Using AI in a cyberattack? DOJ’s Monaco says criminals will face stiffer sentences
The Justice Department’s No. 2 official directed federal prosecutors to impose stiffer penalties on cybercriminals who use AI in their crimes. “We have to put AI at the top of [our] enforcement priorities list,” Lisa Monaco told an audience Friday at the Munich Cyber Security Conference. “We’re looking quite hard at how AI can enhance quite literally the danger associated with crimes. In the United States, we have long applied more severe penalties and stiffer sentences to individuals who use a gun to facilitate a crime because it enhances the danger to that crime. The same can be true of the malicious use of AI.”
Air Canada must honor refund policy invented by airline’s chatbot
After months of resisting, Air Canada was forced to give a partial refund to a grieving passenger who was misled by an airline chatbot inaccurately explaining the airline’s bereavement travel policy. On the day Jake Moffatt’s grandmother died, Moffat immediately visited Air Canada’s website to book a flight from Vancouver to Toronto. Unsure of how Air Canada’s bereavement rates worked, Moffatt asked Air Canada’s chatbot to explain. The chatbot provided inaccurate information, encouraging Moffatt to book a flight immediately and then request a refund within 90 days. In reality, Air Canada’s policy explicitly stated that the airline will not provide refunds for bereavement travel after the flight is booked. Moffatt dutifully attempted to follow the chatbot’s advice and request a refund but was shocked that the request was rejected.
Wyze camera glitch gave 13,000 users a peek into other homes
Wyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users’ homes. The company blames a third-party caching client library recently added to its systems, which had problems dealing with a large number of cameras that came online all at once after a widespread Friday outage. Multiple customers have been reporting seeing other users’ video feeds under the Events tab in the app since Friday, with some even advising other customers to turn off the cameras until these ongoing issues are fixed.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen
An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.
North Korean hackers linked to defense sector supply-chain attack
In an advisory today Germany’s federal intelligence agency (BfV) and South Korea’s National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. The attacks aim to steal advanced military technology information and help North Korea modernize conventional arms as well as develop new military capabilities. Today’s joint cybersecurity advisory (also available in Korean and German) highlights two cases attributed to North Korean actors, one of them the Lazarus group, to provide the tactics, techniques, and procedures (TTPs) used by the attackers.
Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data
In June 2022, Robert Half International Inc., a global staffing and business consulting service, filed a data breach notification with the Office of the Maine Attorney General. According to the notification, the company experienced a data breach in which hackers targeted more than 1,000 customers, successfully obtaining their names, addresses, social security numbers, and tax information. In June 2022, Robert Half International Inc., a global staffing and business consulting service, filed a data breach notification with the Office of the Maine Attorney General. According to the notification, the company experienced a data breach in which hackers targeted more than 1,000 customers, successfully obtaining their names, addresses, social security numbers, and tax information.
FBI, British authorities seize infrastructure of LockBit ransomware group
An international law enforcement operation on Monday seized servers and disrupted the infrastructure used by the LockBit ransomware syndicate, a government official confirmed to CyberScoop after websites used by the ransomware group displayed messages that they had been seized. An operation carried out by the Federal Bureau of Investigation and the UK’s National Crime Agency together with a range of international partners took control of a site used by LockBit to leak data belonging to its victims, the group’s file share service and communications server, various affiliate and support servers and a server for LockBit’s administrative panel, the government official said.
