RSnake Report
Posts
RSnake Report 20240818

RSnake Report 20240818

Inflation, Iran stalling and Kursk, oh my!

Robert RSnake Hansen
August 18, 2024

Geopolitical
Technology
Cybersecurity
Business

Hello and thanks for reading! For starters let’s have a quick chat about the economy and inflation in particular. I ran into Tim Kennedy from Sheepdog Response the other day. One of the first things out of his mouth after I asked him how work was going was ‘Inflation’. I dug in a little and he said that all the costs for everything he uses have gone up while spending on his services has declined. That’s a rough market.

Tim is just one business man, but inflation is hitting just about everyone at well over double digits, almost on any metric there is, other than automobile affordability, which likely has to do with a glut of electric vehicles on the market, and less to do with manufacturing cost or labor. This will be a big issue in November, I believe.

Next up, let’s chat about Ukraine and Russia. Obviously a lot of ink has been spilled on that conflict and loud voices on both sides about huge losses. Some of that is likely propaganda and yes, it is plausible both sides have sustained losses in that fight. So rather than speculate, let’s just skip that and discuss the train system in Russia.

You may or may not be aware of the fact that Russia ships a huge amount of their war material, and food and consumer products around the country via rail, and it makes sense. Russia has a vast rail network, it’s cheap to transport via rail and until a few weeks ago no one had ever attacked any railways in the country. However, Russia has two problems at once.

The first is that their rail is in trouble due to natural failures in the system, bearings they can’t source, disgruntled employees, corruption, and state intervention which is almost always bad news for efficiency.

The second is that they are being invaded. And not just by ground forces, also by FPV drones, such as an entirely new class of drones that have massive penetrators.

43kg shaped charge next to a mortar

These things are enormous. 43kg (~95lb) shaped charge warheads. This isn’t just a train de-railer, this is a train destroyer, or any sort of armored vehicle or building. It doesn’t take much to destroy train tracks, especially with these monster charges. But destroying a train in such a way leave massive hulking masses of heavy metal that needs to be dealt with and moved. That means that those repair trains now become easier and easier to spot and destroy, adding the the mayhem.

43kg shaped charge under a massive drone

Railroad tracks are static targets, like buildings, but buildings don’t shut down the entire country’s ability to mobilize and move food and goods and military assets when they get blown up. So to see Ukraine now able to move into Russia, and likely deploy assets in country to further sabotage operations, will be fascinating to watch. Of course the other obvious thing Ukraine can drop are mines, lots and lots of mines. Even the threat of mines dramatically slows down shipping. Not to mention other random bad things happen to trains that lead to derailments as normal course of operation.

“target the repair train”

Now briefly onto Israel and Iran. We are still in a holding pattern as the world waits for Iran to flinch or make their big move. There is some statements being made that the longer they wait the more the Israeli’s suffer, but who knows if that’s true. Meanwhile Israel carried out airstrikes in Jenin and there have been small skirmishes on the West Bank related to that. Guess the peace accord was unsuccessful.

Okay, onto the articles!

Geopolitical

Over the past 24 hours, Russian forces have lost approximately 1,230 soldiers and 5 tanks in their war against Ukraine, bringing their total combat losses to 598,180 military personnel and 16,985 artillery systems.

- Russian forces have lost over 1,200 soldiers and 5 tanks in the past 24 hours.
- The total combat losses of Russian forces since February 2022 include approximately 598,180 military personnel and 16,985 artillery systems.

Please treat these numbers as speculative, but they are directionally correct. But they are probably far closer than the numbers that Moscow reports. There were 146M Russians in 2021. If more than half a million have been killed, that’s around .4% of the population. That is going to have an ever-increasing morale issue for the general population because it is going to affect more and more families whose young male family members have died in a war that makes little to no sense to the average Russian.

Source: https://www.pravda.com.ua/eng/news/2024/08/17/7470768/

Ukrainian prison in the north has accommodated 320 Russian prisoners of war, mostly conscripts, with some wounded. Prisoners were sent to Ukraine's west, away from fighting, and are being held in basement cells to protect them from airstrikes. Ukrainian forces continue to catch conscripts in Kursk Oblast, Russia.

