Meta confirms ‘Project Waterworth,’ a global subsea cable project spanning 50,000 kilometers | TechCrunch - Meta will string a cable from the US, Brazil, India, South Africa, and elsewhere. The US Gov’t has committed to the Indian government to assist in this project. Meta-owned Facebook and Insta currently account for 10% of all fixed-internet traffic, and 22% of all mobile traffic.

Beware of DDoSes from Mirai-based botnet of Mitel phones • The Register - Mitel, the phone thats sat on hundreds of desks across the world may have default credentials, and may have been roped into a Mirai botnet as part of the new Aquabotv3. Just a reminder to patch everything. Everywhere. All the time.

Sweden seizes vessel after another undersea cable damaged • The Register - Trans-Baltic cables between Latvia and Sweden were attacked the 26th. This makes the third cable in 2 months in the Baltics. The first being a Between Finland-and-Estonia and Finland-and-Sweden.

China and frieds say they’re hurting cyber-slave scam camps • The Register - China and other Asian nations (Cambodia, Laos, Myanmar, Thailand, Vietnam) are concentrating on cyber-scam slave camps. Many tech-support and romance scams are staffed by human slaves in border regions in Myanmar, Laos, Cambodia, and Thailand. China estimates 100k of its citizens are currently held in these camps.

ChatGPT crawler flaw opens door to DDoS, prompt injection • The Register - OpenAI’s web crawler has been weaponized by researches creating 20 - 5k requests per single API call to the crawler.

GM settles charges it shared driver location data • The Register - GM collected up to the second GPS data of vehicles, then sold it to Insurance companies to justify raising their premiums

Scams & Breaches

Scammers file first — Get your IRS Identity Protection PIN now - Get signed up for a IP PIN for the IRS, before someone else does your taxes.

FCC chief urges auction to fund ‘Rip and Replace’ program • The Register - To fund the removal of Huawei and ZTE equipment from American networks, the FCC is considering a spectrum fire sale. The last sale of Advanced Wireless Services spectrum (for mobile operators) saw AT&T, Verizon, and T-Mobile, among others raise $45bn. Outgoing director Jessica Rosenworcel specifically called out Chinese-based Typhoon actors as being the catalyst for the sale.

Intro

This book was recommended to me by one of the most intentional managers I’ve ever had the pleasure of working with. Matt R. brought me in as a Senior Cybersecurity Engineer at Cradlepoint and oversaw my transition to Manager of that same engineering team. Throughout my time with Matt, he worked diligently to hold me to the tenets laid about by Ms. Fournier in this book and to encourage me to be a better leader for my team. Overall, this book has been a constant reference for my career in leadership and I recommend it to anyone on a technical path who finds themselves considering or entering into the management field. Specifically for Engineers who are managing Engineers.

Apple

Apple offers $95M settlement in Siri privacy lawsuit • The Register - Something as simple as a zipper or an individual raising their arms would cause Siri to start recording. Lopez, et al v. Apple Inc will be settled for $95 million if the N. California District Court approves. Apple CEO Tim Cook had previously told Congress that Siri’s recording features required a “clear, unambiguous trigger”, i.e.; “Hey Siri” Siri-enabled Apple users from 2011-to an unknown date will likely be eligible diluting individual payouts. 95m dollars(USD) is roughly less than .001 of Apple’s Profits in 2024.

One Offs

Microsoft flags Windows 11 24H2 install media issue • The Register - If you used a USB stick with October or November’s updates installed, your system won’t accept any additional updates. Make sure to re-write your USB stick using December 24’s

Critical Apache Struts bug under active exploit • The Register - Guess who’s back, back again. Apache Struts, in-famous for being the source of the Equifax breach in 2017, is back with CVE-2024-53677 a rehash of a vulnerability discovered in Dec 2023. Struts File Upload component features the 9.5 out of 10 CVSS CVE

GeoPolitics

China’s Volt Typhoon breached Singtel, reports say • The Register - Volt Typhoon reportedly breached Singapore Telecom over the summer. Highlighting why Cyber Threat Intelligence can at times be beneficial for more advanced orgs.

N Korea may receive tech in exchange for military support • The Register - DPRK has provided around 10,000 troops to Putin’s war in Ukraine. After DPRK successfully conducted a 90 minute missile flight the US and its allies are starting to wonder exactly what Pyongyang got in exchange for those troops.

No one likes the sappy I’m such a good manager look at me manage with my great insights post. But every now and then I learn something and I think other people who are moving from a technical resource to a leader may gain insight or value from it. So I share here.