Chinese threat actors breached Japan’s cybersecurity agency
Earlier this month, Japan’s National Center of Incident Readiness and Strategy, or NISC, disclosed a data breach exposed emails to a third-party. The Financial Times’ sources say the Japanese government believes China’s People’s Liberation Army orchestrated the attack. It’s believed the hack took place in October 2022, but not discovered until June. The NISC warned citizens of “suspicious phone calls and emails” claiming to come from the agency. In response to the attack, Japan plans to boost its cybersecurity budget 1000% over the next five years.
Human trafficking into cyber scams
A new report from the UN’s Office of the High Commissioner for Human Rights documented the scale of human trafficking operations that force people to run cyber scams. It found “credible sources” in Cambodia and Myanmar that over 200,000 people are involuntarily involved in these schemes. It also found evidence of the practice in East Africa, Egypt, Turkey, and Brazil. Often people become ensnared in these scams by accepting “job offers” in another country. Upon arrival, the traffickers keep employees in compounds and force them to work scams to “repay” so-called relocation costs. Victims that escape can often face prosecution in their home country for their “crimes” while imprisoned.
China set to approve first generative AI services
It might feel like we’ve hit a saturation point on news about generative AI. It seems like we’ve had months of wall to wall coverage on LLMs of late. But large parts of the world will soon get their first taste of this potential disruptive tech. Bloomberg’s sources say the Cyberspace Administration of China will soon approve a small number of firms to launch generative AI services to the public. The search giant Baidu will reportedly receive the first regulatory approval, announcing on WeChat it will launch its Enie Bot on August 31st. As part of new regulations in China, companies must pass a security review and file algorithms used for generative AI services.
VMware Aria vulnerable to authentication bypass
ProjectDiscovery Research published a report detailing the flaw, impacting all Aira 6 branch versions. The flaw opens the door for bypassing SSH to access endpoints, due to a lack of unique cryptographic key generation. VMware released patches and an updated 6.11 version to resolve the bug, but provided no immediate workarounds. Because of Aria’s market position, used for managing virtualized environments and hybrid clouds for large enterprises, VMware notes attackers will be quick to exploit the flaw.
Thanks to our sponsor, AppOmni
Cisco VPNs breached with brute force campaign
Security researchers at Rapid7 report that a campaign began targeting Cisco Adaptive Security Appliance VPNs with brute force and credential stuffing attacks. These attacks targeted appliances not requiring MFA. Researchers found the campaign began in March by the Akira ransomware group. Cisco researchers said many appliances lacked properly configured logging, making investigating the attacks challenging. It’s estimated 11 customers saw breaches over the last five months.
The slow response time of Meta’s Oversight Board
On Platformer, Casey Newton profiled the timeline for Meta’s Oversight Board to review a takedown decision regarding a post inciting violence by Cambodia’s prime minister Hun Sen. Meta reviewed the video when it posted in January. It decided to keep the video online under its “newsworthiness exception,” but referred it to the board for review. The board did not accept the case until two months later in March, releasing a decision to remove the most and suspend Hun Sen’s accounts in late-June. The video itself received over 600,000 views. Meta ultimately decided to remove the post but not suspend the accounts. Newton also noted that as of October, the board only accepted 3 cases for appeal out of hundreds of thousands.
Rackspace’s ransomware cleanup costs
Back in December, the cloud hosting company Rackspace experienced a ransomware attack, disrupting its email service to customers. The Play ransomware organization took credit, exploiting a Microsoft Exchange server zero-day. The company disclosed that it estimated the attack cost it $10.8 million in damages. This came from both costs in investigating and remediating the actual attack, as well as from multiple lawsuits from customers. The company expects significant reimbursement on these costs from cyber insurance policies. It’s disclose did not state whether it paid a ransom or not.
It’s not malware, it’s Microsoft!
Getting unexpected weird pop-ups generally indicates you’re either on a website that doesn’t respect its users, or you’re on a malware-infested machine. But it turns out, you might just be using Windows 11. Microsoft implemented a unique pop-up that sits outside of its notification center, encouraging Chrome users to change their default search to Bing. Adding to the spammy behaivor, the notification comes from a executable installed in the Windows temp folder. After users reported this as possible spam, or at least annoying, Microsot’s director of communications Caitlin Roulston told The Verge it paused the notification to investigate this “unintended behavior.”