Information Technology

Microsoft has told Windows 10 owners and IT admins not to expect any Windows 10 preview updates in December to give them a break when staffing levels are low over the holiday season. 
December will be a break from the usual schedule of Windows 10 updates each month, which include optional previews that arrive after the mandatory Patch Tuesday security updates in the second week of every month.   

Windows 10

“Because of minimal operations during the holidays and the upcoming Western new year, there won’t be any preview releases for the month of December 2020,” Microsoft said in a support note. 
The company will resume monthly servicing with the January 2021 security releases, it said. 
Microsoft releases optional non-security Windows 10 updates to give customers time to test the updates against systems.  
It calls the first week of each month ‘A week’ and typically issues fixes for Office. The second week is ‘B week’ or Patch Tuesday. C and D weeks happen on the third and fourth weeks of the month. They’re when Microsoft releases optional cumulative updates or previews of non-security fixes for IT pros and admins. 
The last time Microsoft paused optional non-security updates that are released after Patch Tuesday was in March. Back then it was to give admins some breathing space while countries across the world went into lockdown in response to the COVID-19 pandemic. It resumed optional updates in July but maintained its Patch Tuesday schedule throughout the pandemic.  

Over the weekend Microsoft also released a statement confirming it is starting to force Windows 10 PCs on version 1903 up to 1909, as ZDNet reported last week. 
Microsoft will initiate the forced upgrades “soon” because Windows 10 version 1903 will no longer receive security updates after December 8, the next Patch Tuesday.  
“On December 8, 2020, all editions of Windows 10, version 1903 and Windows 10 Server, version 1903 will reach end of service. After that date, devices running these editions will no longer receive monthly security and quality updates,” Microsoft notes on the Windows 10 version 1903 update health dashboard. 
“To keep you protected and productive, we will soon begin updating devices running Windows 10, version 1903 to Windows 10, version 1909. This update will install like a monthly update, resulting in a far faster update experience.”
As noted by Borncity, Microsoft last week announced that it is suspending driver updates via Windows Update in December. In a message aimed at hardware vendors, it said driver updates through Windows Update will kick off again after January 4.  More

Ransomware-as-a-Service (RaaS) ads on hacking forums
Image: ZDNet
Ransomware-as-a-Service is a cyber-security term referring to criminal gangs that rent ransomware to other groups, either via a dedicated portal or via threads on hacking forums.
RaaS portals work by providing a ready-made ransomware code to other gangs. These gangs, often called RaaS clients or affiliates, rent the ransomware code, customize it using options provided by the RaaS, and then deploy in real-world attacks via a method of their choosing.
These methods vary between RaaS affiliate and can include email spear-phishing attacks, en-masse indisciriminate email spam campaigns, the use of compromised RDP credentials to gain access to corporate networks, or the use of vulnerabilities in networking devices to gain access to internal enterprise networks.
Payments from these incidents, regardless of how the affiliates managed to infect a victim, go to the RaaS gang, who keeps a small percentage and then forwards the rest to the affiliate.
RaaS offerings have been around since 2017, and they have been widely adopted as they allow non-technical criminal gangs to spread ransomware without needing to know how to code and deal with advanced cryptography concepts.
The RaaS tiers
According to a report published today by Intel 471, there are currently around 25 RaaS offerings being advertised on the underground hacking scene.
While there are ransomware gangs who operate without renting their “product” to other groups, the number of RaaS portals available today far exceeds what many security experts thought could be available and shows the plethora of options that criminal gangs have at their disposal if they ever choose to dip their toes in the ransomware game.

But not all RaaS offerings provide the same features. Intel 471 says it’s been tracking these services across three different tiers, depending on the RaaS’ sophistication, features, and proven history.
Tier 1 is for the most well-known ransomware operations today. To be classified as a Tier 1 RaaS, these operations had to be around for months, proven the viability of their code through a large number of attacks, and continued to operate despite public exposure.
This tier includes the likes of REvil, Netwalker, DopplePaymer, Egregor (Maze), and Ryuk.
With the exception of Ryuk, all Tier 1 operators also run dedicated “leak sites” where they name-and-shame victims as part of their well-oiled extortion cartel.
These gangs also use a wide variety of intrusion vectors, each depending on the type of affiliates they recruit. They can breach networks by exploiting bugs in networking devices (by recruiting networking experts), they can drop their ransomware payload on systems already infected by other malware (by working with other malware cartels), or they can gain access to company networks via RDP connections (by working with brute-force botnet operators or sellers or compromised RDP credentials).
Tier 2 is for RaaS portals that have gained a reputation on the hacking underground, provide access to advanced ransomware strains, but have yet to reach the same number of affiliates and attacks as Tier 1 operators.
This list includes the likes of Avaddon, Conti, Clop, DarkSide, Mespinoza (Pysa), RagnarLocker, Ranzy (Ako), SunCrypt, and Thanos — and these are effectively the up-and-comers of the ransomware world.

