AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/8/2024

AI chatbots trained to jailbreak other chatbots, as the AI war slowly but surely begins 

While AI ethics continues to be the hot-button issue of the moment, and companies and world governments continue to wrangle with the moral implications of a technology that we often struggle to define let alone control, here comes some slightly disheartening news: AI chatbots are already being trained to jailbreak other chatbots, and they seem remarkably good at it. 


NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats 

In a landmark move, the US National Institute of Standards and Technology (NIST) has taken a new step in developing strategies to fight against cyber-threats that target AI-powered chatbots and self-driving cars. The Institute released a new paper on January 4, 2024, in which it established a standardized approach to characterizing and defending against cyber-attacks on AI. 


Weak password blamed for three-hour Orange outage in Spain 

A weak password has been blamed after an outage at Orange Spain disrupted close to half of its network traffic earlier this week. The outage, which lasted around three hours on January 3, was caused when a hacker manipulated crucial information about the company’s Internet infrastructure. Orange confirmed its RIPE account had been breached by an attacker on Wednesday, using “infostealer” malware. As reported by the Bleeping Computer, the hacker breached the RIPE account to misconfigure BGP (Border Gateway Protocol) routing and an RPKI configuration. 


KyberSlash attacks put quantum encryption projects at risk 

Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys. CRYSTALS-Kyber is the official implementation of the Kyber key encapsulation mechanism (KEM) for quantum-safe algorithm (QSA) and part of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite of algorithms. It is designed for general encryption and part of the National Institute of Standards and Technology (NIST) selection of algorithms designed to withstand attacks from quantum computers. 


Merck settles $1.4 billion cyberattack case against insurers 

Merck has struck up a settlement with insurers over its $1.4 billion NotPetya cyberattack claim, according to reports. The US pharmaceutical giant made an eleventh-hour confidential agreement with insurers on Wednesday, putting a stop to a case that could have set a national cyber insurance precedent, Bloomberg Law first reported. Twenty-six policies were originally at issue in the case, but by last May, when the appellate court delivered its ruling in Merck’s favor, just eight insurers accounting for around $700 million (or 40%) of coverage had yet to settle. 


Mortgage firm loanDepot cyberattack impacts IT systems, payment portal 

U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. loanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing approximately 6,000 people and servicing loans of over $140 billion. Yesterday, customers began experiencing issues when trying to log in to the company’s payment portal to pay loans or contact them by phone. 

Related Posts