China signals tech crackdown will deepen
Along with chip supply chain woes and the ongoing ransomware deluge, the crackdown on big tech in China has been one of the major stories we’ve covered in 2021. A new statement issued by China’s State Council indicates that this will not slow down any time soon, saying it will “actively” work on legislation across national security, technological innovation, and anti-monopoly to provide the legal framework “much-needed for governing the country.” The statement calls for guidelines through 2025 to produce legal frameworks around the digital economy, Internet finance, artificial intelligence and big data and cloud computing.
Poly Network hacker has a change of heart
Yesterday we reported on the hack of the decentralized finance platform Poly Network, which saw over $600 million worth of crypto assets stolen. The attacker seems to have had a change of heart and is in the process of returning the stolen tokens. The Block reports at least $254 million worth of assets has been returned. Why the change of heart? Well the security researchers at Slowmist reportedly were able to trace the culprit’s email, an IP address and the Chinese cryptocurrency exchange used to move the assets. The attacker indicated in crypto transaction with the refunds that “[t]he hacker is ready to surrender.”
PrintNightmare finally patched for good
The PrintNightmare saga appears to be at an end. The vulnerability was accidentally disclosed too early by security researchers, then Microsoft issued an emergency patch that was quickly found to be incomplete. Now Microsoft released an update for Windows 10 that requires people to have administrative privileges to install printer drivers with the Point and Print feature as a further fix for the PrintNightmare vulnerability. According to Microsoft “the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks.”
NortonLifeLock to merge with Avast
We previously reported on the rumors of the merger, but the anti-virus giant confirmed the merger is going through. The deal is expected to be worth between $8.1 billion and $8.6 billion. In a statement, the companies hope to create a “new, industry-leading consumer Cyber Safety business” from the merger, with an existing user base of over 500 million customers. NortonLifeLock was spun out from Symantec as part of Broadcom’s acquisition of the company in 2019.
Thanks to our episode sponsor, Sotero
Apple drops lawsuit against virtualized iOS security company
Apple sued the security company Corellium in 2019, claiming its virtualized iOS device aimed at security researchers violated its copyright. Court records show Apple settled its lawsuit with the company, which had been scheduled to go to trial on August 16th. Many in the security community predicted that years of costly litigation for Corellium would have a chilling effect on similar independent security research. Terms of the deal were not disclosed but Corellium did confirm its virtualized iOS offering will remain available. Court records also show that Apple tried to acquire Corellium in 2018, but was turned down by the company.
New OpenAI tool can program based on natural language
OpenAi released a new software tool called Codex, which can be used to build simple websites and rudimentary games using natural language, translate between programming languages, and process data science queries. For example a user could input “create a webpage with a menu on the side and title at the top,” and Codex would generate the required code. The tool is based on its GPT-3 language model, but trained specifically on scraped open-source code repositories. An early version of Codex was used to create Copilot for GitHub, which effectively serves as an autocomplete for code. Codex is initially being released as a free API, there’s currently a waitlist, and the company plans to eventually charge for access.
Signal makes disappearing messages a default
The privacy-focused messaging app Signal has long supported disappearing messages, able to automatically delete based on a user’s preferred timetable. However, this setting had to be applied on a chat-by-chat basis. The app’s most recent update now lets users specify disappearing messages as a default across all messages, with a universal default timer when messages will be deleted.
Accenture hit with ransomware
The IT consultancy giant has reportedly been hit by the operators of the LockBit ransomware. We reported on this group last week for their new recruitment efforts, targeting company insiders, seemingly focusing on IT consultants. The LockBit operators claim they will release a 6TB trove of data from Accenture on August 11th if not paid a $50 million ransom, although they have shown no proof of what data they have obtained. Accenture confirmed it detected a recent attack, but said it restored from backups without any issue to its or its clients’ systems.