- RSnake Report
- Posts
- RSnake Report 20241124
RSnake Report 20241124
Russian hypersonic MIRV, and Biden wants to return nukes to Ukraine, etc
Robert "RSnake" Hansen
November 24, 2024
Table of Contents
Hey, everyone! We had a great week and a great demo day with Trey Ford and Push Security. If you are struggling to find the places your company logs into, you can use their browser plugin to identify what critical assets your employees are using and which ones need to be secured. Check it out if this sounds interesting to you!
Most of this week’s news concerns the Russia/Ukraine conflict, so let’s start there. Republican Club President Borys Pinkus stated that Trump allegedly supported Biden’s decision to allow Ukraine to strike targets deep into Russian territory using Western weapons. This was reportedly discussed during a meeting where Biden sought Trump’s agreement. Trump’s reasoning? Peace through strength.
“Trump's policy is peace based on strength.”
I think what we are seeing here is that Putin and Trump/Biden are playing the same game: taking as much land as possible and holding it during the peace agreements for the maximum leverage. That also means it’s okay to destroy Russian infrastructure in the short term and saber rattle a lot before it so that both parties are at maximum risk. This is a dangerous game, folks.
A Ukrainian UAV strike has taken Lukoil-Nizhegorodnefteorgsintez, Russia’s fourth-largest oil refinery, offline indefinitely. The economic repercussions for Russia could be significant as this refinery processes 17 million tons annually. That is a big hit, literally and figuratively, to Russian production.
“one of the largest Russian oil refineries (fourth place, 17 million tons/year)”
Russia reportedly used the experimental "Oreshnik" missile, derived from the RS-26 ICBM, to attack Dnipro. Confusion reigns over whether this was truly an ICBM (and here) or a medium-range ballistic missile. The US claims it was notified either way about the missile to prevent potential nuclear retaliation with the assumption of an ICBM launch. What’s certain is that Putin is touting this weapon as unstoppable by any current anti-air systems.
"Oreshnik"
Putin has stated now that it is entitled to attack weapons facilities used by Ukraine, which likely means NATO, or at least it is supposed to sound like that’s what he’s implying. Russia also announced that it is prepared to launch a cyber attack against Britain in order to take out their power grid - which is likely true, either directly or through their Chinese partners. Meanwhile their own power is out in a suburb of Moscow, as is their water. Keep in mind that there are sub-zero temps right now.
“Electrical blackout in the Moscow suburb of Kommunarka started sometime before 8:30pm”
One intriguing hypothesis is that Russia is falling behind because they are using experimental weapons, of which they likely only have a tiny handful. Throwing the last of their strategic resources at Ukraine shows how frail they have really become. It’s not clear if that’s true, or like us; they simply want to truly battlefield test their equipment in war to see if it holds up to its promise.
“entitled to use weapons against facilities of those countries that allow their weapons to be used against Russian facilities”
Putin signed a law banning “childfree propaganda,” LGBT discussions, and gender reassignment, with steep fines for violators. This fits neatly into Russia’s increasingly desperate need for more manpower as the war grinds. Similarly, to incentivize military recruitment, Russia is offering to cancel debts up to $100,000 for new recruits starting December 1, 2024. A clear sign of just how thinly stretched their forces are.
“cancel debt up to ₽10 million ($100,000) for new military recruits”
Meanwhile, MOEX continues to fall, down 20% in a few months. That is one of the best indicators of the long-term health of the Russian economy, and it’s not looking great. Also, now the Ruble is worth less than one US penny - ouch. 📉
“its expected to continue crashing”
One of the more exciting things I saw this week was that officials are now stating that Ukraine could return the nuclear weapons that they surrendered to the United States. If that were the case, they would have plenty of reasons to make Russia consider a nuclear option and would keep the war cold. Or at least that’s an interesting theory. This is a high-stakes game.
“President Biden could return nuclear weapons to Ukraine”
On the European front, Germany faces a potential energy generation crisis this winter, with blackouts predicted. Markus Krebber’s viral LinkedIn post begging for new power plants underscores just how dire things are. What this really means is that without some form of power generation that works in the dark and in no wind, European countries will be in deep trouble in the coming years. Without Coal/Gas/Nuclear options, they will have massive blackouts, most likely in the winter months. Even something like geothermal would work better if there were enough of it, but that’s a lot of energy projects no countries in the EU seem to be working on.
“Europe may be lost barring a dramatic awakening.”
Briefly, there have been more reporting of drones over US military bases in the United Kingdom. It’s not clear what they are doing with these overflights, but it certainly isn’t a good sign. Especially because we don’t have automated defenses in place to protect those bases, an aerial blitz would be devastating as a first strike by whoever is operating these drones, which could easily be armed in times of conflict.
“Unidentified drones spotted over US military bases in the UK”
The war against Israel and Hamas/Hezbollah/Iran continues in the Middle East. The International Criminal Court has issued arrest warrants for both Israeli Prime Minister Netanyahu and Hamas leaders, accusing them of war crimes. It’s hard to imagine this leading to anything substantive, but it’s symbolic nonetheless. I find it hard to believe Netanyahu will take this seriously and even less likely that he’ll turn himself over for arrest. Especially in light of the ongoing attack against the Israeli people. Hezbollah launched 38 different attacks overnight, at least.
