Sunday, January 01, 2023 // (IG): BB // THM:Windows RE // Coffee for Bob
Toyota Kirloskar Motor reports data breach system
FROM THE MEDIA: Toyota Kirloskar Motor said on Sunday that some personal information of its customers may have been exposed online, adding that the extent of the intrusion is being confirmed. In a statement, the company said, “Toyota Kirloskar Motor (TKM) has been notified by one of its service providers of an incident that might have exposed personal information of some of TKM’s customers on the internet. The extent of intrusion is being confirmed.” The Bengaluru headquartered company said that the Indian Computer Energy Response Team (CERT-In) had been alerted to the breach. “Considering this incident, TKM will work with its service provider to further enhance the existing extensive guidelines being followed and is fully committed to avoid any kind of inconvenience to our esteemed customers. We sincerely apologize for any concern this may have caused to our customers,” it said.
READ THE STORY: ET
Year in a word: Chip choke
FROM THE MEDIA: 2022 was the year when the world’s politicians fully woke up to the computer chip industry’s critical importance to the global economy. They also realized how worryingly dependent the major powers have become on the semiconductor hotspot and geopolitical flashpoint that is Taiwan. Governments are now pumping huge sums of money into the industry to reshore chip production and restore “technological sovereignty”. To that end, China, the US, the EU, Japan and India have collectively promised $190bn in subsidies over a decade, according to New Street Research. As well as boosting its own chip manufacturing capacity, the US is trying to throttle that of its chief strategic rival: China. Since 2020, Washington has been tightening its “chip choke” on Beijing, trying to deprive the country of access to the most sophisticated, cutting-edge chips.
READ THE STORY: FT
Poland warns of pro-Kremlin cyberattacks aimed at destabilization
FROM THE MEDIA: Poland’s security agency said on Friday that the country has been a “constant target” of pro-Russian hackers since the start of the war between Russia and Ukraine. The cyberattacks on Poland’s government services, private companies, media organizations and ordinary citizens have intensified over the past year, it said. The country’s strategic, energy, and military enterprises are particularly at risk, it added. Polish cybersecurity officials said these cyberattacks are Russia’s response to Warsaw’s support for Ukraine and an attempt to destabilize the situation in the country. “Through hostile operations in cyberspace, Russia wants to exert pressure on Poland, as a frontline country and a key Ukraine’s ally on the NATO eastern flank,” the agency said.
READ THE STORY: The Record
Russia's war in Ukraine shows why troops need to learn to put their phones away
FROM THE MEDIA: The use of new technology on the battlefield has prompted the US military to rethink its operations as it prepares for a future conflict with a technologically advanced adversary, and many of its changes have been validated by the Russia-Ukraine conflict, US Marine Corps Commandant Gen. David Berger said this month. One of the most important lessons is that your electronics are giving away more information about you than you think, said Berger, who has led an effort to develop capabilities to operate in a more dispersed manner since taking over as the Corps' top officer in July 2019. The risk posed by electronic emissions is salient for Marines, as those emissions could allow rivals to track them, listen to their communications, or attack them.
READ THE STORY: Business Insider Africa
Netgear Router Vulnerability Update: How To Update A Netgear Router’s Firmware
FROM THE MEDIA: After reviewing the target list for the Zero Day Initiative’s (ZDI) Pwn2Own Toronto event, Tenable’s Zero Day Research Team began investigating the NETGEAR Nighthawk router. Pwn2Own is a hacking competition where participants target widely used software and devices exploiting zero-day vulnerabilities. Pwn2Own supports ZDI’s more significant objectives of gathering and notifying vendors of vulnerabilities, developing signatures for intrusion detection, and assisting defenders in reducing their exposure. A challenge in the contest is a small office/home office (SOHO) “smashup” created to simulate a real-world attack in which a hacker would take advantage of vulnerabilities in several devices to penetrate a home network. Because the competition’s targets are so widely utilized, there is a much higher possibility that security experts have already examined them and found intriguing flaws.
READ THE STORY: News Watchlist
Satellite Imaging of Methane Super-Emitters To Provide Data To Clean Up Supply Chains
FROM THE MEDIA: The use of satellite imaging to verify self‑reporting of methane emissions using empirical data gathered in near-real time by artificial intelligence, could cost the fossil fuel industry dearly in fines under the new methane provisions of the US Inflation Reduction Act (IRA). Signed into law in August, the IRA requires the US Environmental Protection Agency (EPA) to adopt within 2 years methods to monitor and collect empirical data on methane emissions. The act introduces the federal government’s first-ever tax on greenhouse gas emissions, but does not specify preferred technologies. Satellite monitoring is assumed to be at the top of the list, according to geo‑analytics company Kayrros.
READ THE STORY: JPT
Iran launches explosive drone at mock Israeli Navy base during drill
FROM THE MEDIA: In an apparent warning to Israel, the Iranian military launched an explosive-laden drone from a landing ship at a mock version of an Israeli Navy base during a drill Saturday. Footage published by the official Islamic Republic News Agency showed the Hengam-class landing ship IRIS Lavan launching an Ababil “suicide drone” toward the simulated naval base. Twitter accounts dedicated to open-source intelligence-gathering were quick to point out that the mock base was designed with a similar building layout to the Eilat Naval Base, in the Red Sea coast city of the same name. Next to the simulated target was also a mock version of an Israeli Navy Sa’ar 6-class corvette.
READ THE STORY: The Times of Israel
Government inaction adds pressure to IoMT device and data security
FROM THE MEDIA: It’s now become an unfortunate reality that U.S. hospital systems and other healthcare delivery organizations must look solely to their own leadership on Internet of Medical Things (IoMT) device and data security, as new legislation won’t be doing them any favors. With vulnerable IoMT devices a particularly popular pathway for ransomware and malware, the government’s relative inaction is worrisome. Many hospitals have championed the inclusion of medical device security provisions in this year’s appropriations bill responsible for funding the U.S. Food and Drug Administration (FDA) and reauthorizing FDA user fee programs. In June, a version of the bill that would have placed new legally binding security requirements on IoMT device manufacturers easily passed in the House of Representatives.
READ THE STORY: VB
PyTorch discloses malicious dependency chain compromise over holidays
FROM THE MEDIA: PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch admins are warning users who installed PyTorch-nightly over the holidays to uninstall the framework and the counterfeit 'torchtriton' dependency. From computer vision to natural language processing, the open source machine learning framework PyTorch has gained prominence in both commercial and academic realms. Between December 25th and December 30th, 2022, users who installed PyTorch-nightly should ensure their systems were not compromised, PyTorch team has warned. The warning follows a 'torchtriton' dependency that appeared over the holidays on the Python Package Index (PyPI) registry, the official third-party software repository for Python.
READ THE STORY: BleepingComputer
Using Code Instrumentation for Fault Injection at the Application Level at eBay
FROM THE MEDIA: eBay engineers have been using fault injections techniques to improve the reliability of the notification platform and explore its weaknesses. While fault injection is a common industry practice, eBay attempted a novel approach leveraging instrumentation to bring fault injection within the application level. This platform is responsible for pushing platform notifications to third party applications to provide the latest changes in item price, item stock status, payment status and more. It is a highly distributed and large-scale system relying on many external dependencies, including distributed store, message queue, push notification endpoints and others.
READ THE STORY: InfoQ
Apple's Dark Sky weather app is gone after tonight; here's how you can still access the same data
FROM THE MEDIA: Back in 2020, Apple acquired the hyperlocal Dark Sky weather app leading it to shut down the Android version of the app. Dark Sky became famous for its forecasts that gave the precise time when users should expect precipitation in local areas. These forecasts were made using crowdsourced data and the accuracy of its calls helped it amass over 1 million Android users (all of whom lost access to the app unless they switched to iOS). Earlier this month, we told you that Apple was going to shut down the Dark Sky app on January 1st, 2023 which is tomorrow. Apple integrated Dark Sky's features with the Apple Weather app. We also told you about the support page that Apple put up explaining how Dark Sky users can take advantage of the native iOS Apple Weather app and continue to see hyperlocal forecasts made using the same technology and community data that Dark Sky used.
READ THE STORY: Phone Arena
Should Google be worried about ChatGPT replacing search engines
FROM THE MEDIA: With ChatGPT having been available online for nearly a month now, the early scenes of euphoria have died down. However, although many of the shouts of the revolutionary technology may have seemed like hyperbole at the time, more considered voices have started discussing the potentially revolutionary technology including analysts who have been exploring whether AI generative text bots could challenge traditional search engines. Let’s take a look at what they are saying. Investment analysts at Seeking Alpha have taken note of a recent drop in Alphabet’s (Google’s parent company) stock price, which they believe could be down to the threat posed by ChatGPT. The OpenAI chatbot has made a name for itself by being able to provide straightforward answers to questions, however, it still falls short in certain areas when compared to Google search.
READ THE STORY: gHacks
Can Artificial Intelligence Create A Limitless Economy
FROM THE MEDIA: The size of an economy is measured by GDP (Gross Domestic Product). GDP is calculated by adding up the value of all goods and services produced within a country's borders in a given year. This includes the value of goods and services produced by both the government and the private sector. GDP is typically measured in monetary terms, using current market prices for goods and services. GDP is used as a measure of the size and strength of an economy, as well as its overall level of economic activity. It is often used to compare the economies of different countries and to track economic growth over time.
