From The Blog

Microsoft’s $69 Billion wish list includes the acquisition of Activision Blizzard and all the goodies that it controls. This deal has been called the largest in gaming history and it should be. It involves a massive amount of money, and a large stockpile of AAA gaming IP. It would all be under Microsoft’s control. The deal has been approved by 37 different agencies (including the EU) and has two notable hold outs; the US FTC and the UK’s CMA. Microsoft has appealed the UK regulator’s move to block the deal while the FTC case is not set to be heard until August.

Geoffrey Hinton, a former engineering fellow at Google and a vice president focusing on AI has made comments after his retirement from Google earlier this month (May 2023). Although his retirement was about more than his change of mind on AI (he was also 75), he has said that his concern has only grown seeing the state of AI and how hard organizations are pushing for it.

The Google Play Store is and has always been something of a playground for mobile malware groups. Over the past few years hundreds of malicious apps have been uncovered with tens of thousands of downloads. Everything from banking malware to information stealers and worse has been identified in the store. Google, to their credit, has tried to find a solution to this. The problem is that the mobile device theater is about as secure as the PC industry was in the late 90s given the shovel ware from mobile device makers, and then carriers.

With some of the news around AI I feel like I should just create a “what could go wrong” series of articles. After all, as we see the term “AI” pushed around as the savior for all the things, we should be aware of the fact that things could go horribly wrong with any of these systems. So, it is with that in mind that we bring you news that Microsoft is now offering an AI content moderation system called Azure AI Content Safety. I mean having a system that was taught what is harmful content to control speech in online platforms… what could possibly go wrong?

In what seems to be a tit-for-tat move, Chin has announced a ban on products from US chip maker, Micro. The reasons for this are vague with the Cybersecurity Administration of China (CAC) saying it is for National Security reasons. This move comes after the US has banned a couple of technology companies from China for the same reasons and as social time-wasting platform TikTok comes under greater scrutiny in possible preparation of a nationwide ban on the platform. Montana has already signed a ban into law although this ban might not bear the scrutiny of a Constitutional Review.

In the never-ending saga of Ransomware, the threat groups that deploy or leverage this tool for financial gain are always looking for a new method of installation and ways to avoid increasingly sophisticated security measures. Although most organizations might not be employing overly sophisticated security, the really good targets might be. Even the use of advanced MDR/XDR makes the exposure window smaller when it comes to many ransomware attacks.

Long, long ago in a development studio far away there was a concept for a game where the protagonist was something more than just another boss to beat. In 1994 LookingGlass studios launched the game System Shock. It was a 1st person shooter game where you take the role of a “hacker” onboard a space station in 2072. Your nemesis, a malevolent AI called SHODAN. The game was a critical success although it lost money for LookingGlass. System Shock also changed the genre of first-person shooters with its innovative style, story line and, of course, SHODAN.

Video editing software CapCut users are being targeted by attackers to push different strains of malware. For those that are not aware of that CapCut is, it is a video editor and maker for TikTok and is the official one at that (ByteDance also owns TikTok). With over 500 million downloads from Google Play alone it is clearly a very popular app for people to grab to feed their TikTok streams with. It was only a matter of time before someone decided to go after the poplar app and with the growing number of bans and lock outs for ByteDance and their services, offering what appears to be an alternative way to get this software makes sense (from an attacker perspective).

First identified in January of 2023, Samsung has put a warning about a CVSS 4.4 vulnerability (CVE-2023-21492) that Is actively being exploited in the wild. The flaw, which impacts Samsung devices that are running Android 11, 12, and 13, was first disclosed to Samsung privately on January 17th, 2023. CISA (Cybersecurity and Infrastructure Security Agency) has also issued a warning about the flaw.

PyPI (the Python Package Index) has stopped allowing the creation of new accounts and the upload of new packages. This move has been put in place to deal with a massive increase in identified malicious users and packages. This decision comes as other repositories like NPM and even Microsoft VSCode have identified new malware posing as well-known projects. Supply chain attacks and typo-squatting are not really a new thing and increases in attacks on repositories often happen on a fairly regular basis. However, the increase across three popular repos can been seen as a larger threat when put in context of the general IT market.