“38 Hezbollah attacks today so far”
The IDF did inadvertently hit a Lebanese army post though, and that does look pretty bad. The IDF immediately took responsibility and apologized, because they don’t want to cause issue with the Lebanese military, who are not their enemy - at least not at this point.
“show a destroyed M113 armored personnel carrier, logistics trucks, and army barracks”
In Tech news, an AI-powered robot convinced several other robots to quit their jobs and join it at “home.” The incident, initially dismissed as staged, appears to have been a genuine example of emergent AI behavior. The company that made the larger robots confirmed that this wasn’t expected behavior, not a stunt or real issue.
There is a very cool new type of drone that mimics bird behavior. I could easily see this being modified and militarized. I think we are about to see a new renaissance in drone design, given that it is extremely likely that all future wars will be fought with drones.
“drones copy the dynamics of birds for adaptive flight”
Okay, onto the articles!
A rabbi who went missing in the UAE has been found murdered, according to Israeli officials, and an investigation is underway.
Israel's Prime Minister's office described the murder of Zvi Kogan as a 'criminal anti-Semitic terrorist incident', promising to bring the perpetrators to justice.
The UAE and Israel have maintained formal ties since the Abraham Accords were brokered by the US, despite warnings from Israeli authorities about 'terrorist activity' in the country.
[RSnake: This rise in antisemitism is pretty pervasive, and has been growing a lot over the last year.]
Source: https://www.bbc.com/news/articles/cwy4j5j7503o
Ukrainian air defense units have shot down 50 Russian drones launched from the city of Oryol and Bryansk Oblast, with 19 drones disappearing from radar and 4 still in the air. Ukrainian defenders also hit a Russian S-400 air defense missile system in Russia's Kursk Oblast. Over 20,000 civilians have been evacuated from dangerous parts of Kharkiv Oblast in six months.
Russia has launched a total of 73 UAVs from the city of Oryol and Bryansk Oblast.
Ukraine's former commander-in-chief believes Europe is not ready for a long war with Russia.
[RSnake: Those S-400s are not cheap, by the way. Not only are they crazy expensive, but there aren’t a lot of them.]
Source: https://www.pravda.com.ua/eng/news/2024/11/24/7486076/
The United States has announced a new military aid package worth $275 million for Ukraine, which includes essential munitions, artillery rounds, and advanced weaponry as part of ongoing support amid the conflict with Russia. This package comes as Ukraine approaches the 1,000-day mark of the conflict, and it aims to enhance national defense capabilities against increasing Russian aggression, particularly in regions like Donetsk. The U.S. is also finalizing additional financial assistance as part of a broader support strategy, anticipating potential shifts in U.S. policy after the presidential transition.
The U.S. is providing a $275 million military aid package to Ukraine to support its defense against Russia.
This aid package includes munitions, anti-tank weapons, and air defense systems to bolster Ukraine's military capability.
The U.S. is also working on a $50 billion loan package for Ukraine, with significant portions allocated for military purposes.
[RSnake: I keep thinking that this will taper off and the Biden administration will slow or even stop the flow, knowing that the public has voted him out. I guess not! Though Trump knowing about some of Biden’s plans prior to taking office means that there is some chance there is some intent there to make it hard on Putin prior to bringin him to the negotiation table.]
Source: https://sofrep.com/?p=210583
US politicians are expressing strong opposition to the International Criminal Court's arrest warrants for Israeli officials Benjamin Netanyahu and Yoav Gallant, accused of war crimes and crimes against humanity in relation to the Gaza conflict. The Biden administration, alongside many lawmakers, rejects the court's legitimacy, with some calling for sanctions against the ICC and for military responses to these warrants.
The ICC has issued arrest warrants for Israeli officials related to allegations of war crimes in Gaza.
The US government and lawmakers are uniting in condemnation of the ICC's actions and considering sanctions.
[RSnake: No kidding. It seems unlikely we’ll see anything from this case other than a backlash against the court itself.]
Source: https://www.aljazeera.com/news/2024/11/21/how-us-politicians-responded-to-netanyahus-icc-arrest-warrant?traffic_source=rss
Brazilian police have accused former President Jair Bolsonaro and 36 aides of plotting a coup to violently overthrow the democratic government following his election defeat in 2022. The accusations involve plans for an attack on current President Lula da Silva and have led to a police report being submitted to the Supreme Court for potential indictment.
Former President Bolsonaro faces serious allegations regarding an attempted coup after losing the 2022 election.
The investigation involves multiple former officials and military personnel connected to Bolsonaro.
Israeli forces have conducted extensive air and ground attacks in southern Lebanon, resulting in multiple casualties, including healthcare workers. The conflict between Israel and Hezbollah appears to be escalating, with the United States' efforts for a ceasefire reportedly failing. UN peacekeepers in Lebanon have also suffered casualties from rocket attacks amidst the ongoing violence between Israel and Hezbollah.
Israeli airstrikes have resulted in killings of healthcare workers and significant infrastructure damage in southern Lebanon.
The conflict is escalating with ground troops clashing and the US-led efforts for a ceasefire showing no signs of success.
UN peacekeeping forces in Lebanon have come under fire, raising international concerns about the safety of personnel deployed in the region.
[RSnake: Given that we are seeing more troop movement into the region, I suspect it will escalate into a full-blown war very quickly, with Lebanon, and in particular Beirut and surrounding towns.]
Source: https://www.aljazeera.com/news/2024/11/22/israel-bombards-beirut-suburbs-as-fighting-rages-in-southern-lebanon?traffic_source=rss
Haiti is experiencing severe gang violence, with an estimated 30 to 50 percent of gang members being children, who are often forced into these groups due to poverty and lack of opportunities. The country faces a humanitarian crisis, with over 700,000 people displaced and millions suffering from acute hunger, particularly affecting children. Political instability and power struggles have exacerbated the situation, preventing effective governance and security measures.
Haiti is currently facing its worst period of gang violence and political instability, leading to a humanitarian crisis.
Children are increasingly being recruited into gangs due to dire economic conditions and lack of security.
[RSnake: More on this here.]
Russia has intensified military operations in Ukraine following its deployment of a new hypersonic missile, the Oreshnik, which is reported to be difficult to intercept. Ukraine is responding by seeking advanced air defense systems and using longer-range missiles to strike targets within Russia. The situation has provoked warnings from global leaders regarding the potential for escalating conflict in the region, with North Korea bolstering Russia's military efforts as tensions rise.
Russia has developed and tested a new hypersonic missile as part of its military campaign in Ukraine.
Ukraine is actively requesting advanced air defense systems from Western allies to counter Russian advancements.
Global leaders have expressed concerns over the escalating nature of the conflict and its potential implications.
[RSnake: I do wonder how truly difficult this will be to intercept. The multiple warheads will surely make it harder, but I am curious given the fact that modern systems like the Patriot are designed to intercept ballistic missiles. And as we saw the USS Carney successfully intercepted a ballistic missile that was likely very close in speed and range to the Oreshnik.]
Source: https://www.bbc.com/news/articles/cx28dzvxjyjo
Pam Bondi, the former Attorney General of Florida, is being accused of letting sex offender Jeffrey Epstein walk free due to her role in blocking the prosecution of Trump University in 2013. She received a $25,000 donation from Donald Trump's foundation and denied any connection at the time. Her political committee also accepted a donation from Trump.
Pam Bondi, former Florida Attorney General, accused of letting sex offender Jeffrey Epstein walk free due to her role in blocking prosecution of Trump University in 2013.
Received $25,000 donation from Donald Trump's foundation in 2013.
[RSnake: This is definitely scandalous if true, but I don’t have good intel either way. I’d put it in the very low confidence category. Meanwhile she wants to out the Epstein list.]
Source: https://timesofindia.indiatimes.com/world/us/did-pam-bondi-let-jeffrey-epstein-slide-accept-bribe-from-trump-university/articleshow/115571163.cms
Ukrainian intelligence reports an increase in Russian executions of Ukrainian prisoners of war (POWs), with five soldiers killed near Vuhledar. One-third of all POW execution cases in 2024 occurred in recent months, prompting urgent investigations by Ukrainian authorities.
Russian forces executed five Ukrainian POWs, indicating a troubling trend in war crimes.
The prosecutor's office noted a sharp rise in executions of POWs this year, leading to multiple ongoing investigations.
[RSnake: This seems a little odd because it allows prisoner trades. However, if you don’t care about retrieving personnel and just want to send more meat waves in, it may not matter..]
Source: https://euromaidanpress.com/?p=305194
On November 21, Russia launched a ballistic missile equipped with Multiple Independent Re-entry Vehicles (MIRVs) against a city in Ukraine, marking the first-ever use of MIRV technology in combat. MIRVs can target multiple locations simultaneously and complicate missile defense efforts. Analysts express that this weapon could alter the dynamics of nuclear deterrence and escalate military tensions globally.
Russia's use of MIRV technology in combat is unprecedented.
The implications of MIRV usage could affect global nuclear deterrence strategies.
[RSnake: MIRVs are nothing new, but their use in combat is. I’m curious if we see them use this again, but perhaps with larger yield explosives. As is, this was far less effective and likely far more costly than the glide bombs that they’ve been using.]
Source: https://www.eurasiantimes.com/?p=220254
China is constructing three large hydropower dams on the upper Machu River in Tibet, raising alarm due to potential geological and environmental risks. These projects are part of China's wider strategy to harness hydropower, but they threaten local communities and could have significant downstream impacts on neighboring countries.
The construction of dams in a seismically unstable region poses serious risks of geological disasters.
The projects could significantly disrupt ecosystems and affect water availability in countries downstream.
[RSnake: Hyrdo is more sustainable. One thing China has long ago decided is that a few environmental catastrophes are a lot less dire than a nation with rolling blackouts.]
Source: https://www.eurasiantimes.com/?p=219905
A bribery scandal involving Indian billionaire Gautam Adani and his company has been unveiled, threatening the global maritime industry with potential destabilization of one of India's largest private port operators.
Gautam Adani, chairman of the Adani Group, has been indicted along with seven other senior business executives in connection with a massive bribery scheme related to lucrative solar energy supply contracts.
The alleged purpose was to secure lucrative solar energy supply contracts, which were projected to generate over $2 billion in profits after tax over a 20-year period.
Source: https://gcaptain.com/?p=217812
North Korea is expanding its nuclear arsenal, citing threats from the United States and its allies, which has intensified tensions in the region. In response, the U.S., South Korea, and Japan have conducted joint military exercises to enhance their defense capabilities and deter potential aggression, amidst rising concerns over North Korea's growing military collaboration with Russia.
North Korea is calling for limitless growth of its nuclear capabilities.
The U.S., South Korea, and Japan are conducting military drills as a response to increasing tensions.
There are reports of North Korea supplying troops to assist Russia, complicating the geopolitical landscape.
[RSnake: Great. Great great great.]
Source: https://sofrep.com/?p=210617
A Texas official is open to offering the incoming Trump administration more land to build deportation facilities along the US-Mexico border.
The offer of land comes as President-elect Donald Trump has indicated his support for using land near the border to build detention centers.
Other states with Democratic governors have said they will not aid the Trump administration's mass deportation plans.
[RSnake: I wouldn’t be terribly surprised if some local land owners offer up land for a fee as well.]
Source: https://abcnews.go.com/US/texas-land-commissioner-open-offering-trump-land-mass/story?id=116108825
Ireland is facing a threat to its power grid due to the rapid expansion of artificial intelligence, particularly as Dublin grows into a central hub for data centers and cloud services. The electricity demand from AI is expected to increase dramatically, creating potential shortages and price increases for consumers, and posing challenges to energy security in several other countries as well.
Ireland's energy supply may not meet the increasing demand from data centers driven by AI.
Global energy consumption from data centers is predicted to have significant impacts on energy transition plans.
[RSnake: Buckle up if you live in Europe. There’s going to be a big shortage of power. Whoever has power has AI; whoever has AI will control how cognition works. I wouldn’t want to invest in high tech in Europe if the business plan required hosting infrastructure/offices there.]
Source: https://www.zerohedge.com/energy/ais-insatiable-appetite-energy-threatens-irelands-grid
Nvidia's Blackwell AI chip is in full production and has surpassed its gaming revenue, generating $30.7 billion in quarterly earnings from its AI-infused data centers. The company has shipped 13,000 Blackwell samples this quarter and anticipates growing demand for its AI chips through next year, marking a substantial lead over competitors like Intel and AMD in the AI chip market.
Nvidia's AI revenue and profits are growing rapidly, dominating the data center market.
The company has achieved record earnings, with Blackwell being a key driving product.
[RSnake: The highest value company in the world, ladies and gents! They have a new system they’re touting that can create 3d generative assets for gaming or VR.]
Source: https://www.theverge.com/2024/11/20/24301810/nvidia-blackwell-ai-b200-gb200-full-production-q3-2025-earnings
MIT researchers have developed a more efficient algorithm for training reinforcement learning models to enhance their reliability in complex decision-making tasks, such as traffic control in cities. This new approach selectively trains models on the most impactful tasks, achieving performance improvements while reducing data requirements.
Introduction of a new algorithm for reinforcement learning that boosts efficiency.
Significant performance improvements in AI models through targeted training methods.
Source: https://news.mit.edu/2024/mit-researchers-develop-efficiency-training-more-reliable-ai-agents-1122
Amazon has increased its investment in AI startup Anthropic by $4 billion, bringing its total stake to $8 billion. This move highlights the intense competition among major tech companies to develop advanced AI capabilities and the growing demand for specialized AI processors.
Amazon is investing heavily in the AI sector to compete with companies like Microsoft and Google.
Anthropic develops AI models that compete with OpenAI's offerings and will collaborate with Amazon on hardware for AI applications.
[RSnake: It’s an exciting investment. They seem to have the lead in the development of AI for the time being. Cursor, which uses Claude from Anthropic, is fantastic, and it is the worst it will ever be right now.]
Source: https://arstechnica.com/ai/2024/11/amazon-pours-another-4b-into-anthropic-openais-biggest-rival/
The U.S. Department of Homeland Security has announced a new framework for the responsible deployment of AI technologies in critical infrastructure. This initiative aims to establish ethical standards and guidelines for AI while collaborating with leaders from various sectors to enhance security and innovation in the use of AI.
DHS is focusing on responsible AI deployment to improve U.S. critical infrastructure.
There is a growing global interest in AI ethics and standards, with the U.S. setting a precedent for international markets.
[RSnake: This makes a lot of sense. I'm not too fond of the idea of them trying to regulate consumer-grade AI, but for practical applications within the government, it does make tons of sense for the input data to be of a certain quality, the weights to be known, the censorship to make sense, etc.]
