RSnake Report
Posts
RSnake Report 20241023

RSnake Report 20241023

Russo-Ukranian stalemate, Pentagon Israel leak, etc

Robert RSnake Hansen
October 23, 2024

Geopolitical
Technology
Cybersecurity
Business

Hello, and thanks for reading! I hope you are getting your costumes ready for Halloween and the candy stockpile for the monsters, and I’m not talking about doork-nockers asking for you to vote here! No one wants to discover what a scorned 10-year-old will do to your lawn. 🍬 👻

Let’s start with the Russo-Ukraine conflict. I saw an interesting thread on the current state of the Kursk situation and how tank attrition will yield a slow-down from both sides. It puts Russia in a weird negotiating position, and yet Ukraine is also suffering enough losses that it can’t push like it once did without a long break. So, if that prediction holds true, we might see a bit of a slowdown from the 2022-2024 break-neck pace we have seen from both sides. The theory is that Russia (and Ukraine) could mine their newly minted borders and cause the other sides to stagnate.

To that end, Ukraine has built another mini ground-based drone for mine laying as well. This theory may come to fruition. Either way, we are coming up on the muddy season, so there won’t be a lot of progress for the next several months until everything freezes solid again. But some pretty impressive videos are coming out of Kursk as US-made Bradley and M1A1 Abrams’ main battle tanks roll through Kursk. That is Western Armor on Russian soil. Think about that for a second.

“Ukrainian UGV”

Let’s talk about Russia’s economy, which is now flirting with stagflation—high inflation combined with slow growth. It's a perfect storm of disaster as war funds overheat the economy, and nothing remains to keep the ship steady. Even after raising interest rates to 19%, they can’t escape this tailspin. Production has already hit its ceiling, and there’s practically no one left to work, with unemployment hovering around 2%. Not to mention, Russia is losing over 1,200 soldiers a day, and mobilizing more would be about as popular as a root canal at this point. That said, at least until Kursk, Putin has earned himself, one way or another, a rather impressive popularity.

In southern Kherson, Russian forces blew up the bridge outside Oleshky, probably to slow down an incoming Ukrainian offensive. Over in Lipetsk, Russian cities are starting to feel the heat with UAV attacks sending air raid sirens blaring. Factories are no longer paying coal miners and haven’t for months, and the factory’s debts to water and power companies are so high they can’t meet safety requirements. So all this, combined with things like Kursk and assassinations on Russian soil, like the one of a Russian Air Force Tu-22M3 bomber pilot, Dmitry Golenkov (more of the gory details here), might be making people re-think Putin’s popularity rating. The theme is clear - Putin cannot protect us. Oh, yeah, and Russia is not even paying soldier’s families who die in Kursk due to a contract technicality. That’s not going to fly. 📉

“the bridge sitting outside the settlement of Oleshky, southern Kherson”

Speaking of soldiers, Russia is bringing in 12,000 North Korean troops to Kursk, dressed up as locals—literally. They’re apparently wearing Sakha and Buryatia uniforms to blend in. Of course, the Ukrainians did a little demoralization exercise. They dropped some drones on a Russian base in Oryol , where the North Koreans were supposedly housed - a nice appetizer for what’s to come. The plan is to free up Russian forces to be sent deeper into Ukraine, where they’re running out of bodies.

“North Koreans in the Russian base in Oryol”

The Russians are running out of specialists because they are sending said specialists in with the proverbial meat waves instead of keeping them on task and performing the job they are trained to do. The losses are mounting for Russia, especially among their specialists—drone operators, sappers, machine gunners, you name it. A Russian mil blogger reported that these losses are having a cascading effect, reducing fire support and making their situation even worse.

“the loss of specialists means less fire support”

Meanwhile, an investigation has been opened into fraud related to building border defenses in the Kursk region. Apparently, of the 12 billion rubles allocated, officials and contractors likely pocketed a significant chunk. Classic case of war profiteering, but with a hint of treason.

“possible fraud on a massive scale in the building of border defenses in the Kursk region”

To wrap up on Russia-Ukraine, a key military factory producing microelectronics for Pantsir air defense systems and Iskander missiles halted operations after a Ukrainian drone strike. And also, a fire broke out at a rubber plant in Yefremovsky. That’s a massive blow to Russia’s defense capabilities, as these components are critical for their war machine.

“A key Russian military factory of microelectronics halts work.”

The last thing worth mentioning is that the NATO commander Christopher Cavoli had a sobering message. No matter what happens, good or bad, Russia will come out of the war with many lessons learned, which makes it more dangerous, not less, and more robust, not weaker, despite the losses. That means NATO will have a more vital aggressive force on their borders who will lick their wounds, learn whatever lessons need to be learned and be better prepared next time. I don’t know if he’s right, and I think some of the fundamental issues are actually with how Russia organizes itself, its culture, etc. So it is perhaps with a sigh of relief that Moldova has sided to become part of the EU by a slim margin despite purported Russian interference. So perhaps we’ll be lucky and find that oligarchs make bad war chiefs, no matter how many lessons they are have meant to learn.

