Subject: The double-edged sword of AI and cybersecurity
Source: Becker’s Hospital Review
https://www.beckershospitalreview.com/cybersecurity/the-double-edged-sword-of-ai-and-cybersecurity.html
As AI continues to reshape industries worldwide, Kristin Myers, executive vice president and chief digital officer of New Hyde Park, N.Y.-based Northwell Health, sees immense potential for AI to transform healthcare cybersecurity — though not without its challenges.
“There are just so many opportunities that AI presents,” Ms. Myers told Becker’s. “It can revolutionize the cybersecurity landscape and help mature organizations’ capabilities to better protect data and patients.”
One of the most promising applications of AI in cybersecurity is its ability to analyze vast amounts of data in real time, Ms. Myers noted. By identifying patterns and anomalies, AI can detect threats like malware, phishing attempts or ransomware attacks earlier and more accurately.
Beyond detection, AI offers the potential to shift cybersecurity strategies from reactive to proactive.
“Predicting potential vulnerabilities based on historical data and trends is a great opportunity for cyber and AI,” Ms. Myers said. However, Ms. Myers emphasized the importance of maintaining human oversight, particularly in high-risk scenarios.
While AI offers powerful tools to bolster defenses, it also presents new risks. “AI is somewhat of a double-edged sword,” Ms. Myers said. “It boosts defenses but is also being exploited by attackers. It’s important for technology professionals to get up to date on AI, understand the risks, and consider the ethics involved.”
Filed: https://www.beckershospitalreview.com/cybersecurity.html
Source: Android Headlines
https://www.androidheadlines.com/2025/01/huawei-linked-telecom-equipment-company-investigated-by-fbi.html
The FBI and US Commerce Department launch investigation against Baicells, a Huawei-linked companyFormer Huawei executives founded Baicells in 2014, and it has been operating in the US since 2015. It is a supplier of telecom equipment—including routers and base stations. Its technology is present in 700 commercial mobile networks across the United States. Now, the FBI and the US Commerce Department have started investigating the firm for potential risks to national security.
As reported by Reuters, US officials continue to fear that China is using telecommunications equipment from companies with whom it has ties to spy on Americans. In fact, Baicells was just added by the Pentagon to a list of 134 companies that are thought to have ties to China’s military. Representatives of the firm confirmed that they plan to appeal the designation, which they consider baseless.
The FBI has been warning Baicells’ clients about the use of its network equipment for years. The agency managed to cancel a contract in Las Vegas in 2023. In addition, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning in 2023 about vulnerabilities in Baicells’ Nova base stations. Such vulnerabilities could allow attackers to hijack the devices remotely. A Censys study from September 2024 found that between 28 and 186 Baicells base stations were still using the vulnerable firmware.
Baicells says it has no ties to China; customs data shows otherwise. Meanwhile, Baicells claims to have no current ties to China.
…
Filed: https://www.androidheadlines.com/category/huawei
Source: Brian Kreb’s Mastodon
https://newsie.social/deck/@[email protected]/113855322525997157
Human nature being what it is, it seems extremely likely that sometime today we will see millions of U.S.-based TikTok users installing some shady or “free” VPN software just to get around the ban.So even though we banned TikTok, ostensibly for security reasons, we end up creating an even bigger security problem when millions of people install some app that can read and modify all traffic.
Source: The Register
https://www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/
OpenAI’s ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.In a write-up shared this month via Microsoft’s GitHub, Benjamin Flesch, a security researcher in Germany, explains how a single HTTP request to the ChatGPT API can be used to flood a targeted website with network requests from the ChatGPT crawler, specifically ChatGPT-User.
This flood of connections may or may not be enough to knock over any given site, practically speaking, though it’s still arguably a danger and a bit of an oversight by OpenAI. It can be used to amplify a single API request into 20 to 5,000 or more requests to a chosen victim’s website, every second, over and over again.
“Due to this amplification, the attacker can send a small number of requests to ChatGPT API, but the victim will receive a very large number of requests,” Flesch explained.
“I’d say the bigger story is that this API was also vulnerable to prompt injection,” he said, in reference to a separate vulnerability disclosure. “Why would they have prompt injection for such a simple task? I think it might be because they’re dogfooding their autonomous ‘AI agent’ thing.”
Flesch questioned why OpenAI’s bot hasn’t implemented simple, established methods to properly deduplicate URLs in a requested list or to limit the size of the list, nor managed to avoid prompt injection vulnerabilities that have been addressed in the main ChatGPT interface.
…
Source: Help Net Security
https://www.helpnetsecurity.com/2025/01/20/crypto-hardware-wallets/The twin cryptocurrency and digital identity revolutions are supposed to be building a better future, where anybody can take charge of their sovereignty and security in a world where both face unprecedented threats. Yet at one crucial level, the decentralization ecosystem has a glaring vulnerability: consumer hardware wallets.
Devices like Ledger sell themselves as the last word in security for the crypto economy. Most end users will accept those marketing messages, hook, line, and sinker.Why wouldn’t they? The learning curve for Bitcoin, crypto, and decentralized finance is precipitous. People are looking for a trusted guide up the mountain. Unfortunately, the hardware wallet industry is leading users blindly to the edge of a precipice – with ruinous consequences not just for crypto investors but, before long, for everyone.
Inside the black box
What’s wrong with hardware wallets? The best place to start is by pointing out what they got right.
