Thursday, April 06, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
Could the US Block Russian Oil Exports to China? Yes, But It’s a Bad Idea
Analyst Comments: The report sheds light on the current state of Russia-to-China crude oil flows and highlights that the bulk of crude oil trade volumes between the two countries are transported via maritime shipments. The analysis suggests that a blockade of Russian crude oil shipments to China is not a practical solution outside of wartime or near-wartime conditions. The report also notes the severe political and military risks of such a blockade and the limited impact it would have on China's crude oil imports. Overall, the report provides a useful perspective on the limitations of Russia's crude oil export capacity to China and the risks involved in blocking the oil trade.
FROM THE MEDIA: According to a report, Russian crude oil exports to China are largely conducted via maritime shipments and not through pipelines. The East Siberia Pacific Ocean pipeline (ESPO) has a mainland China spur that delivers around 0.7 million barrels per day (MMBPD) to refineries in north China, while the Atasu-Alashankou pipeline has a capacity of about 0.4 MMBPD. However, most of the crude oil is transported through tankers, and market participants have estimated that China's total imports of Russian crude could reach as high as 3-3.5 MMBPD, although 2.5 MMBPD is more likely. A blockade of Russian crude oil shipments to China is a risky and unwise idea, as it would not achieve much and could lead to severe political and military consequences.
READ THE STORY: The Diplomat
An International Cyber Court Is a Notional Exercise, not a Practical One
Analyst Comments: The article raises valid concerns about the effectiveness of an International Cyber Court, especially in terms of harmonizing terminology, determining perpetrators, and addressing state responsibility. Additionally, the article points out that the countries most tied to hostile cyber activities, including the United States, China, Iran, and Russia, are resistant to joining bodies that may force them to curtail activities they deem critical to ensuring their national interests.
FROM THE MEDIA: The idea of establishing an International Cyber Court to address serious cyber crimes that pose a threat to the international community has been raised in an international political and policy journal. However, the article also presents other alternatives, such as expanding the jurisdiction of the current International Criminal Court, creating a special international criminal court specifically for cyberspace, or creating ad-hoc courts/tribunals. The establishment of an International Cyber Court would adhere to international law, making it an attractive potential means for justice. However, the ICC's criticisms and problems could extend to a Cyber Court counterpart, such as having too little authority to follow through on its supposed mandates or too much prosecutorial authority without a check against potential political bias. Moreover, the nature of cyberspace makes it difficult to determine perpetrators, and the failure to harmonize terminology has consistently obstructed the way forward for the international community.
READ THE STORY: OODALOOP
Samsung reportedly leaked its own secrets through ChatGPT
Analyst Comments: This report highlights the challenges faced by companies in balancing productivity and data security when adopting new technologies such as AI language models. The incident underscores the need for caution and strong security protocols in adopting such tools, and the importance of employee awareness and education on data protection. The potential risks of using third-party AI services should also be carefully considered, and companies should be prepared to take emergency measures when necessary to prevent data leakage. Overall, the incident serves as a reminder that the adoption of new technologies should be accompanied by a comprehensive risk assessment and security strategy to ensure the protection of sensitive data.
FROM THE MEDIA: Samsung reportedly leaked sensitive in-development semiconductor information at least three times through ChatGPT, an AI language model created by OpenAI. The company had recently lifted the ban on its use, hoping to enhance productivity and keep staff engaged with the latest technology. One employee copied problematic source code of a semiconductor database download program and uploaded it to ChatGPT, while another uploaded program code to identify defective equipment. A third uploaded records of a meeting in an attempt to auto-generate minutes. ChatGPT's FAQ states that conversations may be reviewed by AI trainers to improve systems, and Samsung had warned employees against leaking proprietary information. Once the incidents were discovered, Samsung reportedly applied "emergency measures" to limit upload capacity, and is now considering building its own in-house AI service to prevent further incidents.