“the Russian army will be stronger than it is today”

Now, let’s shift to the Middle East. There was an airstrike in southern Beirut, hitting a Hezbollah-linked building and also attacking the airport. In classic IDF fashion, there is one well-documented piece of footage where they level a building (more footage here); the attack was surgical - so much so that the people standing just across the road didn’t even get hit by debris. It was a well-watched event because there was a press meeting across the street at the time. After all, the Israelis said to evacuate it. Pretty incredible.

“Beirut airport area during the Air Force bombings”

The Israeli Defense Forces have even gone so far as to declassify intelligence showing where Hezbollah is storing hundreds of millions in gold and cash. It's like a treasure map, and Lebanon’s citizens are being told to help themselves. This is psychological warfare at its finest and hilarious. 🤣

“100s of millions of dollars in stored Hezbollah gold & cash.. 'go get it!”

Meanwhile, Iran barely missed assassinating Israeli Prime Minister Netanyahu. An Iranian drone targeted his weekend home, but Netanyahu wasn’t there. Let’s just say Tehran may want to start packing its bags because Israel doesn’t take kindly to assassination attempts. The Prime Minister didn’t seem rattled at all, which makes me think that there are likely a lot of attempts against his life, some much more public than others, that the public is unaware of.

“north facade of Netanyahu's Caesarea house, hit by an Iranian drone”

In domestic news, there’s been a severe intelligence leak from the Pentagon about Israel’s planned strikes on Iran. These classified documents have surfaced online, causing ripples in Washington. The U.S. is scrambling to figure out how this breach happened, with speculation it might’ve been another insider job similar to the one we saw earlier this year with Ukraine-related intel. So either this is real, or it’s not. Or it’s real and no big deal or not. Or it’s a big deal, and it was intentional or not. Honestly, there are too many factors to know for sure, but it smells weird. It also may be IRGC troops that did it, not an insider, but currently, Ariane Tabatabai is the main suspect. But it does give Israel enough air cover to plausibly explain why they never want to share their plans with the West again. And there may be more leaks to be announced.

“the documents, classified "Top Secret," were published online on October 18”

Yelp had to disable McDonald’s reviews due to an army of disgruntled people leaving 1-star reviews after Trump did a hilarious photo-op there. His point was that he doesn’t believe that Kalmala ever worked there - another in a long string of lies and that he has worked there longer than she has. Opponents completely miss the point and argue that he hasn’t worked there and is spreading fake news. You can almost picture the joke soaring high above their heads. As one of my readers said, his role in Home Alone 2 was also staged. Any bets on how many people dress up as McDonalds employees for Halloween? 🍔 🍟

“McDonald’s Joke”

Lastly and briefly onto the tech world, where someone has managed to inject an LLM into a SQL querying system. So, you can embed prompts into your SQL query and get responses back as columns of data. Very cool. I can see lots of use cases for summarization and classifications there. Of course, it will hallucinate and get things wrong, so be wary. For instance, even the example given asks to summarize the articles in five words, and “Civil suits may target artists’ responsibility” is six words. Buyer beware.

“summarize the review in 5 words”

Okay, onto the articles!

Geopolitical

Outer space threats are escalating, with China developing counterspace weapons aimed at disabling US satellites, which poses a direct challenge to US military operations. Russia is also advancing its space warfare capabilities by developing kinetic anti-satellite weapons and a satellite equipped with a nuclear device, likely intending to disrupt US satellite networks through high radiation zones.

China is advancing its space weapon capabilities targeting US satellites.
Russia is developing nuclear anti-satellite weapons to enhance its military tactics.

[RSnake: We have to be very careful of this because it can cause a Kessler Synrome/catastrophe if we start getting too much space debris. I have heard rumors there is still high-velocity dust flying around the moon from the time we landed there, and it likely will be a very very long time before it de-orbits. Now imagine billions of small fragments of space vehicles flying by at times the speed of sound and trying to keep satellites up and functioning without any way to de-orbit the debris. As much as I love GSM and space-based communication it is highly fragile with weapons there and various random junk that can hit other junk and turn into millions of little pieces of junk heading in many directions very quickly.]

Source: https://www.geopoliticalmonitor.com/?p=45816

Russian forces launched a drone attack on Sumy, Ukraine, killing three civilians, including a 14-year-old girl, and prompting air defense responses across multiple regions.

Russian forces conducted a large-scale drone attack against Ukraine overnight on October 22, resulting in civilian casualties in Sumy Oblast.
Ukraine's Air Force reported intercepting 42 drones across eight oblasts, with the majority being shot down over Sumy Oblast.

