Red Hat Security Advisory 2023-6248-01 - Red Hat OpenShift Virtualization release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6248.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: OpenShift Virtualization 4.12.8 Images security updateAdvisory ID:        RHSA-2023:6248-01Product:            OpenShift VirtualizationAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6248Issue date:         2023-11-01Revision:           01CVE Names:          CVE-2022-41723====================================================================Summary: Red Hat OpenShift Virtualization release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains OpenShift Virtualization 4.12.8 images.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-41723References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6248-01

Red Hat Security Advisory 2023-6239-01 - An update is now available for Kiali for RHEL 8. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6239.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Kiali (Kiali 1.65.10) security updateAdvisory ID:        RHSA-2023:6239-01Product:            Red Hat OpenShift Service MeshAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6239Issue date:         2023-11-01Revision:           01CVE Names:          CVE-2023-44487====================================================================Summary: An update is now available for Kiali (Kiali 1.65.10) for RHEL 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.Security Fix(es):* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44487References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6239-01

Red Hat Security Advisory 2023-6235-01 - Red Hat OpenShift Virtualization release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6235.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Virtualization 4.13.5 Images security update  
Advisory ID:        RHSA-2023:6235-01  
Product:            OpenShift Virtualization  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6235  
Issue date:         2023-11-01  
Revision:           01  
CVE Names:          CVE-2022-41723  
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.13.5 images.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* [4.13] portworx: update the storageProfile (BZ#2237872)

* kubevirt_vmi_phase_count metrics is not working in 4.13.5 (BZ#2240675)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-41723

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6235-01

Red Hat Security Advisory 2023-6233-01 - Red Hat OpenShift Container Platform low-latency extras release 4.12, which provides an update for cnf-tests-container, performance-addon-operator-must-gather-rhel8-container, NUMA-aware secondary scheduler and numaresources-operator, is now available. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6233.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat OpenShift Enterprise security updateAdvisory ID:        RHSA-2023:6233-01Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6233Issue date:         2023-11-01Revision:           01CVE Names:          CVE-2023-39325====================================================================Summary: Red Hat OpenShift Container Platform low-latency extras release 4.12, which provides an update for cnf-tests-container, performance-addon-operator-must-gather-rhel8-container, NUMA-aware secondary scheduler and numaresources-operator, is now available.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.12. See the following advisory for the container images for this release:https://access.redhat.com/errata/RHSA-2023:6126Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.All OpenShift Container Platform users are advised to upgrade to these updated packages and images.Solution:https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.htmlCVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6233-01

Red Hat Security Advisory 2023-6217-01 - Red Hat OpenShift Container Platform low-latency extras release 4.14, which provides an update for cnf-tests-container, dpdk-base-container, NUMA-aware secondary scheduler and numaresources-operator is now available. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6217.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat OpenShift Enterprise security updateAdvisory ID:        RHSA-2023:6217-01Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6217Issue date:         2023-10-31Revision:           01CVE Names:          CVE-2023-39325====================================================================Summary: Red Hat OpenShift Container Platform low-latency extras release 4.14, which provides an update for cnf-tests-container, dpdk-base-container, NUMA-aware secondary scheduler and numaresources-operator is now available.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.14. See the following advisory for the container images for this release:https://access.redhat.com/errata/RHSA-2023:5006Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6217-01

Red Hat Security Advisory 2023-6154-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.2.0. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6154.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Secondary Scheduler Operator for Red Hat OpenShift 1.2.0  
Advisory ID:        RHSA-2023:6154-01  
Product:            Openshift Secondary Scheduler Operator  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6154  
Issue date:         2023-11-01  
Revision:           01  
CVE Names:          CVE-2023-39318  
====================================================================

Summary: 

Secondary Scheduler Operator for Red Hat OpenShift 1.2.0

Description:

The Secondary Scheduler Operator for Red Hat OpenShift is an optional  
operator that makes it possible to deploy a secondary scheduler by  
providing a scheduler image. You can run a scheduler with custom  
plugins without applying additional manifests, such as cluster roles  
and deployments.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (CVE-2023-44487)

* golang: html/template:  improper handling of HTML-like comments within script contexts (CVE-2023-39318)

 * golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)

* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)

 * golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-39318

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6154-01

By Deeba Ahmed
Earlier, Boeing acknowledged a cyberattack amidst claims by the Lockbit ransomware gang of breaching its security and stealing data.
This is a post from HackRead.com Read the original post: Lockbit Ransomware Leaks Boeing Data Trove

The notorious Lockbit ransomware group has leaked a trove of data belonging to the leading global aerospace company Boeing, apparently following failed ransom negotiations.

The notorious **LockBit ransomware** group has struck again, and this time, its victim is aerospace giant Boeing. The ransomware gang infiltrated Boeing’s systems and stole a significant amount of sensitive data. 

****Timeline of the attack and data leak****

On October 27, 2023, the hackers mentioned Boeing on their data leak website, and gave the firm a 2nd November deadline, revealing to have exfiltrated a tremendous amount of sensitive archive and backup data. The company was given 48 hours to contact LockBit.

On November 2nd, 2023, as **reported by Hackread.com**, Boeing acknowledged that it suffered a cyberattack but did not confirm whether it was a ransomware attack and if Lockbit’s claims were authentic.

Later, the group removed Boeing from its site, claiming that negotiations had started. Then, the company reappeared on November 7 with another message from LockBit stating that the company ignored warnings. 

The hackers then published 4GB of data as a sample, which comprised backup files of different systems featuring an October 22 timestamp. Boeing’s continued silence on the incident prompted LockBit to release all the stolen data on their website on November 10.

This included Boeing’s IT management software’s configuration backups, and auditing/monitoring tools logs. It also included Citrix appliances’ backups, sparking speculation that the hackers might have exploited the **Citrix Bleed vulnerability (CVE-2023-4966)**.

According to MalwareHunterTeam’s **assessment**, most of the exposed files are associated with a Boeing-owned aviation and aerospace parts manufacturer called Aviall.

Boeing, one of the world’s leading aerospace firms that operate defence systems and commercial aeroplanes, has confirmed the hacking, stating that it is investigating the incident to verify LockBit’s claims and “determine the scope of any potential data breach.”

The company intends to take “appropriate steps” to protect its customers and information. Boeing has also stated that the incident doesn’t threaten aircraft or flight safety. 

Boeing’s services **website** is down currently. This is a developing story, and Hackread will update you about the incident when there’s some clarity about the root cause of the hacking.

The LockBit ransomware gang has been active since 2020 and claimed several high-profile victims, including DXC Technology, Accenture, and the German government, via double extortion. As per CISA’s advisory, since 2020 LockBit targeted 1,700 US firms and made around **$91 million** in ransom payments.

****What Experts Have to Say!****

Comparitech’s head of data research, **Rebecca Moody**, shared an exclusive comment on this incident with _Hackread.com_, stating that LockBit has emerged as one of the most prevalent ransomware-as-a-service operators this year.

“LockBit has been particularly prevalent this year when it comes to the confirmed ransomware attacks we’ve tracked worldwide. So far this year, we’ve recorded 122 confirmed LockBit attacks,” Rebecca said.

Rebecca further revealed that “In 2022, we recorded 97 LockBit attacks throughout the entire year. The number of confirmed records impacted by these breaches has skyrocketed, too. In 2022, LockBit is confirmed to have stolen 957,438 records across 26 attacks (creating an average of 36,825 records per attack).”

“This year, just over 9.3 million records are confirmed to have been impacted in 20 attacks (465,194). Adding to this are the huge ransom demands being made by the cybercriminals. So far, LockBit has demanded a whopping $196.6 million in ransoms across 15 attacks alone (an average of $13.1 million per case). In 2022, $137.4 million was demanded across 18 cases (an average of $7.63 per case),” she explained.

Nevertheless, while not new to cyberattacks, when it comes to cybersecurity, it is a challenging day for Boeing. It will be crucial to see how the company responds to the situation.

