Daily Briefing is a curated listicle made available by The Readable. We select a handful of significant stories worth sharing with our readers and present them in an easy-to-read, accessible format. Dain Oh and Minkyung Shin collaborate in monitoring, selecting, and reviewing the news articles, with Arthur Gregory Willers contributing to improve the overall readability of the briefing.
1. Cyber attacks on SMEs rise as government funding and resources dwindle – South Korea’s MBN
Cyber attacks on small and medium-sized enterprises (SMEs) in South Korea are increasing each year, yet the budget allocated by the Ministry of Science and ICT (MSIT) for cybersecurity support continues to decline. According to data obtained by National Assembly member Lee Jeong-heon, the budget for the “Regional SME Information Protection Support” program has been halved over the past two years, dropping from 10.5 billion won (approximately $7.8 million) in 2023 to just 2.636 billion won ($1.9 million) by 2025. Similarly, funding for various cybersecurity initiatives, including the “Advanced Hacking and Virus Response Support” program, is also being reduced.
Despite this, cyber incidents reported by SMEs to the Korea Internet & Security Agency (KISA) have surged from 518 cases in 2021 to 1,075 cases by August 2024. SMEs now account for approximately 83% of all reported cyber incidents. However, KISA’s staff dedicated to handling such incidents has remained stagnant, hovering around 120 personnel for several years. Rep. Lee criticized the government for neglecting its cybersecurity commitments, urging an increase in budgets to effectively support SMEs against cyber threats. Meanwhile, the MSIT stated that while funding has been reduced, it is focusing on prioritizing the most vulnerable enterprises to maximize limited resources.
2. The Internet Archive is under attack, with a breach revealing info for 31 million accounts – The Verge
The Internet Archive suffered a cyber attack on Wednesday, with hackers defacing the site using a JavaScript library and launching a DDoS attack. Founder Brewster Kahle confirmed the attack, revealing that usernames, email addresses, and salted-encrypted passwords of users were compromised. The hackers left a pop-up message mocking the site’s security, and 31 million email addresses were exposed, some of which matched data already listed on Have I Been Pwned (HIBP). Troy Hunt from HIBP verified the authenticity of the data.
The site experienced slow loading issues and was temporarily offline as the team worked to disable the compromised library and enhance security. An X account named SN_Blackmeta claimed responsibility for the attack and hinted at another planned breach. The Internet Archive stated it is actively addressing the situation and strengthening its defenses.
3. Mexico faces over half of Latin American cybercrimes due largely to US ties – Reuters
In the first half of 2024, Mexico accounted for 55% of all cyber threats reported in Latin America, with 31 billion cybercrime attempts, according to a study by cybersecurity firm Fortinet. The surge in attacks is linked to Mexico’s nearshoring boom, which attracts cybercriminals targeting key sectors like logistics, automotive, and electronics manufacturing. These hackers are increasingly using artificial intelligence to enhance the efficiency of their attacks, aiming for higher ransoms.
Fortinet emphasized that Mexico’s proximity and economic ties to the United States make it a prime target for cyber threats, surpassing even Brazil in the number of incidents reported. Although the figure is lower than the 94 billion attacks recorded in 2023, the rate of cybercrime remains high. Fortinet advocates for the implementation of a cybersecurity law in Mexico within the next two years. President Claudia Sheinbaum recently promised to establish a cybersecurity and AI center, although she did not mention the introduction of a new law.
- Related article: South Korea ranks as the most targeted country after US and Ukraine, US cyber firm reveals READ MORE
4. Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips – TechCrunch
Qualcomm has confirmed a zero-day vulnerability (CVE-2024-43047) affecting dozens of its chipsets found in popular Android devices, which may have been exploited in targeted hacking campaigns. The flaw was discovered with assistance from Google’s Threat Analysis Group (TAG) and Amnesty International’s Security Lab and has been added to the U.S. cybersecurity agency CISA’s list of known exploited vulnerabilities. While the specific targets and intent behind the attacks remain unclear, Qualcomm released fixes in September 2024. It is now the responsibility of Android device manufacturers to deploy these patches to affected users.
The vulnerability impacts 64 different Qualcomm chipsets, including the Snapdragon 8 (Gen 1) platform used in devices from major brands like Motorola, Samsung, OnePlus, Oppo, Xiaomi, and ZTE, potentially exposing millions of users. Despite the widespread risk, investigations by Google and Amnesty International suggest that the exploitation has been limited and targeted rather than a mass attack. Qualcomm has commended the researchers for their coordinated disclosure, which allowed the company to address the issue promptly.
Editor’s note: The summaries of each article were created by ChatGPT 4o and reviewed by Dain Oh.