Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+648: Cyberespionage from your besties? (CyberWire) Ukraine's SSSCIP gets a new chief, and Russian defense industries are targeted by foreign intelligence services. Who those services might be are unknown, but circumstantially they look a little like people from Shanghai or Pyongyang.
Israel-Hamas war: Hamas to blame for ceasefire collapse, says US (The Telegraph) The US has blamed Hamas for the collapse of the terror group’s truce with Israel.
Israel-Hamas war live: dozens of tanks enter southern part of Gaza Strip, witnesses say, as Israel says it has hit 200 ‘terror targets’ (the Guardian) Israel’s military says its ground troops are operating in the Gaza Strip and, with its air force, have hit ‘approximately 200 Hamas terror targets’
A brutal battle for southern Gaza beckons after the truce ends (The Economist) The next stage of fighting will be harder and more controversial
Israel says its ground forces are operating across ‘all of Gaza’ (the Guardian) IDF spokesperson says ‘troops coming face-to-face with terrorists and killing them’
Israel-Hamas war live: reports of fresh strike on Jabaliya refugee camp; ‘75% of Gaza’s population’ internally displaced (the Guardian) New estimate from UN humanitarian agency says around 1.8 million people in Gaza have been forced to leave their homes
Israel is now attacking the true Hamas stronghold (The Telegraph) The terrorists will have used the pause in fighting to improve their defences and prepare sniper positions, mines and explosive booby traps
Hamas Is Waging a War of Propaganda To Convince the World the Hostages Were Treated Well, Yet Freed Israelis Report the Opposite — in Harrowing Detail (The New York Sun) Some hostages are held in dark tunnels, not seeing sunlight for more than 50 days. Children were forced to watch footage of the massacre and threatened if…
National Security Council’s John Kirby: No indication U.S. intelligence was aware of Hamas’ Israel attack plan (NBC News) Kirby said on “Meet the Press” that the U.S. didn't have “any advance warning” or “any knowledge” of Hamas’ attack plan. The New York Times has reported that Israel obtained the plan over a year ago.
US intel not aware of Hamas’ plan for Oct. 7 attack on Israel, John Kirby says (New York Post) US intelligence has “indicated” that it was unaware of Hamas’ plans for its bloody Oct. 7 surprise attack, before the onslaught took place, a top official confirmed Sunday.
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (Cybersecurity and Infrastructure Security Agency | CISA) The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.
How a Pennsylvania cyberattack links to the war in Gaza — and how Israel is reacting (TPR) Israel's government has passed emergency wartime powers giving it more authority over cybersecurity, even within private companies. Cyberwar is playing an increasing role in the conflict with Hamas.
Breaches by Iran-affiliated hackers spanned multiple U.S. states, federal agencies say (ABC News) U.S. and Israeli authorities say a small western Pennsylvania water authority was just one of multiple organizations breached by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made
'Very alarming': Aliquippa's hacked water authority exposes the threat to operational technology (Pittsburgh Post-Gazette) Industrial control systems could be vulnerable to cyber threats, the nation's top cyberdefense agency warned last week, days after a water treatment facility...
Iranian hackers attempt to damage critical infrastructure through Israeli Unitronics products (CTech) According to a joint warning from American and Israeli cyber security agencies, since November 22, a group linked to the Iranian Revolutionary Guards has attacked Israeli company Unitronics devices which are used to control and automate machines.
Hackers steal IDF patient records from cyberattack on Israeli hospital (The Jerusalem Post) A hacker group allegedly linked to Iran says it stole 100,000 IDF medical records from a cyberattack on Ziv Medical Center in Safed in the Galilee.
How hackers linked to Iran, Hezbollah and Hamas are increasing their efforts to attack Israeli targets (CTech) Cyber attacks not only aim to damage infrastructure but also to deter business with Israeli companies, creating a complex threat landscape
Fighting Slows In Ukrainian Frontline Town Avdiivka: Official (APF via Barron's) The Ukrainian town of Avdiivka, under constant Russian fire, has seen fewer ground attacks in the past 24 hours due to heavy Russian losses and harsh weather, the mayor said on Sunday.
One Dead As Russian Shelling, Drone Strikes Hit Ukraine's Donetsk, Kherson, And Odesa Regions
(RadioFreeEurope/RadioLiberty) At least two civilians were killed in Ukraine's Donetsk and Kherson regions in shelling by Russian troops that also caused damage to infrastructure and property, regional officials said on December 2.
Ukraine’s Zelensky Orders Construction of Defenses to Hold Back Russia (Wall Street Journal) The call to bolster fortifications is the Ukrainian leadership’s clearest public acknowledgment of a defensive turn.
Russian General Killed In Ukraine: Russian Governor (Barron's) A Russian general has died while deployed in Ukraine, the governor of Russia's Voronezh region said on Monday, the latest high-ranking Russian military figure to die during the 21-month offensive.
Dead or Alive? The Hunt for a Ukrainian Soldier Missing on a Chaotic Battlefield (Wall Street Journal) Ruslan Finchuk, a Ukrainian senior sergeant and experienced soldier, was last seen in enemy territory under machine gun fire. His unit told his wife he was missing, presumed dead.
Russia Boosts Troop Numbers By 15 Percent (Barron's) Russian President Vladimir Putin signed a decree on Friday boosting troop numbers by 15 percent, in a move the army said was due to "threats" associated with the Ukraine offensive.
Putin orders Russian army to add 170,000 troops for a total of 1.32 million (CNN) Russian President Vladimir Putin has ordered the country’s military to increase its number of troops by 170,000, as Moscow’s invasion of Ukraine enters its 22nd month.
Second Train In Days Explodes On Main Russian Railway Line In Siberia (RadioFreeEurope/RadioLiberty) A second train has exploded on Russia's major railway line in the Siberian region of Buryatia in recent days.
Ukrainian troops undergo advanced Patriot system training in Germany (Yahoo) Seventy more Ukrainian soldiers have completed training on the Patriot air defense system in Germany, German broadcaster Deutsche Welle reported on Dec. 2, citing Germany’s dpa news agency.
Why Russia now has to use its A-50U closer to the fight in Ukraine (Breaking Defense) "They will have to decide what costs them more: to lose one or more of these A-50s or to continue to see their combat aircraft and S-400 units progressively degraded," a Ukrainian expert told Breaking Defense.
Belarus, China Hail Deepening Ties In Beijing Talks (Barron's) Chinese President Xi Jinping and Alexander Lukashenko hailed strengthening ties on Monday, as they held talks during the Belarusian leader's second trip to Beijing this year.
Give the Kremlin an Inch and it Will Take Half of Europe (CEPA) Signs of Western hesitation over support for Ukraine encourage Russian Kremlin propagandists to speculate on which country might be next.
NATO should be ready for ‘bad news’ from Ukraine, Stoltenberg warns (POLITICO) ‘We have to support Ukraine in both good and bad times,’ NATO chief says in ARD interview.
Miscalculations, divisions marked offensive planning by U.S., Ukraine (Washingto Post) On June 15, in a conference room at NATO headquarters in Brussels, Defense Secretary Lloyd Austin, flanked by top U.S. commanders, sat around a table with his Ukrainian counterpart, who was joined by aides from Kyiv. The room was heavy with an air of frustration.
Congress Must Avoid Interruption Of U.S. Support, White House Says
(RadioFreeEurope/RadioLiberty) The U.S. Congress should act swiftly to provide aid to Ukraine before the end of the month to avoid an interruption in support provided by the United States, White House national-security spokesman John Kirby said.
White House warns it will run out of money for Ukraine unless Congress acts by end of year (The Hill) The White House on Monday sounded the alarm that it will run out of money to provide weapons to Ukraine in its fight against Russia without congressional action by the end of the year. In a letter …
Mike Johnson Becomes Surprise Champion of More Ukraine Aid (Wall Street Journal) The effort to secure funding for Kyiv is part of a complicated set of negotiations that will again test the newly elected House speaker’s leadership.
Watchdog: Western arms companies failed to ramp up production capacity in 2022 due to Ukraine war (AP News) An independent watchdog says many Western arms companies failed to ramp up production in 2022 despite a strong increase in demand for weapons and military equipment.
Vladimir Putin cannot keep funding his war for ever (The Economist) Russia needs more men and more weapons for a long war. But Putin is likely to postpone another wave of mobilisation until after the 2024 presidential election
Zelenskyy hoping West will deny legitimacy of Putin's rule after upcoming 'sham election' (Yahoo) After the Russian presidential election in March 2024, Western leaders will have to decide whether to recognize Vladimir Putin's legitimacy if he runs and wins, Ukrainian President Volodymyr Zelenskyy has said in an interview with the Associated Press.
