In this week's tech news, we cover Microsoft Teams vs Russian State Hackers, SEC Files Suit against Crypto’s Richard Heart, Meta's Approach to Regional Privacy Laws, Tesla Faces NHTSA Investigation Over Power Steering Issues , Discord Initiates Company Restructuring, Impacts 4% of Workforce, Instagram Takes Action to Protect Users from Unwanted DMs, WormGPT is Not the AI Doomsday Weapon. X’s new community notes.
Microsoft Teams Falls Prey to Russian State-Sponsored Hackers
In a recent cyber espionage revelation, a Russian state-sponsored hacking group, known as "Midnight Blizzard" or more commonly as APT29 or Cozy Bear, has been implicated in a highly sophisticated social engineering campaign. This group, suspected to be part of Russia’s Foreign Intelligence Service, or SVR, targeted numerous global organizations, including government agencies.
Initiating in late-May, the hackers executed a savvy strategy that involved manipulating Microsoft 365 accounts. They used these compromised accounts to create new, technical support-themed domains. Then, they sent Microsoft Teams messages from these domains, cleverly designed to coax users into approving misleading prompts, aiming to gain access to user accounts and extract sensitive information.
The attackers' methods were explained further: "If the target user accepts the message request, they receive a Microsoft Teams message from the attacker, which tries to persuade them to enter a code into their Microsoft Authenticator app." If the victim abided by these instructions, the attacker essentially gained free rein over their account.
According to Microsoft's investigation, less than 40 unique global organizations were targeted or breached. These entities spanned across several sectors, including government and non-government organizations, IT services, tech companies, discrete manufacturing, and the media. The choice of targets suggests a well-planned, espionage-based objective on the part of the Russian hackers.
In response, Microsoft has actively disabled these hackers from using the created domains and remains dedicated to further investigating these activities. While this situation is concerning, it serves as a crucial reminder of the ongoing need for strong cybersecurity practices.
SEC Files Suit Against Crypto Mogul Richard Heart
News has erupted in the cryptocurrency world this week with the U.S. Securities and Exchange Commission (SEC) launching a lawsuit against well-known crypto figure, Richard Heart. The charges? Fraud and securities violations. The gravity of these allegations has sent ripples throughout the industry, bringing into focus the legal challenges in the nascent but rapidly evolving field of cryptocurrency.
Richard Heart, the visionary behind ambitious projects such as Hex, PulseChain, and PulseX, finds himself under intense scrutiny. The crux of the matter lies in his alleged unlawful raise of more than $1 billion through these platforms. Each one—Hex, an Ethereum-based token, PulseChain, an independent blockchain, and PulseX, a decentralized crypto exchange—now faces allegations of conducting unregistered offerings of crypto asset securities.
Heart and his trio of crypto enterprises are accused by the SEC of sidestepping necessary legal registrations, thereby amassing a hefty sum in what could potentially be seen as illicit financial activity.
This pivotal moment marks another milestone in the rocky relationship between digital currencies and regulatory bodies. The allure of these digital assets continues to intrigue many, while the regulatory landscape scrambles to adapt. The lawsuit against Heart may indeed prove to be a watershed moment, one that could influence the direction of regulatory controls in the cryptocurrency space.
Meta's Proactive Approach to Regional Privacy Laws
Social media giant, Meta, is making headlines as it pledges to respect regional privacy regulations by providing users with an option to reject its behavior-based advertising. The decision comes amidst an ongoing examination of the legality of its microtargeted ads, a process predicted to reach a conclusion in the upcoming weeks. However, the company recently shared its plans to transition to a consent-based model for targeted advertising.
In what seems to be a strategic move, Meta appears to be attempting to preempt the final regulatory decision and possibly sway both the execution timeline and the interpretation of this change's implications on its business model. Unfortunately, Meta's blog post fails to provide a concrete timeline for this shift, opting instead for a non-specific promise of change in the "months ahead." Ultimately, the exact timeline for compliance will be decided not by Meta but by European Union regulators.
The disclosure of Meta's intent was prematurely revealed today in a Wall Street Journal report, which stated that the company was feeling the heat from privacy regulators. According to sources close to Meta's proposal cited by the WSJ, Meta proposed to make the transition to a consent-based model by the end of October, suggesting that such a switch would require at least three months for effective implementation. While the specifics are yet to be determined, it's clear that Meta is taking significant steps to align with regional privacy laws.
Safety on the Spotlight: Tesla Faces NHTSA Investigation Over Power Steering Issues
In recent automotive news, a significant investigation is underway by the National Highway Traffic Safety Administration (NHTSA) concerning an alarming number of Tesla vehicles. An estimated 280,000 Tesla units are under the scrutiny of the agency following reports of lost steering control and power steering malfunctioning. This issue seems to be flagged by on-board messages to the drivers, stating that power steering assist is less effective or entirely disabled.
The investigation predominantly targets the 2023 models of the Tesla Model 3 and Model Y. This decision by the NHTSA was triggered by 12 individual complaints from Tesla owners, who brought this issue to light. Tesla has been under the close watch of the NHTSA for several years now, largely due to concerns surrounding their advanced driver assistance systems and their Full Self-Driving (FSD) capabilities.
One particular instance of this problem occurred with a driver from Woodbridge, Virginia. Just two weeks after taking delivery of a Tesla Performance Model 3 on June 15, the driver reported their steering wheel locking up while displaying an error code UI_a020. Other drivers have had similar experiences, including a Model 3 driver who claimed their steering felt rigid before veering off the road and hitting a tree. In another case, a Model Y owner reported their wheel abruptly jerking to the right.
This ongoing preliminary evaluation is the precursor to a potential formal investigation to determine whether these reported issues present an unreasonable safety risk. If the NHTSA deems a recall necessary, they would then proceed to an engineering analysis. This incident puts yet another spotlight on Tesla and the safety of its technologically advanced vehicles.
