TechLetters #169 XZ looks_like-espionage operation to backdoor software and OS. EU rules to defend elections from disinformation (regulating influencers?). US/UK accuse China of cyberattacks
Analysis of election interference and guidelines. I also point out to two weaknesses in European information space, constituting a vulnerability.
Security
China’s cyberattacks on UK and US. UK attributes two malicious cyber campaigns targeting the UK’s democratic institutions (electoral commission) and politicians (MPs). Chinese state-backed cyber operators. Sanctions, asset freezes. USA also attributes cyberattacks to China and issues new sanctions. Against people and Wuhan XRZ (China-based Ministry of State Security front company). They sent phishing emails contained tracking material, which helped target individuals and companies. They also used zero-day exploits and SQL injections.
China refutes those accusations and accuses UK/US of unprofessionalism. They "made technical clarifications ... the evidence provided by the British side was inadequate and relevant conclusions lack professionalism". Calls it "political manipulation" and "politicization o cybersecurity".
Softmax attack on LLM models. Retrieving hidden information related to AI/LLM model. Information leak, for example about likely next keywords, or if the model was updated.
Zero-day evolution in 2013. “97 zero-day vulnerabilities exploited in-the-wild in 2023, over 50 percent more than 2022 … vulnerabilities in third party components and libraries were a prime attack surface in 2023, since the exploitation of this type of vulnerability can scale to affect more than one product”
Upstream xz repository and the xz tarballs have been backdoored. Xz is used for compression. Widely. Very serious security risk. It makes a ssh server backdoored. This is very serious. Backdoor execution code. Indeed smells like a sophisticated cyber operation. Lasting ~2 years. Someone built reputation by submitting sending legitimate commits, took control of the XZ project, convinced Linux distributions to include dependency of SSH server. Backdoor allowed entry to bypass security.
Technology Policy
Technologists needed in competition investigation and work. Agencies of the International Competition Network (ICN) jointly issued a statement about how regulatory agencies can increase their tech capacity to keep pace with the increasing use of technology across industries.
Other
IBM announces breakthrough progress in quantum error correction. That's the critical requirement towards achieving stable qubit computations, so perhaps one day useful quantum computers. "error threshold of 0.7%"
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: