Cambodia recently launched its messaging app, CoolApp, which is supported by former Prime Minister Hun Sen. He has emphasised that the app is crucial for national security, aiming to protect Cambodian information from foreign interference. Hun Sen’s endorsement of CoolApp aligns with his long-standing approach of maintaining tight control over the country’s communication channels, especially in the face of external influences. He compared the app to other national messaging services like China’s WeChat and Russia’s Telegram, indicating a desire for Cambodia to have a secure, homegrown platform.
However, the introduction of CoolApp has raised significant concerns among critics and opposition leaders. They argue that the app could be a tool for government surveillance, potentially used to monitor and suppress political discourse. Mu Sochua, an exiled opposition leader, warned that CoolApp represents a new method for mass surveillance and control of public discourse, reminiscent of practices seen in China. Another opposition figure, Sam Rainsy, called for a boycott of the app, suggesting that its true purpose is to strengthen the repressive tools available to the Cambodian regime. These concerns are amplified by Cambodia’s recent history of internet censorship, media blackouts, and persecution of government critics.
CoolApp’s founder and CEO, Lim Cheavutha, claims the app uses end-to-end encryption to ensure user privacy and has reached 150,000 downloads, with expectations to reach up to 1 million. However, these assurances do little to alleviate fears of government surveillance, given Cambodia’s history of using technology to control dissent.
The app’s launch comes amid broader security challenges in Cambodia, including online scams by Chinese gangs and close ties with China’s surveillance-heavy regime. The following situation highlights the ongoing tension between Cambodia’s national security and civil liberties.
Audi will integrate ChatGPT into its vehicles’ infotainment systems starting July, leveraging Microsoft Azure OpenAI Service. This integration will cover approximately two million Audi models equipped with the MIB 3 system since 2021. Drivers can interact with their cars using natural language, benefiting from voice control over infotainment, navigation, and climate systems, alongside accessing general knowledge.
Marcus Keith, Audi’s Vice President of Interior, Infotainment, and Connectivity Development, highlighted the seamless merging of ChatGPT’s capabilities with Audi’s voice control, promising customers an enhanced in-cabin experience with secure AI-based knowledge access.
.@Audi is taking in-car technology to the next level with ChatGPT, powered by @Microsoft Azure OpenAI Service. Come July, nearly two million Audi owners will reap the benefits of enhanced communication with their vehicles. https://t.co/PMyLkvNlr1pic.twitter.com/CpPLXfV9tl
— Microsoft News and Stories (@MSFTnews) June 27, 2024
This move follows Mercedes-Benz’s introduction of ChatGPT into its MBUX Voice Assistant in 2023, expanding AI usage across its US vehicle lineup. Volkswagen Group also showcased Cerence Inc.’s Chat Pro at CES 2024, extending AI integration via cloud updates in European models. Similarly, Škoda Auto announced ChatGPT integration into its Laura voice assistant for selected vehicle platforms, prioritising data security alongside enhanced AI functionalities.
Why does it matter?
These developments underscore the automotive industry’s commitment to integrating advanced AI technologies into vehicles, aiming to elevate user experience through intuitive and informative in-car interactions.
The IATSE’s tentative agreement represents a significant step forward in securing fair wages and job protections for Hollywood’s behind-the-scenes workers, ensuring that the rapid advancements in technology do not come at the expense of human employment.
OpenAI has launched CriticGPT, a new model based on GPT-4, designed to identify and critique errors in ChatGPT’s outputs. The tool aims to enhance human trainers’ effectiveness by assisting them in providing feedback on the chatbot’s performance.
Similar to ChatGPT’s training process, CriticGPT learns through human feedback, focusing on identifying intentionally inserted errors in ChatGPT’s code outputs. Evaluations showed that CriticGPT’s critiques were preferred over ChatGPT’s in 63% of cases involving naturally occurring bugs, highlighting its ability to minimize irrelevant feedback.
OpenAI plans to further develop CriticGPT’s capabilities, aiming to integrate advanced methods to improve human-generated feedback for GPT-4. The initiative underscores the ongoing role of human oversight in refining AI technologies despite their increasing automation capabilities.
A suspected Chinese state-linked hacking group is increasingly targeting Taiwanese entities, particularly those within government, education, technology, and diplomacy sectors, as reported by cybersecurity intelligence firm Recorded Future. In recent times, the relationship between China and Taiwan has faced escalating tensions. The cyber assaults attributed to the group dubbed RedJuliett occurred between November 2023 and April 2024, coinciding with Taiwan’s presidential elections in January and the subsequent change in leadership.