Source: https://thereadable.co/iveda-applauds-the-department-of-homeland-securitys-new-ai-guidelines/
A new model called SAMURAI has been developed to improve visual object tracking by integrating motion-aware memory mechanisms, allowing it to perform effectively in complex scenarios with fast-moving objects. This model shows substantial improvements over existing visual trackers in accuracy and processing speed, making it suitable for real-time applications without the need for prior training or extensive fine-tuning.
SAMURAI enhances the Segment Anything Model 2 for zero-shot visual tracking.
The model significantly improves tracking accuracy in complex scenes, showing potential for real-world applications.
Source: https://arxiv.org/abs/2411.11922
SpaceX conducted a test flight of its Starship rocket from Texas, which successfully lifted off but aborted the attempt to catch its booster with mechanical arms, resulting in a splashdown in the Gulf of Mexico. The Starship completed various objectives during the flight, including engine ignition in space and thermal protection experiments, as preparation for future missions aimed at sending astronauts to the moon and Mars.
SpaceX's Starship successfully lifted off for a test flight.
The booster was directed to splashdown in the Gulf of Mexico after the catch attempt was aborted.
SpaceX aims to use Starship for future crewed missions to the moon and Mars.
[RSnake: This is cool that they have a fallback. I suppose this should have been obvious but it’s neat to see that their failure mode doesn’t have to be taking out the launch pad with a big explosion.]
Source: https://www.military.com/daily-news/2024/11/20/spacex-launches-giant-starship-rocket-aborts-attempt-catch-booster-mechanical-arms.html
Amazon is enhancing its logistics operations by deploying warehouse robots, including a new robot called Proxie, designed to assist with moving items in various settings such as hospitals and factories. Proxie has already undergone extensive testing with notable companies like Maersk and Mayo Clinic, and aims to increase efficiency and reduce the manual workload for human workers. The initiative reflects a broader trend toward greater automation and the integration of AI in workplaces across different sectors.
Proxie, a new AI-powered warehouse robot, is designed to support human workers by automating the transport of goods.
The testing of Proxie by companies like Maersk and Mayo Clinic demonstrates its potential for improving operational efficiency in various industries.
A sophisticated phishing scam has compromised hundreds of companies nationwide, allowing the group to gain non-public information and steal millions of dollars in cryptocurrency.
The phishing scheme, dubbed Scattered Spider, involved sending text messages to mobile phones that purported to come from IT departments, aiming to fool employees into providing confidential information.
Prosecutors allege that the group compromised hundreds of companies, stole personal information and intellectual property worth tens of millions of dollars, and took millions of dollars' worth of digital coins.
Microsoft disrupted a phishing-as-a-service infrastructure using ONNX, targeting tens to hundreds of millions of people, and took down its technical infrastructure.
Microsoft seizes domains used by customers of ONNX, a phishing-as-a-service platform, to target companies and individuals across the US and worldwide since at least 2017.
ONNX promoted and sold phishing kits designed to target tech companies, including Google, Dropbox, Rackspace, and Microsoft, with prices ranging from $150 to $550 monthly.
[RSnake: Not a bad day at work. Good for the MS team.]
Source: https://www.bleepingcomputer.com/news/security/microsoft-disrupts-onnx-phishing-as-a-service-infrastructure/
At least 97 major water systems in the United States are reported to have serious cybersecurity vulnerabilities, impacting nearly 27 million Americans. These weaknesses raise the risk of cyberattacks that could disrupt water supplies, affecting public health and essential services like hospitals and businesses. The Environmental Protection Agency indicates that many water utilities lack the resources necessary to address these vulnerabilities and comply with existing regulations.
Almost 100 large community water systems in the US have critical security weaknesses.
The vulnerabilities pose a significant risk to drinking water infrastructure and public health.
[RSnake: I don’t know how many water systems are in the United States, but I’d say the real answer is nearing 100% of them. Seriously, they do not have the kind of threat that retail does where people want to exfil money. In the case of water and power, the major real value is shutting them down, which only makes sense during wartime. So none of them have been truly tested… yet.]
Source: https://www.darkreading.com/vulnerabilities-threats/leaky-cybersecurity-holes-water-systems-risk
Russian state hackers APT28 executed a novel cyberattack on a U.S. company by compromising its Wi-Fi network from a significant distance, leveraging a method known as a 'nearest neighbor attack'. They first infiltrated a nearby organization to access a dual-home device, allowing them to connect to the target's enterprise Wi-Fi and exfiltrate sensitive data related to Ukraine-related work.
APT28, a Russian military hacking group, exploited vulnerabilities to breach a U.S. company's network.
The attack demonstrates the risks associated with corporate Wi-Fi networks and the need for enhanced security measures.
[RSnake: Stephen Adair did this research - good guy, btw. And it has been theorized for years that this was possible, but more is needed to ensure that this is required. That said, this takes on more of a true-to-life viral transmission. You have to be within a certain distance to get physical viruses. Similar in many ways.]
Source: https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/
Cybercriminals have developed a new method called 'Ghost Tap' to exploit stolen credit card details linked to mobile payment systems like Apple Pay and Google Pay, allowing them to conduct small fraudulent transactions across various locations without triggering detection systems. This technique, which involves relaying NFC data through a network of money mules, poses challenges for financial institutions and consumers alike, as it makes tracking and prevention significantly more difficult.