Discord Initiates Company Restructuring, Impacts 4% of Workforce
In a recent move, the popular communication platform, Discord, announced a significant restructuring that has affected approximately 4% of its workforce. Close to 40 employees have been affected by this change, spanning teams across marketing, design, and entertainment partnerships.
The restructuring move has been portrayed by the company as a focused attempt to streamline for long-term growth. A representative from Discord confirmed this development and indicated the company's commitment to those affected. They were quoted saying, "Discord can confirm that approximately 4% of our team have been let go as part of the reorganization of some business units. We are ensuring that those impacted are being supported."
The news was met with surprise, considering Discord's popularity among various online communities for its seamless communication capabilities. However, the company seems steadfast in its resolve to realign the business for its long-term objectives.
"We are focused on the long-term growth of the business and delivering on our mission," further added the company spokesperson, affirming the commitment to sustain and build upon the platform's success.
Discord's decision has triggered conversations around the dynamics of tech businesses and the volatility that employees can face. It has highlighted the importance of company adaptability in a rapidly evolving tech landscape.
Looking forward, the impacts of this decision on the company's trajectory and the welfare of the affected employees remain to be seen. Nonetheless, it's clear that change is in the air for Discord, and all eyes will be on their next moves in the days to come.
Instagram Takes Action: New Feature to Shield Users from Unwanted DMs
Instagram is taking steps forward to protect its users from unsolicited content in direct messages (DMs). The popular social media platform recently rolled out a new feature aimed at limiting unwelcome images and videos shared via DMs, especially from people who users don't follow.
Instagram has implemented a couple of key restrictions on DM interactions. For one, the ability to send unlimited DM requests to individuals who don't follow the sender has been reeled in. Users can now send only a single DM request, and further messages are contingent upon the recipient accepting the request to chat. In addition, Instagram has introduced a text-only policy for DM requests, meaning any media content such as images, videos, or voice notes can only be shared once the chat request has been accepted by the recipient.
These measures are designed to safeguard users from unwanted messages, particularly media content from strangers. Women, who often find themselves at the receiving end of unsolicited explicit content, are expected to especially benefit from these changes.
Cindy Southworth, Head of Women’s Safety at Meta, Instagram's parent company, commented on this move. She stated, “We want people to feel confident and in control when they open their inbox. That’s why we’re testing new features that mean people can’t receive images, videos or multiple messages from someone they don’t follow until they’ve accepted the request to chat.”
In a world where digital boundaries are often breached, these new restrictions are a promising step towards fostering a safer and more respectful online environment.
Decoding the Hype: WormGPT is Not the AI Doomsday Weapon
The latest chatter in the AI world is centered around WormGPT and its purported misuse in the cybercrime sphere. There's a growing concern that Large Language Models (LLMs) such as this are being weaponized by hackers to generate malicious code and orchestrate phishing campaigns. But before you fall into the trap of sensational headlines and start panicking, let's delve deeper into the matter.
Dark web denizens have been promoting their LLM creations, namely WormGPT and FraudGPT, as capable tools for automating cybercrime. The selling points include the ability to design phishing campaigns, craft convincing emails for business compromise schemes, and write harmful code. They further claim that these LLMs can custom-build hacking utilities, identify potential code leaks and vulnerabilities, and even write scam web pages.
The picture painted is one of an impending wave of AI-powered mass hacking, but the reality may not be quite as dramatic. To better understand, let's take a closer look at WormGPT. Launched in early July, this LLM is reportedly based on GPT-J, a model released by an open research group back in 2021. It seems WormGPT's creators have omitted some of the safeguards present in the original GPT-J, thus allowing it to answer queries related to hacking, which GPT-J would typically refuse.
But there's a catch - by AI research standards, GPT-J is almost prehistoric. It's nowhere near as powerful as the latest LLMs in terms of capability. So while the idea of malicious AI is undoubtedly concerning, it's worth bearing in mind the relative limitations of these models. Understanding the nuance can help us better navigate the evolving landscape of AI and cybersecurity.
Revamped User Experience Coming to X’s Fact-Checking Feature
In a move geared towards simplifying user interaction, X, the innovative organization previously known as Twitter, has revealed plans to refine its unique fact-checking feature, Community Notes. The feature, acclaimed for crowdsourcing verification of information, used to provide explicit context for its existence on each tweet. Now, X announces the roll-out of a more sophisticated approach, with a particular focus on those users who have already mastered the use of Community Notes.
Over the last three years, X has been working tirelessly to improve the user experience with the fact-checking feature. Now that many of its users are conversant with Community Notes, the company feels it's time to remove the step-by-step instructions that accompany each fact-check. However, X reassures that new users will still be greeted with this helpful guide, ensuring that they quickly get up to speed with the feature.
The adjustment, though seemingly minute, signifies the company's acknowledgement of their user base’s growing comprehension of the crowdsourced fact-checking mechanism. This process isn’t a simple majority rule of upvoting or downvoting for factual accuracy. Instead, Community Notes employs a sophisticated "bridging" algorithm designed to promote consensus among those who usually hold differing views.
In an additional layer of complexity, X maintains strict entry requirements for Community Notes contributors. Prospective contributors must prove their competence by reviewing and accurately rating existing notes as Helpful or Not Helpful, thus earning their contribution rights. This strategy ensures that only qualified, proficient users contribute to the process, enhancing the overall efficacy of the platform's fact-checking system.
Did you enjoy this article?
If so, feel free to subscribe to our newsletter below to stay updated on all things tech news, marketing updates and more.
Enjoyed reading this?
Subscribe for more articles like this, plus growth marketing tips, tactics and more. Straight to your inbox.