Gmail And YouTube hackers bypass Google’s 2FA | Russian hackers steal US government emails with Microsoft | CISA makes its malware analysis system publicly available
Good morning. It's Monday 15th April.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Follow us on Twitter and on LinkedIn.
Users who have found themselves locked out of their Google account, with passwords and 2FA details changed to prevent them from getting back in, have fallen victim to what’s known as a session cookie hijack attack. This attack most often starts with a phishing email leading to malware that can capture the session cookies. The trouble is, if a nefarious actor can get hold of these cookies after a user has logged in successfully, then they can essentially replay them and bypass the need for a 2FA code. Forbes
Russian state-backed hackers have stolen email correspondence between US government agencies and Microsoft via a breach of the software giant’s systems, US officials confirmed on Thursday. The breach of Microsoft emails is still forcing the tech giant and US cyber officials to scramble to ensure there is no further damage at the hands of the alleged Russian operatives. CNN
Malware Next-Gen is a malware analysis platform that examines malware samples for suspicious artifacts. It was originally designed to allow U.S. government agencies to submit suspicious files and receive automated malware analysis through static and dynamic analysis tools. Yesterday, CISA released a new version of the system that allows any organization or person to submit files to the system. Bleeping Computer
ASPI
US, Japan, and Australia to cooperate on air defence
ABC
Malcolm Davis
Australia, the US and Japan have announced a historic missile pact, in an effort to deter China. The three nations will co-operate on air defence, including technology, testing and military exercises.
Australia
Oxford digital dons vs Russian elektro-mafia: Australia stakes its claim in cyber’s geopolitical name-and-blame game
The Mandarin
Julian Bajkowski
But there’s a much bigger diplomatic and foreign relations play in full swing to gradually shift the gathered empirical cyber evidence to sufficiently respected academia and researchers and away from self-interested IT vendors, flyscreen and bug-zapper firms selling racks to fill security cracks.
Digital driver's licences are becoming common but without security standards people are vulnerable to fraud, theft
ABC News
Olivia Sanders
Cyber security experts are warning unless digital driver's licence apps meet internationally recognised security standards, they could increase risks of fraud.
USA defence mission to increase AUKUS benefits for WA
Western Australian Government
Western Australian Government
The meetings reaffirmed the State's commitment to building a nuclear submarine sustainment capability and sought advice on opportunities for WA companies to enter the US defence supply chain.
Charges against Meta sparked by Andrew Forrest over false cryptocurrency ads on Facebook discontinued
ABC News
Rebecca Trigger
Criminal charges brought against Meta instigated by one of Australia's richest people Andrew Forrest over fraudulent Facebook cryptocurrency ads have been discontinued in court.
Andrew Forrest accuses Facebook of ‘blatantly refusing’ to take action against scam ads
The Guardian
Josh Taylor
The Australian billionaire and philanthropist Andrew Forrest has accused Facebook’s parent company of “blatantly refusing” to take action against scam ads on its platform, as a criminal case he brought against Meta in WA was discontinued.
China
China readies world’s 1st AI-enabled water canon that it claims can revolutionize non-lethal combat
Eurasian Times
Ashish Dangwal
It remains uncertain whether the newly developed AI-driven water cannon will debut in the South China Sea anytime soon, but its development could cause concerns regarding regional stability.
The short march to China’s hydrogen bomb
Bulletin of the Atomic Sciences
Hui Zhang
There is still very limited knowledge in Western literature about how China built its first H-bomb. Based on newly available information—including Chinese blogs, memoirs, and other publicly available publications—this account reconstructs the history of how China made a breakthrough in understanding hydrogen bomb principles and built its first H-bomb—without foreign help.
Chinese firms helping military get AI chips added to US export blacklist
Reuters
Karen Freifeld and Doina Chiacu
The companies are "involved with providing AI chips to China's military modernization programs" and military intelligence users, the Commerce Department's Kevin Kurland, said.
Huawei building vast chip equipment R&D center in Shanghai
Nikkei Asia
Cheng Ting-Fang
Huawei Technologies is building a massive semiconductor equipment research and development center in Shanghai as the Chinese tech titan continues to beef up its chip supply chain to counter a U.S. crackdown.
Light-based chip: China’s Taichi could power artificial general intelligence
Interesting Engineering
Amal Jos Chacko
Led by professors Dai Qionghai and Fang Lu, the Tsinghua team explained how their photonic integrated circuit (PIC) chip outperforms traditional electronic chips in tasks like image recognition training and content generation.
How Chinese scientists made satellite calls on smartphones possible – it was all down to Project Babel
South China Morning Post
Stephen Chen
In trying to solve the issue of passive intermodulation, Chinese scientists have created the world’s first simulation software.
USA
CISA makes its "Malware Next-Gen" analysis system publicly available
Bleeping Computer
Bill Toulas
Malware Next-Gen is a malware analysis platform that examines malware samples for suspicious artifacts. It was originally designed to allow U.S. government agencies to submit suspicious files and receive automated malware analysis through static and dynamic analysis tools. Yesterday, CISA released a new version of the system that allows any organization or person to submit files to the system.