Putin betrayed us, say wives and mothers of Russian soldiers (The Telegraph) Influential campaign group demand end to indefinite mobilisation for troops in Ukraine and plan major demonstration in Moscow
Guidance for investigating attacks using CVE-2023-23397 (Microsoft Security) Microsoft has identified a nation-state activity group tracked as Forest Blizzard (STRONTIUM), based in Russia, actively exploiting CVE-2023-23397 to provide secret, unauthorized access to email accounts within Exchange servers. The Polish Cyber Command (DKWOC) partnered with Microsoft to take action against Forest Blizzard actors, and to identify and mitigate techniques used by the actor:
Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says (Record) The software giant, in tandem with Poland's Cyber Command, is warning that the group known as Fancy Bear, APT28 or Forest Blizzard is still exploiting an Outlook bug that drew attention earlier in 2023.
XDSpy hackers attack military-industrial companies in Russia (Record) A cyberespionage group known as XDSpy recently targeted Russian military-industrial enterprises, according to new research.
Ukraine appoints new cyber chief following ouster of top officials (Record) The Ukrainian government has appointed Yury Myronenko, a decorated serviceman and air defense commander, as head of one of its main cybersecurity agencies amid a corruption probe.
Ukrainian cyber experts lend skills to NATO's largest-ever digital warfare drills in Estonia (Yahoo News) Ukraine has taken part in the largest-ever NATO Cyber Coalition exercise, held in Tallinn, Estonia, from Nov. 27 to Dec. 1, news agency Interfax-Ukraine has reported.
No time to drop guard, but full-on cyber war has been a non-event (The Canberra Times) So far we have not seen devastating hacks some expected.
One App To Rule Them All: Coming Soon To Russia's Internet (RadioFreeEurope/RadioLiberty) A single app that can be used for everything from social media and instant messaging to government services like paying taxes. It’s a “dream scenario” for the Russian authorities, a way to dramatically expand surveillance -- and manipulate public opinion. And it’s getting close to reality.
Russia-China Alliance Would Build Artificial Intelligence For Dictators (The Moscow Times) Opinion | President Vladimir Putin struck a triumphant tone at last week’s Artificial Intelligence Journey Conference in Moscow.
Ukraine takes part in largest NATO cyber defense exercises (Interfax-Ukraine) Ukraine took part in the largest exercise in the history of NATO, the Cyber Coalition, which took place in Tallinn (Estonia) from November 27 to December 1.
International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war (EU NEIGHBOURS east) In an unprecedented effort, law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations wreaking havoc across the world.
VEON’s Kyivstar and Amazon Web Services Sign Memorandum of Cooperation to Support the Development of Ukrainian Businesses (GlobeNewswire News Room) Amsterdam and Kyiv, 4 December 2023: VEON Ltd. (NASDAQ: VEON, Euronext Amsterdam: VEON), a global digital operator that provides converged connectivity and...
Ukraine Accuses Russia Of Killing Surrendering Soldiers (Barron's) Kyiv accused Russia on Saturday of committing a war crime by executing Ukrainian soldiers who had signalled their intention to surrender.
Ukraine Says Apparent Shooting Of Surrendering Soldiers A Russian War Crime (RadioFreeEurope/RadioLiberty) Ukraine's military has decried the apparent killing of two surrendering Ukrainian troops by Russian forces and said it considers the incident evidence of a war crime.
Hundreds Of Ukrainian Monuments Threatened Or Damaged By War Documented (RadioFreeEurope/RadioLiberty) Scientists from the German cities of Marburg and Hanover, along with Ukrainian photographers, have documented 250 architectural monuments that have been threatened or damaged by the Russian war in Ukraine.
Attacks, Threats, and Vulnerabilities
'No evidence' of reports of hacks linked to China and Russia, says Sellafield (Times and Star) CUMBRIA'S nuclear site has denied accusations made in a national newspaper that it has been hacked by groups linked to Russia and China.
Sellafield nuclear site hacked by groups linked to Russia and China (the Guardian) Exclusive: Malware may still be present and potential effects have been covered up by staff, investigation reveals
New proxy malware targets Mac users through pirated software (BleepingComputer) Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites.
