Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+650: Hybrid wars' spillover in cyberspace. (CyberWire) Drone technology improvises and adapts, but so do air defenses. Experts warn of hybrid wars' spillover into remote sections of cyberspace.
How cybersecurity teams should prepare for geopolitical crisis spillover (CSO Online) CISOs can anticipate and prepare for cyberattacks conducted by participants in geopolitical conflict such as the Israel/Hamas war by understanding the threat actors' motivations and goals.
Did Hamas make millions trading the October 7th attacks? (The Economist) Researchers highlight suspicious activity in New York and Tel Aviv
Unexploded bombs, many U.S.-made, could make parts of Gaza uninhabitable (Washington Post) Israel’s bombardment of the Gaza Strip has reduced entire neighborhoods to dust. The resumption of fighting and intensified airstrikes on southern Gaza after a week-long pause could mean that even more of the territory could meet the same fate.
Israel’s Failed Bombing Campaign in Gaza (Foreign Affairs) Collective punishment won’t defeat Hamas.
Evidence suggests dozens of Israeli women were raped or mutilated by Hamas (NBC News) NBC News has reviewed evidence that suggests dozens of Israeli women were raped, sexually abused or mutilated during the Oct. 7 Hamas terror attacks.
Russia-Ukraine war: List of key events, day 651 (Al Jazeera) As the war enters its 651st day, these are the main developments.
Russia Seeks To Take Eastern Ukrainian Stronghold 'At Any Cost' As Kyiv Gets Worrying News About Western Support (RadioFreeEurope/RadioLiberty) Local military officials in eastern Ukraine say Russian forces have expanded their avenues of attack against the Donetsk region town of Avdiyivka in an effort to surround and capture it "at any cost."
2023 review: Ukraine scores key victories in the Battle of the Black Sea (Atlantic Council) The front lines of the Russian invasion in Ukraine have barely moved in 2023, but Ukraine has had far more success in the Black Sea, where it has broken Russia's blockade and forced Putin's fleet to retreat from Crimea, writes Oleksiy Goncharenko.
Fake history is a crucial weapon in Vladimir Putin’s bid to destroy Ukraine (Atlantic Council) The invading Russian army is not the only enemy Ukraine faces; the Kremlin propaganda and false historical narratives that drive and justify the invasion are arguably just as deadly, writes Ihor Smeshko.
Fancy Bear goes phishing in US, European high-value networks (Register) GRU-linked crew going after our code warns Microsoft - Outlook not good
Russian GRU Hackers Exploit Critical Patched Vulnerabilities (GovInfoSecurity) A Russian military hacking intelligence group is winning the race to exploit known vulnerabilities before system administrators can apply patches, warns Proofpoint.
Russia's Fancy Bear launches mass credential collection campaigns (CSO Online) The campaigns exploit Outlook and WinRAR flaws to target government, defense, and other entities, and they represent a change of tactic for the APT28 group.
Microsoft warns of Russian hackers targeting vulnerable Outlook email accounts (Computing) Microsoft Threat Intelligence has warned that a prolific Russian hacking group is actively exploiting a known critical bug in Outlook to gain unauthorised to email accounts.
NATO’s virtual battlefield misses AI (GZERO Media) A whopping 120 countries have been hit by cyberattacks in the past year alone — and nearly half of those involved NATO members. Yet in the latest wargames for NATO, preparations for cyberattacks involving AI were nowhere to be found.
Russian Defense Procurement Network Added To U.S. Sanctions Designations (RadioFreeEurope/RadioLiberty) The United States on December 5 imposed fresh sanctions targeting a defense procurement network that the U.S. Treasury Department said is led by a Belgium-based businessman and involves numerous Cyprus-based companies as well as businesses in Sweden, Hong Kong, and the Netherlands.
Russia Sanctions Database (Atlantic Council) The Atlantic Council’s Russia Sanctions Database tracks the level of coordination among Western allies in sanctioning Russian entities, individuals, vessels, and aircraft, and shows where gaps still remain.
The American Way of Economic War (Foreign Affairs) Washington is overusing its most powerful weapons.