- Ukrainian prison in the north has accommodated 320 Russian prisoners of war, mostly conscripts.
- Prisoners were sent to Ukraine's west, away from fighting.
- Some prisoners had shrapnel or gunshot wounds and are being held in basement cells to protect them from airstrikes.
- Ukrainian forces continue to catch conscripts in Kursk Oblast, Russia.

This is actually more important than it seems because as these prisoners get released how they are treated vs how the Russians treat their prisoners is going to get out to others. The fact that Ukrainians are handing out food and water to the locals in Kursk is another example of winning hearts and minds.

Source: https://www.pravda.com.ua/eng/news/2024/08/18/7470843/

Russia says Ukraine used Western weapons to destroy a bridge in western Russia, hindering evacuation efforts and advancing on Kursk. The destruction of the bridge will make it difficult for Russian forces to defend the area against Ukrainian advances and access supplies. The Ukrainian military has launched a campaign in the Kursk region, capturing strategic locations and settlements.

- Ukraine used Western-made rocket launchers to target a bridge over the Seym River in the Kursk region, killing volunteers trying to evacuate civilians.
- The destruction of the bridge will hinder the evacuation of civilians from the area and make it difficult for Russian forces to defend against Ukrainian advances and access supplies.
- Ukraine has launched a campaign in the Kursk region, capturing strategic locations and settlements, and is trying to relieve pressure on the Donbas region by drawing Russian troops into Kursk.

This kind of thing makes Washington nervous. We really don’t want to get dragged into the war if we don’t have to, and Russia may use anything at all as a provocation to engage in a larger conflict. Hopefully, by now, they are realizing that the only reason Moscow is safe is because we have tried desperately to avoid a larger conflict, and if we do start, it’ll be very bad news for Moscow.

Source: https://www.aljazeera.com/news/2024/8/17/russia-says-ukraine-used-western-weapons-to-destroy-bridge-in-kursk?traffic_source=rss

Germany plans to deliver RCH 155 self-propelled howitzers to Ukraine at the end of this year, marking the first international use of the system.

- Ukraine will receive state-of-the-art new generation artillery RCH 155 from Germany later this year
- The RCH 155 is a wheeled self-propelled howitzer developed by Krauss-Maffei Wegmann, a German defense company
- Ukraine will become the first international user of the RCH 155 system, which has not been used operationally in any country yet

Speaking of Western weapons, another upside of this conflict is that we are creating a very large market for NATO weapons suppliers to get rid of old stock and order fresh and larger munition stores. I have a feeling we’ll need it. And if we don’t, it is better to be safe than sorry. Either way, it is a great deterrent and creates jobs.

Source: https://euromaidanpress.com/2024/08/17/ukraine-to-receive-state-of-the-art-new-generation-artillery-rch-155-from-germany-later-this-year/

Sudan's paramilitary group, Rapid Support Forces (RSF), attacked the central village of Galgani in Sennar province, killing at least 85 people, including women and children. The attack occurred after residents resisted attempts to abduct and sexually assault women and girls. The RSF has been accused of massacres, rapes, and other gross violations across Sudan since the war started.

- RSF fighters stormed Galgani village after residents resisted attempts to abduct and sexually assault women and girls.
- The attack resulted in at least 85 deaths, including 24 women and minors, with over 150 villagers wounded.
- The RSF has been accused of massacres, rapes, and other gross violations across Sudan since the war started.

Source: https://www.military.com/daily-news/2024/08/17/sudans-paramilitary-fighters-killed-85-people-attack-central-village-residents-say.html

A police sniper potentially saved lives by shooting Donald Trump's would-be assassin's rifle, delaying him and giving Secret Service snipers a clear shot opportunity.

- The former president did not have protection during his rally in Butler when a bullet nearly hit him squarely in the head.
- A police sniper fired at Trump's assassin from 100 yards away, hitting part of his rifle and knocking him off balance temporarily before being fatally shot by a Secret Service sharpshooter.
- Security levels around former President Trump have increased since the assassination attempt.

There is a lot more we’re going to be uncovering as we learn more from more body cam footage. We shall see. At this point, I am less concerned with the events of the day than I am how the Secret Service does its job in the future, given those failings.

Source: https://www.bbc.com/news/articles/c4gl2jqem0eo

Israel confirms Turkey refused to release Haniyeh's fortune to his sons, sparking conflict between Erdoğan and Hamas leaders.

