More
Home Blog Page 133

Dozens Of PyPI Packages With Info-Stealing Malware “W4SP” Were Found

By
Vishak
-
PyPI Packages

PyPI, or the Python Package Index, is a massive collection of code and applications produced in the Python programming language. As with all large repositories of applications and code, a few bad apples sneak into it unnoticed from time to time. PyPI has malicious apps sneaking onto the platform despite being well-curated.

Researchers found 29 obfuscated Python packages in the PyPI registry that mimic popular libraries but instead drop the W4SP info stealer on infected machines. Other packages use GyruzPIP malware, allegedly created for “educational purposes only.”    

  • W4SP info stealer retrieves Discord tokens, cookies and saved passwords;
  • The GyruzPIP malware is based on the evil-pip open-source project, published “for educational purposes only”. GyruzPIP is designed to steal Chrome passwords, cookies, and Discord tokens and upload all collected data to the Discord webhook.

The packages contain intentional typos in the names to look like well-known Python libraries in the hope that developers trying to find the real library will make a spelling mistake and inadvertently download one of the malicious ones.

Research has shown that this threat injects malicious code into codebases from legitimate libraries. The attack starts by copying existing popular libraries and injecting a malicious “__import__” statement into the package’s healthy codebase.

In the report, the researchers explained in detail the challenges they faced in parsing obfuscated code with more than 71,000 characters.

According to Pepy.tech stats, Phylum researchers report that all packages have been downloaded more than 5,700 times. Additionally, software developer and researcher Hauke ​​Lübbers discovered the PyPI packages “pystile” and “threadings” containing malware disguised as “GyruzPIP”.

The code in these two phishing domains is very simple to parse — each function name says what it does, such as stealing his passwords, browser cookies, and Discord tokens and uploading this data to the webhook Discord.

Lübbers, who has reported these packages to the PyPI maintainer, told BleepingComputer that for these projects to behave maliciously, they might need to be included as dependencies in the program.

PyPI is a software repository for the Python programming language. It is similar to CPAN, Perl’s repository. PyPI assists you in finding and installing software created and shared by the Python community. There are currently over 350,000 Python packages available on PyPI.

List of malicious packages found by Phylum researchers:

  1. algorithmic
  2. colorsama
  3. colorwin
  4. curlapi
  5. cypress
  6. duonet
  7. faq
  8. fatnoob
  9. felpesviadinho
  10. iao
  11. incrivelsim
  12. installpy
  13. oiu
  14. pydprotect
  15. pyhints
  16. pyptext
  17. pyslyte
  18. pystyle
  19. pystyle
  20. pyrurllib
  21. requests-httpx
  22. shaasigma
  23. strinfer
  24. stringe
  25. sutiltype
  26. twine
  27. type-color
  28. typesstring
  29. typesutil

This week’s incident is just one of several recent phishing attacks targeting developers using open-source software distribution platforms like PyPI and npm.

Micron Announces 1β (1-beta) DRAM Process Node

By
Vishak
-
Micron DRAM

Micron announced 1-beta DRAM that improves memory chip power efficiency by 15% and bit density by 35%. Micron said it achieved production ready in September, after which it shipped samples of LPDDR5X to smartphone makers and chipset customers for products expected to hit the market in 2023.

Micron plans to expand the memory products it manufactures at this node from LPDDR to DDR5, HBM and graphics memory. The 1β products will initially be produced at Micron’s manufacturing plant in Hiroshima, Japan.

The 1β manufacturing process uses the company’s second-generation HKMG (High K Metal Gate), boasting a capacity of 16 GB per die and a data rate of 8.5 Gbps, manufactured on the traditional 1α (1-alpha) process node technology to achieve a 15% improvement in power efficiency and a 35% or more improvement in bit density compared to the previous product. This was achieved by shrinking memory cell arrays using cutting-edge patterning techniques, new processes, new materials and more advanced equipment.

1β will enable low-power, high-performance DRAM for many applications, from mobile phones to intelligent cars to data centres.

Unlike Samsung and SK Hynix, Micron is not using extreme ultraviolet (EUV) lithography at its 1β production node, as expected in some parts of the industry. Therefore, various multi-patterning techniques were used to continue shrinking the size of DRAM cells.

1β introduces new processes, materials, and advanced equipment to improve memory cell density and shrink memory cell arrays to save space and optimize power and performance gains for a given density. This technology implementation was possible without introducing less mature and expensive tools by applying Micron’s proprietary multi-patterning technology.