Opinion Why U.S. aid for Ukraine is a bargain (Washington Post) There are various paths to the conclusion that U.S. taxpayers are getting a bargain by backing Ukraine’s war for survival. One is to ask: Yes, it’s expensive, but compared with what?
Ukraine aid in peril as Senate Republicans walk out of heated briefing (Defense News) A procedural vote on Ukraine aid is expected to fail after Republicans walked out of a briefing amid an unrelated immigration policy spat.
U.S. Files War Crime Charges Against Russians Accused Of Torturing American In Ukraine (HuffPost) The case marks the first prosecution against Russians in connection with atrocities during their war against Ukraine.
Attacks, Threats, and Vulnerabilities
Forescout Vedere Labs discloses 21 new vulnerabilities affecting OT/IoT routers (Forescout) Forescout Vedere Labs has identified a total of 21 new vulnerabilities affecting Sierra Wireless AirLink cellular routers and some of its open source components such as TinyXML and OpenNDS, which are used in a variety of other products.
Sierra:21 Living on the Edge (Forescout) Forescout Vedere Labs has discovered 21 new vulnerabilities within OT/IoT routers and open-source software components, highlighting new risk in your critical infrastructure.
Executing a Chromecast Exploit – Times Three (DirectDefense) Chromecast with Google TV (1080P) Secure-Boot Bypass Introduction: Implications of These Findings This piece details the development of a chain of three
New Research: Popular Messaging Apps like WhatsApp, Telegram, Teams and Slack Fuel New Mobile Device and Web Application Threats (Business Wire) SafeGuard Cyber data confirms enterprises lack proper security measures to effectively protect cloud-based business collaboration and messaging tools
2023 Business Communication Risk Report (SafeGuard Cyber) In an era of fast-evolving digital threats and regulatory challenges, SafeGuard Cyber delivers a vital Communication Risk Report, offering key insights and strategies to help businesses protect their critical data and operations against the ever-present human threat in cybersecurity.
The People Onscreen Are Fake. The Disinformation Is Real. (New York Times) For the first time, A.I.-generated personas, often used for corporate trainings, were detected in a state-aligned information campaign — opening a new chapter in online manipulation.
Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery (SecurityWeek) The details of 10 unpatched Loytec building automation product vulnerabilities have been disclosed two years after their discovery.
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths (We Live Security) ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion (Cybersecurity and Infrastructure Security Agency | CISA) Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution.
Hackers breach US govt agencies using Adobe ColdFusion exploit (BleepingComputer) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.
Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw (Security Affairs) The U.S. CISA warns that threat actors are actively exploiting a critical vulnerability in Adobe ColdFusion to breach government agencies.
Massive 23andMe Hack Compromised Nearly 7 Million Users’ Data (The Daily Beast) Around half of all profiles set up with the DNA testing company were affected by the breach.
Oops! 23andMe Admits Hackers Stole 7 Million Customers' Genetic Data (Yahoo Finance) On the internet, nothing is safe. Not even your DNA. That's the dystopian lesson you can take from the latest data breach from the commercial genetic testing company, 23andMe, which disclosed on Friday in a regulatory filing that hackers managed to access information on about 14,000 users or 0.1 percent of its customer user base. […]
Genetic testing firm 23andMe admits hackers accessed DNA data of 7m users (the Guardian) US company says ‘threat actor’ responsible for security breach that affected nearly half of its 14m reported users
Hackers stole a million people's DNA. What they'll do with it is baffling (Metro) Is your DNA safe?
Metomic Finds 40% of Google Drive Files Contain Sensitive Information, Putting Organizations at Risk of a Data Breach (Business Wire) According to Metomic’s 2023 Google Scanner Report, documents that had been shared externally often contained confidential information, with 18,000 files flagged as having “highly sensitive” data, like PII
The Risks of Storing Sensitive Data in Google Drive (Metomic) How much data in Google Drive is available to the public? We analysed accounts from all over the world to find out.
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools (SafeBreach) See how SafeBreach Labs researchers developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading endpoint detection and response (EDR) solutions.
Citrix software bug leads to outages at 60 credit unions (American Banker) A third-party provider for credit unions failed to fix a long-patched vulnerability, according to a cybersecurity researcher who has studied the situation.
