RSnake Report 20241201

Table of Contents

• Geopolitical

• Technology

• Cybersecurity

• Business

Hello, and thanks for reading! I hope you and your family had a nice turkey day. I may have had a few too many helpings myself, but tis the season, I guess! The tree is up in the RSnake house, and the cheeks are rosy. So, I think we’re off to the holiday season in style.

So there is a lot of foot in the Russia/Ukraine conflict, to bear with me. Russia's eastern offensive is accelerating, with troops capturing nearly 235 square kilometers of territory in the past month—a record pace in 2024. Reuters reports that this represents the fastest advance in a single week this year. Much of this comes at the same time as huge waves of attack against civilian infrastructure across Ukraine, including water, power and private homes.

On the battlefield, grassroots Russian efforts to develop and deploy semi-autonomous fighting vehicles are making rounds. However, there has yet to be a confirmation from Ukrainian officials. It’s not clear what they mean by semi-autonomous, exactly, but I suspect we will find out shortly when these are hit by FPV drones and recovered by Ukrainian troops. Meanwhile, Russia is building seemingly low-tech drones to do medical evacuation at the same time.

I did want to point out one exciting duel between two opposing FPV drones that ended predictably in both of their destruction. This is both rare and maybe even the first of its kind ever recorded/published, but it is also a glimpse into the future. Both of these drones were designed to kill people and equipment, not other drones. But someday, drones may fight drones to a much greater extent. This duel undoubtedly saved someone’s life, and maybe a number of human lives.

Ukraine has been hitting back hard. Recent drone strikes targeted an oil terminal in Kaluga, resulting in massive explosions visible for miles. Videos from the scene show the scale of destruction. There were also attacks against an oil refinery in Kamensk-Shakhtinsky in Russia's Rostov region and the Atlas oil facility. Oh, and let’s not forget about a Freon gas warehouse in Moscow. Any one of these could be seen as a huge catastrophe, but they happen daily in Russia.

In Petersburg, the Russian hot water main was destroyed, sending boiling water into the streets, with several people seriously injured. This hot water is used to heat civilian homes. Remember, it’s freezing in the region, especially at night, and most homes and apartments have limited means of keeping warm.

In another significant operation, Ukraine used ATACMS cluster munitions to strike Khalino Airfield, reportedly targeting Russian S-400 systems. Close-up footage captures the moment of impact, and it looks like hell on earth. Frankly, I’m surprised the guy filming it survived.

One of Russia’s top generals, Lt-Gen Valery Solodchuk, 18 other officers, and an unconfirmed large number of North Korean soldiers were killed using UK-provided Storm Shadow missiles, likely against Maryino against an underground command post.

It’s not just Storm Shadow missiles that Russia will have to deal with. Apparently, NATO ordered Tomahawks to be supplied to Ukraine as well. These are extremely long-range cruise missiles of US origin, capable of hitting targets a couple of thousand kilometers away - not 5,500 as Jürgen claimed, but more like 2,500, depending on the variant. It’s more of a family of missiles than a single type.

On the morale front, one Russian deserter gave some insider information as to what life is like on nuclear bases, where security is understandably tight, but his job was to make sure soldiers didn’t try to steal phones, and regular lie detector tests barraged them. On the battlefield, this haunting and rather disturbing video gives you some view into what life is like for the Russians on the front: bodies everywhere, trash, under constant surveillance by Ukraine, and with no evacuation plan. The recruitment of new militants is also a mess, with Russians invading nightclubs at 2 AM and gathering up military-age men in Moscow. No wonder they have no interest in going to the front with videos of what life is like so accessible.

Meanwhile, economic cracks are widening in Russia. Mortgage rates have nearly hit an eye-watering 30%, leading to widespread panic. Russian state media confirms the staggering rates.

The ruble temporarily tumbled to 114 per USD, sparking fears of an imminent economic collapse if panic erupts. You can find some excellent analysis here. But they have halted trading so the real rate is likely far lower today than even that, though the perception amongst the public will likely be that that spike was temporary.

But the news isn’t just bad on the ruble front. Russia’s shadow fleet is now being sanctioned by the UK, which likely means they will find it very difficult to operate, to drop off oil, and get insurance, and a lot of other things critical to their operations. Also, a thousand shopping malls in Russia are facing bankruptcy due largely to a key interest rate above 20% and more threats of further increases to slow inflation. That means that rent driven by loans will increase far beyond what most small businesses can afford.

Ukraine has once again said it will attempt to join NATO with a pause or even remove Article 5, which would drag NATO into the war effort. This is an exciting change, and likely a good one, that says anyone can join NATO even while at war, but we won’t help until after you are at peace. Of course, Russia will be pretty annoyed by that outcome if it does come to pass.

A Russia Sukhoi Superjet caught fire immediately upon landing, which wouldn’t be that interesting except it’s unclear why, as the manufacturer is blaming human error. This airplane company is plagued by many issues during flight, so it seems more like this is a manufacturing/supply chain issue, not human error.