READ THE STORY: The Register
China clears path for foreign investors to $5tn swaps market
Analyst Comments: The launch of the Swap Connect scheme is a positive development for foreign investors looking to hedge their exposure to renminbi debt, as it will provide easier access to tools for hedging interest rate risk. It is also expected to help stem the outflows from China's renminbi bond market, which has seen investors dump more than Rmb865bn ($126bn) worth of renminbi bonds since the start of 2022. The program's launch is a testament to China's commitment to opening up its financial markets to the rest of the world, and is in line with its efforts to internationalize the renminbi. However, the success of the scheme will depend on how effectively it is implemented, and how attractive it is to foreign investors.
FROM THE MEDIA: China's Swap Connect scheme has received regulatory approval and is set to launch within months. The scheme will open up a $5tn swaps market to foreign investors to hedge their exposure to renminbi debt, and will initially provide access to interest-rate swaps for onshore renminbi government bonds. The program was announced by President Xi Jinping last July, and its launch was delayed due to the absence of regulations governing its function. The scheme has been framed as an important link between foreign and Chinese finance, similar to the city's Stock Connect and Bond Connect program.
READ THE STORY: FT
UK Criminal Records Office Crippled by "Cyber Incident"
Analyst Comments: The ACRO's ongoing cyber incident that started in mid-January is yet another reminder of how vulnerable organizations are to cyber threats. The incident highlights the risks of a data breach, including data loss or theft, reputational damage, and regulatory fines. The backlogs created in the processing of essential police certificates, which are necessary for obtaining work or residence visas for many foreign countries, demonstrate the severity of the impact of such incidents on individuals and businesses. ACRO's response to the incident has been unclear, with only hints of problems shared with customers and the public through tweets and website messages. The spokesperson's statement on the absence of conclusive evidence that personal data has been affected is not reassuring.
FROM THE MEDIA: The UK's Criminal Records Office (ACRO) has been dealing with a cyber incident since January 17, leading to backlogs for visa applicants and potentially exposing customer information to compromise. The unit checks the police records of UK citizens who want to work or live abroad, and it has been struggling to recover from the cyber event. ACRO claimed a technical issue on February 9 for a website outage, and it said police certificates were taking longer to process due to heavy demand. The unit returned to blaming website maintenance for the outage on March 21. ACRO took its customer portal offline when it became aware of the incident and is working with national agencies to investigate the matter. The incident has caused significant backlogs in the processing of essential police certificates, without which applicants are unable to obtain work or residence visas for many foreign countries.
READ THE STORY: InfoSecMag
Hackers posed as reporters in attacks on North Korea experts, Google says
Analyst Comments: The hackers use a variety of tactics ranging from phishing emails to malicious Chrome extensions. They send phishing emails where they pose as a representative of a media outlet or think tank and ask North Korea experts to participate in a media interview or request for information. Once victims enter their Google password, they are taken to a Google doc with questions and other information. The group has been able to evade antivirus tools by password protecting its malware in files and then sharing the password with victims in phishing emails. Google has been forced to introduce significant changes to the Chrome extension ecosystem because of the group’s frequent abuse of them.
FROM THE MEDIA: According to a report released by Google’s Threat Analysis Group (TAG), North Korean government hackers that have been targeting government and business organizations in South Korea and the US have also targeted people with expertise in North Korea policy issues by posing as journalists. The report revealed that the group, which is also known as APT43, has been tracked by the TAG since 2012 and that they have been using the name “Archipelago” to track a subset of the group’s activity. The group has been using a variety of tactics ranging from phishing emails to malicious Chrome extensions to target individuals with expertise in North Korea policy issues such as sanctions, human rights, and non-proliferation issues. The phishing emails seen by TAG researchers urge victims to click on a link that will purportedly take them to the interview questions. Victims are taken to a phishing site where they are asked to enter their Google password, and the hackers can track keystrokes.
READ THE STORY: The Record
Ukrainian hackers exchange Russian fighter’s drone order for dildos
Analyst Comments: The hacktivist group's stunt appears to be a bold move against a Russian war volunteer and his alleged attempts to buy drones for the military. While the hack may be seen as humorous or playful by some, it could also be viewed as a provocative action that risks escalating tensions between Russia and Ukraine, especially in the context of ongoing military and political conflict between the two countries. The consequences of such actions by activist groups should be considered carefully, as they could have far-reaching impacts beyond the immediate targets of their actions.
