- RSnake Report
- Posts
- RSnake Report 20240830
Table of Contents
đ Hello and happy Friday! I hope you have great weekend plans. This week Trey Ford and I had a good demo day with James Wickett at DryRun. Itâs a new product that enhances code behavior analysis by integrating security checks directly into the development workflow. It uses analyzers that assess pull requests for vulnerabilities, using natural language questions to improve the interaction for developers. Check it out if you write web apps.
Letâs start in Russia - Rostov seems to be heavily under attack in recent days, including oil fires, and fires at the port. Some of these videos are pretty spectacular like the Atlas depot. In other cases, Ukraine has gone back and re-attacked old targets, like the Russian State Reserves near Astakhov. The Russians have stopped reporting oil and gas generation numbers and now consider it a state secret before it was widely known. Ukraine is also hitting rail systems, including the Lgov railway, to choke supply.
âstrong fire near the port areaâ
Russian recruitment has evolved - it is placed where people who are in need of money, ATMs, to advertise a way for them to make money - join the military. Desperate times call for desperate measures.
âmilitary recruitment ads trying to tempt menâ
Russian treatment of their own soldiers is at an all-time low (fairly gruesome link, fair warning). The Russians have begun forcing their conscripts, who are barely trained, into signing contracts, which is actually illegal under Russian law. There is a Ukrainian program called âI Want to Liveâ that is educating Russian soldiers through many different channels on how to defect, and there is at least one harrowing story of a Russian soldier using a grenade on his troops to get away. Around ~600 Russian Prisoners were just captured, which will likely lead to prisoner exchanges at a 1:1, but keep in mind the quality of Ukrainian soldiers and their training is much higher.
â600 Russian POWsâ
Putinâs nepotism continues with the promotion of his niece Anna Tsivileva to State Secretary. Itâs unclear whatâs causing it, but there is evidence that Russians are increasing their offensive cadence in the last month. Russian advances are remarkably increasing towards Pokrovsk. I was a bit skeptical of that advance, but to their credit, they are sending the required number of soldiers into the meat grinder to make some headway. The Ukrainians have shot down 60 out of 74 Shahed drones - not quite as good as what Israel accomplished earlier this week, but still very good. The Ukrainians have admitted that their attack in the Kursk region was to siphon forces away from other areas, and it looks like Russia didnât fall for it as badly as Ukraine had hoped.
â100 day graphâ
The Russians have targeted oil and power generation in Ukraine including the ongoing targeting of Ukrainian dams as we discussed. Russia also attacked the Ryazan Power Plant in Novomichurinsk. Ukraine had to disable multiple nuclear reactors and issued an official announcement to that end. Sergey Lavrov has said that he feels peace with Ukraine and the âZelensky peace planâ is delusional.
âthe times Russia has targeted dams in Ukraineâ
There are a few new things on the drone and weapon front, including their speed to market over the existing Gen5 fighters. The new Palyanista drone, which has a huge range and speeds of 300+ knots, makes it fast enough to evade all but the most expensive anti-missile systems. Then we have drones turning into bombers, allowing them to drop many munitions at once or act as mini-carpet bombing raiders.
âMini bomberâ
Another interesting thing was the use of a long rod sticking out the front of a munition to cause it to go off slightly above the ground, leading to more lethality and even cheaper drones that are effectively just pipe bombs with cardboard fins adhered to them. The Ukrainians now have a small 3d printable scanner that helps them identify nearby drones called the âsugar cubeâ. Lastly, I talked about hidden missile systems, and here is some great footage of a containerized missile system.
âlong rod projecting from the munitionâ
On the domestic front, Kamala has done a U-turn and is now committed to spending over 100M on improving the southern border wall. I guess itâs not racist after all. 𫢠Her unrealized gains tax has gotten more scrutiny. While likely illegal, unprecedented, and unlikely to pass, it seems to only effect the ultra-wealthy, like fund managers who fund companies. Even her own donors are trying to get her to reconsider it, which makes sense since it would likely affect them. The violent Palestinian protesters are still at it on the US campuses and out on the streets, and there seems to be no political will to do anything about it.
In other presidential candidate news, Trump wants supporters to buy NFT and physical trading cards. This is likely a way to allow donors to spend money without the overhead of making anything expensiveâa campaign finance loophole. Surprisingly, Trump says he personally will be voting for a pro-abortion amendment on the Florida ballet.
