AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/17/2023

Apple is reportedly experimenting with language-generating AI

If not for last week’s Silicon Valley Bank (SVB) collapse almost every conversation in tech seems to be centered around AI and chatbots. In the last few days, Microsoft-backed OpenAI released a new language model called GPT-4. Its competitor Anthropic released the Claude chatbot. Google said that it is integrating AI into its Workspace tools like Gmail and Docs. Microsoft Bing has brought attention to itself with a chatbot-enabled search. The one name missing from the action? Apple. Last month, the Cupertino-based company held an internal event that focused on AI and large language models. According to a report from the New York Times, many teams including people working on Siri are testing “language-generating concepts” regularly.

As major elections loom, Meta unveils its internal Online Operations Kill Chain

Next year will feature some of the most geopolitically significant elections of our times. Voters will be heading to the ballot boxes in not only the United Kingdom, United States and European Union, but also India, Turkey and Taiwan. Anticipating an even greater need for “investigative teams across industry, civil society, and government” to collaborate against online interference in these elections, Meta published on Thursday a new Online Operations Kill Chain framework for analyzing and responding to these threats.

ChipMixer Crypto Laundromat Shut Down By German, US Authorities

The cryptocurrency mixer known as ChipMixer has been targeted by a joint investigation led by German and US authorities with the support of Europol, Belgium, Poland and Switzerland. Executed on Wednesday, the anti-money-laundering operation took down ChipMixer infrastructure and seized four servers, 7TB of data and 1909.4 Bitcoins (roughly $47.3m) in 55 transactions. Most of the seized funds reportedly had connections with dark web markets, stolen crypto assets, ransomware groups, illicit goods trafficking and procurement of child sexual exploitation material. “ChipMixer, an unlicensed cryptocurrency mixer set up in mid-2017, was specialized in mixing or cutting trails related to virtual currency assets,” explained Europol in a blog post published on Wednesday.

Baseband RCE flaws in Samsung’s Exynos chipsets expose devices to remote hack

White hat hackers at Google’s Project Zero unit discovered multiple vulnerabilities Samsung ’s Exynos chipsets that can be exploited by remote attackers to compromise phones without user interaction. The researchers discovered a total of eighteen vulnerabilities, the four most severe of these flaws (CVE-2023-24033 and three other vulnerabilities that have yet to be assigned CVE-IDs) allowed for Internet-to-baseband remote code execution. An attacker only needs to know the victim’s phone number to exploit these vulnerabilities. “Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number.” reads the advisory published by Google. “With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”

Amazon sued for not telling New York store customers about facial recognition

Amazon did not alert its New York City customers that they were being monitored by facial recognition technology, a lawsuit filed Thursday alleges. In a class-action suit, lawyers for Alfredo Perez said that the company failed to tell visitors to Amazon Go convenience stores that the technology was in use. Thanks to a 2021 law, New York is the only major American city to require businesses to post signs if they’re tracking customers’ biometric information, such as facial scans or fingerprints.

Related Posts