An app called DeepNudeAI, which allows users to upload real photos of women and then creates a fake AI generated image of them nude is currently advertising on X, formerly known as Twitter. The service is being promoted by an X user who goes by Марина and the handle @Marina247016199.
The app is part of new series of privacy invasion AI apps called “undressing apps” that create deep-faked nudes. In the new reality of AI, anything from speech to body can be faked in a strikingly realistic way, capable of fooling everyone but the most savvy or trained eyes.
Undressing apps allow users to customize the nude they receive, including changing the age of the victim in the image to make them look underaged.
The potential use of deep-faked nudes for blackmail and reputation destruction represents a new disturbing trend in an AI world that is already a new frontier of antisocial behavior. It represents a disturbing invasion of privacy without legal precedent. And this particular advertisement appears to view blackmailing women as the number one use case of the application.
Users who have seen this ad are disgusted that it exists. And rightly so. But it gets worse. Apparently Twitter is perfectly fine with this sort of tool being advertised on the platform:
An account on X called @MattTalksBall apparently reported the original account posting the DeepNudeAI ad and received a note that the ad hadn’t broken X’s safety policies. Confirming that invasion of privacy apps used for blackmailing women are not a violation of X standards and apparently completely free to advertise on X.
Even by Elon’s already insanely low standards, this is a new low. The fact that anyone is okay with a tool that can make lives miserable for innocent people being advertised on Twitter or anywhere else is reprehensible. Clearly Elon either doesn’t care, or he is so desperate for money that any amount of morality has been deleted from his conscience. Either way, it’s yet another reason why everyone should abandon Twitter.
Posted in Commentary with tags Truebit on December 15, 2023 by itnerd
Truebit has offered up the following 2024 Technology Predictions about important trends in software and application development. These predictions come from Blane Sims, Head of Product of Truebit.
Web3 Offers an Open Market for Compute
Web3 technology is often associated with cryptocurrencies and NFTs, but it has the potential to revolutionize the way we think about enterprise computing. In 2024, developers will see the benefits of a new generation of infrastructure emerging leveraging consensus, verification, and transparency to address some of the most significant new challenges in enterprise computing today.
Web3 factors in as IT leaders increasingly seek a more open market for compute. The factors driving the shift to hybrid, multi-cloud infrastructures are the same forces underlying Web3: security, reliability, risk mitigation, portability, interoperability, and cost control. As we refactor cloud architectures to accommodate this shift, Web3 naturally emerges as the next evolution of the compute we rely on today — from VMs to containers to serverless functions.
Decentralization Will Get a Seat at the Table in 2024
Decentralization is an important next step for enterprises, as it allows more compute capacity to come to the table and reduces dependencies on cloud computing giants. However, as workloads run on a more decentralized network, businesses must determine how to trust a vast distributed network of providers that they may not be able to vet individually. This is where Web3 plays a crucial role; by establishing trust and transparency in a decentralized environment.
In a world of low-code and open-source solutions, where nothing is entirely new and components are repurposed and combined, verifying correctness when data and processes come from unknown sources becomes increasingly important. Verified compute, transparent protocols, and immutable records address these concerns.
Decentralized Verification as a Mainstream Solution
In 2024, as mainstream developers increasingly seek secure and efficient computing solutions, decentralized verification platforms will gain traction. These platforms enable verification of data integrity and computational correctness in a trustless environment. For developers, this means enhanced trust and reliability for complex applications and immutable proof of execution, aligning with the growing demand for transparency and security in business processes.
Interoperability as a Necessity for Enterprise Computing
The shift towards a more open market for compute power puts a spotlight on interoperability. In 2024, the ability to seamlessly integrate and interact across independent systems and data sources will be crucial. By facilitating secure and transparent cross-chain operations, Web3 technologies will empower businesses to harness diverse computational resources and data sets, making them indispensable for innovative enterprise applications.
Posted in Commentary with tags Samsung on December 15, 2023 by itnerd
Samsung Electronics Canada today announced the release of its most intelligent PC lineup yet: the Samsung Galaxy Book4 Ultra, Galaxy Book4 Pro 360 and Galaxy Book4 Pro. The latest Galaxy Book4 Series comes with a new intelligent processor, a more vivid and interactive display, and is secured by Knox — beginning a new era of Samsung AI PCs that can offer enhanced productivity. These AI enhancements also elevate the Samsung Galaxy ecosystem and form part of the company’s vision of AI innovation — for both today and tomorrow.
