Connect with us

Technology

Microsoft describes how its leaders were spied on by Russian hackers

Published

on

Microsoft describes how its leaders were spied on by Russian hackers

The Russian state-sponsored hackers responsible for the SolarWinds attack launched a nation-state attack against Microsoft’s corporate systems, the company disclosed last week. Some members of Microsoft’s senior leadership team had their email accounts compromised by hackers, who may have been snooping on them for weeks or months.

Microsoft released a preliminary investigation of how the hackers circumvented its security measures, even though the software company’s original SEC report late on Friday had little details about how the attackers obtained access. It also serves as a warning that other firms have been targeted by the same hacking outfit, commonly known as Nobelium or by the weather-themed nickname “Midnight Blizzard,” which Microsoft uses to refer to them.

Initially, Nobelium used a password spray assault to gain access to Microsoft’s servers. Hackers employ a dictionary of possible passwords in this kind of brute force attack against accounts. Crucially, two-factor authentication was not activated on the compromised non-production test tenant account. In order to avoid discovery, Microsoft claims that Nobelium “tailored their password spray attacks to a limited number of accounts, using a low number of attempts.”

The group identified and compromised a historical test OAuth application that had elevated access to the Microsoft corporate environment by using the access they had gained from the previous attack. A popular open standard for token-based authentication is OAuth. It’s a widely used web feature that lets you log into apps and services without giving your password to a website. OAuth is used on websites that you might be able to get into with your Gmail account.

The group was able to produce more malicious OAuth apps and accounts thanks to this higher access, which also gave them access to Microsoft’s corporate network and, eventually, its Office 365 Exchange Online service, which gives users access to email inboxes.

“Midnight Blizzard leveraged these malicious OAuth applications to authenticate to Microsoft Exchange Online and target Microsoft corporate email accounts,” explains Microsoft’s security team.

Microsoft previously stated that it was “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” The company has not disclosed the exact number of its corporate email accounts that were targeted and accessed.

Additionally, Microsoft has yet to provide a precise timeframe for the duration of the hackers’ eavesdropping on its top leadership group and other staff members. Although the first attack happened in late November 2023, Microsoft didn’t become aware of it until January 12th. This could indicate that for almost two months, the attackers surveilled Microsoft leaders.

The same group of hackers had earlier this week gotten access to Hewlett Packard Enterprise’s (HPE) “cloud-based email environment.” Although HPE did not identify the supplier, it did disclose that the event was “probably connected” to the “exfiltration of a restricted quantity of [Microsoft] SharePoint documents as early as May 2023.”

The Microsoft hack happened a few days after the business declared its intention to restructure its software security in response to significant attacks on the Azure cloud. This is Microsoft’s most recent cybersecurity incident. A Microsoft Exchange Server vulnerability allowed 30,000 companies’ email systems to be compromised in 2021, and Chinese hackers used a Microsoft cloud attack last year to access emails belonging to the US government. The same Nobelium group that carried out this embarrassing executive email hack previously targeted Microsoft in the massive SolarWinds attack almost three years ago.

The cybersecurity community will probably take issue with Microsoft’s revelation that a crucial test account was operating without two-factor authentication. Although there was no software vulnerability in Microsoft, the hackers were able to stealthily navigate Microsoft’s corporate network thanks to a series of incorrectly set up test setups. “In an interview with CNBC earlier this week, George Kurtz, the CEO of CrowdStrike, questioned how the compromise of the highest ranking officials at Microsoft occurred in a non-production test environment.” “I believe there will be much more information released on this,”

Kurtz was correct; additional information has surfaced, but some crucial elements remain unreported. Microsoft asserts that in order to properly defend against these threats, “mandatory Microsoft policy and workflows would ensure MFA and our active protections are enabled” if this identical non-production test environment were implemented today. Microsoft still has a lot of explaining to do, particularly if it wants its users to think that it is genuinely making improvements to the way it develops, tests, builds, and runs its services and software to better defend against security risks.

Technology

Timescale Introduces Advanced AI Vector Database Extensions for PostgreSQL

Published

on

A PostgreSQL cloud database provider recently declared the availability of two brand-new, open-source extensions that greatly improve the scalability and usability of its data retrieval from vector databases for artificial intelligence applications.

