This is not elite hackers, this is the “B” team that is simply repeating hacks that organizations know about but haven’t bothered to fix yet.
Chinese Hackers Able to Directly Exploit Major Telcos via Routers and Networking Equipment, Largely Using Published Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has published an alarming warning indicating that state-backed Chinese hackers have deep penetration into “major” US telcos, and are getting in by compromising an assortment of networking equipment and routers.
The report declined to name specific impacted telcos, but did indicate that this is not a case of zero-day exploits or even any sort of advanced tradecraft; the Chinese hackers appear to be using published exploits on various types of equipment that have simply not been patched or remediated.
(Related) You will pay for poor security one way or another...
Your Digital Forensics and Incident Response Capabilities — Or Lack Thereof — May Be Weighing on Your Cyber Insurance Premiums
… Enterprises have never been more at risk of suffering cyber attacks and when they do, the damages have never been higher. According to cyber insurance provider Coalition, claims have skyrocketed for enterprises in multiple sectors, including IT at 46 percent, materials at 99 percent and industrials at 263 percent. The average ransom demand made to its policyholders, meanwhile, increased by almost 170 percent to $1.2 million in the first half of 2021.
With their policyholders under great threat, cyber insurers are at equal risk of having to provide them with significant payouts to cover damages linked to cyber incidents. They’ve mitigated this risk by raising the price of cover. In the U.S., cyber insurers raised their pricing by 130 percent in the fourth quarter of 2021 alone, according to insurance provider Marsh. They’ve also demanded that their policyholders do more on cybersecurity to even qualify for coverage. For enterprises looking to increase their cyber resilience to qualify for coverage or to lower their premiums, the answer may lie in digital forensics and incident response.
With access to the Internet, anyone can be a spy.
https://www.newsweek.com/ukraine-artificial-intelligence-catch-people-sabotaging-war-effort-1716251
Ukraine Using Artificial Intelligence to Catch People Sabotaging War Effort
… Yenin said that sabotage groups can vary in profile and number because they can be created to carry out different tasks. Closer to the start of Russia's invasion, for example, Ukraine pinpointed five to 10 people who were tasked with committing "terrorist acts" and sabotage, including in the center of the capital, Kyiv.
Since then, most of the saboteurs have focused on tasks like trying to share the location of armed groups and recording the effectiveness of shelling via missiles or artillery, the report said.
(Related) Think of it as a wholesale wiretap…
https://www.wired.com/story/ukraine-russia-internet-takeover/
Russia Is Taking Over Ukraine’s Internet
In occupied Ukraine, people’s internet is being routed to Russia—and subjected to its powerful censorship and surveillance machine.
Implications for security. Tools for disinformation. Imagine an industry that manufactures “evidence” on demand!
https://www.theverge.com/2022/6/15/23169012/voicemod-morgan-freeman-ai-voice-astronauts-pilots
Voicemod uses AI to transform your voice into Morgan Freeman, astronauts, and more
Voicemod, a popular real-time voice changer, is starting to use artificial intelligence to transform your voice into Morgan Freeman and other characters. A new Voicemod AI Voices beta is launching today, offering up eight options to transform your voice into fantasy characters, pilots, astronauts, and the actor Morgan Freeman.
Voicemod has been transforming voices for years thanks to classic sound design techniques, but these new voice effects combine AI, too. The “Morgan” voice, as Voicemod calls it, is particularly impressive, allowing you to pretend to be the famous movie star or simply a polished voice actor.
(Related) Anyone with sufficient voice recordings can have a bot that sounds just like them.