16 GB LPDDR5X-8500 memory is the first product Micron will make using the cutting-edge node, but over time other products will also use the node. The 16 GB LPDDR5X chip is said to offer eDVFSC (Enhanced Dynamic Voltage and Frequency Scaling Extensions Core) voltage control technology for power saving.

LPDDR5X memory is designed to boost the performance of various bandwidth-hungry applications, such as PC-class system-on-chips and artificial intelligence (AI) accelerators, and mobile applications, such as tablets and smartphones.

Micron is currently shipping samples of its LPDDR5X-8500 DRAM to interested parties and plans to begin mass production of these ICs once they pass the qualification process.

YouTube Launches Primetime Channels

By
Vishak
-
YouTube Primetime Channels

YouTube presented the notion of creating a channel store for streaming video services in early 2022. Finally, the launch is done — YouTube Primetime Channels is now available in the United States. 

Primetime Channels is intended to complement its existing Creator Channels and movie/tv show buying line-up, with YouTube calling it a source for your favourites from streaming services. You can subscribe, browse and watch TV shows, movies and sports.

Primetime Channels will be integrated into YouTube searches and recommendations. In addition, Primetime Channels homepages will feature shows and movies with curated trailers, behind-the-scenes footage and cast interviews.

This new feature gives a better opportunity to grow the presence of various underrated streaming services on YouTube, extend the reach and give consumers more choices regarding streaming the best entertainment.

The ability to view content through YouTube’s interface and superior streaming infrastructure will improve the user experience. Google wants to position YouTube as a place to watch content rather than jumping from app to app to find what you’re looking for.

With Primetime Channels, you will see over 30 channels that you can buy directly through YouTube, like Paramount+, Showtime, Starz, Moviesphere, AMC+, Vix+, and more.

Considerations for a Career in IoT Development

By
Rakesh Babu
-
IoT ecosystem

The Internet of Things (IoT) refers to the growing network of physical devices connected to the internet. That includes everything from cars and home appliances to factory machinery and medical equipment. By embedding sensors and other internet-connected technologies into everyday objects, we can collect data and use it to improve our lives in various ways.

As the numbers of connected devices continue to rise, there is an increasing demand for developers skilled in creating applications and systems that can effectively manage this vast network of data. If you are considering a career in IoT development, here are a few things to keep in mind.

IoT Career Opportunities

There are many different career paths available.

Internet of Things Developer

As the demand for IoT devices and solutions grows, so does the need for developers who can create them. IoT developers are responsible for designing and implementing software solutions that enable devices to connect to the internet and exchange data. They must have an excellent understanding of networking protocols and be able to work with various hardware platforms. Developers with experience with embedded systems, networking, and security are well-positioned to take advantage of this growing trend.

Internet of Things Engineering

IoT testing engineers ensure that IoT products function properly and meet customer expectations. They must be able to design test plans that simulate real-world conditions and identify potential issues with products before they are launched.

IoT Architect

An IoT architect is responsible for designing and overseeing the implementation of an organization’s IoT strategy. They require a deep understanding of technology trends and the ability to translate business needs into technical requirements.

IoT Data Scientist

Data is an integral part of successful IoT implementation. Data scientists who can collect, analyze, and interpret data from IoT devices will be in high demand as organizations look to make sense of all the data they’re collecting.

IoT Project Manager

A successful IoT project requires careful planning and coordination among multiple teams. Project managers with experience delivering complex technical projects will be well-suited to manage these initiatives.

Business Analyst

As IoT solution becomes more commonplace, organizations need help understanding how to best use these new technologies to achieve their business goals. Business analysts familiar with business and technology concepts will be uniquely positioned to advise businesses on how to exploit the best opportunities presented by the IoT.

Regarding careers on the Internet of Things, the sky is the limit. With so many different industries starting to adopt IoT technology, many IoT related jobs are available for those with the right skill set. Yalantis is a leading company in IoT development. Their team has developed innovative IoT solutions for various clients, from connected medical devices to smart home systems. If you are on the hunt for an exciting career in IoT, then Yalantis is worth checking out.

Qualifications & Skills Requirements

A Strong Coding Foundation

While the specific programming languages you’ll need to know will vary depending on the platform you’re working on, being able to code well is essential for any developer. In addition, it’s also important to have experience with various development tools and frameworks. The specific ones you’ll need will again depend on the platform you’re targeting, but knowing how to use them is crucial for any developer.

Experience With Big Data and Cloud Computing

IoT devices generate a lot of data, and efficiently processing and storing that data is essential for any IoT system. Experience with big data platforms like Hadoop or Spark is a major plus, as is experienced with cloud services like AWS or Azure.

