Deepfake scams are on the rise in Canada and globally: Palo Alto

Posted in Commentary with tags on August 29, 2024 by itnerd

Today, Palo Alto Networks Unit 42 released research on dozens of scam campaigns using deepfake videos featuring the likeness of various public figures, including CEOs, news anchors and top government officials.

The research found that these campaigns appear in a variety of languages, with each typically targeting victims in a single country, including Canada, Mexico, France, Italy, Turkey, and more. While 2024 is predicted to be the largest voting year in history, the impact of deepfakes is not limited to the political domain. 

Highlights include:

  • As of June 2024, Unit 42 discovered hundreds of domains being used to promote these campaigns, with each having been accessed an average of 114,000 times since going live
  • Unlike typical phishing or malware domains, these domains are relatively long-lived, with an average active time of 142 days
  • These campaigns appear in English, Spanish, French, Italian, Turkish, Czech and Russian
  • Due to their infrastructural and tactical similarities, it’s believed these campaigns likely stem from a single threat actor group
  • The campaigns leverage numerous prominent figures, including Elon Musk and Tucker Carlson

You can find the full research report here: https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/

In addition to today’s research, Palo Alto Networks most recent Canadian Ransomware Barometer which found that Canadian IT decision-makers are concerned with the potential threat artificial intelligence (AI) poses to their organizations.  More than two-thirds of respondents (69%) believe the emergence of more AI technologies has increased the threat level to their organizations.

Leave a comment »

Here’s A Fido Text Messaging #Scam That You Should Be Aware Of

Posted in Commentary with tags on August 29, 2024 by itnerd

It’s been a while since I’ve seen a text messaging scam cross my desk. This specific one that I am bringing you is from a threat actor that claims to be Rogers flanker brand Fido:

If you look at the web address at the bottom of the text message, it’s not something that is related to Fido as Fido’s web address is http://www.fido.ca. That of course is ignoring the fact that Fido would never contact you in this manner to accept a payment. They would simply credit your account and you would see it on your next bill. But let’s follow the link (which to be clear, you should never do):

Ah yes. This is a scam that is meant to swipe your banking credentials so that the threat actor can log in and steal your money. This is confirmed when I choose a random bank to see what happens next:

I will admit that this is a very good replication of the CIBC website. But it’s not the real CIBC website as evidenced by the fact that one look at the address bar shows that it’s not going to cibc.com. It’s still going to the threat actors website. I didn’t go any further as it’s pretty clear what the game is here. Which means that if you get this text message, delete it and move on with your life.

Leave a comment »

Cybertech NYC 2024: Leading Experts to Tackle Election Misinformation and Digital Deception

Posted in Commentary with tags on August 29, 2024 by itnerd

Cybertech NYC 2024, East Coast’s premier cybersecurity event, will take place on September 5, 2024 at the Metropolitan Pavilion in Chelsea, New York. With an impressive lineup of speakers and a comprehensive agenda, Cybertech NYC 2024 is poised to be an essential gathering for those dedicated to secure and credible information in the digital age.

This year’s conference will delve into the urgent issues of election misinformation and fake news— threats that continue to endanger democracies around the world. Attendees can expect a series of powerful discussions and actionable insights, including:

  • Panel: New World of Fake and Truth
    • Led by Rebecca Blumenstein, President of NBC News Editorial, this panel will dissect the evolving landscape of fake news and its impact on society. Esteemed speakers such as Andrew Keen (Author), Steve Rosenbaum (Co-Founder, Sustainable Media Center), Douglas Rushkoff (Author, Professor of Media studies at CUNY, Host of Team Human), and Amy Mitchell (Executive Director, Center for News Technology and Innovation) will share their perspectives on navigating the digital maze of truth and deception.
  • Session: Hacking the Truth – Fake News and Elections 
    • Chaired by Yossi Vardi, Conference Chairman (Cybertech Israel), this session will explore the specific challenges of fake news in election contexts. Industry leaders, such as Noam Schwartz (Co-Founder and CEO, ActiveFence), David Sable (Vice-Chairman, Stagwell Global), Alexey Khitrov (Chief Technology Officer, Mitek), and Ryan Lasalle (CEO, Nisos) will reveal the latest tools and strategies to safeguard electoral processes from misinformation.
  • Session: Hacking the Truth – Fake News and Elections 
    • Chaired by Yossi Vardi, Conference Chairman (Cybertech Israel), this session will explore the specific challenges of fake news in election contexts. Industry leaders, such as Noam Schwartz (Co-Founder and CEO, ActiveFence), David Sable (Vice-Chairman, Stagwell Global), Alexey Khitrov (Chief Technology Officer, Mitek), and Ryan Lasalle (CEO, Nisos) will reveal the latest tools and strategies to safeguard electoral processes from misinformation. The session will also include discussions around fake news and the Trump assassination attempt, with specific examples to be shown.
  • Workshop: AI for Cyber – Special Workshop by Nvidia
    • This hands-on workshop will focus on how artificial intelligence can be leveraged in revolutionizing cybersecurity, particularly in identifying and mitigating the spread of fake news.

