Daily Drop (673): NSO Trial, Atlassian: CVE's, Fancy Bear, Qualcomm Vuls, Image Class. Models, LLM injection, FISA, RU: Doppelganger, Getty lawsuit, Alejandro Cao de Benós, MISRSAT-2, AI Vul. CISCO
12-06-23
Wednesday, Dec 06, 2023 // (IG): BB // The Leek Sino-Satire // Coffee for Bob
Deepening Space Cooperation Between China and Egypt with Latest Satellite Launch
Bottom Line Up Front (BLUF): China successfully launched a remote-sensing satellite, MISRSAT-2, for Egypt, marking a significant milestone in space cooperation between the two countries. The satellite, launched aboard a Long March 2C rocket from the Jiuquan Satellite Launch Center, is equipped to provide high-resolution imagery for various applications, including land and resource utilization, water conservancy, and agriculture.
Analyst Comments: This launch represents a strategic move by China to expand its space collaboration with international partners, in this case, Egypt. The successful deployment of MISRSAT-2 not only enhances Egypt's capabilities in remote sensing but also underscores China's growing influence and capabilities in the global space industry. The satellite's high-resolution imaging technology is expected to play a crucial role in Egypt's developmental projects, providing vital data for various sectors. Such international collaborations in space endeavors reflect the increasing importance of space technology in addressing terrestrial challenges and the shifting dynamics in global space partnerships.
FROM THE MEDIA: The MISRSAT-2 satellite, designed for remote sensing, will deliver imagery with resolutions of 6.5 feet in panchromatic mode and 26.2 feet in multispectral mode. The satellite's deployment is part of a broader cooperative project between China and Egypt, which includes training Egyptian personnel in satellite design and supporting the construction of a satellite assembly and test center. This launch follows two previous satellite launches for Egypt by China earlier in the year, indicating a deepening relationship in space technology between the two nations. Additionally, the launch included two commercial remote-sensing satellites, Starpool 02-A and Starpool 02-B, developed by Chinese company Elliptical Space and Time (EllipSpace). The successful execution of this launch marks the 55th orbital mission for China in the year and the 499th Long March launch to date, showcasing China's robust and active space launch schedule.
READ THE STORY: SPACE
Cisco Introduces AI to Find Firewall Flaws, Warns of Future Costs
Bottom Line Up Front (BLUF): Cisco's executive vice president for security, Jeetu Patel, announced that AI will significantly impact the information security landscape, predicting that AI tools will evolve from defensive responses to predictive behaviors in cyber attacks. Cisco has introduced an AI Assistant for Firewall Policy and is applying AI for encrypted traffic malware detection. However, Patel warned that these AI services wouldn't be free, anticipating future monetization to cover computational costs.
Analyst Comments: Cisco's integration of AI in information security signifies a transformative shift towards proactive and predictive cyber defense strategies. The AI Assistant for Firewall Policy exemplifies this change by enabling administrators to optimize firewall rules through a natural language interface. While Cisco’s move to monetize AI services reflects the growing computational demands and sophistication of AI applications in cybersecurity, it also raises concerns about accessibility and cost implications for users. This development suggests that organizations must be prepared for additional expenses associated with advanced AI-powered security solutions.
FROM THE MEDIA: At the Asia Pacific Cisco Live event, Patel discussed the role of AI in cybersecurity, emphasizing its potential to shift focus from defense and response to predictive actions against cyber threats. The AI Assistant for Firewall Policy, currently in preview, allows users to evaluate and adjust firewall policies using AI analytics. Cisco has also implemented AI to detect malware in encrypted traffic, showcasing its commitment to evolving security technologies. However, Patel highlighted the associated costs of running AI services, suggesting a future pricing model to balance computational demands and user accessibility. Cisco's approach reflects a broader industry trend of leveraging AI for enhanced cybersecurity capabilities while navigating the financial implications of these advanced technologies.
