RSnake Report 20240927

Russian saber rattling, Chinese stocks up, and CUPS vulnerability.

Author

Robert RSnake Hansen
September 27, 2024

Table of Contents

Hello, and thanks for reading! Well, the week was a bit of a whirlwind and it will take some time to process everything I learned while I was out here at the Oktoberfest. But rest assured we’re onto some good stories.

Let’s start with the Russia/Ukraine conflict, shall we? I want to start with the new incendiary drones that are being used, if you recall that we have talked about quite a bit before. Well now Russia has its own. It’s not clear how well it works, as I haven’t seen any footage of it in action yet. But there is a great example of the Ukrainian drone here so you can see them both pretty close up. I have no way of knowing if they use the same fuel, if they last as long, etc. But they look similar enough, which is bad news for Ukrainian front-line forces.

“Dragon’s Breath”

I found a new approach to drone mine clearing that I thought was pretty interesting. Basically, they drag a sacrificial metal plate on the ground beneath/behind the drone, and the sacrificial plate gets blown up, but the drone is theoretically unaffected. Clever. I do wonder if it is heavy enough of a metal plate to push on pressure switches and activate them, and also, I don’t expect those drones to last too long in practice due to fragmentation/dirt/debris that gets kicked up into the blades.

Another interesting thing popped up which was a fairly epic drone/car chase that ended up in some Russian casualties. Nothing was new in the video except how fast the car was going compared to the drone. That means that in these conflicts, the maximum speed of kamikaze drones should have an overtake capability greater than that of the average off-road vehicle to be combat effective. We talked about carrier drones before but here is another good view into them, allowing a “swarm” of drones to attack a convoy or large mass of ground troops at much greater distances.

“Hot pursuit”

Ukraine is now fielding a new Skynex air defense system that looks pretty slick. It looks like it has good articulation and good speed. These systems are only line-of-sight effective, but their munitions are cheap. The only real concern is that they are targets themselves due to their active radar. One of the first things that get targeted is radar systems or really anything shooting off noisy RF signals.

Regarding the “meat waves” that Russia has been launching towards Ukrainian front lines, it is no longer being widely discredited within Russia. It seems like it’s now simply a fact, and it mil bloggers inside Russia receiving it well. The corruption and incompetence of the generals in the Russian military are now being seen as much more obviously bad. No kidding. 😆 

“performative assaults”

On a much less hilariously bad note, Russia is once again nuclear saber-rattling. Putin has made it clear if Western missiles or drones are sent in waves, that he will change his doctrine of use of nuclear weapons. The language feels a little mealymouthed, but I think it’s his way of, at minimum, delaying our thumbs up which seems increasingly like it will end up happening if Harris wins the election.

Of course it’s not clear exactly what the difference is if Ukraine is paid money to develop their own, or allowed to buy the parts they need to assemble their own. So really I think it comes down to the fact that Russia is very concerned about the more sophisticated US long-range missile and drone systems. They should be. Especially since Russia’s air defense seems to be extremely diminished.

Lastly, before we move on, the UK is now saying they are going to sanction 5-liquid natural gas tanker ships and two companies. These are alleged to be part of Russia’s “shadow fleet” of export ships moving black market Russian oil and gas around and helping to prop up their economy and war efforts at the same time.

Okay, onto South East Asia, where it is now clear that China’s policy of “grabbing hands” is growing in popularity. If you are unfamiliar with this, it is basically arresting people under false pretense and then allowing them to leave with a slap on the wrist and a very hefty fine. Of course, the person was innocent, but the fines are a tax on the citizens that the government uses to pay for things. The corruption is institutionalized. Reminds me a bit of civil asset forfeiture laws, only with no recourse.

China tested an ICBM. This is likely more of a demonstration than a test, although it is possible they need to make sure modern components all work together and that the scandal associated with water in the fuel tanks has been rectified. They’re combat-effective again, or at least that is what the CCP would like the Western world to believe. It’s unclear how much other corruption may cause them to have limited functionality in actual wartime situations.

In related news, the Chinese market is skyrocketing. This is after the news a few days ago of them having a net negative return over the last few decades. Of course, this seems like the storm before the storm, and there will likely be a strong correction. So watch for that! This feels like like a pump and dump to me. I expect there will be a lot of short sellers imminently.

“stocks going vertical”

Okay, onto the Middle East. Hezbollah’s missile chief was killed in an airstrike. The video of the destruction was pretty telling of the power of that particular bomb. The Israelis aren’t messing around. Hezbollah has lost a lot of their highest ranking officials (more details about Beirut activity and in southern Lebanon). One day, all their comms got destroyed, then the next, their backup comms got destroyed, and then IDF hits them where they have in-person meetings. 💥 

“Ibrahim Kobaysi was eliminated”

Iron Dome has been working overtime on the border with Lebanon. But an interesting video and comment got me thinking about - what the strategy is with incoming. Do they simply “empty the clip”? You might as well fire everything you have, in case one misses? Or do they select targets more judiciously in case there is another barrage behind the first? Here is another example that is bit more difficult to see.

“Emptying the Clip”

Hezbollah also launched a ballistic missile, which may be the Qadr. That’s a pretty big improvement in technology. Fortunately, it was intercepted by David's sling. Qadr missile. Launching a 1,000lb warhead is pretty impressive. Of course, the Qadr missile variant is produced by Iran. So Iran must be really pissed that Hezbollah stole it from them. Right, Iran? 🙄 

“Qudr”

Let’s head south of the border, where El Salvador’s president Nayib Bukele gave a great speech to the UN about his nation. If you haven’t been following this guy, he’s done a ton of criminal reform, cleaned up the streets, kicked out the cartel, etc. He’s amazing. But what will be even more amazing is to see how their economy and quality of life improve and how quickly. It’s a grand experiment. It reminds me a bit of what the United States states rights are all about. A lot of it comes down to self-determination, sure, but it also allows for a competition of ideas. The talent and investment will always flood to whoever has the best ideas.

Okay, now onto domestic news, where a strange set of things are happening around a planning meeting, and where they seem to be expecting a mass casualty event in DC. It is something that happens to some degree fairly regularly, where continuity of government can still happen even in the event of a catastrophe. But the timing is odd, and the fact that congress is planning to be eradicated in one mass event is a bit chilling to say the least.

The current strategic reserves of the United States have now hit the lowest they have been in approximately 40 years and are falling. National security concerns are paramount, but this goes against what I thought we should have done years ago - buy up everyone else’s oil first, even faster than we need it while it’s cheap, and let them exhaust their oil resources before we use our own. Nope, straight to the bottom. It reminds me a bit of how Obama and Trump didn’t bring the national stockpiles of PPE back up until the pandemic was upon us. That’s the worst time to worry about needing things - when it’s too late. Were none of these people in the Boy Scouts? Be prepared!

“Lowest level in ~40 years”

In confusing news, the White House won’t be supplying Israel with intel on Lebanon and also asked for a 21-day ceasefire. They seem to be trying to distance themselves from Israel in the lead-up to the election, which is just about a month away now. They need the Muslim votes in places like Michigan. But why a 21-day ceasefire? Why not 39 or more days, which is the amount of time before the election takes place? Maybe they think it will take time to get both parties to agree. Either way, if I were Israel, I’d say no thanks to the administration unless all hostages are returned.

“US military will not supply intel support to Israel”

In other horrific-sounding news, it is rumored that nine surface-to-air missiles were found in New Mexico coming across the Mexican border. The rumor was that the intent was to have three separate teams who were to target Trump’s airplane. Three teams of three missiles each seems slightly odd, but maybe that is to allow the first and maybe even second missiles to exhaust the flairs/chaff that Trump may have aboard his plane, allowing the third to hit the intended target. I cannot validate any of this info, and the only other article I could find was from an Indian news outlet that seemed to agree that, so far, it is just speculation. Either way, this will be a talking point leading up to election day, I suspect, especially if it turns out to be true. But even if it’s fake, it will be used to explain how disinformation campaigns are propagating, etc. It’s a mess.

“9 surface to air missiles”

In the weather there is a huge hurricane named Helene hitting with 6 dead and 3 million without power. You can check out more updates here. This appears to be affecting mostly Florida at the moment, but I’m not sure - these things tend to hook north and then east pretty quick once they hit landfall.

Biden signed a performative executive order aimed at creating a task force to understand the threat of ghost guns and machine guns. Of course there is none or virtually none anyway, but it helps him build a case on more unconstitutional mandates from the ATF. Stay tuned. I am sure the report will be gushing about the massive deaths caused by these weapons when, in reality, most gun deaths are by suicide, and then of the remaining, most are against loved ones, and way way down the list are mass murders and most of them are gang-on-gang related. Of the things his office could spend time on doing, something that might actually cause violence, this is about the most worthless executive order I can imagine. 👎️ 

Onto the tech news, where the talk of the conference I attended was the mess between WP Engine and WordPress. WordPress owns the trademark and claims that WP Engine is using it but not contributing back as much as it should. This seems more like a personal beef between Matt Mullenweg and WP Engine and less. Joost de Valk did a good write-up here if you can read between the lines. There was also a lot of talk about AI at the conference too, and speaking of, OpenAI’s CTO stepped down.

Telegram has decided that their morals on censorship and data privacy aren’t quite as inflexible as they originally claimed, and have decided to obey to the Parisian courts and has changed their policies, to be more in line with the rest of social media companies, who will work with investigators and ban accounts.

“valid legal requests”

In computer security news, there are two things worth mentioning. The first is a new Kia unlocking app. So, if you know someone who owns a Kia or you own a Kia, you may want to check this out. The next is a CVE 9.9 (out of 10) vulnerability in CUPS, which is a printer driver for Linux and Mac. This will likely unleash a chain of new exploits due to how sloppy the code seems to be and how easily it can be chained together with other issues to allow remote code execution. There apparently was also a lot of drama with the disclosure process. I feel for Simone - this happens a lot to researchers. There are no patches yet, to either of these issues from what I can tell.

Okay, onto the articles!

The Israeli military conducted a raid in the village of Anza in southern Jenin, resulting in one death and multiple injuries, including that of a child.

  • An Israeli military operation in Jenin leads to civilian casualties.

  • Over 600 Palestinians have been killed in the West Bank since early October, amidst escalating violence.

[RSnake: I am sure some people wonder why I put Aljazeera in here, knowing full well how skewed the reporting is. They often do have good data, even if their spin is almost mind-bogglingly wrong.]

Sudan's army has launched am offensive in Khartoum against the paramilitary group Rapid Support Forces (RSF), aiming to reclaim lost territories amidst an ongoing civil war that has resulted in an estimated 150,000 deaths and severe humanitarian crises. The conflict continues to escalate despite US-led discussions for a ceasefire, with both factions accused of attacking civilian areas, leading to widespread displacement and famine risks across the country.

  • The Sudanese army is intensifying its military campaign against the RSF, focusing on regaining control of Khartoum.

  • The ongoing conflict has led to a humanitarian crisis, displacing over 10 million people and resulting in significant civilian casualties.

Russia is considering changes to its nuclear weapons policy, suggesting that it may treat military actions by non-nuclear states supported by nuclear states as a joint attack, which could open the door for nuclear weapons use. Ukraine is increasingly requesting long-range missiles from its allies to target military sites in Russia, emphasizing that the conflict could escalate further. This situation has prompted international responses, including warnings from the US and China regarding the consequences of any nuclear threats.

  • Putin indicated a shift in Russia's nuclear strategy that could lead to nuclear weapons being used in response to attacks by non-nuclear states supported by nuclear powers.

  • Ukraine is seeking further military assistance from Western allies amidst concerns over escalating threats from Russia.

Intense air strikes by Israel in southern Lebanon have resulted in significant civilian casualties and mass displacement, with around 90,000 people newly displaced and 600 confirmed dead. Cross-border attacks between Israel and Hezbollah are causing tens of thousands to flee, as local authorities and volunteers struggle to provide for the large influx of refugees amidst ongoing violence.

  • Israeli air strikes in Lebanon have killed hundreds and displaced tens of thousands.

  • Local communities and volunteers are providing food and shelter for fleeing civilians.

The partnership between Indonesia and Russia is poised to significantly influence the geopolitical landscape of the Indo-Pacific region from 2025 to 2037, focusing on maritime security, technological advancement, and environmental sustainability. This alliance aims to address various global challenges through coordinated efforts in military strategy, economic cooperation, and cultural exchange while also navigating potential obstacles such as geopolitical pressures and economic disparities.

  • Indonesia and Russia are forming a strategic partnership to reshape the geopolitical dynamics of the Indo-Pacific.

  • Key areas of collaboration include maritime security, technological cooperation, and addressing global challenges like climate change.

[RSnake: That means we can expect more to enter the China/Russia/Iran/North Korean axis if war were to escape the borders of Ukraine and Russia. Not good.]

A political rift has emerged between the Republican Party and Ukrainian President Volodymyr Zelensky, following his visit to an arms factory in Pennsylvania, which some Republicans claim was an attempt to support Democrats. Zelensky is in the US to secure additional military and financial support for Ukraine amidst ongoing Russian attacks, with President Biden announcing a significant military aid package of $7.9 billion. Tensions have further escalated as Speaker of the House Mike Johnson demanded Ukraine to dismiss its ambassador to Washington, amidst allegations of election interference.

  • Volodymyr Zelensky is visiting the US to secure more military and financial support for Ukraine in its conflict with Russia.

  • A political feud has erupted in the US over Zelensky's visit, with significant implications for US-Ukrainian relations and upcoming elections.

Two journalists in Hong Kong have been sentenced for sedition related to their work at a pro-democracy media outlet, Stand News, which has since been shut down. Their case marks a significant application of a colonial-era sedition law in the territory since its return to China, reflecting escalating controls on freedom of expression and press in Hong Kong under the national security law.

  • Two journalists were convicted and sentenced under a colonial-era sedition law for publishing articles about civil liberties in Hong Kong.

  • This case illustrates increasing restrictions on press freedom in Hong Kong, which has significantly declined in global rankings.

Over 30 countries and the EU have committed to supporting Ukraine's recovery and reconstruction during a recent G7+ meeting in New York. The plan includes approximately $50 billion in financial support, utilizing revenues from frozen Russian assets, as Ukraine prepares for EU membership and military support growth.

  • G7 and allies pledged joint support for Ukraine's reconstruction.

  • The declaration plans to use frozen Russian assets to fund assistance and military needs.

[RSnake: It does seem a bit strange to be celebrating with reconstruction contracts when the war is still raging. But at least Russia is the one footing that bill.]

Venture capital investment in European defense technology is projected to reach a record $1 billion in 2024, reflecting a five-fold increase since 2018 as geopolitical instability escalates. Key countries such as Germany, the UK, and France are leading this surge, which has resulted in $3 billion in funding for defense tech startups over the past three years, indicating a significant shift in focus towards strengthening national security within NATO member states.

  • Venture capital investment in European defense tech is set to hit a record $1 billion in 2024.

  • Germany, the UK, and France dominate investments, accounting for 87% of total funding since 2018.