Special Events: Igniting Innovation and Cultivating Talent

In addition to its core discussions and workshops, Cybertech NYC 2024 will host exclusive events designed to spark innovation and nurture the next generation of cybersecurity talent, reinforcing the event’s commitment to advancing both technological progress and workforce development.

  • Invest in the Best
    • This elite global platform will connect top investors with the most promising startups. Participants will gain insights from international experts and enjoy unparalleled networking opportunities, positioning themselves to invest in the future of cybersecurity innovation.
  • Cybertech Talent Competition
    • In collaboration with the NYC Economic Development Corporation (NYCEDC), this competition will spotlight emerging NYC talent, including students eager to launch careers in cybersecurity. The event will feature pitches and presentations, with winners earning recognition and support from industry leaders, underscoring New York City’s dedication to building a strong cybersecurity workforce.

For the full agenda, visit the Cybertech NYC 2024 Agenda.

Leave a comment »

Telegram CEO Charged With Complicity In Spreading Sexual Images Of Children Among Other Alleged Crimes

Posted in Commentary with tags on August 29, 2024 by itnerd

Things just got real for Pavel Durov who is the CEO of Telegram. You might recall that French law enforcement picked him up at a French airport as part of an investigation into crime on the Telegram platform. Now Wired among others is reporting that French law enforcement have laid criminal charges:

Telegram CEO Pavel Durov is forbidden from leaving French territory after being charged for complicity in running an online platform that allegedly enabled the spread of sexual images of children, creating an uncertain future for the messaging app that has become one of the world’s biggest social media platforms.

Durov was arrested on Saturday at 8 pm local time after his private jet landed at an airport near Paris. He was then detained for four days as part of an investigation into alleged criminal activity taking place on TelegramOn Wednesday evening, local time, he was indicted and forbidden from leaving the country, according to a statement released by the Paris Prosecutor. He was released under judicial supervision, the statement said, and must post a €5 million ($5.5 million) bail and report to a police station in France twice a week.

The Telegram founder was placed under formal investigation for a range of charges related to child sexual abuse material, drug trafficking, importing cryptology without prior declaration, as well as a “near-total absence” of cooperation with French authorities, Laure Beccuau, the Paris prosecutor, said on Wednesday.

French authorities noted an “almost total lack of response from Telegram to legal requests,” Beccuau noted. “This is what led JUNALCO [the National Jurisdiction for the Fight against Organized Crime] to open an investigation into the possible criminal liability of this messaging service’s executives in the commission of these offenses,” she said. The preliminary investigation began in February 2024 and initial investigations were coordinated by the OFMIN, an agency set up to prevent violence against minors, her statement added.

This is significant because if the French can make these charges stick, it will send a clear message to other online platforms that they have to play ball in terms of moderating content on their platforms, as well as playing nice with law enforcement. So that begs the question if Elon Musk, who has been outspoken about this case, is paying attention? Because if not, he could be next to get picked up by French law enforcement the next time he goes to France. Perhaps he might want to start rethinking his stance on free speech because Durov is as much of a free speech fanboy as Elon is, and look where that got him.

1 Comment »

Elon Musk Takes A Optimus Robot To A Robot Expo In China…. And It Does NOTHING While Other Robots Actually Work

Posted in Commentary with tags on August 28, 2024 by itnerd

You have to ask yourself why Elon Musk insists on doing thing that make him look stupid. The latest case in point is his trip to the World Robot Conference in Beijing. He brought his Optimus robot to show it off. But according to Gizmodo, here’s what happened:

The World Robot Conference in Beijing was a show floor of wonder last week. Humanoid Chinese robots played the zither, folded laundry, and bested humans at the board game Go. As these modern miracles unfolded, Tesla’s Optimus robot looked on, unmoving, from inside a glass box.

And:

While these machines puttered around, Tesla’s Optimus stared at them from a glass cage surrounded by the company’s electric vehicles. Optimus is a sleek looking humanoid robot but it hasn’t done well in its product demos.

