Sunday, April 09, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
Russians search for bootleg solutions to overcome payments sanctions
Analyst Comments: This article provides an informative overview of how Russia has sought to establish a domestic payments system and find alternative solutions to access international commerce in response to US sanctions. The article also highlights the challenges and limitations of these alternatives, including geopolitical uncertainty, technical challenges, and costs, as well as the ongoing need for innovation to maintain access to international finance.
FROM THE MEDIA: Russia's need to continuously innovate to keep payments flowing after the country's annexation of Crimea almost a decade ago demonstrates how hard it is to exist outside of the US financial system, according to experts. Despite sanctions, Russia has launched its National Card Payment System (NSPK) and Mir to process card transactions domestically. Russians have also turned to neighboring countries such as Uzbekistan, where deposit inflows have doubled, to open accounts and gain access to international commerce. However, experts suggest the resilience of Moscow's payments systems does not herald a pivot towards non-US rivals, with technical challenges, cost and fears of reprisals from Washington still blocking the way.
READ THE STORY: FT
Popular server-side JavaScript security sandbox “vm2” patches remote execution hole
Analyst Comments: The vulnerability in the JavaScript sandbox system vm2 can lead to remote code execution rights on the host running the sandbox. This is a significant security risk, especially as a proof-of-concept has already been released. Users who depend on this package should update to the latest version to mitigate the risk of attacks.
FROM THE MEDIA: A new vulnerability has been found in the widely-used JavaScript sandbox system vm2, which allows attackers to bypass the sandbox protections and gain remote code execution rights on the host running the sandbox. This new CVE-2023-29017 bug in vm2 can be triggered if the buggy function in the sandbox designed to help tidy up after errors is deliberately provoked by attackers. A South Korean Ph.D. student has published two proof-of-concept JavaScript code snippets on GitHub demonstrating how to run any command in a system shell. Users are advised to update their vm2 package if they use it for any products that depend on this package.
READ THE STORY: NakedSecurity
ByteDance posts record profit despite TikTok losses
Analyst Comments: This news highlights the significant growth of ByteDance's underlying profits in 2022, which was mainly driven by the increasing popularity of TikTok and Douyin. ByteDance's success in surpassing China's tech giants, Tencent and Alibaba, demonstrates the significant impact of the TikTok phenomenon. However, TikTok continues to face regulatory and political uncertainties, particularly in the US. Despite this, ByteDance's investors seem to be unfazed, believing an outright ban is unlikely. Nevertheless, ByteDance's IPO prospects remain uncertain, with some investors wanting clarity on the TikTok situation and the Ant Financial problem to be resolved first.
FROM THE MEDIA: ByteDance, the parent company of TikTok and Douyin, posted an underlying profit of around $25 billion in 2022, overtaking Tencent and Alibaba for the first time. ByteDance's profits came on the back of almost $85 billion in sales in 2022, up more than 30% from a year earlier, as advertisers increased spending on the fast-growing TikTok viral video platform. ByteDance's explosive growth comes as TikTok faces mounting security concerns from governments and regulators around the world, with the US government calling for a ban or divestiture of the short-form video app. ByteDance's international business, which includes TikTok, recorded about $15bn in sales for 2022, more than double from a year earlier. China revenues came in at about $70bn. However, the political uncertainty around ByteDance has dampened prospects for its planned initial public offering.
READ THE STORY: FT
Flipper Zero banned by Amazon for being a ‘card skimming device’
Analyst Comments: The ban on the sale of Flipper Zero by Amazon could have negative consequences for the company's sales and reputation, considering Amazon's prominence as a top online retailer. Although the device is extremely capable as an exploitation device, the reality is that criminals will always find a way to misuse technology. The reported use of Flipper Zero by criminals in Brazil and Amazon's misclassification of it as a card-skimming device may undermine potential buyers' trust in the product. Nevertheless, the Flipper Zero can still be acquired through the manufacturer's official store, which is regularly restocked. If the ban on Amazon is not temporary, the company may miss out on significant sales opportunities, as Amazon's platform offers extensive access to customers.