New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia (The Hacker News) Researchers uncover FjordPhantom, a sophisticated malware targeting users in Southeast Asia.
DanaBot Stealer : A Multistage MaaS Malware Re-emerges with Reduced Detectability (CYFIRMA) EXECUTIVE SUMMARY At Cyfirma, our dedication lies in providing current insights into the predominant threats and strategies employed by malicious...
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (Dark Reading) Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover.
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US (Unit 42) A new toolset comprised of malware (Agent Raccoon and Ntospy) and a custom version of Mimikatz (Mimilite) was used to target organizations in the U.S., Middle East and Africa.
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S. (The Hacker News) A mysterious malware called Agent Racoon is infiltrating organizations in the Middle East, Africa, and the U.S.
P2Pinfect - New Variant Targets MIPS Devices - Cado Security | Cloud Forensics & Incident Response (Cado Security) Cado Security Labs has been monitoring on the rapid growth of a cross-platform botnet, named “P2Pinfect”. Here's the latest updates.
CVE-2023-49103: Critical Information Disclosure in ownCloud Graph API (Rapid7) On November 21, 2023, ownCloud disclosed CVE-2023-49103, an unauthenticated information disclosure vulnerability affecting ownCloud.
IBM identifies zero-day vulnerability in Zyxel NAS devices (Security Intelligence) IBM X-Force uncovered two new flaws when investigating a vulnerability affecting Zyxel NAS devices. Learn more about the risks and the patch put in place.
How to Not Get Hacked by a QR Code (WIRED) QR codes can be convenient—but they can also be exploited by malicious actors. Here’s how to protect yourself.
DePauw University warns of data breach as ransomware attacks on colleges surge (Record) DePauw University warned students this week that their personal information may have been accessed by hackers who attacked the school.
‘Shock and dismay’ after Clare data leak (Varsity Online) The financial data of hundreds of students at the College was leaked in an all-student email
Hackers demand £300,000 to not leak royal family's medical records (Computing) A hacking group has targeted the prestigious King Edward VII's Hospital and is threatening to expose private health data of royal family members unless a ransom of £300,000 in bitcoin is paid.
Dollar Tree Supply Chain Attack Could Affect Millions of People (MSSP Alert) Discount retailer Dollar Tree has been hit by a supply chain cyberattack that has put some two million people’s personal information at risk.
Data Breach Exposed Thousands of Pet Medical Records Including Owner Information (Website Planet) Data Breach Exposed Thousands of Pet Medical Records Including Owner Information
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported
23andMe says hackers accessed 'significant number' of files about users' ancestry (TechCrunch) 23andMe revealed new details about its data breach. The company says it's notifying at least 14,000 users, but the actual number is likely far higher.
Fortune-telling website WeMystic exposes 13M+ user records (Security Affairs) WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data.
The Impact of Mayseeds Leaks: A Comprehensive Analysis (Digital Weekly) Mayseeds leaks have become a significant concern in recent years, affecting individuals, organizations, and even governments.
LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order (Security Affairs) LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks
Security Patches, Mitigations, and Software Updates
Apple Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency | CISA) Apple has released security updates to address vulnerabilities within Safari, macOS Sonoma, iOS, and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
Google Chrome's new cache change could boost performance (BleepingComputer) Google is introducing a significant change to Chrome's Back/Forward Cache (BFCache) behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache.
Trends
Mobile Emulators Eclipse Bots in 2023 as Preferred Fraud Vector in North America (PR Newswire) BioCatch, the global leader in digital fraud and money laundering detection and response powered by behavioral biometric intelligence, today...
BlackFog State of Ransomware Report (BlackFog) We recorded eighty-nine publicly disclosed ransomware attacks in November, the highest number we’ve recorded since starting our State of Ransomware blog in 2020.
AWS re:Inforce Watch on demand | Amazon Web Services (AWS) Check out the re:Inforce 2023 keynote, leadership sessions, and breakout sessions.
Cyber Security NCC Group Resource Hub articles The Hidden Opponent: Cyber Threats in Sport (NCC Group) The global sports industry, projected to generate over $700 billion in 2026, is becoming an appealing target for cyber criminals due to its vast revenues and rapid digital transformation.
