AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/13/2022

The Real Threat From A.I. Isn’t Superintelligence. It’s Gullibility.

The rapid rise of artificial intelligence over the past few decades, from pipe dream to reality, has been staggering. A.I. programs have long been chess and Jeopardy! Champions, but they have also conquered poker, crossword puzzles, Go, and even protein folding. They power the social media, video, and search sites we all use daily, and very recently they have leaped into a realm previously thought unimaginable for computers: artistic creativity. Given this meteoric ascent, it’s not surprising that there are continued warnings of a bleak Terminator-style future of humanity destroyed by superintelligent A.I.s that we unwittingly unleash upon ourselves. But when you look beyond the splashy headlines, you’ll see that the real danger isn’t how smart A.I.s are. It’s how mindless they are—and how delusional we tend to be about their so-called intelligence.


Fortinet warns of critical flaw in its security appliance OSes, admin panels

Security appliance vendor Fortinet has become the subject of a bug report by its own FortiGuard Labs after the discovery of a critical-rated flaw in three of its products. CVE-2022-40684 is rated 9.6/10 on the Common Vulnerability Scoring System (CVSS), meaning it is considered a critical flaw worthy of immediate attention. FortiGuard’s advisory explains why the flaw scored so highly, revealing it’s an authentication bypass present in FortiOS, FortiProxy, and FortiSwitchManager. FortiOS is the operating system for Fortinet’s security appliances, FortiProxy is the company’s secure web proxy, and FortiSwitchManager manages Fortinet’s Ethernet switches.


Would a US digital dollar let the government track you?

US legislators continue to press for the creation of a digital dollar, raising questions about whether the move could make it easy for the federal government to track business and consumer transactions. Putting all the digital dollars on one electronic ledger operated by the Federal Reserve would also be a tempting target for cyber criminals. In March, lawmakers introduced a bill that would allow the US Treasury to create a digital dollar and pilot it to determine its viability. That same month, President Joe Biden called for more research on developing a national digital currency through the nation’s central bank. The order highlighted the need for more regulatory oversight of cryptocurrencies, which have been used for nefarious purposes such as money laundering and other criminal activities.


Google Brings Passkeys to Android & Chrome

This is the next-generation login standard and aims to create a safer cyber environment by replacing traditional passwords with unique digital keys that are saved on your device. Passkeys were created by FIDO Alliance and supported also by Apple and Microsoft in a common effort for a passwordless sign-in standard. “Passkeys follow already familiar UX patterns, and build on the existing experience of password autofill. For end-users, using one is similar to using a saved password today, where they simply confirm with their existing device screen lock such as their fingerprint”, Google explained.


IP Cameras, VoIP and Video Conferencing Revealed as Riskiest IoT Devices

IoT devices from video conferencing systems to IP cameras are among the five riskiest IoT devices connected to networks, according to research highlighted by Forescout’s cybersecurity research arm, Vedere Labs. The company identified recurring themes in their recent research, highlighting the growing attack surface due to more devices being connected to enterprise networks, and how threat actors are able to leverage these devices to achieve their goals. “IP cameras, VoIP and video-conferencing systems are the riskiest IoT devices because they are commonly exposed on the internet, and there is a long history of threat actor activity targeting them,” The Forescout report said.

Related Posts