****_RELATED ARTICLES_****

1.  Bangkok Airways hit by Lockbit ransomware; leaks 103GB of data
2.  Accenture claims to fight off LockBit ransomware gang with backup
3.  LockBit ransomware gang blames victim for DDoS attack on its website
4.  LockBit 3.0 Posts Dubious Claims of Breaching Darktrace Cybersecurity Firm
5.  Cyber Security Giant Mandiant Denies Hacking Claims By LockBit Ransomware

Lockbit Ransomware Leaks Boeing Data Trove

By Waqas
While OracleIV is not a supply chain attack, it highlights the ongoing threat of misconfigured Docker Engine API deployments. 
This is a post from HackRead.com Read the original post: OracleIV DDoS Botnet Malware Targets Docker Engine API Instances

The OracleIV botnet malware employs various tactics, with a primary focus on executing DDoS attacks through UDP and SSL-based floods.

Cybersecurity researchers at Cado Security Labs have exposed a novel (Distributed Denial of Service) DDoS botnet malware dubbed OracleIV targeting publicly exposed Docker Engine API instances.

The findings were part of an investigation into a malicious campaign exploiting misconfigurations in Docker containers to deliver Python malware, compiled as an ELF executable.

Lately, Docker Engine APIs have been frequent targets of cybercriminals since the method has gained popularity due to the increasing adoption of microservice-driven architectures. Attackers exploit the unintentional exposure of the Docker Engine API, often scanning for vulnerable instances to deliver payloads with nefarious objectives.

In the case of the new OracleIV DDoS botnet malware, the attackers initiate access with an HTTP POST request to Docker’s API, specifically the /images/create endpoint. This triggers a docker pull command, fetching a specified image from Dockerhub. Once the malicious image is retrieved, a container is launched to carry out the attacker’s objectives.

Cado Security researchers uncovered a live Dockerhub page for an image named “oracleiv_latest” uploaded by the user “robbertignacio328832.” The image, seemingly harmless as a “Mysql image for docker,” included a malicious payload named “oracle.sh,” an ELF executable acting as a DDoS bot agent. Further analysis revealed additional commands to retrieve XMRig and a miner configuration file.

Static analysis of the executable exposed a 64-bit ELF compiled with Cython, confirming the OracleIV malware’s Python code origin. The malware code, succinct yet potent, contains various functions dedicated to different DDoS methods.

“This image was still live at the time of writing and had over 3,000 pulls,” researchers explained in a blog post. Additionally, it seems to be undergoing frequent updates, with the latest modifications pushed just three days prior to the publication of Cado’s blog.

Dockerhub page for oracleiv\_latest (Cado Security)

The bot connects to a Command and Control server (C2), performing basic authentication with a hardcoded password. Cado Security Labs monitored the botnet’s activity, witnessing DDoS attacks on various targets, primarily using UDP and SSL-based floods.

The C2 commands for initiating DDoS attacks follow a specific format, specifying attack type, target IP/domain, attack duration, rate, and target port. The botnet’s capabilities include UDP floods, SSL-based attacks, SYN floods, slowloris-style attacks, and protocol-specific floods targeting the FiveM server and Valve source engine.

While OracleIV is not a **supply chain attack**, it highlights the ongoing threat of misconfigured Docker Engine API deployments. The portability of containerization enables attackers to execute malicious payloads consistently across Docker hosts.

Although Cado Security has reported the malicious user to Docker, users are urged to conduct periodic assessments of pulled images from Dockerhub, emphasizing the need for vigilance against malicious code.

In conclusion, the OracleIV campaign highlights the importance of securing internet-facing services and implementing strong network defences. Users of Docker and similar services are encouraged to regularly review their exposure and take necessary precautions against potential cybersecurity threats.