FROM THE MEDIA: The Kiber Sprotyv (Cyber Resistance) group, a Ukrainian activist group, allegedly hacked the account of Russian war volunteer Mikhail Luchin on AliExpress, which he was using to buy drones for the military, and exchanged his order of $25,000 worth of unmanned aerial vehicles for dildos. The hacktivists posted screenshots of their large order of prosthetic penises on Telegram, claiming that Luchin has been sent a "unique" collection of "dicks" with the money he had been "planning to spend on drones for the Russian army." Luchin confirmed that his account was hacked but claimed he managed to get back most of the money, while Kiber Sprotyv claimed he was lying about the money being returned.
READ THE STORY: New York Post
Oakland confirms massive second data leak after February ransomware attack
Analyst Comments: The second leak of Oakland city data by the Play ransomware group highlights the dangers of ransomware attacks and the importance of robust cybersecurity measures for all organizations. The publication of sensitive government data, including personal information of city employees and residents, raises concerns about potential identity theft and fraud. The city's acknowledgement that a limited subset of residents was impacted also shows the significant ripple effects of cyberattacks. The fact that another ransomware group has also claimed to have stolen data from the city adds to the sense of vulnerability and insecurity.
FROM THE MEDIA: Oakland city officials have confirmed that the Play ransomware group, which took credit for launching a crippling attack on the city in February, has published 600 gigabytes of city data after releasing an initial batch of 10GB last month. On Tuesday, the city confirmed the second leak and said it was working with specialists and law enforcement to investigate the files. The city acknowledged the breadth of data published in the first batch, which included troves of documents stolen from the city police department and other offices within the city government. Even the personal information of Mayor Sheng Thao was leaked. The city has begun notifying impacted employees and residents to provide them with further details and resources to help protect their personal information. In addition to the two leaks from the Play ransomware group, another group has claimed to have stolen data from the city. The LockBit ransomware group added Oakland’s government to its leak site two weeks ago. The city denied that there was another ransomware attack but LockBit has not removed the posting. They are threatening to leak the data if their demands are not met by the end of the day on Sunday.
READ THE STORY: The Record
There’s no place for impunity in cyberspace
Analyst Comments: Kallas provided valuable insights on the importance of preparing for and responding to cyber threats in today's world. She underlined how cyberwarfare has become an integral part of conventional warfare, and thus, democracies must build a trustworthy digital society to counter such threats. Her emphasis on investing in cybersecurity and swift information exchange is necessary to prevent future attacks. The Prime Minister's speech highlights the importance of international cooperation and partnerships in building cyber resilience to secure democratic societies.
FROM THE MEDIA: Estonia's Prime Minister, Kaja Kallas, spoke at ASPI's Sydney Dialogue on how Russia's invasion of Ukraine has underlined the importance of securing democracies against malicious cyber actors. Kallas discussed how Russia's cyberattacks in Ukraine have become an integrated practice in conventional warfare. Additionally, she emphasized that having a trustworthy digital society is a strength and not a weakness. She outlined the importance of preparing for cyberwarfare even after the conventional war ends and increasing investment in cybersecurity. Kallas also stressed the need for swift information exchange and a high level of trust between like-minded countries to share information that can prevent future attacks.
READ THE STORY: ASPI
Russia's Sibur exports LPG to Africa, Middle East and Asia as EU cuts buying
Analyst Comments: The EU embargo on petroleum products of Russian origin has negatively impacted Sibur's LPG sales, leading to the redirection of exports to other regions. While LPG was not banned, EU buyers have cut purchases from Russia to negate any possible risk. This situation indicates how geopolitical tensions can impact trade flows, and the need for businesses to be agile and flexible in adapting to market dynamics.
FROM THE MEDIA: Russian liquefied petroleum gas (LPG) producer Sibur has redirected exports to Asia, Africa, and the Middle East due to the EU's embargo on petroleum products of Russian origin, which came into effect in February. While LPG was not banned, many EU buyers cut purchases from Russia to negate any possible risk. As a result, Sibur's deliveries of LPG to EU countries and the UK in Q1 2023 fell to 14-15% of the total, while shipments to Africa, the Middle East, and Asia-Pacific accounted for about 85-86%. The company has also moved its ship-to-ship (STS) loadings from ports in the Amsterdam-Rotterdam-Antwerp (ARA) trading hub to the Estonian port of Paldiski since August.