READ THE STORY: The Register
NTT Data Initiates Sleep Monitoring Project in Tokyo Capsule Hotel
Bottom Line Up Front (BLUF): NTT Data, in collaboration with capsule hotel operator Nine Hours and Fitbit, is launching a unique project in Tokyo where it will monitor guests' sleep patterns. The initiative involves using advanced sensors, infrared cameras, microphones, and body movement sensors to gather data. Participants will receive personalized sleep reports and advice, while NTT Data plans to sell the aggregated and anonymized data to various industries, including healthcare and consumer goods.
Analyst Comments: NTT Data's foray into sleep data collection is a significant blend of technology and personal health monitoring. By partnering with Nine Hours and Google's Fitbit, NTT Data is leveraging wearable and environmental technologies to glean insights into human sleep patterns. This initiative mirrors broader trends in health technology, where data collection and analysis are becoming integral to personalized healthcare solutions. However, it raises inevitable concerns about privacy and the ethical implications of monetizing personal health data.
FROM THE MEDIA: The hotel, located in Shinagawa, Tokyo, aims to monitor the sleep of ten million people by 2027, using technology developed by NTT Labs. This technology visualizes internal body rhythms by estimating core body temperature, complemented by infrared cameras and sound-collecting microphones. Guests who opt-in will be provided with Fitbit devices and receive a customized sleep environment analysis. NTT Data aims to create a ¥30 billion business by 2030 through this initiative, focusing on personalized healthcare services and "pre-symptomatic treatment." The data, although sold to third parties, will have personal information removed to ensure privacy.
READ THE STORY: The Register
Exploit Bypasses Apple's 'Lockdown Mode' Security Feature
Bottom Line Up Front (BLUF): Researchers have identified a method to subvert Apple's Lockdown Mode, a significant security feature in iOS designed to protect users against sophisticated cyberattacks. This discovery demonstrates the possibility of delivering a deceptive user experience that mimics Lockdown Mode, while allowing underlying cyberattacks to continue.
Analyst Comments: The revelation of this vulnerability in Apple's Lockdown Mode is a stark reminder that no security measure is completely foolproof. Lockdown Mode was introduced as a stringent protection against zero-click exploits, especially for high-risk individuals like activists and journalists. However, this exploit shows that even advanced security features can have loopholes. The Jamf Threat Labs' demonstration highlights the complexity of cybersecurity in the mobile domain, particularly against nation-state-level adversaries.
FROM THE MEDIA: Jamf Threat Labs demonstrated that Lockdown Mode in iOS could be disabled by manipulating certain code triggers, while still displaying visual cues of being active. This method involves a file replacement and mimicking certain functions, like Safari's captive portal Web engine, to deceive users. This exploit is more challenging to execute in iOS 17, where Lockdown Mode operates at the kernel level, offering enhanced security. However, the exploit's possibility points to a broader issue in cybersecurity: the focus on named attacks and specific attack vectors, often overlooking the techniques used by malware for persistence and stealth. The research emphasizes the need for user awareness and scrutiny of device performance and UI elements, alongside reliance on security features.
READ THE STORY: Dark Reading // THN
Arrest of Alejandro Cao de Benós: Ties to North Korea's Cryptocurrency Activities
Bottom Line Up Front (BLUF): Alejandro Cao de Benós, a Spanish aristocrat known for his support of North Korea, has been arrested in Spain on charges of fraud related to organizing cryptocurrency conferences in Pyongyang. He is accused of aiding North Korea in using blockchain technologies to evade sanctions. This arrest highlights ongoing concerns about North Korea's involvement in cyber-espionage and cryptocurrency theft, as well as the international response to such activities.
Analyst Comments: The arrest of Alejandro Cao de Benós underscores the increasing complexity of geopolitical relations in the digital age. His involvement in facilitating North Korea's understanding of blockchain to evade sanctions ties into broader concerns about the rogue state's cyber capabilities. North Korea's alleged use of cyber-espionage and cryptocurrency theft to fund its weapons programs poses significant challenges to global security and finance. The international community, particularly the U.S., has responded with sanctions and indictments, reflecting a concerted effort to counter these digital threats.
FROM THE MEDIA: De Benós, along with a British national Christopher Emms, was charged by the U.S. for conspiring to break sanctions on North Korea through a 2019 cryptocurrency conference. This conference allegedly provided North Korea with knowledge on using blockchain and cryptocurrency to bypass banking embargoes. De Benós, claiming innocence, argues that the U.S. fraud charges are a pretext for extradition, as Spain cannot extradite him for breaching U.S. sanctions. The U.S. has actively indicted individuals and entities involved in North Korea's cyber activities, including a 2021 indictment of three North Korean hackers for stealing over $1.3 billion. The U.S. Treasury also sanctioned entities employing North Korean IT workers, highlighting the regime's global network of skilled IT professionals contributing to its unlawful weapons programs.
READ THE STORY: The Record
China's Jielong-3 Rocket Launches New Satellite as Part of Guowang Megaconstellation Project
Bottom Line Up Front (BLUF): China successfully launched an internet technology experiment satellite from a sea platform using the Jielong-3 solid rocket. This mission is part of China's plan to build the Guowang satellite internet megaconstellation, aiming to deploy 13,000 satellites into low Earth orbit.
Analyst Comments: This launch represents a significant step in China's ambitious Guowang project, which aims to establish a comprehensive low Earth orbit satellite network. The successful deployment from a sea platform highlights China's expanding capabilities in space launch operations, offering greater flexibility and redundancy in accessing space. The use of the Jielong-3 rocket, capable of carrying substantial payloads into Sun-synchronous orbit, underscores China's advancements in rocket technology.
FROM THE MEDIA: The Jielong-3 rocket, developed by China Rocket Co. Ltd., a commercial spinoff from the China Aerospace Science and Technology Corporation (CASC), successfully placed the internet test satellite into a near-polar orbit. The satellite's orbit altitude and inclination suggest its potential use in global internet coverage. This launch is the third Chinese mission in 2023 carrying satellites for testing satellite internet technologies. The Guowang project is part of China's broader efforts to establish a strong presence in space-based internet services, competing with other global initiatives like SpaceX's Starlink. The Jielong-3's development and operational success indicate China's growing competence in commercial space endeavors and its commitment to enhancing its space launch capabilities.
READ THE STORY: SN
Getty's Lawsuit Against Stability AI to Proceed in UK Courts
Bottom Line Up Front (BLUF): Getty Images' lawsuit against Stability AI, alleging unlawful copying and processing of millions of copyrighted images, will proceed to trial in the UK. The High Court of Justice in London has ruled that the case, involving the use of Getty's images to train Stability AI's Stable Diffusion models, has sufficient grounds for trial.
Analyst Comments: The case against Stability AI represents a significant legal challenge in the rapidly evolving field of AI and copyright law. Getty's allegation that Stability AI scraped and used its copyrighted images without permission for AI model training raises critical questions about the legalities of AI-generated content and the use of existing copyrighted materials for AI development. The decision to proceed with the trial in the UK, despite Stability AI's argument of conducting its training process outside the UK, indicates the global nature of copyright law and its application to AI technologies.
FROM THE MEDIA: Getty sued Stability AI in January, accusing it of infringing intellectual property rights by scraping images from its archive for AI training without permission. Stability AI, while not explicitly denying the scraping of images, argued that the case was irrelevant since the training was done using resources outside the UK. However, the High Court judges found inconsistencies in Stability's arguments and ruled that the case has a real prospect of success at trial. The trial will address both the location issue and the underlying copyright infringement claims. This case is part of a broader legal scrutiny facing AI developers for using training data – including art, books, code, and song lyrics – without consent, potentially violating copyright laws.
READ THE STORY: The Register
Elon Musk's Approach to Space Innovation through Partnerships
Bottom Line Up Front (BLUF): Elon Musk's SpaceX, known for its revolutionary approach in space technology, is increasingly focusing on collaborations, even with competitors, to achieve its ambitious space exploration and satellite deployment goals. This approach reflects a strategic shift in the space industry, emphasizing collaboration over competition.
Analyst Comments: SpaceX's collaboration with various companies, including direct competitors, illustrates a pragmatic approach to space exploration and satellite deployment. By launching satellites for Amazon's Project Kuiper and other companies, SpaceX is demonstrating its willingness to work alongside competitors to advance mutual interests in space technology. This strategy not only benefits SpaceX in terms of revenue and market presence but also fosters a more cooperative environment in the space industry. Collaborations like these are essential for tackling the complex challenges of space exploration and satellite internet deployment.
FROM THE MEDIA: Amazon has chosen SpaceX for three Falcon 9 launches for Project Kuiper, despite earlier legal disputes and competitive dynamics. The decision reflects SpaceX's reliability and capability in the satellite launch market. Amazon's earlier commitment to launch satellites with Blue Origin, United Launch Alliance, Arianespace, and ABL faced delays, prompting a shift to SpaceX. The lawsuit against Amazon by shareholders questioned the exclusion of SpaceX in initial launch considerations, highlighting SpaceX's reputation as a premier launch provider. The collaboration between SpaceX and Amazon for Kuiper is part of a broader trend of SpaceX working with various entities, including competitors, to facilitate satellite deployments.
READ THE STORY: AIM
Russia's AI-Powered Disinformation Campaign Targets Ukraine, U.S., and Germany
Bottom Line Up Front (BLUF): Russia's Doppelganger influence operation, aimed at spreading disinformation in Ukraine, the U.S., and Germany, uses a combination of inauthentic news sites and social media accounts. This campaign focuses on undermining Ukraine, spreading anti-LGBTQ+ sentiments, and highlighting U.S. military and German socio-economic issues. The operation leverages advanced AI and obfuscation techniques to produce and distribute content, reflecting the evolving tactics in information warfare.
Analyst Comments: The Doppelganger operation signifies a sophisticated evolution in the realm of digital influence and disinformation. By employing AI-generated content and strategic online tactics, this operation exemplifies the increasing complexity and adaptability of state-sponsored cyber campaigns. The focus on creating divisive narratives in target countries underscores the strategic intent to exploit societal vulnerabilities and influence public opinion. This development in AI-powered disinformation campaigns poses new challenges for cybersecurity experts and policymakers in identifying and countering such covert operations.
FROM THE MEDIA: Doppelganger, active since early 2022 and linked to Russian entities, has been involved in crafting and disseminating adversarial narratives through fake websites and social media accounts. This operation has utilized brandjacking and advanced obfuscation techniques, including AI-generated articles, to bypass detection measures. The campaigns have targeted Ukraine with over 800 social media accounts and employed domains to mask their true intent. In the U.S. and Germany, the operation created false media outlets publishing malign content, although these efforts have seen minimal engagement. Meta, in its Adversarial Threat Report, identified new websites linked to Doppelganger focusing on U.S. and European political affairs. Meta has disrupted several covert operations from China and Russia, highlighting a global effort to counter such disinformation strategies.
READ THE STORY: THN // The Record
House Judiciary Committee Proposes New Legislation on Government Surveillance
Bottom Line Up Front (BLUF): The House Judiciary Committee has introduced a bill to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), with stricter regulations than previous versions. The bill, which is gaining bipartisan support, mandates warrants for U.S. intelligence agencies, including the FBI, to access electronic data on American citizens. This move comes amidst urgent appeals from the White House for renewal of these surveillance powers.
Analyst Comments: The proposed legislation reflects a growing concern among lawmakers regarding the balance between national security and individual privacy rights. By incorporating the "Fourth Amendment is Not for Sale Act," the bill directly addresses the issue of agencies purchasing personal information from data brokers, a practice increasingly scrutinized for privacy implications. The bipartisan nature of the support suggests a shift in Congressional attitude towards more stringent oversight of surveillance activities. This development is particularly significant given the broader context of global digital surveillance and data privacy concerns.
FROM THE MEDIA: The House Judiciary Committee's bill to reauthorize Section 702 includes provisions for warrant requirements for accessing Americans' data, except in emergency situations. This represents a significant tightening of the current surveillance framework. The bill also includes measures to prevent law enforcement and intelligence agencies from buying personal information. The White House has previously described a warrant mandate as a "red line," but the bill is moving forward with bipartisan support. With the legislative calendar running short, the future of the bill, amidst competing measures and the urgent pleas from the Biden administration, remains uncertain. The bill's inclusion of the "Fourth Amendment is Not for Sale Act" marks a notable legislative effort to limit government surveillance capabilities and protect individual privacy rights.
READ THE STORY: The Record
Development of Universal Backdoor for Image Classification Models
Bottom Line Up Front (BLUF): Three computer scientists from the University of Waterloo have developed a universal backdoor method for poisoning large image classification models. This new technique, unlike previous backdoor attacks that targeted specific data classes, is capable of triggering image misclassification across any class in a dataset.
Analyst Comments: This development in AI security represents a significant advancement in the potential for data poisoning attacks on image classification systems. The universal nature of the backdoor attack poses a heightened risk, as it can affect a wide range of classes within a dataset, not just specific targets. The ability to affect multiple classes with minimal data poisoning (only 0.15% of the training data) indicates a substantial vulnerability in current image classification models. This research underscores the importance of robust security measures in the development and deployment of AI systems, particularly in fields where accurate image classification is critical, such as security and surveillance. It also raises concerns about the integrity of large web-scraped datasets and the need for rigorous validation of data sources in AI model training.
FROM THE MEDIA: The researchers' method involves training a set of diverse features alongside all images in a dataset, enabling the backdoor to affect any class recognized by the model. The backdoor is effective even with a small fraction of poisoned images in the dataset. The attack scenarios outlined include creating a poisoned model and distributing it through public data repositories or specific supply chain operators, and poisoning models through scraped images from the internet. This type of attack underscores the challenges in ensuring the integrity of large datasets and the potential risks associated with AI models trained on such data. The economic incentives for such attacks may increase as these models are deployed more widely, particularly in security-sensitive domains.
READ THE STORY: The Register
Qualcomm Discloses High-Severity Chip Vulnerabilities Exploited in Targeted Attacks
Bottom Line Up Front (BLUF): Qualcomm has released information about three high-severity vulnerabilities in its chips that were subject to "limited, targeted exploitation" in October 2023. The flaws could lead to memory corruption and pose significant security risks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch these vulnerabilities by December 26, 2023.
Analyst Comments: The discovery and exploitation of these vulnerabilities in Qualcomm chips highlight the ongoing challenge in securing complex hardware systems against sophisticated cyber threats. Chip vulnerabilities are particularly concerning due to their potential for widespread impact across multiple devices and platforms. The targeted nature of the attacks indicates a high level of sophistication and specific objectives, possibly linked to espionage or other strategic goals. Qualcomm's transparency in disclosing these vulnerabilities is crucial for the broader cybersecurity community to address these threats effectively.
FROM THE MEDIA: The vulnerabilities identified by Qualcomm include CVE-2023-33063, CVE-2023-33106, and CVE-2023-33107, with CVSS scores ranging from 7.8 to 8.4, indicating high severity. They involve memory corruption issues in DSP Services and Graphics components. Google's Threat Analysis Group and Project Zero, along with other researchers, reported these flaws, which, along with CVE-2022-22071, were exploited in the wild. Details about how these vulnerabilities were weaponized and the identities of the attackers remain unknown. In response, CISA has included these vulnerabilities in its Known Exploited Vulnerabilities catalog. Additionally, Google's December 2023 security updates for Android address 85 flaws, including a critical issue in the System component that could lead to remote code execution.
READ THE STORY: THN
Tuberville Ends Military Nominee Blockade, Except for Cyber Command Chief
Bottom Line Up Front (BLUF): Republican Senator Tommy Tuberville has lifted his months-long hold on hundreds of military nominations, except for a few, including the nominee for the new chief of U.S. Cyber Command and the National Security Agency (NSA). This decision allows most of the 450 nominees to proceed but leaves Air Force Lt. Gen. Timothy Haugh's nomination for Cyber Command and NSA chief in limbo.
Analyst Comments: Senator Tuberville's decision to continue blocking key cybersecurity leadership positions, particularly during a time of heightened cyber threats, raises concerns about the potential impact on U.S. national security. The hold on Haugh's confirmation could delay crucial leadership transitions at both Cyber Command and NSA. This situation highlights the often complex and politicized nature of military and cybersecurity appointments within the U.S. government.
FROM THE MEDIA: The blockade began as a protest against a Pentagon policy related to abortion costs. Tuberville's partial lift of the hold follows a commitment from the Republican conference to oppose a resolution for group confirmations of military nominees. Air Force Lt. Gen. Timothy Haugh's confirmation is crucial, as he is expected to succeed Gen. Paul Nakasone. The delay affects other related leadership positions, including Maj. Gen. William Hartman's appointment as Cyber Command's No. 2 and Maj. Gen. Lorna Mahlock's role at the NSA's Cybersecurity Directorate. Additionally, Sen. Ron Wyden's separate hold on Haugh's nomination, pending NSA's disclosure on purchasing Americans' data from brokers, adds another layer of complexity.
READ THE STORY: The Record
Fancy Bear's Phishing Campaigns Target US and European Agencies
Bottom Line Up Front (BLUF): Fancy Bear, a Russian state-sponsored cyber group, has been conducting large-scale phishing campaigns against high-value targets in government, defense, and aerospace in the US and Europe. They are exploiting two vulnerabilities: CVE-2023-23397 in Microsoft Outlook and CVE-2023-38831 in WinRAR. Microsoft patched the Outlook flaw in March, but Fancy Bear continues to exploit these vulnerabilities in their sophisticated cyber attacks.
Analyst Comments: Fancy Bear's latest phishing campaigns are indicative of the persistent and sophisticated nature of state-sponsored cyber espionage. The exploitation of previously known and patched vulnerabilities highlights a common issue in cybersecurity: the lag in patch application across various organizations. Fancy Bear's focus on high-value targets in critical sectors underscores the strategic nature of these attacks, likely aimed at gathering intelligence.
FROM THE MEDIA: Microsoft has tracked Fancy Bear's activities, noting their exploitation of the CVE-2023-23397 Exchange flaw to access email accounts on Exchange servers. The Polish Cyber Command collaborated with Microsoft, finding compromised Outlook accounts, particularly in Poland, with modified mailbox permissions for unauthorized access. Security firm Proofpoint observed over 10,000 emails attributed to Fancy Bear targeting various sectors in North America and Europe. These phishing emails, designed to exploit the Outlook vulnerability, often contained malicious attachments designed to capture credentials.
READ THE STORY: The Register
Atlassian Releases Fixes for Remote Code Execution Flaws in Multiple Products
Bottom Line Up Front (BLUF): Atlassian has released critical patches for four severe vulnerabilities in its products that could allow remote code execution. These vulnerabilities, with high CVSS scores, affect multiple Atlassian products, including Confluence Data Center, Confluence Server, Assets Discovery for Jira Service Management Cloud, Server, Data Center, and the Atlassian Companion app for macOS.
Analyst Comments: The vulnerabilities addressed by Atlassian are significant due to their potential for remote code execution, which is one of the most severe types of cyber threats. The widespread use of Atlassian products in enterprise environments makes these vulnerabilities particularly concerning. The vulnerabilities stem from various issues, including a deserialization vulnerability in the SnakeYAML library and a template injection flaw in Confluence. The high CVSS scores associated with these vulnerabilities underscore their potential impact.