[RSnake: It’s honestly probably not enough. But at least it’s a good start, and the VCs see where this is headed: at minimum, a very prolonged cold war, if not actual war.]

The U.S. Space Force is advancing capabilities for better space tracking to counter threats posed by Russia and China by 2027. Major initiatives include developing the Advanced Tracking and Launch Analysis System and partnering with commercial entities for maneuverable capabilities, with a planned budget of $1 billion for Resilient GPS over the next five years.

  • The U.S. Space Force is focused on improving battle space awareness to address advanced military space capabilities from Russia and China.

  • Key projects include the Advanced Tracking and Launch Analysis System and potential partnerships for spacecraft maneuverability.

[RSnake: Cool. It is only a matter of time before we are able to build Gorgon Stare but at an orbital level instead of drones. That is even more true if we can lower the cost and make them into constellations of satellites.]

The Missile Defense Agency (MDA) has selected Northrop Grumman to design a Glide Phase Interceptor (GPI) to counter hypersonic missile threats, a significant advancement in U.S. defense capabilities. This decision follows a competitive evaluation process and reflects a prioritization of resources as MDA aims to reach operational capability by 2032, while the technology is expected to be fielded by 2035.

  • Northrop Grumman is tasked with developing a defense system against hypersonic threats.

  • A timeline has been established for operational capability and testing phases leading up to 2035.

[RSnake: Interception is easy, but chasing them is hard. So you need something far faster, or better at meeting the adversarial missiles mid-flight.]

North Korea has reportedly enriched enough uranium to potentially construct a double-digit number of nuclear weapons. The country's National Intelligence Service shared these findings amid concerns regarding its missile advancements targeting South Korea and signals of military defiance toward the United States ahead of the presidential election.

  • North Korea has a substantial amount of enriched uranium and plutonium for nuclear weapons.

  • The nation is advancing missile technology capable of precise strikes on South Korea.

[RSnake: Not good. Expect bombs on target sometime soon, especially if they actually finish one. That may be part of the reason for the increased US warship buildup in the region. This thing could get big fast.]

A labor dispute is escalating in the U.S. maritime industry as the United States Maritime Alliance has filed an unfair labor practice charge against the International Longshoremen’s Association, alleging refusal to negotiate over a new Master Contract for dockworkers. A strike is imminent as the current contract covering 45,000 workers is set to expire on September 30, 2024, with the potential to disrupt supply chains and holiday shipments at major ports along the East and Gulf Coasts.

  • The USMX has filed a charge against the ILA, suggesting a breakdown in negotiations for dockworkers' contracts.

  • A potential strike could affect major U.S. ports, disrupting supply chains and impacting holiday logistics.

China is building over 1,500 ships annually while the United States is only managing five. This disparity raises national security concerns as the U.S. relies on its maritime fleet for military operations and trade, prompting the introduction of the 'Ships for America Act' to boost U.S. shipbuilding capacity and reduce dependence on foreign nations. The bill aims to enhance shipbuilding infrastructure and workforce development in order to strengthen the U.S. maritime industry.

  • China's shipbuilding capabilities far outpace that of the U.S., with significant implications for national security.

  • The 'Ships for America Act' seeks to revitalize U.S. shipbuilding and infrastructure to prepare for potential naval conflicts.

[RSnake: This will hurt us a lot if we end up in a regional conflict. The only upside here is the US manufacturing base tends to pivot on a dime when necessary, but still.]

The U.S. Army has made a significant policy shift by removing diversity considerations from the selection process for top noncommissioned officer roles, emphasizing merit over demographics. This change comes amidst criticism from conservative lawmakers about the military's focus on progressive initiatives, and it aligns with the Army's broader goal to enhance combat readiness.

  • The Army is prioritizing merit-based promotions over diversity considerations in leadership roles.

  • The shift reflects ongoing debates about the balance between diversity and combat readiness in military policy.

[RSnake: I guess it took the US military some time to remember that it is unconstitutional and therefore illegal to hire someone based on their immutable characteristics.]

