China’s new salvo in TikTok war means restrictions on AI technology exports

New restrictions, unveiled Friday by China’s ministries in charge of commerce, science and technology, restrict technologies such as text analysis, content recommendation, speech modeling and voice-recognition from being exported without a license from local commerce authorities. This threatens to complicate relationships between TikTok owner ByteDance and potential buyers. Providing updated algorithms to overseas firms is recognized as a form of technology export, and this latest move will cause added friction for interested parties who now include Microsoft, Oracle, and Wal-Mart. 

(Wall Street Journal)

Slack fixes ‘critical’ vulnerability that left desktop app users open to attack

The critical vulnerability  exposed desktop app users to an exploit that allowed “remote code execution,” giving access to private files, keys, passwords, secrets, internal network access, and conversations within Slack. This exploit could also have become wormable, allowing a single attack to spread to other Slack member accounts. The bug was not discovered by Slack’s own internal security team but by an independent security researcher who reported it through the bug bounty platform HackerOne in January. The researcher was paid $1,750. 

(Mashable)

Cisco engineer resigns then destroys WebEx accounts and virtual machines

A former Cisco employee pleaded guilty recently to accessing Cisco’s cloud infrastructure, hosted on Amazon Web Services, five months after resigning. His actions shut down more than 16,000 WebEx Teams accounts for two weeks and deleted 456 virtual machines. Cisco was forced to spend more than $2,400,000 in customer refunds and employee time to restore the damage. According to a statement from Cisco, no customer information was lost or compromised, and additional safeguards have since been implemented. The former employee faces five years imprisonment, a $250,000 fine, and deportation.

(BleepingComputer)

Apple is creating its own search engine to bypass Google

An increase in job announcements for search engineers combined with its Spotlight Search product bypassing Google Search results within iOS 14 beta hint that Apple may be pulling away from Google to create its own search engine. Industry speculation abounds that Apple’s new search engine may also act as a personalized data hub similar to Google Assistant on Android devices, using artificial intelligence and machine learning to return search results based on the iOS user’s contacts, email and other stored data.

(Gadgets360)

Thanks to our sponsor, Trusona

Trusona enables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers — making it the most cost-effective and user-friendly to deploy.

Xiaomi brings under-screen cameras to its smartphones next year

A possible solution to the annoying habit of people in videoconferences looking down at the screen rather than directly at their conversation partner might have been solved. Chinese electronics company Xiaomi – though not the first to develop this technology, promises to bring it to market next year. According to its own blog, their pixel arrangement allows the screen to pass light through the gap area of sub-pixels, allowing each single pixel to retain a complete RGB subpixel layout without sacrificing density.

(TechCrunch)

Iranian hackers pose as journalists to trick victims into installing malware

An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. In a watering hole-style attack, the “Charming Kitten” APT group invited the academics to speak at a fictitious online webinar, after which they requested to move the conversation to WhatsApp or through a fake LinkedIn profile and even phone conversations were included, as part of a series of elaborate social engineering attacks dating back to 2014.

(The Hacker News)

Facebook tests linking members accounts to news subscriptions

News readers frustrated by paywalls might find relief in Facebook’s potential new solution that links subscribers to a news publisher through to their Facebook account. Once linked, paywalls will be bypassed. News outlets like The Atlanta Journal-Constitution that have been testing this solution have already recorded a significant increase in article clicks and follows. This represents a shift for Facebook which has traditionally focused on its own Facebook News tab.

(TechCrunch)

Fortnite credentials fetch big bucks on the dark web

Despite its ongoing battles with Apple, cybercriminals are busy exploiting Fortnite, with stolen data fetching high prices on the dark web and other underground web forums. Hackers use automated software that can check for stolen credentials to determine whether these match up with those used by Fortnite gamers. Some hackers can scan up to 500 accounts per second. Once these details are matched, they are then sold on the dark web and other underground marketplaces with some prices reaching $10,000 and even $40,000.

(IT Security Guru)