CYFIRMA Industry Report : MATERIALS (CYFIRMA) EXECUTIVE SUMMARY The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each...
Marketplace
Senetas launches $5M capital raise for high-growth subsidiary Votiro (Stockhead) Senetas (ASX:SEN) has a $5 million capital raise to seize growth opportunities in the cybersecurity sector.
Wilmington software startup raises $40M funding round led by one of the world's largest VC firms (Philadelphia Inno) After tripling revenue, opening an office in London and expanding its reach into Australia, a Wilmington-based company specializing in connecting governments with defense software has raised $40 million in one of the largest funding rounds for a tech firm in the Philadelphia area this year.
ArmorCode Raises $40 Million in Series B Funding to Help Companies Ship Secure Software and Ship It Fast (Business Wire) Following more than 400% year-over-year growth in annual recurring revenue, ArmorCode continues to expand on its goal to unify Application Security and Infrastructure Vulnerability Management for security and developer teams
Goldilock Selected For Prestigious NATO DIANA Accelerator Programme (Business Wire) British cybersecurity firm named one of 30 companies taking part in exclusive NATO-backed programme, following rigorous selection process
NATO picks first flock of startup pitches in push for fresh tech (Defense News) Alliance officials are looking for breakthroughs in the areas of undersea sensing, energy resilience and secure information sharing.
Broadcom's confirmed VMware cuts surpass 2,000 as Massachusetts, NY disclose layoffs (CRN) Broadcom has still not said how many of VMware’s 38,000 employees it plans to cut now that the deal is closed, but state-by-state Worker Adjustment and Retraining Notification (WARN) disclosures show the layoffs have surpassed 2,000.
HYAS Infosec Groundbreaking Research on AI-Generated Malware Contributes to the AI Act, Other AI Policies and Regulations (Business Wire) Provides AI Regulation Initiatives with Deep Insight into the Potential Harms of Fully Autonomous and Intelligent Malware and Helps Advance Cybersecurity Protections Against AI-Driven Threats
Thales Completes the Acquisition of Imperva, Creating a Global Leader in Cybersecurity (Investors Observer) Thales Completes the Acquisition of Imperva, Creating a Global Leader in Cybersecurity
Thoma Bravo exits cybersecurity firm Imperva (PE Hub) The deal puts Imperva at a valuation of about $3.6 billion.
Inside Morgan Stanley’s OpenAI Push (The Information) During the most harrowing moments of the OpenAI leadership crisis, one of the startup’s biggest partnerships—a deal with Morgan Stanley that is supposed to demonstrate how AI can change the game at a giant, highly regulated Wall Street bank—was left twisting in the wind. Executives at Morgan ...
The Inside Story of Microsoft’s Partnership with OpenAI (The New Yorker) The companies had honed a protocol for releasing artificial intelligence ambitiously but safely. Then OpenAI’s board exploded all their carefully laid plans.
Home Office inks £450m cloud deal with AWS amidst growing scrutiny (Computing) The UK's Home Office has finalised a ground-breaking contract with Amazon Web Services (AWS).
Walmart Stops Ads on X, Joining the Advertising Exit (Wall Street Journal) The retailer says its halt isn’t a boycott, but due to poor performance.
Products, Services, and Solutions
Circle Security Now Available on Auth0 Marketplace (PR Newswire) Circle Security, a decentralized, threat prevention platform, today announced the availability of its Credential-Free Authentication solution...
NordVPN introduces a vulnerability detection feature (NordVPN) NordVPN and Threat Protection present a software vulnerability detection feature to up your cybersecurity game.
Consultancy to develop a data protection framework for the project (ReliefWeb) Information Management Consultancy about Safety and Security, requiring 5-9 years of experience, from ACF; closing on 11 Dec 2023
SentinelOne® Wins Multiple CRN 2023 Products of the Year Awards (Business Wire) Singularity™ Cloud Workload Security and Singularity Data Lake identified by editors and solution providers as top offerings for cloud security and endpoint protection
Technologies, Techniques, and Standards
CISA's Goldstein wants to ditch 'patch faster, fix faster' model (CyberScoop) The Cybersecurity and Infrastructure Security Agency wants large companies to shoulder greater responsibility for securing computer systems.