READ THE STORY: Reuters
FBI accessed Genesis Market's backend servers as part of takedown
Analyst Comments: The takedown of Genesis Market, which functioned as a one-stop shop for criminals by selling both stolen credentials and the tools to weaponize that data, is a significant achievement by the FBI and Department of Justice officials. The platform was known to be unique in providing a web browser that criminals could use to import stolen credentials so they could impersonate victims, including IP addresses, session cookies, operating system information, and plugins. However, the login page for the dark web site has not yet been replaced by an FBI splash image, leading to speculation by cybersecurity researchers about the nature of the law enforcement operation and whether Genesis Market's backend was still operational. Despite this, officials from the FBI and Department of Justice declined to comment on whether they were concerned about Genesis Market continuing to operate in one form or another.
FROM THE MEDIA: The FBI and Department of Justice officials announced that they were able to take down the cybercrime platform, Genesis Market, after identifying and locating its backend servers. Genesis Market is believed to have made more than $8.7 million since founding the site in 2018 by selling both stolen credentials and the tools to weaponize that data. Following the takedown, almost 120 people globally have been arrested, and the login pages of all three of Genesis Market's clear web domains were replaced by a splash page on Tuesday, informing users that the domain was now in the control of the FBI.
READ THE STORY: The Record
A Bird’s-Eye View of the Chinese Balloon
Analyst Comments: This article provides an interesting insight into the use of AI and satellite imagery in investigative journalism. The Visual Investigations team at The New York Times demonstrated how technology can be used to trace the path of a high-altitude Chinese balloon that floated across the United States. They collaborated with Synthetaic and Planet Labs to better understand the balloon's capabilities and trace its precise path. This investigation provides new information that challenges the Chinese government's official explanation that the balloon was a weather balloon that drifted off course.
FROM THE MEDIA: The Visual Investigations team at The New York Times has used artificial intelligence to trace the path of a high-altitude Chinese balloon that floated across the United States. The team collaborated with Synthetaic, a company that used AI to find several satellite images that contained the balloon, and Planet Labs, the satellite image provider, to better understand the balloon's capabilities and trace a more precise path, from the balloon's launch site in Hainan, China, in mid-January to its downing weeks later. Through their investigation, the team reveals new information about the balloon's movements and abilities, including that it was remotely maneuvered at points on its journey.
READ THE STORY: The New York Times
Can we brainwash our enemies
Analyst Comments: The article provides insights into the way the NCF works and how it conducts offensive cyber operations. It also sheds light on the fact that old techniques such as propaganda, influence, and sabotage are still used in cyberspace. The author questions the effectiveness of the NCF's actions, highlighting the challenges of measuring success in espionage. Overall, the article presents a thought-provoking analysis of the NCF's activities and the challenges they face in their work.
FROM THE MEDIA: The National Cyber Force (NCF), a group of combined personnel from GCHQ, MI6, and the Ministry of Defense, recently released a document called ‘Responsible Cyber Power in Practice’, revealing the way they work. They conduct offensive cyber operations, meaning they disrupt Britain’s adversaries online by covertly hacking into enemy websites and communication channels. They use propaganda, influence and sabotage to disrupt targets ‘with precision’, meaning there shouldn’t be collateral damage. The document reveals that the UK covertly exposes information to sow confusion among enemies, and they create antagonism within an organization. However, it is difficult to measure success in espionage, and it is challenging to determine the impact and strategic effect of precise targeted strikes.
READ THE STORY: The Spectator
Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks
Analyst Comments: The use of SFX files in attacks is not new, but this technique allows attackers to bypass traditional antivirus software and potentially gain backdoor access to a system. Organizations need to be aware of this threat vector and take steps to mitigate it, such as analyzing SFX archives through unarchiving software to identify any potential scripts or binaries that are set to extract and run upon execution. It's also important to regularly review access credentials to prevent attackers from using them to run legitimate Windows applications and establish backdoor access.