The Chinese are back at it, ramming boats, and this is some of the best footage Iâve seen of their belligerence. The US has stated that we will begin to offer more support to help escort ships that might be harassed by the Chinese. This feels like a severe international incident waiting to happen. China is also selling warships to Cambodia, so it is clear they are trying to make some friends in that region who can help them fight.
âescorting PH shipsâ
And it makes sense if you are President Xi because China has substantial economic slowdowns, a declining population, and a declining education system. They are in deep trouble, and instead of propping up their economy, he seems to be more interested in power projection than his own people. There are too many mouths to feed, and if he loses a few million of them in the process of gaining more regional power, that would be a good thing from his perspective. Itâs sick, but it makes sense for Xi.
âKindergarten closures have surged across Chinaâ
On to the Middle East. It turns out reports about the fate of the Sounion tanker ship were premature - it lived. But itâs leaking oil and still on fire, and from multiple places on the ship. There is a long trail coming from it which you can see really clearly in overhead photos. The spill can be seen in satellite imagery and might be as many as 2000km2 in size. The Houthis have said they will allow salvage teams to board - but, itâs not clear why. Perhaps there was political pressure to prevent the Houthis from causing widespread environmental damage from their peers.
âSounion is leaking oilâ
There was an interesting article about the size of Hezbollahâs arsenal and why a buffer zone is useful. Most of the 150k missiles are very short-range and cannot be fired at any meaningful distance. They have had a few minor wins taking out surveillance tech on the Israeli border, but that seems to be about it thus far. Their financier, the Iranian Military, has stated that the âTrue Promise 2â operation will change âglobal dynamics.â - I guess they broke the promise of operation âTrue Promise 1â, so we shall see.
âHezbollah has around 150,000 missiles and rocketsâ
Itâs worth mentioning what these regional conflicts are doing to exports. There has been a huge decrease in shipping through the Suez Canal over the last few months. The data isnât super current, but I canât imagine itâs improving. And this doesnât even account for random accidents that slow down shipping.
And then you look at port congestion over the last few years and it is hugely down, which means there are fewer ships in the ocean, meaning less exports, meaning higher prices. This is why Exxon and OPEC are sounding the alarm bell. This is one of the crazier sets of graphs Iâve seen on what these regional conflicts are doing to us economically.
The Islamic Resistance in Iraq launched drones at an Israeli power plant. They are quite a bit less dangerous than Iran, but worth paying attention to. Meanwhile, Israel launched a huge offensive into the West Bank.
âLargest Operation seen in the West Bank in several Decadesâ
More has come from Zuckerbergâs conspiratorial announcement about working with the US government and the lies told to Congress. The thinking I can see is that people think he was coerced into it because they control a lot of other purse strings and legislation that could harm Facebook. This is a chance to come clean and stop the madness, before we see what is happening in the UK, where 50,000 people are reported to have recently been arrested for using illegal words. Keep in mind, the UK government is comfortable extraditing US citizens for this too.
âharassment, alarm or distress - words or writingâ
Telegramâs CEO is getting a lot more scrutiny. While I do think this is largely about censorship and not about crime per se, the opposing censorship advocates are showing some evidence that Telegram was alerted to CSAM material and did not remove it.
âTelegram implicitly allows it in private groups and direct messagesâ
On the AI safety front, California is working on SB-1047, which would do just about everything wrong. From the article, AI developers will need to refrain âfrom training models that pose an unreasonable risk of being used to cause critical harmâ. If youâve read my book, AIâs Best Friend, you know why censoring AI is tantamount to giving it brain damage. Applying controls on top of the AI to limit its output or add context is fine (type 2 thinking), but type 1 thinking needs to be imbued with as much data as possible to reduce hallucinations. Also, all you will end up doing is making AI companies leave for places where they can work in peace. We cannot put this genie back in the bottle. There are 881k models on Huggingface right now.
Okay, onto the articles!
A powerful typhoon, Typhoon Shanshan, has hit Japan, killing at least four people and injuring over 90, with millions told to evacuate as it causes widespread destruction and disruption.
Typhoon Shanshan has caused significant damage and loss of life in Japan, with at least four people killed and over 90 injured.
The storm has prompted evacuation orders for millions of people, with many left without power or facing severe disruption to transport services.
The typhoon is expected to move across Japan over the weekend before reaching the capital Tokyo, with authorities warning of landslides, flooding, and large-scale damage.
This also caused some aborted landings - trust me, you would not want to be on this jet. It also caused quite a bit of damage and storm surges.
A gunman attempted to assassinate former US President Donald Trump at a rally in Pennsylvania and had made a sustained effort to plan an attack on major events before targeting Trump.
