Not only is this week almost over, we’re also almost halfway through 2023 already! And, worst of all, Cisco Live is almost over (sad face is sad). Speaking of which, I’ll talk about some of the Cisco Live announcements later in this topic but let’s chat about a few things happening in other parts of the tech world first.
Gigabyte has released an update to fix a potentially dangerous security flaw in its motherboard firmware. The update is available on the official Gigabyte site for Intel 700/600/500/400 series and AMD 600/500/400 series motherboards.
The issue, disclosed last week by firmware and hardware security company Eclypsium, is that the firmware of more than 270 Gigabyte motherboards drops a Windows binary that is executed at boot-up to fetch and execute a payload from Gigabyte’s servers.
A feature related to the Gigabyte App Center, the backdoor does not appear to have been exploited for malicious purposes, but threat actors are known to have abused such tools in previous attacks.
When it made its findings public, Eclypsium said it was unclear whether the backdoor was the result of a malicious insider, a compromise of Gigabyte’s servers, or a supply chain attack.
Download and install the new firmware as soon as possible if your motherboard is affected.
SpinOk malware has been found in multiple Android apps that have been downloaded more than 30 million times.
The malware-riddled apps were found on the Google Play store, following an investigation by cyber security company CloudSEK. Following their investigation, the research team found that 193 apps on the Google Play store were infected with malware, 43 of which were active within the last week.
As the mobile security company explained in its report, SpinOk was distributed via an SDK supply chain attack that infected many apps and, by extension, breached many Android users.
On the surface, the SDK served mini-games with daily rewards legitimately used by developers to pique the interest of their users. However, in the background, the trojan could be used to steal files and replace clipboard contents.
CloudSEK used the IoCs provided in Dr. Web’s report to uncover more SpinOk infections, extending the list of bad apps to 193 after discovering an additional 92 apps. Roughly half of those were available on Google Play.
DEEP Robotics Co., a pioneer in the development and industrial application of quadrupedal robots, has announced the launch of the newest version of its dexterous intelligent robot dog, Lite3.
From Interesting Engineering:
According to Deep Robotics, the newest robot has a 50 percent increase in torque over the Lite2 model: "The high-torque joint drive-module allows for high torque density, enhanced rotation stability and less power consumption."
“Lite3 features an industrial-level real-time control system with depth optimization, a first for the product lineup, with overall computing power increased threefold. The algorithm upgrades make its movement more agile and responsive.”
As you’ve probably heard already, this week is Cisco Live US 2023, and there have been a lot of announcements and updates. Here’s a few of them.
We launched new advancements to its Secure Access Cloud, including single sign-on, multi-factor authentication, and zero trust access to applications and data.
We launched a new Full-Stack Observability (FSO) Platform designed to deliver “contextual, correlated, and predictive” insights for customers. The platform is designed to help customers resolve issues quickly while also optimizing their experiences and reducing business risk.
We have updated its Cloud Native Application Security solution, Panoptica, to offer end-to-end lifecycle protection from development to deployment to production in cloud-native application environments. This update is specifically aimed at improving application security.
We introduced the Secure Firewall 4200 Series, which offers features like simplified branch routing, which enables secure traffic flow and enhanced control and visibility for remote office applications in hybrid data centres.
We announced some new features to its Cisco Umbrella security platform. With its new features, this platform now protects against internet threats, ensuring users' safety, the company said. It will also protect users from mobile threats, such as malware, phishing, and ransomware. It can also be integrated with other Cisco security products, such as Cisco SecureX and Cisco Secure Access Service Edge (SASE).
You can learn more about these updates, and so much more, in the Cisco Newsroom: