Log4shell software flaw emerging as a major threat | US Australia and Japan jointly fund undersea cable in Pacific | Indian Prime Minister Narendra Modi's Twitter account temporarily hacked
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organisations around the world. ABC News
The United States, Australia and Japan said Sunday they will jointly fund the construction of an undersea cable to boost internet access in three tiny Pacific countries, as the Western allies seek to counter rising Chinese influence in the region. Voice of America
Indian Prime Minister Narendra Modi's Twitter account was hacked with a message saying India had adopted bitcoin as legal tender and would distribute it to all citizens. BBC News
ASPI ICPC
Deepfake video of Jacinda Ardern smoking crack highlights sinister technology
News.com.au
Rohan Smith
The Australian Strategic Policy Institute's latest report on the technology, titled Weaponised deep fakes, takes a deep dive into where the problem is heading. "Deep fakes will pose the most risk when combined with other technologies and social trends: they'll enhance cyberattacks, accelerate the spread of propaganda and disinformation online and exacerbate declining trust in democratic institutions," the report reads.
Read our report ‘Weaponised deep fakes’ here
Read our report ‘Mapping conditions in Rakhine State’ here
World
Log4shell software flaw threatens millions of servers as hackers scramble to exploit it
ABC News
A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organisations around the world.
‘Fully weaponised’: Organisations on high alert as techs race to fix software flaw
The Sydney Morning Herald
Frank Bajak
“The internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike. “People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.”
Critical vulnerability in Apache Log4j library
Kaspersky Daily
Nikolay Pankov
Researchers discovered a critical vulnerability in Apache Log4j library, which scores perfect 10 out of 10 in CVSS. Here’s how to protect.
IMF, 10 countries simulate cyberattack on global financial system
Reuters
Steven Scheer
Israel on Thursday led a 10-country simulation of a major cyberattack on the global financial system in an attempt to increase cooperation that could help to minimise any potential damage to financial markets and banks.
Australia
US, Australia and Japan to Fund Undersea Cable in the Pacific
Voice of America
The United States, Australia and Japan said Sunday they will jointly fund the construction of an undersea cable to boost internet access in three tiny Pacific countries, as the Western allies seek to counter rising Chinese influence in the region.
Personal details of up to 80,000 SA government employees accessed in cyber attack
ABC News
Stacey Pestrin & Eugene Boisvert
The South Australian government says the personal details of tens of thousands of employees, including potentially the Premier, have been accessed in a cyber-attack.
Australia partners with US to curb use of tech for human rights abuses
The Sydney Morning Herald
Alexandra Alper
The Biden administration announced on Saturday (AEDT) that Australia would join the US, Denmark and Norway in a joint effort to curb the export of technology products that are used to aid repression.
Olympic Winter Games: Aussie athletes warned ‘Chinese will be watching 24/7’
Herald Sun
Ellen Whinnett
This is how Australians at the Beijing Winter Games will go behind the “digital iron curtain” and protect themselves against Chinese spies.
The price of ‘freedom’: How anti-lockdown protest leaders make money from the movement
The Sydney Morning Herald
Rachael Dexter, Simone Fox Koob & David Estcourt
As tens of thousands of committed protesters take to the streets weekly to protest vaccine mandates, COVID-19 restrictions and Victoria’s pandemic legislation, the so-called “freedom” movement has given rise to a core group of self-styled leaders who have developed large, ardent and growing followings online. With this has come an opportunity to make money. Large sums are being donated to crowdfunding for legal cases such as Erhan’s, with little transparency or scrutiny. Many of the self-styled leaders solicit donations. Merchandise including “freedom” clothing lines, wellness products and sketchy COVID-19 cures are being spruiked to their many followers.
Australian govt raises alarm over Conti ransomware attacks
Bleeping Computer
Sergiu Gatlan
The Australian Cyber Security Centre (ACSC) says Conti ransomware attacks have targeted multiple Australian organizations from various industry verticals since November.
China
China builds undersea cable bases amid digital infrastructure rivalry
South China Morning Post
Laura Zhou
China is to build two bases to maintain undersea cables in the East China and South China seas as part of efforts to bolster its digital infrastructure, which has emerged as a new front in its geopolitical competition with the United States.
China kicks social network Douban out of app stores
Nikkei Asia
Zach Coleman
Chinese regulators on Thursday removed 106 apps from the country's app stores for "excessive collection of personal information," including one of the country's leading cultural discussion platforms.
USA
Congress, Far From ‘a Series of Tubes,’ Is Still Nowhere Near Reining In Tech
The New York Times
Cecilia Kang
Holding a hearing that humbles the most powerful business executives in the world is much easier than legislating.
Keeping the Wrong Secrets
Foreign Affairs
Oona A. Hathaway
Thanks to new surveillance and monitoring technologies, including geolocation trackers, the Internet of Things, and commercial satellites, private information is now often better—sometimes much better—than the information held by governments. At the same time, these technologies have given rise to an altogether new threat: troves of personal data, many of them readily available, that can be exploited by foreign powers.