FROM THE MEDIA: The vulnerabilities addressed include CVE-2022-1471, a deserialization vulnerability in the SnakeYAML library, and CVE-2023-22522, a remote code execution vulnerability in Confluence Data Center and Server. The other two vulnerabilities, CVE-2023-22523 and CVE-2023-22524, also allow remote code execution in various Atlassian products. These vulnerabilities could be exploited by attackers to gain unauthorized access and control over affected systems. The advisory from Atlassian comes after the disclosure of a critical flaw in Apache ActiveMQ affecting Bamboo Data Center and Server products. Given the critical nature of these vulnerabilities and the increasing focus on Atlassian products as attack vectors, it is highly recommended for users to update their installations to the patched versions immediately.
READ THE STORY: THN
Pegasus Spyware Trial Begins in Mexico
Bottom Line Up Front (BLUF): The trial over the use of Pegasus spyware in Mexico has begun, focusing on its deployment against journalist Carmen Aristegui and other notable figures during former President Enrique Peña Nieto's administration. The case involves allegations of government-sponsored spying using the Israeli-made Pegasus software, capable of accessing a victim's phone contents and enabling real-time surveillance.
Analyst Comments: This trial is a significant development in the ongoing global issue of government-led spyware use. The case underscores the potent capabilities of Pegasus spyware and the risks it poses to privacy and journalistic freedom. The involvement of a former president and the targeting of high-profile individuals, including journalists and activists, reflect the political motivations behind such surveillance. The trial's outcome could set a precedent in holding governments and spyware manufacturers accountable for the misuse of surveillance technology.
FROM THE MEDIA: The Pegasus scandal in Mexico, involving the administration of Enrique Peña Nieto, centers on the alleged surveillance of journalist Carmen Aristegui, billionaire Carlos Slim, and others. Aristegui's investigation into corruption linked to Peña Nieto reportedly triggered the spying. The whistleblower, known as Zeus, revealed that the spying was executed by the KBH business group, a supplier of Pegasus in Mexico. The trial could run for months and involves a large number of alleged victims, illustrating the extensive use of spyware in Mexico. This case is part of a broader pattern of government-led spyware campaigns observed in Europe and other regions.
READ THE STORY: The Record
Items of interest
IBM's Condor Processor Raises Questions About Bitcoin's Vulnerability
Bottom Line Up Front (BLUF): IBM's announcement of its advanced quantum computing processor, Condor, and its roadmap for quantum computing, has sparked concerns in the cryptocurrency community about the potential threat to Bitcoin's security. Quantum computing's ability to break cryptographic protocols underpinning Bitcoin could expose private keys and undermine the blockchain's integrity.
Analyst Comments: The advancement in quantum computing represented by IBM's Condor processor is a significant technological milestone, but it also poses potential risks to blockchain technology, including Bitcoin. Quantum computers' capability to solve complex mathematical problems much faster than traditional computers could theoretically break the cryptographic security that protects Bitcoin transactions. However, it's important to note that these threats are currently speculative and depend on further advancements in quantum computing. The Bitcoin community may need to consider consensus-based measures to secure the network against potential future quantum attacks.
FROM THE MEDIA: IBM's roadmap for quantum computing, particularly the goal of executing 1 billion gates across 2,000 qubits by 2033, has raised concerns about quantum computing's ability to decrypt Bitcoin's cryptographic security. Experts have warned that quantum technology could eventually crack the cryptographic protocols used to secure the Internet and financial transactions, including Bitcoin's blockchain. However, current estimates suggest that a quantum computer would need about 8 hours to break an RSA key, while Bitcoin transactions typically take 10 minutes to complete. This time discrepancy currently safeguards Bitcoin transactions, but future advancements in quantum computing speed could pose a risk.
READ THE STORY: CNF
Will Quantum Computing KILL Bitcoin? (Video)
FROM THE MEDIA: The threat of quantum computing is one of the most common concerns raised regarding the security and longevity of the Bitcoin network. Find out if Bitcoin is at risk and what can be done to prevent it.
How Quantum Computing Could Destroy Bitcoin (Video)
FROM THE MEDIA: Quantum computers are devices that operate on the principles of quantum mechanics, which allow them to solve certain problems much faster than traditional computers. Cryptocurrencies like Bitcoin are secured by algorithms that require large amounts of computational power, but a quantum computer could easily break these codes.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.