While RedJuliett has previously targeted Taiwanese organisations, the recent wave of attacks marked a significant escalation in scope. The hacking attempts by RedJuliett targeted over 70 Taiwanese entities, including universities, an optoelectronics firm, and a facial recognition company with government contracts. While the success of these infiltration attempts remains unclear, Recorded Future only confirmed the observed efforts to identify network vulnerabilities.
Recorded Future revealed that RedJuliett exploited a vulnerability in the SoftEther enterprise virtual private network (VPN) software to breach the servers of these organisations. The open-source VPN facilitates remote connections to an organisation’s networks. The modus operandi of RedJuliett aligns with tactics commonly associated with Chinese state-sponsored groups, as per Recorded Future’s analysis. The geolocations of IP addresses suggest that RedJuliett likely operates from Fuzhou, a city in China’s Fujian province facing Taiwan’s coast.
The report speculated that Chinese intelligence services in Fuzhou are likely engaged in intelligence gathering against Taiwanese targets to support Beijing’s policymaking on cross-strait relations through RedJuliett’s activities. While Taiwan’s Ministry of Foreign Affairs refrained from immediate comments, a spokesperson from the Chinese Foreign Ministry dismissed the allegations, citing a lack of credibility in Recorded Future’s claims.
Why does it matter?
China’s increased military exercises around Taiwan and diplomatic pressures have exacerbated tensions, particularly following the election of Taiwan’s President Lai Ching-te, labeled a ‘separatist’ by China. Amidst escalating cyberespionage activities globally, Recorded Future anticipates continued targeting of Taiwanese government agencies, universities, and critical technology firms by Chinese state-sponsored groups. The firm recommends organisations prioritise patching vulnerabilities promptly to enhance their cybersecurity.
Geisinger recently disclosed that on 29 November, a former Nuance Communications employee detected unauthorised patient data access just two days after the employee’s termination. Nuance Communications, a technology service provider owned by Microsoft, has access to Geisinger’s patient records as part of their IT services agreement.
Upon notification of the breach, Nuance promptly revoked the ex-employee’s access to Geisinger’s records and initiated an investigation to assess the incident’s extent. Subsequent findings revealed that the former employee had illicitly obtained information about over one million Geisinger patients. The compromised data included details such as names, dates of birth, addresses, medical record numbers, race, gender, phone numbers, and facility name abbreviations.
Geisinger clarified that sensitive information like claims or insurance details, credit card numbers, bank account information, and Social Security numbers remained secure and were not accessed by the ex-employee. Following a thorough investigation, the former Nuance employee was apprehended and is currently facing federal charges. Geisinger’s chief privacy officer, Jonathan Friesen, emphasised the organisation’s commitment to safeguarding patient privacy, stating, ‘Our patients’ and members’ privacy is a top priority, and we take protecting it very seriously.’ Friesen expressed gratitude for the swift resolution of the case while acknowledging the unfortunate breach.
The former Nuance employee, Max Vance, is now undergoing legal proceedings at the US Middle District Court in Williamsport. Geisinger has advised all impacted individuals to remain vigilant by monitoring their credit reports, account statements, and benefits for any unusual activity. In case of suspicion, affected individuals are urged to report such incidents to the relevant authorities, including law enforcement agencies and the state attorney general.
Evolve Bank and Trust, a prominent financial institution favoured by fintech startups, disclosed on Wednesday that it was victim to a cyberattack and data breach that may have impacted its affiliated companies. According to the company’s statement, the incident involved the personal information and data of some Evolve retail bank customers.
The cybercriminals linked to the breach are believed to be the infamous ransomware gang LockBit, which purportedly shared data stolen from Evolve on its dark web leak site. Evolve’s website lists several companies as partners that rely on the bank to provide various financial and lending services.
The spokesperson of one of the partner companies Affirm, posted on X that the company is investigating the incident and will directly communicate with affected consumers as more information becomes available. Affirm also notified its customers about the breach and assured them that it is safe to use their card and Money Accounts while the investigation continues.
As an Affirm Card user, we wanted to alert you of a recent cybersecurity incident at Evolve Bank and Trust, an issuing partner on the Affirm Card (not an originating bank partner for Affirm loans). pic.twitter.com/3EritQ3bSN
Other partner companies also spoke up. EarnIn’s spokesperson, Stephanie Borman, mentioned that the company is closely monitoring the situation. Marqeta’s spokesperson, Kelly Kraft, acknowledged the breach and highlighted that Evolve supports a portion of their business. Melio’s co-founder and CEO, Matan Bar, confirmed awareness of the breach and assured customers that operations remain unaffected. Finally, Mercury, another partner of Evolve, disclosed that the breach impacted company records including account numbers, deposit balances, business owner names, and emails.
We are aware of a cybersecurity attack that breached the security systems of one of our partner banks, Evolve Bank & Trust, which leaked their records, including some account numbers, deposit balances, business owner names, and emails associated with Mercury and other fintech…
As more affected companies step forward, the full extent of the breach’s impact on Evolve’s customers and partners will likely become clearer. Evolve has recently made headlines for issues related to its fintech collaborations, with the Federal Reserve ordering the bank to enhance its risk management programs concerning fintech partnerships and anti-money laundering laws.
President of Indonesia Joko Widodo has ordered an audit of government data centres following a significant ransomware cyberattack that exposed the country’s vulnerability to such incidents.
The attack, which disrupted multiple government services, including immigration and airport operations, affected over 230 public agencies. Despite an $8 million ransom demand, the government of Indonesia has refused to pay to retrieve the encrypted data.
In response, state auditor Muhammad Yusuf Ateh announced that the audit would examine both the governance and financial aspects of the data centres. The head of Indonesia’s cybersecurity agency, Hinsa Siburian, revealed that 98% of the compromised data had not been backed up, highlighting a major governance issue.
Communications Minister Budi Arie Setiadi acknowledged that while backup capacity was available, budget constraints had prevented its use, which will now be made mandatory.
The cyberattack has led to widespread criticism of Minister Setiadi, with digital advocacy group SAFEnet calling for his resignation due to repeated cyberattacks.
Setiadi countered with a petition to stay on as minister and informed parliament that a ‘non-state actor’ seeking money was likely behind the attack. The government aims to fully restore services by August, using backup data centres and improved cybersecurity measures.
Why does it matter?
The IATSE’s tentative agreement represents a significant step forward in securing fair wages and job protections for Hollywood’s behind-the-scenes workers, ensuring that the rapid technological advancements do not come at the expense of human employment.
German software company TeamViewer announced on Friday that it was the target of a cyberattack earlier this week. The company accused the hacker group APT29 from Russia, known as ‘Cozy Bear’ or Midnight Blizzard, of being behind the breach. Western intelligence agencies allege that APT29 operates on behalf of Russia’s foreign spy agency.
The attack occurred on Wednesday, with the hackers gaining access to TeamViewer’s corporate IT environment. However, the company confirmed that neither its product environment nor customer data were compromised. The news follow a similar incident in March, where Alphabet’s Mandiant cyber unit caught the same group attempting to trick key German political figures with a phishing email.
The cyberattack has had immediate financial repercussions for TeamViewer. As of 1152 GMT, shares in the company had dropped by 10%, marking their worst trading day since November 2023. The incident underscores the persistent threat of cyberespionage faced by companies worldwide.
Channel Seven is currently investigating a significant breach on its YouTube channel, where unauthorised content featuring an AI-generated deepfake version of Elon Musk was streamed repeatedly. The incident on Thursday involved the channel being altered to mimic Tesla’s official presence. Viewers were exposed to a fabricated live stream where the AI-generated Musk promoted cryptocurrency investments via a QR code, claiming a potential doubling of assets.
During the stream, the fake Musk engaged with an audience, urging them to take advantage of the purported investment opportunity. The footage also featured a chat box from the fake Tesla page, displaying comments and links that further promoted the fraudulent scheme. The incident affected several other channels under Channel Seven’s umbrella, including 7 News and Spotlight, with all content subsequently deleted from these platforms.
A spokesperson from Channel Seven acknowledged the issue, confirming they are investigating alongside YouTube to resolve the situation swiftly. The network’s main YouTube page appeared inaccessible following the breach, prompting the investigation into how the security lapse occurred. The incident comes amidst broader challenges for Seven West Media, which recently announced significant job cuts as part of a cost-saving initiative led by its new CEO.
Why does it matter?
The breach underscores growing concerns over cybersecurity on social media platforms, particularly as unauthorised access to high-profile channels can disseminate misleading or harmful information. Channel Seven’s efforts to address the issue highlight the importance of robust digital security measures in safeguarding against such incidents in the future.
Russian hackers breached Microsoft systems earlier this year, stealing emails from Microsoft staff and its customers, according to the tech giant. The disclosure highlights the extensive scope of the breach, adding to the regulatory scrutiny Microsoft faces over the security of its software and systems. The hackers, identified as the Midnight Blizzard threat actor, targeted cybersecurity researchers investigating Russian hacking activities.
Microsoft has been notifying affected customers, although the company has not disclosed the number of customers or emails impacted. Initially revealed in January as affecting a small percentage of corporate email accounts, the breach continued to pose threats for months, raising concerns among the security industry and prompting a Congressional hearing. In response, Microsoft President Brad Smith stated the company is working on overhauling its security practices.
