PSW #785 – Kevin Johnson

"They encrypt at excessive speed," Richard Addiscott, a senior director analyst at Gartner told the firm's IT Infrastructure, Operations & Cloud Strategies Conference 2023 in Sydney on Monday. "They encrypt faster than you can run a directory listing."

Ransomware operators therefore encrypt badly and lose some of the data they then try to sell you back.

An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom firmware implant designed explicitly for TP-Link routers.

It isn’t often that our government is willing to shell out $10 million – but a Russian hacker has joined that elite group. Since early 2020, Mikhail Pavlovich Matveev carried out ransomware attacks against various health care providers and law enforcement agencies. Matveev used ransomware strains from Babuk, Lockbit and Hive against his victims, and pocketed over $200 million via his extortion campaigns. The FBI has issued a coveted Most Wanted poster for Matveev.

Kiddowares 'Parental Control – Kids Place' app for Android is impacted by multiple vulnerabilities that could enable attackers to upload arbitrary files on protected devices, steal user credentials, and allow children to bypass restrictions without the parents noticing.

This is a serious article from Scientific American, not crazy speculation. LLMs are proven to have an internal representation of the world, and they perform tasks they were not trained to do, giving them “emergent abilities.” An AI trained to play Othello developed “neural activity” that matched the game board. The researchers concluded that it was playing Othello roughly like a human: by keeping a game board in its “mind’s eye” and using this model to evaluate moves. "...we are probably not that far off from AGI" (Artificial General Intelligence).

Source code for the VMProtect software has leaked online not once but twice over the past year. The first leak happened in August last year, while the second took place last week via a Chinese IT forum. Made by a Russian company, VMProtect is a popular solution for protecting software applications by running an app inside a customized virtual machine. VMProtect has its legitimate uses in the software development community, especially in games and enterprise applications, but it has also been broadly adopted by malware developers to protect malicious payloads—with multiple cybersecurity companies automatically detecting VMProtect-enveloped software as a potential threat.

You might have been tricked into clicking this, assuming that the .zip in the URL was a filename. This is, of course, how it's been for decades. .zip isn't a valid part of a domain name! Except that Google has changed that. You can now purchase .zip and .mov domain names from Google. ICANN has failed all of us by allowing this to happen.

The risk is increased because VMware says antivirus is not needed for ESXi and does not support it.

Google is adding two new features to its image search to reduce the spread of misinformation: ‘About this image’ serves up additional context like when an image or similar ones were first indexed by Google, where they first appeared and where else they’ve shown up online. Another mark on every AI-generated image will indicate the tool used to create it.

This is Microsoft's version of confidential computing. It revolves around a trusted execution environment (TEE) or secure enclave. This uses hardware-based security mechanisms to protect any code and data placed inside it from everything outside the enclave, including the host operating system and any other application code.
The bad news – if you are a consumer – is that this allows for scenarios where companies can more easily target you with pitches that are tailored to you personally because confidential computing can potentially overcome some of the regulatory and privacy concerns around organizations sharing sensitive data with third parties.

This is Amazon's version of confidential computing. Where would AWS Clean Rooms be useful? Consider a scenario where two different insurance companies want to identify duplicate claims so they can identify potential fraud. This would be simple if they could compare their claims with each other, but they might not be able to do so due to privacy constraints.

Brave browsers will include a new feature called “Forgetful Browsing,” which allows users to always clear cookies and other storage when the site is closed. Forgetful Browsing can help you: Be automatically logged out of a site when it’s closed, Avoid being rate limited by a site (e.g., “you have X remaining articles to view”), and Generally prevent sites from reidentifying you across visits

Seniors who have already graduated were denied their diplomas because of an instructor who incorrectly used AI software to detect cheating. Dr. Jared Mumm, a campus rodeo instructor who also teaches agricultural classes, used this process: “I copy and paste your responses in [ChatGPT] and [it] will tell me if the program generated the content”.

Hired as customer service reps, they lure the lovestruck through a network of dating sites. Freelancers employed all over the world animate fake profiles and chat with people who have signed up for dating and hookup sites. “Customer service” staff don’t play a single character on the sites. Instead, they sit in a chat queue to be cycled between virtual characters they occupy for two minutes at a time.

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines (VMs) to install third-party remote management tools within compromised environments. This method of attack was unique in that it avoided many of the traditional detection methods employed within Azure and provided the attacker with full administrative access to the VM. The development is yet another evidence of attackers taking advantage of living-off-the-land (LotL) techniques to sustain and advance an attack, while simultaneously circumventing detection.

The U.S. Department of Defense is quietly abandoning one of its longest running cybersecurity programs protecting its vast global IT network, and replacing it with off-the-shelf tools from Microsoft, despite internal opposition and criticism from experts who say it will make the nation more vulnerable to foreign hackers, enemy cyberwarriors and online spies. Now, the department will use Microsoft Defender,said Deputy CIO David McKeown, one of the Defense Department's top cyber officials. He disputed the suggestion that using Microsoft security tools to protect Microsoft software would make the DOD more vulnerable, saying tools that were built from the ground up to integrate with the software they were protecting would be more secure.

In 2022, the App Store prevented over $2 billion in potentially fraudulent transactions, and rejected nearly 1.7 million app submissions for failing to meet the App Store’s high standards for privacy, security, and content. In 2021, Apple terminated over 802,000 developer accounts for potentially fraudulent activity. In 2022, that number declined to 428,000 thanks in part to new methods and protocols that allow the App Store to prevent the creation of potentially fraudulent accounts.

Locking a WhatsApp chat takes that thread out of the inbox and puts it behind its own folder that can only be accessed with your device password or biometric, like a fingerprint. It also automatically hides the contents of that chat in notifications, too. This feature will be great for people who have reason to share their phones from time to time with a family member or those moments where someone else is holding your phone at the exact moment an extra special chat arrives.

Instead of directly capturing atmospheric carbon dioxide, the technology would extract it from seawater, enabling the seawater to absorb more. Why? Because, per unit volume, seawater holds nearly 150 times more carbon dioxide than air. The seawater would flow through a mesh that allows an electrical charge to pass into the water, rendering it alkaline. This kicks off a set of chemical reactions that ultimately combine dissolved carbon dioxide with calcium and magnesium native to seawater, producing limestone and magnesite by a process similar to how seashells form. The seawater that flows out would then be depleted of dissolved carbon dioxide and ready to take up more. A co-product of the reaction, besides minerals, is hydrogen, which is a clean fuel.

"Emergent" abilities are "abilities that are not present in smaller-scale models, but which are present in large-scale models" -- increasing the size of a model infuses it with some amazing ability not previously present. These researchers say LLMs don't really have emergent abilities, but only appear to, because poorly chosen methods of measurement were used.

YouTube recommended hundreds of videos about guns and gun violence to accounts for boys interested in video games. Many of the videos violated YouTube’s own policies on firearms, violence, and child safety, and YouTube took no apparent steps to age-restrict them.

Ledger Recover is a subscription service that allows users to utilize an additional layer of protection for their private keys. This service employs a technique where the user’s seed phrase is divided into three encrypted fragments, each sent to different external entities. Once these fragments are combined and decrypted, they can be used to reconstruct the original seed phrase. Mudit Gupta, the chief information security officer at Polygon Labs, shared, “It’s a horrendous idea, DON’T enable this feature...the problem here is that the encrypted keys parts are sent to 3 corporations and they can reconstruct your keys.”