FROM THE MEDIA: Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers, claiming it to be a card-skimming device. Flipper Devices' CEO Pavel Zhovner disputed the claim, stating that the device is not capable of skimming bank cards. Flipper Zero is a portable, programmable pen-testing tool used to experiment with various digital and hardware devices via multiple protocols, including RFID, NFC, Bluetooth, and others. Since its launch, the device has been demonstrated to have the ability to activate doorbells, conduct replay attacks to unlock cars and open garage doors, and clone a wide range of digital keys. Currently, Amazon's policy prohibits the sale or listing of card-skimming devices. The Brazilian National Telecommunications Agency has also been seizing incoming Flipper Zero purchases based on its alleged use by criminals, which has caused complications for Brazilians who bought the device.
READ THE STORY: Bleeping Computer
Microcontrollers: The Linchpin in the Information Age
Analyst Comments: This article provides a good overview of microcontrollers and their applications in various electronic systems. The author explains the advantages of microcontrollers, such as data processing and transmission, as well as the challenges they present, including security, privacy, and obsolescence. The article also offers some solutions to these challenges, such as implementing security measures and planning for upgrades. The use of specific programming languages and the trend toward higher-level languages is also discussed.
FROM THE MEDIA: Microcontrollers play a crucial role in today's electronic devices, enabling efficient data processing and transmission across a wide variety of industries, including transportation, home automation, and safety. Their growing prevalence has resulted in improved automation and overall system performance, as well as increased accessibility for programming with higher-level languages like Python and Java. The use of microcontrollers also introduces several challenges. Security and privacy concerns arise as sensitive data can be compromised if proper security measures are not in place. Electronic systems containing microcontrollers may be vulnerable to cyberattacks and malware, which highlights the importance of incorporating data encryption, user authentication, and standard security protocols in the design process.
READ THE STORY: The Nation World
Phishers Now Actively Automating Scams with Telegram
Analyst Comments: The article discusses a growing trend in phishing techniques, with threat actors using Telegram to automate their activities and provide various services. It highlights the tools and services offered by phishers through Telegram channels, including generating phishing pages, collecting user data, and selling online banking credentials. The article also provides tips on how to protect oneself from phishing attacks.
FROM THE MEDIA: Cybersecurity experts at Kaspersky have identified a new trend in phishing techniques, with threat actors increasingly utilizing Telegram to automate their activities and provide various services. Phishers create Telegram channels to educate their audience about phishing and share links to these channels via YouTube, GitHub, and phishing kits. Many of these channels offer tools to automate malicious workflows, such as generating phishing pages or collecting user data. Some Telegram channels were found to be advertising phishing-as-a-service operations, offering subscriptions with customer support for regular updates on phishing tools, anti-detection systems, and links generated by phishing kits. The malicious use of Telegram is not surprising, as the platform has been referred to as the "New Dark Web." Despite the various techniques employed by phishers on Telegram, Kaspersky highlighted that there are ways to identify them, such as detecting malicious sites generated by phishing bots that are hosted in the same domain or share parts of HTML code.
READ THE STORY: HackRead
Getting Started with Cyber Threat Intelligence
Analyst Comments: The article provides a clear and concise overview of the importance and benefits of incorporating cyber threat intelligence into a cybersecurity program. The author offers practical suggestions on how CTI can be utilized to improve vulnerability prioritization, monitor the dark web, and stay up-to-date with global and industry threats. The inclusion of a case study provides a helpful example of how CTI can be used to make threat intelligence actionable. The article is well-written and accessible, making it a valuable resource for security professionals seeking to improve their cybersecurity programs.
FROM THE MEDIA: The article highlights the importance of cyber threat intelligence (CTI) in modern cybersecurity, and its benefits in narrowing an organization's risk landscape. The author suggests three ways to fit CTI into a cybersecurity strategy: vulnerability prioritization, dark web monitoring, and understanding global and industry trending threats. The article provides examples of how CTI can be used to prioritize vulnerabilities, monitor mentions of an organization on the dark web, and stay up-to-date with global and industry threats. Additionally, the author provides guidance on making threat intelligence actionable by presenting a case study. The article concludes by emphasizing that utilizing CTI in a cybersecurity program need not be complex and that even small teams with minimal cybersecurity budgets can incorporate threat intelligence into their day-to-day processes.
READ THE STORY: Medium
Does ChatGPT Save Your Data? Here’s What You Need To Know
Analyst Comments: The article provides a clear overview of the privacy implications of using ChatGPT, including how it handles user data and how to delete your data permanently. It is well-structured and easy to read, with concise explanations and useful examples. The author provides reliable information, citing OpenAI's support page and FAQ page as sources.
FROM THE MEDIA: This article explores the privacy implications of using ChatGPT, a free-to-use chatbot developed by OpenAI. The article discusses whether ChatGPT saves user data and how it uses the data. According to the article, OpenAI saves all conversations and other data such as account details, location, IP address, payment details, and device information. OpenAI employees can selectively review chats for safety, and your data can be handed over to courts or law enforcement. OpenAI uses the data for training purposes, and users can opt-out of this process. OpenAI does not sell user data for marketing purposes, but employees may see it. The article also highlights some data leaks that ChatGPT has suffered, indicating a tangible risk if it saves all user data. The article concludes by explaining how to permanently delete your ChatGPT data, which involves closing your OpenAI account.
READ THE STORY: MyDroll
China Accuses US of Maintaining Cybersecurity Hegemony Under False Pretexts
Analyst Comments: The article provides a brief but clear overview of the ongoing tensions between China and the US regarding cybersecurity. It highlights the accusations made by China against the US and the US's recent executive order banning certain surveillance technology. The article also notes concerns raised about the US's previous work with NSO Group, which could indicate a lack of commitment to cracking down on cyber surveillance and espionage.
FROM THE MEDIA: China has accused the United States of trying to maintain "hegemony in cyberspace" under the pretext of national security by targeting foreign states and companies without evidence. This came in response to the US government's order to crack down on certain surveillance technology that poses risks to national security. However, concerns have been raised regarding the US's previous work with the Israeli cyber surveillance firm NSO Group, leading to doubts about its commitment to cracking down on cyber surveillance and espionage. The ongoing tensions between the two countries regarding cybersecurity highlight the challenges of maintaining international norms and agreements in an increasingly digital and interconnected world.
READ THE STORY: MENAFN
GPS Jamming in Israel Spikes Amid Regional Flare-up
Analyst Comments: The recent spike of GPS jamming in the Middle East is concerning and may affect the safety of civil aviation. The ongoing tensions between Israel and its neighbors highlight the challenges of maintaining international norms and agreements in an increasingly digital and interconnected world. It is important for all parties involved to refrain from any action that could endanger the safety and security of civilian air traffic.
FROM THE MEDIA: GPS jamming was recorded in Israel and the eastern Mediterranean following a week of violent flare-ups between Israel and various groups in Syria and Lebanon. The data is based on the satellite navigation systems of civil aircraft flying in the Middle East, which automatically report their levels of accuracy at any given moment. Over the weekend, more than 20% of the planes reported disturbances that led to a low level of accuracy of their navigation system, the highest number since October. Defense officials had concluded last year that Russia was operating electronic warfare systems in Syria, but now it is possible that some of the disruptions are caused by similar Israeli systems.
READ THE STORY: Haaretz
Twitter Changes Label On NPR Account From ‘State-Affiliated’ To ‘Government Funded’
Analyst Comments: This article provides an informative summary of the recent controversy surrounding Twitter's labeling of NPR's Twitter account as "state-affiliated media" and subsequent change to "government-funded." The article also notes that other state-funded broadcasters like BBC and ABC News may receive similar labels in the future. The author provides context by explaining NPR's funding sources and editorial independence, and includes relevant tweets from NPR's Bobby Allyn and venture capitalist Paul Graham.
FROM THE MEDIA: Twitter CEO Elon Musk has changed the label on National Public Radio's Twitter account from "state-affiliated media" to "government-funded," following criticism for putting NPR in the same category as Russian and Chinese propaganda outlets. NPR gets 1-2% of its funding from the federal government, with the rest coming from corporate sponsorships and fees charged to local radio stations. The editorial independence of state-funded broadcasters like NPR, BBC, and Australia's ABC News is well-established. In a tweet, NPR's Bobby Allyn said that Musk told him Twitter would apply the "government-funded" label to a larger number of institutions.
