Daily Drop (895): US: Lithium Mine's | RU: FM | Apple: Bounties | Iran-Israel | Salt Typhoon | AI: Open-Washing | Nvidia | SEC: SolarWinds | RU: APT's | Palantir | TeamTNT | SharePoint: Vul's

10-26-24

Saturday, Oct 26 2024 // (IG): BB // ScraperDaddy // Cloud Email Harvester

---

UK Prime Minister Urges Iran to Avoid Retaliation Amid Israel-Iran Escalations

Bottom Line Up Front (BLUF): British Prime Minister Keir Starmer, speaking at the Commonwealth Heads of Government Meeting, urged Iran not to retaliate against recent Israeli strikes on its military sites. Starmer emphasized Israel’s right to self-defense but cautioned against further escalation in the region, calling for restraint from all sides.

Analyst Comments: This statement reflects the UK’s support for Israel's right to security while underscoring a desire to avoid a broader regional conflict. Starmer's caution aligns with broader Western diplomatic efforts to contain the Israeli-Iranian conflict within current boundaries. The UK’s positioning suggests an interest in maintaining diplomatic channels with Iran to prevent the conflict from spilling into other regional areas, a challenging goal given the rising tensions and ongoing military responses.

FROM THE MEDIA: Following Israeli strikes on Iranian targets on October 26, which Israel claimed were responses to previous Iranian strikes, British PM Keir Starmer appealed for de-escalation, stating Iran should refrain from responding militarily. Israel’s actions were reportedly aimed at neutralizing perceived threats, and Starmer’s comments from Samoa reflect a strategic move by the UK to curb potential escalation. The recent Israeli strikes are part of an intensifying confrontation between the two nations, both of whom view each other as regional adversaries.

READ THE STORY: Reuters

Open Washing in AI: Meta and Other Tech Giants’ Dubious “Open Source” Claims

Bottom Line Up Front (BLUF): Major tech companies, including Meta, are accused of "open washing" by marketing proprietary AI models as open source despite restrictive licensing. This practice aims to leverage open source’s favorable public perception and regulatory advantages without meeting the criteria set by the Open Source Initiative (OSI).

Analyst Comments: Open washing dilutes the integrity of open-source principles, creating challenges for developers, businesses, and regulators who rely on transparent, accessible technology. With AI models like Llama 3 pushing ambiguous licensing, companies benefit from exemptions under the EU AI Act, which favors open-source models. This trend could erode trust in open-source AI, complicating the use of shared code and adding legal complexities. For genuine open-source standards to thrive, greater regulatory clarity on open-source definitions in AI is essential.

FROM THE MEDIA: Meta’s Llama 3 language model, touted by CEO Mark Zuckerberg as open source, fails to meet OSI’s open-source standards due to restrictive clauses on litigation and branding, which disqualify it under OSI's Open Source Definition. This tactic, termed “open washing,” mirrors practices by other tech giants, such as Google and Microsoft, who market proprietary models as open-source. The incentive for this misrepresentation stems from benefits under the EU AI Act, where open-source models receive regulatory leniency, including reduced compliance obligations. Despite high-profile claims, few significant companies' models qualify as truly open-source, with OSI preparing to release a more explicit AI-specific open-source definition.

READ THE STORY: The Register

SEC Charges Four Companies for Misleading Disclosures in SolarWinds Cyberattack Fallout

Bottom Line Up Front (BLUF): The U.S. Securities and Exchange Commission (SEC) has fined Avaya, Check Point, Mimecast, and Unisys for inadequate disclosure of the impacts of the 2020 SolarWinds cyberattack. The SEC asserts these companies downplayed the breach’s scope, misleading investors about the extent of the intrusion and resulting in fines totaling nearly $7 million.