Experience With Hardware

Many IoT applications interact directly with physical devices, so understanding electronics and circuits can be very helpful. Alternatively, if you’re more interested in software, experience with embedded systems can also be helpful.

Ability To Work with Databases

No matter what platform you’re working on, chances are you’ll need to be able to work with databases. Knowing how to query and update data is essential for any developer, so being proficient in a popular database language like SQL is a must. Additionally, experience with NoSQL databases like MongoDB or Cassandra can be helpful.

Excellent Problem-Solving Skills and A Willingness to Learn New Technologies

IoT is a rapidly changing field, so it’s important to be able to learn new technologies quickly. Additionally, since IoT systems are often complex, being able to solve problems effectively is essential for any developer working in this field.

Best IoT Developer Courses to Start a Career

IoT Roadmap

If you’re considering a career in IoT development, here are four courses to help you get started.

Introduction to the Internet of Things by Udacity

The Internet of Things is one of the hottest new areas in tech, and Udacity’s Introduction to the Internet of Things course is the perfect way to start learning about it. The course covers all the basics of IoT, from an introduction to sensors and actuators to working with data and connecting devices to the cloud. You’ll even get to build a simple connected device as part of the course. With over 4 hours of content, this is one of the most comprehensive introductory IoT courses available. And best of all, it’s completely free.

Building Connected Devices with Azure IoT by Microsoft

This course from Microsoft will teach you how to build connected devices using Azure IoT, Microsoft’s platform for the Internet of Things. You’ll learn how to connect devices to Azure IoT, collect and analyze data from them, and use Azure services to build complete IoT solutions. The course is aimed at developers with some experience in C# or JavaScript, and it requires a paid subscription to access all the material. However, a free trial is available, so you can check out the course before deciding whether it’s worth the investment.

Getting Started with the Internet of Things by edX

This introductory course from edX will give you a broad overview of the field of IoT, covering everything from connected devices and sensors to data analysis and security concerns. You’ll also get to work with popular IoT platforms like Arduino and Raspberry Pi as part of the course. The course is free to take, but there is a fee if you want a certificate of completion.

Programming for the Internet of Things by Coursera

This Coursera course teaches you how to program for the Internet of Things. You’ll learn about popular IoT platforms like Arduino and Raspberry Pi, and you’ll get a chance to build your own connected devices as part of the course. The course is aimed at developers with some experience in Java or Python, but it doesn’t require any prior knowledge of IoT. The course is free to take, but there is a fee if you want a certificate of completion.

Conclusion

IoT is a rapidly growing field with immense potential. If you have the right skills and qualifications, then a career in IoT development could be the perfect fit for you. And with the help of courses like those listed above, you can learn about IoT development today. Enroll in a course and start your journey towards a career in this exciting new field today.

Encodec: Meta Announces AI-Powered Audio Codec

By
Vishak
-
Meta Encodec

Meta announced a new audio codec, “EnCodec”, that achieves amazing compression using AI. The codec is said to compress audio at 64kbps, ten times faster than the MP3 format, without any loss of quality. Meta says the technology can dramatically improve voice quality over low-bandwidth connections, such as calls in areas with unreliable service.

The research details are described in detail in the paper entitled “High Fidelity Neural Audio Compression“, and a summary is published on the blog by Meta.

The heart of the technology is a three-part system trained to compress audio to the desired size. First, an encoder converts the uncompressed data into a lower frame rate “latent spatial” representation. A quantizer then compresses this compressed signal and is then sent over the network or saved to disk. Finally, a decoder converts the compressed data into audio in real-time using a neural network on a single CPU.

At the end of this process, using Meta’s Discriminator is the key to creating a method that compresses the audio as much as possible without losing the signal’s features and key elements that enable recognition.

Using neural networks to compress and decompress audio is nothing new, especially for audio compression. Still, researchers at Meta have applied the technology to the 48kHz frequency commonly found in music files distributed over the internet. Meta’s technology is the first to apply it to stereo audio (sampling rate slightly better than CD’s 44.1kHz).

As an application, this AI-powered super-compression of voice may support faster, higher-quality calls when network conditions are poor. Ultimately, the technology could provide a rich metaverse experience that doesn’t require significant bandwidth improvements.

For now, Meta’s new technology is still in the research stage. Still, it hints at a future where high-quality audio is available with less bandwidth, which is good news for mobile broadband providers whose networks are strained by streaming media.

