Information

Taiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities. Minister of Economic Affairs Wang Mei-hua said Friday that the investigation will determine if the companies have violated regulations prohibiting sales of sensitive technologies and equipment to China. The Ministry of Economic Affairs summoned the semiconductor and factory services suppliers for questioning after a report by Bloomberg said they were working with Huawei as it builds a network…

Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before…

Software development giant GitHub on Wednesday announced an enhancement to its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services. Generally available since March 2023, the secret scanning feature is meant to help organizations and developers identify potentially exposed secrets in their repositories and take immediate action. Backed by a large number of service providers in the GitHub Partner Program, the feature sends alerts to developers when…

Server and computer hardware giant Supermicro has released updates to address multiple vulnerabilities in Baseboard Management Controllers (BMC) IPMI firmware. The issues (tracked as CVE-2023-40284 to CVE-2023-40290) could allow remote attackers to gain root access to the BMC system, firmware supply chain security firm Binarly, which identified the bugs, explains. A special chip on server motherboards that support remote management, the BMC allows administrators to monitor various hardware variables and even update the UEFI system…

A series of critical vulnerabilities impacting a tool called TorchServe could allow threat actors to take complete control of servers that are part of the artificial intelligence (AI) infrastructure of some of the world’s largest companies. The flaws were discovered by Oligo, a company that specializes in runtime application security and observability, which disclosed its findings on Tuesday. The firm named the attack ShellTorch. TorchServe is an open source package in PyTorch, a machine learning…