Using PostgreSQL, an open-source relational database, for vector data retrieval is made possible by the new extensions, pgvectorscale and pgai. This is essential for developing AI applications and specialized contextual search.

AI programmers can add data to high-dimensional arrays using vector databases, connecting them based on their contextual relationships with each other. Vector databases store data using contextualized meanings, where the “nearest neighbor” can be used to connect them, in contrast to typical relational databases. For example, a cat and a dog have a closer meaning as family pets than does an apple. When an AI searches for semantic data, including keywords, documents, photos, and other media, this speeds up the information-finding process.

Timescale’s AI product lead, Avthar Sewrathan, told SiliconANGLE in an interview that while most of this data is kept in very popular, high-performance vector databases, not all of the data used by services is kept in vector databases. Thus, in the same context, there are occasionally several data sources.

“AI is being incorporated into every organization in the world, in some form or another, whether through the development of new apps that capitalize on the power of large language models or through the redesign of current ones,” stated Sewrathan. Therefore, CTOs and technical teams must decide whether to employ a distinct vector database or a database they are already familiar with while figuring out how to use AI. Encouraging Postgres to be a better database for AI is the driving force behind these enhancements.

Building on the open-source foundation of the original expansion, pgvectorscale, enables developers to create more scalable artificial intelligence (AI) applications with improved search performance at a reduced cost.

According to Sewrathan, it incorporates two innovations: Statistical Binary Quantization, which is an enhancement of standard binary quantization that helps reduce memory use, and DiskANN, which can offload half of its search indexes to disk with very little impact on performance. DiskANN is capable of saving a significant amount of money.

In comparison to the widely used Pinecone vector database, PostgreSQL was able to attain 28x lower latency for 95% and 16x greater query throughput for approximate nearest neighbor queries at 99% recall, according to Timescale’s benchmarks of pgvectorscale. Since pgvectorscale is written in Rust instead of C, PostgreSQL developers will have more options when developing for vector support.

The next addition, pgai, is intended to facilitate the development of retrieval-augmented generation, or RAG, solutions for search and retrieval in applications using artificial intelligence. In order to lessen the frequency of hallucinations—which occur when an AI boldly makes erroneous statements—RAG blends the advantages of vector databases with the skills of LLMs by giving them access to current, reliable information in real-time.

Building precise and dependable AI systems requires an understanding of this technique. OpenAI conversation completions from models like GPT-4o are built directly within PostgreSQL with the first release of pgai, which facilitates the creation of OpenAI embeddings rapidly.

The most recent flagship model from OpenAI, the GPT-4o, offers strong multimodal capabilities like video comprehension and real-time speech communication.

According to Sewrathan, PostgreSQL’s vector functionality builds a strong “ease of use” bridge for developers. This is significant because many firms currently use PostgreSQL or other relational databases.

Because it streamlines your data architecture, adding vector storage and other features via an extension is much easier, according to Sewrathan. “One database is all you have.” It has the ability to store several data kinds simultaneously. That has been extremely beneficial because without it, there would be a great deal of complexity, data synchronization, and data deduplication.

Continue Reading

Technology

Apple is Updating Siri and Giving it new Generative AI Capabilities

Published

on

The release of iOS 18, macOS updates, and other significant announcements marked the beginning of Apple’s yearly Worldwide Developers Conference (WWDC) 2024 yesterday. The launch of the eagerly awaited new iteration of Apple’s voice assistant, Siri, was the most notable of these. By means of a brand-new system dubbed “Apple Intelligence,” the revised Siri is equipped with stronger generative AI capabilities.

With these enhanced artificial intelligence capabilities, Apple has enabled Siri to perform better, becoming more contextually aware, natural, and deeply ingrained in the Apple environment. The incorporation of ChatGPT into this change promises more intelligent responses and new AI-powered functionality. The updated Siri, according to Apple, is “more natural, more contextually relevant, and more personal,” and it may speed and streamline routine activities. Let’s examine each of the recently added features of Apple’s sophisticated voice assistant in depth.

New style

Activating a bright light that encircles the screen edges is just one of the many features of the redesigned Siri. Increased user engagement is the goal of this graphic makeover. Apple has added onscreen awareness to Siri, which goes beyond aesthetics and allows the virtual assistant to take actions based on what’s on the screen. Customers may now ask Siri to locate and act upon book recommendations received via Messages or Mail, or to add a new address straight from a text message to a contact card.