[RSnake: The problem with a lot of these drone attacks is that they simply aren’t targeted at all. They have general coordinates they want to reach, but the chances of them hitting those exact coordinates aren’t that high in a jammed environment without a lot of other things like AI-assisted flight, etc.]

Source: https://euromaidanpress.com/?p=299746

A Pentagon employee, Ariane Tabatabai, suspected of leaking retaliation plans to Iran has a top-secret clearance that grants her access to highly classified information. The US government is investigating the leak, and Congress has been informed. The leaked documents appear to be authentic and indicate Israel's plans to attack Iran in response to a massive Iranian ballistic missile attack.

Ariane Tabatabai, an Iranian-American scholar, is suspected of leaking top-secret documents to Iran.
The leaked documents suggest Israel plans to launch a military attack in response to an Iranian ballistic missile attack.

[RSnake: Now, how did someone with such close ties to Iran end up in the Pentagon? Diversity is not our strength. We need tight controls on who has access to top-secret communications.]

Source: https://www.jewishpress.com/?p=712795

A decentralized online activist group, North Atlantic Fella Organization (NAFO), has raised millions to send critical equipment, including drones and weapons, to Ukrainian forces fighting against Russia. Their innovative fundraising efforts have provided vital resources directly to the front lines as the conflict continues to escalate.

NAFO has raised nearly $1 million for Ukrainian military equipment since its inception.
The group has funded thousands of drones and vehicles critical to the ongoing war effort.

[RSnake: I have really enjoyed reading a lot of these people’s tweets online. They’re doing a solid job, not just in fundraising, but in spreading news of what is happening in country.]

Source: https://www.wired.com/story/nafo-ukraine-russia-war/

The ongoing Russo-Ukrainian war continues to escalate, with Ukraine seeking NATO membership as a means to ensure long-term security against authoritarian regimes. The conflict has been intensified by the formation of alliances among countries like Russia, China, and North Korea, posing broader threats to global democracy. Amid the protracted war, both Ukraine and its allies are urged to rethink their strategies in response to evolving challenges in warfare and geopolitical dynamics.

Ukraine calls for NATO membership to secure its future amid ongoing conflict.
A new alliance between Russia, China, and North Korea complicates global security efforts.

[RSnake: They have been asking for this since the very earliest days of the war and even before. It is one of the reasons this whole conflict kicked off. Russia is loathe to have NATO countries on its border.]

Source: https://euromaidanpress.com/?p=299193

North Korea is deploying around 11,000 troops to eastern Russia for potential combat operations in Ukraine starting from November, marking North Korea's first direct military intervention in a European war.

North Korean troops are being deployed to eastern Russia for potential combat operations in Ukraine starting from November.
This deployment marks North Korea's first direct military intervention in a European war.

[RSnake: 11k or 12k. I’ve heard both numbers. I have to think this opens up Pyongyang to direct conflict though - I’m not sure they want that.]

Source: https://euromaidanpress.com/?p=299100

Elon Musk's influence over the federal government is extraordinary, and extraordinarily lucrative. He has $15.4 billion in government contracts over the past decade. His companies are facing numerous investigations and fines from all corners of the government.

Elon Musk's rocket company, SpaceX, effectively dictates NASA’s rocket launch schedule.
The Defense Department relies on him to get most of its satellites into orbit.

[RSnake: Not just fines, but outright blocking of permits by NIMBYs in California. And not for any environmental reasons, but for reasons of his tweets. Censorship of a different kind.]

Source: https://www.nytimes.com/2024/10/20/us/politics/elon-musk-federal-agencies-contracts.html

Environmental disaster victims in Brazil are suing BHP for $47 billion over the collapse of a dam that polluted a major waterway, killing 19 people and devastating local communities. The case seeks compensation for damages to the environment, businesses, municipal governments, and indigenous tribes. A settlement has been proposed, but some claim it's too little, too late.

BHP was sued by Brazil over environmental damage caused by a dam collapse in 2015.
The lawsuit seeks $47 billion in damages for the destruction of a village and the pollution of a major waterway.

Source: https://www.fastcompany.com/91213595/brazil-krenak-environmental-disaster-victims-sue-bhp

The United States is experiencing a rising trend of domestic unrest, characterized by increasing tensions between the government and segments of the population. A significant militarization of law enforcement agencies and a push from the government to intervene in civil matters may indicate a shift towards more authoritarian practices in response to civil dissent and perceived threats among citizens.

The U.S. government is increasing military presence in domestic policing, which poses risks to civil liberties.
Ongoing civil unrest is being exacerbated by political polarization and government responses, which may lead to an escalation of authoritarian measures.