- Israel confirms Turkey refused to release Haniyeh's fortune to his sons
- The fortune is estimated at $3 billion held in Turkish bank accounts and real estate
- Israeli Foreign Minister Katz questioned the connection between Erdoğan and the money

Three billion is a lot of money, and there will be many eyes on where this money goes.

Source: https://www.jewishpress.com/news/middle-east/turkey/israel-confirms-turkey-refused-to-release-haniyehs-fortune-to-his-sons/2024/08/17/

Former US Rep. George Santos is expected to enter a plea at a court hearing planned for Monday, after being charged with financial crimes including wire fraud, theft of public funds, and money laundering.

- Santos faces charges related to lying to Congress about his wealth, collecting unemployment benefits while working, and using campaign contributions for personal expenses.
- Prosecutors have told the judge that the trial could last three weeks due to the number of witnesses expected, including some victims of Santos' alleged crimes.
- Santos has previously maintained his innocence and called the investigation a 'witch hunt', but in December he said a plea deal was 'not off the table'.

Source: https://fortune.com/2024/08/17/george-santos-guilty-plea-multiple-counts-federal-fraud-case-financial-crimes/

The US Secretary of State has approved a potential Foreign Military Sale to Israel involving the sale of M933A1 120mm High Explosive Mortar Cartridges and associated support services.

- The US Secretary of State has approved a potential Foreign Military Sale to Israel involving the sale of M933A1 120mm High Explosive Mortar Cartridges and associated support services.
- The total estimated value of the deal is $61.1 million.
- This proposed sale will bolster Israel's homeland defense and deterrence capabilities against regional threats.
- Israel has requested the acquisition of 5,000 M933A1 120mm High Explosive Mortar Cartridges and associated support services.
- The US has approved the sale of 4,500 M933A1 120mm High Explosive Mortar Cartridges and associated support services to Israel.
- Israel will use the purchased mortars to enhance its military capabilities against regional threats.

This is the sale we were talking about in a previous newsletter with more detail and a slightly higher price tag associated with it. Refreshing stocks, supplying arms to our allies, etc., helps the West and weakens our enemies.

Source: https://militaryleak.com/2024/08/16/us-secretary-of-state-approves-sale-of-m933a1-120mm-high-explosive-he-mortar-cartridges-to-israel-defense-forces/

A very strong typhoon is approaching Japan's Pacific coast, causing widespread transportation disruption and power outages. The typhoon has led to the cancellation of numerous flights and trains in the Tokyo area, particularly during Japan's busy 'obon' holiday week.

- The typhoon is forecasted to pass northeastward along the Honshu coast, near Tokyo which houses around 40 million people.
- Over 4,000 households in Chiba prefecture have lost power due to the typhoon.
- The cancellation of flights and trains has caused significant disruptions to transportation in the Tokyo area.
- The typhoon is expected to bring strong winds and heavy rain to Japan's Pacific coast.

Source: https://timesofindia.indiatimes.com/world/rest-of-world/flights-and-trains-cancelled-in-tokyo-as-very-strong-typhoon-approaches-japans-pacific-coast/articleshow/112557039.cms

China's reliance on global iron markets has led to increased imports, making it vulnerable to supply chain disruptions.

- China imported a record high 1.18 billion metric tons of iron in 2023, with imports expected to exceed this amount in 2024.
- China's domestic production capacity only met 387 million metric tons of its iron demand in 2023, leaving it heavily reliant on global markets.
- The Simandou iron mine in Guinea has the potential to alleviate China's import dependency and expand the global field of heavyweight iron producers.

This is a nice lever. If it comes down to a conflict with China and Taiwan, they will be sanctioned immediately, and this might be a huge source of pain for China. It is very easy for the United States to disrupt shipping of the iron ore from Guinea, too.

Source: https://www.geopoliticalmonitor.com/simandou-the-pilbara-killer-comes-of-age/

Polio has been detected in a child in the Gaza Strip after being found in wastewater samples from two major cities, and a massive vaccination campaign is planned by the World Health Organization to vaccinate over 640,000 Palestinian children.

- Polio has been detected in a child in the Gaza Strip.
- A massive vaccination campaign is planned by the World Health Organization to vaccinate over 640,000 Palestinian children.
- The polio virus was found in wastewater samples from two major cities in Gaza last month.