Intelligent Productivity Leveled up by Secure Performance
The Galaxy Book4 Series is equipped with an intelligent processor for powerful performance. The latest Series comes with a new Intel® Core™ Ultra 9 processor that combines a faster CPU, a higher-performance GPU and a newly added NPU into a single package. Coupled with Intel’s industry-first AI PC Acceleration program — which includes more than 100 AI applications from independent software vendors, the new processor enables exciting new AI capabilities for users. The NVIDIA® GeForce RTX™ 4070 Laptop GPU takes the user experience to the next level. Creativity is supercharged with fast, generative AI-based creation tools backed by NVIDIA Studio technology that allow you to create stunning images with simple text in seconds with RTX-optimized Stable Diffusion. Galaxy Book4 Ultra users can also immerse themselves in games with NVIDIA Deep Learning Super Sampling (DLSS) technology that creates higher quality images for over 500 ray-traced popular games and applications.
The Galaxy Book4 Ultra also lowers heat and fan noise with a new cooling system, including an 11 percent wider vapor chamber and a dual fan with an uneven blade spacing design. You can use your device for a longer time on a single charge thanks to increased power efficiency. Galaxy Book4 Ultra users can also quickly top up an additional 55 percent battery life in just 30 minutes using the 140W adaptor that is 1.4 times larger than its predecessor.
Data privacy and security have become increasingly important, that’s why Samsung is building on its legacy of security with Samsung Knox and enhanced security measures at the chipset level for the Galaxy Book Series for the first time. All three models have a new discrete Samsung Knox security chip that secures critical system data separately, adding to existing multi-layered security efforts with Intel and Microsoft.
Stunning Display and Next-level Connectivity to Perform Anytime, Anywhere
The Galaxy Book4 Series upgraded display gives you a clear view, so you can stay productive while on the go. The Series boasts an incredible viewing experience with a Dynamic AMOLED 2X display that offers clear contrast and vivid colour. Vision Booster uses an Intelligent Outdoor Algorithm to automatically enhance visibility and colour reproduction in bright conditions, while anti-reflective technology reduces distracting reflections. With a touchscreen now added to all three models, the Galaxy Book4 Series not only delivers a clear viewing experience but is also more interactive — offering a familiar touch-based user interface, similar to the experience on your smartphone or tablet.
Advanced audio is just as important for a well-rounded PC experience with high octaves and rich bass delivered by AKG Quad speakers with Dolby Atmos® for clear and crisp sound. Dual microphones with bi-directional AI noise cancelingcapture your voice clearly during video calls, even in noisy outdoor environments. When paired with Galaxy Buds2 Pro, LE Audio — an advanced Bluetooth audio standard — enables realistic sounds with reduced latency to make experiences such as gaming more immersive. Auto Switch allows you to seamlessly connect your Galaxy Buds to multiple devices — from your smartphone, tablet and watch to your TV and now PC — so you can enjoy listening to your devices without manual input. A large touchpad and a wide range of ports — including a new HDMI 2.1 port — are also designed to enhance the usability of the Galaxy Book4 Series. All these features are packed in a slim and light design that opens powerful possibilities on the go.
Together with Galaxy smartphones and tablets, Galaxy Book4 Series users can benefit from even more enhanced productivity and creativity features. Designed to help everyone be a creator, Samsung Studio, a new video creation tool available across Samsung Galaxy devices, allows you to continue editing videos made on your phone or tablet in more detail on your PC. Photo Remaster, now available on Samsung Gallery for PC, lets you quickly correct photos and automatically erase unwanted shadows and reflections with AI-enabled optimization. Second Screen allows you to use your tablet as a monitor for your Galaxy Book4 and elevate your productivity with a variety of display modes such as Duplicate, Extension and now Rotation.
Availability
The Samsung Galaxy Book4 Series will be progressively made available in select markets including Canada in 2024. The Series comes in a refined and minimal finish with a wider variety of recycled materials, including plastics, glass, and aluminum.
Peace of Mind with Samsung Care+
With a Samsung Care+ Plan, Canadians can experience total care service for their new Galaxy Smartphone, Laptop, Tablet or Wearable device. Users will be protected for up to two years against physical or liquid damage and mechanical malfunction or defects, with a team of dedicated Galaxy experts available to help them get back on track.