A Japanese destroyer passed through the Taiwan Strait for the first time, marking a significant move by Japan to assert its right to freedom of navigation in the region and counter China's military activities.

  • Japan is asserting its right to freedom of navigation in the region and countering China's military activities by passing a destroyer through the Taiwan Strait.

  • The passage of the destroyer marks a significant move by Japan, as it has refrained from having any Japanese administration sail through the strait due to fear of Beijing's strong retaliation.

Four countries, Australia, Canada, Germany, and the Netherlands, are initiating legal proceedings against the Taliban for violations of a U.N. convention related to women's rights. More than 20 countries supported this action, condemning the Taliban's systematic human rights violations against women and girls. The Taliban has responded by dismissing the accusations as propaganda and maintains that their policies align with their interpretation of Islamic law.

  • Australia, Canada, Germany, and the Netherlands are pursuing legal accountability for the Taliban regarding women's rights.

  • The Taliban denies allegations of human rights violations and claims their policies adhere to Islamic law.

[RSnake: This is kinda cool - I am curious how this ends up playing out in court. What will that discovery process look like?]

Visa has announced its acquisition of Featurespace, a company specializing in AI technology for detecting and preventing payments fraud. This transaction aims to enhance Visa's fraud protection solutions, benefiting financial institutions and consumers by improving security in the payments industry. The acquisition is expected to close in fiscal year 2025 and will require regulatory approvals.

  • Visa is acquiring Featurespace to strengthen its fraud detection capabilities.

  • The deal will enhance security measures across the payments ecosystem.

[RSnake: When Cybersource was purchased, one friend who worked there told me they were able to detect fraud at 99+% when women-sounding-names bought adult website access, but they had to disable it because the other 1% were outraged. Imagine an AI making that same decision and no one knowing why. Attribution with AI is notoriously difficult. Good luck to the Visa team!]

The FBI has issued a warning about a rise in fraudulent real estate transactions involving scammers impersonating landowners to sell vacant properties. This type of scam has reportedly increased by 500% over the past four years, prompting calls for vigilance from property owners and real estate agents alike to ensure proper documentation and identity verification.

  • Scammers are impersonating property owners to sell land they do not actually own.

  • There has been a significant increase in vacant land fraud cases, leading to heightened alerts among real estate professionals.

The number of Americans filing for jobless aid decreased to 218,000, the lowest level in four months, despite a potential cooling in the job market amid rising interest rates. Despite the decrease in claims, the U.S. economy added 142,000 jobs in August, suggesting ongoing challenges as the Federal Reserve cuts interest rates in an effort to support employment without triggering a recession.

  • The U.S. jobless claims fell to their lowest point in four months.

  • The Federal Reserve has begun cutting interest rates to support the job market amid slowing employment growth.

[RSnake: Not that anecdotes matter here, but I know a lot of very talented people who can’t find a job. One guy I talked to said he plans to lay off his entire analytics team because of AI and faster automation.]

WordPress.org has revoked WP Engine's access to its resources, ceasing plugin updates for sites hosted on that platform due to disputes over changes made by WP Engine that allegedly compromise the WordPress core. This conflict has left many WP Engine customers vulnerable to security issues, as they will no longer receive important updates that protect against potential hacks. The situation has led to legal threats and accusations between the two entities regarding trademark usage and revenue practices.

  • WordPress.org stopped delivering updates to WP Engine hosted sites, which could lead to increased security risks.

  • The conflict involves legal actions and disputes over how WP Engine has utilized WordPress resources.

A critical vulnerability has been discovered in the NVIDIA Container Toolkit and GPU Operator, allowing attackers to gain full access to a host's file system and underlying infrastructure.

  • The vulnerability can be exploited by creating a malicious container image and grants the attacker full visibility to the underlying infrastructure, potentially allowing access to other customers' confidential data.

