Sunday, December 18, 2022 // (IG): BB // THM:Windows RE // Coffee for Bob
Elon Musk’s Cool New Data Plan is Probably Ethically Wrong
FROM THE MEDIA: There is no way around it. Elon Musk is a brilliant businessman. If you display the man a box, he will think outside of it. The CEO chased away all of Twitter’s advertisers, so he’s been trying to figure out how to make money for his company lately. Based on a report in the Platformer newsletter, Twitter is working on a plan that would force users to opt in to targeted ads, removing a years-old privacy setting that gives users more control over their data. But wait, there’s more! The new strategy may require you to share your location data and allow Twitter to sell your data to third parties. Furthermore, the company may seek your permission to use your contacts and the phone number you provided for two-factor authentication to target advertising. These are not only brilliant ideas; they are almost certainly illegal as well.
READ THE STORY: IT Security News
Will China knock out America’s satellites
FROM THE MEDIA: The biggest strategic and tactical advantages we have over our adversaries are probably the enormous capabilities that our hundreds of military and intelligence satellites provide. Among those capabilities are to communicate over secure channels, to navigate and target weapons with great precision, to give near-instant warning of missile launches and to spy on other nations’ communications and military movements. Were we to lose even a substantial number of these satellites in any conflict, we’d also lose those advantages. Other nations have satellite capabilities, but none are equal to ours. Logically, then, any enemy planning to fight a war against us would invest heavily in capabilities to destroy or cripple our critical satellites. According to the Nov. 29 Pentagon report “Military and Security Developments Involving the People’s Republic of China in 2022,” that is precisely what China is doing.
READ THE STORY: The Washington Times
Latest US blacklist spells trouble for China’s biggest domestic 3D NAND supplier
FROM THE MEDIA: The US has ramped up trade restrictions against YMTC, China's biggest domestic flash memory supplier, triggering concerns that the chipmaker will face significant production issues and potentially be forced to exit the 3D NAND market. This is based on reactions from analysts and researchers to the news this week that the US Department of Commerce has placed YMTC, alongside 35 other Chinese companies, on its so-called Entity List, which requires firms on the list to receive a special license to important certain American technologies. Short for Yangtze Memory Technologies Co., YMTC was placed on the Department's Unverified List back in October as part of the White House's big move to curb China's domestic semiconductor industry by restricting exports of US-made advanced chip-making equipment. By adding YMTC to the Entity List, the US is blocking it from procuring even more supplies it needs to produce flash memory chips, unless it obtains a special license.
READ THE STORY: The Register
AI breakthrough ChatGPT raises alarm over student cheating
FROM THE MEDIA: Universities are being urged to safeguard against the use of artificial intelligence to write essays after the emergence of a sophisticated chatbot that can imitate academic work, leading to a debate over better ways to evaluate students in the future. ChatGPT, a program created by Microsoft-backed company OpenAI that can form arguments and write convincing swaths of text, has led to widespread concern that students will use the software to cheat on written assignments. Academics, higher education consultants and cognitive scientists across the world have suggested universities develop new modes of assessment in response to the threat to academic integrity posed by AI. ChatGPT is a large language model trained on millions of data points, including large chunks of text and books. It produces convincing and coherent replies to questions by predicting the next plausible word in a sequence of words, but often its answers are inaccurate and require fact-checking.
READ THE STORY: FT
Russia starts to actively jam GPS
FROM THE MEDIA: The Russian authorities have suddenly intensified jamming of GPS navigation in border regions and around major cities after a series of attacks by Ukrainian drones, which hit strategic aviation airfields near Saratov and Ryazan in early November. As of December 11, a high level of GPS interference, blocking more than 10% of communication with satellites, was recorded in the Volgograd, Saratov, Penza, Ulyanovsk, Bryansk, and Oryol Oblasts, as well as around Moscow as far as Tver, according to the data of the profile portal gpsjam.org. Almost the entire Kaliningrad Oblast, part of the Leningrad Oblast, as well as some areas of the Murmansk Oblast near the border with Finland and Norway are also in the GPS jamming zone.
READ THE STORY: Ukrainian News
Fire and rescue service in Victoria, Australia, confirms cyber attack
FROM THE MEDIA: The fire and rescue service in the state of Victoria (FRV), Australia, has shut down its network after a cyber attack launched by “an external third party.” Fire Rescue Victoria acting Commissioner Gavin Freeman revealed that the outage was first observed between 4am and 5am on Thursday. FRV operates 85 fire and rescue stations across the state. The cyberattack is affecting most of FRV systems, including network, emails and dispatch. “Importantly, community safety has not been compromised and FRV continues to dispatch crews and appliances through mobile phones, pagers and radios.” reads a statement published on Friday. “Preliminary investigations confirm this has been a cyber-attack by an external third party and that FRV systems are impacted.”
READ THE STORY: Security Affairs
Twitter takes on ElonJet
FROM THE MEDIA: Twitter vs. ElonJet: Another wild Twitter week. First, there was the news about the suspension and investigation of ElonJet, which tracks Elon’s private jet. The official account of Twitter competitor Mastodon was next. I got suspended(with links back to Mastodon markeded as “Potentially Hazardful”) shortly after it posted the information about the aircraft trackers. Then, a team of technical reporters came together. I got suspendedAt least one of them was tweeting about the difficulties of tracking planes. There’s more! Elon joined the Twitter Space, which has a few suspended reporters (as Twitter Spaces do not seem to recognize/respect commentaries). Elon then left the session after a few minutes of questions. Full Twitter Spaces feature It was taken offline.
READ THE STORY: Reporter byte
Bitcoin Is Not as Secure and Private as You Think: Here's Why
FROM THE MEDIA: As the oldest and best known cryptocurrency in the world, Bitcoin has had many ups and downs since its invention in 2008. The volatility of the crypto market aside, those advocating for Bitcoin have always claimed that it offers what fiat money cannot: privacy and security. But that's not really true. In reality, Bitcoin is not nearly as safe and private as many believe. Bitcoin does offer certain privacy protections most forms of fiat money do not, like the creation of addresses that are not tied to one's identity. But it is far from private. Here are three main reasons why. All Bitcoin transactions are recorded on the blockchain, which is a public ledger. This means that every transaction is public, and that anyone with access to the blockchain can view all the transactions associated with a particular Bitcoin address. If someone—be it a threat actor or a law enforcement agency—were to link your Bitcoin address to your identity, they'd be able to trace every transaction you ever made.
READ THE STORY: MUO
Glupteba Gang is Back With More Tools and Scope of Attack
FROM THE MEDIA: Six months after being taken down by Google, the Glupteba gang is back into action with improved controls and even more weapons. Leveraging the blockchain, Glupteba hackers retrieve their wallet addresses, C2 server details, and for others operations. Though this makes the gang’s operations public, it makes it resilient to normal takedowns by law enforcement. In December last year, Google took down the operations of Glupteba – a new-age threat actor that leverages the Bitcoin blockchain to perform its malicious operations. Securing the court orders, Google had taken control of the botnet’s infrastructure and even filed complaints against two Russian operators.
READ THE STORY: TechDator
NSA, CISA Concerns Over Security Risks Against 5G Network Slicing
FROM THE MEDIA: The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released new guidelines regarding cybersecurity threats pertaining to 5G network slicing. The document illustrates how a network slice is “an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs.” While numerous network slices operate on a single physical network, the guidelines clarify that each network slice user is only authenticated for one specific network region, allowing for data and security isolation.
READ THE STORY: IT Security News
Annoying CAPTCHA is still big for Google and e-commerce in bot battle, and likely to stay that way
FROM THE MEDIA: Have you ever been left confused by the mutated text that often appears when trying to make an online purchase, asking you to prove you’re not a robot? Or gotten a headache from squinting at your screen, trying to figure out if one of the boxes actually has a bike, car, boat, stop sign or traffic light in it? These are called CAPTCHAs – an acronym standing for “Completely Automated Public Turing test to tell Computers and Humans Apart.” The tests, invented by a group of researchers out of Carnegie Mellon in 2000, are usually made up of text, images or audio and are used as a security measure to detect bot activity online. Except some cybersecurity experts say in addition to the problem of human user annoyance, there’s a problem with the underlying approach to cybersecurity.
READ THE STORY: CNBC
Samba addressed multiple high-severity vulnerabilities
FROM THE MEDIA: Samba released updates to address multiple vulnerabilities, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, that can be exploited to take control of impacted systems. On December 15, 2022, Samba announced the 4.17.4, 4.16.8 and 4.15.13 security releases to address the above issues. Samba is a free software re-implementation of the SMB networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. The software runs on most Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple’s macOS Server, and macOS client (Mac OS X 10.2 and greater).