Posted in Commentary with tags Appdome on December 14, 2023 by itnerd
The global surge in mobile app usage has transformed brand engagement, but it brings a heightened risk of cybersecurity threats. Appdome‘s survey of 25,000 consumers across 12 countries reveals that 40% have experienced or known someone close to them falling victim to cyber-attacks, emphasizing the urgent need for robust security measures.
Consumer concern is evident, with 73% stating they would swiftly abandon an app at the slightest hint of vulnerability. App developers must recognize their pivotal role in shielding users from cyber threats, transitioning from basic protection to a robust mobile app defense.
Crucially, users now demand prevention, not compensation after a privacy breach, necessitating closer collaboration between app developers and security vendors from the start of the development process.
For a detailed exploration of the state of mobile app security, please have a look at the full report.
Posted in Commentary with tags Esso on December 14, 2023 by itnerd
Let me get you up to speed here. Last weekend I wrote about Imperial Oil which is the parent company of Esso and Mobil here in Canada transitioning to a new contactless payment app. Replacing what I considered to be the best contactless payment app in a two app shootout a year ago. In the process, I was unable to log into the app when I went to use it for the first time. I did some troubleshooting, gave up, and submitted a help request to Imperial Oil. As I type this, I have never heard from them. This is bad because not responding to requests from your customers when they need help creates a very negative customer experience and dis-incentivizes them from doing business with you.
However, I did test the app this morning for giggles and I was finally able to log in. So whatever issues that they had on their back end are clearly resolved. But it did push me to try the Shell app to see what that was like. And I will have a review of that online on Monday. That wouldn’t have happened if the Esso/Mobil app didn’t work. Thus I guess I have to thank Imperial Oil for prompting me to look at the Shell app and telling all of you about it.
Finally, since I am all about keeping things fair. I am posting this to Twitter and tagging Imperial Oil so that if they have a comment on my experience, they can give it as I’d really like to hear about why the app stopped working, and why they didn’t respond to the request for help that I left here. Let’s see if they actually do respond.
November Ransomware Trends: Total observed victims increased by 32% and exceeded the calendar year 2023 average by only 16%, while the rolling average increased by only 6%, indicating a relatively consistent pace of operations since Q2.
Threat Actor Trends: GRIT also observed a marginal decrease in active ransomware groups. However, this was influenced by the arrival and drop-off of several smaller emerging groups, and 82% of victims were attributed to ransomware groups that have operated for at least six months.
Victims by Country: TheUS accounted for nearly half (48%) of last month’s victims; the Netherlands is in the top 10 again, accounting for 21% of its total victim count in 2023; Canada saw a decrease in victims, typically ranking in the top 3, but fell to #6; Germany saw a spike in attacks, returning to the top 5.
Increased Ransomware Impact: Nearly a quarter of 2023’s ransomware attacks against China took place in November, impacting energy, automotive, legal, and pharmaceutical industries, a departure from the most frequently affected manufacturing industry, further complicating this potential anomaly.
Most Targeted Industries: Yet again, Manufacturing was the most targeted industry. Healthcare came in second, followed by Retail and Wholesale, Transportation, and Education to round out the top 5 most targeted sectors in November 2023.
Posted in Commentary with tags Fortra on December 14, 2023 by itnerd
By Nick Oram, Security Operations Manager at Fortra
The allure of airline status and points, along with the abundance of personal identifiable information (PII) of customers and employees, make the airline industry a prime target for threat actors on the dark web. Depending on the goal of the actor and the nature of the stolen data, criminals can find airline-specific materials for sale on a variety of markets. Below, we take a look at the types of threats targeting airlines and their customers on dark web marketplaces, and what organizations can do to prevent exposure and attacks.
Marketplaces that specialize in the sale of account credentials are havens for threat actors interested in exchanging compromised information. In these marketplaces, stolen customer account information is in steady supply, as threat actors are consistently adding new data acquired through network compromise and phishing scams. This data is often sold for minimal fees, allowing threat actors of all levels of experience to use for the malicious purposes of their choosing.
Threat Types
Account Data
Account data associated with specific airline providers is commonly advertised with varying levels of access on dark web marketplaces. Below is an example of data attributed to the Turkish Airlines brand. This particular data set contains customer names, points available on accounts, and print screens showing the account actively logged into. By capturing this intelligence, security teams can identify compromised customers without purchasing the data directly off the marketplace.