  • Any organization with vulnerable versions of the libraries should prioritize patching as quickly as possible to prevent potential code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

A state-sponsored advanced persistent threat (APT) known as 'Salt Typhoon' has infiltrated several communications service provider networks in the US, potentially aimed at information theft and establishing a platform for disruptive cyber attacks. This threat is believed to be linked to Chinese state-sponsored hackers, with military implications in the context of rising tensions over Taiwan and regional control. The campaign represents a continuing trend of targeting critical infrastructure by Chinese-backed cyber threat actors, raising significant cybersecurity risks for service providers.

  • Salt Typhoon is a newly identified cyber threat targeting US ISP networks.

  • The incursion may facilitate espionage and prepare for military conflict scenarios.

  • Chinese APTs aim to compromise critical infrastructure for both reconnaissance and potential offensive capabilities.

A Hong Kong court has sentenced two editors of the now-defunct pro-democracy newspaper Stand News to prison for sedition in a landmark case under a colonial-era law. This case marks a significant moment in Hong Kong's media landscape, as it follows the closure of numerous pro-democracy outlets and an ongoing crackdown on press freedom since the enactment of the national security law in 2020.

  • Two journalists were sentenced for sedition related to their work with Stand News.

  • The case has drawn international condemnation and signifies continued erosion of press freedom in Hong Kong.

[RSnake: I wonder if these types of cases will start to increase, or if they’ll just disappear. Sesame Credit should be limiting a lot of this due to the chilling effect it has on Chinese citizens to have a low social credit score.]

The U.S. Treasury Department has sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, for laundering funds linked to Russian ransomware gangs and cybercrime. This is part of a coordinated effort to disrupt Russian cybercrime services and financial facilitators, prohibiting U.S. transactions with the sanctioned entities.

  • The U.S. Treasury has targeted Cryptex and PM2BTC for their involvement in laundering over $51 million linked to ransomware.

  • These sanctions are part of a broader initiative by U.S. and international law enforcement agencies to combat transnational organized cybercrime.

[RSnake: Apparently, deel.com is the new hotness for a lot of money movement cross-border btw. Watch that company.]

The U.S. government has indicted two prominent Russian hackers linked to extensive cybercrime activities, including the operation of a major carding site known as Joker's Stash, which sold millions of stolen payment cards. Additionally, sanctions have been imposed on a cryptocurrency exchange named Cryptex, which is alleged to facilitate money laundering for cybercriminals. These actions aim to disrupt sophisticated networks involved in international financial crimes.

  • Two Russian hackers have been indicted for operating Joker's Stash, a carding shop linked to significant data breaches.

  • The U.S. has sanctioned the cryptocurrency exchange Cryptex for its role in laundering money for cybercriminals.

NIST has proposed new guidelines to improve password security by eliminating outdated and ineffective requirements such as mandatory password resets and specific character usage. The updated recommendations suggest that passwords should be a minimum of 15 characters and allow more flexibility in creating secure passwords, which may enhance user compliance and overall security.

  • NIST proposes banning mandatory password resets and complex character requirements.

  • The guidelines aim to allow stronger, longer passwords while enhancing security practices.

[RSnake: Good that was always stupid advice. They should only be talking about password re-use, password length, and second-factor authentication.]

MIT researchers have developed a new security protocol that uses quantum properties of light to secure data in cloud-based computation, particularly during deep learning processes. This protocol ensures that data can be securely sent and processed without being intercepted or copied, maintaining the privacy of sensitive information such as medical data while also preserving the accuracy of the deep learning models used.

  • A quantum security protocol ensures data security for cloud-based deep learning computations.

  • The method allows secure processing of sensitive information like medical data without compromising accuracy.

[RSnake: While cool, I think we have bigger fish to fry - like the data/code itself being corrupted. Or how about biases in the reinforcement learning from human feedback (RLHF)? I don’t want to say we don’t need better tools, but this is defending against attacks that are very far down the line of practicality.]

