-repair advocates are applauding the passage of New York’s Digital Fair Repair Act, which state assembly members approved Friday in a 145–1 vote.

The law bill, previously green-lit by the state senate in a 49-14 vote, now awaits the expected signature of New York Governor Kathy Hochul (D).

Assuming the New York bill becomes law as anticipated, it will be the first US state legislation to address the repairability of electronic devices. A week ago, a similar right-to-repair bill died in California due to industry lobbying.

Even Russia’s Evil Corp now favors software-as-a-service

Albeit to avoid US sanctions hitting it in the wallet

The Russian-based Evil Corp is jumping from one malware strain to another in hopes of evading sanctions placed on it by the US government in 2019.

You might be wondering why cyberextortionists in the Land of Putin give a bit flip about US sanctions: as we understand it, the sanctions mean anyone doing business with or handling transactions for gang will face the wrath of Uncle Sam. Evil Corp is therefore radioactive, few will want to interact with it, and the group has to shift its appearance and operations to keep its income flowing.

As such, Evil Corp – which made its bones targeting the financial sector with the Dridex malware it developed – is now using off-the-shelf ransomware, most recently the LockBit ransomware-as-a-service, to cover its tracks and make it easier to get the ransoms they demand from victims paid, according to a report this week out of Mandiant.

Police want your happy childhood pictures to train AI to detect child abuse

Like the Hotdog, Not Hotdog app but more Kidnapped, Not Kidnapped

Australia’s federal police and Monash University are asking netizens to send in snaps of their younger selves to train a machine-learning algorithm to spot child abuse in photographs.

Researchers are looking to collect images of people aged 17 and under in safe scenarios; they don’t want any nudity, even if it’s a relatively innocuous picture like a child taking a bath. The crowdsourcing campaign, dubbed My Pictures Matter, is open to those aged 18 and above, who can consent to having their photographs be used for research purposes.

All the images will be amassed into a dataset in an attempt to train an AI model to tell the difference between a minor in a normal environment and an exploitative, unsafe situation. The software could, in theory, help law enforcement better automatically and rapidly pinpoint child sex abuse material (aka CSAM) in among thousands upon thousands of photographs under investigation, avoiding having human analysts inspect every single snap.

Taser maker offers electric-shock drones to stop school shootings

For $50,000 annually plus building work, budget-strapped teachers can (maybe) zap gunmen, for the kids

Rick Smith, founder and CEO of body camera and Taser maker Axon, believes he has a way to reduce the risk of school children being shot by people with guns.

No, it doesn’t involve reducing access to guns, which Smith dismisses as politically unworkable in the US. Nor does it involve relocating to any of the many countries where school shootings seldom, if ever, occur and – coincidentally – where there are laws that limit access to guns.

Here’s a hint – his answer involves Axon.

To cut off all nearby phones with these Chinese chips, this is the bug to exploit

Android patches incoming for NAS-ty memory overwrite flaw

A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people’s communications and deny services.

The vulnerability in the baseband – or radio modem – of UNISOC’s chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn’t just apply to lower-end smartphones but some smart TVs, too.

Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment’s cellular connectivity, at least, presumably until it’s rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC’s firmware would end in a heap memory overwrite.

Clipminer rakes in $1.7m in crypto hijacking scam

Crooks divert transactions to own wallets while running mining on the side

A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.

The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec’s Threat Intelligence Team.

The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.

Healthcare organizations face rising ransomware attacks – and are paying up

Via their insurance companies, natch

Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos.

The outfit’s team also found that while polled healthcare orgs are quite likely to pay ransoms, they rarely get all of their data returned if they do so. In addition, 78 percent of organizations are signing up for cyber insurance in hopes of reducing their financial risks, and 97 percent of the time the insurance company paid some or all of the ransomware-related costs.

However, while insurance companies pay out in almost every case and are fueling an improvement in cyber defenses, healthcare organizations – as with other industries – are finding it increasingly difficult to get insured in the first place.

The next time your program is ‘not responding,’ (do not) try these steps

Can’t open that tin of beans? Put it back in the cupboard and take it out again!

Something for the Weekend We’re standing still. The suspense is unbearable. One of us is going to crack.

On the large projector screen is a message: “The application is not responding.” Facing the large projector screen is a roomful of startup dudes. Staring back at them, and situated just underneath the projector screen, is the flailing, forlorn presenter himself: me.

“It’s never done that before,” I lie as I eventually give up frantically tapping the keyboard and jabbing the trackpad as if I was playing whack-a-mole.

That time a techie accidentally improved an airline’s productivity

Mainframe muddle means extra crossword time for today’s hero

On Call Welcome back to On Call wherein a Register reader accidentally improved an airline’s productivity by the simple virtue of knowing their stuff.

“Eric” (for that is not his name) spent much of his career working on systems in the airline industry. “Since airlines were the first commercial organisations to use large-scale transaction processing systems, many of their features date back to the late 1950s,” he said.

“Some of them were surprisingly sophisticated for the period. In the IBM mainframe world, each user terminal could support up to five simultaneous sessions which were designated by the letters A through E.”