The LockBit ransomware gang has sparked controversy by claiming they stole a massive database containing sensitive banking information from the US Federal Reserve. This claim, however, is being met with significant skepticism from security researchers.

LockBit is notorious for demanding hefty ransoms in the high seven figures

Earlier this week, LockBit listed the Fed on their data leak site, asserting they possess an archive filled with “33 terabytes of juicy banking information containing Americans’ banking secrets.” They further taunted the Fed, suggesting an ongoing negotiation and a $50,000 offer already on the table, which they deem insufficient. The exact ransom demand by LockBit remains undisclosed, but the group is known for hefty ransom requests in the high seven figures.

With a deadline set for June 25th at 8:27 PM UTC (2:27 PM EDT), the US Federal Reserve has stayed silent on the issue. However, security analysts are expressing doubt about the legitimacy of the attack. Many believe LockBit, following a major international police operation (Cronos) that disrupted their infrastructure, is attempting to regain notoriety within the hacking community through this hoax.

Operation Cronos resulted in the seizure of LockBit’s infrastructure, the release of decryption keys and stolen files, and the identification of some operators. While no arrests were made, LockBit swiftly resumed operations within a week. Now, security researchers are questioning the technical feasibility of such a large-scale breach by LockBit, casting doubt on their claim. The situation remains fluid, with the Fed’s silence further fueling speculation. It’s crucial to rely on official channels for updates and avoid amplifying baseless claims.

(Via)

The post LockBit Claims Massive US Federal Reserve Hack, Experts Remain Skeptical appeared first on Gizmochina.

A day after the release of Apple‘s latest product, the Apple Vision Pro, a security concern has emerged. Joseph Ravichandran, a PhD student from MIT with expertise in microarchitecture security, claims to have identified a critical kernel vulnerability in the device’s operating system, visionOS. This vulnerability could potentially enable jailbreaking and the development of harmful software designed to exploit this new hardware.

Kernel Vulnerability Found in Apple Vision Pro

Joseph Ravichandran shared his findings on Twitter, posting a series of tweets that included photos showing the Apple Vision Pro’s reaction to a kernel exploit. After the exploit, the device goes into a “perspective mode” and instructs the user to remove the headset in preparation for a restart, which is scheduled to occur within 30 seconds.

Following this restart, Ravichandran highlighted an emergency log indicating a kernel crash. Further, he showcased a custom application named Vision Pro Crasher, featuring a skull adorned with a headset icon and a button labeled Crash My Vision Pro.

This news isn’t entirely surprising. New hardware releases often attract security researchers eager to test its defenses. Similar to attempts to jailbreak iPhones, Ravichandran’s exploit highlights potential security concerns for the Vision Pro ecosystem.

However, there’s reason to remain optimistic. Apple has a proven track record of swiftly addressing security issues, especially in high-profile products like the Vision Pro. Additionally, Ravichandran hasn’t confirmed submitting his findings to Apple, though the company’s security bounty program could incentivize such disclosure.

Even if the exploit remains public, its immediate impact might be limited. The Vision Pro’s gradual rollout targets tech-savvy early adopters, making widespread exploitation less likely. Moreover, Apple will likely prioritize fixing the vulnerability in a swift update, further mitigating any potential risks.

Apple Vision Pro launched in the US earlier this week, representing a significant milestone as Apple’s first major new product category since the Apple Watch in 2015. Pre-orders became available on January 19. While there hasn’t been an official announcement about its launch in China, Tim Cook has indicated that it will happen very soon. In terms of pricing, the Apple Vision Pro starts at $3,499 in the United States.

RELATED:

• Apple Vision Pro teardown reveals complex design, difficult repairs
• Apple CEO Tim Cook Says Vision Pro Headset is Launching in China “Soon”
• Get Redmi K70 Pro for discounted price of $499
• Xiaomi Band 8 Genshin Impact custom edion get a huge discount
• Best of CES 2024 – Products that stood out this year!

(Source, Via)

The post Apple Vision Pro hacked, kernel vulnerability triggers crash appeared first on Gizmochina.

Researchers from Germany have successfully performed a ‘jailbreak‘ on a Tesla Model 3, thereby gaining free access to in-car features normally reserved for paid upgrades. The white hat hackers, three of whom are students at Technische Universität Berlin, utilized a unique hardware manipulation technique to bypass the vehicle’s in-built security measures.

The researchers managed to extract the encryption key that authenticated the car to Tesla’s network

Christian Werling, one of the students involved, explained that this approach could be beneficial for owners unwilling to pay additional fees for upgrades already incorporated into their vehicle, such as heated rear seats. He stated, “We’re not the evil outsider; we own the car. And we don’t want to pay these $300 bucks for the rear heated seats.” This intriguing revelation suggests a shift in traditional perspectives on ‘jailbreaking’.

The team achieved this feat using a technique known as “voltage glitching,” manipulating the supply voltage of the AMD processor running the infotainment system. The strategic timing of this process causes the CPU to ‘hiccup’, skipping an instruction, thereby accepting manipulated code.

In addition to unlocking features, the researchers were able to extract the encryption key authenticating the car to Tesla’s network. This extraction facilitated access to sensitive personal data including contact details, call logs, calendar appointments, location history, Wi-Fi passwords, and email session tokens. While this vulnerability could be exploited, the team maintains that their research is exploratory, not malicious.

The researchers have cautioned that Tesla’s only defense against this hardware-based attack is a complete hardware replacement. As they prepare to present their research at the upcoming Black Hat cybersecurity conference in Las Vegas, their groundbreaking discovery might pose significant implications for vehicle cybersecurity and the ‘right-to-repair’ debate.

RELATED:

• Tesla Cybertruck might be One of the Lightest Electric Pickup Trucks in the Market
• Unplugged Performance Transforms Tesla Model Y into Futuristic Police Cars
• Best TVs for Bright Rooms in 2023 – Samsung, Hisense, & More

(Via)

The post Jailbreak Unlocks Paid Upgrades in Tesla Model 3, A Leap in White Hat Hacking appeared first on Gizmochina.

In a recent announcement, TSMC (Taiwan Semiconductor Manufacturing Company) confirmed that it has fallen victim to a cyber attack, resulting in a data breach. The company acknowledged that some data had been leaked but assured the public that customer information remains secure. TSMC’s business operations have not been affected by the incident.

The Hackers are threatening to release login data to the public

According to a TSMC spokesperson, the cybersecurity breach was primarily related to the initial server setup and configuration. The company promptly responded to the incident by terminating data exchange with the supplier involved, adhering to its robust security protocols and standard operating procedures.

The group claiming responsibility for the security incident is LockBit, a notorious blackmailing organization. LockBit has published the stolen data on its website and is demanding a staggering ransom of $70 million. Should TSMC refuse to comply, LockBit threatens to release passwords and login information associated with the stolen data.

TSMC has made it clear that the compromised data originated from Kinmax Technology, a service provider offering IT solutions such as networking, cloud computing, storage, and database management to TSMC. While TSMC remains committed to resolving the situation, it is also collaborating with relevant authorities and cybersecurity experts to investigate the incident further.

As one of the world’s leading semiconductor manufacturers, TSMC’s security breach raises concerns within the tech industry. The incident serves as a stark reminder of the evolving threats faced by organizations, highlighting the critical importance of robust cybersecurity measures.

TSMC’s prompt response in terminating data exchange with the supplier demonstrates its commitment to safeguarding its operations and protecting customer information. The company’s dedication to adhering to established security protocols will undoubtedly be instrumental in resolving this breach and preventing similar incidents in the future.

RELATED:

• Apple’s iPhone 15 to Generate Billions in Revenue, Not Just for Apple but Also for TSMC
• TSMC’s Kumamoto Plant: Chip Orders Exceed Production Capacity, Even Before Mass Production
• Best Smartphones of 2023 – Samsung, Xiaomi, Apple & More

(Via)

The post TSMC Confirms Cybersecurity Incident and Data Breach, LockBit Demands $70 Million Ransom appeared first on Gizmochina.