Internet fragmentation, EU AI Act, Lazarus loves Log4Shell
US tries to avoid internet fragmentation
On Wednesday this week, White House national security and economic teams will meet with tech companies, labor activists and digital economy experts. These meetings will seek to cohere a US government policy over how to deal with the increase in global data flows across a variety of industries. Senior officials told Bloomberg that this won’t see the US back away from advocating for a free and open internet, but may see the administration make policy adjustments to account for national security and privacy concerns around AI. This comes after the US trade representative, Katherine Tai, withdrew a decades-old US trade position in October that supported unrestricted data flows across national borders.?
EU reaches agreement on AI Act
It’s the end of the year and the EU wanted to get some high-profile tech legislation off its plate. We saw last week it reached an agreement on the Cyber Resilience Act. Now the EU Council, Commission, and European Parliament reached an agreement on a draft of the AI Act. This places controls around so-called “foundational models,” requiring transparency and detailed summaries on training data. AI practices deemed “high-risk” will hold strict reporting and evaluation requirements. AI tasks with “unacceptable risk” will be outright banned. This includes things like social scoring systems and automated vulnerability exploitation. The draft exempts open source models and provides additional carve outs for law enforcement and military use cases. It also allows for fines of up to 7% of global turnover for violations.?
North Korea finds continued success with Log4Shell
Researchers at Cisco Talos announced that North Korea’s Lazarus group continued to use the Log4Shell vulnerability as part of its threat campaigns. This was used across Lazarus’ portfolio of hacking operations, used to deploy malware and dual-use tools. It was also used in a recently unearthed campaign by Lazuarus called Operation Blacksmith. This shows the sophistication of Lazarus’ operation, using three new malware families written in DLang and a pair of remote access trojans to target enterprises between March and September 2023. This campaign also showed overlap with recent North Korean attacks against JetBrains TeamCity server software disclosed in September.?
Apple breaks Beeper
Last week the multi-platform messaging app Beeper made news by offering a Beeper Mini Android app that interoperates with Apple’s iMessage without the need for a relay server. Other apps offering iMessage service on Android effectively use Mac hardware to route messages, opening up potential privacy issues. By December 8th, users reported this feature stopped working. In a statement Apple took credit for this, saying “We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage.” As of this morning, Beeper Mini reintroduced the feature, although now it requires an Apple ID rather than a linked phone number to use. Beeper also made the app free given what one could assume will be continued instability.?
领英推荐
Huge thanks to our sponsor, Barricade Cyber Solutions
BlackBerry cancels spinoff plans
The company appointed John Giamatteo as its new CEO. He previously served as president of BlackBerry’s cybersecurity business. With the move, the company announced it will no longer proceed with its previous plans to spin out its internet-of-things and cybersecurity units. This comes as part of another reorganization of the company. It says its in the final states of selecting a consulting firm to assist in these efforts.?
ALPHV site goes down
If you’ve been following our ransomware coverage, you know that ALPHV/BlackCat remains one of the most pernicious operators in the space. So it’s not surprising its being targeted by law enforcement. The threat intelligence firm RedSense reported that the leak site for the group is down, and that ALPHV members and other ransomware groups believe this comes from a law enforcement action. ALPHV publicly maintained the site came down due to an unspecified “hosting” issue, saying “everything will work soon.” Because this outage impacts the group’s ransomware affiliate customers, security researchers believe it could result in an exodus of customers for other ransomware-as-a-service operators.?
Kelvin Security leader arrested
Spanish police arrested one of the alleged leaders of this hacking group. Operating since 2013, researchers attributed over 300 cyberattacks across 90 organizations to Kelvin Security since 2020, hitting victims in the US, Japan, Chile, Italy, Spain, Germany, and Argentina. Spanish authorities arrested the alleged leader, a Venezuelan national, on December 7th. He’s tied to money laundering efforts for crypto obtained from selling stolen data. Authorities hope investigation of this threat actor will lead to the discovery of more operators in the group. Spanish police began investigating Kelvin in 2021.?
Europol warns of criminal Bluetooth tracker use
According to a new blog post by Europol, criminals increasingly use commodity Bluetooth trackers to geolocate illegal goods, notably cocaine. Law enforcement increasingly finds these trackers alongside narcotics shipments, often hidden in sea chests. Just like you might use these to track your luggage, criminals use them to monitor drug shipments once it gets on the road, where there are enough paired devices to continually ping locations. Europol said the cost, size, and battery life make them ideally suited drug traffickers.?