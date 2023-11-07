Good morning. It's Wednesday 8th November.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.



Have feedback? Let us know at icpc@aspi.org.au.

Follow us on Twitter and on LinkedIn.

A new program called Lantern aims to fight online child sexual exploitation and abuse with cross-platform signal sharing between online companies like Meta and Discord. The Tech Coalition, a group of tech businesses with a cooperative aim to fight online child sexual exploitation, wrote in today’s announcement that the program is an attempt to keep predators from avoiding detection by moving potential victims to other platforms. The Verge

Australia’s second-largest telecommunications provider Optus has suffered a disastrous start to Wednesday with an ongoing nationwide outage, leaving millions without phone services or internet, and some trains in Melbourne ground to a halt. Australian Financial Review

The exploitation of zero-day vulnerabilities is on the rise globally and directly impacting federal agencies, part of what a senior Cybersecurity and Infrastructure Security Agency official called a “very eventful past six months” in the cyber threat landscape. CyberScoop

ASPI

Bridging the funding gap between industry and Defence

InnovationAus

David Waterhouse

Australia holds significant potential to leverage its world-leading research and development in fields that stand to define a new epoch of emerging capabilities for defence and national security. The Australian Strategic Policy Institute (ASPI) ranks Australia in the top five in nine critical technology areas across AI and advanced manufacturing. However, considered with a broader aperture, Australia ranks significantly lower. Australia is placed 25th in the Global Innovation Index 2022, well behind prominent allies like the UK (4th) and the US (2nd).

Australia

Chaos as Optus crashes nationwide

Australian Financial Review

Paul Smith and Jenny Wiggins

The country’s second-largest telecommunications provider Optus has suffered a disastrous start to Wednesday with an ongoing nationwide outage, leaving millions without phone services or internet, and some trains in Melbourne ground to a halt. Optus has not given any details about the outage to explain whether it is an internal technical problem, or a more sinister cyberattack on, what is considered national critical infrastructure.

Opposition push for AUKUS ‘Pillar III’

InnovationAus

Joseph Brookes

The lack of a national Defence strategy is delaying the technology and advanced capability component of AUKUS and a potential new pillar, according to shadow Defence minister Andrew Hastie.

Zimperium unveils Australia’s first ‘defence shield’ dedicated to guarding against mobile phone security threats

The Australian

Jared Lynch

The cyber security company that protects the smartphones of US troops has launched Australia’s first defence shield against threats on mobile devices, warning attacks are escalating as working from home becomes embedded across the nation’s biggest businesses.

Federal Cabinet sits on Tiktok data harvesting review as Albanese visits China

Capital Brief

Anthony Galloway

A high-level security review examining privacy concerns about Chinese video sharing platform TikTok has been considered by federal cabinet and the government is now weighing up when to announce the response. As Prime Minister Anthony Albanese visits China this week where he met President Xi Jinping on Monday afternoon and is due to meet Premier Li Qiang on Tuesday, his government has for months been sitting on an investigation into data harvesting by social media companies based in authoritarian states such as TikTok and WeChat.

Westpac to cut tech stack in size by two-thirds

iTnews

Kate Weber

Westpac is cutting its technology stack in size by two-thirds under its latest strategic plan to “radically simplify the bank” as it aims to fast-track ambitions to simplify its processes and technology. In its 2023 full-year results, Westpac said it intends to continue simplification by slimming its technology stack, with the expectation this will lead to streamlined customer service, origination channels and products.

China

Baidu placed AI chip order from Huawei in shift away from Nvidia

Reuters

Yelin Mo, Zhang Yan and Brenda Goh

Baidu ordered AI chips from Huawei this year, two people familiar with the matter said, adding to signs that US pressure is prompting Chinese acceptance of the firm's products as an alternative to Nvidia's. One of the people said Baidu, one of China's leading AI firms, which operates the Ernie large language model, placed the order in August, ahead of widely anticipated new rules by the US government that in October tightened restrictions on exports of chips and chip tools to China, including those of US chip giant Nvidia.

US chipmakers descend on China import fair despite tech curbs

Nikkei Asia

Shunsuke Tabeta

The number of US semiconductor companies taking part in China's import fair rose this year despite Washington's restrictions on technology exports, signaling a strong appetite on both sides for trade in general-purpose devices. Micron Technology set up its first-ever booth at the China International Import Expo here to advertise its memory chips for AI and other applications. A staffer expressed hope of a de-escalation in bilateral tensions.

Chinese tech founder taken away by authorities

Financial Times

Qianer Liu and Ryan McMorrow

The founder of Tencent-backed game-streaming site DouYu has been taken away by Chinese authorities, becoming the latest tech entrepreneur to run into trouble in the country. Two people familiar with the matter said 39-year-old Chen Shaojie, chief executive of the Nasdaq-listed group, was taken away several weeks ago. One of the people said authorities were probing pornography and gambling, both of which are illegal in China, on DouYu’s platform.

