AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/13/2023

No Fakes Act wants to protect actors and singers from unauthorized AI replicas 

A bipartisan bill seeks to create a federal law to protect actors, musicians, and other performers from unauthorized digital replicas of their faces or voices. The Nurture Originals, Foster Art, and Keep Entertainment Safe Act of 2023 — or the No Fakes Act — standardizes rules around using a person’s faces, names, and voices. Sens. Chris Coons (D-DE), Marsha Blackburn (R-TN), Amy Klobuchar (D-MN), and Thom Tillis (R-NC) sponsored the bill.  

 

New Phishing Campaign Uses LinkedIn Smart Links in Blanket Attack 

Email security provider Cofense has discovered a new phishing campaign comprising over 800 emails and using LinkedIn Smart Links. The campaign was active between July and August 2023 and involved various subject themes, such as financial, document, security, and general notification lures, reaching users’ inboxes across multiple industries. The financial, manufacturing and energy sectors are the top targeted verticals. 

 

Brands Beware: X’s New Badge System Is a Ripe Cyber-Target 

Fraudsters are taking advantage of the new verification system implemented by X, formerly known as Twitter, in order to impersonate brands and steal personal information. The infamous blue checkmark used to be reserved for verified companies and influencers. But after purchasing the microblogging giant, and following a period of rapidly declining users and revenue, Elon Musk changed the rules, enabling anybody to obtain one simply by paying a monthly fee. 

 

After hackers distribute malware in-game updates, Steam adds SMS-based security check for developers 

Valve, the company behind the Steam video game platform, has announced a new security feature after multiple reports of game updates being poisoned with malware. Last month, some game players reported receiving messages from Steam’s support team telling them that updated games they played via the platform had contained malware. Valve claimed that fewer than 100 people had downloaded the malware-laced games – a figure that, of course, is impossible to independently verify. 

 

AI-enabled bots can solve CAPTCHAs faster than humans 

Companies are losing revenue in the fight against malicious bot attacks, according to survey by Kasada. Despite spending millions of dollars on traditional bot management solutions, companies are still financially impacted by bot attacks. 38% of respondents estimate that a single bot attack costs their organization $500,000 or more, up from 25% in last year’s survey. Plus, 50% of organizations lost 10% or more of revenue due to bot-driven account fraud within the last year, up from 40% of organizations last year. 

 

Giant health insurer struck by ransomware didn’t have antivirus protection 

The Philippine Health Insurance Corporation (PhilHealth), has confirmed that it was unprotected by antivirus software when it was attacked by the Medusa ransomware group in September. Antivirus software—or more correctly, its modern descendents endpoint security and Endpoint Detection and Response (EDR)—are essential tools in the battle against cybercrime. EDR can detect an intruder’s suspicious activity in advance of them running ransomware, as well as being able to identify the ransomware itself. Because of this, ransomware groups, who can spend days or even weeks setting up an attack inside a compromised network, will typically try to disable antivirus software. 

Related Posts