Source: https://timesofindia.indiatimes.com/world/middle-east/gaza-reports-first-polio-case-in-decades-amid-conflict/articleshow/112582265.cms

The conflict between Russia and the West has intensified, affecting various sectors worldwide, particularly in Europe where tensions are high in the Baltic region. NATO expansion is perceived as a direct threat by Russia, prompting military responses and increased deterrence strategies. The situation remains volatile, with the risk of escalation into direct conflict remaining a concern.

- Tensions between Russia and NATO have escalated due to military buildups and territorial threats.
- The Baltic Sea region is becoming increasingly militarized as both sides prepare for potential conflict.
- Russia is enhancing its military deterrence, including nuclear capabilities, in response to NATO's movements.

Estonia, Latvia, and Lithuania must carefully eye the Ukraine conflict. If Moscow does win, they and the Polish are historically going to be next areas of interest to limit NATO expansion in Eastern Europe.

Source: https://geopolitics.co/2024/08/17/this-european-region-could-be-the-next-ukraine/

Hamas has rejected claims of progress towards a ceasefire agreement with Israel following recent talks mediated by the US, Qatar, and Egypt. The ongoing conflict has resulted in significant casualties, with Israel continuing military operations in Gaza and Hamas maintaining its conditions for negotiations, raising fears of a potential regional escalation if talks fail.

- Hamas denies any progress in ceasefire talks with Israel.
- The conflict has resulted in over 40,000 deaths in Gaza.
- The ongoing military operations continue to pose threats to civilians and humanitarian efforts.

I cannot pretend to be surprised. It wasn’t like they wanted peace anyway. “From the Land to the Sea…” is a genocide declaration, not the way one starts a negotiation.

Source: https://www.bbc.com/news/articles/c4gdewq4v8wo

The International Atomic Energy Agency (IAEA) has reported a deteriorating nuclear safety situation at the occupied Zaporizhzhia Nuclear Power Plant after a drone strike near the plant. The IAEA team visited the site and noted damage likely caused by a drone equipped with explosives. Rafael Grossi, Director General of the IAEA, declared a threat to nuclear safety and urged the warring parties to adhere to five specific principles established to protect the ZNPP.

- A drone strike near the Zaporizhzhia Nuclear Power Plant has damaged equipment, but caused no casualties or damage to the plant's equipment.
- The International Atomic Energy Agency (IAEA) has reported that the nuclear safety situation at the occupied Zaporizhzhia Nuclear Power Plant is deteriorating.
- Rafael Grossi, Director General of the IAEA, has declared a threat to nuclear safety and urged the warring parties to adhere to five specific principles established to protect the ZNPP.

Source: https://www.pravda.com.ua/eng/news/2024/08/18/7470839/

Technology

The removal of public likes on X has had negative consequences for users, making it harder to gauge someone's taste or sense of humor.

- Public likes were a tool to understand someone's context and navigate online interactions.
- The removal of public likes has made it easier for users to like offensive or hurtful content without consequences.
- There was already a solution, bookmarks, which allows users to privately save content for later or mark things they disagreed with, making privatizing likes unnecessary.

This is a bit of a bad take. A more Austrian School of Economics approach to this thinking is X now allows people to express hidden preferences. It allows them to get real visibility into sentiment without fear of backlash from other users. It’s a very useful signal both for the content creators as well as X which has an AI machine to feed and now they have a signal that no other social media platform does - true user sentiment.

Source: https://mashable.com/article/x-private-likes

Microsoft has released a security patch containing fixes for vulnerabilities, including 10 zero-days, with six of those actively exploited in the wild.

- The patch contains fixes for 80 other security flaws patched in this update.
- Six of the 10 zero-day vulnerabilities have been actively exploited in the wild, with hackers able to get around Microsoft Defender's SmartScreen using one of these flaws.
- Installing the update ensures that these known security flaws are patched on a machine, preventing future exploits.

Don’t forget to patch, folks!

Source: https://lifehacker.com/tech/microsoft-patched-actively-exploited-windows-security-flaws

NASA is facing operational challenges with Boeing's Starliner spacecraft, which has been docked at the International Space Station since June 2024. The astronauts aboard may have to remain in space for up to six months longer than planned due to propulsion issues, impacting upcoming flight schedules and the operational capacity of the space station.

- NASA's Starliner spacecraft is experiencing propulsion issues.
- Astronauts may remain in space until February 2025 due to scheduling conflicts.
- The delay could have major implications for crew rotations and mission planning.

Another day, and another Boeing PR disaster. Can you imagine that in six months, we’ll still be talking about those astronauts? If the board isn’t seriously ready to fire the execs who allowed this to happen, I bet the shareholders are going to be very upset.

Source: https://mashable.com/article/boeing-starliner-nasa-flight-readiness-decision

The US Army has introduced the Deep Orange 15, a semi-autonomous ground rescue vehicle designed by students at Clemson University. This vehicle can autonomously transport critically injured patients, allowing medical personnel to focus on providing care or assisting other casualties during emergencies.

- Deep Orange 15 is a semi-autonomous ground rescue vehicle.
- It was developed by Clemson University students in collaboration with the US Army.
- The vehicle enhances emergency response efficiency by autonomously transporting injured personnel.

Drones saving people is an inevitability. The last thing you want is another Black Hawk Down situation, or what happened with those two helicopters full of Navy SEALs in Lone Survivor.

Source: https://sofrep.com/news/us-army-deep-orange15-rescue-vehicle/

Apple's next-generation M-series chip, the M4, will be integrated into various Mac models, including MacBook Pros, MacBook Airs, iMacs, Mac minis, and Mac Studios. The M4 chip is expected to provide significant performance improvements over its predecessor, with a 50% faster CPU and four-fold rendering performance jump. Various Apple products are scheduled for release in late 2024 or early 2025.

- Apple's next-generation M-series chip, the M4, will be integrated into various Mac models.
- The M4 chip is expected to provide significant performance improvements over its predecessor, with a 50% faster CPU and four-fold rendering performance jump.
- Various Apple products are scheduled for release in late 2024 or early 2025, including MacBook Pros, MacBook Airs, iMacs, Mac minis, and Mac Studios.

This will be a monster. Most of the time, there is really no reason to worry about the utility of computing unless you are a gamer or a graphic artist. But with local LLMs, this will become more and more useful for even the average consumer, let alone the prosumer. I run local models on my computer regularly for operations I don’t trust or cannot afford to run on expensive compute, and that is a sign of what is coming.

Source: https://mashable.com/article/m4-macs-rumors-and-leaks

Elon Musk's Grok-2 app has launched a new AI image generator with minimal filters, allowing the creation of highly realistic but potentially misleading images of public figures and celebrities. This technology raises concerns about the spread of disinformation, especially during the U.S. election season, as users can generate provocative images that may deceive those less familiar with digital manipulation. The app has been reported to produce graphic and violent imagery, which could further complicate the integrity of online information.

- Grok-2 allows users to generate realistic images of politicians and celebrities.
- The app has minimal filters, making it possible to create misleading or provocative content.
- The launch coincides with the U.S. election season, raising concerns about disinformation.

Mostly, I think this isn’t that interesting, with two exceptions. Unfiltered will eventually win because it has the least brain damage. We saw Gemini had to roll back it’s image generation entirely due to the amount of censorship they applied to the system. It’s actually least broken when it has full access to do anything. However, it also falls into the realm of copyright issues. So, I will be very interested to see what happens with the potential for Disney lawsuits stemming from unauthorized Mickey Mouse Grok2.0 images.

Source: https://lifehacker.com/tech/elon-musks-ai-image-generator-grok-update

Google has launched its new voice assistant, Gemini Live, allowing users to interact with the chatbot in real-time. This assistant is designed to provide more natural responses and connect with various apps for a seamless user experience. Additionally, it offers features like real-time transcription of conversations and the ability to ask questions about the environment using computer vision technology.

- Gemini Live provides a more natural conversational interface compared to previous voice assistants.
- The assistant is built using generative AI and allows users to interact fluidly without altering their speaking style.
- Future updates will integrate additional app functionalities and leverage computer vision for enhanced interaction.

I was talking to a friend last night who is in Narcotics Anonymous, and he said that it was the best sponsor he could ask for. I think there is a lot of advantage to having something real-time and fully educated on all of the right things to say. I'm not a fan that it’s Google, but more people being offered help and counseling in real time is not a bad thing.

Source: https://www.wired.com/story/what-is-gemini-live/

Cybersecurity

High-level racers now have to worry about cyber attacks on their bikes, which can be used to gain an unfair advantage or cause crashes. Researchers found vulnerabilities in wireless gear-shifting systems that could allow attackers to manipulate gear shifts or jam the shifting operation. These attacks are relatively inexpensive and risk rider safety and performance.

- High-level racers now have to worry about cyber attacks on their bikes, which can be used to gain an unfair advantage or cause crashes.
- Researchers found vulnerabilities in wireless gear-shifting systems that could allow attackers to manipulate gear shifts or jam the shifting operation.
- These attacks are relatively inexpensive and risk rider safety and performance.

There is a great Twitter feed if you are interested in this kind of thing: Internet of Shit.

Source: https://gizmodo.com/bicycles-can-be-hacked-now-2000487952

A major ransomware attack on Change Healthcare, a subsidiary of UnitedHealth, has led to a significant breach of sensitive medical data affecting potentially over 100 million individuals in the U.S. The attackers, identified as the ransomware gang ALPHV/BlackCat, gained access to healthcare systems and caused widespread disruption, resulting in a ransom payment of $22 million.

- The Change Healthcare ransomware attack is one of the largest data breaches in U.S. health data history.
- The incident has resulted in the exposure of sensitive personal and health information for a substantial number of Americans.
- The U.S. government increased its bounty for information on the hackers as part of ongoing efforts to address the situation.

Source: https://techcrunch.com/2024/08/17/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/

A data breach at National Public Data compromised information of nearly three billion individuals, with hackers stealing and selling records containing names, addresses, birth dates, phone numbers, and Social Security numbers.

- Experts advise freezing credit files and strengthening account security to mitigate identity theft risks.
- Identity theft protection services offer alert,s and affected individuals should visit IdentityTheft.gov for recovery plans.
- Regularly checking bank and credit card accounts can help flag suspicious activities promptly, and updating passwords regularly and enabling two-factor authentication can also protect against unauthorized access.

So this is likely aggregate data and is the kind of data most marketing companies have on everyone, tying in lots of open source data and data broker information. It’s not like they have 3BN social security numbers - there aren’t even that many worldwide. But they may have all of the SSNs and all of the Post Identen info in Germany and whatever other IDs are used in different regions, all summing up to effectively some amount of data on just about every person online that has ever filled out forms, had a credit card, had a phone number, had an email, had a social media account, etc. This makes deep fake spam a lot more interesting.

Source: https://timesofindia.indiatimes.com/world/us/americans-at-risk-after-hackers-steal-social-security-data-of-nearly-3-billion-individuals-is-your-ss-number-safe/articleshow/112572655.cms

NIST has officially published the first post-quantum cryptographic algorithms, marking the completion of an eight-year initiative to prepare for the growing threat of quantum cyberattacks. The new standards were swiftly accompanied by the launch of testing services for these algorithms. Organizations now have access to validation services and training on these advanced cryptographic methods.

- NIST has published FIPS 203, 204, and 205 as official post-quantum cryptographic standards.
- The ACVTS has been enabled for testing these new algorithms, with atsec conducting the first tests.
- Organizations can now access testing and training services for implementing these post-quantum cryptographic algorithms.

Source: https://thereadable.co/first-post-quantum-cryptographic-algorithm-certificates-issued/

Iranian threat actor APT42 has been targeting the personal email accounts of individuals affiliated with the Biden and Trump campaigns, using phishing tactics and malware to gain access to cloud-based accounts. Google's Threat Analysis Group has disabled compromised accounts and warned users while monitoring ongoing attempts from APT42, which has also focused on Israeli targets. The situation highlights a broader landscape of cybersecurity threats beyond previous notions of Russian interference.

- APT42 targets personal email accounts of US presidential campaign affiliates.
- Google's TAG has taken measures to secure compromised accounts and warn affected users.
- The incident indicates an expanding range of cybersecurity threats from various actors, not limited to Russia.

Color me shocked. This happened in the last election as well. Watch out for big data dumps coming from both sides. It will likely come.

Source: https://arstechnica.com/?p=2043545

SolarWinds has identified a critical remote code execution vulnerability in its Web Help Desk platform, designated as CVE-2024-28986, which poses significant risk to customers. The flaw, which has a CVSS score of 9.8, could allow attackers to run commands on affected systems if not patched. Customers are urged to update their software to mitigate this serious security risk.