OpenSSF Announces New Members, Guiding Software Security Principles at OpenSSF Day Japan (Open Source Security Foundation) The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), announced new members from leading technology firms and a new set of Secure Software Development Guiding Principles at OpenSSF Day Japan.
OpenSSF Releases Top 10 Secure Software Development Guiding Principles (Open Source Security Foundation) Today, we are excited to announce version 1.0 of the Secure Software Development Guiding Principles. These 10 principles describe a series of foundational practices that, if followed, can help provide better assurance and security for organizations leveraging them. Though aspirational, they provide a set of core practices that producers and suppliers of software can pledge to align with and follow throughout their development lifecycles helping create more secure software.
Effective AI Regulation Requires Adaptability and Collaboration (HYAS) HYAS Labs research on AI-generated malware helps shape the AI Act and other AI policy and regulations.
Put guardrails around AI use to protect your org, but be open to changes (Help Net Security) The guardrails that CISOs set in agreement with the broader organization will change as AI begins to play a bigger role in enterprise life.
Don't Bring Your Own Device (D-BYOD): How Businesses are Adapting to Cybersecurity Realities in Hong Kong (Enea) Use of burner phones in Hong Kong rises amidst growing cybersecurity concerns, signifying a crisis of confidence in mobile network security.
Design and Innovation
IBM's John Dwyer on using AI offensively and defensively in cybersecurity (CyberScoop) IBM speaks with CyberScoop at CyberTalks 2023.
Generative AI ‘helping criminals create more sophisticated cyber attacks' (The Irish News) The UK's National Cyber Security Centre has also highlighted the use of AI to create and spread disinformation as a key threat.
Google Postpones Big AI Launch as OpenAI Zooms Ahead (The Information) Google has quietly delayed the public debut of Gemini, a conversational artificial intelligence that aims to compete with OpenAI, to January, two people with knowledge of the decision said. Google CEO Sundar Pichai recently decided to scrap a series of Gemini events, originally scheduled for ...
One Year In, ChatGPT’s Legacy Is Clear (The Atlantic) The technology is less important than the ideas it represents.
These Clues Hint at the True Nature of OpenAI’s Shadowy Q* Project (WIRED) Reports of a mysterious breakthrough called Q* at OpenAI sparked anxious rumors. AI experts say it’s probably just a conventional attempt to make ChatGPT a little smarter.
Why Won’t OpenAI Say What the Q* Algorithm Is? (The Atlantic) Supposed AI breakthroughs are frequently veiled in secrecy, hindering scientific consensus.
Astrological Insights and Advice on How OpenAI’s Q* Model Is a Sign of the Times (Medium) A recent article by Karen Hao discusses the recent rumors about a new AI model developed by OpenAI, codenamed Q*, that allegedly can solve grade-school math problems and has sparked safety concerns…
Think you can spot a fake AI-generated news story? Take this quiz to find out (ZDNET) Some 47% of people surveyed by Netskope believed that a fake AI-created news story was real. Can you do better?
Academia
My Teacher, the Robot: President Biden's Executive Order on Artificial Intelligence and the Implications for Schools (JD Supra) On October 30, 2023, President Biden issued Executive Order No. 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial...
Increasing the University's Network Security by Blocking Unsafe Sites (University of Arkansas News) Beginning today, Dec. 4, BloxOne Threat Defense will be implemented to help protect the campus community from malware, exploits, phishing, data exfiltration and ransomware.
Inside America's School Internet Censorship Machine (WIRED) A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.
Legislation, Policy, and Regulation
NATO deepens cyber coalition with Asian partners (C4ISRNet) Alliance officials work to coordinate their virtual defenses with like-minded governments in Japan and South-Korea.
The Path to AI Arms Control (Foreign Affairs) America and China must work together to avert catastrophe.
‘Machines set loose to slaughter’: the dangerous rise of military AI (the Guardian) The long read: Autonomous machines capable of deadly force are increasingly prevalent in modern warfare, despite numerous ethical concerns. Is there anything we can do to halt the advance of the killer robots?
EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’ (Record) There should be “a European cyber force … equipped with offensive capabilities,” according to the president of the European Council, which sets the EU's political priorities.
IoT vulnerability reporting obligations set to apply in EU from 2027 (Record) The new Cyber Resilience Act is intended to increase security standards for the Internet of Things. Manufacturers would face penalties for not properly reporting actively exploited vulnerabilities.