America is the undisputed world leader in quantum computing, but an own goal could soon erode U.S. dominance
Fortune
Jungsang Kim and Christopher Monroe
Unfortunately, the federal government may soon undermine the Bayh-Dole system–which could massively stifle new advances in quantum computing. The Biden administration just announced that it seeks to use the law’s “march-in” provision to impose price controls on inventions that were originally developed with federal funds if “the price…at which the product is currently offered to the public [is] not reasonable.” This notion arises from ignorance of the core value in entrepreneurship and commercialization.
China remains crucial for U.S. chipmakers amid rising tensions between the world’s top two economies
CNBC
Dylan Butts
“China remains an important market for U.S. chipmakers, and the U.S. restrictions on selling advanced AI chips to China have been designed specifically to allow most U.S. firms to continue selling most types of chips to Chinese customers,” Chris Miller, author of “Chip War,” told CNBC.
Kaspersky to be banned in the US, might strain US-Russia relations
TechReport
Krishi Chowdhary
US officials confirmed that the government is planning to ban US private companies and people in the US from using products (especially the antivirus) developed by Kaspersky Lab (a popular Russian cybersecurity firm) over national security concerns.
US lawmakers angry after Huawei unveils laptop with new Intel AI chip
Reuters
Alexandra Alper and Karen Freifeld
"These approvals must stop," Republican congressman Michael McCaul said in a statement to Reuters. "Two years ago, I was told licenses to Huawei would stop. Today, it doesn’t seem as though the policy has changed."
North Asia
Hyundai to co-develop unmanned surface vessel with U.S. AI firm Palantir
Yonhap News
Chang Dong-woo
HD Hyundai said USVs are considered a game-changer in future naval warfare, as they replace traditional manned vessels to undertake various missions in hazardous zones, including surveillance, mine detection and removal, and combat.
Southeast Asia
Malaysian 'Silicon Valley' seeds homegrown chip startups
Nikkei Asia
Tsubasa Suruga
When chip design company Oppstar listed on the Malaysian stock exchange last year, it was a watershed moment for the Southeast Asian country and its ambitions to revitalize its semiconductor industry as former Intel engineers attempt to push Penang to higher end of value chain.
South & Central Asia
Citroën becomes the first multinational carmaker to export EVs from India
Business Standard
Shine Jacob
French carmaker Citroën became the first multinational car manufacturer in India to export domestically made electric vehicles to the international market.
Ukraine - Russia
Russian hackers steal US government emails with Microsoft, officials confirm
CNN
Sean Lyngaas
Russian state-backed hackers have stolen email correspondence between US government agencies and Microsoft via a breach of the software giant’s systems, US officials confirmed on Thursday.
Ukraine’s attacks on Russian oil refineries show the growing threat AI drones pose to energy markets
CNBC
Spencer Kimball
“The AI guidance also delivers strike precision, maximizing the impact of the strikes by targeting specific areas like distillation towers, repairs of which requires Western technology,” Natasha Kaneva, head of global commodities strategy at JPMorgan, told clients in the April report.
Europe
Chinese fashion app Temu could face strict new EU content rules
POLITICO
Clothilde Goujard
While Temu was already falling under under some Digital Services Act rules, its new self-declared size could lead to new more stringent obligations under the supervision of the European Commission. Online platforms with over 45 million users in the EU must carry out detailed external audits and risk assessments about their platforms and measures they take to limit the spread of illegal content like dangerous toys or fake luxury bags.
Social media is a threat to the French language, says France’s PM
POLITICO
Victor Goury-Laffont
"If the content that young people in particular are accessing is essentially English-speaking, or if the algorithms that suggest content on a given platform tend to suggest English-speaking content, in the long term I think that's a threat to the place of the French language," he said.
UK
Use TikTok to combat misinformation, MPs tell government
The Guardian
PA Media
Members of the cross-party culture, media and sport committee said the government needed to adapt to new apps and platforms that appeal to young people who are increasingly turning away from traditional sources of news.
UK has real concerns about AI risks, says competition regulator
The Guardian
Alex Hern
The “winner takes all” dynamics of digital markets led to the dominance of a few powerful platforms, Cardell said, and she was “determined to apply the lessons of history” to prevent the same thing from happening again.
Middle East
Israel accused of using AI to target thousands in Gaza, as killer algorithms outpace international law
The Conversation
Natasha Karner
As military use of AI becomes more common, ethical, moral and legal concerns have largely been an afterthought. There are so far no clear, universally accepted or legally binding rules about military AI.
Big Tech
Gmail And YouTube hackers bypass Google’s 2FA account security
Forbes
Davey Winder
Desperate Gmail and YouTube users are turning to official and unofficial Google support forums after hackers take over their accounts, bypassing two-factor authentication security and then locking them out. Time and time again, the attackers appear to be part of a cryptocurrency scam.
Google blocking links to California news outlets from search results
The Guardian
Kari Paul
Google has temporarily blocked links from local news outlets in California from appearing in search results in response to the advancement of a bill that would require tech companies to pay publications for links that articles share.
