The technology giant confirmed the incident via official Microsoft 365 Status channels, assigning the tracking identifier CP1188020 for administrative reference.

The Issue and Impact

The reported problem prevents users from executing any operations on files directly within the Microsoft Copilot interface.

This includes activities such as uploading, downloading, editing, sharing, or otherwise manipulating documents and files that users need to work with through the Copilot application.

The disruption has affected multiple users across the Microsoft 365 ecosystem, suggesting a potentially significant infrastructure or application-level issue.

The inability to process files through Copilot directly impacts productivity workflows that rely on the AI assistant to analyze documents, extract information, or perform collaborative file management tasks.

Organizations leveraging Copilot for document intelligence and file processing have reported workflow interruptions, forcing teams to seek alternative methods for file handling.

Microsoft’s incident management team has officially acknowledged the situation through the Microsoft 365 Status communication channel, confirming that technical teams are actively investigating the root cause.

Additional technical details and real-time updates on the investigation progress are available in the Microsoft 365 admin center under the incident ticket CP1188020.

The admin center serves as the central location where Microsoft 365 administrators can monitor incident status, view available mitigation steps, and receive estimated resolution timelines.

Organizations should check this resource regularly for the latest updates on the investigation findings and any recommended workarounds.

Currently, users experiencing issues with file operations in Microsoft Copilot should be aware that Microsoft’s engineering teams are working to identify the underlying cause and implement a resolution.

During this investigation period, users may need to temporarily use alternative methods for file processing tasks or defer non-critical operations until service restoration.

The incident highlights the importance of having backup workflows and contingency plans for critical file management operations that depend on cloud-based AI services.

Organizations should ensure their teams are aware of alternative methods for completing essential file-related tasks.

Microsoft typically provides hourly updates during active service investigations, with communications shared through the admin center and the Microsoft 365 Status page.

Administrators and end-users are encouraged to monitor these official channels for resolution announcements and any subsequent guidance once the issue is resolved.

The company’s track record demonstrates a commitment to rapid incident resolution, and users can expect continued transparency regarding investigation progress and remediation efforts.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Microsoft Investigating Copilot Issue On Processing Files  appeared first on Cyber Security News.

Two approaches often compared are DSPM and DLP. While both aim to safeguard data, their methods of operation differ. Understanding their roles and differences helps security teams improve their data protection strategies.

This article breaks down how each approach works, what sets them apart, and how they fit into today’s security landscape. By the end, you’ll have a clearer idea of which solution best meets your needs.

What Is DSPM?

The new data-focused security method, DSPM (Data Security Posture Management), shows how organizations store, access, and protect data. This approach is effective in complex environments. It checks the data security posture and helps organizations take proactive actions.

How DSPM Works

DSPM tools scan data stores to identify what data exists, where it resides, and who has access to it. They explore cloud services, SaaS platforms, and data lakes. These tools use context-aware analysis to spot issues. They flag problems such as exposed sensitive data, users with excessive permissions, and outdated access rules.

They check if sensitive information is classified correctly. They also see if users or roles have excessive access. DSPM platforms often work with IAM (identity and access management) systems. This helps to spot potential privilege escalations.

Key Capabilities of DSPM

• Risk assessment: DSPM evaluates the exposure level of sensitive data and prioritizes risks.
• Data mapping: creates a real-time inventory of data assets. It shows how data moves across different systems.
• Continuous monitoring and alerting teams about data changes that could signal risks.
• Remediation support to resolve identified issues.

Enterprise DSPM Use Cases

DSPM helps businesses secure data in cloud environments. It shows data risks clearly, which aids audits and compliance checks. DSPM also assists in adopting new cloud services. Additionally, it aligns storage practices with regulations.

What Exactly Is DLP?

Data Loss Prevention acts like a digital guardian. Its mission? To thwart unauthorized sharing of sensitive information, be it intentional or accidental. DLP applies strict rules, curbing how users can share or transfer data. In this digital age, protecting vital data is essential for every organization.

Core Functions of DLP Tools

DLP tools watch over data and stop sensitive information from leaving safe areas. They spot violations and notify admins. Some tools can spot complex patterns. For example, they can find medical records and credit card numbers.

Traditional vs. Modern DLP Approaches

Traditional DLP tools used on-premise systems and needed much manual tuning. Modern solutions offer broader coverage by linking to cloud platforms and endpoints. Still, they depend on classification policies and known patterns. Misconfiguring these can lead to blind spots.

Many newer DLP solutions now use machine learning to boost detection accuracy. However, they still need careful calibration to prevent blocking legitimate workflows. Balancing security with usability is a key challenge.

DSPM vs. DLP: Core Differences

DSPM and DLP both protect data, but they do it in different ways and for different reasons.

1. Detection vs. Prevention Models

DSPM identifies risks by examining how data is stored and accessed. It finds security gaps and offers recommendations. DLP, however, stops data from leaving its boundaries by enforcing strict control policies.

DSPM highlights visibility, while DLP stresses control. This makes DSPM more adaptable in changing environments. DLP is more rigid but effective in enforcing policies.

2. Context-Aware Insights vs. Rule-Based Policies

DSPM uses context to understand data sensitivity and its environment. This leads to smarter alerts and fewer false positives. DLP depends on fixed rules, which can be rigid. It also risks errors if not updated often.

With DSPM, alerts come from risk levels, not just rule violations. In contrast, DLP flags all violations the same, ignoring context.

3. Cloud-Native Coverage vs. Legacy Integrations

DSPM is built for cloud environments and scales across multiple clouds and hybrids. DLP solutions struggle to protect decentralized environments.

The traditional DLP tools were built for endpoints or perimeters. Now, they must adapt for distributed systems to avoid gaps. DSPM, a cloud-born solution, tracks data across new boundaries.

Strengths and Limitations of Each Approach

Each method brings distinct strengths but also has its limitations. Knowing where each excels helps in planning a balanced security strategy.

DSPM offers crystal-clear visibility into sensitive data’s whereabouts. It details where data is housed, who has access, and its security status. This transparency helps teams spot misconfigurations or risky permissions early. But remember, DSPM does not stop data transfers or prevent insider leaks.

DLP is effective in enforcement. It stops data from leaving the network through unauthorized channels. It helps prevent unintentional data leaks by employees. Its limitation lies in context. It may block legitimate actions or miss new threats due to outdated rules.

Combining both tools often provides better protection. DSPM informs where data risks lie. DLP enforces control to contain those risks. This synergy helps organizations quickly adapt to change while keeping strong security standards.

Do You Need DSPM, DLP, or Both?

Choosing between DSPM and DLP depends on your environment and goals. Many organizations benefit from using both. Below are the factors to consider in choosing the right strategy:

Type of data

Highly regulated data may require strict enforcement, making DLP a priority. Broad cloud data usage benefits more from DSPM.

Regulatory needs

Finance and healthcare need DLP for compliance. DSPM provides visibility, which helps with audit readiness.

Infrastructure scale

Cloud-native and hybrid environments need DSPM for visibility. In contrast, legacy systems often rely more on DLP.

You should also assess internal capabilities. Teams with strong cloud governance processes might gain more from DSPM initially. If you worry about insider threats or data sharing, DLP can help fast.

DSPM and DLP in the Context of Compliance

Regulatory requirements demand both proactive risk management and strict enforcement. DSPM and DLP play important roles in helping organizations stay compliant.

DSPM supports frameworks like GDPR, HIPAA, and CCPA. It maps where personal or regulated data resides. This helps verify that data is stored securely. It also ensures that access controls are effective.

DLP ensures compliance by preventing sensitive data from leaving protected systems. It logs incidents and enforces company policies in real-time.

DSPM and DLP join forces to guarantee compliance, creating a powerful alliance. They provide clear visibility and steadfast enforcement. Together, they strengthen governance efforts with great success and optimal resource use.

Additionally, when used in tandem, they streamline reporting and documentation for audits. Organizations can track how sensitive data is accessed and handled. This helps satisfy regulators and lowers penalties if breaches occur.

Conclusion

DSPM and DLP play different but vital roles in data security. DSPM aims to understand and improve data security. DLP focuses on enforcing controls and preventing leaks.

Organizations that use both get better visibility and stronger defenses. As data becomes more complex and scattered, a layered approach is essential. This strategy protects business integrity and builds trust. The right mix of visibility and control helps speed up responses. It also reduces blind spots and improves compliance outcomes.

The post DSPM vs. DLP:Understanding the Key Differences appeared first on Cyber Security News.

Cyber attacks increased by 30% between January 2023 and 2024 and amount to 13 attacks per second. This shows that our reliance on mobile technology is rising, and so is the sophistication of cyber threats. 

Mobile app security must be the focus of the entire application development lifecycle, not an afterthought. This can be done only if native Android or iOS app development guarantees rich, feature-packed applications that leverage the full potential of the hardware and ensure built-in security features to make the products less vulnerable to threats.

Alt text: “Each stage of app development is crucial, and any fault can expose app users to multiple vulnerabilities; the link between each stage and subsequent threats is mentioned”

You probably want to develop an app, are cautiously in the process of developing one, or have just faced an attack. You might also be a user who cares about security and privacy. Whoever you are, you will find these 5 effective strategies and protocols useful.

1. Secure User Authentication

To ensure the data security of users, developers must put together a proper plan, including robust authentication techniques to guarantee safety during app login:

Password

Make it mandatory for users to create complex passwords that consist of 12 or more characters. Avoid using information that can be guessed easily, such as names or birthdates.

Two-Factor Authentication (2FA) 

As the name suggests, users are granted access based on two forms of identification. Typically, this involves:

– Something that only you know about — a password or PIN.

– Something only you can access — a physical device like a smartphone that receives a one-time code or generates it through an authentication app.

The method is as follows:

1. The user enters a username and password.
2. After submitting their password, users will receive a one-time code via SMS or an authenticator app.
3. Users enter this code, and the login process is completed.

Attackers would need both the password and physical access to the user’s device, so the process is getting much more complicated for them.

Multi-Factor Authentication (MFA): 

Beyond 2FA, consider implementing MFA, which enhances security by adding another layer that makes it harder to penetrate. Three types of multi-factor authentication are:

2. Data Encryption

According to a 2024 survey of cybersecurity professionals, 43 percent of respondents worldwide considered data protection as their biggest application security concern.

Even today, users are skeptical about using mobile apps that handle personal details, financial data, and health records, making, data encryption vital. A data breach can potentially lead to identity/funds being stolen or damage to reputation. Hence, developers must protect data at rest, in transit, and in use.

Two prominent encryption standards are given below:

3. Secure API Communication

In 2023, T-Mobile experienced a major data breach affecting 37 million customers, where personal and account information was accessed via an API attack. 

Most mobile apps don’t work in isolation. Take fintech or tourism apps, for example — they are part of a bigger ecosystem of many services and platforms. They integrate multiple APIs, continually receiving and sending out confidential data. It is vital to adopt integrated security. Otherwise, criminals could easily intercept the data transmission stream and illegally access the app.

The core of secure data transmission via APIs is the implementation of HTTPS and TLS (Transport Layer Security). 

Key steps for implementation:

1. Get an SSL/TLS Certificate from a trusted Certificate Authority (CA) to authenticate your server and install the certificate.
2. Enable HTTPS in your web server settings.
3. Use Strong Cipher Suites.
4. Implement Mutual TLS (mTLS) for added security (require both client and server authentication).
5. Enable HTTP Strict Transport Security to safeguard connections and prevent SSL stripping attacks.

4. Code Obfuscation and Integrity Checks

Developers can combine these techniques to create robust defenses against reverse engineering and unauthorized access, protecting intellectual property and sensitive data within their applications. 

