Sunday, January 22, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
How Europe Needs Freight Trains to Cross Russia From China
FROM THE MEDIA: Giving Ukraine modern tanks remains a key question facing Kyiv’s allies after a meeting of top defense officials in Germany on Friday yielded little progress. But perhaps the most exposed link in supply chains for producing such weapons runs on train tracks through the foe they’re trying to defeat. Russia is at the center of a rail cargo route supplying Western arms manufacturers with a steady supply of metals needed to make the microchips, electronics and ammunition used in modern weaponry. Most of the so-called rare earth elements are mined in China. Russian Railways JSC and other carriers are hauling a rising volume of critical metals needed for Europe’s defense industry. The volume of Chinese rare earth metals shipped on trains across Russia surged to 36,074 tons in the first nine months last year, more than double the amount transported in all of 2021, according to European Union data seen by Bloomberg News. The value of that trade rose by more than fourth-fifths, to €377 million ($408 million) through September.
READ THE STORY: Bloomberg
Interpol: Connecting Police Forces Across The World To Combat International Crime
FROM THE MEDIA: Interpol, the world’s largest international police organization, is based in the UK in the city of London. Founded in 1923, Interpol is an independent, non-political organization that works to connect police forces around the world and facilitate cooperation in the fight against transnational crime. Interpol’s headquarters are located in the heart of London, in the Metropolitan Police Headquarters, and it has a network of offices in more than 100 countries across the world. Interpol’s mission is to provide a global platform for countries to share information and intelligence, and to coordinate efforts in order to combat international crime. By connecting law enforcement agencies across the world, Interpol helps to ensure that criminals can be tracked and brought to justice, no matter where they are located. No, Interpol does not have its own police force.
READ THE STORY: Malaysian Digest
DOJ investigating Abbott plant at the center of 2022 baby formula shortage
FROM THE MEDIA: The U.S. Justice Department is investigating the Abbott Laboratories infant formula plant in Michigan that was shut down for months last year due to contamination, the company confirmed. The factory’s closure in February 2022 was a key cause of a nationwide baby formula shortage that forced parents to seek formula from food banks, friends and doctor’s offices. Production restarted in June. The Justice Department has informed Abbott of its investigation and the company is “cooperating fully,” Abbott spokesperson Scott Stoffel said via email. He declined to provide further details. The investigation was first reported by The Wall Street Journal, which said the Justice Department’s consumer protection branch is looking into conduct at the Sturgis, Michigan, plant that led to its shutdown.
READ THE STORY: PBS
Suspected Chinese hackers exploit vulnerability in Fortinet devices
FROM THE MEDIA: Suspected Chinese hackers have been targeting a European government entity and African managed service provider with new custom malware. According to a report released by Mandiant on Thursday, hackers exploited a recently patched vulnerability — CVE-2022-42475 — in FortiOS, an operating system developed by U.S. cybersecurity company Fortinet, as a zero-day. The exploitation occurred as early as October 2022, before the bug was fixed. In January, Fortinet warned its customers that hackers were using this vulnerability to target government networks. Mandiant identified a sophisticated new malware, which the researchers dubbed Boldmove, that exploited this vulnerability. Boldmove’s Linux variant was specifically designed to run on Fortinet’s FortiGate firewalls. The researchers believe that this is the latest in a series of Chinese cyber espionage operations that have targeted internet-facing devices.
READ THE STORY: The Record // HackREAD
ChatGPT passed a Wharton MBA exam and it’s still in its infancy. One professor is sounding the alarm
FROM THE MEDIA: ChatGPT has alarmed high-school teachers, who worry that students will use it—or other new artificial-intelligence tools—to cheat on writing assignments. But the concern doesn’t stop at the high-school level. At the University of Pennsylvania’s prestigious Wharton School of Business, professor Christian Terwiesch has been wondering what such A.I. tools mean for MBA programs. This week, Terwiesch released a research paper in which he documented how ChatGPT performed on the final exam of a typical MBA core course, Operations Management. The A.I. chatbot, he wrote, “does an amazing job at basic operations management and process analysis questions including those that are based on case studies.” It did have shortcomings, he noted, including being able to handle “more advanced process analysis questions.”
