Summary:
Way back in 2021 the Solar Wind hack generated a lot of news (as reported in Cipher and many other places). This was a vulnerability introduced into several commercial software products via a corrupted library file. What was not revealed was that an opportunity to stop it had occurred months earlier when unusual network traffic was found to be emanating from a server using a new version of the Orion software from Solar Winds that was being evaluated by the US Department of Justice. Clearly there had been some exploit, but neither the DOJ nor the software vendor could see how it had come about. The security firm Mandiant was involved in the investigation, and their systems apparently became infected at about that time. Moreover, other companies saw the problems and suspected the Orion software. Still, no one was able to pin it down until December of 2020, whereupon the extent of infiltrations was realized.

Was the malware particularly clever, or did the investigators not get enough resources or cooperation to find it, or was the problem not taken seriously? We expect that the story will be told from several points of view, and some heads may roll.

Summary:
Law enforcement has shown a propensity for undermining illicit Internet commerce, even when the bad guys try to hide behind an intricately woven veil of cryptocurrencies. In 2021 a darkweb commerce site, Monopoly Market, went offline without explanation. Today we know that German police had seized the servers and the data. The information gleaned from that exploit built the foundation for a much larger operation, called SpecTor, that was announced by the US Department of Justice head Garland Merrick. Several countries in Europe and South America participated in the operation and arrested a total of 288 people.

Despite this notable coup against it, illegal Internet commerce is not going to fall over dead. "There is a bit of a whack-a-mole problem here," Garland told reporters. "We’re whacking as hard as we can."

Summary:
Chinese regulators told the American chipmaker Micron that their products have "serious network security risks" that make them unsuitable for infrastructure use. The company would like to fix the problems, but as yet, they don't know what they are. The Chinese announcement might be a political response to the US intention to maintain more economic distance from China. Micron does not derive much revenue from selling to Chinese infrastructure entities, so the ultimate impact may be small.

Summary:
China may have been scoping out computer and network vulnerabilities in US infrastructure, according to analysts at Microsoft who found the evidence of the probing software. "The U.S. intelligence community assesses that China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems," State Department spokesperson Matthew Miller said in a press briefing.

Summary:
A New York attorney used ChatGPT as research for a brief in an injury case. The brief cited several legal cases as background, but at least six of them turned out to be AI hallucinations. The lawyer had not used ChatGPT blindly, he asked it if the cases were real. ChatGPT assured him that they were. Unsurprisingly, they were not. The lawyer filed an affidavit stating that he "was unaware of the possibility that its [ChatGPT's] content could be false." [Editor's remark: this article has little to do with security or privacy at the current time.]