Facebook infested with porn and gambling ads

Posted in Commentary with tags on January 27, 2025 by itnerd

A recent investigation by the Cybernews team uncovered a trend plaguing Facebook’s advertising ecosystem: a surge in pornographic and gambling ads infiltrating users’ feeds despite Meta’s strict ad guidelines. 

This issue reveals a larger systemic failure within Facebook’s ad approval process, raising critical concerns about the platform’s ability to ensure user safety. Despite claims that its AI-driven moderation system effectively blocks illicit content, Facebook appears overwhelmed by an influx of sexually explicit material and gambling promotions that violate its own rules.

As Facebook continues to profit from these campaigns, this raises questions about the platform’s commitment to enforcing its ad guidelines. 

Key findings of their investigation include:

  1. There’s a rise of Facebook ads promoting undressing AI apps, like CrushAI, which allow users to erase clothes, and this way generates nudity-containing content involving anyone. 
  2. There’s also a surge in sponsored gambling ads featuring sexually suggestive content, and they explicitly encourage the transfer of funds and supposedly real monetary gain.
  3. Users often report them but remain active for extended periods before being taken down. Even more troubling is the lack of accountability for the advertisers, who continuously find ways to bypass Meta’s ad policies.
  4. These ads are persistent – they come back in waves when taken down. Over a short period of time, ads that featured full nudity or pornography under the keywords “AI girlfriend” and “eraser clothes” rose exponentially, at one point reaching 1900 active campaigns.
  5. They are supported by bot accounts created almost simultaneously in 2023. Most of them lead to pages like crazybody.onlinedizyer.info, and pharmacity.today.
  6. These ads also target underage Facebook users. 
  7. Facebook is profiting significantly from those nudity-featuring ads. For instance, a week-long ad campaign can cost from 300 USD, and our team, as mentioned earlier, found 1900 active nudity-featuring ad campaigns.
  8. The process of entering user payment details on the CrushAI page isn’t entirely secure—VirusTotal has found that one vendor for CrushAI was marked as malicious.
  9. Undress AI apps amplify child pornography, and Facebook ads contribute to its promotion. They permit uploads with no content moderation, and there have been cases of child predators using AI to generate deep-fake pornographic content. 

You can access the full article here

Leave a comment »

Applied Labs raises $4.2M In Funding

Posted in Commentary with tags on January 27, 2025 by itnerd

Every company today faces mounting pressure to deploy AI, but most solutions fall short on reliability and cannot handle complex, critical workflows. Applied Labs, founded by early Scale AI leaders, announced $4.2 million funding to transform how businesses deploy AI agents for complex support and operations tasks.

The seed round was led by Abstract, with participation from Point72 Ventures, Outlander, and Tetra. A few notable angel investors include Vercel CEO Guillermo Rauch, Modal CTO Akshat Bubna, and ex-Twitter exec Ali Rowghani. This latest round brings the total raised by Applied Labs to $5.2 million.

Founded in January 2024 by Michael Woo and Soham Waychal, Applied Labs emerged from their firsthand experience with AI applications at Scale AI, where they recognized how much time was spent on critical yet repetitive support interactions and ops workflows. Woo – who joined Scale AI as employee #20 and led a team of 30 focused on ops scalability – saw the opportunity to build AI agents that could handle complex workflows with unprecedented reliability. Waychal, who previously led engineering at a16z-backed Canal and holds 5 AI patents, brings deep technical expertise to the challenge.

The company focuses on support and operations teams. Their current solution is an end to end AI customer support agent fine-tuned to the businesses’ knowledge base and empowered with AI actions which typically involve first and third party integrations. Digital employees in other domains like operations are incoming. 

Uniquely, the Applied Labs team is using their expertise at Scale AI to build high quality, reliable and easy to use AI agents. The solution uniquely combines three critical components to get what they believe are the best results: omnichannel interactions spanning chat, email and phone to handle 100% of volume; sophisticated AI agent orchestration for handling Q&A and AI workflows; and comprehensive evaluation tools for testing, auditing and monitoring AI outputs. This approach includes built-in human-in-the-loop escalations, recognizing that finding the right balance between AI efficiency and human touch for complex, emotional interactions remains crucial.

The stakes are high – a single misstep in handling customer inquiries or operational tasks can erode trust and escalate problems. “At Scale when we first did AI labeling or if you think about self-driving cars or even these AI sales agents, if you scale up a poorly thought out AI response or workflow on high volume, it’s deeply damaging.” Woo said. Applied Labs addresses this by building guardrails and monitoring systems to rigorously test the AI with human-in-the-loop auditing before any new capabilities are broadly deployed. 

Applied Labs plans to double its headcount in the coming months to meet growing customer interest. The funding will accelerate hiring of engineers to advance the company’s ambitious product roadmap.

Looking ahead, while the AI industry races to replace human workflows, Applied Labs is pioneering a more nuanced vision: high quality AI agents that combine machine efficiency with human judgment. By focusing on quality, reliability and empowering non-technical teams to resolve the most complex, painful issues with AI, the company is building toward a future where almost every company can confidently deploy AI across their most complex operations—transforming not just how work gets done, but redefining what’s possible when artificial and human intelligence work in harmony.

Leave a comment »

New threat research: 300% surge in SaaS attacks signals a shift in threat actor targets

Posted in Commentary with tags on January 27, 2025 by itnerd

Obsidian has released its new 2025 SaaS Security Threat Report that reveals SaaS breaches have surged by a staggering 300% over the past year and that SaaS applications were the attack vector behind the majority of the biggest incidents, including MGM, Microsoft, AT&T, and Okta.

These findings signal a shift among nation-state and criminal threat actors – including groups like Midnight Blizzard,  Scattered Spider, ShinyHunters, and more – who are targeting SaaS platforms as the new “frontline” attack vector as more data shifts to popular SaaS apps like Microsoft Office 365, Google Workspace, ServiceNow, Slack and Okta.

The new report is based on the industry’s largest repository of SaaS-related attack data, including direct involvement in over 150 incident responses alongside leading firms like GuidePoint and Kroll.

You can read the report here.

Leave a comment »

A Deal Involving Oracle And Microsoft To Buy TikTok Is Allegedly On The Table

Posted in Commentary with tags , , on January 26, 2025 by itnerd

TikTok’s corporate masters Byte Dance have been consistently saying that TikTok isn’t for sale. But according to this story, a deal may be in the works:

The Trump administration is working on a plan to save TikTok that involves tapping software company Oracle and a group of outside investors to effectively take control of the app’s global operations, according to two people with direct knowledge of the talks.

Under the deal now being negotiated by the White House, TikTok’s China-based owner ByteDance would retain a minority stake in the company, but the app’s algorithm, data collection and software updates will be overseen by Oracle, which already provides the foundation of TikTok’s web infrastructure. 

That would effectively mean American investors would own a majority stake in TikTok, but the terms of the deal could change and are still being hammered out.

“The goal is for Oracle to effectively monitor and provide oversight with what is going on with TikTok,” said the person directly involved in the talks, who was not authorized to speak publicly about the deliberations. “ByteDance wouldn’t completely go away, but it would minimize Chinese ownership.”

NPR has agreed not to name the sources, who are not authorized to speak publicly about the confidential talks.

Other potential investors who are engaged in the talks include Microsoft.

If any of this sounds familiar, it should. The last time Donald Trump was president, he tried to engineer a deal involving Oracle and WalMart among others. But the deal fell apart. Microsoft was also said to be interested in buying TikTok. But that deal went nowhere at least twice. So, will it happen this time? I have no clue. But we have less than 75 days to see what happens as that’s how long the TikTok executive lasts.


Leave a comment »

Data Privacy Week Starts On Monday

Posted in Commentary with tags on January 25, 2025 by itnerd

Whether you’re in IT, healthcare, government, or finance — every industry that handles sensitive data or critical systems benefits from protecting its data. We are reminded of this every time we see a new breach in the news, and especially during Data Privacy Week which is next week, helps to further empower everyone to protect our privacy online.

I have a pair of comments on Data Privacy Week from industry experts:

Evan Dornbush, former NSA cybersecurity expert:

“This is a great time for developers and product leads to remember, ‘if you don’t collect it, it can’t find its way into a breach,’ and be mindful of how much information is captured and stored that may be a liability to the business rather than an asset. For end users, in the past few months, we’ve seen clear-text SMS messages and call data records, some dating back as far as seven years, disclosed in telecom hacks. Encrypted options for video, voice and text exist and are now being promoted by professionals and government groups alike.”

Jawahar Sivasankaran, President at Cyware

“Data Privacy Week is a good opportunity to reflect on how security and privacy go hand-in-hand. Threat intelligence is a critical part of protecting sensitive data – it helps us identify and respond to risks before they turn into tangible threats. A strong security posture is essential for safeguarding privacy, and this week underscores the need to integrate both into your strategy. Protecting data is about more than compliance; it’s about being proactive in identifying and mitigating risks to keep both privacy and security intact.”

The website that I linked to above has a ton of great resources that you can use to take more control of your data. Feel free to check them out.

Leave a comment »

Healthcare In 2024: 84% detected a cyberattack and 46% will prioritize automation in 2025

Posted in Commentary with tags on January 25, 2025 by itnerd

In a recent report published by Netwrix, the cybersecurity firm surveyed 1,309 security professionals globally and found that 84% of organizations in the healthcare sector observed a cyberattack on their infrastructure within the last 12 months. 

Phishing and account hijacking were the most common types of incidents experienced. Of those that spotted a cyberattack, 74% of healthcare organizations reported user or admin account compromise compared to 44% of organizations with on-premises infrastructure.

  “Healthcare workers regularly communicate with many people they do not know — patients, laboratory assistants, external auditors and more — so properly vetting every message is a huge burden. Plus, they do not realize how critical it is to be cautious, since security awareness training often takes a back seat to the urgent work of taking care of patients. Combined, these factors can lead to a higher rate of security incidents,” says Dirk Schrader, VP of Security Research and Field CISO EMEA at Netwrix.

The report also reported that a cyberattack resulted in financial damage for 69%, compared to 60% for other industries. 57% estimated financial damage of greater than $10,000, with 36% stating the financial damage was greater than $50,001.

Automation of manual IT processes ranked third for the healthcare sector behind data and network security, with 46% of respondents stating it as one of their top priorities for 2024.

An expert with Cyware offers perspective on the matter.

Emily Phelps, Director, Cyware had this to say:

  “This is a reminder that securing healthcare infrastructures goes beyond just protecting data—it’s about safeguarding the entire ecosystem of communication, collaboration, and critical patient care. With many healthcare workers juggling multiple interactions daily, it’s clear that robust threat intelligence management and training programs are crucial in equipping staff to spot and mitigate these threats. Moreover, automating IT processes can help reduce human error, which is often exploited by attackers, and streamline defenses in an industry under constant pressure. Effective threat intelligence sharing and collective defense are essential to fortifying healthcare networks and minimizing the impact of these attacks.”

Unfortunately healthcare is a target rich environment for threat actors. This paradigm needs to change and fast. Otherwise some the most important data that relates to all of us will be forever under threat.

Leave a comment »

Sensitive Data From ANICO Leaked Online

Posted in Commentary with tags on January 24, 2025 by itnerd

Recently, the Safety Detectives Cybersecurity Team stumbled upon a forum post on the clear web where a threat actor posted a link to a database allegedly belonging to American National Insurance Company’s 2023 data breach that contained 279,332 lines of sensitive data of customers and some employees’ data. 

You can see their full report here: https://www.safetydetectives.com/news/anico-leak-report/

Leave a comment »

Is Next Generation Apple CarPlay Still Coming? Apple Says Yes, But I Am Not So Sure

Posted in Commentary with tags on January 24, 2025 by itnerd

Yesterday, Apple did something that I have rarely seen. They put out a statement to sites like MacRumors that they are still working with “several” carmakers to bring out the next generation of Apple CarPlay.

Keep in mind that this next generation of Apple CarPlay was supposed to be rolling out right now.

To be honest, this has the feel of AirPower. Remember that? Apple announced it. Apple missed their 2018 ship date. Apple stopped talking about it. Then Apple killed it. Next generation Apple CarPlay is going in that direction. And I think Apple will eventually kill it. I say that because you would think that any carmaker who really wants next generation CarPlay would have jumped on board and announced that one or more of their cars are going to have next generation Apple CarPlay by now. But you have heard absolutely nothing from any carmaker on the planet. What’s more, Apple hasn’t named a single carmaker who’s jumped on board.

That’s not good.

The fact that no carmaker has admitted to be part of next generation Apple CarPlay, nor has Apple said who is part of this, says to me that few if any carmakers have signed on. And if that continues, I cannot see how Apple can roll this out. Thus it seems highly likely to me that next generation CarPlay is going to get killed by Apple if there isn’t significant movement soon. That would be a shame for everyone. Customers, Apple, carmakers, everyone.

