Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Credit to Author: Microsoft Threat Intelligence| Date: Mon, 22 Apr 2024 16:00:00 +0000

Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. Microsoft has issued a security update addressing this vulnerability as CVE-2022-38028.

The post Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials appeared first on Microsoft Security Blog.

Read more

Beware: Malicious Android Malware Disguised as Government Alerts.

Credit to Author: Digvijay Mane| Date: Fri, 22 Mar 2024 06:59:38 +0000

In our high-tech world, sneaky cyber threats can pop up anywhere. Lately, we’ve spotted sneaky malware on Android…

The post Beware: Malicious Android Malware Disguised as Government Alerts. appeared first on Quick Heal Blog.

Read more

A call for digital-privacy regulation 'with teeth' at the federal level

Credit to Author: scot.finnie@gmail.com| Date: Wed, 13 Mar 2024 03:00:00 -0700

How did we get to the point where the tech industry is in the user-data business instead of the tech business?

Every day, Google collects data on billions of people worldwide, according to The Regulatory Review. The dodge that users gain some benefit from ad targeting is fallacy. For example, if Google’s search were decoupled from its advertising, there would be less chance for users to be misled by ignored search terms and seemingly hard-wired results.

There’s nothing beneficial to the user about Google’s sponsored search results. That’s also true of  the adjacent Google ads that follow you around from site to site.

To read this article in full, please click here

Read more

Staying ahead of threat actors in the age of AI

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 14 Feb 2024 12:00:00 +0000

Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. The observed activity includes prompt-injections, attempted misuse of large language models (LLM), and fraud.

The post Staying ahead of threat actors in the age of AI appeared first on Microsoft Security Blog.

Read more

How OpenAI plans to handle genAI election fears

OpenAI is hoping to alleviate concerns about its technology’s influence on elections, as more than a third of the world’s population is gearing up for voting this year. Among the countries where elections are scheduled are the United States, Pakistan, India, South Africa, and the European Parliament.

“We want to make sure that our AI systems are built, deployed, and used safely. Like any new technology, these tools come with benefits and challenges,” OpenAI wrote Monday in a blog post. “They are also unprecedented, and we will keep evolving our approach as we learn more about how our tools are used.”

To read this article in full, please click here

Read more

What exactly will the UK government's global AI Safety Summit achieve?

From tomorrow, the UK government is hosting the first global AI Safety Summit, bringing together about 100 people from industry and government to develop a shared understanding of the emerging risks of leading-edge AI while unlocking its benefits. 

The event will be held at Bletchley Park, a site in Milton Keynes that became the home of code breakers during World War II and saw the development of Colossus, the world’s first programmable digital electronic computer, used to decrypt the Nazi Party’s Enigma code, shortening the war by at least two years.

To read this article in full, please click here

Read more