The FBI says the shooter searched for information about Trump's campaign events multiple times, including searching for bomb components as early as 2019.
Several probes are examining the security measures surrounding the event.
The UN has paused operations in Gaza due to increasing violence and evacuation orders from the Israeli military, which have impacted the delivery of humanitarian aid affecting 1.8 million people. Significant casualties have been reported since the conflict escalated following the October 7 attacks, with over 40,500 deaths in Gaza and ongoing military actions by Israel against Hamas. Additionally, a polio vaccination campaign is at risk due to the challenging conditions for aid workers in the area.
The UN's operations in Gaza are severely hindered by violence and military evacuation orders.
Humanitarian efforts face critical challenges amidst widespread casualties and health crises.
In some of the only encouraging news Iâve seen on this topic, apparently Hamas has been lying about the poll results they are getting and they are a lot less favorable than they would like it to seem, if true. The biggest changes were that they favored certain candidates, made it seem like the public had an interest in voting, and made it seem like they believed that Israel would lose the war with Hamas.
An oil tanker in the Red Sea is burning and leaking, potentially posing an environmental disaster, while Houthi rebels have threatened to attack any supporting vessels.
The situation has been described as an imminent environmental hazard by the European Union's naval force in the region.
Houthi rebels have threatened to attack any supporting vessels, complicating efforts to clean up and remediate the spill.
Satellites can already see the oil spill,worsen apparently. This situation will likely get worse unless those salvage teams are quick and well-equipped.
NATO allies have pledged increased military support for Ukraine following a council meeting, reaffirming their commitment to bolstering Ukraine's defense capabilities in the face of ongoing Russian aggression.
NATO allies have pledged increased military support for Ukraine following a council meeting
NATO members are stepping up their military assistance to Ukraine, providing additional air defense systems and missiles
The alliance has committed to a minimum of 40 billion euros in security assistance over the next year
Russia has suffered significant losses, with 1,090 soldiers and a bomber being destroyed over the past day, bringing their total combat losses to an estimated 611,190 military personnel. The losses include 17,522 artillery systems and 368 fixed-wing aircraft. Ukraine's forces continue to gain momentum against Russian occupation.
Russia has suffered significant losses with 1,090 soldiers killed or wounded over the past day.
The total combat losses of the Russian forces are estimated to be approximately 611,190 military personnel and 17,522 artillery systems.
It also saw a downed SU-15 using a MANPAD. The more of these the Ukrainians get the worse this is for Russian air superiority. The US is still blocking the delivery of promised patriot missile defense batteries though (that video is worth a watch).
A Ukrainian F-16 warplane has crashed during a Russian missile and drone barrage, while Ukraine's military has been conducting strikes on Russian targets, including oil depots deep inside Russia. The crash was the first reported loss of an F-16 in Ukraine. Russia has also launched aerial attacks on Ukraine.
A Ukrainian F-16 warplane has crashed during a Russian missile and drone barrage.
Ukraine's military has been conducting strikes on Russian targets, including oil depots deep inside Russia.
Russia has also launched aerial attacks on Ukraine.
There is a ton of fake news about this, saying that it was shot down by friendly fire. That does not, at first blush, appear to be the case. By the way, there do not appear to be any restrictions about the distance into Russia they are allowed to penetrate, like there has been about other US military material. This means they can easily use glide bombs or long-distance missiles to get hundreds of miles into Russian sovereign territory and back again largely unscathed.
Honor killings remain a critical issue in Iran, exemplified by the recent murder of a 17-year-old girl by her father due to her relationship with a young man from a rival tribe. Legal protections and cultural norms in Iran often provide impunity to perpetrators of such violence, contributing to a distressing trend of femicides. Reports indicate a significant rise in honor killings, with many going unreported, suggesting a larger, systemic problem affecting women's rights and safety in the country.
Mobina Zeynivand was murdered by her father in an honor killing linked to tribal disputes.
Iran's legal system allows leniency for men who commit these acts, perpetuating a culture of violence against women.
The World Health Organization is set to launch a polio vaccination campaign in Gaza on September 1, targeting 640,000 children under the age of ten. This initiative follows the confirmation of the first reported polio case in Gaza in 25 years.
The WHO will vaccinate children in Gaza against polio.
The campaign is a response to a recent polio case in the region.
The WHO might find it very difficult to pull this off but hopefully they are able to do it, because that is a nasty disease. War seems to incubate disease.