Elon Musk famously unveiled Tesla’s venture into robotics in the summer of 2021 by promising the company would soon put humanoid robots in people’s homes. During the presentation, a stiff looking machine walked on stage with Musk. It turned out it was just a guy in a suit. In a video Musk posted to X showing Optimus folding laundry, someone is just off camera operating the machine remotely.

So in short, while other robots were doing robot things, Elon’s robot did nothing. Likely because it can’t do anything interesting. Or perhaps anything at all. That’s not a surprise from a guy who is famous for playing fast and loose with the truth when it comes to the products his companies make. So perhaps Elon might want to focus on making his products actually work and match what he promises via Twitter rather than showing up somewhere with something that is non functional which makes him look like a liar and a loser. Just a thought.

1 Comment »

Intelligent Waves and Horizon3.ai Partner to Bring Next-Generation Autonomous Penetration Testing to the Department of Defense and IC Community

Posted in Commentary with tags on August 28, 2024 by itnerd

Intelligent Waves (IW), a leading tech integrator providing mission-focused, multi-domain operational expertise and innovation to the Department of Defense (DoD), has announced a strategic partnership with Horizon3.ai, a pioneer in autonomous security testing. This collaboration aims to deliver advanced, continuous, and autonomous penetration testing capabilities to enhance the DoD’s cybersecurity defenses.

Revolutionizing Cyber Defense with Autonomous Penetration Testing

The partnership will enable Intelligent Waves to rebrand Horizon3.ai’s NodeZero™ platform into Shadow powered by NodeZero, leveraging IW’s extensive experience in delivering secure and reliable IT services to the DoD. NodeZero is a pioneering autonomous penetration testing platform that continuously assesses and improves an organization’s security posture by preemptively discovering exploitable vulnerabilities and weaknesses within its network infrastructures before it falls victim to a cyber-attack.

Enhancing DoD Cybersecurity Posture

Shadow empowers organizations to conduct unlimited, orchestrated penetration tests, continuously uncovering blind spots and weaknesses within their networks. This platform prioritizes attack paths with the most significant potential impact, providing clear guidance on what to fix first. With full visibility into penetration test progress and exploits, Shadow delivers real-time insights and actionable remediation guidance.

Benefits of the Partnership

  • Continuous Security Assessments: Unlike traditional, periodic penetration testing, Shadow provides ongoing, real-time assessments, ensuring the DoD’s cyber defenses are always up to date.
  • Cost Efficiency: Automation of penetration testing diminishes the need for expensive, manual testing processes, optimizing resource allocation for the DoD.
  • Enhanced Readiness: Immediate verification of fixes ensures that vulnerabilities are effectively addressed, maintaining the integrity of defense systems.
  • Seamless Scalability: The NodeZero platform can scale to test extensive networks, making it ideal for large and complex DoD environments.

Intelligent Waves delivers mission-focused multi-domain operational expertise and innovation to the Government through high-impact technology solutions in cybersecurity, data science, enterprise network & systems engineering, software development, and platform mission support. Always ready. Anytime. Anywhere. Any domain. To learn more, visit www.intelligentwaves.com.

The NodeZero autonomous penetration testing platform empowers the public and private sectors to continuously assess their exploitable attack surfaces. It is the flagship product of Horizon3.ai, founded in 2019 by former industry and U.S. National Security veterans. NodeZero helps organizations see their networks through the eyes of the attacker and proactively fix problems that truly matter, improve the effectiveness of their security initiatives, and ensure that they are prepared to respond to real cyberattacks. Find out more at www.horizon3.ai.

Leave a comment »

Rogers Welcomes Newcomers with International Credit Recognition

Posted in Commentary with tags on August 28, 2024 by itnerd

Rogers Communications has announced a new partnership with Nova Credit, a cross-border credit bureau, to help newcomers to Canada build credit and finance a new smartphone, making their transition easier.

The collaboration enables Rogers to offer newcomers maximum credit by considering their international credit history when applying for a Rogers Red credit card, helping them establish a strong financial foundation in Canada. They can also take advantage of 0% interest financing on new Rogers devices through the Rogers Red credit card, to stay connected from day one while spreading payments over a longer time period. Newcomers can visit any Rogers retail store to apply.

At launch, Rogers will support newcomers by recognizing their credit history from nine countries, including Australia, India, Kenya, Nigeria, the Philippines, Spain, Switzerland, Ukraine and the United Kingdom. Rogers has plans to expand the program to additional countries in the future.