Tier 3 is for newly launched RaaS portals or for RaaS offerings about which there’s limited to no information available. In some cases, it is unclear if any of these are still up and running or if their authors gave up after trying and failing to get their portals off the ground.
This list currently includes the likes of CVartek.u45, Exorcist, Gothmog, Lolkek, Muchlove, Nemty, Rush, Wally, Xinof, Zeoticus, and (late arrival) ZagreuS.

All in all, while the underground cybercrime ecosystem is generating profits through criminal activity, it is still a market, and, just like all markets, it is governed by the same principles that guide any other market today.
A large number of service providers is the tell-tale sign of a booming economy that is far from being saturated. Saturating the RaaS market will only happen when criminals create more RaaS portals than affiliate groups are willing to sign up for or when companies bolster their security measures, making intrusion harder to carry out, drying up profits for crooks. More

For more than ten years, I’ve updated and published my guide to surviving Thanksgiving on ZDNet. Each year, I’ve given advice to help techies deal with immersion into a family dynamic they might not otherwise have encountered all year. Over the years, I’ve added new tips and discoveries that have helped make Thanksgiving successful for thousands of geeks the world over.
This year is different. This is 2020. Surviving Thanksgiving is no longer a hyperbolic term, used to exaggerate the challenges of getting along with your cranky uncle and scoring all the turkey you want. This year, surviving Thanksgiving literally means surviving Thanksgiving. 

This year, Thanksgiving could kill.
Look, I know many of you think that government-mandated lockdowns are impinging on our freedoms. You’re right. Any time a government mandates anything, even if it’s for our own good, it’s impinging on our freedom.
But exercising your freedom doesn’t mean making bad choices just because you can. As an adult, you can choose to live off of pizza for breakfast, lunch, and dinner. You have that freedom. But you’ll eventually also wind up living with chronic stomach pain. As an adult, you can choose to play with matches all you want despite your mother’s best advice, but you could also burn down your house.
Freedom means you can make the choice to take responsibility and to act responsibly.
Now, here’s what we’re facing. We are living in a global pandemic where the infection rate is growing rapidly. The virus spreads effectively indoors, where people are in close contact. Roughly 1,100 people are dying each day in the United States. Each day. By comparison, roughly 3,000 people died on 9-11. We’re experiencing the 9-11 death toll every three days with COVID.

When I was a kid, my parents and I often went over the river (the Hudson) and through the woods (we passed trees) to grandmother’s house. Meeting us were my uncle, aunt, and two cousins. Thanksgivings brought us together — three separate households breathing each other’s air and fighting over the dark meat turkey for a very special day.
Even if your holiday celebration consists of just a small family, the odds are your family, like mine, lives in multiple households. If someone is infected with COVID (even if they’re not showing any symptoms), that person could then infect the other households in your family.
A few years back, I lost my parents. I think about them all the time, especially around the holidays.
So let’s say you decide to go through with your family Thanksgiving because that’s what you’ve always done. It’s what Mom really wants, and besides, you don’t want to miss out on the turkey. Now, imagine next year at Thanksgiving. 
How will you feel if Mom isn’t there? 
How will you feel looking at that empty place setting? How will you feel if you know that all you had to do to make sure Mom was still alive was skip one ceremonial meal — and you didn’t?
The CDC says that family gatherings like Thanksgiving will become spreader events. So how will you feel if you bring home the infection and it spreads, maybe to other members of your church, synagogue, or school? How will you feel about all those families who will have unfilled seats at their tables resulting from your spreader event, all because you couldn’t bring yourself to say “no” and skip the family visit for one year?
The city of Chicago agrees. It’s asked residents to stay home and skip Thanksgiving to avoid spreading COVID. Many will bristle at the suggestion that the government is telling people how to live. But this year, that’s literally true. The government is telling people how to keep living.
Epidemiologists the world over are echoing the recommendations of the CDC and Chicago. Staying home is a message Dr. Fauci is trying to spread as well. The fact is, the chances of the disease spreading drop considerably if you’re not laughing and yelling and talking above everyone else around a crowded feast table. And while some folks find the COVID’s seriousness hard to believe, there are many threads like this one, with a whole lot of folks reporting hardships due to the pandemic.

I want you to compare worst case scenarios for a minute. Let’s say you skip that in-person Thanksgiving event this year. What’s the worst case scenario? You might disappoint Aunt Sally and miss out on Uncle Steve’s awesome turkey.
Now, what’s the worst case scenario if you go through with that in-person Thanksgiving? You might have to bury Aunt Sally and hope Uncle Steve wakes up from the ventilator without brain damage.
It doesn’t compare.
Suck up a little disappointment and keep your family and friends safe. Exercise your freedom to protect your family. Show you’re strong enough to suffer a little disappointment for the good of the people you love, and for the good of strangers you might never meet.
So, what’s David’s Guide to Surviving Thanksgiving this year? It’s simple: please survive it. COVID kills. That’s not a political statement, just a horrible fact evidenced by the unyielding pace of daily deaths. Make smart decisions. Stay home. Protect your family. Do it, not because your government says it’s the right thing to do, but because it’s actually the right thing to do — especially if you love your family.
P.S. Still want to hang out with your family even if you’re not in the same house? Here’s the tech angle to this story: connect via Zoom or watch Netflix or Prime Video together using party mode. You’ll have to bring your own snacks, but you’ll still be able to spend the day virtually with your loved ones. And you won’t even have to share the turkey.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

A newly uncovered trojan malware campaign is targeting businesses and higher education in what appears to be an effort to steal usernames, passwords and other private information as well as creating a persistent backdoor onto compromised systems.
Jupyter infostealer has been detailed by cybersecurity company Morphisec who discovered it on the network of an unnamed higher education establishment in the US. It’s thought the trojan has been active since May this year.
The attack primarily targets Chromium, Firefox, and Chrome browser data, but also has additional capabilities for opening up a backdoor on compromised systems, allowing attackers to execute PowerShell scripts and commands, as well as the ability to download and execute additional malware.
The Jupyter installer is disguised in a zipped file, often using Microsoft Word icons and file names that look like they need to be urgently opened, pertaining to important documents, travel details or a pay rise.
If the installer is run, it will install legitimate tools in an effort to hide the real purpose of the installation – downloading and running a malicious installer into temporary folders in the background.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  
Once fully installed on the system Jupyter steals information including usernames, passwords, autocompletes, browsing history and cookies and sends them to a command and control server. Analysis of the malware showed that whoever created it constantly changes the code to collect more information while also making it harder for victims to detect.

It isn’t clear what the exact motive for stealing the information is, but cyber criminals could use it to gain additional access to networks for further attacks – and potentially stealing highly sensitive data – or they could sell login credentials and backdoor access to systems to other criminals who access.
The researchers believe that Jupyter originates from Russia. Not only did analysis of the malware reveal that it linked to command and control servers in Russia, but reverse image searching of the planet Jupiter in infostealer’s admin panel revealed the original to come from a Russian-language forum. This image is also spelled Jupyter, likely a Russian to English misspelling of the planet’s name.
While many of the command servers are now inactive, the admin panel is still live, suggesting that Jupyter campaigns may not be finished yet.
READ MORE ON CYBERSECURITY More

VMware on Monday announced several updates to its virtual networking products and services, including new capabilities across its service mesh, Tanzu, SD-WAN, and Project Monterey products.

In Tanzu, VMware is announcing a new attribute-based policy model for its service mesh technology.
Tanzu is VMware’s portfolio for building and managing modern applications, and its service mesh technology lives within that product line. Service mesh technology is meant to function as a control point between containers, ensuring that individual containers are allowed to communicate with each other. It also allows developers to understand data such as performance and response time. 
“As we go forward, this idea of a service mesh is a very, very strong capability because it addresses the fundamental needs of security, but gives developers the ability to create these very modular, very rapidly changing applications,” said Tom Gillis, the SVP and GM of networking and security for VMware, during a press briefing. 
“And what we’re announcing today is an exciting new policy model that comes along with this,” Gillis continued. “An attribute based policy model is going to greatly simplify the job of building and administrating policy and drive towards what we’ve talked about, which is that higher level automation capability.”
In addition to the new service mesh policy model, VMware is also announcing that it has integrated the NSX advanced load balancer into Tanzu. According to Gillis, this provides developers with a Kubernetes operator, or series of APIs, that allow them to spin up whatever services they need without ever touching or configuring the load balancer. The integration is expected to be available in the first quarter of VMware’s fiscal 2022.
“It’s about automation,” Gillis said. “It’s about simplicity. It’s about breaking the grip and the reliance on those dedicated hardware appliances.” 

Meanwhile, VMware is also announcing Project Antrea, described as an open-source, cluster level networking solution that allows developers to deploy their own network solution to enable container connections.
“We built it in a way that it connects to NSX for a two tiered approach,” Gillis said. “So Antrea provides all of the security services, all the connectivity that a developer is going to care about. But when they need to make a connection across clusters or from a cluster to VM, NSX provides that bridge.”
In the data center, VMware’s monitoring and management software has gained new network modeling capabilities that act as a “pre-flight check” to verify that an application is reachable across both physical and virtual infrastructure. Together with Antrea, these new capabilities represent a significant step towards self-healing networks, VMware said.
“When there’s a problem [with network performance], we can identify those problems and we’re increasingly able, with virtualized infrastructure, to fix those problems,” Gillis said. “So we’re moving into a world where the infrastructure has a certain amount of self healing capability and fixes itself.”

Shifting to Project Monterey, which VMware introduced in September, VMware announced that NSX firewall code running on a Monterey SmartNIC will be able to run a stateful layer 7 firewall with advanced threat protection capabilities in the NIC. Specifically, VMware said it’s adding to the NIC a layer 2 and layer 3 switching and routing capability that will run at wire speed, a layer 4 firewall capability that will run at wire speed, and a layer 7 firewall along with IDs, IPS, and the hypervisor. 
“Being able to put a layer 7 firewall in the NIC and have it operate with effectively an air gap, we think this is a transformative capability for advanced security,” Gillis said. “So, we’re putting the security where it matters, which is right next to your sensitive applications and your data.”
Finally, VMware also announced SD-WAN Work from Home Subscriptions, which VMware said will offer individual business users optimized network connectivity and better security at an affordable low price. Bandwidth ranges from 350Mbps to 1Gbps depending upon the level of subscription.
RELATED: More

Microsoft is working on a fix for a bug in last week’s patch for a bypass vulnerability in the Kerberos Key Distribution Center (KDC) security feature. 

Windows 10

Microsoft has flagged the issue affecting systems that have installed the patch for the bug CVE-2020-17049, one of the 112 vulnerabilities addressed in the November 2020 Patch Tuesday update. 
Kerberos is a client-server authentication protocol used on multiple operating systems, including Windows. Microsoft attempted to fix a bypass in the Kerberos KDC, a feature that handles tickets for encrypting messages between a server and client.     
SEE: Windows 10 Start menu hacks (TechRepublic Premium)
“After installing KB4586786 on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication issues,” Microsoft notes in its known issues page for all supported version of Windows 10.  
“This is caused by an issue in how CVE-2020-17049 was addressed in these updates.”
The buggy patch only affects Windows Servers, Windows 10 devices and applications in enterprise environments, according to Microsoft. 

Microsoft addressed the vulnerability by changing how the KDC validates service tickets used with the Kerberos Constrained Delegation (KCD) because there was a bypass issue in the way KDC determines if a service token can be used for KCD delegation.
Microsoft explains there are three registry setting values – 0, 1, and 2 – for PerformTicketSignature to control it, but admins might encounter different issues with each setting. 
“Setting the value to 0 might cause authentication issues when using S4U scenarios, such as scheduled tasks, clustering, and services for example line-of-business applications,” Microsoft states. 
Additionally, the default value setting of 1 might cause non-Windows clients authenticating to Windows Domains using Kerberos to experience authentication issues. 
SEE: Microsoft goes big in security bug bounties: Its $13.7m is double Google’s 2019 payouts
With that setting, admins could also see failures in “cross-realm referrals” on Windows and non-Windows devices for Kerberos referral tickets passing through DCs that haven’t got the Patch Tuesday update. 
“We are working on a resolution and will provide an update as soon as more information is available,” Microsoft notes. 
Microsoft has also revised its guidance for deploying the update. It has recommended admins locate the KDC registry subkey, and if it exists on the system, ensure that it is set to 1. Then admins need to complete the deployment to all DCs – and Read-Only DCs.
“Note that following our original guidance of using the 0 setting could cause known issues with the S4USelf feature of Kerberos. We are working to address this known issue,” it says.  More

Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates. 

On Monday, cybersecurity researchers from ESET revealed the abuse of the certificates, stolen from two separate, legitimate South Korean companies. 
Lazarus, also known as Hidden Cobra, is an umbrella term for select threat groups — including offshoot entities — suspected of being tied to North Korea. Thought to be responsible for Sony’s infamous 2014 hack, Lazarus has also been connected to hacks using zero-day vulnerabilities, LinkedIn phishing messages, and the deployment of Trojans in campaigns including Dacls and Trickbot. 
See also: Lazarus group strikes cryptocurrency firm through LinkedIn job adverts
In recent years, Lazarus has expanded its attack surface not only for the theft of sensitive data from corporations but also in order to compromise cryptocurrency organizations. 
In this supply chain attack, the threat actors are using an “unusual supply chain mechanism,” ESET says, in which Lazarus is abusing a standard requirement for South Korean internet users — the need to install additional security software when they visit government or financial services websites. 
Typically, users will be required to download WIZVERA VeraPort, a program used to manage software downloads that are necessary to visit particular domains. These updates may include browser plugins, standalone security software, or identity verification tools. 

WIZVERA VeraPort digitally signs and cryptographically verifies downloads.
“[This] is why attackers can’t easily modify the content of these configuration files or set up their own fake website,” the researchers say. “However, the attackers can replace the software to be delivered to WIZVERA VeraPort users from a legitimate but compromised website. We believe this is the scenario the Lazarus attackers used.”

Lazarus has targeted the weaker links in the chain by illegally obtaining code-signing certificates from two South Korean security companies. 
WIZVERA VeraPort’s default configuration usually requires the signatures of downloaded binaries to be verified before execution. However, the software manager only verifies the signature and not who certificates belong to. 
CNET: Rules for strong passwords don’t work, researchers find. Here’s what does
In order to exploit the software, the stolen — but valid — certificates were used to launch Lazarus malware payloads. 
So far, two malware samples have been detected that camouflage the group’s malware as legitimate, South Korean software that is often downloaded and executed by WIZVERA VeraPort. Similar file names, icons, and resources to legitimate software have been crafted to avoid arousing suspicion. 
If a victim visits a malicious website, for example, and unwittingly downloads the compromised software, Lazarus will then launch a dropper via WIZVERA VeraPort which extracts a downloader and configuration files. 
TechRepublic: Hackers for hire target victims with cyber espionage campaign
A connection is then established with the attacker’s command-and-control (C2) server and the final payload, a Remote Access Trojan (RAT), is deployed on a victim’s machine. RATs can be used to maintain covert surveillance, persistence via backdoors, and for the exfiltration of data or remote system control.
“It’s the combination of compromised websites with WIZVERA VeraPort support and specific VeraPort configuration options that allow attackers to perform this attack,” ESET says. “Owners of such websites could decrease the possibility of such attacks, even if their sites are compromised, by enabling specific options (e.g. by specifying hashes of binaries in the VeraPort configuration).”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The reality of zoonotic pandemics and recovering from them is certainly with us in 2020, and while it will take time to move on from the aftereffects of COVID-19, Australian government agencies Commonwealth Scientific and Industrial Research Organisation (CSIRO) and Austrade have said digital initiatives could allow Australia to recover.
“A generation of Australians will train, work, and live in an economy primarily concerned with rebuilding and recovering from the COVID-19 shock. This will characterise government policy and industry strategy,” the agencies said in the Global trade and investment megatrends report released on Monday.
“Even though the economic conditions are extremely challenging there are good reasons why the Australian and global economies can bounce back. We can achieve the roaring twenties again in the 2020s.”
The report listed a number of actions to help recovery, the first of which is using data science, machine learning, predictive analytics, and natural language processing to boost trade and investment. Using these technologies would allow for a “more tailored and granular analysis” of trade opportunities and ensure recent data is used, the report said.
“Machine learning and AI can be used to help an Australian company determine which export markets are best aligned to their products and services,” the report said.
“Attempting to export into the wrong market can be a costly error. However, exporting into a high demand and rapid-growth market with few competitors can be extremely lucrative.”
Much of the report was concerned with attracting research investment from overseas — perhaps a tacit acknowledgement of the federal government ripping money off the tertiary education sector — while also saying the country needed a campaign led by Austrade and co-ordinated between universities, research organisations, industry, and state and federal agencies that could funnel foreign direct investment (FDI) into research.

