Back in May 2018, the Internet Corporation for Assigned Names and Numbers, aka ICANN, issued new requirements to registrars to redact customer information from WHOIS lookups. This came in response to GDPR restrictions. Essentially ICANN would keep collecting this information until it developed a system to retrieve it that was in compliance with GDPR. As a result, lookups generally required a formal legal request or abuse reports. Security journalist Brian Krebs notes ICANN launched its Registration Data Request Service, making it available to all registrars to handle lookup requests. Requests would not be mediated by ICANN, remaining a direct communication between the registrar and requester.
(Krebs on Security)
US Senator Ron Wyden sent a letter to the Department of Justice asking it to “repeal or modify any policies” that would inhibit public discussions around push notification spying after his office received an anonymous tip on the practice. The idea being that Google and Apple’s servers receive data to send as push notification, which could give a third-party insight into how users are utlizing apps. The letter doesn’t get into too much detail, but does state the foreign governments allied to the US demanded such data from Google and Apple. In a statement, Apple said that, “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”
(Reuters)
The search giant unveiled its next-generation AI model called Gemini. It will come in three varieties, Ultra, Pro and Nano. Ultra and Pro will compete against OpenAI’s ChatGPT 4 and 3.5, respectively. Google designed Nano to run locally on mobile devices. The company updated its Bard chatbot to run on Gemini Pro, with an Ultra-powered paid version coming early next year. Google claims the Ultra model is the first to outperform humans in the industry benchmark Massive Multitask Language Understanding. Gemini Ultra will also be a multi-modal model, able to accept and generate text, images, audio, and video.
(The Verge, Gizmodo)
As part of a major shakeup in its security division, Microsoft named Igor Tsyganskiy into the role, replacing Bret Arsenault. Arsenault had served in the role for 14 years and will remain with the company in an advisory role. Deputy CISO Aanchal Gupta is also out and will leave the company. Tsyganskiy joined MIcrosoft in August, previously serving as CTO and President at Bridgewater Associates. This comes after Microsoft experienced several highly visible breaches in the past year, including a Chinese-backed threat actor breaching Microsoft 365 to steal government emails.
(Security Week)
The Japanese car maker announced it began an investigation into a cyberattack on its Oceania division. This impacted Nissan Corporation and Financial Services in Australia and New Zealand. The company did not confirm if the attack resulted in data loss, but warned customers “to be vigilant across their accounts.” The attack did not impact its dealership network and its websites in the region remain available.
(Bleeping Computer)
Nvidia CEO Jensen Huang said the company began working closely with the US government on specifications and capabilities for products designed to meet export restrictions. Earlier this year, Nvidia introduced high-end GPUs designed specifically to get around US export bans, with chips like the H800. These bans initially focused on chip-to-chip data transfer rates. After Nvidia announced the chips, the US Commerce department announced it would further fine tune export restrictions. In past earnings reports, China makes up around 20% of Nvidia revenue.
(Reuters)
At Black Hat Europe, Microsoft, GitHub, and Banco Santander released new open source tools designed to find weak cryptography in software. This came after the group found in a survey of open source repositories, almost half used RSA algorithms, and a quarter used SHA-1. These new tools are based on GitHub’s CodeQL static code analysis tool, creating a cryptographic bill of materials, making it easier for developers and security teams to spot weak points. The group next plans to study the impact of post-quantum computing on embedded hardware and low-power devices.
(Dark Reading)
Austal USA confirmed it suffered a cyberattack. The company holds contacts to build ships for the US Department of Defense and Homeland Security. This comes after the Hunters International ransomware group named Austal on their leak site, claiming they will leak further compliance documents, financials, and engineering data. Austal USA said it quickly mitigated the attack and that the threat actors did not access personal or classified data.
(Bleeping Computer)
Acting as a media network for cyber information and exchange, CISO Series is just a member of this fantastic community that unfortunately has some conflicts. We’re just putting ourselves at the center of the conversation, acting as couples counseling for security vendors and practitioners.
CISO Series: Delivering the most fun you’ll have in cybersecurity.
Contact us: info@cisoseries.com
© 2023 CISO Series
About The Author
More Stories
How RightsCon Is an Unexpected Stress Test for the Multistakeholder Model of Internet Governance
From Coverage to Meaningful Connectivity: How Kenya Is Leading Africa’s Internet Future
Community Snapshot—April