Subject: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Source: The Hacker News Logo
https://thehackernews.com/2025/01/microsoft-sues-hacking-group-exploiting.html
Microsoft has revealed that it’s pursuing legal action against a “foreign-based threat–actor group” for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content.The tech giant’s Digital Crimes Unit (DCU) said it has observed the threat actors “develop sophisticated software that exploited exposed customer credentials scraped from public websites,” and “sought to identify and unlawfully access accounts with certain generative AI services and purposely alter the capabilities of those services.”
The adversaries then used these services, such as Azure OpenAI Service, and monetized the access by selling them to other malicious actors, providing them with detailed instructions as to how to use these custom tools to generate harmful content. Microsoft said it discovered the activity in July 2024.
The Windows maker said it has since revoked the threat-actor group’s access, implemented new countermeasures, and fortified its safeguards to prevent such activity from occurring in the future. It also said it obtained a court order to seize a website (“aitism[.]net”) that was central to the group’s criminal operation.
Source: Schneier on Security
https://www.schneier.com/blog/archives/2025/01/apps-that-are-spying-on-your-location.html
Apps That Are Spying on Your Location404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics:
The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem—not code developed by the app creators themselves—this data collection is likely happening both without users’ and even app developers’ knowledge.
Source: Slashdot
https://slashdot.org/story/25/01/12/0519240/google-wants-to-track-your-digital-fingerprints-again
Google is reintroducing “digital fingerprinting” in five weeks, reports Mashable, describing it as “a data collection process that ingests all of your online signals (from IP address to complex browser information) and pinpoints unique users or devices.” Or, to put it another way, Google “is tracking your online behavior in the name of advertising.”
The UK’s Information Commissioner’s Office called Google’s decision “irresponsible”: it is likely to reduce people’s choice and control over how their information is collected. The change to Google’s policy means that fingerprinting could now replace the functions of third-party cookies… Google itself has previously said that fingerprinting does not meet users’ expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. To quote Google’s own position on fingerprinting from 2019: “We think this subverts user choice and is wrong….” When the new policy comes into force on 16 February 2025, organisations using Google’s advertising technology will be able to deploy fingerprinting without being in breach of Google’s own policies. Given Google’s position and scale in the online advertising ecosystem, this is significant.
Their post ends with a warning that those hoping to use fingerprinting for advertising “will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure.”
…
+ comments
Source: The Hill
https://thehill.com/homenews/nexstar_media_wire/5075571-irs-delays-after-id-thefts-unconscionable-watchdog-says-here-are-3-ways-to-protect-yourself/
(NEXSTAR) – A new tax season is nearly here, and with it an opportunity for identity thieves to take advantage of taxpayers. On Wednesday, Erin M. Collins, the IRS national taxpayer advocate, issued a report calling the agency’s delays in responding to identity-theft cases “unconscionable.”
The report found that nearly half a million taxpayers were impacted by the delays in 2023, a situation made worse by the IRS reassigning identity-theft case workers during the filing season, Collins said.
The current average time to resolve such cases is two years, a time frame Collins urges the IRS to reduce to 90 days or less.
Source: Newser
https://www.newser.com/story/362125/another-great-crash-may-loom.html
[an Opinion piece … ] Annie Lowrey in the Atlantic warns of how crypto could cripple the mainstream financial markets.
…
The fear isn’t merely that novice crypto investors will get hurt through scams or the sector’s notorious volatility—already, some low-income households have been taking out mortgages based on their crypto gains, which could go poof in the night—it’s that a larger “contagion” will spread to the financial world. So far, bitcoin’s notorious volatility hasn’t led to trouble in the more mainstream markets because crypto has been essentially “walled off” in its own separate world. But these walls are expected to come down—”forthcoming regulation will knit the systems together,” writes Lowrey.
As a result, “crypto will become more widespread,” writes Lowrey. “And the conventional financial markets will come to look more like the crypto markets—wilder, less transparent, and more unpredictable, with trillion-dollar consequences extending years into the future.” Read the full analysis, [9 pages] which details some of the regulatory changes afoot.
Filed: https://www.newser.com/tag/66772/1/bitcoin.html
Source: Malwarebytes
https://www.malwarebytes.com/blog/news/2025/01/ai-supported-spear-phishing-fools-more-than-50-of-targets
One of the first things everyone predicted when artificial intelligence (AI) became more commonplace was that it would assist cybercriminals in making their phishing campaigns more effective.Now, researchers have conducted a scientific study into the effectiveness of AI supported spear phishing, and the results line up with everyone’s expectations: AI is making it easier to do crimes.
The study, titled Evaluating Large Language Models’ Capability to Launch Fully Automated Spear Phishing Campaigns: Validated on Human Subjects, evaluates the capability of large language models (LLMs) to conduct personalized phishing attacks and compares their performance with human experts and AI models from last year.
To this end the researchers developed and tested an AI-powered tool to automate spear phishing campaigns. They used AI agents based on GPT-4o and Claude 3.5 Sonnet to search the web for available information on a target and use this for highly personalized phishing messages.
With these tools, the researchers achieved a click-through rate (CTR) that marketing departments can only dream of, at 54%. The control group received arbitrary phishing emails and achieved a CTR of 12% (roughly 1 in 8 people clicked the link).
The research also showed a significant improvement of the deceptive capabilities of AI models compared to last year, where studies found that AI models needed human assistance to perform on par with human experts.
The key to the success of a phishing email is the level of personalization that can be achieved by the AI assisted method and the base for that personalization can be provided by an AI web-browsing agent that crawls publicly available information.
[see this phish …]
https://www.malwarebytes.com/wp-content/uploads/sites/2/2025/01/Research_for_target.jpg
Other bad news is that the researchers found that the guardrails which are supposed to stop AI models from assisting cybercriminals are not a noteworthy barrier for creating phishing mails with any of the tested models.
If you’re looking for some guidance how to recognize AI assisted phishing emails, we’d like you to read: [from over 1 year ago] How to recognize AI-generated phishing mails. But the best way is to always remember the general advice not to click on any links in unsolicited emails.
Subject: Open Port Chronicle: What Port 80 Revealed About The Internet
Source: RedHunt Labs
https://www.bespacific.com/open-port-chronicle-what-port-80-revealed-about-the-internet/
Copyright © 2024 beSpacific, All rights reserved.
Source: PC Mag
https://www.bespacific.com/how-to-avoid-the-top-internet-scams/
Wrong Numbers, Fake Invoices, and Catfishing: If you’re online, you’re at risk. “We spoke to three security experts about what you can do to protect yourself…In a video call, Bogdan Botezatu, Bitdefender’s director of threat research, warned that despite the numerous ways scammers go after their targets, spam email remains the most prevalent. Using telemetry from Bitdefender customers, Botezatu gave me a high-level view of what email scams people are most likely to encounter. “We have seen that roughly 96% of worldwide email traffic was spam,” said Botezatu, citing statistics from June 2020 to 2021. He explained to me that much of this was commercial spam—harmless, if irritating, advertisements. Of the spam that was in some way malicious, the most common type …FILED:
https://www.pcmag.com/categories/security
—
Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.
Source: EC
https://commission.europa.eu/cybersecurity-healthcare_en
A healthcare sector resilient to cyber threats. Digitalisation has revolutionised healthcare, improving patient services through innovations such as electronic health records, telemedicine, and AI-driven diagnostics. However, cyberattacks can have severe consequences, including delays in medical procedures, gridlocks in emergency rooms, and disruptions to vital services.The healthcare sector is one of the most targeted by cyberattacks, with an increasing number of incidents in recent years — more than in any other critical sector in the EU.
…
Print: https://digital-strategy.ec.europa.eu/en/node/10085/printable/pdf
See also: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity
Source: Reuters
https://www.reuters.com/technology/state-regulators-fine-block-inc-80-million-anti-money-laundering-violations-2025-01-15/
WASHINGTON, Jan 15 (Reuters) – Block has agreed to pay a fine of $80 million to a group of 48 state financial regulators after the agencies determined the company had insufficient policies for policing money laundering through its mobile payment service, Cash App.
The multi-statement settlement would also see the fintech firm bring in an independent consultant to review its Bank Secrecy Act and anti-money laundering program, and report back to the states on any deficiencies. The company has also agreed to take corrective actions internally, according to the Conference of State Bank Supervisors, which announced the settlement….
Source: Forbes and ETF
https://www.bespacific.com/nsa-warns-iphone-and-android-users-disable-location-tracking
Forbes:“…NSA warns that “mobile devices store and share device geolocation data by design…Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.”EFF: “A global spy tool exposed the locations of billions of people to anyone willing to pay. A Catholic group bought location data about gay dating app users in an effort to out gay priests. A location data broker sold lists of people who attended political protests. What do these privacy violations have in common? They share a source of data that’s shockingly pervasive and unregulated: the technology powering nearly every ad you see online. Each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called “real-time bidding” (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of.
What is Real-Time Bidding? RTB is the process used to select the targeted ads shown to you on nearly every website and app you visit. The ads you see are the winners of milliseconds-long auctions that expose your personal information to thousands of companies a day. Here’s how it works:…
—
Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/mfa-failures-the-worst-is-yet-to-come/
Multi-Factor Authentication (MFA), once celebrated as an unbreakable defense, is crumbling under the weight of its outdated technology. Phishing attacks, ransomware, and sophisticated exploits are bypassing legacy MFA with astonishing ease.This article delves into the rising tide of MFA failures, the alarming role of generative AI in amplifying these attacks, the growing user discontent weakening our defenses, and the glaring vulnerabilities being frequently exploited. The storm is building, and the worst is yet to come.
Legacy MFA: An Open-Door Policy for Phishing and Ransomware – A wave of phishing and ransomware attacks is sweeping across all industries, leaving devastation in its wake. Countless billions of dollars of losses are suffered as cybercriminals pounce on the frailties of legacy MFA solutions.
These systems, built on easily defeated principles like one-time passwords (OTPs) and SMS authentication, are no match for the relentless onslaught.
Phishing attacks have become disturbingly effective, bypassing MFA with sophisticated social engineering tactics that prey on human gullibility.
With AI, phishing is no longer a crude art and has now become an exact science. Combined with the weaknesses of legacy MFA, these tools enable large-scale, high-success campaigns that are redefining the landscape of cybercrime and organizational risk.
The Gaping Holes in Legacy MFA – Cybercriminals have honed their skills in exploiting the glaring vulnerabilities of legacy MFA systems. Among their favored tactics are:
…
Source: Krebs on Security
https://krebsonsecurity.com/2025/01/chinese-innovations-spawn-wave-of-toll-phishing-via-sms/[too bad the toll operators aren’t using an app to push or perhaps MFA instead of SMS? /pmw1]
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states. Last week, the Massachusetts Department of Transportation (MassDOT) warned residents to be on the lookout for a new SMS phishing or “smishing” scam targeting users of EZDriveMA, MassDOT’s all electronic tolling program. Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app.
Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert. People in Florida reported receiving SMS phishing that spoofed Sunpass, Florida’s prepaid toll program.
In October 2023, KrebsOnSecurity wrote about a massive uptick in SMS phishing scams targeting U.S. Postal Service customers. That story revealed the surge was tied to innovations introduced by “Chenlun,” a mainland China-based proprietor of a popular phishing kit and service. At the time, Chenlun had just introduced new phishing pages made to impersonate postal services in the United States and at least a dozen other countries.
SMS phishing kits are hardly new, but Merrill said Chinese smishing groups recently have introduced innovations in deliverability, by more seamlessly integrating their spam messages with Apple’s iMessage technology, and with RCS, the equivalent “rich text” messaging capability built into Android devices
“While traditional smishing kits relied heavily on SMS for delivery, nowadays the actors make heavy use of iMessage and RCS because telecom operators can’t filter them and they likely have a higher success rate with these delivery channels,” he said.
…