[RSnake: I spent the other day digging into a thread of libertarian memes, and it was pretty impressive the anti-government rhetoric that is brewing amongst some circles.]

Source: https://www.zerohedge.com/political/danger-real-deep-states-plot-destabilize-nation-working

Technology

SpaceX has successfully advanced its Starship program, demonstrating the potential for full reusability of space launchers. This development could significantly reduce the cost of launching payloads into space, enabling more frequent missions and the possibility of establishing a human presence on the Moon and Mars, as well as fostering an in-space economy.

SpaceX's Starship program aims to achieve full reusability, potentially revolutionizing access to space.
Lower launch costs could support NASA's Artemis program and enable new commercial space initiatives.

Source:https://www.realcleardefense.com/articles/2024/10/19/the_starship_revolution_in_space_1066297.html

NASA is developing optical communication technology using lasers for data transmission from deep space, which is significantly faster and can carry more information than traditional radio waves. The Deep Space Optical Communications (DSOC) experiment has successfully transmitted data over vast distances, such as sending a video from nearly 10 million miles away, demonstrating a potential future for higher data-rate communications with spacecraft, including those on missions to Mars and beyond.

NASA's DSOC experiment aims to achieve data transmission rates 10 to 100 times greater than current radio frequency systems.
Laser communication technology may be integrated into future missions, possibly within the next decade.

[RSnake: It also has the advantage of being very difficult to disrupt through typical EM jamming techniques. It’s also harder to “see” through typical passive radio receiver means.]

Source: https://gizmodo.com/?p=2000513614

Anthropic has introduced upgraded AI models, Claude 3.5 Sonnet and Claude 3.5 Haiku, enhancing performance in coding and tool use. Noteworthy features include a new capability allowing developers to direct AI to use computers like humans, with promising early feedback from companies exploring automation and workflow improvements.

Claude 3.5 Sonnet shows significant improvements in coding tasks and tool use performance.
The new computer use capability allows AI to interact with computer interfaces, opening possibilities for automation.

[RSnake: I have seen this a few times in a few ways, but hopefully, it is getting better. I use AI-pair programming a lot, and it is very helpful, but I never correct it out of the box. It still requires human intervention. So I see it as a useful tool to remove AI from a system as much as possible, not to introduce more AI into a system, if that makes sense. AI is expensive, slow, and error-prone - not to mention biased and possibly a copyright/trademark hellscape. So using it to build automated systems that don’t use AI makes tons of sense to me.]

Source: https://www.anthropic.com/news/3-5-models-and-computer-use

Federal regulators in the U.S. have approved electric vertical takeoff and landing (eVTOL) aircraft to operate in shared airspace, marking a significant development for the air taxi industry. This new ruling from the Federal Aviation Administration (FAA) introduces guidelines for pilot training and operational rules tailored for eVTOL vehicles, paving the way for widespread Advanced Air Mobility in the future.

The FAA has introduced a new category of powered-lift aircraft, the first in nearly 80 years, allowing for urban air taxi networks.
Startups like Joby and Archer are developing eVTOL aircraft and have worked with the FAA to meet safety and operational standards.

[RSnake: Hey, maybe we’ll see air-taxies in my lifetime. That would be cool. Still not holding my breath. Popular Mechanics and Popular Science was way way too early, even now decades after their flying car editions first came out.]

Source: https://techcrunch.com/?p=2903394

A petition signed by 11,500 individuals, including notable figures, opposes the unlicensed use of creative works for training generative AI, emphasizing the economic threat to artists. Lawmakers are considering regulatory responses to data scraping for AI development, with discussions of an 'opt out' model in the U.K. underway.

A large petition has been created against the unlicensed use of creative works for AI training.
Lawmakers in the U.K. are considering regulations regarding data scraping for AI projects.

[RSnake: I think Meta is right - basically, this ensures that zero serious AI companies will be working in the EU, and they will all continue to build wherever the regulations are best suited. For now, that is the United States if we don’t mess it up. As James McHenry wrote, a lady asked Dr. Benjamin Franklin. “Well Doctor, what have we got a republic or a monarchy?” where he replied, “A republic if you can keep it.” We now have a flourishing AI community - if we can keep it. If we add censorship, force licensing, or censure/militarize it, it will leave. Just look at the UK for proof.]

Source: https://techcrunch.com/?p=2903102

There are ongoing efforts to improve Fire and Smoke Detection (FSD) technology through the development of a standardized dataset for more accurate evaluations. The current training datasets lack uniformity and comprehensiveness, which pose challenges in advancing FSD technology. The new initiative aims to create a more reliable research platform that closely resembles real-life scenarios to facilitate technology breakthroughs.

Existing datasets for Fire and Smoke Detection have irregularities that hinder technological advancement.
A new initiative plans to create a comprehensive and standardized benchmark for FSD research.

