AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/11/2023

Microsoft’s new AI can simulate anyone’s voice with 3 seconds of audio 

On Thursday, Microsoft researchers announced a new text-to-speech AI model called VALL-E that can closely simulate a person’s voice when given a three-second audio sample. Once it learns a specific voice, VALL-E can synthesize audio of that person saying anything—and do it in a way that attempts to preserve the speaker’s emotional tone. Its creators speculate that VALL-E could be used for high-quality text-to-speech applications, speech editing where a recording of a person could be edited and changed from a text transcript (making them say something they originally didn’t), and audio content creation when combined with other generative AI models like GPT-3. 


A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes 

A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department’s security policies allow easily guessable passwords like ‘Password1234’. The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight of the U.S. executive agency that manages the country’s federal land, national parks and a budget of billions of dollars, said that the department’s reliance on passwords as the sole way of protecting some of its most important systems and employees’ user accounts has bucked nearly two decades of the government’s own cybersecurity guidance of mandating stronger two-factor authentication. 


Hackers leak sensitive files following attack on San Francisco transit police 

Criminal hackers have posted an enormous trove of sensitive files to the internet from a San Francisco Bay Area transit system’s police department, including specific allegations of child abuse. The breach comes from the Bay Area Rapid Transit System (BART) Police Department. BART’s chief communications officer, Alicia Trost, said in an email officials were investigating the posted files and that the hackers had not impacted BART services. It’s unclear when the hack occurred. The perpetrators are an established group of ransomware hackers, one of the many who attack specific organizations and either encrypt sensitive files or threaten to post them on the dark web. The website the BART Police leaks were posted includes more than 120,000 files, according to an NBC News review.  


Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it 

In October, investigative journalists at Bellingcat identified a secretive group of Russian military engineers responsible for programming the flight paths of high-precision cruise missiles. Their attacks on Ukraine’s critical and civilian infrastructure had left millions of Ukrainians without electricity and heating and caused hundreds of civilian deaths and injuries. Bellingcat used open-source intelligence and leaked information from Russia’s underground data markets to identify people in this group. Such leaks have proven useful for investigative journalism groups – although it isn’t obvious what to do with terabytes of unstructured data, which is extremely difficult to analyze and verify, according to Aric Toler, director of training and research at Bellingcat. 


EU Tells TikTok Chief To Respect Data Privacy Laws 

The European Union warned online giant TikTok on Tuesday to respect EU law and ensure the safety of European users’ data, as the video-sharing app’s CEO met with top officials in Brussels. TikTok, whose parent company ByteDance is Chinese, has come under fierce Western scrutiny in recent months over concerns about how much access Beijing has to user data. TiKTok chief executive Shou Zi Chew held official talks for the first time with EU vice presidents Margrethe Vestager and Vera Jourova, the bloc’s home affairs commissioner Ylva Johansson and justice commissioner Didier Reynders. “I count on TikTok to fully execute its commitments to go the extra mile in respecting EU law and regaining trust of European regulators,” Jourova, whose portfolio includes the protection of EU values, tweeted alongside a video of their meeting. 


Watch out for phishing attacks after the latest credit breach 

Experian, one of the biggest consumer credit reporting bureaus, likely put your full credit history into the hands of identity thieves last year. On Monday, news broke of a major flaw in the company’s website, which allowed anyone with your name, address, birthdate, and Social Security number to bypass a security check and get to your report. First discovered by security researcher Jenya Kushnir, the exploit had an unknown duration and was only patched in late December 2022—seemingly after Brian Krebs of Krebs on Security, having been notified by Kushnir about the issue, brought it to Experian’s attention. (You can read the full details in .)  

Related Posts