READ THE STORY: Security Affairs
Protect AI emerges from stealth and raises $13.5 million
FROM THE MEDIA: Protect AI emerged from stealth with $13.5 million seed funding and its first product, NB Defense. NB Defense addressess vulnerabilities in a core component used at the beginning of the machine learning supply chain – Jupyter Notebooks. This is a rapidly growing security issue which is increasing significantly annually as more organizations move machine learning into production environments. Today, there are over 10M publicly accessible notebooks, growing by 2M+ annually, with many more in private repositories.
READ THE STORY: HelpNetSecurity
AI is having a moment—here’s how businesses can lean in
FROM THE MEDIA: In recent weeks, generative AI seems to have popped up everywhere in the mainstream—via the popularity of ChatGPT, the proliferation of text-to-image tools, and as avatars in our social media feeds. But beyond fun smartphone apps and handy ways for students to shirk essay-writing assignments, global adoption of AI will fundamentally change the way businesses operate, innovate, and scale in the near future. Babson College Professor Thomas Davenport and Nitin Mittal, head of U.S. artificial intelligence growth at Deloitte, are the authors of All In on AI: How Smart Companies Win Big With Artificial Intelligence, which will be published in late January 2023.
READ THE STORY: Fast Company
Google announced end-to-end encryption for Gmail web
FROM THE MEDIA: Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta, users can send and receive encrypted emails within their domain and outside of their domain. Google E2EE was already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta). The IT giant announced that the client-side encryption in Gmail on the web will be available in beta for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. Users can apply for the beta until January 20, 2023. Using end-to-end encryption for Gmail will make sensitive data in the email body and attachments from indecipherable to Google servers.
READ THE STORY: Security Affairs
‘Borrowed Swords’: China’s Military Is Built With US Technology
FROM THE MEDIA: In California, a former U.S. Army pilot sells classified aviation research to China’s communist regime. In Kentucky, leaders of a defense contracting company allegedly conspire to sell technical drawings to China and illicitly introduce Chinese parts into the Pentagon’s supply Chain. In Illinois, a China-based company allegedly bribes workers to steal proprietary communications technology from their American employers. In Washington, a government agency is believed to be hacked by China-based cyber criminals who specialize in collecting national defense secrets.
READ THE STORY: The Epoch Times
Ukraine War Lessons For India: Big Wars Are Back, Terrorism Takes A Backsea
FROM THE MEDIA: When Russia launched a full-scale invasion of Ukraine on February 24, it was supposed to be a short war to be ended in a few days with the capture of Ukrainian capital Kyiv. Now even after 11 months, the war is on and military strategists across the world are trying to draw lessons from it as the Ukraine War has transformed modern warfare. Indian defense analysts say India has to learn a lot from the Russia-Ukraine conflict, ranging from whether to use nuclear weapons on the battlefield and when to use them and whether to be in an alliance or not. They agree that terrorism no longer is an issue in the great power game and it has become a side issue while the war assumed prime position.
READ THE STORY: Outlook Weekender
Elon Musk: 2 laid off employees now developing a new Twitter alternative app
FROM THE MEDIA: Users have been looking for alternative platforms since Elon Musk took over Twitter and laid off thousands of employees while also changing almost every other rule at the company and the platform. There are several alternatives to Twitter available out there and now two former Twitter employees are building another platform and they are calling it “Spill”. Musk laid off Alphonzo Phonz Terrell and DeVaris Brown during the November mass layoff. Since then, both have stated that they have been working on a social media platform called Spill in order to compete with the bird app. They also stated that the Spill app will cater to “culture drivers” and act as a safe haven for Black Twitter creators. The app is intended to be “a real-time conversational platform that puts culture first,” according to the platform’s two creators. The platform, according to the founders, will go live in January.
READ THE STORY: DNP India
Qatar fund leads investment in Israeli-US cyber unicorn
FROM THE MEDIA: Israeli-led cybersecurity unicorn Snyk has announced the closing of a $196.5 million Series G investment. In addition to the extraordinary amount of funding — rare anytime and especially during an economic downturn — there are two highly unusual aspects of this investment news. First, Snyk laid off 198 employees in October, 14 percent of its workforce, after laying off 30 in the summer. CEO Peter McKay explained at the time that although Snyk’s business is growing fast, with over 2,300 customers, “we now must operate even more efficiently in order for Snyk to effectively withstand the continued headwinds facing the global economy.”