What To Look For In QR Code Phishing Emails (Cofense) Learn more about the characteristics of a QR code phishing email and how to protect yourself from them. Understand the latest attack employed by threat actors.
Top 10 Ransomware Targets in 2022 and Beyond (Security) Today's top ransomware targets include organizations in the media, retail and energy sectors. Learn which 14 industries have the highest attack rates.
What is Ransomware? How It Works and How to Remove It (Security) Ransomware attacks are potentially devastating financially motivated cybercrimes. Learn how ransomware works, how to remove it and how to prevent it.
CISA Adds Four Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency | CISA) CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVE-2023-33107 Qualcomm Multiple Chipsets Integer Overflow Vulnerability
CVE-2022-22071 Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Security Patches, Mitigations, and Software Updates
CISA Releases Two Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA released two Industrial Control Systems (ICS) advisories on December 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-339-01 Zebra ZTC Industrial ZT400 and Desktop GK420d
ICSA-23-208-03 Mitsubishi Electric CNC Series (Update D)
Windows 10 gets three more years of security updates, if you can afford them (Ars Technica) Windows 10 gets a version of the program that extended updates for Windows 7.
Gmail’s AI-powered spam detection is its biggest security upgrade in years (Ars Technica) Gmail's spam filters can now understand "adversarial text manipulations."
Trends
The Global State of Industrial Cybersecurity 2023 (Claroty) This report examines the results of an independent, global survey of 1,100 information technology (IT) and operational technology (OT) security professionals who work full time for enterprises that own, operate, or otherwise support components of critical infrastructure.
Nearly All Software Used by U.S. Energy Companies Contains Code from Russian & Chinese Developers, New Fortress Information Security, Research Finds (Fortress Infosec) New research from Fortress Information Security shows software makers use a lot of code found on open-source platforms that they know very little about. Using available Software Bills of Materials (SBOMs) for software commonly used by U.S. energy companies, the Fortress research team found more than a thousand components coming from developers in adversarial nation-states like Russia and China. Additionally, some of the potentially compromised contributions can sit, unpatched, for years before being addressed.
Whitepaper | A Software Supply Chain Dependent on Adversaries (Fortress Infosec) Research shows 90% of US Infrastructure containers code from adversaries.
Cycode Releases State of ASPM Report: Shows 77% of CISOs Believe Software Supply Chain Security Is a Bigger Blind Spot Than Generative AI (GlobeNewswire News Room) Industry’s first research survey on Application Security Posture Management (ASPM) reveals AppSec chaos reigns90% said relationships between their security...
Majority of U.S. First Responders Call for Technology Upgrades to Stop Cyberattacks, Dispatch Outages and to Prepare for Natural Disasters, According to New National Survey (Business Wire) New report reveals critical need for public safety agencies to deploy modern cloud-native dispatch and technology systems to better support the communities they serve
Marketplace
VC Firm OpenView Abruptly Winds Down as Industry Pressure Rises (The Information) OpenView Venture Partners, a Boston-based venture capital firm that has backed enterprise software firms such as Calendly and Expensify, has laid off most of its staff and will not make new investments, leaders told staff on Tuesday, according to a person with knowledge of the situation. The ...
Osano Makes Strategic Acqusition of Wirewheel, Expanding Enterprise-Grade Capabilities of Industry's Leading Data Privacy Platform (PR Newswire) Osano, the leader in data privacy management, has completed the acquisition of WireWheel, an enterprise provider of data privacy solutions....
O’Melveny Advises ArmorCode on US$40 Million Series B Funding (O'Melveny) O’Melveny advised ArmorCode, the leader in Application Security Posture Management (ASPM) and Risk-Based Vulnerability Management (RBVM), on its US$40 million Series B funding round.
Introducing Astrion, a Transformative Evolution of Oasis Systems and ERC (Business Wire) Company and industry-leading executive team focusing on driving results with impact for federal government customers
Francisco Partners acquires Blancco for £175m (CRN) The deal finalised at 223p/share and as a result Blancco has ceased trading and is no longer on the London stock market
Musk’s X.AI to Raise $1 Billion (The Information) Elon Musk’s artificial intelligence startup X.AI is raising $1 billion, according to a securities filing Tuesday.
