Pete Recommends – Weekly highlights on cyber security issues, April 1, 2023

Subject: Hacker demonstrates security flaws in GPT-4 just one day after launch
Source: VentureBeat
https://venturebeat.com/security/hacker-demonstrates-security-flaws-in-gpt-4-just-one-day-after-launch/

OpenAI’s powerful new language model, GPT-4, was barely out of the gates when a student uncovered vulnerabilities that could be exploited for malicious ends. The discovery is a stark reminder of the security risks that accompany increasingly capable AI systems.Last week, OpenAI released GPT-4, a “multimodal” system that reaches human-level performance on language tasks. But within days, Alex Albert, a University of Washington computer science student, found a way to override its safety mechanisms. In a demonstration posted to Twitter, Albert showed how a user could prompt GPT-4 to generate instructions for hacking a computer, by exploiting vulnerabilities in the way it interprets and responds to text.

While Albert says he won’t promote using GPT-4 for harmful purposes, his work highlights the threat of advanced AI models in the wrong hands. As companies rapidly release ever more capable systems, can we ensure they are rigorously secured? What are the implications of AI models that can generate human-sounding text on demand?

Filed: https://venturebeat.com/category/ai/

RSS: https://venturebeat.com/category/ai/feed/


Subject: How hackers outwit facial ID
Source: GCN
https://gcn.com/emerging-tech/2023/03/how-hackers-outwit-facial-id/384431/Deepfakes, spoofed metadata and digital injection attacks are some of the most prevalent biometric hacks, and governments could lose billions if they are not addressed.

A “hurricane” of biometric threats is coming, and governments and businesses could lose billions of dollars to fraud if they are not prepared for digital injection attacks, metadata spoofing and deepfakes, a security expert warned.Digital injection attacks, where hackers bypass cameras used for identity verification and insert synthetic images, deepfakes or even video recordings into authentication systems, are now taking place five times more often than persistent presentation attacks, where bad actors verify an identity by showing a photo or a mask to a system.

Meanwhile, attackers are increasingly spoofing devices and metadata like IP addresses to get around enterprise security, obscuring hack origins and making them more difficult to defend against, according to a new report from face biometric verification and authentication technology company iProov.

Deepfakes, meanwhile, have become a common tool in online fraud, including a new, more sophisticated iteration known as face swapping, which emerged for the first time last year. It combines a victim’s face image with a synthetic video to spoof both liveness and passive authentication software.

He said those agencies and businesses that fail to invest in effective biometric verification technology will face a “moment of reckoning” in the future.

Topics:


Subject: Explainer: Age-verification bills for porn and social media
Source: Mashable
https://mashable.com/article/what-are-age-verification-bills-porn-louisiana-utah

And how to actually protect children online.In case you haven’t noticed, free expression online is currently under attack. From the proposed TikTok ban to hearings on Section 230 (which protects social platforms from being liable for what users post), some U.S. lawmakers are targeting access to free and open internet.

Recent age-verification bills are another iteration of this. These laws require people to show proof of age to view adult content — or, in some versions, to peruse social media at all. Experts warn that these bills threaten digital privacy and free speech.

What are age-verification bills?

The downsides to “porn passport” bills may initially seem sound — no one wants children to access adult content — the experts say that they won’t work, and will cause a host of problems.

In terms of the former, these statutes are difficult to enforce and easy to get around. For one, there are going to be websites based in other countries that won’t comply with these regulations, said Mike Stabile, director of public affairs at the Free Speech Coalition. “My greatest fear when I looked at [these bills] was that this is…going to push kids to more and more dangerous sites,” he said.

For another, software like VPNs (virtual privacy networks) are built to make it seem like the user is somewhere they’re not. Days after the Louisiana law went into effect, a Redditor asked if they can use a VPN(Opens in a new tab) to get around it. “Yep,” the top comment read. “So easy a five year old can do it.”

Beyond enforceability, experts say they cause a tremendous privacy risk.


Subject: Search – Help Net Security
Source: Help Net Security
https://www.helpnetsecurity.com/gsearch/#gsc.tab=0&gsc.q=chatgpt&gsc.sort=date

Help Net has an article SEARCH capability. Here’s a sample for ChatGPT (by date): https://www.helpnetsecurity.com/gsearch/#gsc.tab=0&gsc.q=chatgpt&gsc.sort=date

Sorry, NO URL for the search’s RSS.


Subject: Hitting the Books: How the ‘Godfather of Cybercrime’ got his start on eBay
Source: Engadget
https://www.bespacific.com/how-the-godfather-of-cybercrime-got-his-start-on-ebay/

Engadget – “From bunk Beanie Babies to signal-stealing cable boxes, Brett Johnson has scammed them all. The internet has connected nearly everybody on the planet to a global network of information and influence, enabling humanity’s best and brightest minds unparalleled collaborative capabilities. At least that was the idea, more often than not these days, it serves as a popular medium for scamming your more terminally-online relatives out of large sums of money. Just ask Brett Johnson, a reformed scam artist who at his rube-bilking pinnacle, was good at separating fools from their cash that he founded an entire online learning forum to train a new generation of digital scam artist. Johnson’s cautionary tale in one of many in the new book, Fool Me Once: Scams, Stories, and Secrets from the Trillion-Dollar Fraud Industry, from Harvard Business Review Press. In it, Professor of Forensic Accounting at DePaul University, Dr. Kelly Richmond Pope, chronicles…



Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.


Subject: Biden Admin Targets ‘Misuse’ of Spyware with New Executive Order
Source: Nextgov
https://www.nextgov.com/cybersecurity/2023/03/biden-admin-targets-misuse-spyware-new-executive-order/384464/

The White House followed through on previous promises to pursue stronger oversight of commercial spyware companies and how their products are used in the U.S.

The Biden administration announced major federal action against commercial spyware technologies with a new executive order prohibiting the U.S. government from using commercial spyware products which threaten national security and human rights.Commercial spyware refers to surveillance software that can be sold and installed discreetly, often without the knowledge of an end user. After installation, the software can extract and augment sensitive data within a device.

As the health of national security shifts to a digital frontier, President Joe Biden’s new executive order will work to prevent government agencies and personnel from being the targets of malicious spyware by restricting its usage. Officials on a press call confirmed at least 50 U.S. personnel overseas were targeted by commercial spyware, spurring further federal action to reduce U.S. data exposure.

The Department of Commerce moved in sync with these efforts in November 2021 by adding four foreign companies based in Israel, Russia and Singapore to its list of designated spyware technology suppliers. They were subsequently placed on federal export control.

Topics:


Subject: Europol Sets Out ‘Grim’ Prospects For Law Enforcement In The Era Of ChatGPT
Source: Forbes
https://www.forbes.com/sites/emmawoollacott/2023/03/28/europol-sets-out-grim-prospects-for-law-enforcement-in-the-era-of-chatgpt/

Europol has issued a stark warning about the dangers of large language models (LLMs) such as ChatGPT.In a report, ‘ChatGPT – the impact of large language models on law enforcement‘, it says that LLMs can easily be misused for fraud and social engineering, cyber crime and disinformation. It describes the prospects for law enforcement as ‘grim’.

Tools such as ChatGPT – which hit 100 million users in its first two months – have already been associated with everything from cheating in exams to more serious crimes.

ChatGPT’s ability to draft highly realistic text makes it a useful tool for phishing purposes, says Europol, with the ability of LLMs to reproduce language patterns allowing them to impersonate the style of speech of specific individuals or groups.

“This ability can be abused at scale to mislead potential victims into placing their trust in the hands of criminal actors,” the authors say.

The same ability allows LLMs to be used for propaganda and disinformation purposes, by generating messages with relatively little effort. And because it can generate code in the same way, it allows criminals with relatively little technical knowledge to produce malicious code.

Filed: https://www.forbes.com/cybersecurity/


Subject: A.I. Is Sucking the Entire Internet In. What If You Could Yank Some Back Out?
Source: Slate
https://www.bespacific.com/a-i-is-sucking-the-entire-internet-in-what-if-you-could-yank-some-back-out/

Slate: “Over the coming years, A.I. companies will release even more advanced models that will remind us that this is just the beginning. At least one of these tools will be different in an important way: It will be prohibited from seeing 80 million of the images that helped teach its predecessors to draw and paint. If you think of A.I. image training sets as lesson plans and word-to-image tools like DALL-E and Stable Diffusion as college students, it’s kind of like saying that incoming freshmen are prohibited from taking one of the outgoing seniors’ core requirement classes. Why? Because two Berlin-based musicians persuaded the head of a multibillion-dollar company to give artists more power. Many illustrators, designers, and photographers are furious that their work had been scraped from the internet to train …


Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.


Subject: 2022 Was a Massive Year for ‘Bad Ads’ on Google Search
Source: Gizmodo
https://gizmodo.com/google-malware-google-search-ads-targeted-ads-1850275603

There’s a hell of a lot of groups violating Google’s ad policies these days. On Tuesday, Google said it stopped 5.2 billion “bad ads” in 2022, 1.8 billion more than 2021. At the top of the list are potentially malicious ads, and that number has grown tremendously over the years, according to the data.The company lists the top bad ad as those that abuse its ad network, a catchall term for ads that contain malware as well as manipulative or spam ads. Google claimed it stopped 652.1 million of these ads in 2021, but that number nearly doubled to 1.36 billion in 2022.

Security researchers at firms like Guardio Labs shared in a December report how the Google Ads platform is being “massively abused” by threat actors. Websites containing malicious code and malware can essentially disguise themselves by appearing valid to any outside source, but the server redirects those who click on ads to a separate, rogue site containing malware.

Alejandro Borgia, Google’s director of ad privacy and safety, said during an online press conference that the company saw a spike in so-called “malvertising” or ads containing malware, in 2022. He added the company took “swift measures” and then saw that spike subside.

The second highest number of ad takedowns was due to trademark infringement, …

On Tuesday, the company released details on its Ad Transparency Center, a new aspect of the My Ads Center that details more about specific ads and when and where they ran….