READ THE STORY: Israel21c
Gemini’s customer data leak was advertised for sale on hacker forums for 30 BTC in September
FROM THE MEDIA: Three days ago, Bitcoin.com News reported on crypto-currency exchange Gemini after a database containing the phone numbers and email addresses of 5.7 million Gemini users was discovered to be leaked. The crypto-currency reporter, Zhiyuan Sun, explained that he witnessed documents showing “5,701,649 lines of Gemini customer information.“ Gemini on December 14, 2022, in a blog post, Gemini explained that the breach likely came from a third-party vendor. The exchange did not explain how many customer accounts were affected and Gemini did not specify which third-party vendor was responsible for the data breach. The next day, after Gemini’s blog post was published, Bleeping Computer cybersecurity writer Ionut Ilascu published an article explaining that Gemini’s leaked database had been for sale since September 2022.
READ THE STORY: RoyalsBlue
Twitter has reportedly laid off part of its infrastructure team
FROM THE MEDIA: Stop me if you’ve heard this one before, but Elon Musk has reportedly laid off more of Twitter’s workforce. According to The Information, the company cut part of its infrastructure division on Friday evening. The scale of the layoffs is unclear, but some engineers took to Twitter yesterday to say they were told over email their contribution was no longer required. The latest cuts come after The New York Times reported on Tuesday that Musk had laid off Nelson Abramson, Twitter’s head of infrastructure, among a handful of other high-ranking employees at the company.
READ THE STORY: Yahoo Life
Foxconn to Sell Stake in China Chip Giant Amid Taiwan Review
FROM THE MEDIA: A subsidiary of Taiwan’s Hon Hai Precision Industry will dispose of its indirect minority stake in China’s semiconductor giant Tsinghua Unigroup, the latest sign that Beijing’s chip industry is becoming increasingly isolated from the rest of the world. Hon Hai’s China-listed Foxconn Industrial Internet will sell the shares to Yantai Haixiu IC Investment Center for not less than 5.38 billion yuan ($772 million), according to an exchange filing Friday. Hon Hai said in a separate statement that it decided to sell the stake to avoid uncertainty because the investment still cannot be finalized. The company’s interest in the Chinese chipmaker, despite being relatively small, has triggered concerns from the Taiwan government because the state-backed Tsinghua Unigroup is one of the most prominent semiconductor companies in China.
READ THE STORY: Bloomberg
Intel U-turns on plan to kickstart chip manufacturing plant in Germany
FROM THE MEDIA: Intel, the US semiconductor behemoth, is taking a U-turn on a previous decision that would have seen it kickstarting the construction of a huge chip manufacturing plant in Germany, German outlet Volksstimme reported on Saturday. Construction would have begun sometime during the first half of 2023 after Intel committed earlier in the year some €17 billion as an investment into the facility that would have been propped up in Magdeburg. Later on, the US conglomerate said the investment can increase by three-fold down the line.
READ THE STORY: Almayadeen
Items of interest
How to define 'doxxing' when the data is public
FROM THE MEDIA: Twitter owner Elon Musk last week suspended the account of a Florida student who was posting the location of private jets, including Musk’s. He suggested the student was tweeting out his “assassination coordinates.” The shutdowns escalated to include prominent journalists and other accounts that had discussed his plane’s location — although the former were later reinstated. To justify the move, he rewrote some of Twitter’s policies to try and stop people from sharing those details. But some of the information Musk was concerned about on Twitter is publicly available, due to dramatic improvements in how the aviation system tracks aircraft to ensure a high level of safety and to improve efficiency. Untangling privacy concerns from the improvements in the underlying technology isn’t easy, say aviation experts.
READ THE STORY: The Japan Times
Bug Bounties: Past, Present, Future (Video)
FROM THE MEDIA: Join Pedram Amini and myself as we discuss the history of bug bounty programs. For those of you who didn't know, Pedram started both iDefense and Zero Day Initiative (ZDI), two of the original and most popular vulnerability-buying programs. He also contributed some amazing tools to the community, such as PyDbg, Paimei, and the Sulley fuzzing framework.
Block ALL ads with this…(and speed up your internet) (Video)
FROM THE MEDIA: BEGINNER Block ALL ads in your home network with AdGuard. In this video, NetworkChuck will show you how to block all the ads in your home network using a technique called a dns sinkhole. NetworkChuck will walk you through installing adguard on Mac and Linux, specifically a Raspberry Pi and a VPS (cloud server).
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com