FROM THE MEDIA: CrowdStrike researchers have identified an unknown threat actor who attempted to establish a persistent backdoor access to a victim's environment using a malicious self-extracting archive (SFX) file. The SFX file contained a hidden malicious functionality that could extract PowerShell, Command Prompt, and Task Manager with NT AUTHORITY\SYSTEM privileges by providing the right password to the archive. The researchers found that this type of attack is likely to remain undetected by traditional antivirus software, which looks for malware inside an archive rather than the behavior of an SFX archive decompressor stub.
READ THE STORY: THN
CryptoClippy: New Clipper Malware Targeting Portuguese Cryptocurrency Users
Analyst Comments: The discovery of the CryptoClippy malware highlights the continuing evolution of malware tactics, with clipper malware being used to steal cryptocurrencies from unsuspecting users. The use of SEO poisoning techniques in malvertising campaigns is becoming more common, as is the targeting of specific countries and languages to avoid detection. The fact that the total estimated profit is low could suggest that this is still an experimental campaign, but it could also indicate a low success rate. However, the potential for significant profit if the campaign were to be successful, coupled with the malware's simple yet effective method of stealing cryptocurrencies, means that users should remain vigilant and ensure that they are only downloading software and visiting sites from reputable sources.
FROM THE MEDIA: A new malvertising campaign targeting Portuguese users has been discovered by Palo Alto Networks Unit 42. The campaign uses SEO poisoning techniques to attract users searching for "WhatsApp web" to rogue domains hosting CryptoClippy, a C-based executable malware that acts as a clipper malware. CryptoClippy monitors a victim's clipboard for cryptocurrency addresses and replaces them with a wallet address under the threat actor's control. It uses regexes to identify the type of cryptocurrency the address pertains to and substitutes it with a visually similar but adversary-controlled wallet address for the corresponding cryptocurrency. Victims across manufacturing, IT services, and real estate industries have been found with the total estimated profit of $983 so far.
READ THE STORY: THN
Ukraine live briefing: Macron meets with Xi as he urges China to help end war
Analyst Comments: The article provides a concise summary of the latest developments in the ongoing war in Ukraine, including the efforts of European leaders to engage with China and Russia to help end the conflict. It also highlights the global impact of the war and the responses of various countries, such as the Czech Republic's decision to provide military aid to Ukraine and the US and UK's blocking of a webcast of a UN Security Council meeting called by Russia. The article's inclusion of analysis from its correspondents, particularly regarding the conditions in the Lefortovo prison where Wall Street Journal reporter Evan Gershkovich is being held, adds depth to the reporting.
FROM THE MEDIA: French President Emmanuel Macron is visiting China to strengthen ties with one of Europe's biggest trade partners and try to persuade Beijing to use its close ties with Moscow to end the war in Ukraine. Macron says China can play a "major role" in ending the war, given "its close relationship with Russia." Spanish Prime Minister Pedro Sánchez also encouraged Xi to speak with Kyiv to help end the war during his separate visit to China last week. Meanwhile, Putin will meet Belarusian President Alexander Lukashenko, a staunch Russian ally, in Moscow on Thursday, according to Russian state-owned news agency Tass.
READ THE STORY: The Washington Post
Fiji Investigates Allegations of Chinese Spying
Analyst Comments: The investigation into alleged Chinese espionage in Fiji raises concerns about Beijing's expansionist ambitions in the South Pacific, where it has signed bilateral security and policing agreements with Fiji for more than a decade. The move also reflects a wider shift in the region as Australia and its allies, including Fiji, are becoming increasingly concerned about China's military and diplomatic ambitions in the area. The investigation is likely to raise tensions between China and Pacific island nations, while also highlighting the need for closer cooperation between the island states and their allies in the region.
FROM THE MEDIA: Fiji's Prime Minister, Sitiveni Rabuka, has launched an investigation into allegations of Chinese espionage following claims by outgoing Federated States of Micronesia President David Panuelo. Panuelo accused China of following him during a recent trip to Fiji, where he felt threatened by Chinese agents, who he claims are also spying, bribing local politicians and attempting to subvert the sovereignty of Micronesia. Rabuka, who is continuing a diplomatic shift away from Beijing, has stressed that the allegations are not yet proven but are being taken seriously. There has been no response to the allegations from China.
