CISA guidelines on Microsoft Exchange Server product vulnerabilities | Hackers breach security cameras, exposing Tesla, jails, hospitals | Epoch Media casts wider net to spread its message online
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
CISA urges all organizations across all sectors to follow guidance to address the widespread domestic and international exploitation of Microsoft Exchange Server product vulnerabilities. US-CERT
A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Bloomberg
The Epoch Media Group…has become a top purveyor of conspiracy theories and political misinformation, according to data provided by the research group Advance Democracy and analyzed by Global Disinformation Index, a nonprofit that studies disinformation. The New York Times
ASPI ICPC
The Xinjiang Silence
The Wire China
@NorthropKatrina @ebinder21
A recent Australian Strategic Policy Institute report documented how Uyghur forced labor is not limited to Xinjiang, and some workers are forcibly transferred to other provinces to work.
Read our ‘Uyghurs for Sale’ report here.
The World
Epoch Media Casts Wider Net to Spread Its Message Online
The New York Times
@daveyalba
The company’s ties to more than a dozen sites illustrate how conservative media companies are branching out after Facebook and Twitter began stiffer policing of false information.
Underpaid Workers Are Being Forced to Train Biased AI on Mechanical Turk
VICE
@Aliide_N
Workers who label images on platforms like Mechanical Turk say they’re being incentivized to fall in line with their responses—or risk losing work.
Australia
‘Large number’ of Australian organisations vulnerable to China-backed hacking group Hafnium’s Microsoft Exchange hack
news.com.au
@JackGramenz
Companies around the world including Australia are scrambling to stop a cybersecurity threat believed to be coming from China that exploits vulnerabilities in widely used Microsoft software.
China
Huawei row, O’Halloran detention threaten China’s relationship with Ireland
South China Morning Post
@fbermingham
Four elected officials this week joined a pan-national, bipartisan group pushing hardline legislation on China, and warned that a confluence of issues, both domestic and international, are changing Irish perceptions on China.
China is building the (cheap) smart homes of the future
Protocol
@ZeyiYang
Xiaomi might be blacklisted in the U.S. But in China, it makes over 1,000 smart home devices, creating a network nobody can match.
I Got Vaccinated for COVID-19 in China via a Slew of Apps, Here's How I Did It
PingWest
Chen Du
China has more than 52 million doses administered, at a daily rate of about 600,000. I got one of those shots just yesterday, and I'm here to tell you about how I did it, via a slew of apps that resulted in a decently pleasant but still a bit techno-chaotic experience.
LinkedIn Pauses New Sign-Ups in China to Review Compliance
Bloomberg
@BrodyFord_
Microsoft Corp.’s professional networking site LinkedIn is pausing new member sign-ups for its service in China while it works to ensure it’s in compliance with local law.
USA
Amid widespread Exchange Server attacks, Microsoft issues patch for older versions
CyberScoop
@shanvav
Microsoft issued a patch late Monday evening for older, unsupported versions of Microsoft Exchange servers in an attempt to lessen the blow of hackers exploiting recently uncovered software flaws.
Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals
Bloomberg
@WilliamTurton
A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.
Samsung still in talks with Texas over US chip plant
The Korea Times
Kim Bo-eun
Talks are still ongoing between Samsung Electronics and the government of Texas over a $17 billion (19 trillion won) investment to expand its semiconductor manufacturing plant in Austin, the company said Tuesday.
The Declining Market for Secrets
Foreign Affairs
Zachery Tyson Brown; Carmen A. Medina
While the agencies that make up the U.S. intelligence community were built to dominate a world of secrets, we believe their future success will depend on their ability to effectively operate out in the open.. The information revolution has seeded a growing ecosystem of open-source intelligence services. Firms such as Recorded Future, DigitalGlobe, and McKinsey offer not only intelligence-like products, such as news aggregation and data analytics, but also such services as on-demand overhead satellite imagery and long-term strategic forecasting that were previously the purview of governments alone. Some organizations, such as Bellingcat, have blurred the line between journalism and intelligence by pioneering open-source techniques that exploit social media, commercial imagery, and gray literature.
Read Danielle Cave’s Australian Foreign Affairs essay on how data, technology & OSINT are re-shaping espionage here.
Scoop: Biden taps another Big Tech trustbuster
Politico
@RyanLizza @tarapalmeri @EugeneDaniels2 @rachaelmbade
President Joe Biden has decided to nominate Lina Khan, a Columbia University legal scholar championed by anti-Big Tech activists, to the Federal Trade Commission.
