October 9, 2023
In this Episode:
Marcel Brown: October 8th, 1992. The video game Mortal Kombat is released into arcades. Now one of the most popular fighting game series in history, the original Mortal Kombat became well known for its graphic display of blood and deadly finishing moves known as Fatalities.
Edwin Kwan: Security researchers have disclosed multiple critical vulnerabilities in the TorchServe tool that could be chained together to achieve remote code execution on affected systems.
Hillary Coover: Could TikTok’s recent personnel shifts from Beijing to the United States be a threat to security of US data? And is the popular app truly independent from its Chinese parent company, ByteDance?
Katy Craig: In a concerning shift, ransomware attacks have taken a sinister turn, with a significant rise in human-operated ransomware incidents, according to Microsoft’s annual digital defense report.
The Stories Behind the Cybersecurity Headlines
ShellTorch Flaw Affecting Open Source AI Servers
Multiple critical vulnerabilities in the open-source TorchServe AI model-serving tool potentially exposes tens of thousands of internet -exposed servers to remote code execution.
This is Edwin Kwan from Sydney, Australia.
Security researchers have disclosed multiple critical vulnerabilities in the TorchServe tool that could be chained together to achieve remote code execution on affected systems.
TorchServe is a popular tool for serving and scaling machine learning framework models and is maintained by Meta and Amazon. It is primarily used for AI model training and development and used by academic researchers to big firms like Amazon, OpenAI, Tesla, Azure, Google, and Intel.
The three critical vulnerabilities that make up ShellTorch affects TorchServe versions, 0.3.0 through to 0.8 .1. The vulnerabilities were addressed in TorchServe version 0.8 0.2, which was released on 28 August, 2023. Users are strongly encouraged to use the latest version to ensure that they have the most recent security fixes.
– Oligo Security: https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654
– Hacker News: https://thehackernews.com/2023/10/warning-pytorch-models-vulnerable-to.html
– The Record: https://therecord.media/pytorch-torchserve-vulnerabilities-amazon-meta-ai
– The Register: https://www.theregister.com/2023/10/04/shelltorch_vulnerabilities/
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/shelltorch-flaws-expose-ai-servers-to-code-execution-attacks/
Human Powered Ransomware
In a concerning shift, ransomware attacks have taken a sinister turn, with a significant rise in human-operated ransomware incidents, according to Microsoft’s annual digital defense report. Unlike automated ransomware, where malicious software does the dirty work, human-operated attacks involve cybercriminals manually infiltrating networks to ensure precise execution of scripts, exfiltration of data, and correct file encryption.
This is Katy Craig in San Diego, California.
Although these attacks initially dipped due to the Russian-Ukrainian conflict, the disruption proved temporary. By the end of the year, ransomware operations resumed their upward trajectory, with estimates suggesting gangs could rake in $890 million by the end of 2023, marking their second most profitable year after 2021.
Coveware, Emsisoft, and NCC Group corroborate this resurgence, highlighting that ransomware gangs have rebounded to pre-conflict levels. In June alone, human-operated ransomware incidents accounted for a whopping 40 percent of all ransomware detections, signaling their dominance over automated campaigns.
Microsoft attributes this resurgence to the proliferation of Ransomware-as-a-Service (RaaS) platforms and their recruited affiliates. The company notes that 70 percent of targeted organizations have fewer than 500 employees, emphasizing the broad range of victims from small businesses to government entities.
This is Katy Craig, stay safe out there.
Bipartisan Commission Seeks TikTok’s Response
Could TikTok’s recent personnel shifts from Beijing to the United States be a threat to security of US data? And is the popular app truly independent from its Chinese parent company, ByteDance? Hopefully, we’ll get a response by the end of this week, as a bipartisan commission seeks TikTok’s response by this Friday, October 13th.
This is Hillary Coover in Washington, D. C.
Senators Marsha Blackburn and Richard Blumenthal have jointly written a letter to TikTok seeking information about the transfer of executives from its parent company ByteDance, based in China. They want to know if TikTok informed the US government about these personnel moves.
Key executives from ByteDance have taken on important roles in TikTok’s money-making operations in the US this year. Some of them moved from Beijing to the US and even brought their teams along. The Senators are concerned that these changes might indicate TikTok’s attempt to maintain ByteDance’s influence while avoiding suspicion. They worry that this could jeopardize the security of US data and TikTok’s claims of independence from ByteDance.
TikTok has faced scrutiny from U. S. authorities fearing that Chinese government could access user data or use the app for propaganda purposes. TikTok, of course, denies these allegations, stating that employee transfers are common in large global organizations.
Despite their political differences, Senators Blackburn and Blumenthal have collaborated on tech-related issues before. Their letter, dated October 3rd, poses questions for TikTok, such as how many ByteDance employees TikTok has hired, and whether TikTok informed a US government committee about these changes , and if there are communication restrictions between TikTok employees with ByteDance backgrounds and personnel in China.
They’ve asked TikTok to respond by Friday, October 13th.
– Wall Street Journal: https://www.wsj.com/tech/senators-probe-tiktoks-executive-transfers-from-bytedance-c26b4e2d
This Day, October 8-9, in Tech History
October 8th, 1992. The video game Mortal Kombat is released into arcades. Now one of the most popular fighting game series in history, the original Mortal Kombat became well known for its graphic display of blood and deadly finishing moves known as Fatalities.
As often happens in situations like these, the controversy surrounding the game only served to fuel its popularity. I remember the game becoming popular on the heels of Street Fighter II. I never really liked the game all that much because I felt it was all flash and no substance, and the martial arts techniques portrayed were often really bad.
But, it was occasionally fun to knock someone’s head off.
October 9th, 1876. Alexander Graham Bell and Thomas Watson demonstrate the first two way phone call over outdoor wires. Bell and Watson made their call between the cities of Boston and Cambridge, Massachusetts.
That’s your technology history for today. For more, tune in tomorrow and visit my website, thisdayintechhistory. com.
– This Day in Tech History: https://thisdayintechhistory.com/10/09