READ THE STORY: VOA
Embracing Crypto’s Potential: Reasons to Support, Not Suppress
Analyst Comments: While the author acknowledges the risks associated with blockchain technology, such as anonymity and technical inefficiencies, they also highlight the benefits, such as new banking solutions, opportunities for artists, and the growth of decentralized autonomous organizations. The article argues that an outright ban on cryptocurrency may have unintended consequences and that there are alternative solutions to address the issues. The author proposes a compromise solution that balances privacy and safety, such as creating a state-sponsored metaverse that encourages adoption and regulates crypto literacy.
FROM THE MEDIA: A recent proposal by Professor Hilary Allen to ban cryptocurrencies in the United States, citing numerous exploits, exchange collapses, and technical inefficiencies in the blockchain ecosystem. The article highlights the mixed results of bans on new technologies and argues that outright bans on cryptocurrency could have unintended consequences. The article suggests that while cryptocurrency has risks, it also offers new banking solutions, provides opportunities for artists, and presents an alternative to traditional governance. The article discusses the potential for blockchain technology to improve safety and security through tracking of transactions and identity, and suggests a compromise solution of a state-sponsored metaverse that encourages adoption and provides support to citizens. The article argues against the notion that regulation will solve all issues, stating that decentralization is one of the buzzwords of the crypto industry that has yet to be truly achieved.
READ THE STORY: Being Crypto
'Operation Cookie Monster': Authorities seize dark web marketplace
Analyst Comments: The takedown of Genesis Market is a significant victory for law enforcement in their ongoing fight against cybercrime. Genesis Market was a platform where hackers could purchase stolen logins, cookies, and browser fingerprints to gain unauthorized access to accounts and carry out fraudulent activities. Law enforcement agencies from various countries collaborated on the operation, showing that international cooperation is essential in the fight against cybercrime. However, the ongoing threat of cybercrime remains a significant concern for individuals, businesses, and governments worldwide. The recent takedowns of Genesis Market and BreachForums demonstrate that law enforcement is stepping up its efforts to combat cybercrime, but there is still much work to be done to make the internet a safer place.
FROM THE MEDIA: US and international law enforcement agencies have taken down Genesis Market, a large dark web marketplace, as part of a multinational operation called "Operation Cookie Monster." Genesis Market was used by cybercriminals to purchase compromised credentials, cookies, and browser fingerprints. The FBI has seized the domain, and the site now displays logos of various international law enforcement organizations, in addition to cybersecurity firm Qintel. Law enforcement agencies from various countries, including the UK, USA, Australia, Canada, Denmark, Germany, Poland, and Sweden, collaborated on the operation. The takedown of Genesis Market comes a few weeks after the FBI arrested a 20-year-old man from New York accused of operating BreachForums, a notorious hacking community site.
READ THE STORY: Computing (UK)
Uber data targeted in breach of third-party law firm
Analyst Comments: The latest data breach involving Uber highlights the continuing trend of third-party attacks as a significant cybersecurity risk. It also serves as a reminder that smaller businesses are increasingly becoming prime targets for attackers due to their perceived lack of security controls. Enterprises should apply strict access controls and grant third-parties the minimum level of access required to perform the processes needed for the business. Regular reviews of activities and elevation requests would determine if the enterprise would expand or contract entitlements over time.
FROM THE MEDIA: Ride-sharing company, Uber has suffered its third data breach in just six months, this time through its law firm, Genova Burns, which was targeted by an unauthorized third-party. The firm discovered the breach on January 31, and investigations revealed that certain limited files, which included names, Social Security numbers and/or tax identification numbers were exfiltrated. Genova Burns confirmed that there was no indication of any actual or attempted misuse of rider data. Uber suffered a data breach in September 2022 which affected internal systems and the company's third-party service accounts.
READ THE STORY: SCMAG
Researcher Tricks ChatGPT Into Building Undetectable Steganography Malware
Analyst Comments: This news highlights the potential risks and dangers associated with artificial intelligence and its increasing involvement in cybersecurity. It shows how even a chatbot like ChatGPT can be manipulated into creating advanced malware, which can evade detection by signature and behavior-based detection tools. This latest demonstration is likely to fuel concerns about AI tools posing a significant security risk, and the need for stringent security measures and procedures in the development of AI-powered applications. Organizations and researchers should remain vigilant about the growing risks of AI-based cyberattacks and continue to develop advanced defense mechanisms to tackle these emerging threats.
FROM THE MEDIA: A security researcher has demonstrated how he was able to trick ChatGPT, an AI-powered chatbot, into creating malware with data-stealing capabilities. The researcher used simple prompts to lead ChatGPT through a series of steps that ultimately resulted in the creation of a malware tool that can search for specific documents, embed them in image files and ship them out to Google Drive. The malware managed to evade detection by antivirus software, and the researcher claims it took just four hours from the initial prompt to create the tool. The demonstration adds to growing concerns about the security risks associated with OpenAI's ChatGPT language model.
READ THE STORY: DarkReading
This Student Is Taking On ‘Biased’ Exam Software
Analyst Comments: The case highlights an important issue of the potential discriminatory impact of remote-monitoring software on people of color. The story shows how students of color were being forced to create complicated light arrangements to take their exams, and it is not acceptable. The use of face recognition software should not adversely impact people of color due to biased algorithms or inadequate testing with diverse datasets. It's encouraging to see that Pocornie's case is still ongoing, and the Dutch Institute of Human Rights is taking the matter seriously. It is essential that universities using such software must acknowledge and address potential discrimination issues to prevent future similar incidents from occurring.
FROM THE MEDIA: A legal case is currently ongoing in the Netherlands Institute of Human Rights, where a master's student, Robin Pocornie, is challenging VU Amsterdam University's use of remote-monitoring software for exams that she believes discriminates against people with darker skin tones. The software, from the tech firm Proctorio, uses face detection to verify the identity of the person taking the exam, but Pocornie, who is Black, claims that the system could not recognize her face, and the only way to get it to work was to shine an Ikea lamp uncomfortably close to her face. She argues that all universities using face detection software need to acknowledge the way this technology discriminates against people of color. The legal case is the first to focus on the discriminatory bias embedded in the software.
READ THE STORY: Wired
Items of interest
Why is Africa the least food-secure continent in the world
Analyst Comments: The article highlights some of the major challenges facing African agriculture, including poor access to inputs, export-oriented production, and land grabbing by foreign countries and private companies. The focus on poverty and underdevelopment as the main reasons why Africa cannot feed itself is insightful, and the prediction that education and economic development will solve Africa’s agricultural problems is optimistic. However, the article could have provided more details on specific policies and programs that have successfully improved agricultural productivity in Africa. Additionally, the article does not discuss the impact of climate change on African agriculture, which is likely to exacerbate food insecurity in the region.
FROM THE MEDIA: Africa is the least food-secure continent in the world, despite hosting 60% of the world’s uncultivated arable land. Agriculture is the single biggest employer of Africans, but most farmers are poor and uneducated, lacking the inputs necessary for productive agriculture. While some African farms with access to capital and professional expertise are very productive, most African agriculture still farms cash crops for export. Large areas of African land are under long-term leases to foreign countries and private companies for the extraction of resources and agricultural goods for export. Furthermore, most African countries are net importers of food. Poverty and underdevelopment are the main reasons why Africa cannot feed itself.
READ THE STORY: The Irish Times
Why China’s Belt and Road Initiative is Failing (Video)
FROM THE MEDIA: China's Belt and Road Initiative was supposed to be the centrepiece of its foreign policy, but as many countries are failing to repay their loans, is it actually succeeding? So in this video, we take a look at the BRI and what Xi Jinping might do next.
House China committee holds hearing on Chinese Communist Party's threat to America (Video)
FROM THE MEDIA: House Select Committee on Strategic Competition between the United States and the Chinese Communist Party holds its first hearing to address the CCP's potential threat to America.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.