• Code obfuscation 

It makes the source code difficult to understand but functional, hence securing software from reverse engineering. It involves transforming the code into a more complex and less readable form, thereby complicating the efforts of potential attackers to analyze or manipulate it. 

Code obfuscation is particularly effective for languages that produce intermediate-level instructions, such as Java and .NET languages (C#, VB.NET, etc.). 

• Integrity Checks

Integrity checks help prevent tampering by malicious software. They are essential for real-time data protection, ensuring the accuracy and consistency of data within systems. They work by generating a unique identification code, such as a checksum or hash, for data in its original state. This code is periodically re-generated and compared to the original. If the values match, the data is considered intact. If discrepancies arise, it indicates potential tampering or corruption, prompting further investigation.

Overall, combining code obfuscation with robust integrity checks creates a layered security approach that enhances the resilience of applications against reverse engineering and tampering threats.

5. Threat Detection, Investigation, and Response(TDIR)

Threat Detection, Investigation, and Response (TDIR) focuses on identifying potential threats, investigating incidents, and effectively responding to mitigate risks. This approach is essential for organizations to protect their digital assets and maintain operational integrity in a complex cyber landscape.

The threat detection process typically includes:

• Monitoring network activity 
• Anomaly detection
• Threat comparison 

Threat investigation involves analyzing detected threats or incidents to understand their nature, origin, and impact. This phase examines security alerts to determine their validity.

Incident response includes locating and containing the issue, minimizing harm, and restoring hacked systems. Security analysts perform user and traffic behavior analysis or use data correlation, for example, to pinpoint the source of the threat and the extent of the damage.

Threat response encompasses actions taken to mitigate the effects of a detected threat. This phase focuses on threat containment, removing it from the environment, and recovering from any damage caused.

Security Tools

Final Thoughts

Cybersecurity is an ongoing process, not a one-time task, hence being vigilant at all times is necessary. Staying informed about emerging threats and best practices in security is essential for developers to adapt their applications accordingly. This includes regular code reviews, penetration testing, and implementing advanced security features like binary protections and code obfuscation. 

The overall security posture of iOS/Android native apps can be greatly improved if developers make these five essential security strategies a priority. 

The post 5 Must-Have Security Features for Native Apps appeared first on Cyber Security News.

Linked to the cyber-mercenary group Dark Caracal, this campaign represents an evolution of tactics previously associated with the Bandook remote access trojan, now adapted for broader phishing operations and financial espionage.

The Attack Chain

The campaign begins with phishing emails disguised as financial notifications, often referencing unpaid invoices or tax documents. 

Attackers attach PDF files mimicking legitimate organizations, including Venezuelan banks like BBVA Provincial and industrial firms such as Global Supply Services. 

These decoys use blurred graphics and metadata fields populated with Spanish-language author names like “Rene Perez” and “Keneddy Cedeño” to appear authentic while evading initial detection.

When opened, the PDFs redirect victims to shortened URLs hosting malicious .rev archives on platforms like Google Drive and Dropbox. 

This technique exploits trust in legitimate cloud services—only 7% of decoy documents triggered antivirus alerts during the 2024–2025 campaign. 

The .rev files, originally designed for repairing corrupted archives, now serve as stealth vehicles for Poco RAT’s dropper—a Delphi-based executable that avoids disk writes by injecting directly into processes like iexplore.exe.

Technical Evasion and Expanded Targeting

Dark Caracal’s latest tools employ multi-layered obfuscation:

• Dynamic API resolution hides malicious function calls
• Twofish encryption with per-build keys secures embedded strings
• Exception-handler hijacking redirects code execution to bypass debuggers

The group has expanded its industry targets compared to previous Bandook campaigns, with 49% of recent attacks impersonating technology firms—a 33% increase from 2023. 

Financial organizations (10%) and manufacturing enterprises (10%) remain key targets, reflecting continued interest in intellectual property and transaction records.