Overview of Available Account Data for Turkish Airlines
Account Data for Sale
Print Screen of Airline Account for Sale
Airline Status
Threat actors will frequently look to purchase different levels of status for well-known airline brands. Not only do members of the dark web advertise their stolen data for sale, but individuals also broadcast their preferences of information to buy. In this type of exchange, threat actors will typically provide the best method of contact in posts on dark web forums.
In the example below, the threat actor is instructing potential sellers to reach out via the chat messaging platform for sales inquiries.
Card Data/Credit Unions
Credit unions associated with the airline industry are also targeted on the dark web. The sale of member credit/debit card data can be found in varying levels of detail on both carding marketplaces as well as forums. This type of information can be obtained by threat actors through malicious means such as skimming devices, point-of-sale malware, and sniffers.
Below are two examples of card data targeting an airline’s credit union branch. The data from the first screenshot showcases customer PII tied to the account on a typical carding marketplace. The second displays full credit card numbers posted over a carding forum.
Database Leaks
As withother industries, airline customers and employees are not immune to data leaks being posted on the dark web. Data leaks can be advertised by threat actors for a fee, with the stolen data, or the fully compromised credentials posted for free.
The screenshot below showcases two Colombian airlines with various customer data exposed. The types of information include: user data, name, date of birth, passport numbers, phone, email, and more.
It is commonplace for threat actors to post small samples or highlights from the stolen data on dark web forums. The purpose of this is to entice members to reach out via private message in regards to procuring the information. In the screenshot below, the threat actor gives examples of the types of information included in a small database compromised directly from a company server.
Below, in the same forum, the threat actor has posted samples of the data in addition to offering the total database for a fee of $3,000 USD.
Infostealers
In addition to purchasing sensitive data, infostealer data has been a popular vector for threat actors to gain internal access to companies and should be considered a high-priority security threat. Infostealers are a type of malicious software commonly used to exfiltrate data from infected computers. This information is then sold to other criminals, who abuse company credentials to infiltrate network systems.
Threat actors also purchase infostealer malware and launch attacks themselves.
Below is an example of an airline database compromise affecting 3,200 vendors due to a Redline infostealer infection. In this instance, the target of the attack was an airline employee with third-party access to internal systems. The leaked information included names, addresses, phone numbers, and email addresses.
Redline, along with many infostealer malware variants, can be distributed to victims via traditional phishing methodologies, mobile applications, and pirated materials that will infect devices with malicious software when it is downloaded.
Infostealers continue to be a popular method for threat actors to infiltrate an institution’s internal environment or gain access to their customer’s information. Compromised data as a result of an infostealer attack can be purchased for a very small fee and manipulated by the purchaser for their needs.
For instance, infostealer malware can go beyond access to the username and password of the compromised account to capture authentication cookies/tokens of the compromised machine. This allows a user to remain logged into online services without having to constantly sign back in with their password or a two-factor authentication code.
By using session cookies/tokens within their own browser, the buyer is able to bypass security protection measures like two-factor authentication and remain undetected by the compromised user.
Ransomware
The airline industry continues to be targeted by ransomware groups. Many of these groups have leak sites on the dark web where they will publicly shame compromised corporations. These sites include countdowns documenting the time to pay ransom before data is leaked, samples of the data, screenshots of documents that were compromised, and download links to get the full set of data.
The example below advertises compromised data belonging to Allegiant Air on a Clop ransomware group leak site.
The dark web is ripe with marketplaces distributing stolen information and the tools needed to target and attack vulnerable industries. Account data belonging to the airline sector is highly sought after and available through these marketplaces, where cybercriminals advertise varying types of stolen information for relatively small fees.
While the dark web can be difficult to navigate, security teams should familiarize themselves with spaces where compromised information associated with their brand may be present. By proactively identifying data linked to their brand, customers, employees, or partners, they will have the opportunity to limit or contain any damage that could occur as a result of compromise.
Posted in Commentary with tags Rogers on December 14, 2023 by itnerd
Rogers and Lynk Global, Inc. today announced they completed Canada’s first successful satellite-to-mobile phone call using Samsung S22 smartphones. The call took place in historic Heart’s Content, where the world’s first transatlantic telegraph cable took place between Canada and Ireland over 150 years ago. The two companies also tested SMS, data and emergency alerting services.
Technology available on existing smartphones The phone call was made between Andrew Furey, Premier of Newfoundland and Labrador, and a member of the Newfoundland and Labrador Search and Rescue Association using Lynk’s low-earth orbit (LEO) satellites and Rogers national wireless spectrum. Wireless spectrum ensures this technology works on existing smartphones so customers don’t need to install customized apps or not yet available hardware.