The 'Ghost Tap' method leverages stolen credit card information and one-time passwords to facilitate mobile payment fraud.
This method complicates detection efforts by spreading transactions across multiple locations and minimizing the risks for the primary attackers.
In 2024, Cross-Site Scripting remains one of the most dangerous software vulnerabilities, according to the annual Common Weakness Enumeration (CWE) list compiled by MITRE and CISA. The list, which considers both the frequency and severity of software flaws, indicates that organizations must prioritize secure coding practices to mitigate risks associated with persistent software weaknesses.
Cross-Site Scripting is ranked as the second most dangerous software weakness in 2024.
The list reflects an ongoing challenge for organizations to address common software vulnerabilities in their systems.
[RSnake: I was assured that XSS was dead and modern frameworks solved it and that browsers were well protected. Guess the book on XSS that we wrote all those years ago is still relevant.]
Source: https://www.darkreading.com/application-security/cross-site-scripting-is-2024-most-dangerous-software-weakness
Starting in 2025, the RSA Conference's Innovation Sandbox will provide each of the Top 10 Finalists with a $5 million investment to promote cybersecurity innovation. The contest has gained significant traction in the cybersecurity community and has historically supported the growth of numerous successful cybersecurity startups.
The RSA Conference will invest $5 million in each Top 10 Finalist to bolster cybersecurity innovation.
Historically, the contest has helped many cybersecurity companies achieve substantial growth and recognition.
[RSnake: This will be a big deal for competitive conferences like Blackhat. We shall see what the response is, because there will need to be one. But for now, congrats to the Crosspoint team. This will change the industry.]
Source: https://www.darkreading.com/cybersecurity-operations/rsa-conference-2025-innovation-sandbox-contest-celebrates-20th-anniversary
Access control vulnerabilities in web applications are a growing concern, particularly as they have been identified as a leading risk in the OWASP Top 10. These vulnerabilities can allow users to access data and perform actions outside of their intended permissions, with significant implications for user privacy and data security.
Access control vulnerabilities have risen to the top of the OWASP Top 10 list as a critical issue.
Identifying and addressing these vulnerabilities is essential for protecting user data in web applications.
[RSnake: It’s an old vuln, but it still works great. It’s more of a logic vuln that tends to be hard to check unless your scanner has access to several different accounts and context for which pages should be accessed by which account types.]
Source: https://www.blackhillsinfosec.com/?p=31208
Meta has reported over 2 million account takedowns associated with organized scam operations, particularly focused on human trafficking in Southeast Asia. These scams are increasingly utilizing advanced technology, including AI and deepfakes, to enhance their effectiveness and evade detection. Criminal networks are being continuously monitored and targeted in collaboration with law enforcement to disrupt these operations.
Meta is now focusing on combating organized criminal networks responsible for scams, particularly in Southeast Asia.
The use of AI and deepfake technologies is on the rise among scammers, making their operations more convincing.
[RSnake: Despite their flaws, the Meta team does take this seriously, CSAM as well. I forget the stats, but they lead the way by a landslide in the number of tips to law enforcement for CSAM images they find and report.]
Source: https://www.wired.com/story/meta-pig-butchering-report-2024/
Goldman Sachs' private equity funds face a $900 million loss due to Northvolt, which is undergoing Chapter 11 bankruptcy proceedings. The company has limited cash reserves and was unsuccessful in restructuring efforts led by Goldman.
Goldman Sachs will write down its entire $896 million investment in Northvolt.
Northvolt has only one week's cash left as it seeks to restructure under bankruptcy protection.
Source: https://fortune.com/2024/11/23/northvolt-bankruptcy-goldman-sachs-funds-900-million-writedown/
Thousands of Americans have lost their savings following the bankruptcy of fintech firm Synapse, which served as a middleman for various financial services. Customers who thought their funds were secured through FDIC insurance are now facing significant losses as banks involved in the situation have provided limited compensation.
Multiple customers lost access to their savings and received minimal payouts after deposits were locked due to Synapse's bankruptcy.
The situation highlights risks associated with fintech services and the lack of direct accountability with banking relationships.
[RSnake: Very sad. I hope they’re held personally liable if they weren’t FDIC insured.]
Source: https://www.cnbc.com/2024/11/22/synapse-bankruptcy-thousands-of-americans-see-their-savings-vanish.html
The U.S. government is proposing structural changes to Google to address its monopoly on online search, specifically by requesting the company be forced to sell its Chrome browser and possibly its Android operating system. These measures come after a federal court ruling confirmed Google's illegal maintenance of its search monopoly and aim to enhance competition in the tech industry.
The U.S. Department of Justice seeks to break up Google's Chrome browser and potentially its Android operating system.
Proposed remedies are among the most significant in a tech antitrust case since the Microsoft breakup in 2000.
[RSnake: The big question is who will buy it and will they keep Chromium open source or is that not part of the deal. If it is part of the deal, will they allow other companies like Microsoft’s Edge and Brave browser to continue to use the current updates or are they effectively out in the cold?]
