Lifeboat Foundation

The FBI is concerned that AI is being used to create deepfake videos that are so convincing they cannot be distinguished from reality.

The alarm was sounded by an FBI executive at a WSJ Pro Cybersecurity Symposium held recently in San Diego. “What we’re concerned with is that, in the digital world we live in now, people will find ways to weaponize deep-learning systems,” stated Chris Piehota, executive assistant director of the FBI’s science and technology division, in an account in WSJPro.

The technology behind deepfakes and other disinformation tactics are enhanced by AI. The FBI is concerned natural security could be compromised by fraudulent videos created to mimic public figures. “As the AI continues to improve and evolve, we’re going to get to a point where there’s no discernible difference between an AI-generated video and an actual video,” Piehota stated.

Software developers are using AI to help write and review code, detect bugs, test software and optimize development projects. This assistance is helping companies to deploy new software more efficiently, and to allow a new generation of developers to learn to code more easily.

Amazon Web Services recently had to defend against a DDoS attack with a peak traffic volume of 2.3 Tbps, the largest ever recorded, ZDNet reports. Detailing the attack in its Q1 2020 threat report, Amazon said that the attack occurred back in February, and was mitigated by AWS Shield, a service designed to protect customers of Amazon’s on-demand cloud computing platform from DDoS attacks, as well as from bad bots and application vulnerabilities. The company did not disclose the target or the origin of the attack.

To put that number into perspective, prior to February of this year, ZDNet notes that the largest DDoS attack recorded was back in March 2018, when NetScout Arbor mitigated a 1.7 Tbps attack. The previous month, GitHub disclosed that it had been hit by an attack with a peak of 1.35 Tbps.

Intel Corporation announced Monday that its forthcoming Tiger Lake processors will pack a defense mechanism against Spectre-type malware attacks.

Spectre vulnerabilities allowed hackers to break into systems using Intel processors manufactured over two decades and steal passwords, personal photos, emails and other sensitive data stored in the memory of other running programs.

Such control-flow hijacking attacks have always been difficult to mitigate through software programs. Intel’s new Control-Flow Enforcement Technology (Intel CET) will install CPU-level defense mechanisms to combat such assaults.

In the last few years, most of the data such as books, videos, pictures, medical and even the genetic information of humans are moving toward digital formats. Laptops, tablets, smartphones and wearable devices are the major source of this digital data transformation and are becoming the core part of our daily life. As a result of this transformation, we are becoming the soft target of various types of cybercrimes. Digital forensic investigation provides the way to recover lost or purposefully deleted or hidden files from a suspect’s device. However, current man power and government resources are not enough to investigate the cybercrimes. Unfortunately, existing digital investigation procedures and practices require huge interaction with humans; as a result it slows down the process with the pace digital crimes are committed. Machine learning (ML) is the branch of science that has governs from the field of AI. This advance technology uses the explicit programming to depict the human-like behaviour. Machine learning combined with automation in digital investigation process at different stages of investigation has significant potential to aid digital investigators. This chapter aims at providing the research in machine learning-based digital forensic investigation, identifies the gaps, addresses the challenges and open issues in this field.

AMERICAN telecom customers experienced widespread cellphone outages during what was believed to be the largest cyberattack in US history.

Thousands of T-Mobile, Metro by T-Mobile, AT&T, Verizon, and Sprint customers all reported outages in areas including Florida, Georgia, New York, and California on Monday afternoon.

The disruptions were part of a large-scale distributed denial-of-service, or DDoS, attack meant to overwhelm an online service with multiple traffic sources to render it unusable, according to Pop Culture.

Deepfakes⁠ have struck a nerve with the public and researchers alike. There is something uniquely disturbing about these AI-generated images of people appearing to say or do something they didn’t.

With tools for making deepfakes now widely available and relatively easy to use, many also worry that they will be used to spread dangerous misinformation. Politicians can have other people’s words put into their mouths or made to participate in situations they did not take part in, for example.

That’s the fear, at least. To a human eye, the truth is that deepfakes are still relatively easy to spot. And according to a report from cybersecurity firm DeepTrace Labs in October 2019, still the most comprehensive to date, they have not been used in any disinformation campaign. Yet the same report also found that the number of deepfakes posted online was growing quickly, with around 15,000 appearing in the previous seven months. That number will be far larger now.

Continue reading “Facebook just released a database of 100,000 deepfakes to teach AI how to spot them” »

A bug in a protocol used by virtually all Internet of Things devices exposes millions of users to potential attack, a researcher reported Monday. The fault centers on the Universal Plug and Play protocol, a 12-year-old implementation that simplifies connections among network devices such as computers, printers, mobile devices and Wi-Fi access points.

Billions of devices are theoretically vulnerable, the report stated, but only those with UPnP activated currently face risk of attack.

Turkish security engineer Yunus Çadirci uncovered the UPnP bug, named CallStranger, that could be exploited to gain access to any smart device such as security cameras, printers and routers that are connected to the Internet. Once access is gained, malicious code can be sent through network firewalls and other security defenses and reach internal data banks.

Stop us if you’ve heard this before but a researcher has uncovered a new security vulnerability affecting many devices running the Universal Plug and Play (UPnP) protocol.

Named CallStranger by discoverer Yunus Çadırcı, the potential for trouble with this flaw looks significant for a whole menu of reasons, starting with the gotcha that it’s UPnP.

UPnP was invented back in the mists of time to graft the idea of plug-and-play onto the knotty world of home networking.

Continue reading “Billions of devices affected by UPnP vulnerability” »