LockBit, Pwc2Own, AI, "Othello is solved" Oct30th to Nov5th, 2023 F5 SIRT This Week in Security
Editor's introduction
This week in security editor is Koichi. One of the popular board game, Othello, has been solved. Needs explanation what "solved" means. So I chose topics of LockBit Ransomeware, hacking contest Pwc2Own, An executive order for AI development, and "Othello is solved".
We in F5 SIRT invest lot of time to understand the frequently changing behavior of bad actors. Bad actors are a threat to your business, your reputation, and your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency please contact F5 SIRT
Boeing got cyber attack amid LockBit Ransomware claims.
Boeing is the largest aircraft manufacturer in the world and they have admitted that their company network of parts and distribution department were attacked by some malicious actor after the LockBit ransomware gang claimed that they breached the company's network and stole data. The relation between the ransomware gang's statement and the attack is not clear, but ransomware gang claims that they breached and stole a significant amount of sensitive information and if Boeing does not reach out for payment the gang will leak them. The Boeing services website downed for a while, but no impact on aviation and its safety.
Pwc2Own Toronto 2023
The hacking contest Pwc2Own Toronto 2023 was held in Toronto, Canada, from 10/24 to 10/27. By the final day, 58 of zero-day vulnerabilities had been discovered in total, and a total of $11,038,500 were awarded for their discovery. For the zero-day vulnerabilities which were found in this contest, the vendors were given 120 days to release patches before public disclosing the vulnerability info.
- Pentest Limited was able to execute an Improper Input Validation against the Samsung Galaxy S23.
- NCC Group was able to execute their attack against the Xiaomi 13 Pro.
- STAR Labs SG was able to exploit a permissive list of allowed inputs against the Samsung Galaxy S23
Executive Order for development of AI
U.S. President Joe Biden signed an executive order to create standards to protect against using Generative AI to develop biological, or chemical materials, nuclear, cybesecurity, and fraud and deceptions on Oct 30.
His post: https://twitter.com/POTUS/status/1719062966388044003
That aims to reduce the risks of AI and to ensure the government is using AI ethically and in accordance to its guidelines and any subsequent legislation that may get passed by Congress and become law. Biden administrations
"To realize the promise of AI and avoid the risk, we need to govern this technology," Biden said. "In the wrong hands AI can make it easier for hackers to exploit vulnerabilities in the software that makes our society run."
The background of this is development race with China and EU, which is going to regulating the way of development of AI technology.
To the private companies the executive order requests to submit reports about safety of the developing AI models.
The order requires companies to share reports on safety tests of their AI models with the federal government and pursue the moves of China and EU.
Source: https://www.ign.com/articles/joe-biden-signs-executive-order-providing-guidelines-around-generative-ai
https://www.reuters.com/technology/white-house-unveils-wide-ranging-action-mitigate-ai-risks-2023-10-30/
https://asia.nikkei.com/Business/Technology/Biden-signs-executive-order-in-race-with-China-and-EU-to-govern-AI
"Othello is solved"
Reversi is a board game for two players, played on an 8×8 uncheckered board allows free of initial setup. Othello (not a tragedy written by Shakespeare) is a variant of Reversi with a fixed initial setup of the board. Othello (game) is quite popular in Japan, and has yet to be computationally solved. Othello has roughly ten octodecillion (10 to the 58th power) possible game records and ten octillion (10 to the 28th power) possible game position.
On 10/30, Hiroki Takizawa, who is a bioinformatician at Preferred Network had released a PrePrint paper that claims he solved the Othello by brute force.
The paper is here: Othello is solved.
Solving the game has some levels: Ultra Strong, Strong, and Weak Solved. Among them, this time Hiroki had achieved Weak solving the Othello. Weak solved means he is able to determine the outcome of a game with no mistake made by either player. And the result of brute force calculations of all the pattern of the game will be "Draw", that means, if both players players with no mistake it always leads to a draw game.
This is one of a milestone of computational science, and Hiroki speculates that chess could be the next game to be solved.
Source: https://www.discovermagazine.com/technology/computer-scientist-solves-the-game-of-othello