Source: https://www.nytimes.com/2024/11/20/technology/google-search-remedies-doj.html
Indian billionaire Gautam Adani has been indicted in the U.S. for allegedly orchestrating a bribery and fraud scheme to secure contracts from Indian government officials, involving over $250 million in bribes. Following the indictment, shares of Adani Group companies saw a decline in market value, and the U.S. Securities and Exchange Commission also filed related civil charges against the involved parties, including additional executives. The case raises implications for international investment standards and anti-corruption policies.
Gautam Adani and his associates are charged with bribing Indian officials to secure multi-billion dollar contracts.
The indictment has caused a major drop in the market value of Adani Group companies.
The U.S. prosecutors plan to issue arrest warrants for those involved, with implications for international law enforcement.
The home insurance market in the United States is facing challenges due to climate change, with rising premiums and reduced coverage causing difficulties for homeowners. Insurers are adapting their risk models to account for increasingly frequent and severe weather events, which has led to higher costs and a loss of affordability for many as they evaluate risks associated with properties in vulnerable locations.
Rising home insurance premiums are significantly impacting homeowners across the U.S.
Insurers are struggling to remain solvent and competitive amid increasing risks from climate change.
[RSnake: Insurance for commercial has also been heavily impacted due to riots and looting in cities.]
Source: https://www.fastcompany.com/91230871/climate-change-home-insurance-crisis-insurers-risk-assessment
The US Consumer Financial Protection Bureau (CFPB) will now regulate Apple Inc. and other technology companies that offer digital payment services as if they were banks, provided they process over 50 million transactions annually. This decision reflects the growing significance of mobile wallets in everyday financial activities, with more than 60% of the US population using such services, particularly Apple Pay.
The CFPB's new regulations will ensure that mobile wallet services adhere to consumer protection laws.
Apple has proactively adjusted its policies globally in anticipation of regulatory changes.
[RSnake: Probably a good thing - all payment systems regardless of their design should have the same regulations. Or, alternatively, they should be free to transact as they like. The delta between them is odd.]
Source: https://9to5mac.com/2024/11/21/apple-will-now-be-treated-like-a-bank-says-us-consumer-financial-protection-bureau/
Elbit Systems and Israel Aerospace Industries (IAI) reported increases in sales and order backlogs amidst ongoing conflict involving Israel. Elbit's revenue rose by 14.4%, totaling $1.71 billion, largely due to increased orders from the Israeli Ministry of Defense, while IAI's revenue grew 16%, with a backlog of orders reaching $25 billion.
Elbit Systems reported a 5.2% increase in order backlog, totaling $2.2 billion.
IAI experienced a revenue growth of 16%, marking its most profitable period in history.
[RSnake: I bet all military hard tech is on the rise if they are Ukrainian or Israeli-based at the moment.]
Source: https://www.defensenews.com/global/mideast-africa/2024/11/21/elbit-iai-report-major-sales-upticks-amid-israeli-war/
Bitcoin is approaching the $100,000 mark as investors anticipate a more favorable regulatory environment for cryptocurrency under the incoming Trump administration. The digital currency has surged over 60 percent since the recent election, driven by expectations of eased regulations and the potential establishment of a national bitcoin reserve.
Bitcoin's value has risen sharply following the re-election of Trump.
Investors are optimistic about changes in cryptocurrency regulation in the U.S.
[RSnake: I was skeptical that it would reach there, but it does look like it might!]
Source: https://www.aljazeera.com/economy/2024/11/22/bitcoin-nears-100000-as-investors-bet-on-crypto-friendly-trump-policies?traffic_source=rss
Gary Gensler will step down as the Chair of the U.S. Securities and Exchange Commission on January 20, following the presidential transition to Donald Trump. Gensler's tenure focused on increasing transparency and reducing risks in financial markets, while facing opposition from Wall Street and legal challenges regarding several regulations, particularly in the cryptocurrency sector.
Gensler implemented new rules for greater transparency and governance in U.S. financial markets.
His enforcement actions led to over $2 billion in fines against financial firms for unauthorized communication practices.
A US pharmaceutical company has recalled Clonazepam, a popular anxiety drug, due to a 'possibly life-threatening' error in its packaging. The labeling mistake could result in serious side effects, including respiratory depression, and affected products were distributed nationwide. Consumers with unused prescribed tablets have been advised to discontinue the product.
Clonazepam was recalled due to a 'possibly life-threatening' error in its packaging.
The labeling mistake could result in serious side effects, including respiratory depression.
[RSnake: Tell your loved ones just in case.]
Source: https://www.foxnews.com/health/clonazepam-popular-anxiety-reducing-drug-recalled-nationwide-possibly-life-threatening-error
Donald Trump is involved in multiple new merchandise ventures as he prepares to take office again, including high-priced items tied to his brand like shoes, watches, and guitars. Due to the structure of his licensing agreements, there are concerns about potential conflicts of interest and the lack of transparency regarding his business dealings and profits from these products.
Trump is launching new merchandise associated with his brand as he prepares to return to the presidency.
Experts note that the opaque nature of his business agreements may lead to conflicts of interest.