https://www.gawker.com/politics/an-exclusive-interview-with-ruth-bader-ginsburgs-chat-bot
AN EXCLUSIVE INTERVIEW WITH RUTH BADER GINSBURG’S CHAT BOT
(Related)
https://www.bespacific.com/deepfakes-on-trial-a-call-to-expand-the-trial-judges-gatekeeping-role-2/
Deepfakes on Trial: a Call to Expand the Trial Judge’s Gatekeeping Role to Protect Legal Proceedings from Technological Fakery
Delfino, Rebecca, Deepfakes on Trial: a Call to Expand the Trial Judge’s Gatekeeping Role to Protect Legal Proceedings from Technological Fakery (February 10, 2022). Loyola Law School, Los Angeles Legal Studies Research Paper No. 2022-02, Available at SSRN: https://ssrn.com/abstract=4032094 or http://dx.doi.org/10.2139/ssrn.4032094
“Picture this: You are arrested and accused of a serious crime, like carjacking, assault with a deadly weapon, or child abuse. The only evidence against you is a cellphone video showing the act of violence. To the naked eye, the perpetrator on the video is you. But you are innocent. The video is a “deepfake” – an audiovisual recording created using readily available Artificial Intelligence technology that allows anyone with a smartphone to believably map one person’s movements and words onto another person’s face. How will you prove the video is deepfake in court? And, who—the judge or the jury–gets to decide if it’s fake? The law does not provide clear answers. But this much is certain–deepfake evidence is an emerging threat to our justice system’s truth-seeking function. Deepfakes will invade court proceedings from several directions—parties may fabricate evidence to win a civil action, governmental actors may rely on deepfakes to secure criminal convictions, or lawyers may purposely exploit juror bias and skepticism about what is real. Currently, no evidentiary procedure explicitly governs the presentation of deepfake evidence in court. The existing legal standards governing the authentication of evidence are inadequate because the rules were developed before the advent of deepfake technology. As a result, they do not solve the urgent problems of–how to show a video is fake and how to show it isn’t. In addition, although in the last several years, legal scholarship and the popular news media have addressed certain facets of deepfakes, there has been no commentary on the procedural aspects of deepfake evidence in court. Absent from the discussion is who gets to decide whether a deepfake is authentic. This article addresses the matters that prior academic scholarship about deepfakes obscures. It is the first to propose a new rule of evidence reflecting a unique reallocation of the fact-determining responsibilities between the jury and the judge, treating the question of deepfake authenticity as one for the court to decide as part of an expanded gatekeeping function under the rules of evidence. Confronting deepfakes evidence in legal proceedings demands that courts and lawyers use imagination and creativity to navigate pitfalls of proof and manage a jury’s doubts and distrust about what is real. Your freedom may depend on how we meet these challenges.”
(Related) Perhaps a start?
EU Strengthens Disinformation Rules to Target Deepfakes, Bots, Fake Accounts
An overhauled set of rules designed to stem the flow of disinformation were released Thursday by the European Commission. The EU's strengthened Code of Practice on Disinformation will hold signatories to the code, which include tech giants Meta, Google, TikTok and Twitter, liable for failing to take action by fining them up to 6% of their global revenue.
How Colorado does facial recognition.
Colorado Law Restricts Use of Facial Recognition Technology by Government Agencies
Linn Foster Freedman of Robinson + Cole writes:
Ramping up the state’s continued focus on data privacy, on June 8, 2022, Colorado Governor Jared Polis signed legislation aimed at limiting the use of facial recognition technology by government agencies and state institutions of higher education.
The new law, SB 113, requires an agency, defined as “an agency of the state government or of a local government; or a state institution of higher education,” that intends to “develop, procure, use or continue to use facial recognition service” to provide notice of intent to use those services with its “reporting authority” prior to using the technology.
The notice must provide details of the vendor to be used, the capabilities and limitations on the use of the facial recognition technology, the type of data collected by the technology, how data will be collected and processed, the purpose of the use, and the benefits of the proposed use of the technology.
Read more at Data Privacy + Cybersecurity Insider.
Anyone can easily obtain the tools.
Genetic paparazzi are right around the corner, and courts aren’t ready to confront the legal quagmire of DNA theft
Via LLRX – Genetic paparazzi are right around the corner, and courts aren’t ready to confront the legal quagmire of DNA theft – Liza Vertinsky and Yaniv Heled, are law professors who study how emerging technologies like genetic sequencing are regulated. They believe that growing public interest in genetics has increased the likelihood that genetic paparazzi with DNA collection kits may soon become as ubiquitous as ones with cameras. While courts have for the most part managed to evade dealing with the complexities of surreptitious DNA collection and testing of public figures, they won’t be able to avoid dealing with it for much longer. And when they do, they are going to run squarely into the limitations of existing legal frameworks when it comes to genetics.
Tools & Techniques
https://www.freetech4teachers.com/2022/06/a-new-way-to-find-registration-free.html
A New Way to Find Registration-free Tools
No-Signup Tools is a new site that features exactly what its name implies, web tools that you can use for free without having to sign-up for an account. You can browse through No-Signup Tools alphabetically, by ranking, or by category. Browsing the categories is probably the best way to use No-Signup Tools.
The No-Signup Tools categories of interest to readers of this blog will probably be teaching, writing, and productivity. It was in those categories that I found helpful tools like Math Homework Generator, Egg Timer, and saw an old favorite called Hemingway App.
Web tools that don't require registration or other personal information ... can be great for those of us who just don't want to give our email addresses to yet another website.
No-Signup Tools is good, but it isn't specific to education. For a similar resource that was specifically created with teachers and students in mind, take a look at Nathan Hall's list of No Registration Needed Tools.
No comments:
Post a Comment