Imagine your search terms, key-strokes, private chats and photographs are being monitored every time they are sent. Millions of students across the U.S. don’t have to imagine this deep surveillance of their most private communications: it’s a reality that comes with their school districts’ decision to install AI-powered monitoring software such as Gaggle and GoGuardian on students’ school-issued machines and accounts.

"As we demonstrated with our own Red Flag Machine, however, this software flags and blocks websites for spurious reasons and often disproportionately targets disadvantaged, minority and LGBTQ youth," the Electronic Software Foundation (EFF) says.

The companies making the software claim it’s all done for the sake of student safety: preventing self-harm, suicide, violence, and drug and alcohol abuse. While a noble goal, given that suicide is the second highest cause of death among American youth 10-14 years old, no comprehensive or independent studies have shown an increase in student safety linked to the usage of this software. Quite to the contrary: a recent comprehensive RAND research study shows that such AI monitoring software may cause more harm than good.

tacking on a bunch of LLMs sure is a way to "make the web more human".

Did you know you can play Doom on a diffusion model now? It’s true, Google just announced it! Just don’t read the paper too closely.

Alexey Soldatov, known as the “father of the Russian Internet,” was sentenced in July to two years in prison by a Moscow court for alleged “misuse” of IP addresses.

In 1990, Soldatov led the Relcom computer network that made the first Soviet connection to the global internet. He also served as Russia’s Deputy Minister of Communications from 2008 to 2010.

Soldatov was convicted on charges related to an alleged deal to transfer IP addresses to a foreign organization. He and his lawyers have denied the accusations. His family, many supporters, and Netzpolitik suggest that the accusations are politically motivated. Soldatov’s former business partner, Yevgeny Antipov, was also sentenced to eighteen months in prison.

Archived version

Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks.

This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target networks. This is a relatively new technique that a security researcher discovered in 2023. According to our telemetry, this is the first time a threat actor used it in the wild.

We assess that this campaign is a direct continuation of a previously reported campaign that we attributed with moderate-high confidence to Stately Taurus. We come to this conclusion based on consideration of the TTPs, timeline and victimology targeting government entities in Southeast Asia.

We will also discuss a connection between the Stately Taurus activity and a second cluster of activity occurring simultaneously in the same targeted environment that leveraged the ShadowPad backdoor.

Palo Alto Networks customers receive better protection against threats discussed in this article through the following products and services, which we detail further in the Conclusion section:

• Advanced WildFire
• Advanced URL Filtering
• Advanced DNS Security
• Cortex XDR
• Cortex XSIAM
• Prisma Cloud Compute

Enticing though they are, such arguments conceal a logical flaw. As a classic 19th-century theory known as a Jevons paradox explains, even if autonomous vehicles eventually work perfectly — an enormous “if” — they are likely to increase total emissions and crash deaths, simply because people will use them so much.

Earlier this year, the Australia's eSafety commissioner took X to court over its refusal to remove videos of a religiously motivated Sydney church stabbing for its global users.

The case was ultimately dropped, but commissioner Julie Inman Grant says she received an "avalanche of online abuse" after Mr Musk called her the "censorship commissar" in a post to his 196 million followers.

[...]

A Columbia University report into technology-facilitated gender-based violence - which used Ms Inman Grant as a case study - found that she had been mentioned in almost 74,000 posts on X ahead of the court proceedings, despite being a relatively unknown figure online beforehand.

According to the analysis, the majority of the messages were either negative, hateful or threatening in some way. Dehumanising slurs and gendered language were also frequently noted, with users calling Ms Inman Grant names such as "left-wing Barbie", or "captain tampon".

[...]

Ms Inman Grant said that Mr Musk's decision to use "disinformation" to suggest that she was "trying to globally censor the internet" had amounted to a "dog whistle from a very powerful tech billionaire who owns his own megaphone".

She said that the torrent of online vitriol which followed had prompted Australian police to warn her against travelling to the US, and that the names of her children and other family members had been released across the internet.

[...]

The case turned into a test of Australia's ability to enforce its online rules against social media giants operating in multiple jurisdictions – one which failed after a Federal Court judge found that banning the posts from appearing on X globally would not be “reasonable” as it would likely be "ignored or disparaged by other countries".

In June, Ms Inman Grant's office said it would not pursue the case further, and that it would focus on other pending litigation against the platform.

X's Global Government Affairs team described the outcome as a win for "freedom of speech".

It could also identify your voice and recognize you and your ad preferences, and those of your passengers.

Why...