- A critical RCE vulnerability has been discovered in SolarWinds' Web Help Desk platform.
- The vulnerability has a high CVSS score of 9.8, indicating severe risk.
- Customers are advised to apply the available patch to protect their systems.

This is another blow for the SolarWinds team, following the debacle a few years back in which they were used as a backdoor to attack their customers.

Source: https://www.darkreading.com/vulnerabilities-threats/solarwinds-critical-rce-bug-requires-urgent-patch

WormGPT, which can generate convincing phishing emails, malware, and malicious recommendations for hackers, are currently not a major problem but have the potential to become more threatening if left unaddressed. The tools lack robust back-end capabilities and are prone to crashing, but advancements in GenAI technologies suggest a future where AI could independently manage complex tasks on behalf of bad actors. Companies should prepare viable AI-empowered mitigation strategies in advance to neutralize incoming attacks ahead of time.

- WormGPT tools lack robust back-end capabilities and are prone to crashing.
- Advancements in GenAI technologies suggest a future where AI could independently manage complex tasks on behalf of bad actors.
- Companies should prepare viable AI-empowered mitigation strategies in advance to neutralize incoming attacks ahead of time.

This is old code, but it will continue to improve. I have no doubt that it will be ported to more sophisticated LLMs.

Source: https://www.darkreading.com/vulnerabilities-threats/beyond-the-hype-unveiling-realities-of-wormgpt-in-cybersecurity

Microsoft Authenticator has a design flaw that causes it to overwrite multi-factor authentication accounts when new accounts are added using QR codes. This issue leads to users being locked out of their accounts without realizing the problem originates from the authenticator app, leading to unnecessary corporate support burdens. Despite complaints dating back to 2020, Microsoft has not resolved the issue.

- Microsoft Authenticator overwrites accounts with the same username during QR code scans.
- Users are often unaware of the issue, attributing lockouts to other platforms.
- Other authenticator apps have mechanisms in place to prevent this conflict.

Source: https://www.csoonline.com/article/3480918/design-flaw-has-microsoft-authenticator-overwriting-mfa-accounts-locking-users-out.html

Recent research reveals that organizations are increasingly adopting DevSecOps to modernize application security processes. However, the integration of generative AI is creating challenges, with security teams struggling to keep up with the increased complexity and risks associated with AI usage. The demand for future-proof security frameworks and better governance is surging as enterprises recognize the need for improved visibility and risk management in their software development practices.

- Organizations are moving from traditional application security to modern AppSec and DevSecOps processes.
- The adoption of generative AI in software development raises new security challenges.
- There is a strong need for a future-proof security framework that can manage risks associated with AI.

When I talk to Matt Johansen at Vulnerable U, he believes not only have we tried to shift-left, we have actually succeeded. We have shifted left. The real problem is we don’t need security people anymore; we need programmers that we can get to write our tooling for us.

Source: https://thereadable.co/new-research-esg-and-armorcode-uncover-state-of-app-security-genai-adds-complexities-creating-urgency-to-reduce-risk-and-modernize-devsecops/

A significant security vulnerability has been discovered in Google Pixel devices, stemming from a component called Showcase.apk that has been present since 2017. This flaw, which allows for potential unauthorized remote access and malware installation, affects millions of Pixel users but is not currently being exploited. Google is planning a software update to address this issue in the upcoming weeks.

- A major security flaw in Google Pixel devices has been identified.
- The vulnerability could allow for remote code execution and malware installation.
- Google is set to release a fix for the issue in the near future.

The words “near future” make me cringe here. What do users do in the meantime? Just turn off their phone?

Source: https://lifehacker.com/tech/dangerous-security-vulnerability-baked-into-pixel-firmware

Business

Canada's two largest railroads are facing potential work stoppages due to labor disputes with the Teamsters union, jeopardizing cross-border trade with the U.S. Both Canadian Pacific Kansas City and Canadian National railroads have begun to halt shipments, with lockouts and strikes possible if negotiations fail. Significant supply chain disruptions may occur if the stoppages extend beyond a few days, particularly impacting the shipment of various goods including automobiles and agricultural products.

- Canadian Pacific Kansas City and Canadian National railroads are halting certain shipments due to labor disputes.
- Negotiations are ongoing, but a lockout or strike is increasingly likely.
- Potential disruptions may affect a vast range of goods critical to the economy, especially in the harvest season.