Meta, IBM Create Industrywide AI Alliance to Share Technology (Bloomberg) Meta Platforms Inc. and International Business Machines Corp. are joining more than 40 companies and organizations to create an industry group dedicated to open source artificial intelligence work, aiming to share technology and reduce risks.
Vendor layoffs, training and the skills gap: Top distributors share their thoughts on talent (CRN) From hiring the right talent to retaining it, we ask the top channel distributors their take on the skills and talent shortage
DTEX Systems Appoints Mandiant Global CTO Marshall Heilman as CEO (Business Wire) Heilman brings unparalleled experience in building and operating world-leading cybersecurity company Mandiant, widely recognized as the ‘Gold Standard’ for threat intelligence and incident response
Cybersecurity Veteran Jerry Hoff Appointed New CEO of SightGain (Business Wire) Former Cyber Leader at Sony, NTT, and Morgan Stanley to Lead Automated Platform Assessment Platform for Enterprises and Consulting Teams
Tanium appoints Nick Lim as new Vice President for APAC region (SecurityBrief New Zealand) Endpoint security firm Tanium appoints Nick Lim as VP for the APAC region, strengthening its growth and customer engagement.
Quorum Cyber selects Scott Burman as Head of Advisory (Quorum Cyber) Scott Burman has chosen to join Quorum Cyber, a Microsoft Solutions Partner for Security, as Head of Advisory.
Products, Services, and Solutions
Dragos Launches Program to Provide Water, Electric Utilities With Free Cybersecurity Tools (Wall Street Journal) The cybersecurity company says it will give software free to operators with under $100 million in revenue.
The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos) Dragos CEO Robert M. Lee covers the expansion of the Dragos Community Defense Program for small utilities, highlighting why this program is needed and how it helps these organizations defend their communities.
Centripetal Partners With Tiger to Provide Cutting-Edge Cybersecurity Innovation to the UK Market for the First Time (Centripetal) Centripetal, the global leader in intelligence powered cybersecurity, today announced that its award winning, patented cybersecurity threat solution is available for the first time ever across the UK as a result of its strategic partnership with Tiger.
Securiti Announces Partnership with Databricks to Enable Enterprises to Readily Govern and Secure their Data (Securiti) SAN JOSE, Calif., December 5, 2023 – Securiti, the pioneer of the Data Command Center, today announced its strategic partnership with Databricks, the data and AI company and pioneer of the Data Lakehouse and Unity Catalog. This new partnership will enhance the way enterprises manage their data and AI across all data systems, addressing the growing need for […]
Living Security Expands Access to Human Risk Management Platform With Unify Go (Living Security) Living Security announced today Unify Go, a free tool for Living Security training customers that surfaces security vulnerabilities across the workforce.
Critical Insight Announces Launch of MXDR with Cyber Risk Quantification Platform to Better Defend Customers and Improve Executive Reporting (Critical Insight) Critical Insight announced the launch of its MXDR with Cyber Risk Quantification Platform to Better Defend Customers and Improve Executive Reporting
Versa Networks Selected to Provide SD-WAN, Zero Trust Access and Customer Edge Security Stack (CESS) for DISA’s Thunderdome Program (Yahoo Finance) Versa Networks, the global leader in AI/ML-powered Unified Secure Access Service Edge (SASE) and Software-Defined WAN (SD-WAN), today announced it has been selected to provide SD-WAN, Zero Trust access and Customer Edge Security Stack (CESS) functions for Thunderdome, the Defense Information Systems Agency’s (DISA) zero trust network access (ZTNA) and application security architecture. Versa products within the Thunderdome architecture provide conditional
OneSpan Introduces New Partner Network Program to Broaden Delivery of Secure and Seamless Customer Experiences (OneSpan) OneSpan™, the digital agreements security company, today announced the launch of a new partner network program that now provides a comprehensive set of benefits that will drive growth and help OneSpan partners deliver seamless and secure customer experiences.
Data Theorem Introduces Industry’s First API Attack Path Visualization Capabilities to Enhance Protection of APIs and Software Supply Chains (Data Theorem) Unveiled at Apidays Paris, Latest Version of API Secure Shines Light on Complex API Exploits to Help IT Security Teams Easily Digest and Understand Full Stack Attack Chain
Versa Networks Selected to Provide SD-WAN, Zero Trust Access and Customer Edge Security Stack (CESS) for DISA’s Thunderdome Program (Versa Networks) Versa Products in Thunderdome to Provide Zero Trust Access at the Network Edge for DISA On-Premises Users
Panther Unveils Security Data Lake Search and Splunk Integration to Redefine Detection and Response at Scale (Business Wire) Panther Labs, the leading cybersecurity innovator for detection and response at scale, today announced the launch of its new Security Data Lake Search and Splunk Integration capabilities. These offerings mark a critical leap forward in managing security risks in today’s cloud-first landscape.
Salt Security Selected to Secure Critical Online Data of Leading Provider of Property, Automotive and Asset Information in South Africa (PR Newswire) Salt Security, the leading API security company, recently announced that Lightstone, a trusted provider of property, automotive and asset data...
Malwarebytes Announces Free Vulnerability Assessment to Help IT Organizations Improve Security Posture Without Extra Costs (Malwarebytes Press Center) Malwarebytes vulnerability assessment module is now included in every ThreatDown bundle at no additional cost.
Constellation GovCloud® Earns Provisional Authority to Operate from FedRAMP® Joint Authorization Board (JAB) (PR Newswire) Constellation GovCloud®, a leader in cloud compliance and market acceleration, today announced its platform has achieved Provisional Authority...
Cybersixgill Announces New Capabilities to Deliver Relevant, Actionable Insights and Empower Security Teams to Detect and Stop Threats Swiftly (Cybersixgill) Threat Intelligence Leader Now Offers a New Identity Intelligence Module, a New Alerts Page to Streamline Workflows, and New Support for Open-Source Vulnerabilities
Technologies, Techniques, and Standards
Australia developing 'top secret' intelligence cloud to work with US, UK spy agencies (Breaking Defense) Andrew Shearer, Australia's Director-General of National Intelligence, also discussed how analysts will use AI, and the "lively debate" about whether Japan could join the Five Eyes.
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk (Cybersecurity and Infrastructure Security Agency | CISA) Recently, CISA identified positive trends on two CPGs across nearly 3,500 organizations enrolled in our Vulnerability Scanning service. Read about the findings in this blog.
Cybersecurity: Legal technology enhances firm security and boosts productivity (Business of Law Digest) Cybersecurity: Legal technology enhances firm security and boosts productivity By Carl Mazzanti A series of class action lawsuits filed against an array
BSIMM14: Tips to Enhance your Software Security Program (Synopsys Blog) Explore the key trends in the BSIMM14 report and learn actionable recommendations for enhancing your software security program effectively.
BSIMM14 Report: Application Security Automation Soars (Synopsys) Synopsys Software Integrity Group report highlights how customers embracing automation are improving security processes throughout the software life cycle. SUNNYVALE, Calif., Dec. 5, 2023...
Design and Innovation
IBM unveils first 'utility scale' quantum processor (Register) Big Blue's roadmap prioritizes circuit size over qubit quantity
Nexusflow Unveils Open-source Generative AI That Empowers Copilots to Use Tools and Outperforms GPT-4 (Business Wire) NexusRaven-V2 is the latest LLM released by Nexusflow that surpasses GPT-4 in enabling copilots and agents to use software tools
Nexusflow.ai | Blog :: NexusRaven-V2: Surpassing GPT-4 for Zero-shot Function Calling (Nexusflow) NexusRaven-V2: Surpassing GPT-4 for Zero-shot Function Calling
Research and Development
DHS seeks information for CISA analytics and machine learning project (FedScoop) The agency’s Office of Mission and Capability Support aims to better understand the “capabilities of businesses that could supply access to” the three commercial cloud providers that support the CAP-M project.
Legislation, Policy, and Regulation
How Nations Are Losing a Global Race to Tackle A.I.’s Harms (New York Times) Alarmed by the power of artificial intelligence, Europe, the United States and others are trying to respond — but the technology is evolving more rapidly than their policies.
Power grab by France, Germany and Italy threatens to kill EU’s AI bill (POLITICO) Landmark law hangs in the balance as big countries drag their feet on advanced AI rules.