****_RELATED ARTICLES_****

1.  **SSH Remains Most Targeted Service in Cado’s Cloud Threat Report**
2.  **Change your password: Docker suffers breach; 190k users affected**
3.  **Hackers Exploit Adobe ColdFusion Vulnerabilities to Deploy Malware**
4.  **Cryptomining and Malware Flourish on Misconfigured Kubernetes Clusters**
5.  **ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities**

OracleIV DDoS Botnet Malware Targets Docker Engine API Instances

By Owais Sultan
In the ever-evolving landscape of financial markets, the US Tech 100 Index, represented by the Nasdaq 100, emerges…
This is a post from HackRead.com Read the original post: Navigating Interconnections: Correlations Between the US Tech 100 Index and Major Indices

In the ever-evolving landscape of financial markets, the US Tech 100 Index, represented by the **Nasdaq 100**, emerges as a guiding star for investors seeking exposure to the dynamic technology sector. Yet, to truly harness the potential of this index, one must unravel the intricate web of correlations it shares with other major indices, particularly the S&P 500 and the Dow Jones Industrial Average (DJIA). 

****The Dance of Titans: Nasdaq 100 and S&P 500****

At the heart of this financial ballet lies the dance between the Nasdaq 100 and the S&P 500, two giants that sway to market trends. The correlation between these indices is palpable, a result of shared constituents that bridge the worlds of technology and diverse sectors. Companies like Apple, Microsoft, and Amazon, pivotal players in the Nasdaq 100, also wield influence in the S&P 500, creating a synchronized ebb and flow in their movements.

Historical market data unveils a narrative of tandem strides during pivotal moments. Whether it be the exuberance of bull markets or the caution of bear markets, the **US Tech 100** and S&P 500 often move harmoniously, echoing sentiments reverberating across the broader market landscape. This interconnectedness underscores the need for strategic portfolio construction, as high correlations between these indices demand a nuanced approach to diversification.

****Harmony and Discord: Nasdaq 100 and DJIA****

Yet, as we get deeper into the financial symphony, we encounter a more complex melody in the relationship between the Nasdaq 100 and the DJIA. With its 30 blue-chip constituents, the Dow brings a different timbre to the ensemble. Its diversified composition, spanning various sectors, introduces nuances to the correlation game.

During economic expansions, the Nasdaq 100 may take center stage, propelled by the **surging performance of technology stocks**. However, with its broader representation, the DJIA might follow a different rhythm, reflecting a more measured response to economic cycles. The result is a correlation that dances to a subtler tune, highlighting the interplay of diverse market forces.

****Strategies in the Symphony: Navigating Correlations****

In this financial symphony, traders and investors become conductors, orchestrating strategies that leverage the interconnections between indices. Portfolio diversification becomes an art, with an awareness that high correlations between the Nasdaq 100 and S&P 500 necessitate a thoughtful selection of assets to achieve true diversification.

Strategic diversification emerges as a key motif. By introducing assets with lower correlations, such as commodities or international equities, investors can fine-tune their portfolios to harmonize with the dynamic rhythms of the market. It’s a strategic dance, adapting to the ever-changing correlations that define the contemporary financial landscape.

Yet, in this intricate ballet, the one constant is change. Economic variables, global events, and the individual movements of stocks all play their part in reshaping correlations. Traders and investors must remain vigilant, adapting their strategies to the evolving dynamics of the market.

1.  The 10 Best Cybersecurity Companies in the UK
2.  Dow Jones’ screening watchlist data exposed online
3.  10 Top DDoS Attack Protection and Mitigation Companies in 2023
4.  Can ordinary companies keep up with data compliance regulations?
5.  3 of 5 Fortune 500 companies vulnerable due to ManageEngine flaws

Navigating Interconnections: Correlations Between the US Tech 100 Index and Major Indices

Plus: A DDoS attack shuts down ChatGPT, Lockbit shuts down a bank, and a communications breakdown between politicians and Big Tech.

Drones, hidden cameras, thermal vision scopes—these are just a few examples of the high-tech equipment recommended by the animal liberation group Direct Action Everywhere, according to a manual released by the organization this week. The document, which was reviewed by WIRED, is a rare glimpse into how the organization is using tech to target factory farms in often brazen operations that have rescued pigs, goats, ducks, and chickens.

Extremist groups are experimenting with generative AI to flood social media with propaganda and misinformation, researchers at Tech Against Terrorism have told WIRED. A new report from the group details how, in recent months, terrorists and other extremist organizations have been using artificial intelligence to manipulate imagery and thwart content moderation. As platforms have struggled to keep up with this flood of extremist content, a new tool called Altitude, built in collaboration between Tech Against Terrorism and Google, is seeking to address the problem. The tool centralizes the collection of verified terrorist content, allowing companies to easily vet posts shared to their platforms.

Israel is exacerbating the humanitarian catastrophe in Gaza by likely imposing devastating internet blackouts in the region. Last week, Israel reportedly imposed a full internet shutdown in the area as its troops moved into the Gaza Strip. After internet access was restored, the area suffered two additional connectivity blackouts. The most recent lasted for about 15 hours on Sunday as Israel was carrying out an intense operation to cut off Gaza City in the north from southern Gaza.

In other infrastructure news, a report from the ​​cybersecurity firm Mandiant reveals that last year, the Russian military intelligence agency known as Sandworm carried out a power grid attack targeting a Ukrainian electric utility causing a blackout for Ukrainian civilians. According to the report, the cyberattack coincided with the start of a series of missile strikes targeting Ukrainian critical infrastructure across the country.

The third GOP presidential primary debate was livestreamed on Rumble, a YouTube alternative home to what the Southern Poverty Law Center says is one of America’s most notorious white nationalists, Nick Fuentes. Since the outbreak of the Israel-Hamas conflict last month, Fuentes has used his Rumble channel to push antisemitic hate speech and Holocaust denial conspiracies, racking up hundreds of thousands of views. Fuentes’ YouTube account was terminated in 2020 after Google demonetized it.

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there

On Wednesday, you and everyone you know had trouble getting ChatGPT to ghostwrite their emails as developer OpenAI was hit by what it thought was a distributed denial-of-service attack. For nearly two hours, users who tried to access the chatbot were greeted with a message telling them “ChatGPT is at capacity right now.”

In a tweet, OpenAI CEO Sam Altman initially blamed its outage on a surge in interest in the platform's new features. By Wednesday night the company announced that the periodic outages were due to an “abnormal traffic pattern reflective of a DDoS attack.”

While it’s unclear who is behind the attack, a group known as Anonymous Sudan claimed responsibility on Wednesday, posting on Telegram that it had targeted OpenAI for "general biases towards Israel and against Palestine." OpenAI has since resolved the issue.

The US arm of the Industrial and Commercial Bank of China was hit by a ransomware attack that disrupted trades in the US Treasury market on Thursday. The bank appears to be the latest victim of the prolific ransomware gang known as Lockbit. According to the US Cybersecurity and Infrastructure Security Agency, Lockbit has hit 1,700 US organizations since 2020 and extorted more than $100 million in ransom demands. Last month it threatened Boeing with a leak of sensitive data.

"ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication," China's foreign ministry spokesperson Wang Wenbin said at a press conference.

Signal is beta testing usernames that will allow people to communicate using the encrypted service without exchanging phone numbers, further enhancing the app's privacy applications. The feature will go live in early 2024.

Support for usernames is a major step for the messaging service as Signal has apparently been working on the feature for years. Though accounts will still need to be associated with a phone number at setup, the introduction of usernames will allow users to connect without having to share it.

Cooperation between government, researchers, and tech companies aimed at countering disinformation online is evaporating thanks to a sustained campaign by US Republicans in the press, courts, and on Capitol Hill. Tech employees tell NBC the FBI has halted communications with social media firms about foreign influence campaigns, a move the FBI director attributed to a September ruling in the country's most conservative appellate court forbidding the government from "significantly" encouraging social media companies to remove misinformation.

“We’re having some interaction with social media companies,” FBI director Christopher Wray said in testimony last week to the Senate Homeland Security Committee. “But all of those interactions have changed fundamentally in the wake of the court rulings.”

According to NBC, all the FBI’s interactions with tech platforms now have to be supervised by Justice Department lawyers.

Tag

#ddos