Rogers to launch satellite-to-mobile phone technology in 2024 Rogers will launch satellite-to-mobile phone technology in 2024, starting with SMS texting, mass notifications and machine-to-machine AI applications, and then expand the service to include voice and data services quickly thereafter. This new technology will deliver wireless services to the country’s most remote wilderness, national parks and rural highways.
Rogers is committed to improving public safety through its national network investments. This includes the company’s commitment to bring 5G wireless service and 911 access throughout the entire Toronto subway system for all TTC riders and extend wireless coverage along Canada’s remote highways. The company also continues to invest to bring Canadians the largest and most reliable 5G network, which now covers more than 2,200 communities.
Posted in Commentary with tags Google on December 14, 2023 by itnerd
Last weekGoogle introduced Gemini, their latest and most capable AI model, and explained their vision, revealed technical details and shared a roadmap of what’s to come. They also previewed what developers will be able to build with its state-of-the-art multimodal capabilities.
Google is now making Gemini Pro available to developers and organizations, as well as a range of other AI tools, models and infrastructure.
Here’s what They’re announcing:
The Gemini Pro API is available to developers in Google AI Studio.
It’s also available to enterprises through Google Cloud’s VertexAI platform.
They’re also introducing other models in Vertex AI to help developers and enterprises flexibly build and ship applications:
An upgraded Imagen 2 text-to-image diffusion tool.
A family of foundation models fine-tuned for the healthcare industry, MedLM available (via allowlist) to Google Cloud customers in the U.S.
And they announced general availability of Duet AI forDevelopers and Duet AI in Security Operations.
Posted in Commentary with tags Apple on December 14, 2023 by itnerd
It seems that Beeper Mini’s victory over Apple in terms of getting their iMessage on Android app back online was short lived. Last night, this was posted to Twitter:
We're investigating reports that some users cannot receive iMessages on Beeper Mini and Beeper Cloud.
This doesn’t come as a shock. When Beeper found away around whatever Apple did to shut them down, I fully expected Apple to retaliate. And so they have. But there is a workaround apparently. How long that workaround continues to work is anybody’s guess. And I also fully expect the “-5%” of users affected by this to grow.
At this point, I expect this cat and mouse game between Beeper and Apple to continue for some time until, Beeper taps out. The only thing that is at question here is how long it will take for Beeper to tap out.
I’ll be watching this story as I expect there will be more developments.
A Tool That Creates Deepfake Nudes Is Perfectly Fine To Advertise On Twitter…. WTF???
Posted in Commentary with tags Twitter on December 15, 2023 by itnerdElon Musk can’t get big name companies to advertise on Twitter. But apparently he’s allowing someone who has some sort of tool to create deepfake nudes to advertise on Twitter:
An app called DeepNudeAI, which allows users to upload real photos of women and then creates a fake AI generated image of them nude is currently advertising on X, formerly known as Twitter. The service is being promoted by an X user who goes by Марина and the handle @Marina247016199.
The app is part of new series of privacy invasion AI apps called “undressing apps” that create deep-faked nudes. In the new reality of AI, anything from speech to body can be faked in a strikingly realistic way, capable of fooling everyone but the most savvy or trained eyes.
Undressing apps allow users to customize the nude they receive, including changing the age of the victim in the image to make them look underaged.
The potential use of deep-faked nudes for blackmail and reputation destruction represents a new disturbing trend in an AI world that is already a new frontier of antisocial behavior. It represents a disturbing invasion of privacy without legal precedent. And this particular advertisement appears to view blackmailing women as the number one use case of the application.
Users who have seen this ad are disgusted that it exists. And rightly so. But it gets worse. Apparently Twitter is perfectly fine with this sort of tool being advertised on the platform:
An account on X called @MattTalksBall apparently reported the original account posting the DeepNudeAI ad and received a note that the ad hadn’t broken X’s safety policies. Confirming that invasion of privacy apps used for blackmailing women are not a violation of X standards and apparently completely free to advertise on X.
Even by Elon’s already insanely low standards, this is a new low. The fact that anyone is okay with a tool that can make lives miserable for innocent people being advertised on Twitter or anywhere else is reprehensible. Clearly Elon either doesn’t care, or he is so desperate for money that any amount of morality has been deleted from his conscience. Either way, it’s yet another reason why everyone should abandon Twitter.
Leave a comment »