Source: https://arxiv.org/abs/2410.16631

Cybersecurity

A critical zero-day vulnerability in FortiManager, a network management tool, allows remote code execution and has been actively exploited by attackers, including potential state-sponsored actors. The vendor, Fortinet, has not issued any public advisories or specific information concerning the vulnerability, leaving customers without adequate guidance on how to protect their systems.

A zero-day vulnerability in FortiManager has been under active exploitation, permitting remote code execution.
Fortinet has not disclosed details about the vulnerability or released advisories, complicating defensive measures for affected customers.

[RSnake: More on this Fortinet mess. They really are hurting right now.]

Source: https://arstechnica.com/security/2024/10/fortinet-stays-mum-on-critical-0-day-reportedly-under-active-exploitation/

A database containing over 115,000 files from the United Nations Trust Fund to End Violence Against Women was found to be publicly accessible, exposing sensitive information about funding and operations of organizations that aid vulnerable populations. The UN has since secured the database and is investigating the breach, which poses risks of exploitation for the individuals involved, as well as threats to the organizations supporting them.

The exposed database included personal details and financial information related to organizations working with at-risk communities.
The data breach could lead to targeted scams or actions against vulnerable individuals and civil society groups.

Source: https://www.wired.com/story/un-women-database-exposure/

Quantum technology poses a potential threat to the security of Bitcoin's transactions, as quantum devices capable of breaking current cryptographic systems may become available within the next decade. To mitigate this risk, it is crucial to transition to post-quantum cryptosystems, which would require significant downtime to implement, estimated at over 76 days. Immediate action is necessary to ensure the Bitcoin network's continued security against future quantum attacks.

The emergence of quantum devices could compromise Bitcoin's cryptographic security.
A transition to quantum-safe protocols is critical and should begin promptly to protect the Bitcoin network.

[RSnake: And if China’s statements are real, this is a very serious threat to that community. That said, if I were China and I found that Quantum was not real, I might say it is to force a huge amount of spending for no upside.]

Source: https://arxiv.org/abs/2410.16965

The Internet Archive has experienced a significant data breach where an estimated 7TB of data was stolen, including sensitive user information of 33 million users, due to exposed GitLab authentication tokens. Following the initial breach, the organization has faced criticism for not adequately securing its tokens and responding to threats, resulting in unauthorized access to their systems including Zendesk for customer support.

The Internet Archive was breached, leading to the theft of a large amount of user data.
The security incident involved exposed authentication tokens that allowed access to their systems and data.

[RSnake: We talked about this last time but this has a bit more information.]

Source: https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/

Brazilian authorities have arrested a 33-year-old hacker known as USDoD, accused of breaching the FBI's InfraGard program and leaking personal data. The suspect is wanted in connection with theft of data on Brazilian Federal Police officers. USDoD has been linked to recent high-profile data breaches.

USDoD is a prolific cybercriminal who infiltrated the FBI's InfraGard program and leaked contact information for 80,000 members in 2022.
USDoD has been linked to a recent breach at National Public Data, a private data broker that collected and sold SSNs and contact data for a significant slice of the American population.

Source: https://krebsonsecurity.com/?p=69246

A new proof-of-concept exploit has been released for a vulnerability in Microsoft's Remote Registry client, potentially allowing attackers to control Windows domains by relaying NTLM authentication to Active Directory services. This flaw affects various Windows server versions and OS iterations, enabling attackers to create unauthorized domain administrator accounts. Additionally, over 6,000 WordPress sites have been compromised to install malicious plugins designed to steal information.

A critical vulnerability (CVE-2024-43532) in Windows Server's Remote Registry could allow for NTLM relay attacks.
The exploit affects multiple versions of Windows Server and requires immediate attention from system administrators.
The compromise of over 6,000 WordPress sites indicates a widespread issue with cybersecurity and malware distribution.

Source: https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/

CISOs are struggling to detect breaches due to a lack of visibility into hybrid cloud infrastructure and data-in-motion, with 44% missing a breach in the past year despite global infosec spend reaching $215 billion by end-2024.

Global infosec spend is projected to reach $215 billion by end-2024 but CISOs are still struggling to detect breaches due to a lack of visibility into hybrid cloud infrastructure and data-in-motion.
CISOs reported missing a data breach in the past 12 months with existing tools, with hybrid cloud infrastructure and data-in-motion being top concerns.

[RSnake: There is a lot of spending in this area. But it’s unsurprising that there is a lack of visibility. None of that was designed to give them good logging. All of it feels bolted on after the fact.]

Source: https://www.darkreading.com/cloud-security/cisos-throwing-cash-tools-detect-breaches

Supply chain attacks are increasingly threatening organizations due to their interconnected digital environments, necessitating a shift from traditional vendor risk management to more proactive, continuous security measures. Organizations are encouraged to adopt real-time monitoring, leverage blockchain for transparency, and implement dynamic access controls to enhance their cybersecurity frameworks.

