TOP OF THE DAY

4 more nations sign on to US-led counter-spyware agreement

(David DiMolfetta – 23 September 2024) Austria, Estonia, Lithuania and the Netherlands on Sunday joined a U.S.-led pact designed to deter global spyware abuses, marking 21 nations signing onto the agreement after the alliance began with 11 participants in March of last year. The add-ins were fleshed out on the sidelines of the United National General Assembly, a State Department release said. The announcement follows a U.S. move last week that levied sanctions on members of the Intellexa Consortium, a confederation of firms known for crafting and selling advanced surveillance tools to private companies and sovereign nations. – 4 more nations sign on to US-led counter-spyware agreement – Nextgov/FCW

Europol: GenAI Offers “Treasure Trove of Possibilities”

(Phil Muncaster – Infosecurity Magazine – 24 September 2024) Artificial intelligence (AI) will “profoundly reshape the law enforcement landscape” as long as it is adopted responsibly, Europol’s executive director, Catherine De Bolle has claimed. De Bolle’s comments came as the policing organization launched a new report into the technology, which claimed that generative AI (GenAI) offers law enforcers “a treasure trove of possibilities.” – Europol: GenAI Offers “Treasure Trove of Possibilities” – Infosecurity Magazine (infosecurity-magazine.com)

Governance

(Katrina Geddes – Lawfare – 23 September 2024) By now, you’ve probably seen the images of President Trump being arrested or Pope Francis wearing a puffer jacket. All of those images were AI generated, which is to say, they’re fake. They’re hyperrealistic images of events that never occurred. But they were generated by AI models that were trained on real images of the Pope and real images of President Trump. Do the owners of the original images have a claim against the model developer, or the user who prompted the model? This article will disentangle the thorny intellectual property issues around generative AI, beginning with copyright infringement and then moving on to trademark law and the right of publicity. – AI Liability for Intellectual Property Harms | Lawfare (lawfaremedia.org)

(Phil Muncaster – Infosecurity Magazine – 23 September 2024) UK data protection regulator the Information Commissioner’s Office (ICO) has welcomed a decision by LinkedIn to stop training its generative AI (GenAI) models on UK users’ information. Executive director for regulatory risk, Stephen Almond, argued that for organizations to extract maximum value from GenAI, the public must be able to trust that their privacy rights are being respected. – LinkedIn Pauses GenAI Training Following ICO Concerns – Infosecurity Magazine (infosecurity-magazine.com)

Security

(Eduard Kovacs – SecurityWeek – 24 September 2024) A notorious hacker has announced the theft of data from an improperly protected server allegedly belonging to Deloitte. The hacker known as IntelBroker announced late last week on the BreachForums cybercrime forum the availability of “internal communications” obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials. – Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach – SecurityWeek

(Fitriani and Blake Johnson – ASPI The Strategist – 24 September 2024) The public revelation this month that the Pacific Islands Forum (PIF) Secretariat had been hacked has exposed significant cybersecurity vulnerabilities in the region. This breach, which possibly went undetected for months, has again thrust the Pacific islands into the middle of a cyber blame game between China and Australia. Australia has since attributed the hack to a group linked to China, which China has denied, dismissing the allegations as disinformation. – PIF hack highlights the need for cyber capacity building | The Strategist (aspistrategist.org.au)

(Alexandra Kelley – NextGov – 23 September 2024) On Monday, leadership from the Department of Commerce emphasized the importance of centering a national security perspective in emerging technology arenas, particularly in quantum information systems and technologies. Speaking during a forum at the Center for Strategic and International Studies, Deputy Secretary of Commerce Don Graves noted that there are larger financial and policy elements required to support a quantum information sciences and technology industry in the U.S. – Commerce shares financial goals for the US quantum industry – Nextgov/FCW

(Ryan Naraine – SecurityWeek – 23 September 2024) An American collaborator assisting fake North Korean IT workers to secure jobs at US companies generated approximately $7 million in revenue over three years, underscoring the profitability of a growing threat with serious nuclear weapons implications. According to fresh documentation from Google’s Mandiant unit, the revenue generated by the fake IT worker scheme can be substantial with a single American facilitator helping to compromise over 60 identities, impacting 300 companies, and generating $6.8 million in illicit revenue between 2020 and 2023. – Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers – SecurityWeek

(Alessandro Mascellino – Infosecurity Magazine – 23 September 2024) A once-overlooked ransomware tool has resurfaced in enterprise attacks under the guise of a more advanced strain, according to research presented by SentinelLabs at LABScon 2024. Kryptina, a Ransomware-as-a-Service (RaaS) tool initially available for free on dark web forums, has been adopted by affiliates of the Mallox ransomware group, a well-known player in enterprise cyber-attacks. – Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox – Infosecurity Magazine (infosecurity-magazine.com)

(David DIMolfetta – NextGov – 23 September 2024) The Commerce Department proposed a rule to prohibit the sale of connected vehicle components made in China and Russia, citing concerns that the hardware and software could allow the U.S. foreign adversaries to collect sensitive data and disrupt critical infrastructure. The rule, unveiled Monday, targets “vehicle connectivity systems” — which refers to equipment that links vehicles to external networks, including Bluetooth, cellular, satellite and Wi-Fi modules — and “automated driving systems”  that enable autonomous vehicles to function without a driver at the wheel, according to a White House blog post. – Commerce proposes ban on connected-car tech from China, Russia – Nextgov/FCW

Defense, Intelligence, and War

(Jason Van der Schyff – ASPI The Strategist – 24 September 2024) The attacks against Hezbollah using weaponised pagers and walkie talkies serve as a stark reminder of the dangers of compromised supply chains and why Australia must secure its own against the threats from China. While the full details about the devices are yet to emerge, the operation—presumed to be carried out by Israel though not declared as such—indicates what could happen if supply chains were exploited in more subtle but equally insidious ways. For nations like Australia, the consequences could be just as catastrophic. –Remotely exploding pagers highlight supply chain risks | The Strategist (aspistrategist.org.au)

(Chia Shimin, James Char – East Asia Forum – 24 September 2024) China’s People’s Liberation Army (PLA) underwent a significant reorganisation on 19 April 2024, replacing their Strategic Support Force with a new Information Support Force (PLAISF) to adapt to modern military trends in cyberspace and information. The change marks continued efforts by the PLA to hone their control of the information sphere, as reflected in their history, and to enhance interoperability between the different service branches. The restructuring is likely a response to the changing character of war. – Honing the PLA’s capacity for information warfare is not without precedence | East Asia Forum | East Asia Forum

(Kevin Poireault – Infosecurity Magazine – 23 September 2024) Russian-aligned threat actors are moving away from broad information stealing campaigns across Ukraine to focus on cyber espionage targeting military infrastructure, Ukraine authorities have found in their latest mid-year cyber report. Cyber-attacks against Ukraine’s security and defense sectors doubled between the second half of 2023 (111) and the first half of 2024 (276), according to analysis by Ukraine’s State Service of Special Communications and Information Protection (SSSCIP). – Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure – Infosecurity Magazine (infosecurity-magazine.com)

Legislation

(Edward Graham – NextGov – 23 September 2024) A bipartisan group of House lawmakers introduced legislation on Wednesday seeking to enhance the Department of Energy’s artificial intelligence research and development efforts. The bill — sponsored by Reps. Brandon Williams, R-N.Y., and Suzanne Bonamici, D-Ore. — would provide Energy with additional funding and updated guidance to pursue AI testing activities that were not previously codified into law. – House bill looks to expand Energy’s AI research and development – Nextgov/FCW