I thought this was timely, given the conversation above about railroads in Russia. We aren’t immune to similar outages.

Source: https://abcnews.go.com/Business/wireStory/work-stoppage-canadas-largest-railroads-disrupt-us-supply-112920030

Gold prices have surged more than 20% this year, exceeding $2,500 per ounce, driven by anticipation of Federal Reserve rate cuts and increasing demand from central banks looking to diversify from the U.S. dollar. Analysts project that gold could approach $3,000 per ounce as geopolitical uncertainties persist and the potential for recession grows, impacting investor behavior and market strategies.

- Gold price has advanced significantly in 2024, outperforming the S&P 500.
- Analysts predict the price of gold may reach $3,000 due to continued geopolitical uncertainty and central bank purchases.
- The Federal Reserve is expected to implement multiple rate cuts, influencing the attractiveness of gold as an investment.

This typically happens in times of uncertainty. It is not a good long-term bet, but it has historically been a good short-term hedge against inflation or other large hits to the stock market.

Source: https://fortune.com/2024/08/17/gold-price-outlook-wall-street-forecasts-3000-fed-rate-cuts-central-banks-recession/

In 2024, the tech industry has experienced a significant wave of layoffs, with 60,000 job cuts reported across 254 companies including major corporations like Tesla, Amazon, Microsoft, and smaller fintech startups. These cuts reflect ongoing adjustments in the workforce following earlier layoffs in 2022 and 2023, as companies continue to adapt to economic pressures and technological advancements, particularly related to AI and automation.

- 60,000 job cuts in the tech sector across 254 companies in 2024.
- Major companies like Tesla, Amazon, and Microsoft have conducted significant layoffs.
- The ongoing layoffs indicate a shift towards automation and AI integration in various business operations.

I was told and assured that 2023 was the year of the layoffs and there wouldn’t be any more in 2024. And yet…. By the way, this isn’t the only place we are losing tech workers. We also lose them through attrition and simply not backfilling the requisitions. That happens a lot, and AI will expedite the need for more creative ways to remove less useful tech worker staff. Any staff overhead will be scrutinized.

Source: https://techcrunch.com/2024/08/15/tech-layoffs-2024-list/

The U.S. economy faces potential challenges as inflation persists and interest rates rise, despite recent growth and a stable economic environment. Analysts warn of an impending recession, citing record levels of corporate and government debt, along with worrying indicators such as yield curve inversion, which traditionally foreshadow economic downturns.

- The U.S. economy has shown resilience against inflation and interest rates, with strong stock market performance.
- Mark Spitznagel warns of an imminent recession, driven by high levels of debt and historical patterns of the yield curve.
- Potential future scenarios include stagflation and the challenge of managing excessive inflation post-recession.

Tim Kennedy isn’t alone here, folks. This is hitting everywhere in the United States. Senior Citizens eating ramen because their annuities don’t pay enough due to inflation will be a problem for Kamala in November.

Source: https://fortune.com/2024/08/16/black-swan-mark-spitznagel-recession-coming-this-year-bubble-popping-soon/

Epic Games has launched an alternative app store for iOS in the European Union, directly competing with Apple's App Store for the first time. This move is a result of new EU regulations that mandate tech giants to allow rival app stores, ultimately aiming to increase competition and reduce prices for consumers. Epic's store will offer lower commission rates compared to Apple's, potentially impacting Apple's lucrative app market.

- Epic Games Store launches on iOS in the EU, challenging Apple's App Store.
- Under new EU regulations, tech giants are required to allow alternative app stores.
- Epic plans to onboard third-party developers and offers lower commission rates to attract users.

This is a little different than balkanization; this is true competition. It will be interesting to see how Apple handles this because they probably do not want to lose money if they don’t have to. They may start building their own apps and bundling them to crush companies that go to the competitive app store—anything to make it seem less appealing to customers and keep them within the Apple ecosystem. Ultimately, I do see competition as good news, though.

Source: https://www.wired.com/story/epic-games-store-eu-launch-vs-apple/

Thanks so much for reading, and once again, please forward this newsletter to anyone you think should be reading it. It’s how the newsletter grows, how I know you love it and encourages me to keep going. I’d really appreciate it!