Poco RAT’s Espionage Toolkit

Once deployed, the malware conducts comprehensive reconnaissance:

1. Environment profiling: Detects virtualization through registry checks (SOFTWARE\Oracle\VirtualBox) and port scanning (VMware’s 0×5658)
2. Data collection: Harvests usernames, OS versions, and RAM metrics into structured reports using “@&)” delimiters
3. C2 communication: Maintains persistence through heartbeat messages to IPs like 193.233.203.63 while cycling through ports 6211–6543 to avoid blocking

Command execution capabilities include:

• Screen capture (T-05)
• Fileless payload execution (T-03)
• Passthrough command prompt access (T-06)

Infrastructure Links to Bandook Operations

Analysis by Positive Technologies reveals overlapping infrastructure between Poco RAT and Dark Caracal’s legacy tools (Table 5):

• AS200019 (AlexHost SRL): Hosts both Poco RAT (185.216.68.121) and Bandook C2s (185.216.68.143)
• AS44477 (Stark Industries Ltd.): Shared by Poco RAT (94.131.119.126) and Bandook servers since 2023.

This infrastructure synergy enabled a smooth transition between malware families, with Poco RAT samples increasing 36% year-over-year (483 vs. 355 Bandook files).

As Dark Caracal continues refining its tactics, the blend of social engineering and cloud abuse in this campaign underscores the need for defense-in-depth strategies combining user education and technical controls.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free

The post Poco RAT Malware Exploits PDF Files to Infiltrate Systems and Steal Data appeared first on Cyber Security News.

Written in C# as a .NET executable, Flesh Stealer emerged in August 2024 and has been actively updated to include anti-debugging and anti-virtual machine (VM) techniques.

Notably, the malware avoids infecting systems in Commonwealth of Independent States (CIS) countries, reflecting its Russian-speaking developer’s intent to evade local scrutiny, as per a report by CyFirma.

Key Features and Capabilities

Targeted Browsers and Applications

Flesh Stealer focuses on extracting sensitive data, including saved passwords, cookies, browsing history, and chat logs.

It bypasses Chrome’s App Bound Encryption—a significant security feature—to access protected data.

The malware works across multiple browsers, including Chrome, Firefox, Brave, and Edge, and extends its reach to applications like Signal and Telegram by exfiltrating stored databases and chats.

Anti-VM and Anti-Debugging Techniques

To elude detection and analysis, Flesh Stealer checks for virtualized environments by scanning system memory, BIOS versions, and processor speeds.

It identifies VMs by detecting strings like VMware, VirtualBox, and Hyper-V. For anti-debugging, it searches for processes associated with tools like Wireshark and HttpDebuggerUI and terminates them if found.

Wi-Fi and PnP Device Exploitation

The malware uses the Windows Management Instrumentation (WMI) component to collect information about Plug and Play (PnP) devices and save it to a file named device.txt.

Additionally, it executes the netsh command to extract Wi-Fi network credentials, including authentication types, encryption methods, and passwords.

Initially promoted on underground forums like Pyrex Guru and popular platforms like Discord and Telegram, Flesh Stealer relied on Base64 obfuscation techniques to hide its malicious code.

The malware was also showcased on YouTube, where its developer demonstrated its capabilities—though the video and associated domain have since been taken down.

Despite these setbacks, the malware’s promotional Discord and Telegram channels remain active, with over 210 members.

Recent Developments

On January 29, 2025, the Flesh Stealer developer announced support for Chrome version 131, reflecting their commitment to evolving the malware.

A customizable control panel allows cybercriminals to configure features like enabling startup persistence, activating anti-debug measures, and running the software with administrator privileges.

All stolen data is sent to the attacker’s infrastructure, where it is stored for further exploitation.

Flesh Stealer’s advanced features and adaptability make it a formidable cyber threat.

Its ability to steal credentials, bypass encryption, and evade detection underscores the growing sophistication of malware targeting both individuals and enterprises.