READ THE STORY: Fortune
Davos frets over AI and white collar jobs
FROM THE MEDIA: Forget crypto and blockchain: The tech conversation at this year's World Economic Forum in Davos is all about the rise of artificial intelligence, particularly the text-generator ChatGPT. Tools like OpenAI's ChatGPT and image generators like Stable Diffusion and Dall-E have been in the works for years — but even the tech experts in the Davos crowd are shocked at just how fast they have matured. Panels and in side conversations at this week's gathering in Davos, Switzerland — as well as at last week's DLD Conference in Munich — everyone wants to talk about this latest crop of generative AI tools, from how they are experimenting with it personally to how they see it reshaping their businesses and lives. One major tech company CEO I spoke to on the sidelines of the Forum told me he knew all about the large language model approach that underlies these generative AI tools but he wouldn't have predicted even six months ago that they would have emerged as the game-changers they are shaping up to be.
READ THE STORY: Axios
Riot Games hacked, delays game patches after security breach
FROM THE MEDIA: Riot Games, the video game developer and publisher behind League of Legends and Valorant, says it will delay game patches after its development environment was compromised last week. The LA-based game publisher disclosed the incident in a Twitter thread on Friday night and promised to keep customers up-to-date with whatever an ongoing investigation discovers. "Earlier this week, systems in our development environment were compromised via a social engineering attack," the company said. "We don't have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained." Riot Games also added that the breach directly impacted its ability to publish patches for its games. "Unfortunately, this has temporarily affected our ability to release content. While our teams are working hard on a fix, we expect this to impact our upcoming patch cadence across multiple games," Riot Games said.
READ THE STORY: BleepingComputer
Police Contractor That Promised to Track Homeless People Hacked
FROM THE MEDIA: Hackers have stolen more than 15GB of data from ODIN Intelligence, a law enforcement contractor which, among other things, recently had plans to track people experiencing homelessness with facial recognition. The cache includes a bevy of sensitive information, such as photos, reports, and other ODIN customer and internal data. In one directory called “gallery” are 5,900 files. These include images such as mugshots, people, homes, vehicles, and peoples’ tattoos. Some of the files include identifying information, such as the name of the person in the filename or identity and Social Security cards. Other files include field interrogation reports, and sex offender registration information. ODIN runs Sex Offender Notification and Registration (SONAR), a system used by local and state police for tracking sex offenders. The dump also included some polygraph reports, including of convicted sex offenders.
READ THE STORY: VICE // TECHCRUNCH
Leaking company secrets via generative AIs like ChatGPT
FROM THE MEDIA: For a third party, knowing what people from company X are asking of ChatGPT (or any other generative AI) could be quite interesting and profitable (as well as damaging to company X). Some scenarios which come to mind: Product team member chats with an outside AI about ideas for new products or services, Sales team member chats with an outside AI to find potential new customers, M&A team member uses an outside AI to help with due diligence on a potential acquisition, Finance team member uses an outside AI to assist with modeling tasks, Marketing team member uses an outside AI to draft future press releases. These are pretty simplistic use cases – as AI models get more sophisticated and useful, the applications (and potential information leakages) will become more serious. And figuring out who works for company X is easy peasy using LinkedIn and data from previous breaches.
READ THE STORY: Security Boulevard
FAA continues to investigate what led to airline meltdown
FROM THE MEDIA: A preliminary Federal Aviation Administration review of the recent outage of the Notice to Air Missions (NOTAM) system determined that contract personnel unintentionally deleted files while working to correct synchronization between the live primary database and a backup database, according to a statement from the agency. The FAA has so far found no evidence of a cyber-attack or malicious intent. The FAA continues to investigate the circumstances surrounding the outage. The FAA made the necessary repairs to the system and has taken steps to make the NOTAM system more resilient. The agency is acting quickly to adopt any other lessons learned in our efforts to ensure the continuing robustness of the nation’s air traffic control system. Until Jan. 11, 2023, few travelers had ever heard of a Notice to Air Missions, or NOTAM, nor did they know that the system used to generate those notices could cause widespread travel misery.