Filed: https://gizmodo.com/tech/google


Subject: Google Introduces Ad Transparency Center After Blocking Billions Of Ads Last Year
Source: Forbes
https://www.forbes.com/sites/emmawoollacott/2023/03/30/google-introduces-ad-transparency-center-after-blocking-billions-of-ads-last-year/

Google has launched a new ad transparency center, revealing that it blocked or removed more than five billion ads last year.The Ads Transparency Center allows users to view all the ads a particular advertiser has run, along with the regions in which they were shown, the date it was displayed and the format of the ad.

“For example, imagine you’re seeing an ad for a skincare product you’re interested in, but you don’t recognize the brand, or you’re curious to understand if you recognize other ads from this brand,” says Alejandro Borgia, director of product management, ads safety.

“With the Ads Transparency Center, you can look up the advertiser and learn more about them before purchasing or visiting their site.”

Users can also check whether or not an advertiser is a verified business, like or block ads, or report any they believe to be violating Google’s policies. Users can access the center directly, here, or by clicking on the three dots that appear next to any particular ad.

Filed: https://www.forbes.com/cybersecurity/

Author’s articles: https://www.forbes.com/sites/emmawoollacott/

RSS: https://www.forbes.com/sites/emmawoollacott/feed/


Subject: ‘You don’t want to fall for this’: BBB warns of smart TV scam
Source: Nexstar Media Wire
https://www.nxsttv.com/nmw/news/you-dont-want-to-fall-for-this-bbb-warns-of-smart-tv-scam/

EAST PROVIDENCE, R.I. (WPRI) — If you have a smart TV, listen up.The Better Business Bureau (BBB) is warning of a scam involving popular streaming devices, such as Roku and Amazon Fire TV sticks, and services like Netflix and YouTube TV.

The BBB said it has received an influx of reports regarding scammers targeting victims through pop-ups on their smart TVs.

“Scammers can actually target victims through their devices via the internet,” BBB’s Paula Fleming explained. “Obviously, smart TVs are no exception.”


Subject: Report: Terrible employee passwords at world’s largest companies
Source: NordPass
https://www.bespacific.com/report-terrible-employee-passwords-at-worlds-largest-companies/

The Wealthiest Companies with the Weakest Passwords – “Do large companies have unbeatable password habits? Think again. NordPass has compiled a list of passwords used by the world’s largest companies across 20 industries and 31 countries to “secure” their business accounts. Spoiler alert: they’re terrible. Don’t believe us? See for yourself but please, don’t get inspired.”



Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: TechRepublic
Source: Report: Some IT Outsourcing Is Moving Back Onshore
https://www.techrepublic.com/article/it-outsourcing-moving-back-onshore/

While cost is generally the main consideration, the war in Ukraine and global political tensions are prompting companies to shift their IT outsourcing strategies, according to a new report.A persistent talent shortage has led nearly 70% of IT leaders to increase their need to outsource, with some opting to source talent back onshore, according to a newly-released study by software development agency JetRockets.This is being driven by “extraordinary pressure as the need to digitize operations and create differentiated experiences for both customers and employees continues to increase,’’ the study found. In addition to global uncertainty, widespread budget cuts are also forcing a change in the strategies organizations use to outsource talent, the study said.Global factors are disrupting outsourcing strategies

RSS topic feed: https://www.techrepublic.com/rssfeeds/topic/cxo/

Author feed: https://www.techrepublic.com/meet-the-team/us/esther-shein/


Subject: Explainer: Age-verification bills for porn and social media
Source: Mashable
https://mashable.com/article/what-are-age-verification-bills-porn-louisiana-utah

And how to actually protect children online. In case you haven’t noticed, free expression online is currently under attack. From the proposed TikTok ban to hearings on Section 230 (which protects social platforms from being liable for what users post), some U.S. lawmakers are targeting access to free and open internet.Recent age-verification bills are another iteration of this. These laws require people to show proof of age to view adult content — or, in some versions, to peruse social media at all. Experts warn that these bills threaten digital privacy and free speech.What are age-verification bills?…The downsides to “porn passport” lawsWhile these bills may initially seem sound — no one wants children to access adult content — the experts say that they won’t work, and will cause a host of problems.In terms of the former, these statutes are difficult to enforce and easy to get around. For one, there are going to be websites based in other countries that won’t comply with these regulations, said Mike Stabile, director of public affairs at the Free Speech Coalition. “My greatest fear when I looked at [these bills] was that this is…going to push kids to more and more dangerous sites,” he said.

For another, software like VPNs (virtual privacy networks) are built to make it seem like the user is somewhere they’re not. Days after the Louisiana law went into effect, a Redditor asked if they can use a VPN(Opens in a new tab) to get around it. “Yep,” the top comment read. “So easy a five year old can do it.”

Beyond enforceability, experts say they cause a tremendous privacy risk.

Posted in: AI, Cybercrime, Cybersecurity, E-Commerce, Privacy, Search Strategies, Social Media