The malware developer’s decision to exclude CIS countries indicates regional considerations that align with Russian-speaking cybercriminal norms.

With its expanding capabilities and persistent development, Flesh Stealer poses a significant threat to online security.

Organizations must remain vigilant, adopting robust cybersecurity measures, including frequent password updates, multi-factor authentication, and proactive threat intelligence, to defend against such emerging threats.

As Flesh Stealer continues to target popular browsers and applications, awareness and preparedness remain the first line of defense.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The post Flesh Stealer Malware Targets Chrome, Firefox, and Edge to Steal Passwords appeared first on Cyber Security News.

This latest update addresses critical vulnerabilities within the Android operating system and includes essential patches from both Google and Samsung, aimed at bolstering user security and device integrity.

The January 2025 Security Maintenance Release incorporates patches that align with the Android Security Bulletin for January 2025.

Among the critical vulnerabilities identified, five Common Vulnerabilities and Exposures (CVE) have been prioritized for immediate attention:

• CVE-2024-43096
• CVE-2024-43770
• CVE-2024-43771
• CVE-2024-49747
• CVE-2024-49748

These vulnerabilities pose significant risks as they enable attackers to execute arbitrary code, potentially leading to unauthorized access to sensitive information and control over affected devices.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Samsung is urging users to update their devices promptly to mitigate these risks. In addition to the critical patches from Google, Samsung has also introduced 22 unique Samsung Vulnerabilities and Exposures (SVE) items in this update.

These patches reflect Samsung’s commitment to maintaining the highest levels of security for its customers.

By addressing both Google and Samsung-specific vulnerabilities, the company aims to reassure users about the safety of their devices and data.

Users can find the Samsung Security Index (SSI) in the “Security software version” section of their device settings. The SMR January 2025 Release 1 encompasses all necessary patches from both Samsung and Google.

Notably, some SVE items may not be included in this release if they were already patched in previous updates.

Samsung Mobile continues to emphasize the importance of security in the rapidly evolving digital landscape, where cyber threats are becoming increasingly sophisticated.

The company is dedicated to providing timely updates to ensure that its customers have the most secure device experience possible.

Samsung urges users of its flagship models to download and install the latest updates as soon as they become available.

This practice not only safeguards personal information but also enhances the overall performance and longevity of devices.

For detailed instructions on how to update your device, Samsung users can visit the company’s official support website or consult their device’s user manual.

With these updates, Samsung reaffirms its commitment to user safety and security in an increasingly interconnected world.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!

The post Samsung Patches Multiple Vulnerabilities That Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

These vulnerabilities affect a variety of SonicWall hardware products, potentially compromising network security.

Vulnerability Summary

The advisory highlights four significant vulnerabilities within the SonicOS framework:

• CVE-2024-40762 concerns the use of a cryptographically weak pseudo-random number generator (PRNG) within the SSLVPN authentication token generator. This weakness can be exploited by attackers, allowing them to predict authentication tokens in certain scenarios, leading to a potential authentication bypass. The CVSS score for this vulnerability is categorized at 7.1, classified under CWE-338.
• CVE-2024-53704 represents an improper authentication vulnerability within the SSLVPN mechanism. This flaw allows remote attackers to bypass authentication processes, posing a serious threat to network integrity. It has a CVSS score of 8.2 and falls under CWE-287.
• CVE-2024-53705 relates to a server-side request forgery (SSRF) vulnerability found in the SSH management interface of SonicOS. This vulnerability permits remote attackers to establish TCP connections to arbitrary IP addresses on any port while a user is logged into the firewall. It is rated with a CVSS score of 6.5 and classified under CWE-918.
• CVE-2024-53706 highlights a local privilege escalation vulnerability specifically in the Gen7 SonicOS Cloud platform, affecting AWS and Azure editions. This vulnerability allows low-privileged, authenticated users to escalate their privileges to root, potentially leading to unauthorized code execution. Its CVSS score is 7.8 and is categorized under CWE-269.