Powerful DNA Software Used in Hundreds of Criminal Cases Faces New Scrutiny
The Markup
@lkirchner
After decades of secrecy, two judges have ruled defendants can investigate whether TrueAllele’s probabilistic genotyping algorithm works as advertised
Is Congress finally ready to pass meaningful ransomware legislation?
CyberScoop
@timstarks
During the entire last two-year session of Congress, lawmakers only signed one bill law that mentioned the word “ransomware.” With the epidemic of digital extortion showing no signs of abating, though, and as ransomware attacks claim ever more victims across all parts of the U.S., evidence is mounting that the next two years could bring a more concerted push for legitlation.
Southeast Asia
Video Blog: How will 5G affect AI technologies in Southeast Asia?
Engage Media
@sarapacia
In the last of our video blog series on artificial intelligence (AI) and Southeast Asia, EngageMedia interviews 5G researcher Melinda Martinus on how the different 5G providers in the region – whether from China or outside Asia – can influence the AI technologies that will be powered by it.
South & Central Asia
How India could break WhatsApp encryption
Platformer
@CaseyNewton
From Delhi to Australia, threats to online political speech are growing.
Europe
Dutch cops take out encrypted chat service SkyECC; Thirty arrests
NL Times
Over the past three weeks authorities in the Netherlands have been monitoring live traffic on the encrypted messaging service SkyECC, which lead police and the financial crimes inspectorate FIOD to raid 75 properties on Tuesday and arrest 30 suspects.
The EU wants to boost its chip production as Covid fuels a global supply shortage
CNBC
@Silvia_Amaro
The European Union has plans to become less reliant on technologies traditionally manufactured outside of the bloc, such as the ramping up of chip production.
Gender and Women in Cyber
Expanded STEM program taps into talents of Australian women
Technology Decisions
As part of the expansion of the Australian Government’s Women in STEM Cadetships and Advanced Apprenticeships Program, up to 600 women will be encouraged to study science, technology, engineering and maths while they’re working.
Misc
Inside the battle to wipe revenge porn and child abuse from the net
SBS
@edengillespie
Internet investigators work in the darkest corners of the net to wipe image-based abuse offline. Two of them told The Feed despite its challenges, helping victims of revenge porn makes it all worthwhile.
How to Put Out Democracy’s Dumpster Fire
The Atlantic
@anneapplebaum @peterpomeranzev
Our democratic habits have been killed off by an internet kleptocracy that profits from disinformation, polarization, and rage. Here’s how to fix that.
Twitter is reinventing itself
The Verge
@reckless
Kayvon Beykpour, head of consumer product, on the company’s new product plan
Research
The Uyghur Genocide: An Examination of China’s Breaches of the 1948 Genocide Convention
Newlines Institute for Strategy and Policy
This report is the first independent expert application of the 1948 Genocide Convention to the ongoing treatment of the Uyghurs in China.
First independent report into Xinjiang genocide allegations claims evidence of Beijing's 'intent to destroy' Uyghur people
CNN
@Ben_Westcott @bexwright1
Online or Offline, Attacking Healthcare is Attacking People
CyberPeace Institute
Attacks on healthcare are causing direct harm to people and are a threat to health, globally.
Events
ASPI Webinar: Are you ready for the new critical infrastructure law?
ASPI ICPC
With amendments to the Critical Infrastructure Act currently before parliament, impacted industry sectors are racing to get ready. ASPI's International Cyber Policy Centre is delighted to invite you to a panel discussion on 18 March at 4pm where representatives from Home Affairs, the cybersecurity sector and industry will discuss the impact of the changes and answer your questions. Register here.
Jobs
Training provider SAGE has announced the commencement of new digital engineering apprenticeship.
Defence Connect
A number of Australia’s key industry bodies have announced the creation of the nation’s first digital engineering apprenticeship in collaboration with Skills Lab, SAGE confirmed.
Product Policy Manager, Inauthentic Behavior
Facebook
As the importance and impact of the Facebook family of companies continues to grow, so does the security risk to the company and the likelihood that our platforms will be used to cause harm. The Facebook Security Policy team is dedicated to understanding these risks and crafting policies that govern acceptable use of our platform so that we can identify and take action against those who would use our platform for malicious purposes.