READ THE STORY: Hays Post
Chinese tech giants Huawei and TikTok bankrolling MPs and peers in lobbying effort
FROM THE MEDIA: Chinese firms Huawei and TikTok are among big tech firms bankrolling MPs and peers. More than £400,000 has been donated to a parliamentary group set up to explore technology issues since 2019. Most of it came from the likes of Google, Facebook and BT. Chinese giants Huawei and TikTok have given £42,000. The money went to the influential Internet, Communications and Technology all-political parliamentary group. The cross-party group, which has 21 MPs and peers, is said to be the largest of hundreds set up to explore policy issues. These are often targeted by lobbyists and corporate donors seeking to influence government policy on behalf of big business. They rely on donations and benefits-in-kind to fund their operations, which have to be published in a register. Last night the group said Huawei was not “currently” involved or donating. But anti-corruption charity Transparency International UK called for a review of lobbying rules. Policy manager Rose Zussman said: “It’s astonishing that the rules allow companies with such close ties to foreign governments to bankroll these groups and gain privileged access to the legislature.
READ THE STORY: The Mirror
Russia to retaliate after RT accounts frozen in France: reports
FROM THE MEDIA: Moscow will retaliate against French media in Russia after the bank accounts of RT France, the French arm of its state broadcaster, were frozen, Russian news agencies quoting an anonymous foreign ministry source reported Saturday. Hours later, the director of the channel in France announced that it would have to shut down as a consequence. "The blocking of RT France accounts will lead to retaliatory measures against the French media in Russia," the TASS and RIA Novosti news agencies quoted the foreign ministry source as saying. The measures "will be remembered", the source said, accusing Paris of "terrorising Russian journalists." The channel's director in France, Xenia Fedorova announced in a statement posted on Twitter later Saturday that this had been the final blow.
READ THE STORY: France 24
Escalating topic of threat of attack from Belarus is Russian information and psychological operation Ukraine's Intelligence Directorate
FROM THE MEDIA: Ukrainian Chief Intelligence Directorate believes that the escalation of the topic of a threat of a Belarusian attack on Ukraine is a Russian informational and psychological operation. Andrii Yusov, representative of the Chief Intelligence Directorate of the Ministry of Defense of Ukraine, on air during the 24/7 national joint newscast. "Conceptually, escalating the topic of an immediate military threat from Belarus, as the Main Intelligence Directorate has informed, is, in fact, a Russian informational and psychological operation. Of course, we know everything about dictator Lukashenko, about the regime in Belarus. But there are objective things: the number of strike groups, the readiness of forces and means, and other points that allow us to say that today there is no threat of a full-scale ground operation and participation on the side of Russia from Belarus."
READ THE STORY: Yahoo News // The Odessa Journal
Items of interest
What is Russia's Internet of Things
FROM THE MEDIA: The HSE Institute for Statistical Research and Economics of Knowledge has identified the ten most promising areas for the development and application of Internet of Things technologies that will be in demand in 2023, including already 16.7% (41.5 thousand) of Russian enterprises using IoT technologies. This is 3.7 percent higher than a year earlier. According to experts, the Internet of Medical Things (IoMT, Internet of Medical Things) will be the most significant area of technology development: diagnostic devices, equipment for monitoring patients' condition, and systems for accounting for medicines stocks. Among the promising areas of application of wearable IoT are contactless payment, access systems, and content broadcasting. Research in the field of the Internet of robotic things (IoRT, Internet of Robotic Things) is promising. Building neural networks and pre-processing data on IoT devices are also possible due to fast-growing trends in the future. The Russian Sphere is a well-known system.
READ THE STORY: List 23
An Expert Class in Information Operations with John Hultquist | The Cipher Brief (Video)
FROM THE MEDIA: The Evolving Threat of Information Operations is part of The Cipher Brief's new Learn from the Experts Series (LFES). Information operations have always been around, but now, aided by a transformed the digital media landscape, conditions are perfect for the growth of this capability. States everywhere are adopting information operations as a tool of strategic completion and constantly innovating their tradecraft. Mandiant’s John Hultquist will cover some of the evolving, aggressive information operations efforts sponsored by regimes around the world.
Countering Foreign Information Operations with Microsoft President Brad Smith (Video)
FROM THE MEDIA: Tom VanNorman and Don Weber join Dale to describe the ICS Capture The Flag competition they will be running at S4x23, Feb 13 - 16 in Miami South Beach.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com