Affected Products

These vulnerabilities affect various models of SonicWall hardware firewalls and the Gen7 Cloud platform. The table below summarizes the relevant CVEs and affected versions:

SonicWall has not found any evidence of these vulnerabilities being exploited in the wild. However, they strongly urge users to upgrade their SonicWall Firewall products to the latest patched versions available on the SonicWall website.

Additionally, users should limit access to SSLVPN and SSH management to trusted sources or disable these features if not in use. For further information on securing your systems, users can refer to SonicWall’s technical support.

By addressing these vulnerabilities swiftly, IT departments can better protect their networks against potential attacks, ensuring the integrity and confidentiality of their data.

ANY.RUN Threat Intelligence Lookup - Extract Millions of IOC's for Interactive Malware Analysis: Try for Free

The post Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication appeared first on Cyber Security News.

Aimed at AI researchers, data scientists, and students globally, Project DIGITS leverages the cutting-edge NVIDIA Grace Blackwell platform to bring unparalleled computing power to users’ desktops.

Unmatched Performance with the GB10 Superchip

At the heart of Project DIGITS is the new NVIDIA GB10 Grace Blackwell Superchip, engineered to deliver an astounding 1 petaflop of AI computing performance at FP4 precision.

This system-on-a-chip (SoC) integrates a high-performance NVIDIA Blackwell GPU, which features the latest CUDA cores and fifth-generation Tensor Cores, connected through the NVLink-C2C chip-to-chip interconnect.

This innovative architecture is complemented by a powerful Grace CPU with 20 energy-efficient cores, designed in collaboration with MediaTek, a leader in Arm-based SoC designs.

Jensen Huang, founder and CEO of NVIDIA, emphasized the significance of this technology, stating, “AI will be mainstream in every application for every industry. With Project DIGITS, the Grace Blackwell Superchip comes to millions of developers.”

The project aims to empower data scientists, AI researchers, and students by placing a supercomputer directly on their desks, enabling them to prototype, fine-tune, and deploy large AI models with unprecedented ease.

Scalable AI Solutions at Your Fingertips

With Project DIGITS, users can execute inference on their models locally and then transition seamlessly to the accelerated cloud or data center infrastructure.

Each unit is equipped with 128GB of unified memory and up to 4TB of NVMe storage, allowing developers to run extensive 200-billion-parameter large language models.

Moreover, utilizing NVIDIA ConnectX networking technology, two Project DIGITS units can be linked to tackle even larger models of up to 405 billion parameters.

Project DIGITS is built on the Grace Blackwell architecture, facilitating development on local systems running the Linux-based NVIDIA DGX OS.

Once models are tested, they can seamlessly scale using NVIDIA DGX Cloud or other data center infrastructure, maintaining compatibility with the same architecture and software platform.

Developers will have access to an extensive array of NVIDIA AI software, including SDKs, orchestration tools, and frameworks from the NVIDIA NGC catalog.

Notable tools such as the NVIDIA NeMo framework for model fine-tuning and NVIDIA RAPIDS libraries for data science acceleration will be available. Additionally, users can explore NVIDIA Blueprints and microservices for AI application development.

Project DIGITS is set to launch in May 2025, with pre-orders starting at $3,000. Aspirant developers and researchers can sign up for notifications and be among the first to experience the future of AI computing.

As NVIDIA propels us into the next era of innovation, Project DIGITS stands poised to democratize access to advanced AI technologies.

ANY.RUN Threat Intelligence Lookup - Extract Millions of IOC's for Interactive Malware Analysis: Try for Free

The post Nvidia Unveils Digits, $3,000 Personal AI Supercomputer appeared first on Cyber Security News.

Originating in India, the Joshi virus is renowned as the country’s first global computer virus, highlighting the rise of digital threats during a transformative era for computing.