RDNA3: AMD Unveils Next-Gen Radeon RX 7900 XTX and RX 7900 XT GPUs

By
Vishak
-
AMD Radeon RX 7900 XTX and RX 7900 XT

AMD announced the Radeon RX 7900 XTX and RX 7900XT desktop series graphic boards that adopt the RDNA3 GPU architecture with a new chiplet design. Arrival will be on December 13th, Radeon RX 7900 XTX will be priced at $999, and Radeon RX 7900 XT will be $899.

The third-generation RDNA architecture is finally here. The Radeon RX 7900 XTX is based on a full Navi 31 GPU with 12288 Stream Processors (SPs) while the Radeon RX 7900 XT is based on a cut-down GPU with 10752 SPs.

AMD RDNA3

Based on the 5nm node, AMD’s RDNA3 architecture will be the first chiplet design for a consumer Radeon GPU. The GPU features one compute tile fabricated on the 5nm process and six memory couplets fabricated on the 6nm node.

AMD has stated that the Navi 31 GPU will have 58 billion transistors, offering up to 61 TFLOPs of single-precision computing performance. This GPU features a 5.3 TB/s chiplet interconnect. Also, with the adoption of the 5nm node, the Navi 31 GPU has a 165% higher transistor density than the Navi 2X.

AMD Radeon RX 7900 XTX

According to AMD, the new RX 7900 XTX is up to 1.7x faster than the RX 6950XT at 4K resolution. According to the company, the RDNA3 architecture offers 54% better performance per watt than RDNA2.

AMD Radeon RX 7900 XT

In terms of gaming performance, AMD claims the RX 7900 XTX achieved 295 fps in Apex Legends 4K and up to 704fps in Valorant. Considering that the upper limit of the refresh rate of DisplayPort 1.4 is 240Hz, it can be seen that the current monitor cannot even record performance. AMD also claims that its GPU used Fidelity FX Super Resolution (FSR) to record up to 96fps in Assassin’s Creed Valhalla. The Radeon 7900 XTX is the first Radeon card to support the DisplayPort 2.1 display interface, offering up to 8K 165Hz or 4K at 480Hz.

AMD Radeon RX 7900 XTX and RX 7900 XT price

AMD has not yet made a direct comparison with the already available Geforce RTX 4090.

What is eSIM?: Everything You Need To Know About eSIM

By
Vishak
-
What is eSIM

Phone SIM cards have undergone a profound evolution in recent years — from cards of enormous size, they have gradually become smaller and smaller, favouring the spread of devices equipped with two.

The latest evolution in terms of SIM is the eSIM, a technology that brings the user’s data, the integrated address book and the number directly into the phone without the need to place a physical SIM card.

In the guide below, you can find everything about an eSIM.

What is eSIM

eSIM (an acronym for embedded Subscriber Identity Module) is the acronym that identifies the SIM in virtual format. These SIMs are not physical chips inserted into the phone (as we are used to until now) but appear as chips integrated into the smartphone.

By taking advantage of eSIM, we can subscribe to any subscription with any operator without inserting a card inside the phone. The eSIM allows you to do the same things we were used to with classic SIMs — we can make phone calls, send SMS, receive calls and messages and connect to the mobile data network using the line enabled by the operator’s SIM. 

What is the difference between SIM and eSIM?

The SIM is a physical card with a chip that is very common in consumer devices such as smartphones. Although traditional SIM cards are everywhere, their design hinders their transition to the future of smartphones. 

The dimensions represent the main problem — a SIM is a physical object that takes up space, undoubtedly small, but certainly superior to other components — for example, a nano SIM measures 12.3 mm x 8.8 mm while an eSIM measures just 6 mm x 5 mm, which saves more than half of the space. Furthermore, a SIM can be easily damaged and stolen.

An eSIM, on the other hand, supports the role that the traditional physical SIM card has, such as service authentication control for mobile devices but with one crucial difference — the eSIM can be programmed remotely.

Furthermore, since it consists of a chip permanently soldered to the board in the device, it cannot be removed except with a desoldering, which will probably prevent its subsequent operation. This means that an eSIM offers more protection from theft or tampering. 

What are the advantages of the eSIM

  • The first and most obvious advantage is the impossibility of losing the SIM card or damaging it by mistake.
  • There is no longer a need to physically purchase a new card for data plan portability. You can virtually enable it on your smartphone. Transferring your phone number from one operator to another is also faster.
  • They can be configured quickly and safely.
  • Users may save many eSIM profiles on a device simultaneously and easily switch between them.
  • Manufacturers can make smartphones with larger batteries or use the SIM space for other technologies.
  • They improve the device’s strength and solidity by avoiding using a removable slot that can cause damage or infiltration.
  • They are also particularly convenient for IoT-based devices, like wearable devices.