READ THE STORY: Forbes
FBI uses social media to recruit Russians for intel gathering
Analyst Comments: The FBI's social media campaign to recruit Russians for intelligence gathering is an innovative attempt to counter Kremlin aggression and gather information in a super hard environment for recruitment. While it may be difficult to assess the effectiveness of such campaigns, it is a positive step toward modernizing intelligence gathering methods. However, the concerns raised about the credibility of the initiative by former intelligence officers should be addressed to ensure the program's success.
FROM THE MEDIA: The FBI has initiated a social media campaign to recruit Russians for intelligence gathering in the face of increased geopolitical tensions with the West, according to Fox News. The campaign includes a video shared on Facebook and Twitter calling on Russians to supply intelligence to the US in order to resist Kremlin hostility. The FBI hopes to cast a wide net and attract potential candidates to spy for the US. However, critics have raised questions about the credibility of the initiative, with former Defense Intelligence Agency intel officer Rebekah Koffler calling it "flawed" and expressing doubt about the ability to allocate resources to adequately evaluate all of the new callers.
READ THE STORY: Almayadeen
Japanese pharma boss rules out China exit after executive’s arrest
Analyst Comments: The arrest of a senior Astellas executive in China is a concerning development for Japanese businesses operating in the country, and the incident is likely to prompt many companies to reassess their presence in China. This move highlights the increasingly complex nature of doing business in China, where geopolitical risks and tensions with foreign countries can result in unpredictable and potentially harmful actions against foreign firms. Despite these risks, China remains a vital market for many companies due to its large and growing consumer base, and many firms may be reluctant to exit the country entirely.
FROM THE MEDIA: The CEO of Astellas, Naoki Okamura, has stated that the company will not exit China, despite Beijing's arrest of a senior Astellas executive last month on espionage charges. This move has reportedly caused shockwaves throughout the Japanese business community in China, leading some companies to reconsider their presence in the country. Okamura has stated that the company will take steps to diversify its supply chain in China and prepare for geopolitical risks. While China accounts for less than 5% of the company's annual revenue, the country is crucial for Astellas in securing raw materials for its drugs.
READ THE STORY: FT
The bipartisan plot to save TikTok
Analyst Comments: The article presents a clear argument in favor of banning TikTok, emphasizing its potential threat to US national security. The author effectively counters claims that banning TikTok is racist or totalitarian and highlights that political opposition to banning the app is not based on the actual text of the bill. However, the article takes a partisan tone, criticizing Democrats and Republicans alike for their views on the issue.
FROM THE MEDIA: The article argues that banning TikTok isn't totalitarian or racist, and those who claim so are not driven by principles but rather politics. While some members of the Biden administration have expressed reservations about banning TikTok, others have recognized it as a security threat. The article notes that TikTok is not only about data privacy but also disinformation, which poses a significant risk to US national security. The Chinese Communist Party (CCP) could use TikTok to divide Americans, spread false narratives, and outright lies. Unfortunately, political opposition to banning TikTok is not confined to one side of the political aisle. While some Democrats have argued that Washington's scrutiny of TikTok is "xenophobic" and a "witch hunt," some Republicans have rejected the idea of banning TikTok, dismissing it as a few dance videos. The article concludes that banning TikTok is essential to protect the country from Beijing's malign influence inside its borders.
READ THE STORY: The Hill
New Jersey county police department confirms ransomware attack
Analyst Comments: Ransomware attacks have been increasing in frequency and scope in recent years, with many government and law enforcement agencies becoming targets. The attack on Camden County's police department underscores the need for organizations to take strong cybersecurity measures to prevent such attacks from happening. It also highlights the potential consequences of such attacks, which can include loss of sensitive data and disruption of critical services. The involvement of law enforcement agencies in investigating the attack demonstrates the seriousness with which these incidents are being taken.
