NerdNews

Two new vulnerabilities, FLOP and SLAP, have been discovered in Apple's chips, allowing attackers to leak sensitive data from Safari and Chrome browsers. The vulnerabilities affect Apple devices from 2021 and later, including Macs, iPhones, and iPads. FLOP can read any memory address in the browser process's address space, while SLAP can perform attacker-chosen computations on data stored in separate Safari processes.

DeepSeek's AI model, R1, has caused a stir in the market, with Nvidia's stock price plummeting 17% after the Chinese company claimed to have achieved a $5.6 million AI breakthrough. However, some experts believe the sell-off is an overreaction, as DeepSeek's innovation could expand the AI market and increase demand for Nvidia's chips. The breakthrough has also sparked concerns about US tech leadership and the potential for Chinese companies to catch up in the AI race.

The California Attorney General's office has issued a memo stating that many AI companies' practices may be illegal, including using AI to deceive, falsely advertising AI capabilities, and discriminating against certain groups. The memo highlights the need for responsible AI development and use, and warns companies to self-regulate to avoid potential legal action.

DeepSeek's AI model R1 performs on par with OpenAI's models using less advanced chips. Other Chinese AI models like Alibaba Cloud's Qwen-2.5-1M, Baidu's Ernie Bot 4.0, ByteDance's Doubao 1.5 Pro, and Moonshot AI's Kimi k1.5 are also making significant strides in the field, posing a challenge to US dominance in AI.

DeepSeek, a Chinese company, has released its R1 model, which claims to have performance on par with OpenAI's o1 model at 1/50th the cost. This has caused a stir in the AI industry, with NVIDIA's stock crashing and OpenAI pledging to create better models. DeepSeek's R1 model has impressed users, but raises concerns about AI bias.

MIT researchers created an optical AI chip that can process photons directly, skipping the digitization step and achieving a latency of 410 picoseconds. The chip can perform linear and non-linear operations using photons, making it potentially faster and more energy-efficient than traditional computers. The team implemented a deep neural network on the chip, which recognized spoken vowels with 92% accuracy.

Engineered Arts, a UK-based robotics company, is focused on creating robots for entertainment, education, and research. They believe their humanoid robots can form a sense of human connection and create empathy with people. The company is deploying robots in schools and care homes, and is exploring medical applications such as elder care and long-term memory loss care.

The article discusses the importance of securing AWS workloads and introduces Wazuh, an open-source security platform that provides real-time monitoring, threat detection, and incident response capabilities. It highlights the shared responsibility model, where AWS secures the underlying infrastructure, and customers are responsible for securing their workloads. Wazuh complements AWS built-in security by providing comprehensive monitoring and alerting capabilities, integrating with AWS services such as CloudTrail, CloudWatch, and Security Hub.

Nandakumar Heble discusses applying data mesh architecture to complex organizations, including its principles, challenges, and solutions, with a focus on domain ownership, data as a product, self-serve data platforms, and governance.

GitGuardian's secrets detection service helps companies comply with PCI DSS 4.0's password requirements, including detecting hard-coded passwords and providing workflow management tools. The platform also assists with Non-Human Identity security, least privilege access, and credential management, reducing the risk of non-compliance and associated fines.

OpenAI-backed 1X has acquired Kind Humanoid, a robotics startup that focuses on creating humanoids. The acquisition marks a key consolidation in the humanoid robotics industry. Kind Humanoid's expertise complements 1X's mission to create safe and intelligent humanoids. The deal's details have not been disclosed, but it's expected to help 1X expand its Bay Area operations.

OpenAI has launched ChatGPT Gov, a version of its chatbot tailored to government agencies. This tool will allow US government agencies to securely access OpenAI's models, like GPT-4o, within their own Microsoft Azure cloud instance. ChatGPT Gov includes features like saving and sharing conversations, building custom GPTs, and an administrative console for IT teams.

Amazon is preparing to launch its Prime Air drone delivery service in the UK, starting with the town of Darlington. The company is working with local authorities to get approval for drone flights and plans to hire team members to launch the service from its Darlington fulfillment center. This move is part of Amazon's efforts to expand its delivery capabilities and reduce delivery times.

OpenAI has announced ChatGPT Gov, a variant of its Enterprise product tailored for the US government. The new edition prioritizes security, conforming to US government standards, and can be deployed on Microsoft's Azure OpenAI Service. This move aims to support President Trump's executive order on removing barriers to American AI leadership and enhance service delivery to the American people through AI.

Waymo has started offering fully autonomous rides on LA freeways to its employees, marking a step towards expanding the capability to all passengers in the city. The company aims to improve the usefulness of its robotaxis in the sprawling city by adding freeway access.

Google announced that Chrome Sync will stop working on Chrome versions older than four years in early 2025. Users will need to update their browser to continue using the feature, which keeps data synced across devices. This move is likely an effort to force users to update to the latest security patches.

Cryptojacking attacks are on the rise, with a 659% surge in 2023, and can cause significant financial and operational damage to businesses. These attacks involve the unauthorized use of computing resources to mine cryptocurrency, and can be introduced through drive-by downloads, phishing emails, unpatched vulnerabilities, and containerized environments. To defend against cryptojacking, businesses can implement endpoint protection, network monitoring, and cloud monitoring, as well as conduct continuous security validation to ensure their defenses are strong enough to block these attacks.

Researchers have discovered two new side-channel attacks, SLAP and FLOP, that can be used to extract sensitive data from Apple devices, including iPhones, Macs, and iPads, by exploiting weaknesses in Apple's Arm-compatible processor designs. The attacks can be used to steal email content, browsing history, and other sensitive data from Chrome and Safari browsers.

The US may impose 25-100% tariffs on foreign semiconductors, affecting companies like TSMC and Samsung, and potentially increasing electronics prices. The move aims to bring production back to the US, but may have unintended consequences, such as higher prices for consumers and limited domestic manufacturing options.

The UK government is being taken advantage of by IT suppliers due to a lack of technical expertise and commercial skills. A report by the National Audit Office found that the government's IT contracts are often poorly managed, with limited technical evaluation and unforeseen technical complexities. This has resulted in costly contracts, with HMRC awarding £3.8 billion to three suppliers in the last five years. The government is trying to improve its digital commercial skills, but it faces challenges in competing with the private sector for talent.