In European news they had their own jet problem. In Lithuania, a DHL Boeing 737 crashed on landing, raising safety concerns. Footage of the crash captured the dramatic moment and also here.

Protests in Tbilisi, Georgia, continue as tensions simmer. Updates from the scene. These protests don’t seem to be slowing down. If anything, they are intensifying with the Fire Department switching sides and no longer providing water to the police for their water cannons. Protesters are improvising firework machine guns to try to slow down police movement. The military will have to make a hard decision here, one way or another.

Turkey has said that they won’t support a peace plan that includes Russia taking Ukrainian land, which is likely a huge surprise to Moscow since Turkey has been waffling between NATO and BRICS. But it does show that Russia has an interesting negotiation ahead of it in January.

Sweden has sent PBV 302 armored vehicles to Ukraine, bolstering its defenses against Russian aggression. Visual confirmation here. It’s hard to get a real count from that video, but it looks like around 100 of them, which is a pretty sizable donation to Ukraine’s effort.

In South East Asia, I wanted to point out a new weapon system that South Korea is touting. The video of their new L-SAM anti-ballistic interceptor family of missiles is worth watching and may end up being super useful against North Korean and Chinese aggression. The question is how fast and how many can they produce, because any hot war will require a lot of material to get aloft and very quickly.

In the Middle East, Israel and Hezbollah have agreed to a ceasefire, though the terms remain undisclosed. Reports indicate the deal was brokered with U.S. involvement. However, Israeli PM Benjamin Netanyahu has warned that any violations will be met with "great force." His full statement. Meanwhile Iranian propaganda continues around True Promise 3. For those fans of the previous hits, True Promise and True Promise 2, we have some good insights into what the third episode of this drama will accomplish - none of it’s promises. 🤡 But the video is worth a watch if you want to see how the military is talking about it’s next phase. The question is will Israel start treating Hezbollah and Iran as the same entity, or will they take the path of least aggression?

In Syria, opposition forces have entered Aleppo for the first time since 2016. Reports suggest mass defections among pro-Assad militias as the rebels continue their advance. Details here. So for our part, the Biden administration has said that it has nothing to do with it, but at the same time there is some tenuous evidence that Ukrainian commandos have been spotted in Aleppo.

If we fund Ukraine and they lead HTS into Aleppo, that seems to indicate we have something to do with it. The arms they are collecting, include MLRS, aircraft, firearms, armored vehicles and more. Keep in mind, HTS has long been declared a terrorist organization. So while bad guys fighting bad guys is probably a good thing, funding it, if that turns out to be true, raises my eyebrows a bit. 🤔 

Russia is already allegedly bombing Aleppo as the Syrian rebels head towards other juicy targets where Russian bases are. Ships, fighters, and a lot more material are waiting to be grabbed if HTS can get there. In this case, I really am not sure if there is a team worth rooting for, though Assad was clearly a bad actor, so his fleeing to Moscow is at least one despot moved to the hub of despots. Moscow likes collecting them.

In Domestic news, California’s economic growth has nearly stalled, with 96.5% of new jobs in the past two years tied to government roles. Analysis shows the state’s growing reliance on public-sector employment. That basically means California is losing money, because they are paying a huge tax for each of those government employees. Even if other areas of the economy grow slightly, they could never grow to that extent where 96.5% of it is draining from any actual GDP.

In military policy, Donald Trump reportedly plans to discharge 15,000 transgender service members on medical grounds if reelected. Read the report here. This would be an honorable medical discharge, as opposed to an actual firing, because it includes benefits and presumably access to the VA. Now the question is will complications related to their surgeries be covered by the VA. I can almost hear that controversy brewing.

In other Trump news, Jack Smith filed a motion to dismiss charges against Donald Trump. Knowing that they have no jurisdiction against a sitting president, there is no case for as long as he sits in office, which basically means there is no case, in part because this will fall outside of the statute of limitations as well once he is out of office. Nothing to see here.

Walmart has joined several major corporations in rolling back controversial DEI (Diversity, Equity, and Inclusion) initiatives. Details here. This makes a lot of sense because it was always illegal. They can tell that this will end badly for any companies that continue to support the practices, and they want to get in front of it while they still have that option.

In Tech news, there have been a few interesting takes against what LLMs are producing. One was the take of what the future president will look like on inauguration where Grok shows Trump and OpenAI shows a random bald woman. This has a lot of reasons, and most of them are bad - including massive biases in training data, bad system prompts, and artificial rules put on the AI that cause it to make bad predictions.

Another interesting one I saw was the delta between how a single LLM trained in different languages treats women’s salaries. The long and short of it is LLMs are only as good as their training data, and if you introduce bias or overly highlight bias and describe it only as fact instead of explaining the causes for the totally understandable outcome, calling it out every chance you get, guess what you get on the other end?

Okay, onto the articles!