Operation Whistle Pig: Inside the secret CBP unit with no rules that investigates Americans
Yahoo! News
Jana Winter
The division, which still operates today, had few rules and routinely used the country’s most sensitive databases to obtain the travel records and financial and personal information of journalists, government officials, congressional members and their staff, NGO workers and others.
Soon, the Hackers Won’t Be Human
Foreign Affairs
John Bansemer
The U.S. must invest in AI to protect critical infrastructure from cybercriminals and state-sponsored hackers.
Is MIT’s Research Helping the Chinese Military?
Wall Street Journal
Michelle Bethel
My concerns about how Beijing might be using our findings were dismissed as racist and political.
Ford CEO says automaker needs EV batteries more than semiconductor chips as electric F-150 reservations hit 200,000 units
CNBC
Michael Wayland
Ford Motor needs batteries for its electric vehicles more than semiconductor chips, CEO Jim Farley told CNBC’s Jim Cramer on Thursday.
North Asia
Taiwan chipmakers hint at decoupling from the US
Asia Times
David P. Goldman
World’s top chip fabricator wants own chip-making equipment to end dependence on US and better help China’s state-led production
South & Central Asia
Indian PM Modi's Twitter hacked with bitcoin tweet
BBC News
Indian Prime Minister Narendra Modi's Twitter account was hacked with a message saying India had adopted bitcoin as legal tender and would distribute it to all citizens.
UK
UK spy chief raises fears over China’s digital renminbi
Financial Times
Roula Khalaf & Helen Warrell
GCHQ head warns technology could allow Beijing to monitor users and exert control over global currency transactions.
Europe
German Cybersecurity Policy 2021-2025
Directions Cyber Digital Europe
Alexandra Paulus
The new German government will mean a shift for the country’s cybersecurity policy. The joint coalition agreement of the three ruling parties lays out their plans for the next four years and signals changes of course in areas like encryption policy and “hackbacks”.
China’s rise in semiconductors and Europe
Stiftung Neue Verantwortung
Jan-Peter Kleinhans & John Lee
Semiconductors are on the mind of many European policy makers, not least because of the intensifying US-China technology rivalry and the chip shortages that forced most European car makers to temporarily stop production from 2020. As a result, the European Commission is working on an EU Chips Act, a draft of which is scheduled to be ready in mid-2022.
Russia
Russia on verge of throwing out Chinese TikTok, launches 'homemade Tiktok'
Business Standard
The Russian government has launched homemade TikTok, called Yappy to cash on Tiktok's popularity. Currently, there are 70 million monthly TikTok users in Russia.
Americas
China envoy says Kovrig, Spavor confessed to crimes, warns against rejecting Huawei
CTV News
Mike Blanchfield
Envoy Cong Peiwu also said Friday Canada will pay a price if it blocks Chinese telecom company Huawei from participating in the country's 5G internet network as its Five Eyes Allies, the United States, Britain, Australia and New Zealand have already done.
Middle East
Satellite images, expert suggest Iranian space launch coming
Associated Press
Jon Gambrell
Iran appears to be preparing for a space launch as negotiations continue in Vienna over its tattered nuclear deal with world powers, according to an expert and satellite images.
Misc
How to fix the internet
Prospect
Ethan Zuckerman
The tech giants aren’t going to remedy their own problems. A small online forum in Vermont could show us the future.
Professional Maintainers: A wake-up call
Filippo.io
Filippo Valsorda
Open Source sustainability and supply chain security are on everyone's slide decks, blogs, and press releases. Big companies desperately need the Open Source ecosystem to professionalize.
Facebook Says Its New AI Can Identify More Problems Faster
WIRED
Tom Simonite
The “Few-Shot Learner” system doesn’t need to see as many examples to identify troublesome posts, and it works in more than 100 languages.
Twitter Has a Peng Shuai Problem
The Bulwark
Michael Mazza
The social network allowed itself to become a tool of Chinese propaganda and oppression.
As scientists race to understand the omicron variant, misinformation has already sprinted ahead
The Washington Post
Gerrit De Vynck
Anti-vaccine influencers are claiming omicron was ‘scheduled’ and that its advent is meant to distract from the trial of Ghislaine Maxwell.
Faustian bargain': Meta's plan for end-to-end encryption on Facebook Messenger 'ideal' for online child sexual abuse
Canberra Times
Finn McHugh
Facebook has signed a "Faustian bargain" by trading children's safety for user privacy, Parliament has been warned.
This Air Force Targeting AI Thought It Had a 90% Success Rate. It Was More Like 25%
Defense One
Patrick Tucker
Too little of the right kind of data can throw off target algorithms. But try telling the algorithm that.
Quantum computing nears a quantum leap
Axios
Bryan Walsh
A new class of powerful computers is on the brink of doing something important: actual useful work.
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.