Apple plans to overhaul entire Mac line with AI-focused M4 chips
The Australian Financial Review
Mark Gurman
Apple, aiming to boost sluggish computer sales, is preparing to overhaul its entire Mac line with a new family of in-house processors designed to highlight artificial intelligence.
Huawei says it will start selling PCs powered by Intel's AI chip
Nikkei Asia
Lauly Li and Cheng Ting-Fang
China's Huawei Technologies on Thursday unveiled its first artificial intelligence-powered PC, saying it will be equipped with Intel's latest chipset and run on its in-house operating system. The announcement comes despite a U.S. clampdown on the company that has sharply restricted its access to advanced American technology.
They’re ‘desperate’—leak reveals a huge China ETF game-changer could be about to hit the Bitcoin price and crypto market
Forbes
Billy Bambrough
Now, as bitcoin hurtles toward its next halving supply cut, a leak has revealed China could be poised to permit people to buy into bitcoin spot exchange-traded funds (ETFs) in Hong Kong.
Artificial Intelligence
AI spam is winning the battle against search engine quality
The Register
Brandon Vigliarolo
Not all AI content is spam, but I think right now all spam is AI content'. It's so bad that Jon Gillham, founder and CEO of AI content detection platform Originality.ai, told us Google is losing its war on all that spammy, scammy search engine result content.
The rise of the chief AI officer
Financial Times
The number of companies with a designated head of AI position has almost tripled globally in the past five years
From boom to burst, the AI bubble is only heading in one direction
The Guardian
John Naughton
For investment bubbles, the five stages are displacement, boom, euphoria, profit-taking and panic. So let’s see how this maps on to our experience so far with AI.
Amazon CEO Andy Jassy touts AI in annual shareholder letter
The Seattle Times
Lauren Rosenblatt
In his letter, Jassy reiterated Amazon’s three-layer approach to AI: The bottom layer is for developers and companies who want to build foundational models from the start. The middle layer is for customers who want to build on top of and customize an existing foundational model. And, the top layer is for those who want to create a generative AI application, using those building blocks.
Misc
Government spyware is another reason to use an ad blocker
TechCrunch
Zack Whittaker
According to documents seen by Israeli news outlet Haaretz, Intellexa presented a proof-of-concept system in 2022 called Aladdin that enabled the planting of phone spyware through online ads. The documents included a demo of the Aladdin system with technical explanations on how the spyware infects its targets and examples of malicious ads.
Apple alerts users in 92 nations to iPhone spyware attack
The Australian
Lauren Almeida
The California-based company sent a threat alert notification to some iPhone users on Wednesday, warning that it had detected a “mercenary spyware attack” that was attempting to “remotely compromise the iPhone associated with your Apple ID”.
First iPhone console emulators arrive on App Store
Tom's Guide
Alan Martin
In other words, for now at least, emulators on iPhone will work in much the same way they behave on Android, Windows or Mac. But with nearly half of Americans using an iPhone, protective copyright holders may take an active interest in trying to get Apple to change tack in the months ahead.
Events & Podcasts
The Sydney Dialogue
ASPI
The Sydney Dialogue was created to help bring together governments, businesses and civil society to discuss and progress policy options. We will forecast the technologies of the next decade that will change our societies, economies and national security, prioritising speakers and delegates who are willing to push the envelope. We will promote diverse views that stimulate real conversations about the best ways to seize opportunities and minimise risks.
Digital Surveillance in North Korea
The Stimpson Center
Martyn Williams and Natalia Slavney
Martyn Williams and Natalia Slavney examine North Korea’s digital surveillance capabilities, how they have developed, and worrying trends for the future.
Jobs
Data Scientist
ASPI
ASPI is looking for an inquisitive and problem-solving open-source data scientist who will be responsible for developing and implementing automated techniques for a variety of open-source data collection requirements. We are open to experienced data scientists and those beginning their career. Role equivalency would be between levels 3 – 7 of Data Science category of SFIA 8. The closing date for applications is 15 April 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
Director of Cyber, Technology & Security (CTS)
ASPI
ASPI is looking for an exceptional and experienced leader to lead our largest team focused on emerging security challenges, particularly in cyberspace and the information domain. Director CTS leads ASPI’s largest team to develop and deliver a range of applied research projects on existing and emerging security challenges. CTS’ projects range across cyber and critical infrastructure security, critical and emerging technologies, national resilience and social cohesion, and hybrid threats. The closing date for applications is 22 April 2024 – an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
China Analyst or Senior Analyst
ASPI
ASPI has an exciting opportunity for an analyst or senior analyst to explore China's evolving foreign and security policy, political economy and impact on the Indo-Pacific and the world. ASPI’s China analysts conduct rigorous data-driven research, publish impactful reports that shape the public policy discourse and contribute to the wide catalogue of influential China work published by ASPI. The difference between the analyst and senior analyst levels will depend on experience level and demonstration of past work. The closing date for applications is 10 May 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.
.