FROM THE MEDIA: The Camden County Police Department in New Jersey confirmed that it experienced a ransomware attack on March 13. The police department is currently working with IT and law enforcement professionals to ensure that there is no remaining threat in their network. The Camden County Prosecutor's Office is also dealing with a cyberattack that occurred about one week ago. These attacks are the latest in a series of ransomware incidents involving police forces across the United States, including the Washington D.C. Metro Police, the Atlanta Police Department, the San Francisco transportation system, and the U.S. Marshals Service. Emsisoft threat analyst Brett Callow said that such attacks are concerning as they can result in sensitive information leaking and potentially put lives at risk.
READ THE STORY: The Record
The US should not worry about China-Gulf relations
Analyst Comments: The article provides an informative analysis of China's diplomatic strides in the Middle East and Eastern Europe, as well as the US's concerns about China's growing influence in the region. It also highlights Israel's engagement with China and how it may pose a greater threat to US interests than the energy deals the Gulf countries have struck with Beijing. The article provides a balanced assessment of the situation and offers a clear argument on where the US should focus its attention if it wants to curb China's influence in the region.
FROM THE MEDIA: China has made diplomatic strides in the Middle East and Eastern Europe in the last six months, striking deals for natural gas supply and positioning itself as a mediator for peace in Ukraine. It has also brokered a Saudi-Iran rapprochement, which has left the US anxious about its Gulf allies' engagement with Beijing. However, the US should not obsess too much about China's relationship with the Gulf as it is mainly transactional. Instead, it should be concerned about Israel's engagement with China, which has been much more substantial and may be more threatening to US interests.
READ THE STORY: Aljazeera
Will AI solve my midlife crisis
Analyst Comments: The article provides an interesting perspective on the emergence of career coaching chatbots and their potential limitations. The author presents their personal experience with Aimy, highlighting its mind-numbingly obvious responses and the limitations of its capabilities in providing nuanced career advice. The article raises important questions about the potential risks of AI development in replacing human coaches and the ethical considerations that need to be addressed. The author's conclusion that chatbots may not be for everyone but could provide practical advice without human nuance is a thought-provoking point. Overall, the article provides a good introduction to the topic and raises important questions about the role of chatbots in career coaching.
FROM THE MEDIA: The article discusses the rise of career coaching chatbots and the limitations of their capabilities in providing career advice to individuals. The author shares their personal experience of interacting with a chatbot called Aimy, which is powered by OpenAI's ChatGPT, and raises concerns over the efficacy of such chatbots compared to human coaches. The article discusses the potential risks of AI development in replacing human coaches, such as ethical considerations and potential harm, and the possibility of AI being used as a co-pilot rather than a replacement. The author concludes that while chatbots may not be for everyone, they could provide practical advice without human nuance, reminding individuals of the transactional nature of work.
READ THE STORY: FT
Russia Takes Second Place Rank by Power Capacity in Crypto Mining
Analyst Comments: The growing power capacity involved in cryptocurrency mining in Russia reflects the continued expansion of the industry globally, driven by the increasing popularity of cryptocurrencies and the rising demand for energy-intensive mining activities. The lack of regulations in Russia and the uncertain future of the industry, however, raises concerns about the environmental impact of the energy consumption required for mining and the potential for illegal or unethical practices. The continued growth of the industry, and the associated energy consumption, may require closer attention and regulation to mitigate these concerns.
FROM THE MEDIA: Russia has climbed to second place in the world in terms of total power capacity of the facilities devoted to cryptocurrency mining. According to Bitriver, the amount of power involved in coin minting in Russia reached 1 GW in the first quarter of 2023, due in part to Kazakhstan's reduction of mining activities following authorities shutting down authorized mining data centers and targeting illegal crypto farms due to electricity shortages. The US remains the clear leader with 3 to 4 GW of mining capacity. Despite the positive trend in Russia, the industry's future remains unclear in the absence of regulations.
READ THE STORY: Bitcoin
US – Indonesia Energy Cooperation: Challenges and Opportunities
Analyst Comments: The article provides a concise overview of the MOU signed between Indonesia and the US to re-establish cooperation in energy transition. The challenges faced by Indonesia in achieving its goal of net zero emissions by 2060 are clearly explained, and the potential for renewable energy resources is highlighted. The article also mentions the US commitment of investing in Indonesia's clean energy sector, providing an opportunity for Indonesia to attract investment.