Security researchers discovered a significant vulnerability in Kia's web portal that allowed unauthorized access to millions of cars, enabling capabilities such as tracking locations, unlocking doors, and starting engines remotely. This flaw is part of a broader trend of web-based security issues affecting various automakers, prompting concerns about the cybersecurity landscape in the automotive industry.

  • A vulnerability in Kia's web portal allowed hackers to take control of connected vehicle features.

  • Similar issues have been found in multiple car brands, indicating a widespread problem in automotive web security.

The Five Eyes nations, comprising the U.S., U.K., Canada, Australia, and New Zealand, are implementing a new cybersecurity strategy based on networked governance. This approach involves collaboration among various government agencies to enhance cybersecurity measures and respond to global threats more effectively. Additionally, there is discussion about potentially expanding the Five Eyes alliance to include nations like South Korea, Japan, India, and Germany.

  • Five Eyes alliance adopts a networked governance approach for cybersecurity.

  • The expansion of the alliance is considered to enhance global cybersecurity collaboration.

OpenAI has released new audio conversation capabilities for ChatGPT-4o, allowing users to interact with the AI using voice. This advancement in voice synthesis technology could change how people engage with AI, fostering a more personal and conversational experience despite the AI lacking real emotions or consciousness.

  • ChatGPT-4o introduces Advanced Voice features that permit natural voice interactions.

  • The new capabilities may lead to users forming deeper connections with AI despite its lack of true emotions.

Meta has introduced new celebrity voice options for its AI chatbot and showcased advancements in augmented-reality glasses during its annual Connect conference. The company reports significant user engagement with its AI technologies and plans to invest heavily in developing these innovations, while also navigating user misconceptions about content usage. Additionally, Pakistan has received a $7 billion loan from the IMF amid ongoing economic challenges.

  • Meta is launching new celebrity voice options for its AI chatbot and new augmented-reality glasses.

  • Pakistan has secured a $7 billion loan from the IMF, addressing its ongoing economic difficulties.

OpenAI is restructuring from a nonprofit to a for-profit benefit corporation, potentially allowing for greater investment and return opportunities, particularly for CEO Sam Altman, who may receive a 7% equity stake. This shift could lead to a valuation of $150 billion for the company and signifies a significant change in its operational focus, possibly affecting its commitment to its original mission of benefiting humanity. The transition comes amid internal leadership changes, including the departure of key executives like Chief Technology Officer Mira Murati.

  • OpenAI is transforming into a for-profit benefit corporation to attract more investment.

  • CEO Sam Altman is set to receive a 7% equity stake, indicating a major shift in company leadership and strategy.

Brazil is experiencing a severe drought that is significantly affecting coffee and sugar production, leading to record high prices for these commodities globally. Farmland fires and damage to crops have exacerbated the situation, although some rain is forecasted for mid-to-late October. In Vietnam, robusta coffee prices are decreasing in anticipation of the new harvest, which may help offset some of the price pressures on arabica coffee.

  • Brazil's drought is causing coffee and sugar prices to reach record highs.

  • The forecast for rain in Brazil is uncertain, impacting crop recovery.

The U.S. economy grew at a 3% annual rate from April to June 2024, driven by robust consumer spending and strong business investment. Inflation has eased to slightly above the Federal Reserve's 2% target, prompting the Fed to cut interest rates for the first time in over four years to support job growth amidst a slowing job market.

  • The U.S. GDP increased due to strong consumer and business spending.

  • Inflation rates have decreased significantly, influencing the Federal Reserve's decision to lower interest rates.

  • There are signs of a slower job market, with the average monthly job addition at its lowest since mid-2020.

Thanks so much for reading, and once again, please forward this newsletter to anyone you think should be reading it. It’s how the newsletter grows, how I know you love it and encourages me to keep going. I’d really appreciate it!