Geopolitical

Russia launched an aerial attack on Ukraine, using nearly 200 missiles and drones to target the country's energy infrastructure, leaving over a million homes without power. This attack, notable for utilizing cluster munitions and potentially new missiles, marks the 11th major assault this year and comes as Ukrainian officials warn of ongoing threats to their winter energy supplies.

• Russia conducted a large-scale attack on Ukraine's energy facilities, impacting power supply to over one million homes.

• Ukrainian officials indicate that Russia may be preparing for further assaults as winter approaches, emphasizing the urgency for air defense systems.

[RSnake: And it is absolutely having an effect. Ukraine really does not have enough air to air defensive capability to stop this, only slow it.]

Source: https://www.military.com/daily-news/2024/11/28/latest-massive-russian-aerial-attack-cuts-power-1-million-homes-ukraine.html

Escalating violence in Gaza has resulted in at least 42 Palestinian deaths as Israeli forces intensified their bombardment. The United Nations reports that over two million people are trapped in the region, facing severe shortages of food and clean drinking water amidst ongoing hostilities.

• Israeli attacks have killed at least 42 Palestinians in central Gaza amidst increasing airstrikes.

• The UN warns of a humanitarian crisis with over two million people lacking food and safe drinking water.

[RSnake: I am sure Iran will happily invite them in since they cared so much about funding Hezbollah’s attacks under the guise of what is happening there. I mean, billions of dollars in missiles and drones go a long way in funding the people they claim to care so much about to get new homes. 🙄 ]

Source: https://www.aljazeera.com/news/2024/11/28/at-least-42-palestinians-killed-as-israel-ramps-up-bombing-in-central-gaza?traffic_source=rss

The newly appointed Secretary of Defense will face significant challenges in managing a large agency with a $3.8 trillion budget and over three million personnel. Key issues include navigating a complex political environment within the Pentagon, addressing unit readiness after years of deployment, and ensuring that the Department of Defense aligns its strategies and operations with the new presidential mandates.

• The Secretary must manage a substantial budget and personnel while navigating internal political dynamics.

• Addressing military unit readiness and aligning defense strategies with the President's policies are crucial tasks ahead.

[RSnake: I had to read it twice. That isn’t a misprint - we really do have 3 million personnel. The question is, what are they all doing? It’s always hard to know for sure how important people are for systems as complex as a military, but wow, still.]

Source: https://www.realcleardefense.com/articles/2024/11/25/the_new_secretary_of_defense_the_task_at_hand_1074408.html

The Red Sea region is experiencing an escalation in maritime violence led by Iranian-backed Houthi insurgents, with over 100 incidents reported in the past year and rising threats to international shipping. The ongoing crisis has prompted multinational security initiatives and military responses, including airstrikes on Houthi targets, as global trade faces severe disruptions and a notable decline in Suez Canal traffic, with rerouted vessels increasing costs and extending transit times.

• Houthi rebels have hijacked numerous vessels, marking an aggressive maritime campaign that impacts global shipping.

• The international community, including the U.S. and UK, has attempted to respond militarily to the escalating attacks and ensure maritime security.

[RSnake: This article is a great thing to reference if you ever need to know exactly how many attacks and when/where they occurred. There's no real news here, but it might be worthwhile if you’re trying to get a feel for how this keeps happening.]

Source: https://gcaptain.com/?p=218011

Britain has announced sanctions against Russia's shadow fleet, targeting 30 vessels involved in circumventing Western restrictions on Russian oil to support Ukraine's defense as winter approaches. This latest sanctions package increases the total number of Russian oil tankers under UK sanctions to 73 and includes penalties against two Russian insurance firms, with ongoing efforts to challenge vessels' insurance credentials in UK waters. Western nations, led by Britain, are committed to providing Ukraine with the necessary military support and funds through 2025 as the conflict continues without signs of negotiation from Russia.

• Britain has imposed major sanctions targeting 30 vessels in Russia's shadow fleet.

• The sanctions aim to strengthen Ukraine's defense capabilities amid ongoing conflict with Russia.

[RSnake: The insurance is the kicker. If they can’t get insurance, then this is only a drain on the Russian government directly if they want to supply insurance. If not, then this is just a very dangerous and likely short-lived endeavor for that fleet of ships.]

Source: https://gcaptain.com/?p=217969

The global landscape is characterized by intensified U.S.-China competition, particularly in the domains of economic and technological leadership. The Biden administration is focused on enhancing economic security to counter China's strategic advances, which involve a strong emphasis on innovation and supply chain resilience, while also addressing military considerations.

• The U.S. views its competition with China as critical for defining future international order.

• Economic security, entwined with technological advancement, is deemed essential for national power.

[RSnake: I will be curious what Biden does over the next month with regard to China. Will he largely keep to himself or try to broker something last minute to get some credit for whatever they are planning to agree to with Trump?]

Source: https://foreignpolicy.com/?p=1179944

Senator Lindsey Graham issued a warning to U.S. allies against cooperating with the International Criminal Court's arrest warrants for Israeli officials, threatening severe economic repercussions. Several countries have shown interest in enforcing these warrants, complicating international relations and negotiations regarding peace and humanitarian efforts in the Middle East.

• Senator Graham warns of economic consequences for nations that cooperate with ICC warrants against Israeli officials.

• The ICC's actions may jeopardize peace negotiations and humanitarian efforts in the Middle East.

[RSnake: I really don’t see this warrant going anywhere.]

Source: https://www.jewishpress.com/?p=716573

Over 11,000 North Korean military personnel are reportedly stationed in Russia's Kursk Oblast, actively participating in combat against Ukrainian forces. There are indications that North Korea may deploy up to 100,000 additional troops to support Russia's efforts in the ongoing war in Ukraine.

• North Korean soldiers are engaging in combat operations against Ukraine alongside Russian forces.

• The potential deployment of up to 100,000 North Korean troops to support Russia's military actions is being discussed.

[RSnake: That would be a much more significant increase if it does occur. My bet is that it will, and likely in the coming few weeks. Putin needs as much movement/negotiation room as possible before Trump takes office, so next month is just too late to get those new troops.]

Source: https://www.pravda.com.ua/eng/news/2024/11/25/7486162/

In Bangladesh, a significant increase in violence against Hindus has been reported following the ousting of Prime Minister Sheikh Hasina. Radical Islamist groups have gained power and are allegedly committing atrocities against the Hindu population, leading to international discussions about potential intervention and sanctions against the current regime under Muhammad Yunus.

• Radical Islamist groups in Bangladesh have reportedly escalated acts of violence against Hindu minorities.

• Calls for international intervention and potential sanctions against the Yunus-led government are emerging as the situation deteriorates.

Source: https://www.eurasiantimes.com/?p=220381

The United States is deploying advanced missile systems to Japan and the Philippines to enhance regional defense capabilities amid rising tensions over Taiwan. This move is part of a broader strategy to counter China's military expansion and establish stronger alliances in the Indo-Pacific region.

• The U.S. is sending HIMARS and MDTF units to key locations in Japan and the Philippines.

• These deployments aim to deter Chinese aggression, particularly regarding Taiwan.

[RSnake: Whatever we’re doing it’s likely not enough. I do wonder if we have more anti-ship capability than we are letting on though, in that region. That is one of the critical components. If ships can cross unimpeded, that’s going to end well for Taiwan.]

Source: https://sofrep.com/?p=210700

A ceasefire between Israel and Hezbollah has come into effect, ending over a year of violent conflict that has resulted in significant casualties and displacement in both countries. The deal, brokered by the U.S., France, and Israel, includes a phased withdrawal of Israeli troops and the removal of Hezbollah fighters from southern Lebanon over a planned 60-day period. The ceasefire aims to establish a lasting calm and pave the way for a return of displaced residents, while both sides remain wary and prepared for potential violations of the agreement.

• The ceasefire begins after more than a year of conflict resulting in 3,823 deaths in Lebanon.

• The deal includes a 60-day plan for the withdrawal of Israeli forces and the removal of Hezbollah fighters from southern Lebanon.

[RSnake: I really don’t like that they are calling it a peace deal online. It is exactly this - a 60-day re-grouping. Just enough time to do a transition of the US government and re-arm. We shall see if real peace can be accomplished during that 60-day period.]

Source: https://www.bbc.com/news/articles/c0mze4pzdnlo

China's treatment of Uyghurs in Xinjiang continues to deteriorate, with reports of mass incarcerations, forced confessions, and severe human rights violations. The Chinese government's actions have been labeled as crimes against humanity, prompting calls for international intervention and accountability, particularly from the United Nations and the United States.

• China's crackdown in Xinjiang involves mass detentions and severe human rights abuses against the Uyghur population.

• International bodies are criticized for failing to effectively respond to these atrocities and ensure accountability for the Chinese government.

[RSnake: Yep, thankfully, the UN has voted to ignore the slaughter, so we don’t have to worry ourselves about it. The UN - always on the ball.]

Source: https://www.atlanticcouncil.org/?p=808663

Technology

IBM developed groundbreaking automation in semiconductor manufacturing with Project SWIFT, significantly reducing the fabrication time of integrated circuits. This innovation led to rapid production capabilities that have been reflected throughout the global semiconductor industry, revolutionizing chip manufacturing processes and establishing a competitive edge in the tech market.

• Project SWIFT successfully automated integrated circuit production, achieving turnaround times unprecedented in the industry.

• The innovations from Project SWIFT laid the groundwork for the highly automated semiconductor fabrication plants of today.

[RSnake: Cool - we’ll need a lot more chips and fast if we’re going to keep pace in the future or maybe even catch up with Taiwan. Is that too much to ask?]

Source: https://spectrum.ieee.org/semiconductor-fabrication

Lockheed Martin's Skunk Works has successfully integrated artificial intelligence (AI) with operating aircraft for the U.S. Air Force, demonstrating real-time human oversight and AI control in simulated missions. The U.S. Air Force is planning to deploy a fleet of over 1,000 AI-enabled unmanned aircraft by 2028, driven by security concerns and a desire for tactical advantages.

• Lockheed Martin demonstrated a crewed-uncrewed teaming mission using AI-controlled aircraft.

• The U.S. Air Force plans to enhance its operations with a fleet of AI-enabled unmanned aircraft by 2028.

[RSnake: Good. I know there has been a lot of back and forth about the efficacy of the F35, but the real problem isn’t the platform; it’s the pilots, or lack thereof, who are qualified for it. Training is slow, and frankly, the threats are enormous and amplified by non-human combatants. We need to be thinking about scale, efficacy, and cost.]

Source: https://www.eurasiantimes.com/?p=220214

NASA is collaborating with Boeing to develop the X-66 aircraft, a reengineered single-aisle plane utilizing a 'transonic truss-braced wing' design. Testing in wind tunnels aims to optimize lift, drag, and aerodynamics, with expectations of reducing fuel consumption and emissions by up to 30% compared to current models, enabling more efficient regional flights.

• NASA and Boeing are developing the X-66 aircraft to enhance commercial travel efficiency.

• Wind tunnel tests will assess the aircraft's design to reduce fuel consumption and emissions.

[RSnake: It’s nice looking and saves fuel. At least this is some hopeful news coming out of Boeing for a change. But can we get some new engineers - ones that actually know how to build planes?]

Source: https://mashable.com/article/nasa-commercial-plane-future-design-x-66

Tesla is developing a teleoperations system for its upcoming robotaxis and humanoid robots, signifying a shift towards human intervention in its autonomous vehicle strategy. This move comes as Tesla plans to deploy robotaxis on public roads and contrasts with CEO Elon Musk's previous assertions of achieving full autonomy without human involvement.

• Tesla is hiring for a teleoperations team to remotely control robotaxis and humanoid robots.

• The development marks a significant shift in Tesla's approach to autonomy, indicating a reliance on human operators for certain situations.

[RSnake: I’m excited about this future. I was talking with Dave Asprey and some others the other day at a Friendsgiving party about this, and all I can think is that someday we can be fully drunk or fully distracted by work and never even look up once, and it will get us home. Will we even need a driver’s license to be in the back of these? What if we own them?]

Source: https://techcrunch.com/2024/11/25/tesla-appears-to-be-building-a-teleoperations-team-for-its-robotaxi-service/

Neuralink has received approval to launch a feasibility trial testing its brain-computer interface (BCI) that allows users to control a robotic arm using their thoughts. This is part of their ongoing efforts to develop assistive devices for individuals with paralysis. Previous studies have shown the potential of BCIs in enabling users to interact with external devices and improve their independence.

• Neuralink is testing its wireless BCI to control a robotic arm.

• Clinical trials have previously demonstrated the ability of BCIs to enhance user interaction with devices for those with paralysis.

[RSnake: This will undoubtedly help a lot of people. I’m curious to see how well this works! But it also has some interesting applications for FPV robotics where it is unsafe for humans to operate or impractical but they need the same kind of dexterity.]

Source: https://www.wired.com/story/neuralink-robotic-arm-controlled-by-mind/

Tether is reportedly being used extensively by Mexican drug traffickers for money laundering, allowing large amounts of illicit funds to be moved quickly across borders. Court records indicate that Tether is sold at a discounted rate in Mexico due to its association with drug proceeds, with traffickers taking advantage of cryptocurrency to facilitate their operations.

• Tether is used by drug traffickers for large-scale money laundering operations.

• The price of Tether in Mexico is lower due to its reputation as being linked to drug money.

[RSnake: Another version of eGold and Bitcoin.]

Source: https://www.404media.co/tether-has-become-a-massive-money-laundering-tool-for-mexican-drug-traffickers-feds-say/

A US citizen has been sentenced to four years in prison for conspiring to act as an agent of China, sharing information with Chinese agents about his former employers and pro-democracy activists. This case illustrates how

• China has sought to infiltrate major telecoms and use insiders to gather information about corporate operations and political opponents.

• The Chinese hacking operation that compromised Verizon and other telecom giants may have given the hacking group Salt Typhoon access to some victims' call audio and text messages.

[RSnake: There are a lot of these. A lot. At some point we may have to take a very different approach to these agents. Something akin to, “Remove all agents in X region or Y happens, and we know of some amount of them already, so if the ones we know of aren’t removed, we will assume you didn’t remove others as well.” The “Y” variable is the revocation os VISAs. T’s VISAs. That is not my idea, but the more I think about it, the more I think we need to start being more clear on where the line actually is.]

Source: https://gizmodo.com/?p=2000529731

Researchers have found significant privacy risks in Graph Prompt Learning (GPL), a technique used to adapt graph models for specific tasks. Attackers can effectively infer sensitive node properties and relationships using Attribute Inference Attacks (AIAs) and Link Inference Attacks (LIAs). The success rate of inference is high, with some data sets showing 98% accuracy.

• GPL has significant privacy risks due to the ability of attackers to infer sensitive node properties and relationships.

• Laplacian noise perturbation can substantially reduce inference success in GPL.

[RSnake: There are tons of side channel attacks like this across almost any complex system. So it’s no surprise.]

Source: https://arxiv.org/abs/2411.14718

Russian-sponsored cyber threat actor RomCom has combined critical and serious vulnerabilities in Windows and Firefox products to launch a zero-click code execution exploit.

• RomCom used two zero-day vulnerabilities: one affecting Mozilla software, the other Windows, to spread a backdoor to anyone who visited an infected website without any user interaction.

• The exploit chain was patched quickly, with both issues remediated on Oct. 9 and Nov. 12 respectively.

[RSnake: Patch up if you use Firefox.]

Source: https://www.darkreading.com/application-security/romcom-apt-zero-day-zero-click-browser-escapes-firefox-tor

A hacker known as Kiberphant0m, suspected to be a U.S. Army soldier stationed in South Korea, is involved in extorting victims by selling stolen data from Snowflake accounts. The breaches have impacted hundreds of millions of people, with some corporations paying ransoms to prevent data leaks. After the arrest of another suspect related to the extortion, Kiberphant0m made threats to leak sensitive information if demands went unmet.

• Kiberphant0m has been extorting victims by selling stolen data from compromised Snowflake accounts.

• This includes sensitive information from major corporations, affecting around 110 million individuals.

[RSnake: Wow - I didn’t expect it to be an American citizen. I would be surprised if that does turn out to be correct.]

Source: https://krebsonsecurity.com/?p=69605

Crypto billionaire Changpeng Zhao is being sued by hundreds of victims for allegedly providing crypto funds to Hamas, violating US laws and international sanctions.

• Changpeng Zhao is accused of supporting terrorism through his business Binance.

• The lawsuit seeks monetary compensation for bodily harm, death, emotional harm, loss of future income, and funding for medical treatments.

[RSnake: Interesting. I wonder what his incentive is. His Chinese ties are… interesting.]

Source: https://www.jewishpress.com/?p=716930

Cybersecurity

A hack-for-hire operation allegedly linked to ExxonMobil targeted over 500 climate activists and journalists, utilizing advanced cyber methods to undermine their efforts. The operation involved phishing campaigns and the strategic leaking of stolen information to discredit environmental advocates and influence legal proceedings against the company.

• A significant hack-for-hire operation targeting climate activists was allegedly conducted by ExxonMobil.

• The operation involved advanced cyber tactics, including phishing and strategic leaks, to influence legal actions against the company.

[RSnake: Ouch - if this turns out to be true, that is not a good look for any large company to be engaging in these types of opps. I can’t say I’ve never heard of it, but really, it’s not a good idea.]

Source: https://www.vulnu.com/p/inside-exxonmobils-alleged-hack-for-hire-campaign-targeting-climate-activists

North Korean hackers have been impersonating professionals to infiltrate major organizations worldwide, resulting in significant thefts of cryptocurrency to fund the regime's weapons programs. Security experts reported that these hackers have successfully created false identities and utilized advanced tactics to evade sanctions and conduct cyber espionage, yielding billions of dollars over the past decade.

• North Korean hackers have stolen billions in cryptocurrency by posing as venture capitalists, recruiters, and IT workers.

• These hackers utilize false identities and advanced tactics to infiltrate organizations, benefiting the North Korean regime and its nuclear weapons program.

[RSnake: And they are great at their jobs for obvious reasons. The one trick I have seen online is to ask them to denounce Kim Jung Un during the interviewing process. They can’t. They’re like a broken LLM and unable to comply.]

Source: https://techcrunch.com/?p=2921277

Geico and Travelers have been fined a total of $11.3 million for data breaches that compromised the personal information of over 120,000 New Yorkers, including sensitive data such as driver's license numbers. These incidents occurred due to inadequate cybersecurity measures by the companies, which enabled attackers to gain access to private information and misuse it for fraudulent unemployment claims during the COVID-19 pandemic.

• Geico and Travelers faced fines for poor security practices that led to data breaches.

• The breaches exposed the personal data of over 120,000 New Yorkers, leading to identity theft and fraudulent claims.

Source: https://www.vulnu.com/p/geico-and-travelers-fined-11-3-million-for-data-breaches

A US cyber defense agency has found that Russian hackers are actively exploiting a remote code execution vulnerability in SSL VPN products, which can be exploited by browsing a vulnerable URL and allows attackers to execute remote code on the gateway without authentication. The bug was fixed last year, but evidence of active exploitation has been detected. The agency recommends that organizations stop using affected products by December 16 or apply security updates and available mitigations.

• A US cyber defense agency has assigned a critical 9.8 severity score to the vulnerability and added it to the catalog of Known Exploited Vulnerabilities (KEV).

• The affected SSL VPN products are used by over 5,000 customers worldwide, including enterprises, service providers, and government agencies.