READ THE STORY: Forbes
“I asked AI if it’s taking over my job as a writer”
FROM THE MEDIA: The AI wave is here, and this is what it said. It was the beginning of December and time to start jotting down New Year’s resolutions. One promise I made myself was to consistently write 1 article every 3 days and by the end of next year, I would have at least 100 articles. The beginning of December was also when ChatGPT by OpenAI and NotionAI was released. Trying them out for myself, I was immediately in praise. As a self-proclaimed Luddite, I would consider myself a slow mover when it comes to tech, but it was so simple and it felt like it could answer any question in the universe. Its speed, accuracy, and research are unmatched when it came to writing. I then realized, “uh oh, will I become obsolete?”
READ THE STORY: Medium
Blacklisted Chinese Hikvision Aids PRC Police to Track Protesters, Falun Gong
FROM THE MEDIA: Chinese video surveillance giant Hikvision has activated alarms to aid the Chinese regime in tracking protesters and Falun Gong adherents, according to the latest report from Pennsylvania-based video surveillance information company IPVM. Protest activities subjected to alarm include “gathering crowds to disrupt order in public places,” “unlawful assembly, procession, demonstration,” and threats to “petition,” among several others. In technical documentation accessible on Hikvision’s website, these actions are included alongside violations like “gambling” or “drug- related.” The alarms also aim at “religion” and “Falun Gong.” Falun Gong, also known as Falun Dafa, is a spiritual discipline with meditative exercises and moral teachings. It grew in popularity during the 1990s leading to up to 100 million people practicing in China by the end of the decade. Perceiving this to be a threat, the Chinese regime in 1999 launched a nationwide campaign seeking to eradicate the practice.
READ THE STORY: The Epoch Times
IoT security and vulnerabilities that will come along with 5G
FROM THE MEDIA: There will be 22 billion connected devices in the world by 2025. Simply put IoT or internet of things is a network of connected physical objects that are embedded with electronics, chips, sensors, and software, that exchange data over the internet. Evolving exponentially over the past few years, IoT promises convenience and efficiency via connected devices, and it is about to enter one of the most exciting periods in its history. Scalable and secure IoT solutions are playing a vital role in providing industry players with safe, seamless, and cost-effective ways to capitalize on the IoT evolution and build resilience for the future. There is practically no single sector or industry that is not witnessing the effect of this evolution.
READ THE STORY: Financial Express
Here is Another Powerful Case Against Using Pirated Software
FROM THE MEDIA: Downloading unlicensed software can save you a few dollars, but you risk losing much more because researchers have found a cryptocurrency-targeting info stealer hiding within the cracks. “RisePro” is a brand-new piece of information-stealing malware that was discovered by two different cybersecurity companies, Flashpoint and Sekoia. RisePro is disseminated via websites that also house cracked software, loaders, and other illegal content, and it infects endpoints using the pay-per-install (PPI) malware distribution tool PrivateLoader. Researchers found that RisePro and PrivateLoader are very similar, leading them to believe that the malware distribution platform now has its own info stealer. Furthermore, they determined that it makes use of the similar system of embedded DLL dependencies, suggesting that Vidar served as its likely foundation.
READ THE STORY: ITSecNews
Items of interest
Iraqi Security Dismantles Largest Crude Oil Smuggling Network in Basra
FROM THE MEDIA: The Iraqi National Security Agency has announced that the committee investigating the oil theft in Basra uncovered the largest crude oil smuggling network. The new announcement may be linked to the arrest of nine senior officers in early November, including top officials of the protection police involved in oil and its derivatives smuggling, in quantities estimated at 75 million liters per month. The National Security Agency reported that the smuggling process was done over three stages, through the officers and the coordinator, who are tasked with protecting the smugglers when withdrawing crude oil and securing the movement of the vessels.
READ THE STORY: Asharq Al-Awsat
OpenAI CEO Sam Altman | AI for the Next Era (Video)
FROM THE MEDIA: Greylock general partner Reid Hoffman interviews OpenAI CEO Sam Altman. The AI research and deployment company's primary mission is to develop and promote AI technology that benefits humanity. Founded in 2015, the company has most recently been noted for its generative transformer model GPT - 3, which uses deep learning to produce human-like text, and its image-creation platform DALL-E.
Did Google’s A.I. Just Become Sentient? Two Employees Think So (Video)
FROM THE MEDIA: Can an A.I. think and feel? The answer is no, but to two Google engineers think this isn't the case. We're at the point where the Turing test looks like it's been conquered.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com