Archived link

TIDRONE, a threat actor linked to Chinese-speaking groups, targets military-related industry chains in Taiwan

• TIDRONE, an unidentified threat actor linked to Chinese-speaking groups, has demonstrated significant interest in military-related industry chains, especially in the manufacturers of drones’ sector in Taiwan

• The threat cluster uses enterprise resource planning (ERP) software or remote desktops to deploy advanced malware toolsets such as the CXCLNT and CLNTEND.

• CXCLNT has basic upload and download file capabilities, along with features for clearing traces, collecting victim information such as file listings and computer names, and downloading additional portable executable (PE) files for execution

• CLNTEND is a newly discovered remote access tool (RAT) that was used this April and supports a wider range of network protocols for communication

• During the post-exploitation phase, telemetry logs revealed user account control (UAC) bypass techniques, credential dumping, and hacktool usage to disable antivirus products.

Archived version

Two days after U.S. authorities accused two employees of Russian state media network RT of coordinating an online network aimed at influencing the 2024 presidential election, more than 400 posts by Tenet Media, the online content company at the heart of the case, were still accessible on TikTok, unlabeled and untouched.

So too were Tenet Media's nearly 2,500 Instagram videos and more than 4,000 posts on social network X, along with its posts on Facebook and video platform Rumble.

Of all the major platforms where Tenet distributed its videos, so far only Alphabet's YouTube has taken action penalizing the company, pulling down the main Tenet Media channel along with four others operated by owner Lauren Chen on Thursday.

[...]

The platforms' apparent inaction on the campaign is a striking departure from the aggressive efforts they have touted in recent years to expose secretive foreign propaganda campaigns, reflecting both the novelty of the tactics allegedly used and the fraught politics of policing content posted by real people inside the United States.

It also exposes a fresh challenge faced by the platforms as Russia increasingly turns to unwitting American social media stars to covertly influence voters ahead of U.S. elections this year, a sort of digital update to Cold War-era practices of laundering messages through journalists or front media outlets, according to disinformation researchers

"What we're ultimately grappling with is a problem that exists in the real world. It's manifesting on social media in the sense that the entity has a presence there, but it isn't a social media problem per se," said Olga Belogolova, a disinformation professor at Johns Hopkins School of Advanced International Studies and former head of influence operations policy at Meta.

[...]

Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023.

Sighting this group’s TTPs in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them. This can help the threat intelligence community better understand the motives of this threat actor.

The infection came to our attention in June 2024, when our telemetry gave recurring alerts for a new China Chopper web shell variant (used by many Chinese-speaking actors), which was found on a public web server. The server was hosting an open-source content management system (CMS) called Umbraco, written in C#. The observed web shell component was compiled as a .NET module of Umbraco CMS.

In our subsequent investigation, we looked for more suspicious detections on this public server and identified multiple malware sets. These include post-exploitation tools, which, we assess with medium confidence, are related to and leveraged in this intrusion.

Furthermore, we identified new DLL search-order hijacking implants that are loaded from a legitimate vulnerable executable as it lacks the full path specification to the DLL it needs. This attack chain was attempting to load the Crowdoor loader, which is half-named after the SparrowDoor backdoor, detailed by ESET. During the attack, the security agent blocked the first Crowdoor loader, prompting the attackers to switch to a new, previously unreported variant, with almost the same impact.

Here is the indictment and press release by the U.S. Department of Justice.

The indictment of two employees of RT - formerly 'Russia Today', a Kremlin-controlled propaganda outlet based in Moscow - includes allegations that they implemented a nearly $10 million plan to fund a U.S.-based company as one of their “covert projects.”

Employees of the Russia-backed media network RT funded and directed a scheme that sent millions of dollars to prominent right-wing commentators through a media company that appears to match the description of Tenet Media, a leading platform for pro-Trump voices [...]

The indictment on Wednesday of two RT employees, Konstantin Kalashnikov and Elena Afanasyeva, includes allegations that the duo implemented a nearly $10 million plan to fund an unnamed Tennessee-based company as one of their “covert projects” to influence American politics by posting videos to TikTok, Instagram, X and YouTube.

[...]

[Involved apoear to be] six commentators: Lauren Southern, Tim Pool, Tayler Hansen, Matt Christiansen, Dave Rubin and Benny Johnson. The indictment refers to six commentators, who are not named.

[...]

Details included in the indictment match those of two of Tenet’s personalities: Rubin and Pool. As of Wednesday, Rubin’s “The Rubin Report” YouTube channel had 2.44 million subscribers. The indictment refers to “Commentator-1” as having over 2.4 million YouTube subscribers. A person with over 1.3 million YouTube subscribers is referred to as “Commentator-2.” Pool now has 1.37 million subscribers. The indictment also refers to three other commentators, including one with female pronouns, but lacked any information that could directly identify their channels.

[...]