Source Code For Rust-Based Info-Sealer Released On Hacker Forums

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. BleepingComputer reports: The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems. However, in its current form, the new info-stealer only targets Windows operating systems.

Analysts at cybersecurity firm Cyble, who sampled the new info-stealer and named it “Luca Stealer,” report that the malware comes with standard capabilities for this type of malware. When executed, the malware attempts to steal data from thirty Chromium-based web browsers, where it will steal stored credit cards, login credentials, and cookies. The stealer also targets a range of “cold” cryptocurrency and “hot” wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more. Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind. In addition to targeting applications, Luca also captures screenshots and saves them as a .png file, and performs a “whoami” to profile the host system and send the details to its operators.

Read more of this story at Slashdot.

Coding Mistake Made Intel GPUs 100X Slower in Ray Tracing

Intel Linux GPU driver developers have released an update that results in a massive 100X boost in ray tracing performance. This is something to be celebrated, of course. However, on the flip side, the driver was 100X slower than it should have been because of a memory allocation oversight. Tom’s Hardware reports: Linux-centric news site Phoronix reports that a fix merged into the open-source Intel Mesa Vulkan driver was implemented by Intel Linux graphics driver engineering stalwart Lionel Landwerlin on Thursday. The developer wryly commented that the merge request, which already landed in Mesa 22.2, would deliver “Like a 100x (not joking) improvement.” Intel has been working on Vulkan raytracing support since late 2020, but this fix is better late than never.

Usually, the Vulkan driver would ensure temporary memory used for Vulkan raytracing work would be in local memory, i.e., the very fast graphics memory onboard the discrete GPU. A line of code was missing, so this memory allocation housekeeping task wasn’t set. Thus, the Vulkan driver would shift ray tracing data to slower offboard system memory and back. Think of the continued convoluted transfers to this slower memory taking place, slowing down the raytracing performance significantly. It turns out, as per our headline, that setting a flag for “ANV_BO_ALLOC_LOCAL_MEM” ensured that the VRAM would be used instead, and a 100X performance boost was the result. “Mesa 22.2, which includes the new code, is due to be branched in the coming days and will be included in a bundle of other driver refinements, which should reach end-users by the end of August,” adds the report.

Read more of this story at Slashdot.

‘Ocean Cleanup’ Removes First 100,000 kg of Plastic From the Great Pacific Garbage Patch

The Ocean Cleanup, a nonprofit trying to rid the world’s oceans of plastic, announced that it’s “officially removed more than 100,000 kg of plastic from the Great Pacific Garbage Patch (GPGP).” The impressive milestone is almost 4x as much garbage it announced it removed last October. CEO Boyan Slat writes in a press release: Since deployment in August 2021, System 002 (or “Jenny”) has now collected 101,353 kg of plastic over 45 extractions, sweeping an area of ocean of over 3000km2 — comparable to the size of Luxembourg or Rhode Island. Added to the 7,173 kg of plastic captured by our previous prototype systems, The Ocean Cleanup has now collected 108,526 kg of plastic from the GPGP — more than the combined weight of two and a half Boeing 737-800s, or the dry weight of a space shuttle!

According to our 2018 study in which we mapped the patch, the total amount of accumulated plastic is 79,000,000 kg, or 100,000,000 kg if we include the Outer GPGP. Thus, if we repeat this 100,000 kg haul 1,000 times — the Great Pacific Garbage Patch will be gone.

I’m proud of The Ocean Cleanup team for crossing this milestone, which is all the more remarkable considering System 002 is still an experimental system. Now our technology is validated, we are ready to move on to our new and expanded System 03, which is expected to capture plastic at a rate potentially 10 times higher than System 002 through a combination of increased size, improved efficiency, and increased uptime. Our transition to System 03 is starting soon.

Read more of this story at Slashdot.

Chinese-Made Huawei Equipment Could Disrupt US Nuclear Arsenal Communications, FBI Determines

There’s been “a dramatic escalation of Chinese espionage on US soil over the past decade,” sources in the U.S. counterintelligence community have told CNN this weekend.

But some dramatic new examples have been revealed. For example, in 2017 China’s government offered to build a $100 million pavilion in Washington D.C. with an ornate 70-foot pagoda. U.S. counterintelligence officials realized its location — two miles from the U.S. Capitol — appeared “strategically placed on one of the highest points in Washington DC…a perfect spot for signals intelligence collection.”
Also alarming was that Chinese officials wanted to build the pagoda with materials shipped to the US in diplomatic pouches, which US Customs officials are barred from examining, the sources said. Federal officials quietly killed the project before construction was underway…

Since at least 2017, federal officials have investigated Chinese land purchases near critical infrastructure, shut down a high-profile regional consulate believed by the US government to be a hotbed of Chinese spies and stonewalled what they saw as clear efforts to plant listening devices near sensitive military and government facilities.
Among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country’s nuclear weapons…. It’s unclear if the intelligence community determined whether any data was actually intercepted and sent back to Beijing from these towers. Sources familiar with the issue say that from a technical standpoint, it’s incredibly difficult to prove a given package of data was stolen and sent overseas.

The Chinese government strongly denies any efforts to spy on the US…. But multiple sources familiar with the investigation tell CNN that there’s no question the Huawei equipment has the ability to intercept not only commercial cell traffic but also the highly restricted airwaves used by the military and disrupt critical US Strategic Command communications, giving the Chinese government a potential window into America’s nuclear arsenal…. As Huawei equipment began to proliferate near US military bases, federal investigators started taking notice, sources familiar with the matter told CNN. Of particular concern was that Huawei was routinely selling cheap equipment to rural providers in cases that appeared to be unprofitable for Huawei — but which placed its equipment near military assets.

Read more of this story at Slashdot.

Amazon Extends Alexa To Enable Ambient Intelligence

Sean Michael Kerner writes via VentureBeat: Amazon’s Alexa voice assistant technology isn’t just about natural language processing (NLP) anymore, now it has become a platform that’s aiming for ambient intelligence. At Amazon’s Alexa Live 2022 event today, the company announced a series of updates and outlined its general strategy for enabling ambient intelligence that will help transform how users in all types of different settings will interact with technology and benefit from artificial intelligence (AI). Among the announcements made at the event is the new Alexa Voice Service (AVS) SDK 3.0 to help developers build voice services, and new tools including the Alexa Routines Kit to support development of multistep routines that can be executed via voice. The concept of ambient intelligence is about having technology available when users need it and without the need for users to learn how to operate a service.

“One of the hallmarks of ambient intelligence is that it’s proactive,” [Aaron Rubenson, VP of Amazon Alexa] said. “Today, more than 30% of smart home interactions are initially initiated by Alexa without customers saying anything.” To further support the development of proactive capabilities, Amazon is now rolling out its Alexa Routines Kit. The new kit enables Alexa skills developers to preconfigure contextually relevant routines, and then offer them to customers when they’re actually using the relevant skill. One example cited by Rubenson of how routines work is in the automotive industry. He said that Jaguar Land Rover is using the Alexa Routines Kit to create a routine they call good night, which will automatically lock the doors, provide a notification of the fuel level or the charge level of the car and then turn on guardian mode, which checks for unauthorized activity.

As part of the Alexa Live event, Amazon is also rolling out a series of efforts to help developers build better skills, and make more money doing it. The new Skill Developer Accelerator Program (SDAP) is an effort to reward custom skill developers for taking certain actions that Amazon knows results in higher quality skills based on historical data. Rubenson said that the program will include monetary incentives and also incentives in the forms of promotional credits for developers that take these actions. There is also a Skills Quality Coach that will analyze skills individually, assign a skill quality score, and then provide individualized recommendations to the developer about how to improve that skill.

Read more of this story at Slashdot.

Apple’s New Car Software Could Be a Trojan Horse Into the Automotive Industry

With Apple’s new CarPlay software announced in June, the company is “is diving deeper into its automotive ambitions, opening up the possibility to enter into a multibillion segment of the auto industry that’s growing quickly: The ability to sell additional services and features to car owners,” reports CNBC. From the report: The auto industry faces an unappealing choice: Offer CarPlay and give up potential revenue and the chance to ride a major industry shift, or spend heavily to develop their own infotainment software and cater to an potentially shrinking audience of car buyers who will purchase a new vehicle without CarPlay. […] Industry observers believe carmakers need to embrace software services — and look at Apple’s offering with skepticism — or risk getting left behind. “It’s a really difficult time in the industry, where the car companies think they’re still building cars. They’re not. They’re building software on wheels, and they don’t know it, and they’re trading it away,” said Conrad Layson, senior analyst at AutoForecast Solutions.

The new version of CarPlay could be a huge emerging revenue engine for Apple. First, if a user loves the iPhone’s CarPlay interface, then they’re less likely to switch to an Android phone. That’s a strategic priority for Apple, which generates the majority of its revenue through hardware sales. Second, while the company doesn’t yet charge a fee to automakers or suppliers, it could sell services for vehicles the same way it distributes iPhone software. In June, Apple revealed that it has explored features that integrate commerce into the car’s cockpit. One new feature announced this summer would allow CarPlay users to navigate to a gas pump and pay for the fuel from the dashboard of the car, according to Reuters. Apple already generates tens of billions from the App Store, and stands to boost that if it ever decides to charge for services in cars…

Read more of this story at Slashdot.