Apple CarPlay is great and I would love to see a major overhaul. But as things stand, I don’t see that happening. Though I am always free to be proven wrong. Let’s hope that Apple does prove me wrong.

1 Comment »

Saviynt Hires Former Palo Alto Networks Executive Ajay Garg as Chief Development Officer

Posted in Commentary with tags on January 23, 2025 by itnerd

 Saviynt, a leading provider of cloud-native identity governance solutions, today announced that Ajay Garg has joined its company as Chief Development Officer to lead the engineering team for its Identity Cloud platform.

Garg joins Saviynt from Palo Alto Networks, where, as Vice President of Engineering, he led a global engineering team responsible for the development of AI-driven advanced security solutions for Data Security, SaaS Security, WildFire, and Internet Security. In his executive role at Saviynt, Garg will oversee all of Engineering, Quality Engineering, Infrastructure (DevOps) and SRE (site reliability) teams driving innovation and growth within Saviynt’s identity security platform offerings. 

Prior to Palo Alto Networks, Garg served as Global VP of Engineering at CyberCube Analytics, where he led the development of its industry-leading Cyber Risk Analytics platform. Previously, Garg held key engineering leadership roles at FireEye and Cisco Systems, where he drove innovation in cloud security, identity management, threat analytics, secure access, firewall security, and content security.

To learn more about Saviynt’s Identity Cloud, please visit the website.

Leave a comment »

Subaru STARLINK Vulnerability Allowed Cars To Be Tracked, Unlocked, And Started… WTF?

Posted in Commentary with tags , on January 23, 2025 by itnerd

My wife and I are doing literally everything and anything possible to keep our non connected vehicle on the road as long as possible. We both don’t trust carmakers when it comes to our data. This is a prime example of why we don’t trust them. We also are afraid of the security implications of having a car connected to the Internet 24/7. And this story is an example of why we are afraid:

On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.

Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:

  • Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.
  • Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.
  • Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.
  • Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.

After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously.

Okay. I will say that it is good that it was patched quickly when this is reported. I will also say that nobody can say with 100% certainty that this was never exploited in any way. And I will say that this implies that Subaru needs to step up their vulnerability testing as the data listed above is the holy grail of data that anyone from a car thief, a disgruntled ex-partner, to an intelligence agency would want.

And what really bothers me is the way that this post concludes:

When writing this, I had a really hard time trying to do another blog post on car hacking. Most readers of this blog already work in security, so I really don’t think the actual password reset or 2FA bypass techniques are new to anyone. The part that I felt was worth sharing was the impact of the bug itself, and how the connected car systems actually work.

The auto industry is unique in that an 18-year-old employee from Texas can query the billing information of a vehicle in California, and it won’t really set off any alarm bells. It’s part of their normal day-to-day job. The employees all have access to a ton of personal information, and the whole thing relies on trust.

It seems really hard to really secure these systems when such broad access is built into the system by default.

So I will say this to a car makers who happen to read this post. You will have to pry our current non-connected car out of the cold dead hands of my wife and I. And the only way that we will consider anything new is if all of you prove on a continuous basis that you’re able to keep this data safe and secure. Because these days, it’s not just about what creature comforts a car has, or the fuel economy that it gets. It’s also about how the data that is generated is secured. Until you do that part well, we’ll keep the car that we have as that will allow my wife and I to sleep better at night.

UPDATE: Lawrence Pingree, VP, Dispersive had this comment:

“As with modern times, most and many things are tracked. It’s important to point out that in most cases, the tracking is anonymous in nature — without correlations with other types of data, tracking is just one data point. I think most practitioners and customers would want the select ability and opt-in/opt-out authority for their privacy. Where things get even more scary to security practitioners is if the backend systems like AI for example, become connected to cars and execute movement or control over a vehicle. Both the car manufacturer and the liability of the driver could be questioned in such a potential eventuality. Those become blatant safety issues. It’s important that manufacturers get the data they need, but at the same time, customers have more control so that the data isn’t misused. The movie Leave the World Behind portrays future Tesla cars being compromised and running them down the road, colliding with each other. That’s much scarier.”

Leave a comment »

« Older Entries
Newer Entries »