Newcomers approved for a Rogers Red credit card can access flexible device financing on new phones for up to 48 months at 0% interest. Customers can be approved instantly for a Rogers Red credit card in a Rogers retail store, allowing them to leave with both a new device and a credit card on their phone’s mobile wallet.

Rogers customers with a Rogers Red credit card can enjoy 3% cash back value when they redeem with Rogers, and the card has no annual fee. Customers can also stay connected with five Roam Like Home days at no extra cost every year with an eligible Rogers mobile plan. In 2024, Rewards Canada named the Rogers Red World Elite Mastercard the country’s Top No Fee Cash Back Credit Card.

For more information, please visit a Rogers retail store, or visit RogersBank.com/Newcomers and Rogers.com/Newcomers.

Leave a comment »

Cyber Threat Researcher Finds 650,000 Emails Exposed in Recent Cyberattacks on Schools and Universities as “Back to School” Hits

Posted in Commentary with tags on August 28, 2024 by itnerd

Abnormal Security has released its latest blog showing an exponential surge of cyberattacks in the educational sector, exposing over 650,000 records in the last 60 days. 

Mike Britton, CISO at Abnormal Security discusses how educational institutions across the US are becoming easy prey for cybercriminals as the school year approaches, making phishing a big threat to students, teachers, and staff.

The blog dives deep into four instances of schools, all the way from Elementary schools to University, whose students and staff that were exposed, making them vulnerable to potential phishing attacks:

  • Data Breach exploiting 46,169 University students on a cybercrime forum
  • 576,735 records exposed in Elementary school teachers’
  • Data Breach Targeting Rowan College at Burlington County Compromises 27,000 Records
  • $200 Million IT System Breach Impacting 25,000

You can read the blog here.

Leave a comment »

The FBI’s Data Handling Practices Ripped By The DoJ

Posted in Commentary with tags , on August 28, 2024 by itnerd

The FBI has faced significant lapses in handling and disposing of electronic storage media seized during investigations, according to a scathing audit by the Department of Justice’s Office of the Inspector General (OIG). The audit reveals that storage devices containing sensitive information, including national security data, Foreign Intelligence Surveillance Act (FISA) material, and documents classified as Secret, were often improperly labeled or not labeled at all, heightening the risk of loss or theft.

The OIG’s report was addressed to FBI Director Christopher Wray and underscores the gravity of these findings. Despite FBI protocols mandating strict procedures for labeling and securing such data, the agency failed to consistently adhere to these guidelines. The report highlights instances where media containing classified information was stored in unapproved containers or locations, significantly compromising security. Additionally, the FBI’s process for the destruction of these devices was found to be inadequate, with critical gaps that could potentially expose sensitive information to unauthorized access.

Cigent CGO Brett Hansen had this comment:

“Meeting mission requirements and the ever-evolving threat landscape can make ensuring the integrity of data throughout its lifecycle a daunting task. Organizations like the FBI first need to universally adopt proven techniques and technology for safeguarding vulnerable data at the edge. These include Hardware Full Drive Encryption with Pre-boot Authentication and Multi Factor Authentication. Proper disposal of data is also imperative and again there are technologies that can verify all data is permanently erased.”

The FBI of all people need to do a much better job of safeguarding data. Hopefully this report not only “encourages” them to do better. But sends a message to everyone else to step up their game.

Leave a comment »

Publicly Available GenAI Exploitable By Anyone With Internet Access

Posted in Commentary with tags on August 28, 2024 by itnerd

Legit Security has published new research on AI platforms for security issues and potential data leakage with actual vulnerabilities as part of the investigation, with examples encountered in the wild where such attacks were possible.

Naphtali Deutsch, formerly Israeli Military Intelligence Unit 8200 and Security Researcher at Legit, discusses the risks surrounding publicly accessible AI services, exploitable by anyone with Internet access, honing in on two types: vector databases and LLM tools. 

Popular publicly exposed vector datasets involving AI models: Legit’s analysis of unprotected vector databases found that thirty servers contained corporate or private data, including company email conversations, customer PII, product serial numbers, financial records, resumes, and contact information. Three vector databases from two of the most popular platforms belonging to companies in engineering services, fashion, and the industrial equipment sector contain documents, media summaries, customer details, and purchase information.

Legit scanned the data on these servers and found dozens of secrets (passwords, API keys), including OpenAI and Pinecone (vector database SaaS) API keys, GitHub access tokens, and URLs with database passwords. It also found all the configurations and LLM prompts of these applications, which can help exploit prompt vulnerabilities down the road. 

You can read the research here.

Leave a comment »

« Older Entries
Newer Entries »