Birth of the Joshi Virus

Discovered in June 1990, the Joshi virus quickly spread across India and sections of Africa. It is classified as a boot sector infector, primarily affecting 5.25-inch diskettes, and can also infect hard disk partition tables.

Its primary symptoms include system hangs and a perplexing prompt urging users to type “Happy Birthday Joshi” — a quirk that adds a level of intrigue to its notorious reputation.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Technicalities and Impact

The Joshi virus is characterized as a resident boot sector/partition table infector with a memory footprint of approximately 6 KB.

This means that once a system is booted from an infected diskette, the virus remains in memory, reducing the total available memory reported by the DOS CHKDSK command.

Its impact can be severe, particularly as it can cause significant functionality issues, including the system hanging on January 5th, where it displays its infamous birthday message.

According to the WdFiles report, the virus operates by hooking into the system interrupting and manipulating the boot process.

Like the infamous Stoned virus, Joshi targets the master boot record, thus entering a stealth mode where it avoids detection while carrying out its operations.

For those suspecting infection, identifying the Joshi virus involves checking the boot sector of suspect diskettes or examining the partition table of hard disks.

If the first two bytes of these sectors are found to be hex EB 1F, it indicates the presence of the virus.

Despite advancements in antivirus technology, removing the Joshi virus can be tricky. Recommendations include booting from a known clean DOS diskette, using various tools like CleanUp V66+, or even resorting to low-level formatting for hard disks.

However, as of mid-1990, no specific utilities were available to completely disinfect the master boot sector once infected.

The Joshi virus serves as a historical marker in the field of cybersecurity, reminding us of the need for vigilance and updated protective measures against such threats.

It represents a time when the world was just beginning to grapple with the realities of computer viruses and the importance of cybersecurity awareness.

As technology continues to evolve, understanding the origins of such threats can help inform current practices and future developments in the field.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!

The post 5th January and The Tale of Joshi Virus: India’s First Global Computer Virus appeared first on Cyber Security News.

The breach has led to significant disruptions in its operations, prompting the company to take immediate action by shutting down affected systems and initiating a comprehensive investigation.

The cyberattack was first reported in a regulatory filing to the Bombay Stock Exchange (BSE), where Thomas Cook (India) disclosed the incident without specifying the exact timeline of the attack.

The company stated, “Immediately upon becoming aware of the incident, we have taken the necessary steps to investigate and respond to the incident, including shutting down affected systems.”

Response to the Breach

In response to the breach, Thomas Cook (India) has engaged leading cybersecurity experts to assess the extent of the damage and to implement remedial actions.

“We are working with leading cyber security experts to support our investigation and identify the extent of the issue and take remedial action as necessary,” the company added. This collaboration aims to contain the breach, secure the systems, and restore normalcy to its operations.

The impact of the cyberattack was evident as Thomas Cook India’s website displayed an Error 503, indicating that the site was temporarily unavailable due to the attack. This disruption has affected the company’s online presence, potentially impacting customer bookings and services.

The financial implications of the attack are yet to be fully assessed, but Thomas Cook (India) reported a robust financial performance in the second quarter of the fiscal year 2025, with a 39.8% year-on-year surge in net profit to ₹72 crore and an 8.7% increase in revenue from operations to ₹2,003.8 crore.

However, the cyber incident could pose challenges to its ongoing operations and financial stability if not addressed promptly.

The company’s shares experienced a slight dip, closing at ₹195.55, down by ₹1.05 or 0.53% on the BSE following the announcement of the cyberattack. This reflects investor concerns over such security breaches’ potential operational and reputational risks.

Thomas Cook (India) has not disclosed further details regarding the nature of the attack or the potential compromise of customer data. However, the focus remains on restoring services and ensuring the company’s IT infrastructure is secure against future threats.

As Thomas Cook (India) works to mitigate the effects of this attack, the broader implications for cybersecurity in corporate India will likely be a topic of discussion in the coming days.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

The post Thomas Cook Hit by Cyber Attack, IT Systems Impacted appeared first on Cyber Security News.