While AI ethics continues to be the hot-button issue of the moment, and companies and world governments continue to wrangle with the moral implications of a technology that we often struggle to define let alone control, here comes some slightly disheartening news: AI chatbots are already being trained to jailbreak other chatbots, and they seem remarkably good at it.
In a landmark move, the US National Institute of Standards and Technology (NIST) has taken a new step in developing strategies to fight against cyber-threats that target AI-powered chatbots and self-driving cars. The Institute released a new paper on January 4, 2024, in which it established a standardized approach to characterizing and defending against cyber-attacks on AI.
A weak password has been blamed after an outage at Orange Spain disrupted close to half of its network traffic earlier this week. The outage, which lasted around three hours on January 3, was caused when a hacker manipulated crucial information about the company’s Internet infrastructure. Orange confirmed its RIPE account had been breached by an attacker on Wednesday, using “infostealer” malware. As reported by the Bleeping Computer, the hacker breached the RIPE account to misconfigure BGP (Border Gateway Protocol) routing and an RPKI configuration.
Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys. CRYSTALS-Kyber is the official implementation of the Kyber key encapsulation mechanism (KEM) for quantum-safe algorithm (QSA) and part of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite of algorithms. It is designed for general encryption and part of the National Institute of Standards and Technology (NIST) selection of algorithms designed to withstand attacks from quantum computers.
Merck has struck up a settlement with insurers over its $1.4 billion NotPetya cyberattack claim, according to reports. The US pharmaceutical giant made an eleventh-hour confidential agreement with insurers on Wednesday, putting a stop to a case that could have set a national cyber insurance precedent, Bloomberg Law first reported. Twenty-six policies were originally at issue in the case, but by last May, when the appellate court delivered its ruling in Merck’s favor, just eight insurers accounting for around $700 million (or 40%) of coverage had yet to settle.
U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. loanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing approximately 6,000 people and servicing loans of over $140 billion. Yesterday, customers began experiencing issues when trying to log in to the company’s payment portal to pay loans or contact them by phone.