[RSnake: Why are they waiting weeks for this?! Drives me crazy. Just shut it off, now. If the US military cannot function in an Internet denied regime they have much bigger problems. Turn it off.]

Source: https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-bug-in-array-networks-ssl-vpn-products/

The Tor Project is urgently seeking volunteers to establish 200 new WebTunnel bridges by the end of the year to combat escalating internet censorship in Russia. This initiative is a direct response to efforts by Russian authorities to block access to Tor and other circumvention tools, which have included targeting hosting providers and removing circumvention apps from stores.

• The Tor Project operates 143 WebTunnel bridges and aims to increase this number to help users bypass internet censorship.

• Russian authorities are intensifying efforts to block access to the Tor network and its tools.

[RSnake: This is cool and clever, but it could be even better. Without getting into more details, what you want is a lot of noise - tons of it. That way, there is no way to stop it without stopping everything.]

Source: https://www.bleepingcomputer.com/news/security/tor-needs-200-new-webtunnel-bridges-to-fight-censorship/

Indian airlines and airports have experienced an unprecedented surge in hoax bomb threats, with 999 incidents reported so far in 2024, significantly impacting flight operations and passenger safety. Despite the absence of actual threats, these hoaxes have led to delays, diversions, and increased involvement of security forces, resulting in substantial operational costs for airlines.

• There have been 999 hoax bomb threats against Indian airlines in 2024, nearly 10 times the number from the previous year.

• The spate of hoax threats has caused significant disruptions, including flight delays and international security responses.

[RSnake: Oddly specific number, but whatever. That is a lot. We have to get better about handling these and knowing which ones are obviously a hoax. My buddy Matt Johansen was SWATted last year using a fake bomb threat. It was obviously fake, but they treated it like it was real. Perhaps there needs to be some middle ground. Maybe call him up on the phone to make sure the emails claiming to be from him really did come from him?]

Source: https://www.bbc.com/news/articles/c05z3v0jp49o

The cybersecurity market experienced significant funding activity last week, with major investments and acquisitions in various companies. Moreover, companies like Palo Alto Networks reported strong quarterly earnings, contributing to an overall bullish sentiment in public markets amid regulatory uncertainties and evolving AI applications in security.

• Cybersecurity funding has increased notably in the last week, suggesting investor confidence in the sector.

• Palo Alto Networks showed impressive financial results and a successful product strategy, despite some concerns about its year-over-year metrics.

[RSnake: Yep, and Dazz is getting bought by Wiz - what sort of shenanigans are afoot when Cyberstarts funded companies get acquired? The problem is no one knows, but I wouldn’t want to be tied to any of those companies!]

Source: https://www.returnonsecurity.com/p/security-funded-171

Business

Investigators are examining allegations against Ken Leech, a fund manager overseeing $308 billion in assets, who reportedly transferred $600 million from some clients to benefit preferred customers. The Securities and Exchange Commission and federal prosecutors claim this illegal practice involved selectively placing profitable trades with certain funds while disadvantaging others. The case raises significant legal and ethical questions regarding fund management practices.

• Ken Leech is accused of illegally transferring $600 million to favored clients.

• The Securities and Exchange Commission and federal prosecutors are involved in the investigation.

Source: https://www.marketwatch.com/story/how-investigators-say-a-star-fund-manager-illegally-took-600-million-from-some-clients-and-steered-it-to-others-ef440ac6?mod=mw_rss_topstories

A federal judge has approved a landmark settlement involving the National Association of Realtors, requiring significant changes to rules on agents' commissions and a payment of $418 million in damages. This ruling follows a lawsuit from home sellers claiming that existing commission structures resulted in excessive fees, which could have led to up to $1.8 billion in damages if the case had continued in court.

• The National Association of Realtors is mandated to revise its commission rules.

• The settlement addresses claims of inflated fees imposed on home sellers by the association's practices.

[RSnake: That whole system needs a complete re-think, especially in the age of the Internet. I used to work for Realtor.com/Move.com and the biggest problems we ran into regularly and the biggest push-backs we got on new tech didn’t come for any good practical business reason, it came from the NAR trying to protect Real Estate agents not homeowners. Other companies in that industry couldn’t care less about the Real Estate agent, they just want to make good products they buyers/sellers want.]

Source: https://www.nytimes.com/2024/11/26/realestate/nar-settlement-approval-commissions.html

Japan's RegTech industry is projected to grow significantly, reaching approximately $210.5 million in 2024 and $376.2 million by 2029, driven by technological advancements and regulatory pressures. The country's regulatory sandbox initiatives and collaborations between RegTech firms and financial institutions are enabling innovative compliance solutions, particularly focused on cybersecurity and data privacy.

• The Japanese RegTech market is expected to grow at a CAGR of 12.3% from 2024 to 2029.

• Partnerships between RegTech firms and financial institutions are increasing to address specific regulatory challenges.

[RSnake: This is both good and bad, it means it will save time adhering to regulations but what this really means is it’s a hidden cost of doing business in Japan.]