Source: https://www.aljazeera.com/program/newsfeed/2024/8/30/who-outlines-gaza-polio-vaccination-plan
Airbus has introduced advanced robotics in its Hamburg facility, enhancing the efficiency of A321neo aircraft production. The company is poised to meet the growing demand for fuel-efficient and versatile aircraft, as the aviation market shifts towards narrow-body designs favored by low-cost airlines.
Airbus is leveraging state-of-the-art robotics in the assembly of its A321neo aircraft.
The demand for fuel-efficient, narrow-body planes is increasing as airlines look for cost-effective operational solutions.
Wizz Air recently took delivery of its 132nd aircraft, the A321neo, as part of its fleet expansion.
Live shopping is rapidly growing in popularity, particularly on platforms like TikTok and Whatnot, with significant sales figures reported. In China, livestream shopping generated an estimated $500 billion in 2023, while U.S. and UK businesses are also seeing substantial revenue from this trend, despite shifts in consumer attitudes toward spending and sustainability.
Live shopping has garnered over $500 billion in sales in China during 2023.
Many businesses in the U.S. and UK are adopting livestream sales formats with significant revenue generation.
You may or may not have heard of whatnot.com - I had not. It is a very slick shopping app for those shop-o-holics out there. But, with inflation rising and shipping slowing, this might hurt their bottom line quite a bit in the future.
A recent ruling by the Third Circuit Court indicates that TikTok may be held liable for content it promotes through its algorithm, effectively challenging the protections previously granted by Section 230 of the Communications Decency Act. This decision signals a significant change in how large tech firms could be held accountable for harmful content directed at minors. As a result, the business models of major tech companies that relied on Section 230's immunity from liability could be fundamentally altered.
TikTok is facing a trial for promoting harmful content that led to a child's death.
The ruling may jeopardize the liability protection that Section 230 provided to tech companies.
The beginning of the post quotes Judge Paul Matey, "TikTok reads 230 of the Communications Decency Act to permit casual indifference to the death of a ten-year-old girl." This is possibly one of the most significant and most likely to get appealed verdicts in history. It is ostensibly impossible to properly police all these apps to the level they require to be free of CSAM. Every one of them has it.
Facebook's CEO Mark Zuckerberg has admitted that his company yielded to pressure from the Biden administration to censor American citizens on various subjects. The admission was made after House Judiciary Committee Chairman Jim Jordan and the committee forced Facebook to release documents showing its work with the government to suppress opposing views. This is seen as a belated contrition by many who have long criticized Facebook for its role in censorship.
The Biden administration pressured Facebook to censor American citizens on various subjects.
Facebook's CEO Mark Zuckerberg has admitted that his company yielded to this pressure and regrets not speaking out sooner.
The government is expanding its censorship efforts to include areas like climate change denial and policing 'malinformation' or information used out of context to mislead, harm, or manipulate.
Yes, but why? I really want to understand his motivations for doing this now and the way he did it. Why wait until a month before the presidential election? Is it in response to Telegramâs CEO being arrested? Is he trying to prep things for a large lobbying effort? Is he trying to befriend Trump in the run-up to the election?
Source: https://www.zerohedge.com/political/turley-zuckerbergs-censorship-admission-more-contrived-contrite
Researchers have developed a new approach to target tracking in cluttered environments, taking into account system uncertainty and predictive visibility.
A real-time, non-myopic trajectory planner is proposed for robustly maintaining the visibility of a target under high system uncertainty.
The approach utilizes linearized signed distance function and two-stage strategy to efficiently calculate both predictive visibility and collision risk.
Extensive simulation results and real-world experiments validate the practicality and effectiveness of the proposed trajectory planner.
I remember how ballistics was taught to me when trying to discern what is real and what isnât: I know where something is because I know where it isnât; I know where something is going because I know where it cannot go.
Source: https://arxiv.org/abs/2306.06363
Robotic Process Automation (RPA) has emerged as a game-changing technology in data extraction, revolutionizing the way organizations process and analyze large volumes of documents. RPA software bots have been shown to be significantly more efficient than manual processes, achieving perfect accuracy and reducing human labor costs.
RPA has emerged as a game-changing technology in data extraction.
RPA software bots are significantly more efficient than manual processes.
RPA achieves perfect accuracy and reduces human labor costs.
I saw a good video on document analysis that is worth taking a second to explain. Donât try to upload raw PDFs; first convert them into text and preserve their approximate spaces via OCR, and then upload them. The LLMs are significantly better at processing data that is OCRâs and turned into text than the raw images themselves. That seems like a short-term problem to me, though, because they will likely just run that same analysis themselves at some point.
Source: https://arxiv.org/abs/2408.14791
AI researchers propose a new mechanism, Counterfactual Priority Change (CPC), which may destabilize large language models and lead to reflective stability problems.
Researchers develop preliminary evaluations for two risk factors associated with CPC-destabilization: stepping back and preference instability.
Findings suggest that increased scale and capability in current LLMs are associated with increases in both CPC-based stepping back and preference instability.
Small models sometimes outperform larger ones. This has to do with overfitting with too much similar data, which breaks someoneâs preferences for a more neutral opinion. That is to say, for instance, it will never ever show a female doctor because it falls outside the mean. Putting their hands on the scale means showing more diverse opinions rather than the vast and actual data. Thatâs how Gemini ended up with no Caucasians in their image model - they had to put their finger on the scale to end up with some minorities in any situation. Those situations happened to be the founding fathers and Nazis - oops.
Source: https://arxiv.org/abs/2408.15116
Researchers have developed a real-time game engine powered by a neural model, enabling interactive simulation of complex environments at high quality. The engine can simulate the classic game DOOM at over 20 frames per second on a single TPU. Next frame prediction achieves a PSNR of 29.4, comparable to lossy JPEG compression.
Researchers have developed a real-time game engine powered by a neural model.
The engine can simulate the classic game DOOM at over 20 frames per second on a single TPU.
Next frame prediction achieves a PSNR of 29.4, comparable to lossy JPEG compression.
This was a really cool video to watch, but if you watch carefully, objects will be there, and then when the interface turns back around, theyâre gone. So, while amazing, it is still broken. The actual solution is that it needs to have memory not just of what the game looks like but of what it has shown and where.
Source: https://gamengen.github.io
NVIDIA has launched the NIM Agent Blueprint, a generative AI-based tool designed to enhance the drug discovery process by reducing time and costs associated with developing new drugs. The framework allows for the integration of advanced AI models to streamline the hit-to-lead transition, potentially leading to more efficient identification of viable drug candidates in the pharmaceutical market.
The NIM Agent Blueprint aims to revolutionize the drug discovery process by utilizing generative AI for faster and smarter molecule design.
By adopting this technology, pharmaceutical companies could significantly lower expenses and shorten development timelines in the high-stakes drug market.
A Brazilian Supreme Court justice has threatened to suspend the social media platform X unless it complies with a legal order requiring a local representative in Brazil. Elon Musk has publicly challenged the justice, alleging censorship and refusing to comply with the order, raising the prospect of X being blocked for Brazilian users, affecting approximately 40 million accounts. The situation is critical as minor legal non-compliance could lead to a significant impact on operations in Brazil, a key market for X.
Brazil's Supreme Court justice demands social media company X appoint a local legal representative.
Elon Musk's defiance could result in the platform being blocked in Brazil, affecting access for millions of users.
And Musk, being himself, is using memes as warfare against the judge, and re-tweeting others who are on his side on this matter.
Signal, a nonprofit encrypted messaging platform, is experiencing significant growth in user adoption as it differentiates itself from for-profit tech giants through its privacy-centric model. Under the leadership of Meredith Whittaker, Signal aims to establish sustainable funding while positioning itself as a critical infrastructure for secure communications amidst ongoing geopolitical volatility and the increasing public demand for privacy alternatives in technology.
Signal has become a mainstream platform with hundreds of millions of users due to its emphasis on privacy and lack of surveillance.
Meredith Whittaker is actively pursuing sustainable funding models for Signal to continue its operations independently.
I think this will increase even more with Telegramâs issues. Itâs a good tool, and its groups are not too dissimilar from Telegramâs channels. If you donât use it, you should, instead of texting or iMessage. And make sure ephemeral messaging is enabled.
A study finds that people are overly trusting of AI-generated medical responses, often considering them as valid as those from medical professionals, despite many being inaccurate. This misjudgment can lead individuals to seek unnecessary medical attention or follow harmful advice, posing risks to their health. The research suggests that the integration of AI systems in medical advice should involve collaboration with professionals to mitigate potential dangers.
Participants could not distinguish between high accuracy AI-generated responses and those from doctors.
Inaccurate AI responses are perceived as valid and trustworthy, increasing the risk of misdiagnosis.
Expert opinion valued the involvement of doctors in delivering medical advice even alongside AI.
No, really, it hallucinates all the time. You really need to only use it as a launching pad for doing your own research. Itâs okay for net-new ideation, but itâs really bad at facts.
Source: https://arxiv.org/abs/2408.15266
A new LLM content moderation framework, Legilimens, has been proposed to address moderation effectively and efficiently. The framework has been tested on various datasets and demonstrated superior performance compared to other methods.
A practical and unified content moderation framework for large language model services can be achieved by extracting conceptual features from chat-oriented models.
The Legilimens framework has been shown to be effective against state-of-the-art jailbreaking methods and can be applied to few-shot scenarios and multi-label classification tasks.
A comparison of the Legilimens framework with commercial and academic baselines demonstrates its superior performance in content moderation for large language model services.
For this to work efficiently, I think it has to be a meta-cognition model that lives on top of an uncensored LLM. Yes, itâs slower, but itâll be better at reasoning and dealing with preferences.
Source: https://arxiv.org/abs/2408.15488
A critical vulnerability has been discovered in the Apache OFBiz system, allowing remote code execution with a CVSS score of 9.8, and has been added to the CISA's Known Exploited Vulnerabilities catalog.
The vulnerability allows pre-authentication remote code execution and has a CVSS score of 9.8.
A proof-of-concept exploit was made available to the public after the flaw's disclosure, prompting CISA to add it to the Known Exploited Vulnerabilities catalog.
Published vulnerabilities spiked by 43% compared to H1 2023, with ransomware attacks also increasing by 6%. State-sponsored actors are increasingly posing as hacktivists, and the US is being targeted at a higher rate than in previous years.
Published vulnerabilities increased by 43% compared to H1 2023.
Ransomware attacks increased by 6%, with the US being targeted at a higher rate than in previous years.
State-sponsored actors are increasingly posing as hacktivists, targeting critical infrastructure and using hacktivist fronts to obscure cyberwarfare activities.
Okay, but there is a difference between published and exploited. It is really important that we understand the difference between could be attacked and is attacked. My windows could be attacked but they arenât. Should I upgrade them to ballistic windows? No, the threat of death by fire and not being able to escape is larger than that of being attacked. This is much in the same way that we need to be careful about how we think about doing security for no reason.
TSA's Known Crewmember system for pilot and flight attendant security screening has a serious vulnerability allowing unauthorized access to KCM/CASS checkpoints, which was exploited by researchers who disclosed the issue to authorities before FlyCASS remediated it, however TSA statements denying the exploit were later proven incorrect.
The Known Crewmember system for pilot and flight attendant security screening has a serious vulnerability allowing unauthorized access to KCM/CASS checkpoints.
The vulnerability was exploited by researchers who disclosed the issue to authorities before FlyCASS remediated it, however TSA statements denying the exploit were later proven incorrect.
As someone who has done research on flight control systems in the past, I can tell you they are all a hot mess. Buy me a drink, and Iâll tell you all about it.
Source: https://ian.sh/tsa
South Korea is experiencing a surge in deepfake pornography targeting young women, with authorities and social media users identifying large numbers of chat groups creating and sharing explicit images. President Yoon Suk Yeol has instructed authorities to thoroughly investigate and address these digital sex crimes. The country's media regulator is holding an emergency meeting to discuss how to tackle this crisis.
Deepfake pornography targeting young women is surging in South Korea, with authorities and social media users identifying large numbers of chat groups creating and sharing explicit images.
The country's President Yoon Suk Yeol has instructed authorities to thoroughly investigate and address these digital sex crimes.
South Korea's media regulator is holding an emergency meeting to discuss how to tackle this crisis, which has been described as a 'national emergency' by some activists.
I hate to break it to South Korea, but other than making it illegal, there really is nothing meaningful that can be done. Men have been drawing or writing pornographic fan art/books since time immemorial. Tech doesnât change that, it just makes it easier.
Online ad fraud continues to be a significant problem, with millions of ad impressions being directed towards malicious sites such as piracy networks. These operations use sophisticated techniques to evade detection and redirect users to cashout sites that serve ads. The scale of the issue is substantial, with tens of thousands of publisher networks potentially vulnerable to exploitation.
A piracy network called Camu was fraudulently serving over 2 billion online advertisements every day.
Camu used a cookie-based redirection mechanism to send users to decoy sites and avoid detection.
Use the Brave browser, and youâll block ads. Honestly, almost nothing is good about receiving ads, ever, unless you are researching them for some reason.
A South Korean advanced persistent threat (APT) exploited critical vulnerabilities in WPS Office software, used predominantly in China, resulting in unauthorized access to sensitive intelligence. Two severe flaws allowed for remote code execution, attracting the attention of cyberespionage actors, particularly targeting Chinese organizations and government entities.
A South Korean APT targeted WPS Office, which has a significant user base in China.