“R&D FDI improves the scientific, technological, and research capabilities of a country, which is associated with productivity uplift, which, in turn, leads to increased economic growth and job creation,” the report said.
“The COVID-19 crisis may create a window of opportunity for Australia to meet the R&D needs of companies and governments worldwide.”
Australia should boost its digital exports, the report added, by building on the nation’s “brand profile for trusted, reliable, and high-quality digital solutions”. It said that trust, transparency, reliability, and quality of digital products and services would be increasingly important when competing globally.
“The main opportunity associated with this megatrend is the chance for Australian companies to sell into new export markets for digital products and services,” the report said.
“This applies to the digital technology sector and traditional companies that may convert some, or all, of their product offerings to digital, allowing them to respond to both domestic and global markets. Foreign direct investment could also ramp-up within Australia’s well-established and rapidly growing digital technology sector.”
Australia could also benefit from a safe haven effect, due to the country being able to manage the coronavirus risk and having a relatively well-performing economy despite going into recession with the rest of the world. According to the report, this provides an opportunity for Australian businesses to tap into companies that are looking to diversify supply chains and seeking perceived safer locales. One industry that should trade on the perception of safety is tourism, which has been smashed by the pandemic.
“In the short-to-medium term, we are likely to see governments and citizens worldwide turn to local options and trusted countries for tourism, manufacturing, and services,” it said. “There is likely to be a much stronger economic, trade, and cultural connection to local places during and after the pandemic.”
The report further said businesses needed to think about other potential outbreaks as global trade looks to approach prior levels.
“Digital technology will play a critical role in the rebuild. Telework, telehealth, online retail, online education, and online entertainment are all booming. A vast swathe of economic activity has transferred from the physical world to the virtual world. Much will not go back,” the report said.
“The world has seen 10 years’ worth of digital transformation in the space of a few months.”
The recovery, in both pandemic and economic terms, might be longer than thought, but the report leaned on history to project forwards.
“The 1920s began with the world recovering from a war, the Spanish flu pandemic, and a depression. However, it later emerged as a time of prosperity, rising incomes, and innovation, with antibiotics, electric light, telephones, and radio coming to consumers and making life profoundly different to a decade earlier,” it said.
“The 2020s might see similar changes with quantum computing, energy storage, AI, blockchain, and molecular biology. Emerging technologies today have the potential to boost economic and productivity growth in Australia and internationally.”
The report did not discuss what happened in the decade after the roaring 20s.
Elsewhere, the Department of Communications kicked off on Friday its consultation on a round of grants to promote the commercial use of 5G.
Over the next two years, the government is looking to conduct two rounds of grants worth AU$10 million in total under the Australian 5G Innovation Initiative label, with individual grants looking to be in the range of AU$0.5 million to AU$1 million each. The grants are intended to be used on equipment and installation costs.
“It is not expected that the Initiative’s grants will support significant investment in research and development into 5G applications as the focus of the Initiative is on supporting commercial applications,” the department said.
“There may however be some need to support limited development costs if applications are pre-commercial or specific software is needed to facilitate 5G use cases.”
Submissions to the discussion paper are open until 5pm on December 11, with the expected timeline for grant applications to open in February, with grants to be awarded in May, and winners to report back between May and June 2022.
Related Coverage More