…
Source: Newser
https://www.newser.com/story/362960/suddenly-following-trump-on-social-media-heres-why.html
Social media is full of claims that Meta forced Facebook and Instagram users to follow President Trump. “Full dictatorship incoming,” one Reddit user warned, per USA Today. But these claims are false, according to fact-checking site Snopes and other media outlets. The social media accounts for the US president and vice president, typically marked @POTUS and @VP, automatically flipped from President Biden and Vice President Kamala Harris to President Trump and VP JD Vance with Monday’s inauguration, as did the accounts for the first lady (@FLOTUS). These White House-managed accounts “change when the occupant of the White House changes,” explains Meta rep Andy Stone.The old accounts are archived—see @potus46archive, @vp46archive, @flotus46archive, etc.—then wiped, offering a clean slate for the incoming administration. But the followers remain the same.
Source: WHYY
https://whyy.org/episodes/your-phone-is-listening-do-you-care/
Has data harvesting by companies like X, Meta, Google and Apple gone too far? From Siri to Smart TVs, we get the latest on big tech and privacy with Penn expert Joseph Turow.
A 2019 Pew study found only 9% of people actually read the terms and conditions when they share personal information online, sign up for a new account, or download a new app. In the few years since that report, the amount of data harvested by marketing and big tech companies has exploded — and the collection is far more sophisticated.
Companies can now harness artificial intelligence to anticipate your behavior and send you targeted content. It’s possible for smart TVs to share your viewing habits with digital marketers, so the ad you saw on Hulu could show up later on Instagram. Tech companies have millions of data points on their users — and the business of buying and selling your data is a lucrative one.
On this episode of Studio 2, we get the latest on digital privacy and how to protect yourself.
…
[51m 28s podcast:]
https://whyy-od.streamguys1.com/studio2/S220250122.mp3
Source: WIRED
https://www.wired.com/story/gravy-location-data-app-leak-rtb/
Some of the world’s most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement.The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush and dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem—not code developed by the app creators themselves—this data collection is likely happening without users’ or even app developers’ knowledge.
“For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising ‘bid stream,’” rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data.
“This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there’s some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way,” Edwards says.
…
Filed: https://www.wired.com/category/security/
Source: New York Times
https://www.nytimes.com/2025/01/22/us/trump-privacy-civil-liberties-oversight-board.html?unlocked_article_code=1.rU4.2to7.de4ZbvxLEDmD&smid=url-share
The Trump White House has told three Democratic-selected members of the Privacy and Civil Liberties Oversight Board to resign or be fired, which would stop the independent agency from functioning.
The move comes as the new administration is vowing to put its own stamp on federal law enforcement and intelligence agencies. It also comes ahead of a new conflict over whether or how Congress should renew a warrantless surveillance law that is set to expire in 2026.
Congress established the agency, called the Privacy and Civil Liberties Oversight Board, as an independent unit in the executive branch after the terrorist attacks of Sept. 11, 2001. It has security clearances and subpoena power, and is set up to have five members, appointed by the president and confirmed by the Senate, who serve six-year terms. Some members are picked by the president, and some are selected by congressional leaders of the other party.
Senator Ron Wyden, an Oregon Democrat who is frequently critical of surveillance programs, denounced the move in a statement, saying it was related to accusations that Mr. Trump was trying to install his own loyalists and partisans at the F.B.I. and intelligence agencies to weaponize the government against his enemies.
Ambiguously, however, while Congress declared that the agency was “independent,” the statute establishing the agency does not have a provision that bars presidents from removing its board members without a good cause like misconduct — the usual method by which independent agencies are protected from undue White House interference.
Advisers to Mr. Trump subscribe to a strong view of presidential power called the unitary executive theory, under which the Constitution should be interpreted as giving presidents exclusive control of the executive branch and independent agencies are considered illegitimate. During the campaign, Trump allies vowed to stomp out pockets of independence in the executive branch if he won the election.
Source: gHacks Tech News
https://www.ghacks.net/2025/01/24/cybersecurity-alert-users-deceived-by-fake-google-captcha-pages/
A new phishing campaign exploits the Lumma Stealer malware, deceiving Windows users with fake Google CAPTCHA pages that execute harmful commands.In a significant security alert, cybersecurity firm CloudSek has unveiled a sophisticated phishing campaign linked to the Lumma Stealer malware, targeting Windows users. This approach leverages deceptive human verification pages that mimic legitimate Google CAPTCHA processes, luring victims into executing harmful commands on their systems. The campaign’s reliance on well-established platforms, such as Amazon S3 and various Content Delivery Networks, adds another layer of difficulty in detecting these malicious activities.
Once users are directed to these fraudulent pages, they are prompted to click a “Verify” button. This seemingly innocent action triggers a hidden JavaScript function that copies a base64-encoded PowerShell command to the user’s clipboard, misleading them into executing it. By following errant instructions provided on the site, users inadvertently run the malicious command in a concealed window, facilitating the infection process.
Source: Markets Insider
https://markets.businessinsider.com/news/currencies/trump-crypto-meme-coin-rally-melania-barron-ivanka-sorkin-bitcoin-2025-1
[I prefer trading cards … ]
- Trump’s meme coin went viral this week — and it sparked a wave of imitators trying to cash in on the frenzy.
- Unofficial cryptos named after Ivanka Trump, Barron Trump, and others soared this week.
- Crypto has rallied since Trump won the election, with altcoins and meme tokens seeing big boosts.
Trump’s meme coin was the talk of the crypto market this week, and its success sparked a wave of unofficial tokens looking to woo investors with the promise of swift gains.
As their prices went parabolic, it didn’t take long for imitators to crop up, with issuers minting new tokens bearing the names of high-profile figures.