The exploitation of vulnerabilities in WPS Office led to potential unauthorized access to sensitive information and cyber espionage.
NIST is leading a global initiative to develop post-quantum cryptography in response to the potential threat quantum computers pose to current encryption methods. Researchers are focused on creating new encryption algorithms that would remain secure against both conventional and quantum computers, in anticipation of the advent of sufficiently powerful quantum processors.
Existing encryption methods may be vulnerable to attacks from future quantum computers.
NIST has selected initial algorithms for post-quantum cryptography based on advanced mathematical problems.
I happen to sit on the advisory board of a company that works in this field, full disclosure.
A threat actor has been targeting victims in the manufacturing sector with spear-phishing emails that prompt them to surrender their credentials. The emails impersonate legitimate companies and direct victims to a spoofed Microsoft page where they are prompted to enter their password. At least 15 victims have been targeted so far, particularly in the United States and Canada.
A threat actor has been targeting victims in the manufacturing sector with spear-phishing emails that prompt them to surrender their credentials.
The emails impersonate legitimate companies and direct victims to a spoofed Microsoft page where they are prompted to enter their password.
At least 15 victims have been targeted so far, particularly in the United States and Canada.
Source: https://www.darkreading.com/ics-ot-security/manufacturing-sector-microsoft-credential-thieves
A proof-of-concept exploit code for a critical zero-click vulnerability in Windows TCP/IP has been made available, affecting all Windows systems with IPv6 enabled. Threat actors can exploit this flaw without user interaction on Windows 10, 11, and Server systems. Users are advised to apply the latest security updates as soon as possible.
A proof-of-concept exploit code for a critical zero-click vulnerability in Windows TCP/IP has been made available.
Threat actors can exploit this flaw without user interaction on Windows 10, 11, and Server systems.
Users are advised to apply the latest security updates as soon as possible.
Zero-click vulns are the highest dangerâthey do not require any user interaction. Unlike the phishing campaign above, the chances of weaponizing them are much greater.
China has launched the first satellites for its G60 mega-constellation, aimed at providing global satellite internet services, which may further its model of digital authoritarianism. This initiative could enable other nations to implement extensive censorship and surveillance similar to China's own practices. The deployment of this infrastructure could significantly influence global internet governance and raise concerns regarding cybersecurity and state control over information.
China's G60 mega-constellation aims to compete with SpaceX's Starlink, providing global satellite internet coverage.
The satellite internet services may facilitate authoritarian governments in implementing extensive censorship and surveillance.
China's state-controlled infrastructure poses risks of data localization and increased cyber espionage.
Please, for the love of all that is holy, do not use the Chinese PLA spy satellites, er, internet provider.
China's 'Volt Typhoon' group is linked to new zero-day attacks targeting critical U.S. internet and IT infrastructure, exploiting vulnerabilities in software used by ISPs and MSPs. These intrusions are aimed at pre-positioning themselves to potentially disrupt communications between the U.S. and Asia in the event of armed conflict.
Malicious actors exploit a zero-day vulnerability in a widely used software product.
The attacks are attributed to a Chinese cyber espionage group, potentially preparing for disruptive actions in future conflicts.
Customers are urged to patch vulnerabilities to protect against these advanced persistent threats.
CrowdStrike Holdings, Inc. reported a 32% increase in total revenue year-over-year, reaching $963.9 million for the second quarter of fiscal year 2025. The company's annual recurring revenue rose to $3.86 billion, while its GAAP net income grew to $47 million, significantly up from prior year figures, reflecting a strong performance amidst rising threats in the cybersecurity landscape.
CrowdStrike's total revenue increased to $963.9 million, marking a 32% year-over-year rise.
The company's annual recurring revenue reached $3.86 billion, indicating strong growth in its cybersecurity solutions.
I wonder how this will shake out after the lawsuits are all accounted for. That will likely take years in court though.
Source: https://thereadable.co/crowdstrike-reports-second-quarter-fiscal-year-2025-financial-results/
In 2024, layoffs in the tech industry have reached significant levels, with approximately 60,000 job cuts reported across 254 companies. Major tech firms, as well as startups, continue to reduce their workforces in response to economic pressures and a shift towards automation and AI integration in business operations.
In the first months of 2024, major layoffs are occurring across the tech industry, affecting both large companies and startups.
The trend is linked to economic challenges and the growing implementation of AI and automation in various sectors.
There was a massive layoff at Dell, here in Austin, I hear.