Source: https://thereadable.co/japan-regulatory-technology-business-report-2024-2029-regulatory-sandbox-regtech-firms-and-financial-institutions-collaborations-cybersecurity-and-data-privacy-influence-on-the-375-million-market/

Microsoft is under scrutiny from the FTC regarding its business practices in cloud computing, software licensing, and cybersecurity, particularly after a series of cybersecurity incidents. The investigation stems from alleged anti-competitive behavior related to bundling software and licensing terms that distinguish them from competitors, with implications for both market power and economic stability given Microsoft's role as a major government contractor.

• The FTC is conducting a detailed inquiry into Microsoft's business practices regarding cloud computing and software licensing.

• Microsoft's bundling of products is considered anti-competitive and is impacting rival companies in the cybersecurity space.

• Cybersecurity incidents linked to Microsoft have intensified scrutiny from regulatory bodies.

[RSnake: Ouch. I remember Microsoft execs yelling at me about how bad it was to have any sort of consumer protection on software. Guess this is at least part of the reason why…. I do like Microsoft but they do tend to put their toes over the anti-competitive line a lot. There is a Canadian suit against them here.]

Source: https://news.bloomberglaw.com/us-law-week/us-antitrust-watchdog-launches-broad-microsoft-investigation

Tesla's Cybertruck is facing multiple recalls due to quality issues that may impact its reliability and safety. The vehicle has experienced significant depreciation in value since its release, and many potential buyers are less focused on practicality, viewing the purchase as a status symbol rather than a functional truck.

• The Cybertruck has had six recalls in its first year after launch, raising questions about its long-term reliability.

• Despite quality issues, Tesla's marketing may appeal to a niche audience who prioritize the vehicle's image over safety concerns.

[RSnake: Make new tech, there will be problems. This was a pretty huge design change from previous models, so I’m unsurprised.]

Source: https://www.wired.com/story/cybertrucks-many-recalls-make-it-worse-than-91-percent-of-all-2024-vehicles/

A retail company called Stadium Goods has partnered with Barrett Distribution Centers to utilize drones for inventory management in their New Jersey warehouse, reducing instances of product misplacement. The autonomous drones, developed by Gather AI, employ AI and machine learning to scan and track inventory at a rate up to 15 times faster than manual methods, achieving a scanning accuracy of 99.9% and minimizing shrinkage.

• Stadium Goods suffered from high shrink rates due to an ineffective previous inventory management system.

• The adoption of drone technology allowed for real-time inventory tracking and improved accuracy, ultimately leading to cost savings.

[RSnake: Interesting use of drones. A bit overkill for most applications, but interesting.]

Source: https://www.supplychainbrain.com/articles/40614-how-a-3pl-eliminated-shrink-with-drone-powered-inventory-counting

Rivian has secured a $6.6 billion conditional federal loan to resume construction of its factory in Georgia, which is expected to begin operations by 2028. The factory will employ 7,500 people and was initially delayed due to funding issues and a shift in production plans for its next-generation electric vehicles.

• Rivian's factory in Georgia aims to produce 400,000 vehicles annually.

• The funding is part of the Department of Energy's support for advanced vehicle manufacturing.

[RSnake: Good, I like that company. I hope they end up doing well.]

Source: https://techcrunch.com/?p=2920793

If a federal tax credit of $7,500 for electric vehicles is eliminated, it is estimated that electric car sales could decline by 27 percent. This reduction follows patterns observed in other countries that removed similar incentives, leading to significant drops in electric vehicle sales. Currently, high prices and the absence of these tax credits could hinder the growth of the electric vehicle market.

• Electric car sales could drop significantly if the federal tax credit is removed.

• Other countries experienced similar sales declines after eliminating subsidies.

[RSnake: Why we are giving out tax credits for them at all is odd. I do wonder how the Trump/Elon bromance will affect this, though.]

Source: https://www.nytimes.com/2024/11/25/business/trump-electric-vehicle-tax-credit.html

Scott Bessent has been nominated as the new U.S. Treasury Secretary by President-elect Donald Trump, and his appointment is being positively received by Wall Street, as indicated by stock market gains. Bessent has a background in hedge fund management and previously worked for George Soros's investment firm, and he is noted for his somewhat moderate economic views compared to some other nominees in Trump's cabinet. If confirmed, he will tackle critical issues such as the federal debt limit and expiring tax cuts.

• Scott Bessent's nomination for U.S. Treasury Secretary is welcomed by Wall Street, contributing to positive market performance.

• Bessent's background includes work for George Soros and donations to Democratic causes, contrasting Trump’s other cabinet nominees.

[RSnake: Interesting choice. I wish him all the best. Our economy certainly needs all the help it can get, even if he did work for George Soros.]

Source: https://www.fastcompany.com/91235811/scott-bessent-trump-treasury-secretary-pick-market-reaction

Thanks so much for reading, and once again, please forward this newsletter to anyone you think should be reading it. It’s how the newsletter grows, how I know you love it, and encourages me to keep going. I’d appreciate it! Really!