AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/31/2023

AI doomsday warnings a distraction from the danger it already poses, warns expert

Focusing on doomsday scenarios in artificial intelligence is a distraction that plays down immediate risks such as the large-scale generation of misinformation, according to a senior industry figure attending this week’s AI safety summit. Aidan Gomez, co-author of a research paper that helped create the technology behind chatbots, said long-term risks such as existential threats to humanity from AI should be “studied and pursued”, but that they could divert politicians from dealing with immediate potential harms.


UK police urged to double use of facial recognition software

Police are being encouraged to double their use of retrospective facial recognition software to track down offenders over the next six months. Policing minister Chris Philp has written to force leaders suggesting the target of exceeding 200,000 searches of still images against the police national database by May using facial recognition technology. He also is encouraging police to operate live facial recognition (LFR) cameras more widely, before a global artificial intelligence (AI) safety summit next week at Bletchley Park in Buckinghamshire.


The Biden Administration has issued an new executive order for AI safety standards

In an effort to set up new national regulations on the use of AI, the Biden Administration has just issued a new and sweeping executive order on that very subject. It seeks to set up new standards for AI safety and could affect how the companies that are leading those efforts, including Microsoft, will develop AI systems in the future. In a fact sheet on the executive order posted on the White House site, the Biden Administration has several different categories on how it wants AI to be regulated in the US government and also on ordinary US citizens. Under the executive order, the Biden Administration is going to ask for some major information from generative AI developers.

Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets

Three unpatched high-severity bugs in the NGINX ingress controller can be abused by miscreants to steal credentials and other secrets from Kubernetes clusters.  The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as currently awaiting triage. It’s unclear if any of the flaws have been exploited.The Register did not immediately receive a response to questions, including if the bugs have been found and exploited and when a patch will be issued. All three flaws affect those with the NGINX ingress controller for Kubernetes that uses NGINX as a reverse proxy and load balancer.


SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack

The Securities and Exchange Commission (SEC) announced on Monday evening that it plans to charge SolarWinds Chief Information Security Officer Timothy Brown with fraud for his role in allegedly lying to investors by “overstating SolarWinds’ cybersecurity practices and understating or failing to disclose known risks.” The complaint was filed in the Southern District of New York and centers on violations of the antifraud provisions of the Securities Act of 1933 and of the Securities Exchange Act of 1934. The SEC “seeks permanent injunctive relief, disgorgement with prejudgment interest, civil penalties, and an officer and director bar against Brown.”


Ace Hardware hit with cyber breach

Oak Brook, Illinois-based Ace Hardware is investigating a weekend cybersecurity incident that has disrupted shipments. According to an update from Ace Hardware President and CEO John Venhuizen, ”many of our key operating systems, including ACENET, our Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards and the Care Center’s phone system have been interrupted or suspended.”

Related Posts