AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/02/2023

A New Attack Impacts Major AI Chatbots—and No One Knows How to Stop It

CHATGPT AND ITS artificially intelligent siblings have been tweaked over and over to prevent troublemakers from getting them to spit out undesirable messages such as hate speech, personal information, or step-by-step instructions for building an improvised bomb. But researchers at Carnegie Mellon University last week showed that adding a simple incantation to a prompt—a string text that might look like gobbledygook to you or me but which carries subtle significance to an AI model trained on huge quantities of web data—can defy all of these defenses in several popular chatbots at once.


US internet hosting company appears to facilitate global cybercrime, researchers say

Alittle-known American internet hosting company appears to be partially enabling a “wide range” of cybercrime, nation-state hackers and a sanctioned spyware vendor, researchers alleged Tuesday. Additionally, the company known Cloudzy is “almost certainly a cutout” for a outfit operating in Tehran, according to an investigation by the cybersecurity firm Halcyon. Halcyon’s analysis concludes that hosting company Cloudzy either knowingly or unwittingly provides a platform for illicit digital activity linked to China, Iran, North Korea, Russia, India, Pakistan and Vietnam. Furthermore, according to the researchers, Cloudzy’s infrastructure has been linked to Candiru, an Israeli spyware vendor sanctioned by the U.S. government in November 2021.


Why the California Delete Act Matters

A new California privacy bill should make it easier for residents to take their personally identifiable information (PII) off data brokers. But Californians won’t be the only ones to benefit if the California Delete Act (Senate Bill 362) passes. Like other tech developments, where California goes, the rest of the nation tends to follow. Bill 362 provides a perfect template for a nationwide win against data brokers and the dangerous privacy infringements they cause. One of the largest sources of online exposure (i.e., how your phone number pops up when someone Googles you), data brokers are companies that aggregate information about consumers.


Lawsuit: ByteDance’s CapCut app secretly reaps massive amounts of user data

The ByteDance-owned CapCut video editing app gathers significant amounts of private data, including facial scans, from its 200 million active users, generating huge profits and potentially allowing the Chinese government to access that data, according to a proposed class action lawsuit filed in an Illinois federal court. CapCut and sister company TikTok are owned by the Chinese company ByteDance Ltd., which has long been under scrutiny by American officials concerned with how it collects and leverages American users’ personal data, allegedly including biometric data.


Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi

Canon released a security advisory this week detailing concerns over risks to its inkjet printers and the sensitive information on the Wi-Fi settings stored in memory, claiming they may not be adequately deleted in its usual process. If this vulnerability were to be exploited, it could lead to a data breach, putting users at risk and compromising the overall data security. When any of these potentially compromised printers are in the hands of third parties, there is a risk of unauthorized access that could ultimately lead to information getting in the hands of threat actors.


Meta loses battle in EU, will ask for consent to show personalized ads

After five years of fighting legal battles to prevent this undesirable outcome, Meta has finally agreed to ask Instagram and Facebook users in the European Union for consent before targeting them with highly personalized ads, a Wall Street Journal report has revealed. This means that instead of requiring Meta app users in the EU to agree to invasive data collection used for personalized ads at sign-up, or else fill out a long form to request to opt out, EU users will soon be able to opt in or out by clicking simply yes or no.


This California agency wants to know what happens to all that connected car data

The troves of data collected by today’s modern connected cars has long been viewed as a cash cow — a yet untapped opportunity that could boost profits for automakers. Now one California agency wants to know exactly how that data might be used. The California Privacy Protection Agency announced plans this week to review the data privacy practices of automakers that make and sell connected vehicles embedded with all kinds of data-mining features, from cameras and location sharing to web-based entertainment and smartphone integration.


Firefox fixes a flurry of flaws in the first of two releases this month

The latest full new version of Firefox is out, marking the first of two “monthly” upgrades you’ll see this month. Just as there will be a blue moon in August 2023 (that’s the name applied to a second full moon in the same calendar month, rather than reference to an atmospheric phenomenon that makes the moon seem blue, in case you ever wondered), there will be a blue Firefox too. Firefox version upgrades happen every 28 days, rather than once a month, so whenever a release comes out early enough in the month, there will be a second upgrade squeezed in at the end.

Related Posts