China’s AI talent pool limited amid surging job demand triggered by ChatGPT race, report finds

South China Morning Post

Ben Jiang

For every five new jobs in AI in China, there are only two qualified workers in the labour market, a sign of the serious shortage of talent in the hot sector, according to a newly published report. The surging demand is largely driven by increasing competition among Chinese Big Tech firms, including TikTok parent ByteDance, e-commerce powerhouse Alibaba Group Holding, video gaming giant Tencent Holdings and telecommunications equipment maker Huawei Technologies, to launch their large language models and AI applications, according to a report by Maimai, a career-focused social network service.

China's nuclear program skirts Western machine tool sanctions

Nikkei Asia

Barbara Ortutay

Manufacturers around the globe look to Japan and Germany as the two countries on the cutting edge of five-axis machining. One of these advanced machine tools at the very heart of modern manufacturing has, however, been found somewhere it should not be - inside China's nuclear development program.

USA

CISA sees increase in zero-day exploitation, official says

CyberScoop

Matt Bracken

The exploitation of zero-day vulnerabilities is on the rise globally and directly impacting federal agencies, part of what a senior Cybersecurity and Infrastructure Security Agency official called a “very eventful past six months” in the cyber threat landscape. Michael Duffy, the associate director for capacity building within CISA’s cybersecurity division, said that in the past month or so, the agency has seen “a really high increase in zero-day activity, exploits that we’re seeing across the globe, really affecting the federal government networks throughout the federal government.”

A Meta engineer saw his own child face harassment on Instagram. Now, he’s testifying before Congress

Associated Press

Barbara Ortutay

On the same day whistleblower Frances Haugen was testifying before Congress about the harms of Facebook and Instagram to children in the fall of 2021, a former engineering director at the social media giant who had rejoined the company as a consultant sent an alarming email to Meta CEO Mark Zuckerberg about the same topic. Arturo Béjar, known for his expertise on curbing online harassment, recounted to Zuckerberg his own daughter’s troubling experiences with Instagram. But he said his concerns and warnings went unheeded. And on Tuesday, it was Béjar’s turn to testify to Congress.

Labor Unions become more influential as technology impacts jobs

Forbes

Shalin Jyotishi

Labor unions are having a come-back moment in the United States, and they are poised to become more influential as emerging technologies such as AI grip the US job market and impact workers. American support for unions has been rising since 2009, and an August 2023 Gallup poll suggested the public is rallying behind expanding union influence with two out of three Americans supporting unions. The 67 percent of Americans who approve of labor unions today is down slightly from 71 percent a year ago but marks the fifth straight year this reading has exceeded its long-term average of 62 percent.

Americas

In Canada’s battle with Big Tech, smaller publishers are caught in the crossfire

Reuters Institute

Gretel Kahn

When the Canadian government first proposed the Online News Act, also known as Bill C-18, their goal was “to ensure fairness in the Canadian digital news marketplace and for independent local news businesses, including rural and remote news organisations, by ensuring that news media and journalists receive fair compensation for their work.” The bill, which was passed by the Senate in June 2023, would require tech giants such as Meta and Google to make fair commercial deals with outlets for the news that is shared on their platforms. Shortly after the government introduced the bill, however, both Meta and Google announced they would block news in Canada on their platforms. Meta followed through with its threat and now those living in Canada are unable to see any news on Facebook and Instagram.

North Asia

Fresh find shines new light on North Korea’s latest macOS malware

The Register

Connor Jones

A brand-new macOS malware strain from North Korean state-sponsored hackers has been spotted in the wild. Dubbed "ObjCShellz" by researchers at Jamf, the malware is thought to be a later-stage payload in the multi-stage RustBucket campaign targeting organizations in the financial services sector. While the scale or success of the malware campaign isn't currently understood, Jaron Bradley, director of Jamf Threat Labs, highlighted to The Register that the group behind the malware has been hugely successful in the past.

South & Central Asia

India’s cyber vulnerabilities grow

The Diplomat

Rajeswari Pillai Rajagopalan

India has been pushing its Digital Public Infrastructure initiatives within the region and globally, most recently during India’s G-20 presidency. India made important advances in DPI during the COVID-19 pandemic. Some of the notable DPI initiatives include a digital national ID as well as a payment infrastructure through the Unified Payments Interface, which is an instant payment system developed by India indigenously.

Elon Musk’s Tesla to enter India soon? PMO asks government departments to fast track approvals by January 2024

Times of India

The Indian government is actively working to streamline approvals for Elon Musk’s Tesla to make potential entry into the country, aiming to have all necessary clearances in place by January 2024. According to an ET report, a meeting held by the Prime Minister's Office recently assessed the next phase of electric vehicle manufacturing in India, including Tesla's investment proposal.

Ukraine - Russia

Russia teaching students to hack infrastructure, Ukraine says

Cybernews

Justinas Vainilavičius

Students in Russia are now taught to launch cyberattacks against Ukrainian and Western infrastructure, according to Ukraine’s intelligence. Moscow is building a national system of cyberattacks to use against adversaries, including hacking classes for students, said Ilya Vityuk, head of the Cybersecurity Department at the Security Service of Ukraine.