Provisional Agreement Reached on Proposed EU Cyber Resilience Act (Productwise) Provisional agreement on the text of the proposed new European Union Cyber Resilience Act (CRA) was reached by the EU institutions on 30 November 2023. The first regulation of its kind, the CRA seeks to impose new cybersecurity requirements, as well as requirem
Commission welcomes political agreement on Cyber Resilience Act (European Commission - European Commission) The Commission welcomes the political agreement reached last night between the European Parliament and the Council on the Cyber Resilience Act, proposed by the Commission in September 2022.
French government recommends against using foreign chat apps (BleepingComputer) Prime Minister of France Élisabeth Borne signed a circular last week requesting all government employees to uninstall foreign communication apps such as Signal, WhatsApp, and Telegram by December 8, 2023, in favor of a French messaging app named 'Olvid.'
US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch (Record) The U.S. partnered with several nations in the Pacific to hand down sanctions on North Korea — particularly the country’s Kimsuky cyber espionage group — after the country launched a surveillance satellite last week.
Bipartisan House legislation calls for two new federal cybersecurity training programs (FedScoop) The Federal Cybersecurity Workforce Expansion Act would establish an apprenticeship program at CISA and a VA pilot program to train veterans on cyber work.
Medical AI Tools Can Make Dangerous Mistakes. Can the Government Help Prevent Them? (Wall Street Journal) Health regulators want to create a ‘nutrition label’ for AI apps in one of Washington’s first attempts to impose safety requirements on the technology.
Cyber Command, NSA nominee now double-blocked (Record) Air Force Lt. Gen. Timothy Haugh was already subject to a long-running blockade of nominations in the Senate. Now Sen. Ron Wyden is holding it up as leverage to get more information about the NSA's potential connections with the data broker industry.
Litigation, Investigation, and Law Enforcement
Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere (SecurityWeek) Members of Congress asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting CISA to warn other water and sewage-treatment utilities that they may be vulnerable.
SEC Cybersecurity Rules Go Live in Days. Companies Still Aren't Sure What to Expect (Corporate Counsel) Companies are faced with this conundrum of wanting to provide more detail but not wanting to give too much, Orrick partner Aravind Swaminathan said.
Meta faces more questions in Europe about child safety risks on Instagram (TechCrunch) Meta has received another formal request for information (RFI) from European Union regulators seeking more details of its response to child safety Meta has received another formal request for information from European Union regulators seeking more details of its response to child safety concerns on Instagram.
Meta Is Struggling to Boot Pedophiles Off Facebook and Instagram (Wall Street Journal) The social-media company has stepped up enforcement, but its algorithms continue to promote problematic content.
Russian National Pleads Guilty to Trickbot Malware Conspiracy (US Department of Justice) A Russian national pleaded guilty today to his role in developing and deploying the malicious software known as Trickbot, which was used to launch cyber-attacks against American hospitals and other businesses.
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (The Hacker News) Russian national Vladimir Dunaev found guilty for developing TrickBot malware, facing up to 35 years in prison.
US readies prison cell for another Russian Trickbot dev (Register) Hunt continues for the other elusive high-ranking members
Russian developer of Trickbot malware pleads guilty, faces 35-year sentence (Record) According to court documents, Vladimir Dunaev, 40, was a member of a cybercriminal organization that deployed Trickbot to steal money and install ransomware on victims’ computers.
Te Whatu Ora data breach: Man arrested for allegedly accessing Covid vaccination info (NZ Herald) A 56yr old man is charged with accessing a computer system for dishonest purposes.
'Truly distressing': Woman who lost parents during pandemic furious over Te Whatu Ora vaccination data breach (NZ Herald) Te Whatu Ora says it is doing 'everything [it] can' to respond to the incident.
Ex-FBI Counterintelligence Leader Seeks No Prison Time in Russia Sanctions Case (New York Law Journal) Bracewell partner Seth DuCharme filed a classified addendum to the sentencing memorandum to share more information about McGonigal's service to the United States during his career at the FBI, which DuCharme described as extraordinary.
AG Considers Right To Compensation Under GDPR For Stolen Data (MarketScreener) In a recent opinion delivered by Advocate General Collins before the Court of Justice of the European Union , the Advocate General found that individuals have a right to compensation under Article...