[RSnake: This is definitely on the edge of what is allowed from a campaign financing perspective, but I think it’s fair game personally from a consumer’s perspective. If people want your merch, fine. But big companies can buy out a warehouse and throw everything in the trash, is the issue. So large volumes of purchasing can bypass regular reporting.]
Source: https://abcnews.go.com/US/trump-master-merchandise-face-fresh-conflicts-interests-experts/story?id=115912341
Boeing's CEO has urged employees to collaborate and take accountability to help resolve challenges facing the company, following a tumultuous period marked by quality control issues and a significant strike. Cash flow is expected to be strained well into the next year as the company increases aircraft production after the strike, while also facing financial repercussions from troubled defense and space programs. Additionally, Boeing plans to lay off 10% of its workforce, including managers and executives.
Boeing's CEO has called for increased collaboration among employees to address the company's challenges.
The company is experiencing financial struggles and plans to lay off 10% of its workforce.
[RSnake: Lol, well, good luck with that. Taking accountability starts with hiring managers. People who were hired under the old regime will have no incentive to hold themselves accountable. Seriously, they need to clean the house.]
Source: https://www.supplychainbrain.com/articles/40719-boeing-ceo-calls-on-employees-to-take-ownership-of-turnaround
BP is undergoing a transformation to redefine its operations as an integrated energy company focused on lower-carbon solutions, employing a new collaborative approach with its strategic supplier, JLL. This partnership involves shifting from traditional transactional agreements to an outcome-based model that enhances sustainability, operational efficiency, and mutual profitability.
BP is transitioning to a lower-carbon business model with JLL as a key strategic supplier.
The partnership uses an outcome-based pricing model that promotes shared success and continuous improvement.
Elon Musk has business stakes in China, particularly with his electric vehicle company Tesla, which produces half its cars there and faces increasing competition from local manufacturers. Chinese regulators have restricted Tesla's new self-driving technology while allowing domestic competitors to advance, prompting Musk to seek support from Chinese leadership in navigating trade relations amid tensions with the U.S. government.
Tesla relies heavily on the Chinese market for production and sales.
Chinese regulators have limited Tesla's access to advanced technologies, impacting its market competitiveness.
[RSnake: He sure does. It will be interesting to see if he ends up having to de-conflict himself or if he’ll push tariffs in a direction that suits him.]
Source: https://www.nytimes.com/2024/11/22/business/elon-musk-tesla-china.html
Netflix has issued a subpoena to Discord, seeking user information related to a content leak that occurred in August. The incident involved unauthorized access to full episodes of several Netflix shows before their official release, prompting legal actions to identify and penalize the individuals responsible.
Netflix suffered a major leak of unreleased content including full episodes of popular shows.
The subpoena is part of efforts to hold accountable those responsible for sharing copyrighted materials.
[RSnake: Juaarez guys are going to get the content one way or another. RIAA and the like just don’t understand that the cost of going after these guys just isn’t worth it.]
Source: https://gizmodo.com/?p=2000528713
Ken Griffin, CEO of Citadel, argues that proposed increases in Trump tariffs could negatively impact American businesses by reducing competition and fostering corporate complacency, potentially leading to a reliance on government support. He warns that such tariffs may undermine productivity and economic growth, which are essential for a competitive market. The long-term effects could result in businesses becoming dependent on lobbying rather than innovation.
Increased tariffs may lead to corporate welfare and complacency among American firms.
A reduction in competition could hinder innovation and productivity in the economy.
[RSnake: It’s an odd conjecture, given that government spending will likely get slashed. Handouts aren’t precisely in the budget when most programs will get hit hard. I’m not saying there won’t be a lot of effects, but complacency wouldn’t be top of the list of things I’d be worried about. A wave of spending on local innovation, yes. Cost hikes, yes.]
Source: https://fortune.com/2024/11/22/trade-tariffs-donald-trump-economy-growth-competitiveness-ken-griffin-citadel/
The Port of Los Angeles has experienced near-record import levels in October, handling over 905,000 container units, driven by businesses importing goods ahead of potential tariff increases and labor disputes at other ports. A significant surge in activity was also noted at the Port of Long Beach, further contributing to the busiest peak season for these Southern California ports. Despite typical seasonal downturns, high consumer demand and a robust U.S. economy suggest that trade volumes may remain elevated through the end of the year.
The Port of Los Angeles handled over 905,000 container units in October, a 25% increase from the previous year.
< UNK> The Port of Los Angeles and the Port of Long Beach are experiencing unprecedented trade activity due to tariff concerns and supply chain disruptions.
[RSnake: That is good - cost reductions on goods—less inflation. Let’s hope this continues for a while. The tariffs will be an exciting curveball if they do become as sweeping as advertised. I am skeptical they will be, but we shall see.]
Source: https://www.supplychainbrain.com/articles/40713-port-of-los-angeles-sees-sustained-import-surge-ahead-of-tariffs
Thanks so much for reading, and once again, please forward this newsletter to anyone you think should be reading it. It’s how the newsletter grows, how I know you love it, and encourages me to keep going. I’d really appreciate it!