The Cyber Why: What We Read This Week...
... and why you should too! (07/06/23)
Your usual tech, investing, and cyber security news sommelier, Tyler is out of pocket this week, so I got called up to the Big League. We have been publishing earlier in the week, but with the 4th of July, and me sweating to death in Texas, I’m pushing this out a bit late. I’m going with five stories like we did last week.
This week I dig into Twitter’s continuing woes and competitive landscape. If you can't stand Twitter, grab your popcorn. I also drill into the increasing legal challenges to OpenAI from data training on unauthorized sources. I wrap up with two cybersecurity stories on Russia's premier extortion crew and satellite hacking. I hope you enjoy this week's The Cyber Why! Maybe Tyler will let me do it again solo in the future. Help pad my stats, hit like, and subscribe! We will be back to regular programming next week.
Twitter Is A Dumpster Fire, Still
Elon Musk Really Broke Twitter This Time (The Atlantic)
Twitter is the dumpster fire that keeps on burning. I almost wrote, “It is hard to believe just how bad Twitter has become under Elon’s stewardship,” but it is pretty much the opposite. Elon announced that “to address extreme levels of data scraping & system manipulation,” rate limiting would be temporarily implemented. This change resulted in users reporting blank and broken interfaces. These rate limits made my personal TweetDeck unusable. The restriction move came on the heels of Twitter announcing that you had to be logged in to see tweets. Just days later, Twitter silently removed these restrictions. Yet another mistake in the Elon quiver!
We Don't Have An Elon/Zuck MMA Match, But We Do Have Instagram Threads
Threads, Instagram’s ‘Twitter Killer,’ Has Arrived (New York Times)
Twitter users are clamoring for an alternative, and Mastodon currently has the most followers, but this week Facebook’s (I mean Meta’s) new app Threads had all the buzz. Threads has formidable competition, however, as former Twitter boss Dorsey’s Bluesky, has millions of people already signed up for the waitlist. Facebook’s privacy track record could give many potential users pause. Jack Dorsey even Tweeted “All your Threads are belong to us.” Speaking of Zuck and the 4th of July, thanks to The Telegraph for the video below.
The OpenAI Lawsuits Are Stacking Up
OpenAI and Microsoft Sued for $3 Billion Over Alleged ChatGPT Privacy Violations (Vice)
Last week, a class action lawsuit against OpenAI and Microsoft was filed in San Francisco, claiming that OpenAi secretly "scraped 300 billion words from the internet" without obtaining consent. The lawsuit alleges that OpenAI stole "names, contact details, email addresses, payment information, social media information, chat log data, usage data, analytics, and cookies." In addition to that lawsuit, two authors also filed a lawsuit against OpenAI, claiming the company broke copy write law by training its models on novels without the authors' permission. We aren't going to see a resolution anytime soon, but it will be interesting to see how the courts handle these types of cases.
The CL0P Ransomware Group Continues Its MOVEit Extortion Campaign
Millions affected by MOVEit mass-hacks as list of casualties continues to grow (TechCrunch)
If you aren't familiar with Cl0p, I hope you never make its acquaintance. Cl0p is a highly skilled extortion group capable of conducting zero-day attacks against managed file transfer solutions. It has previously targeted Accellion, GoAnywhere, and most recently MOVEit. Instead of encrypting your data and holding it hostage, in this campaign, Cl0p was able to steal the sensitive data stored on potentially thousands of MOVEit servers. The threat actor group has been threatening victims and leaking data since June 14th. Cl0p will continue to target secure and managed file transfer solutions in the future, so it’s best to harden these solutions now and have the monitoring in place to detect and respond to malicious activity quickly.
Satellites Disrupted, Was It The Space Lasers?
Cyberattack knocks out satellite communications for Russian military (Washington Post)
The Russians targeted Viasat satellites at the onset of the so-called "Special Military Operation," and the disruption spread beyond Ukraine's borders. The attack impacted people all across Europe. Now, just days after Wagner boss Yevgeny Prigozhin's "March of Justice" to Moscow, a Russian satellite operator, Dozor-Teleport, was taken offline in a cyberattack. Interestingly, Dozor-Teleport provides services to the KGB's main successor, the FSB. Multiple "hacktivist" groups claimed responsibility, but instead of Wagner sympathizers, a more plausible scenario is that Western or Ukrainian agencies conducted the attack. Attribution for this attack has been challenging because, in space, no one can hear you scream.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!