Analyst Comments: The SEC’s charges indicate a strong regulatory stance on transparency in cybersecurity incident disclosures, especially regarding breaches that affect national security and investor confidence. By targeting four high-profile companies, the SEC highlights the importance of complete and truthful disclosures in the aftermath of cyber incidents. These actions could prompt companies to reconsider cybersecurity reporting practices to avoid reputational damage and fines. As regulatory expectations heighten, organizations may invest more in incident response and transparency to safeguard shareholder interests.

FROM THE MEDIA: The SEC announced charges against Avaya, Check Point, Mimecast, and Unisys for allegedly providing “materially misleading disclosures” in the wake of the SolarWinds cyberattack. Unisys, facing the most significant fine at $4 million, reportedly downplayed the breach by suggesting the incident’s risks were hypothetical despite the exfiltration of substantial data. Similarly, Avaya understated the breach by claiming limited email access, omitting that over 145 files were accessed. Check Point and Mimecast were also cited for vague disclosures, failing to reveal specific impacts such as compromised code and encrypted credentials. The SEC emphasizes that broad, hypothetical language violates federal securities laws requiring accurate disclosures about real cybersecurity risks.

READ THE STORY: THN

Norwegian Investor Divests from Palantir over Human Rights Concerns Tied to Israeli Military Work

Bottom Line Up Front (BLUF): Storebrand, one of Norway’s largest investment firms, has sold its holdings in Palantir Technologies, citing concerns over Palantir’s work for the Israeli military in occupied Palestinian territories. Storebrand’s decision follows a government advisory cautioning against investments supporting Israeli operations in disputed regions.

Analyst Comments: This divestment underscores increasing scrutiny of tech firms involved in conflict zones, particularly where international law or human rights standards are contested. Norway’s guidance, echoing a broader shift among ESG-focused investors, reflects growing pressure on tech firms to address transparency in their business partnerships. Palantir’s AI-driven tools for surveillance and predictive policing in sensitive geopolitical areas could lead other investors to follow Storebrand’s lead, impacting companies where human rights risks are a factor in valuation.

FROM THE MEDIA: Storebrand Asset Management disclosed the sale of its Palantir holdings—worth approximately $24 million—due to the firm’s involvement in Israeli surveillance and military operations in Palestinian territories. The Norwegian government advised companies earlier this year to avoid business activities that support Israeli settlement operations. Storebrand stated that Palantir had not responded to multiple information requests concerning its activities since April, ultimately leading to the decision to exclude it. Palantir has not commented publicly on the divestment, though CEO Alex Karp previously defended the company’s work with Israel following Hamas-related security incidents last year.

READ THE STORY: Reuters

Russia's Foreign Ministry Faces Unprecedented Cyberattack Amid BRICS Summit

Bottom Line Up Front (BLUF): Russia’s Foreign Ministry experienced a significant Distributed Denial-of-Service (DDoS) attack that disrupted its online services for several hours. The attack occurred during the BRICS summit in Kazan, delaying a scheduled briefing by four hours and impacting the Ministry’s web resources.

Analyst Comments: The timing of this large-scale cyberattack amid the BRICS summit may suggest a political motivation, potentially aiming to disrupt or signal opposition to Russia's international alliances. This DDoS incident reflects the increasing frequency of cyber operations against state institutions, often coinciding with major events, such as summits, that draw global attention. As geopolitical tensions rise, state actors and hacktivists may seek to exploit digital vulnerabilities to challenge or discredit their opponents, suggesting a growing trend of cyber disruptions targeting political milestones.

FROM THE MEDIA: Russia’s Foreign Ministry came under an "unprecedented" DDoS attack on Wednesday, spokeswoman Maria Zakharova announced, impacting the Ministry’s website for several hours. Zakharova indicated that although cyberattacks on the Ministry’s website are not unusual, this one was exceptional in scale, resulting in the postponement of a planned briefing to reduce strain on online resources. The attack occurred as the BRICS summit continued in Kazan, where leaders from Brazil, Russia, India, China, and South Africa discussed multipolarity and cooperation. Russian technical teams, government agencies, and service providers are working to counteract the attack and restore full functionality.

READ THE STORY: MEHR

UK Court Allows Saudi Dissident to Sue Saudi Government Over Spyware Targeting

Bottom Line Up Front (BLUF): UK’s High Court has ruled that Saudi activist Yahya Assiri may proceed with a lawsuit against Saudi Arabia for allegedly using Israeli-made spyware, Pegasus, to surveil him. This decision challenges Saudi Arabia’s defense of sovereign immunity and could lead to broader accountability for state-sponsored cyber surveillance on foreign soil.

Analyst Comments: The court’s ruling may set a new precedent in holding governments accountable for international surveillance using spyware. By enabling Assiri’s legal action, the court sends a strong message against cyber-intrusions targeting dissidents abroad, which could influence other jurisdictions to adopt similar stances. Additionally, if Assiri’s case moves forward, it could spark increased scrutiny of spyware sales to governments with records of human rights abuses, impacting the future policies of companies like NSO Group.

FROM THE MEDIA: On October 11, 2024, the UK High Court permitted Saudi dissident Yahya Assiri to sue the Saudi government over alleged spyware surveillance. Assiri, a human rights activist and a vocal critic of the Saudi regime has claimed that spyware made by NSO Group (Pegasus) and QuaDream infected his devices between 2018 and 2020. The court’s decision defies Saudi Arabia’s sovereign immunity claims, paving the way for a potential trial unless settled or dismissed. This decision comes amid growing international concerns over state use of cyber-surveillance technology, often targeting activists, journalists, and political opponents. Human Rights Watch praised the ruling, calling it a critical step toward accountability for authoritarian governments.

READ THE STORY: The Record

Nvidia Surpasses Apple as the World's Most Valuable Company Amid AI Boom

Bottom Line Up Front (BLUF): Nvidia briefly surpassed Apple to become the world’s most valuable company, driven by strong demand for its artificial intelligence (AI) chips. Nvidia’s market cap touched $3.53 trillion before settling at $3.47 trillion, while Apple’s reached $3.52 trillion.

Analyst Comments: The AI sector is rapidly rising and relying increasingly on specialized hardware. As AI integration continues in business and consumer applications, Nvidia’s strategic focus on AI chips places it in a prime position for sustained technology leadership. The surge in generative AI, highlighted by a $6.6 billion funding round from OpenAI, bolsters Nvidia’s growth trajectory. However, this valuation also raises questions about the long-term sustainability of investor enthusiasm for AI, especially in a fluctuating economy.

FROM THE MEDIA: Nvidia’s stock saw record gains this October, helping it reach a $3.53 trillion valuation, temporarily surpassing Apple. Known initially for gaming chips, Nvidia’s dominance in AI processing has solidified its position as a critical supplier to companies like Microsoft, Alphabet, and Meta, racing to advance AI technologies. Nvidia’s rise also benefited from favorable quarterly earnings from Western Digital and strong demand projections for AI hardware from TSMC. Apple, meanwhile, faces a dip in iPhone demand, particularly in China, which has contributed to a slower rate of growth in comparison to Nvidia’s 82% projected annual revenue increase.

READ THE STORY: Reuters

FBI, CISA Investigate Chinese Telecom Breach in U.S. Election Interference Attempt

Bottom Line Up Front (BLUF): The FBI and CISA are investigating a breach by hackers linked to the Chinese government, who allegedly targeted telecommunications infrastructure used by U.S. political figures, including Vice President Harris and former President Trump. Known as Salt Typhoon, the group reportedly accessed systems at major telecoms such as AT&T and Verizon, posing risks to election integrity and data security.

Analyst Comments: The alleged Chinese-backed telecom hack on key U.S. political figures indicates a notable escalation in foreign cyber interference within critical infrastructure. Using access to these systems, Salt Typhoon could potentially monitor private communications and movements of political leaders. This campaign, targeting devices connected to high-profile candidates, highlights vulnerabilities within U.S. telecommunications, particularly in systems supporting law enforcement and wiretap operations. The breach emphasizes the potential for espionage and influence operations in the upcoming election, as campaign-related information is especially valuable in a politically charged environment.

FROM THE MEDIA: As the FBI and CISA investigate Chinese state-sponsored hackers targeting telecommunications systems used by high-profile U.S. political figures, concerns over election security intensify. With similar Russian disinformation tactics surfacing, these incidents reflect a broader foreign strategy to exploit U.S. digital infrastructure and disrupt the electoral process.

READ THE STORY: The Record

TeamTNT Launches New Cloud Crypto Mining Attack Leveraging Docker Exploits

Bottom Line Up Front (BLUF): The cybercriminal group TeamTNT has escalated its attack on cloud environments by exploiting exposed Docker endpoints to deploy Sliver malware, crypto miners, and other malicious tools. This new campaign targets Docker daemons, deploying mass scans to hijack computational resources for cryptocurrency mining while renting out compromised servers.

Analyst Comments: TeamTNT’s approach represents a maturing threat in crypto-jacking, with increased sophistication in exploiting cloud-native environments. By compromising Docker endpoints with automated mass scans and deploying malware from Docker Hub, the group gains control over a large volume of servers for crypto mining, monetizing both directly through mining and indirectly by renting out these compromised resources. Notably, they have transitioned to using the Sliver C2 framework, demonstrating adaptability and an effort to enhance their control over infected systems. Exploiting anonymized DNS further complicates detection and tracing, while Docker’s widespread adoption increases enterprise risk.

FROM THE MEDIA: By exploiting Docker vulnerabilities for crypto mining, TeamTNT’s operation underscores the importance of securing cloud-based resources against emerging threats in cloud environments.

READ THE STORY: THN

US Approves Lithium Mine in Nevada, Targeting Critical EV Mineral Independence

Bottom Line Up Front (BLUF): The Biden administration has approved the Rhyolite Ridge lithium-boron mine in Nevada, aiming to strengthen the U.S. supply chain for electric vehicle (EV) batteries and reduce dependence on China. Australian mining company Ioneer, responsible for the project, plans to produce enough lithium to power 370,000 EVs annually by 2028 with support from a $700 million federal loan.

Analyst Comments: This mine approval marks a pivotal step in the U.S. strategy to secure critical minerals domestically and combat supply chain vulnerabilities tied to China’s dominance in lithium processing. The Rhyolite Ridge project aligns with incentives in the Inflation Reduction Act, signaling the U.S. commitment to fostering a homegrown EV supply chain. However, environmental concerns, including the endangered Tiehm’s buckwheat flower near the site, present a potential hurdle. A protected domestic supply chain could reshape global mineral markets, though ongoing challenges in environmental mitigation may slow similar initiatives.

FROM THE MEDIA: The Rhyolite Ridge mine received a federal permit this past Thursday, making it the first lithium mine approved by the Biden administration. In addition to the mine’s estimated $1.2 billion cost, Ioneer secured a $700 million loan from the U.S. government to support production levels that would substantially increase U.S. lithium output. The approval followed a six-year regulatory review addressing environmental concerns about the endangered Tiehm’s buckwheat flower native to the site. New federal tax breaks tied to mineral processing costs are part of a broader effort to attract critical mineral investments under the Inflation Reduction Act.

READ THE STORY: FT

Active Exploits in Microsoft SharePoint Prompt Immediate Security Measures by CISA

Bottom Line Up Front (BLUF): CISA has highlighted active exploitation of Microsoft SharePoint’s CVE-2024-38094 vulnerability, calling for immediate patching and enhanced monitoring, especially for federal agencies, to prevent potential attacks.

Analyst Comments: The CVE-2024-38094 vulnerability, with a CVSS score of 7.2, enables authenticated attackers to inject and execute code within SharePoint environments. CISA’s inclusion of this vulnerability in the Known Exploited Vulnerabilities catalog points to its widespread potential impact. This flaw is particularly concerning due to the availability of proof-of-concept (PoC) exploits, enabling attackers to automate site authentication and payload delivery. Agencies are advised to address this vulnerability by November 12, 2024, to mitigate risks associated with remote code execution threats.

FROM THE MEDIA: Organizations using Microsoft SharePoint must prioritize patching CVE-2024-38094 and implementing advanced logging and identity management measures. With public PoC scripts, attackers have amplified capabilities for unauthorized code execution. CISA's advisory underscores the importance of quickly addressing this critical flaw and maintaining robust security practices to protect sensitive infrastructure and data.

READ THE STORY: THN

Kremlin-Linked APT29 and APT28 Hackers Escalate Cyber Espionage on Ukraine

Bottom Line Up Front (BLUF): Russian-linked hacker group APT29, known for high-profile cyber-attacks, has launched an espionage campaign targeting Ukrainian government and military agencies to steal login credentials. The campaign, identified by Amazon Web Services and Ukraine’s CERT-UA, signals an intensified Russian cyber-espionage push, particularly as similar operations by APT28 have also been detected.

Analyst Comments: APT29, also called Cozy Bear, is a well-known arm of Russia’s Foreign Intelligence Service (SVR) with a record of significant cyber incidents, including the SolarWinds breach. This recent operation aimed to steal login credentials by using phishing emails that mimicked messages from Microsoft and Amazon, revealing a shift toward larger-scale attacks across Ukrainian networks. The malicious tactics included access to disk drives, network resources, and audio devices, potentially enabling unauthorized surveillance and control over compromised systems. AWS’s attribution was based on fraudulent domain names crafted to resemble authentic AWS domains, designed to lure victims into revealing credentials.

FROM THE MEDIA: Russian-linked APT29, aiming to extract credentials from Ukrainian agencies, and APT28, targeting local government data, are intensifying espionage activities as the geopolitical conflict continues. These campaigns highlight Russia’s reliance on cyber-attacks for intelligence gathering in Ukraine, employing sophisticated evasion tactics like Google reCAPTCHA, large-scale phishing, and exploiting AWS-like domains.

READ THE STORY: The Record

Russia Takes Rare Action, Sentencing REvil Ransomware Hackers for Cybercrime

Bottom Line Up Front (BLUF): Four members of the REvil ransomware group have been sentenced by a Russian court to prison terms ranging from 4.5 to 6 years for illegal hacking and money laundering activities, marking an unusual crackdown on cybercrime within Russia.

Analyst Comments: The convictions of REvil members Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov signify one of the few instances where Russian authorities have imposed substantial penalties on cybercriminals operating from within the country. These sentences follow a broader sweep by Russian authorities, leading to the detainment of 14 individuals tied to REvil and several recent Russian probes into other cybercrime-linked financial services, like Cryptex and UAPS.

FROM THE MEDIA: Russia's sentencing of REvil members to prison for hacking and financial crime is unprecedented, reflecting increased enforcement within the country against cybercriminal groups. With additional members still facing prosecution, this rare action against a domestic cybercriminal syndicate may have broader implications for the global fight against ransomware.

READ THE STORY: THN

Arm vs. Qualcomm: Licensing Dispute Risks Disrupting Key Chip Industry Partnership

Bottom Line Up Front (BLUF): Arm's licensing dispute with Qualcomm, initially a fight over royalties, has escalated with Arm threatening to cancel Qualcomm's critical chip design license. This action could disrupt Qualcomm's product roadmap and affect its ability to manufacture chips, posing significant risks for companies and the broader chip industry.

Analyst Comments: Qualcomm and Arm’s dispute underscores a struggle for control and revenue as Qualcomm pivots toward greater independence with its Nuvia acquisition, allowing it to design custom cores. The legal battle stems from Arm's stance that Qualcomm requires permission to use Nuvia’s technology under Arm’s architecture license, reflecting Arm’s desire for higher royalties and control over its proprietary technology.

FROM THE MEDIA: The escalating licensing dispute with Qualcomm highlights a power struggle as Qualcomm seeks independence following its acquisition of Nuvia, potentially reducing its reliance on Arm-designed cores. Arm's threat to cancel Qualcomm’s chip design license risks halting Qualcomm’s product pipeline, impacting device manufacturers reliant on Qualcomm’s chips. This battle has broader implications for Arm’s business model, affecting its partnerships as it pursues higher royalties and greater control in the chip sector.

READ THE STORY: FT

Apple Opens PCC Source Code, Offering Bounties for AI Cloud Security Bugs

Bottom Line Up Front (BLUF): Apple has made its Private Cloud Compute (PCC) source code accessible, encouraging cybersecurity researchers to test its security claims. The initiative, part of Apple's AI privacy approach, includes expanded bounties up to $1 million for discovered vulnerabilities, enhancing transparency and encouraging robust security evaluation.

Analyst Comments: Researchers can utilize Apple’s Virtual Research Environment (VRE) with a virtual Secure Enclave Processor to thoroughly evaluate PCC security features. This move responds to the broader context of emerging security challenges in AI, including novel attacks like Deceptive Delight and ConfusedPilot, which manipulate AI through malicious inputs, and ShadowLogic, which plants undetectable backdoors within models. These methods demonstrate how critical it is for cloud AI systems to have multilayered, verifiable defenses.

FROM THE MEDIA: Apple's opening of its PCC source code and the launch of a significant security bounty program reflect its commitment to AI privacy and security transparency. The initiative provides researchers with tools to assess PCC's architecture, incentivizing the discovery of vulnerabilities amid a rapidly evolving AI security landscape. This proactive stance aims to fortify PCC and promote a secure environment for AI-driven applications.

READ THE STORY: THN

Items of interest

UK Budget to Unlock Financing for Critical Minerals Amid Global Supply Chain Pressures

Bottom Line Up Front (BLUF): The UK chancellor will introduce financing support through UK Export Finance (UKEF) for companies importing critical minerals vital for defense, aerospace, and EV battery production. This move, part of the Autumn Budget, aims to strengthen the UK's role in the global lithium, graphite, and cobalt supply chain.

Analyst Comments: This financing initiative underscores the UK’s drive to secure critical minerals amid global competition and geopolitical tensions with China, which dominates the processing of many of these resources. By improving access to financing, the UK can bolster its industrial resilience, particularly in defense and electric vehicle production, while reducing dependency on Chinese supplies. However, with limited domestic mineral resources, a parallel investment in recycling and refining technologies will likely be needed for a sustainable, self-sufficient supply chain.

FROM THE MEDIA: UK Chancellor Rachel Reeves will announce in the upcoming Budget that companies importing critical minerals like lithium and cobalt will be eligible for financing support from UKEF. These minerals are essential to producing various technologies, from smartphones to electric vehicle (EV) batteries. Given the global push toward renewable energy, demand for these minerals is surging, with industries such as defense and EV production standing to benefit. This initiative aligns with the UK's commitment as a member of the Minerals Security Partnership, a coalition aiming to foster international collaboration for critical mineral supply. Tensions between China and the West over mineral supply have also impacted the EU, which is imposing tariffs on Chinese EV imports.

READ THE STORY:  The Washington Times

Friendshoring the Lithium-Ion Battery Supply Chain (Video)

FROM THE MEDIA: Lithium-ion battery supply chains encapsulate the profound shift in trade, economic, and climate policy currently underway in the United States and abroad. Policymakers seek to create paths towards an effective green transition, but they also must contend with the national security and economic risks posed by U.S. reliance on foreign nations for critical minerals and other necessary materials.

How the U.S. Is Investing Billions to Compete With China’s Lithium Supply Chain (Video)

FROM THE MEDIA: The U.S. used to be a global leader in lithium processing, but it lost its market control to China in the early 2000s. Since then, China has developed its own lithium supply chain, controlling 55% of the market. Now, the U.S. is trying to secure its own supply in a race for independence.

The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.