Independent – Page 33 – Computer Security Articles

A UK research team based at Durham University has identified an exploit that could allow attackers to figure out what you type on your MacBook Pro — based on the sound each keyboard tap makes.

These kinds of attacks aren’t particularly new. The researchers found research dating back to the 1950s into using acoustics to identify what people write. They also note that the first paper detailing use of such an attack surface was written for the US National Security Agency (NSA) in 1972, prompting speculation such attacks may already be in place.

“(The) governmental origin of AS- CAs creates speculation that such an attack may already be possible on modern devices, but remains classified,” the researchers wrote.

To read this article in full, please click here

Independent Krebs

August 8, 2023 admin

Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’

Credit to Author: BrianKrebs| Date: Tue, 08 Aug 2023 17:37:23 +0000

WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to help write malicious software without all the pesky prohibitions on such activity enforced by ChatGPT and Google Bard, has started adding restrictions on how the service can be used. Faced with customers trying to use WormGPT to create ransomware and phishing scams, the 23-year-old Portuguese programmer who created the project now says his service is slowly morphing into “a more controlled environment.” The large language models (LLMs) made by ChatGPT parent OpenAI or Google or Microsoft all have various safety measures designed to prevent people from abusing them for nefarious purposes — such as creating malware or hate speech. In contrast, WormGPT has promoted itself as a new LLM that was created specifically for cybercrime activities.

ComputerWorld Independent

August 7, 2023 admin

Has Microsoft cut security corners once too often?

Credit to Author: eschuman@thecontentfirm.com| Date: Mon, 07 Aug 2023 10:00:00 -0700

As Microsoft revealed tidbits of its post-mortem investigation into a Chinese attack against US government agencies via Microsoft, two details stand out: the company violated its own policy and did not store security keys within a Hardware Security Module (HSM) — and the keys were successfully used by attackers even though they had expired years earlier.

This is simply the latest example of Microsoft quietly cutting corners on cybersecurity and then only telling anyone when it gets caught.

To read this article in full, please click here

Independent Krebs

August 4, 2023 admin

Teach a Man to Phish and He’s Set for Life

Credit to Author: BrianKrebs| Date: Fri, 04 Aug 2023 13:49:15 +0000

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Independent Krebs

August 3, 2023 admin

How Malicious Android Apps Slip Into Disguise

Credit to Author: BrianKrebs| Date: Thu, 03 Aug 2023 11:22:55 +0000

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into benign mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research.

ComputerWorld Independent

August 2, 2023 admin

UK intelligence agencies seek to weaken data protection safeguards

UK intelligence agencies are campaigning for the government to weaken surveillance laws, arguing that the current safeguards limit their ability to train AI models due to the large amount of personal data required.

GCHQ, MI5, and MI6 have been increasingly using AI technologies to analyze data sets, including bulk personal data sets (BPDs), which can often contain sensitive information about people not of interest to the security services.

Currently, a judge has to approve the examination and retention of BPDs, a process that intelligence agencies have described as “disproportionately burdensome” when applied to “publicly available datasets, specifically those containing data in respect of which the subject has little or no reasonable expectation of privacy.”

To read this article in full, please click here

ComputerWorld Independent

July 31, 2023 admin

EEOC Commissioner: AI system audits might not comply with federal anti-bias laws

Keith Sonderling, commissioner of the US Equal Employment Opportunity Commission (EEOC), has for years been sounding the alarm about the potential for artificial intelligence (AI) to run afoul of federal anti-discrimination laws such as the Civil Rights Act of 1964.

It was not until the advent of ChatGPT, Bard, and other popular generative AI tools, however, that local, state and national lawmakers began taking notice — and companies became aware of the pitfalls posed by a technology that can automate efficiencies in the business process.

Instead of speeches he’d typically make to groups of chief human resource officers or labor employment lawyers, Sonderling has found himself in recent months talking more and more about AI. His focus has been on how companies can stay compliant as they hand over more of the responsibility for hiring and other aspects of corporate HR to algorithms that are vastly faster and capable of parsing thousands of resumes in seconds.

To read this article in full, please click here

ComputerWorld Independent

July 31, 2023 admin

EEOC chief: AI system audits might comply with local anti-bias laws, but not federal ones

To read this article in full, please click here