FROM THE MEDIA: The Ministry of Energy and Mineral Resources of Indonesia has signed a memorandum of understanding (MOU) with the US Department of Commerce to develop clean energy in Indonesia. The MOU will create a Clean Energy Working Group between the two countries, aimed at achieving Indonesia's goal of 23% contribution to the renewable energy network by 2025 and net zero emissions by 2060. However, Indonesia faces challenges such as regulations, fiscal policies, and large capital schemes to attract investors. The potential for renewable energy resources is estimated to be 587 gigawatts by 2060, requiring a very large investment of $29 billion annually. The US has committed to invest $20 billion in Indonesia's clean renewable energy sector by stopping the use of coal energy in steam power plants, offering an opportunity for Indonesia to achieve its goals.
READ THE STORY: ModernDiplomacy
When Moscow Shot Americans Out of the Sky
Analyst Comments: The article provides a detailed account of a little-known incident from the Cold War and highlights the importance of remembering the sacrifices made by those who fought for the values of freedom and democracy. The article is well-written, engaging, and provides a historical context for the current state of U.S.-Russia relations. Overall, the article provides a compelling reminder of the dangers of authoritarianism and the importance of remaining vigilant in the defense of democratic values.
FROM THE MEDIA: This article discusses the story of the ten American airmen who disappeared while on a secret mission over the Baltic Sea during the Cold War. The article explores the circumstances surrounding the disappearance of the airmen, including the fact that the U.S. government denied that the plane was on a reconnaissance mission at the time it went missing. The article also notes the parallels between past and present confrontations between the U.S. and Russia, and emphasizes the importance of remembering the sacrifices of those who have fought for freedom, security, and democracy.
READ THE STORY: Politico
Items of interest
Do Kwon Ordered To Cease Liquidating Millions In Crypto By Prosecutors
Analyst Comments: The article provides a detailed overview of the fraud conspiracy involving former Terra CEO Do Kwon and the difficulties that South Korean authorities have faced in collecting criminal funds linked to him. The article also explains the impact of Terra's downfall on the cryptocurrency market and the challenges that Terra's redesigned network is facing. The information is well-researched and provides useful insights into the hazards associated with the cryptocurrency market.
FROM THE MEDIA: South Korean authorities have been trying to collect criminal funds linked to former Terra CEO Do Kwon and his friends, who were at the core of a vast fraud conspiracy. Prosecutors have discovered 414.5 billion won ($314.2 million) in unlawful assets tied to Kwon, of which nearly $70 million is directly linked to him. However, Kwon allegedly changed his assets into Bitcoin using offshore crypto exchanges, and authorities have encountered roadblocks in their efforts to collect the funds. Kwon has also been ordered to stop liquidating millions in crypto, and Binance, the world's largest cryptocurrency exchange, has been asked to freeze all wallets related to Kwon. He has also been apprehended in Montenegro on March 23 for passport fraud and is facing criminal accusations in both South Korea and the United States. Terra's downfall has had far-reaching ramifications for the cryptocurrency market, and its redesigned Terra 2.0 network has received little attention.
READ THE STORY: Bitcoinist
Cyber Warfare & Big Tech (Video)
FROM THE MEDIA: John speaks with Klon Kitchen, a national security and technology expert, about the impact of technology on the American social contract and its role in contemporary warfare. They discuss the support provided by American 'Big Tech' companies to Ukraine during its conflict with Russia, the challenges posed by China's cyberwarfare capabilities, infrastructure-based espionage, and social credit system.
Nicklas Keijser & Matias Wåhlén - Russian Cyber Warfare in Ukraine (Video)
FROM THE MEDIA: We will discuss details of 3 Russian Wiper malware used in cyberattacks against Ukraine during the conflict, how they where employed, how they differ and how this relates to the physical war in Ukraine. We will show how the Russian Cyber war in Ukraine was integrated in the kinetic war, where it succeeded, where it failed and maybe why we haven’t seen more written about it.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.