What are the disadvantages of eSIM?

  • The main drawback of eSIM is that it is less convenient when changing phones. You can’t just remove the SIM card from one device and insert it into another. It is also more difficult to check for problems with the device. 
  • In case of a connection problem, the simplest way to check is by inserting the SIM into another phone to see if the problem is with the network or device. You can’t do that with an eSIM. 
  • The eSIM’s compatibility and availability are currently restricted, but with backing from Apple, Samsung, and Google, that is sure to improve.
  • If the smartphone breaks or its battery runs out, it will not be possible to move the information connected to the telephone line as with a classic SIM, which can be extracted and moved at will in almost all circumstances.

Phones compatible with eSIM

To take advantage of eSIM, you need a phone compatible with this technology. There are few phones with eSIM technology compatibility at the moment, but we are sure that eSIM support will grow to cover every market segment over the years.

Today’s phones that support eSIM provide a hybrid mode so that any need can be met — being dual SIM phones, we will find the eSIM as SIM 1 and the traditional SIM 2 slot, where you can connect an old SIM.

How to activate eSIM

The eSIM can be easily activated on a compatible phone by a simple procedure — the phone’s owner must scan a special QR code issued by the telephone operator chosen for the subscription.

The same process can activate new subscriptions and convert the physical SIM already in possession to not lose the phone number, the remaining credit and the data subscription already in use.

Why are eSIMs not yet available for all devices and in all countries?

eSIMs revolutionize the very concept of the telephone operator and the relationship between it and the customer. Once eSIMs are introduced, everything will be even more virtual. For operators, this switch has many advantages and commercial disadvantages, including the ease with which a user can abandon one operator to switch to another with a more competitive offer. 

Furthermore, virtualizing user profiles involves some potential cybersecurity risks. For all these reasons — and others that the phone companies do not explain — eSIM is still being perfected.

Are eSIMs safe?

With eSIMs, all data will be saved on a chip built into the phone and in an online profile hosted by the operators’ servers. The question is, will it be easier or harder for hackers to breach users’ privacy and access their profiles?

On the one hand, an online profile guarantees more security (the data cannot be lost along with the physical component). On the other hand, it means the presence of another access point for cybercriminals. 

To understand if eSIMs will be more or less secure than traditional SIMs, we will have to wait for the final implementation and see which security protocols will establish themselves and how effective they will prove.

For example, we’ll need to see how telecom operators will protect users from eSIM cloning, virtual profiles, and account hacking. One thing is certain, the future of communications is increasingly mobile, and the world of cybersecurity will have to invent even more powerful and flexible solutions to adapt to the wide variety of mobile and smart devices that await us in the near future.

Pixel 7 Is The First 64-Bit Smartphone

By
Vishak
-
Google Pixel 7 series smartphone

Android mobile with the system to support 64-bit apps means that it has some important advantages related to security, performance and efficiency for day-to-day uses. The first smartphone to support that is the Google Pixel 7 Series.

Google Pixel 7 series is one of the best launches this year, and there is no doubt. But we have overlooked that we are facing the first Android phones with a 64-bit system, just like in PCs. We are talking about the phones that use less memory, obtain better performance and offer increased security.

The fact that they are the first 64-bit smartphones means that they have abandoned 32-bit-based support, which brings improvements in different aspects that enhance the user experience too.

Google hopes that soon more smartphones will join the 64-bit platform. At first glance, the benefits of a phone using the 64-bit system are that you can use up to 150 MB lesser RAM, more space for address space layout randomization (ASLR ) — a function for memory space management, and even the possibility of improving the performance of the processor by 25% when using this system instead of the 32-bit one.

Google wants manufacturers to use the 64-bit system only for smartphones with the required hardware to support it. Other devices, such as those dedicated to Android Go(low-end phones), Android TV and Android Wear, will remain in the 32-bit system.

There are more improvements, but they are related to the development of apps for developers to identify memory errors and faster operating system updates. 

In other words, it is a much more stable system than the one based on 32-bits, and it is also interesting that Google introduced 64-bit support in 2014. It took almost ten years to launch the first 64-bit-only mobile, the Google Pixel 7 series.

1...132133134...328Page 133 of 328

© 2025 Copyright - TechLog360