An enhanced capacity for linguistic comprehension

Apple’s Siri now features richer language-understanding capabilities, allowing it to process and respond to user commands more naturally. This improvement ensures Siri can maintain context across multiple interactions, even if users stumble over their words. Additionally, users can now type to Siri and switch seamlessly between text and voice inputs, offering more flexible ways to interact with the assistant.

Siri’s compatibility with outside applications

Because of the new App Intents API, one of the most notable aspects of the new Siri is its ability to perform actions in a variety of apps—both those developed by Apple and those by outside developers. This means that programmers can give Siri specific commands to execute within their apps. For example, users may ask Siri to “send the photos from the barbecue on Saturday to Malia” using a message app, or “make this photo pop” in a photo editing software. Interactions between various apps and services can now be done more easily thanks to this added capabilities.

Apple and openAI collaborate to power Siri

Notably, Apple and OpenAI have teamed to enhance Siri’s generative AI capabilities by integrating ChatGPT technology. With this integration, Siri can respond with greater sophistication and manage jobs that are more complicated. Users of Apple’s Mac and iPhone operating systems will be able to access ChatGPT through updates, which will improve features like text and content production. Apple’s plan to integrate cutting-edge AI technologies and maintain its competitiveness in the IT industry includes this relationship.

Apple uses sophisticated Siri to protect user privacy

Users can be reassured by Apple that Siri and the new AI capabilities in its devices will respect its strict privacy policies. While the company will rely on the cloud without storing user data there for more power-intensive operations, certain AI functions will process data directly on the device. This strategy aligns with Apple’s goal of striking a balance between improved usefulness and consumer privacy.

The new Siri will only be available on a few chosen Apple devices

The newest iPads, Macs, and iPhones will be the only devices that can utilize this sophisticated Siri experience. Most of Siri’s new features, which are powered by Apple Intelligence, will only be available on the iPhone 15 Pro, iPhone 15 Pro Max, iPads, and Macs with M1 CPUs or later.

Continue Reading

Technology

EU Introduces an AI-Driven “Digital Twin” of the Planet

Published

on

Today, the European Commission unveiled the initial iteration of Destination Earth (DestinE), an AI-driven simulator designed to increase the precision of climate projections.

Two models—one for extreme weather events and another for adapting to climate change—are included in the initial edition of DestinE. With the use of these models, the Earth’s climate will be closely observed, predicted, and simulated.

According to EU antitrust chief Margrethe Vestager, “DestinE means that we can observe environmental challenges which can help us predict future scenarios – like we have never done before.”

The LUMI supercomputer located in Finland is one of the high-performance computers (EuroHPC) that power DestinE. To accelerate data processing, the developers have integrated this with AI.

Vestager stated, “This first phase shows how much we can achieve when Europe puts together its massive supercomputing power and its scientific excellence.”

The main model will, however, probably change over time, and by the end of this decade, a digital duplicate of the Earth should be finished.

Digital Twin of the Earth

Want to test how a heatwave will impact food security? Or if a storm will flood a certain city? Or the best places to position your wind farm? All of that could be possible using the digital twin of the Earth.

The digital twin uses a sizable data lake to fuel its simulations and forecasts. Satellites like those used in the EU’s Copernicus program are the source of this data. It will also originate from vast amounts of public data as well as IoT devices situated on the ground.

Future iterations of the digital twin of Earth will incorporate data from forests, cities, and oceans, pretty much anyplace on Earth that scientists can analyze data.

In 2022, the EU launched DestinE for the first time. The digital twin will be constructed with funding exceeding €300 million.

With today’s launch, the first phase comes to a conclusion and the second phase begins, with a combined funding commitment of over €150 million for both.

As the final Digital Europe program 2025–2027 is presently being prepared, its approval will determine the funding for the third stage.

Organizations working on this kind of technology are not limited to the EU. The Earth-2 digital replica was introduced by Nvidia in March. As stated by the powerhouse in chip manufacturing, the model is currently being used by the Taiwanese government to more accurately forecast when typhoons will hit land.

Continue Reading

Trending

error: Content is protected !!