Subject: U.S. Hunts Chinese Malware That Could Disrupt American Military Operations
Source: New York Times
https://www.nytimes.com/2023/07/29/us/politics/china-malware-us-military-bases-taiwan.html?unlocked_article_code=HQK2FeWKi0wBK4nDasAITq05EwDuGhFOUx84ZyMa1HSKxV_BlasMaS7QyG9V6ijCZcYowCbb4SDfqBzGklg8H8l0S-XQ63Yx1hWnAE1GiwynThobXyNVqfdUrJeeLopKq4Y2yB8OLlZ-ap95UhAAcY23ILsFhepPeP1v0MpH_iG6xiXilALj_xF8icpiR7Fwcak-hJ4RjWXgwMCKFWA0N0FGaXAe80bdE3jEkDtIMlEz5bshAWq8HOwl4TLP0b0MtykZWvqq3dR5SnjNtfZl1sPILKc-77Gmz1fFFFzPueCrkMOhHSauk8xFkqIS3v0ySFeiE2RnLPR0dL2vXOwa-6jGP02VAiFOSczJcDZ6XrN3WzM&smid=url-share
[sharable link, h/t beSpacific]
American intelligence officials believe the malware could give China the power to disrupt or slow American deployments or resupply operations, including during a Chinese move against Taiwan.
The Biden administration is hunting for malicious computer code it believes China has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world, according to American military, intelligence and national security officials.
The discovery of the malware has raised fears that Chinese hackers, probably working for the People’s Liberation Army, have inserted code designed to disrupt U.S. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.
The malware, one congressional official said, was essentially “a ticking time bomb” that could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to U.S. military bases. But its impact could be far broader, because that same infrastructure often supplies the houses and businesses of ordinary Americans, according to U.S. officials.
Subject: Canon warns of Wi-Fi security risks when discarding inkjet printers
Source: Bleeping Computer
https://www.bleepingcomputer.com/news/security/canon-warns-of-wi-fi-security-risks-when-discarding-inkjet-printers/
Subject: New Attack Impacts Major AI Chatbots
Source: Wired
https://www.bespacific.com/new-attack-impacts-major-ai-chatbots/Wired:
“ChatGPT and its artificially intelligent siblings have been tweaked over and over to prevent troublemakers from getting them to spit out undesirable messages such as hate speech, personal information, or step-by-step instructions for building an improvised bomb. But researchers at Carnegie Mellon University last week showed that adding a simple incantation to a prompt—a string text that might look like gobbledygook to you or me but which carries subtle significance to an AI model trained on huge quantities of web data—can defy all of these defenses in several popular chatbots at once. The work suggests that the propensity for the cleverest AI chatbots to go off the rails isn’t just a quirk that can be papered over with a few simple rules. Instead, it represents a more fundamental weakness …
Source: Krebs on Security
https://krebsonsecurity.com/2023/08/how-malicious-android-apps-slip-into-disguise/
Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric, a security firm based in Amsterdam. Aleksandr Eremin, a senior malware analyst at the company, told KrebsOnSecurity they recently encountered a number of mobile banking trojans abusing a bug present in all Android OS versions that involves corrupting components of an app so that its new evil bits will be ignored as invalid by popular mobile security scanning tools, while the app as a whole gets accepted as valid by Android OS and successfully installed.
“There is malware that is patching the .apk file [the app installation file], so that the platform is still treating it as valid and runs all the malicious actions it’s designed to do, while at the same time a lot of tools designed to unpack and decompile these apps fail to process the code,” Eremin explained.
…
Tagged: