Welcome back to Cyber Bites, your lunchtime digest of the latest in international cyber threats, global tech affairs, and AI developments. Stay informed on key events shaping our digital world.
Welcome back to Cyber Bites, providing lunchtime short reads on the latest international cyber threat events, global tech affairs, and developments in artificial intelligence. Today, we delve into groundbreaking collaborations reshaping the energy sector, uncover critical vulnerabilities affecting modern vehicles, explore intensified cyber espionage in geopolitical hotspots, discuss ambitious satellite internet investments, and highlight emerging scams in the cryptocurrency landscape. Stay tuned to stay informed on the rapidly evolving world of cyber threats and technological advancements.
Three Mile Island's Unit 1 reactor, inactive since 2019, is slated to reopen by 2028 under a new agreement with Microsoft. Pending approval from the Nuclear Regulatory Commission, the facility will be renamed the Crane Clean Energy Center in honor of Chris Crane, former CEO of Constellation Energy's predecessor. Microsoft has entered a 20-year power purchase agreement with Constellation Energy to acquire carbon-neutral electricity generated by the reactor, aiming to power its AI-focused data centres and support its commitment to decarbonizing the power grid.
The reopening is expected to bring significant economic and environmental benefits. It will create approximately 3,400 direct and indirect jobs and add over 800 megawatts of carbon-free electricity to the grid. The initiative is projected to contribute $16 billion to Pennsylvania's gross domestic product and generate more than $3 billion in state and federal tax revenue. Constellation Energy plans to invest $1.6 billion in upgrading the facility and seeks approval to operate until 2054, emphasising that Unit 1 is separate from the Unit 2 reactor involved in the 1979 accident.
A group of independent security researchers has uncovered a critical vulnerability in a Kia web portal that could allow attackers to remotely control vehicle functions using only a licence plate number. By exploiting this flaw, hackers could reassign themselves as the owner of a vehicle, enabling them to unlock doors, start the engine, and track the car's location. The researchers demonstrated that these attacks could be executed remotely on any hardware-equipped Kia vehicle in about 30 seconds, regardless of whether it has an active Kia Connect subscription.
After the researchers reported the issue in June, Kia appears to have fixed the vulnerability, although the company has not provided detailed comments. This is the second such vulnerability reported to Kia by the same group, highlighting ongoing concerns about web security in the automotive industry. Similar vulnerabilities have been discovered in vehicles from other manufacturers, including Hyundai, Toyota, and Honda, indicating a widespread issue that necessitates urgent attention.
Cybersecurity firm ESET has released a report detailing increased cyber espionage activities by Gamaredon, a Russian advanced persistent threat (APT) group targeting Ukraine. Identified as the most active APT group in the region, Gamaredon primarily focuses on Ukrainian government entities. The Security Service of Ukraine attributes the group to the FSB's 18th Center of Information Security, based in Crimea.
Gamaredon's sophisticated toolset includes downloaders, droppers, weaponizers, stealers, backdoors, and specialized tools. They use a combination of general-purpose and dedicated downloaders to deliver malicious payloads and deploy VBScript payloads via droppers. The group also weaponizes USB drives to spread malware and utilizes backdoors for unauthorized remote access. These activities pose a significant threat to Ukrainian national security, emphasizing the need for robust cybersecurity measures to counteract these persistent attacks.
Vietnam's government has announced that Elon Musk's SpaceX plans to invest $1.5 billion in the country to launch its Starlink satellite services. The investment aims to enhance Vietnam's internet infrastructure, especially in mountainous regions and areas with unreliable connectivity. SpaceX's Senior Vice President for Global Business and Government Affairs, Tim Hughes, discussed the plans during a meeting in New York with Vietnamese officials.
The proposed investment is expected to improve education and disaster prevention efforts by providing reliable satellite internet services. It could also aid in better patrolling of the disputed South China Sea, where Vietnam often faces tensions with China. While the exact details and timelines remain unspecified, the Vietnamese government is considering the proposal, and discussions are ongoing to finalize the investment and operational plans.
Thirteen cryptocurrency investors in Hong Kong have been swindled out of HK$14.8 million (approximately US$1.9 million) in the first nine months of the year. Scammers set up fraudulent cryptocurrency exchange shops in Kowloon's western region, offering attractive exchange rates to lure victims. They initially conducted legitimate transactions to gain the investors' trust before trapping them into handing over large sums of money.
In the most significant case, a 43-year-old businessman lost HK$4 million after being locked inside a shop during a transaction. Police have arrested two suspects and are searching for others involved. Authorities have reported 12 similar cases this year, totaling losses of HK$10.8 million. The incidents highlight the need for caution when conducting cryptocurrency transactions and underscore the importance of using reputable and verified exchange platforms.
Visa boosts AI fraud detection with Featurespace acquisition, lifting its stock; Experian expands Latin American security by acquiring ClearSale; Booz Allen shares cyber expertise at Singapore International Cyber Week; Torq secures $70M for global growth; SentinelOne and Okta shine in top awards.
Swiss Post strengthens its digital security with the acquisition of Open Systems, while Second Front Systems and Picus Security secure major funding for expansion. Intezer, EasyDMARC, and RunSafe scale up in cybersecurity, and the UK claims the top spot in CyberTech investment in Europe for H1 2024.
Japan is racing to develop "unbreakable" quantum encryption by 2030. Chinese hackers breached US wiretap systems, Japan is tackling AI deepfake scams, and China is advancing silicon photonics to evade US tech bans. The cybersecurity competition is intensifying.
Google is investing $1 billion in Thailand to expand AI and cloud infrastructure, while Meta is setting up manufacturing for its Quest 3S in Vietnam. Both moves position Southeast Asia as a key player in the global AI arms race, with tech giants racing to dominate the region’s digital economy.