Europe

Big Tech to face tougher rules on targeted political ads in EU

Reuters

Foo Yun Chee

Big Tech firms will face new European Union rules to clearly label political advertising on their platforms, who paid for it and how much and which elections are being targeted, ahead of important votes in the bloc next year. The new political advertising rules, which were agreed by EU countries and European Parliament lawmakers late on Monday, will force social media groups such as Alphabet's Google, Meta Platforms to be more transparent and accountable.

A pipeline mystery has a $53 million solution

Foreign Policy

Elisabeth Braw

The hunt is on to find the perpetrator of the sabotage on the Balticconnector pipeline between Finland and Estonia—especially since the same perpetrator appears to have sabotaged two undersea cables between Finland and Estonia, and between Finland and Sweden as well. But one group is following the investigations more closely than anyone else: insurers. A lot is riding on the perpetrator’s identity, because if the sabotage was conducted or sponsored by a state it can count as an act of war, which means standard insurance won’t cover it. And today it’s harder than ever to determine what is, and isn’t, part of warfare.

UK

UK government fails to bring forward promised cyber laws in King’s Speech

The Record by Recorded Future

Alexander Martin

A year after prematurely announcing that the United Kingdom’s cyber laws had been “updated,” the British government has missed what is likely to be its last opportunity to actually update the laws before a general election next year. The legislation was not mentioned during the King's Speech on Tuesday — the formal opening of Parliament in the United Kingdom — during which the government sets out the whole of its legislative agenda for the session to come.

Big Tech

Google, Meta, Discord, and more team up to fight child abuse online

The Verge

Wes Davis

A new program called Lantern aims to fight online child sexual exploitation and abuse with cross-platform signal sharing between online companies like Meta and Discord. The Tech Coalition, a group of tech businesses with a cooperative aim to fight online child sexual exploitation, wrote in today’s announcement that the program is an attempt to keep predators from avoiding detection by moving potential victims to other platforms.

Meta bars political advertisers from using its new generative AI tools in advertisements

ABC News

Facebook owner Meta is barring political campaigns and advertisers in other regulated industries from using its new generative AI advertising products, a company spokesperson said on Monday, denying access to tools that lawmakers have warned could turbo-charge the spread of election misinformation. Meta's advertising standards prohibit ads with content that have been debunked by the company's fact-checking partners, but it does not have any rules specifically on AI.

Big Tech ditched trust and safety. Now startups are selling it back as a service

WIRED

Vittoria Elliott

Massive layoffs across the tech sector have hit trust and safety teams hard over the past year. But with wars raging in Ukraine and the Middle East and more than 50 elections taking place in the next 12 months, experts worry that a nascent industry of startups created to keep people safe online won’t be able to cope. The shift away from in-house trust and safety teams has created an opening for consultancies and startups to offer something new: trust and safety as a service.

Artificial Intelligence

OpenAI unveils personalized AI apps as it seeks to expand its ChatGPT consumer business

Reuters

Krystal Hu and Anna Tong

OpenAI unveiled a marketplace on Monday that enables users to access personalized AI “apps” for tasks like teaching math or designing stickers, signaling an ambition to expand its consumer business. OpenAI CEO Sam Altman shared the updates at the AI lab's first developer conference, which attracted 900 developers from around the world and marked the company's latest attempt to capitalize on the popularity of ChatGPT by offering incentives to build in its ecosystem.

Misc

85% of people worry about online disinformation, global survey finds

The Guardian

Jon Henley

More than 85% of people are worried about the impact of online disinformation and 87% believe it has already harmed their country’s politics, according to a global survey, as the United Nations announced a plan to tackle the phenomenon. Audrey Azoulay, director general of the UN’s culture body, Unesco, told reporters on Monday that false information and hate speech online – accelerated and amplified by social media platforms – posed “major risks to social cohesion, peace and stability”.

23andMe data theft prompts DNA testing companies to switch on 2FA by default

TechCrunch

Zack Whittaker

DNA testing and genealogy companies are stepping up user account security by mandating the use of two-factor authentication, following the theft of millions of user records from DNA genetic testing giant 23andMe. Ancestry, MyHeritage, and 23andMe have begun notifying customers that their accounts will use two-factor by default, a security feature where users are asked to enter an additional verification code sent to a device they own to confirm that the person logging in is the true account holder.

Research

Events & Podcasts

Podcast: Cyber security laws in the Pacific are 'too archaic'

ABC News

The Pacific region has experienced an increase in ransomware attacks. A proposal seeks to mobilise resources and to assess and upgrade country cyber-based systems to protect them from attacks in the future. At the Pacific Partnerships for Prosperity Pavilion an expert panel will discuss the critical need for regional co-operation to strengthen cyber security arrangements in the Pacific.

Share

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.