India's competition watchdog provisionally approved an $8.5 billion merger between Disney and Reliance Industries, creating the largest entertainment entity in India with extensive broadcasting rights for major sports events. The deal is expected to be finalized within six months and will significantly expand the digital entertainment landscape in a country with a vast population and high internet penetration.
The merger will enable Disney and Reliance to compete more effectively with other major streaming services like Sony, Netflix, and Amazon.
The new entity will control broadcasting rights for popular sports events, which are major draws for Indian viewers.
OpenAI is negotiating a funding deal that would value the company at $100 billion, following a previous valuation of over $80 billion. The investment could include contributions from Thrive Capital and Microsoft, amidst a fluctuating investor sentiment in the A.I. industry. OpenAI continues to lead in A.I. development, even after internal upheavals in its leadership team in late 2023.
OpenAI is in talks to secure funding to reach a valuation of $100 billion.
Microsoft and Thrive Capital are key investors in this funding round.
Theyâll need the cash and Microsoft needs them to get more competitive. Right now in my opinion they are falling behind Claude.
Automattic is transitioning Tumblr's backend operations to WordPress after acquiring the platform in 2019. This significant migration is seen as one of the largest technical challenges in internet history, aimed at improving functionality and revenue while maintaining Tumblr's unique experience.
Automattic plans to enhance Tumblr's platform by moving its backend to WordPress.
The migration is considered to be a major technical challenge due to the scale of Tumblr's existing infrastructure.
Bout time! I think this has been in the works for a long time but it was a technical challenge.
The Shenzhen Stock Exchange and Dubai Financial Market have signed a memorandum of understanding to promote cross-border investing, including in exchange traded funds. The cities' exchanges will collaborate on dual-listings, shared displays of indices and fixed-income offerings. They will also work jointly on market and product development, regulation, and environmental, social and governance practices.
The Shenzhen Stock Exchange and Dubai Financial Market have signed a memorandum of understanding to promote cross-border investing.
The cities' exchanges will collaborate on dual-listings, shared displays of indices and fixed-income offerings.
They will also work jointly on market and product development, regulation, and environmental, social and governance practices.
I think this will haunt Dubai in the future. There is just too much corruption on the Chinese markets. But I am sure Dubai is looking at it as opening up their markets to China.
Global investors are pulling money out of India's equity market due to high valuations, while retail investors remain enthusiastic and continue to pour funds into the market. Foreign investors have turned net sellers in August, with over $1 billion in outflows, following years of strong domestic stock performance. The shift comes as the US interest rate cycle turns, with investors seeking returns elsewhere.
Foreign institutional investors have turned net sellers of India-listed stocks in August, with over $1 billion in outflows.
Year-to-date inflows stood at $2.6 billion, well below the $22 billion recorded last year.
The MSCI India index has advanced 52% in the past five years, dwarfing the 11% climb of the MSCI Emerging Market index in the same period.
Yelp has filed an antitrust lawsuit against Google, alleging that the tech company engages in anti-competitive practices that harm competition in local search services and advertising. The lawsuit accuses Google of using its dominant market position to monopolize these sectors.
Yelp claims Google unfairly scrapes its content.
The lawsuit was filed in the federal court in the Northern District of California.
Without knowing all the details, this wouldnât surprise me at all. I am more surprised this hasnât happened a lot more with Googleâs slow creeping scrape-and-replace strategy.
Canada has announced a 100% tariff on imports of electric vehicles (EVs) made in China and a 25% duty on Chinese steel and aluminum, following similar actions by the US and EU. China has criticized these measures as trade protectionism that undermines global trade rules, while Canada aims to bolster its own automotive sector in response to perceived unfair advantages for Chinese manufacturers.
Canada will implement a 100% tariff on Chinese-made electric vehicles starting October 1.
The Canadian government is seeking to strengthen its domestic automotive industry in response to accusations against China's trade practices.
We talked about this last newsletter but here is another article on the topic.
Donald Trump has proposed implementing a universal tariff of 10 percent on all U.S. imports, which could significantly impact global trade. In addition, he has suggested imposing steep tariffs on Chinese exports to the United States, potentially reaching 60 percent.
Trump's tariff proposal could severely disrupt international trade.
Historical precedents indicate potential negative consequences of broad tariffs.
This is bad for inflation in the short term, but has the advantage of getting more production back on US soil by making it more costly to buy abroad, bringing more jobs home - or at least thatâs the theory.
Thanks so much for reading, and once again, please forward this newsletter to anyone you think should be reading it. Itâs how the newsletter grows, how I know you love it and encourages me to keep going. Iâd really appreciate it!