Cybersecurity professionals need to transition from static assessments to continuous monitoring of vendor security postures.
Implementing blockchain technology can increase transparency and traceability within supply chains.
Adopting a zero-trust model for vendor access can mitigate risks associated with compromised accounts.

[RSnake: Anyone want a pager? I hear there are some cheap ones coming out of Israel. Supply chain issues are everywhere. The first time we find some trace explosives coming out of China, though, would likely end all US commerce with China. So, I don’t want to lose track of how fast this supply chain issue could evolve. Imagine if we found out all TVs had built-in explosives. Or what about exploits that can be triggered at any time built into IoT devices all over the United States?]

Source: https://www.darkreading.com/cyber-risk/supply-chain-cybersecurity-traditional-vendor-risk-management

China has developed a comprehensive ecosystem for capture-the-flag (CTF) hacking competitions, significantly supported by various government ministries, resulting in numerous annual events that attract tens of thousands of participants. These competitions serve as platforms for talent identification, skill enhancement, and innovation in cybersecurity, complemented by coordination with private-sector initiatives.

China hosts between 45 to 56 CTF competitions annually, with significant government and industry involvement.
Competitions are used to spot and recruit cybersecurity talent, fostering innovation and community among participants.

Source: https://www.atlanticcouncil.org/?p=799964

NIST has published a draft of SP 800-131A Rev. 3, which provides guidance on the transition to stronger cryptographic algorithms and key lengths. It proposes the retirement of certain outdated algorithms and outlines a schedule for adopting enhanced security measures, including quantum-resistant technologies.

NIST is updating cryptographic standards to enhance security practices.
The draft suggests retiring obsolete algorithms like SHA-1 and ECB.

[RSnake: About time - but this is a pretty massive forklift upgrade.]

Source: https://csrc.nist.gov/pubs/sp/800/131/a/r3/ipd

The Akira ransomware group is transitioning to a new C++-based encryptor, resuming its double-extortion tactics after previously focusing solely on data exfiltration. The group has shown adaptability in its strategies and is likely to continue targeting vulnerabilities in VMware and Linux systems throughout 2024, reflecting a broader trend in the ransomware landscape.

Akira ransomware group is changing tactics by using a new encryptor and returning to double-extortion.
The group is exploiting vulnerabilities in VMware and Linux environments, posing a threat to enterprise infrastructure.

Source: https://www.vulnu.com/p/new-akira-ransomware-samples-point-to-further-evolution

A critical zero-day vulnerability, tracked as CVE-2024-44068, has been discovered in Samsung mobile processors and is currently being exploited to execute arbitrary code. The vulnerability has a CVSS score of 8.1 and affects multiple Samsung processor models, leading to privilege escalation through a use-after-free bug.

A zero-day vulnerability in Samsung's mobile processors allows for arbitrary code execution.
The exploit has a high CVSS score of 8.1, indicating its severity and potential impact.

Source: https://www.darkreading.com/endpoint-security/samsung-zero-day-vuln-under-active-exploit-google-warns

Nearly 75% of US Senate campaign websites lack DMARC protections, leaving them vulnerable to phishing and spoofing attacks.

Without DMARC protections, campaigns are susceptible to phishing, domain spoofing, and impersonation attacks, which could lead to compromised voter information, donor data, and strategic campaign plans.
The lack of DMARC protections could further erode public trust in US elections, an issue that has become increasingly prominent in the past few years.

[RSnake: Yep - an age-old problem. I remember when we had a worm running on the congressional mail server. It’s a mess. The government is just as broken, if not more, than most enterprises.]

Source: https://www.darkreading.com/cyber-risk/most-us-political-campaigns-lack-dmarc-email-protection

A new malware campaign named ClickFix has infected over 6,000 WordPress sites in a single day, utilizing fake plug-ins that appear legitimate but deliver malicious payloads. Attackers are leveraging stolen admin credentials to distribute this malware, which tricks users into thinking they are updating their browsers, ultimately compromising their systems with various types of information stealers.

ClickFix malware campaign infected more than 6,000 WordPress sites using fake plug-ins.
Attackers used stolen admin credentials to gain access to compromised websites for malware distribution.

Source: https://www.darkreading.com/endpoint-security/swarms-fake-wordpress-plug-ins-infect-sites-infostealers

Business

A large legal action has been initiated against BHP Group in the UK by around 620,000 individuals, businesses, and communities affected by the Fundao dam collapse in Brazil in 2015, which resulted in significant environmental damage and loss of life. The lawsuit seeks approximately $47 billion in compensation, potentially making it the largest environmental payout in history. Concurrently, BHP is negotiating a separate settlement in Brazil for $31.7 billion related to the disaster, but claims that the UK lawsuit is redundant.

Around 620,000 people are suing BHP for $47 billion following a 2015 environmental disaster.
BHP is facing scrutiny over its role in the collapse of the Fundao dam, which resulted in significant human and ecological damage.

[RSnake: I get it, and agree with their concerns to make sure that these types of projects are taken more seriously by the companies. But I think in practice what will happen is that much smaller shell companies will be used in the future, so lawsuits will take place against the shells that can go bankrupt and shut down without any impact on the parent.]

Source: https://www.fastcompany.com/91213595/brazil-krenak-environmental-disaster-victims-sue-bhp

Social media platform X, previously known as Twitter, is experiencing a decline in user numbers and advertising revenue, which has led some users to migrate to alternative platforms like Bluesky and Threads. The challenges of moderating content effectively continue to impact X, while competitors are exploring new business models amidst a landscape increasingly diverse in social media options.

X has seen significant user losses and plummeting advertising revenue.
Competitors like Bluesky and Threads are trying to capture the market left by disillusioned X users.

[RSnake: Threads. Lol. While that might be true to some extent, I think what is really happening is we are seeing a fracturing of users. People who prefer open/free speech and those who need censorship to keep their worldview intact. What has really happened is that community notes has more or less made it very difficult to lie without being called out for it. That is not censorship - you can say whatever you like.]

Source: https://thenextweb.com/news/decline-of-x-opportunity-social-media-safe-profitable-challenge

Lockheed Martin is facing significant financial losses due to contract delays and software issues with its F-35 fighter jets, estimated at hundreds of millions of dollars. The company expects to finalize a deal with the U.S. government for additional batches of F-35s soon, but production and deliveries have lagged behind typical expectations due to ongoing integration problems with the aircraft's technology upgrades.

Lockheed Martin's F-35 program is experiencing significant delays and financial repercussions.
The U.S. government is withholding payments related to the F-35 until the jets are combat-ready.

[RSnake: And yet it is the most successful fighter in modern history in terms of volumes produced. Something like 2x the rest of the fifth generation fighters combined, worldwide.]

Source: https://www.defensenews.com/air/2024/10/22/lockheed-feels-financial-pinch-from-f-35-upgrade-contract-delays/

Elon Musk's Starlink and Mukesh Ambani's Reliance Jio are competing for market share in India's satellite broadband industry, with India opting for administrative allocation of satellite spectrum instead of the auction model favored by Ambani. This competition is crucial as nearly 40% of India's population lacks internet access, and the outcome will significantly impact the future of internet connectivity in rural areas.

Elon Musk and Mukesh Ambani are in competition for India's satellite broadband market.
India is allocating satellite spectrum administratively, which could favor Starlink's entry.
The competition comes as a significant portion of India's population still lacks internet access.

[RSnake: I really do hope we don’t end up with only one. Not that I dislike Musk or Starlink, but competition is always good.]

Source: https://www.bbc.com/news/articles/ce3z3ydwdppo

Social Security funding faces potential insolvency issues depending on the presidential plans of Donald Trump and Kamala Harris. An analysis indicates that Trump's proposed tax cuts and policy changes could exacerbate funding shortfalls, while Harris's approach would still lead to the trust fund running out of money in nine years. Both candidates face the challenge of addressing these funding issues amidst their campaigns.

Trump's plan may accelerate the depletion of Social Security funds due to proposed tax changes.
Harris's plan would still lead to significant reductions in benefits by 2033.

[RSnake: I hope you weren’t planning on using Social Security as your safety net. Though this warning always seems to come every few years, and Congress finds a way to borrow from our children’s endowments and kicks the can down the road.]

Source: https://abcnews.go.com/Politics/social-security-solvent-trump-harris/story?id=115036509

A.P. Moller-Maersk A/S has increased its full-year profit guidance four times in less than six months due to stronger demand and higher freight rates, largely influenced by supply chain disruptions from conflicts in the Red Sea. The company now anticipates underlying earnings before interest, tax, depreciation, and amortization to be between $11 billion and $11.5 billion, which is higher than previous forecasts as the ongoing conflict impacts global shipping routes.

Maersk updates profit outlook due to supply chain disruptions.
Red Sea conflict affects shipping rates and routes.

[RSnake: I honestly think this will only get worse, unfortunately.]

Source: https://www.supplychainbrain.com/articles/40532-maersk-raises-guidance-again-as-red-sea-attacks-boost-rates

Furno, a cement startup, has received a $20 million grant from the Department of Energy to build low-carbon micro-kilns in Chicago, addressing high transportation costs associated with cement production. The project aims to reduce pollution by utilizing biogas and recycled materials, creating jobs in the process and potentially reshaping the cement industry, known for its significant carbon emissions.

Furno is establishing up to eight micro-kilns to produce cement locally in Chicago.
The project aims to significantly reduce the carbon footprint of cement production.
The initiative will create over 80 jobs, addressing employment needs in areas affected by coal plant closures.

Source: https://techcrunch.com/?p=2903361

A new method for forecasting volatility in financial markets has been proposed using Graph Neural Networks (GNNs), specifically a Temporal Graph Attention Network (Temporal GAT). This model demonstrates improved accuracy in predicting market behaviors compared to traditional methods, suggesting its potential utility for financial analysis and investment decision-making.

Introducing a novel approach using Graph Neural Networks to model volatility in financial markets.
Empirical analysis indicates that the new model outperforms traditional volatility prediction methods.

Source: https://arxiv.org/abs/2410.16858

Europe's major companies, which have traditionally been less tech-oriented compared to their American counterparts, are starting to embrace artificial intelligence (AI) to enhance productivity and stay competitive. However, there are significant challenges, including regulatory hurdles and a lag in technology adoption compared to the U.S., which might hinder their growth in the fast-evolving AI landscape.

European companies are recognizing the potential of AI for improving efficiency and productivity.
There is a growing disparity between U.S. and European companies in leveraging AI technology.

[RSnake: No, they aren’t. This is absolutely incorrect. Or if they will embrace it they will lose due to that regulation. The best way to think of this is if you had to cut out the parts of your head that could picture anything that had been copyrighted or was violent, or about sex or drugs, etc… what would be left of your mind? That is what AI will be like coming out of the EU. Lobotomized.]

Source: https://fortune.com/europe/2024/10/22/europes-fortune-500-embracing-ai/

The price of gold has surged approximately 40% over the past year, reaching record highs despite fluctuations in economic factors such as interest rates and inflation. This increase is being driven by foreign central bank purchases and a shift among countries seeking alternatives to the dollar-based financial system, reflecting a growing loss of confidence in America's management of global order and geopolitical dynamics influencing international trade. The ongoing changes could potentially fragment the global financial system and reduce the international influence of the US dollar.

Gold price has increased from $1,947 to $2,715 in the past year.
Foreign central banks are diversifying away from dollar dominance.
Changes in gold's price reflect broader geopolitical shifts and economic behavior.

[RSnake: For those buying gold this year, just be careful you don’t buy at the peak. We might see some stabilization after the election after fears are mitigated either way. We also might see capital freeing up again too. Hard to say though - talk to your CPA.]

Source: https://www.ft.com/content/b5fb1e6b-bb8d-4ab5-9c92-f1f6fc40a54b

Spirit AeroSystems, a major supplier for Boeing, is set to furlough 700 employees for 21 days amid an ongoing strike by Boeing workers which has halted production of key aircraft models. The strike has led to significant financial losses for Spirit Aero, which has already scaled back its production capacity and warned that further layoffs could occur if the strike continues beyond November.

700 employees at Spirit AeroSystems will be furloughed due to a strike affecting Boeing's production.
Spirit Aero has warned of possible further layoffs if the strike persists beyond November.

[RSnake: The downfall of Boeing is affecting their partners too. Makes sense, but ouch, that’s not great. 👎️ ]

Source: https://www.aljazeera.com/economy/2024/10/18/hit-by-boeing-strike-supplier-spirit-aero-to-furlough-700-employees?traffic_source=rss

China's economy is experiencing a slowdown, with GDP growth in the third quarter falling to 4.6%, below the government's target of around 5%. In response, the government is implementing stimulus measures to boost growth, particularly in the struggling property sector, which continues to hinder overall economic performance.

China's GDP growth fell to 4.6% in Q3, below the government target.
The government is deploying massive stimulus measures to address economic challenges, especially in the property sector.

[RSnake: If you are President Xi and you can see all indicators in the red, when do you think the time to strike Taiwan is? After the markets crumble, or at their absolute peak?]

Source: https://www.bbc.com/news/articles/crr54x00857o

Microsoft is negotiating significant equity in the restructured, for-profit version of OpenAI, which it has invested nearly $14 billion into. As OpenAI transitions to a public-benefit corporation with a nonprofit component, it is facing important governance discussions, particularly concerning Microsoft's rights and employee concerns.

Microsoft may obtain substantial equity in restructured OpenAI.
OpenAI is transitioning to a for-profit model while retaining some nonprofit elements.

[RSnake: I am not betting on OpenAI. I think true open AI (small o as in not-closed source and with full data sovereignty) will win.]

Source: https://techcrunch.com/?p=290122

Thanks so much for reading, and once again, please forward this newsletter to anyone you think should be reading it. It’s how the newsletter grows, how I know you love it, and encourages me to keep going. I’d really appreciate it!