AI Rules From US Government Push Companies to Show Tech Is Safe (Bloomberg Government) Businesses are focused on safety testing and following new federal rules to prove the safety of their products.
ITI to White House: U.S. Government Must Leverage Commercial AI and Adopt Standards-Based Approaches (Information Technology Industry Council) Today, global tech trade association ITI responded to the White House Office of Management and Budget (OMB)’s request for information on the draft memorandum “Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence.”
The congressional free-for-all over 702 is well underway (Washington Post) Everything, everywhere, all at once with Hill flurry of activity on Section 702
FBI Director Warns Against Weakening US Surveillance Capabilities (Voice of America) The use of Section 702 has stirred controversy because of repeated incidents in which officials have collected information on U.S. citizens.
A Key Enabler of U.S. Diplomacy: Section 702 of the Foreign Intelligence Surveillance Act (Semafor) The State Department's Brett Holmgren writes that allowing a key surveillance tool to expire "would severely inhibit a range of important U.S. diplomatic functions."
[Letter on Section 702 renewal] (Office of the Assistant Attorney General | Office of the Assistant Director of National Intelligence) Dear Chairman Warner, Senator Graham, and Senator Cornyn: This responds to your letter to the Department of Justice (Department) and the Office of the Director of National Intelligence (ODNI), dated October 26, 2023, about the importance of Title VII of the Foreign Intelligence Surveillance Act (FISA), especially Section 702, in keeping our country safe.
Congressman Biggs Introduces Major Legislation to End Warrantless Surveillance of Americans (Congressman Andy Biggs) Today, Congressman Andy Biggs (R-AZ) introduced the Protect Liberty and End Warrantless Surveillance Act (PLEWSA)—legislation that ends the warrantless surveillance of Americans and combats the weaponization of the federal government.
OMB takes aim at internet of things cybersecurity (Nextgov.com) The Office of Management and Budget’s recent FISMA guidance notes the importance of the Cybersecurity and Infrastructure Security Agency’s ability to scan agencies for vulnerabilities on an ongoing basis.
GCHQ shrinks amid recruitment and retention challenges (Record) A report by a British parliamentary committee noted a dip in personnel numbers at the intelligence agency. Contributing factors include competition from the private sector and the COVID-19 pandemic.
Readout from CISA’s 2023 Fourth Quarter Cybersecurity Advisory Committee Meeting (Cybersecurity and Infrastructure Security Agency) Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) held its fourth and final 2023 quarterly Cybersecurity Advisory Committee (CSAC) meeting.
Litigation, Investigation, and Law Enforcement
SEC Head Warns Against ‘AI Washing,’ the High-Tech Version of ‘Greenwashing’ (Wall Street Journal) Agency head Gary Gensler cautioned businesses against peddling phony AI-related hype.
Governments spying on Apple, Google users through push notifications - US senator (Reuters) Unidentified governments are surveilling smartphone users via their apps' push notifications, a U.S. senator warned on Wednesday.
China raises stakes in cyberscam crackdown in Myanmar, though loopholes remain (Washington Post) China is ramping up a crackdown on online scams operated by criminal syndicates in border areas of military-ruled Myanmar in an effort that has included a shootout, confession videos and national TV broadcasts of arrests of high-profile suspects.
State, northwest Indiana medical company settle lawsuit over exposure of 45K Hoosiers' data (Indiana Public Radio) The state has reached a settlement in its lawsuit against a northwest Indiana medical company over a ransomware event that put personal and protected health information at risk. The agreement includes no admission of guilt on the behalf of the provider.
CarePointe — an ear, nose, throat, sinu
a16z Funded AI Platform Generated Images That “Could Be Categorized as Child Pornography,” Leaked Documents Show (404 Media) OctoML, the engine that powers a16z funded Civitai, thought the images could qualify as “child pornography,” but ultimately decided to keep working with the company anyway, internal Slack chats and other material shows.
Hidden Cameras, GPS Data, and License Plate Readers: How the USPS Tracks Down Mail Thieves (Courtwatch) A court record shows how the oft overlooked United States Postal Inspection Service turned to all manner of tech to investigate someone stealing from mailboxes.