Malware disguised as ChatGPT apps are being used to lure victims, Meta says

Read Time:26 Second

Facebook’s parent company, Meta, has issued a warning that hackers are taking advantage of people’s interest in ChatGP and other generative AI applications to trick them into installing malware that pretends to provide AI functionality.  

Since March, Meta has discovered about 10 malware families using AI themes to compromise business accounts across the internet — including social media business accounts — and blocked over 1,000 unique ChatGPT-themed malicious URLs from being shared on its platforms.

To read this article in full, please click here

Read More

The Strongest Passwords and the Best Way to Create (and Remember) Them

Read Time:8 Minute, 15 Second

Some of the strongest passwords you can use are the ones you don’t have to remember.  Strange as that may sound, it’s true, if you use a password manager. A password manager creates and securely stores strong, unique passwords for each of your accounts—and does all the remembering for you.  And remembering is the root of the problem when it comes to insecure passwords.  Consider how many passwords you have across all your accounts. Then consider the old passwords for accounts and online forums you no longer use, along with all the times you created a password for an online store that you only shopped at once or twice. All those passwords, it’s too much to keep track of, let alone manage. And that leads to insecure passwords. Simple passwords. Or passwords that get used again and again across several accounts.  Hackers count on that. They love it when people use simple passwords, reuse passwords, grab passwords out of the dictionary, or base their passwords on their pet names that a hacker can easily glean from a victim’s social media posts. They also love “brute force” tools that help them break into accounts by quickly feeding account logins with thousands of potential passwords in minutes.   So when you make your life easier with simple or reused passwords, you make life easier for hackers too.  That’s where a password manager comes in. It makes life easy for you to stay secure while still making it tough on hackers—particularly tough with strong, unique passwords for each of your accounts that can you update on a regular basis, which offers some of the strongest protection you have against hackers hijacking your accounts. 

The difference between a good and bad password  

First up, let’s look at password practices in general while keeping a few things in mind. Hackers will look for the quickest payday. In some cases they’ll work with a long list of accounts that they’re trying to break into. If a password on that list proves difficult to crack they’ll move on to the next in the hope that it’ll have a poor password that they can easily crack. It’s a sort of hacker economics. There’s often little incentive for them to spend extra time on a strong password when there are plenty of weak ones in the mix.  So what do poor passwords look like? Here are a few examples: 

Obvious passwords: Password-cracking programs start by entering a list of common (and arguably lazy) passwords. These may include the simple “password” or “1234567”. Others include common keyboard paths like “qwerty.” Even longer keyboard paths like “qwertyuiop” are well known to hackers and their tools as well. 
Repeated passwords: You may think you have such an unbreakable password that you want to use it for all your accounts. However, this means that if hackers compromise one of your accounts, all your other accounts are vulnerable. This is a favorite tactic of hackers. They’ll target less secure accounts and services and then attempt to re-use those credentials on more secure services like online bank and credit card companies.  
Personal information passwords: Passwords that include your birthday, dog’s name, or nickname leave you open to attack. While they’re easy for you to remember, they’re also easy for a hacker to discover—such as with a quick trip to your social media profile, particularly if it is not set to private. 

On the flip side, here’s what a strong password looks like: 

Long: Without getting into the math of it, a longer password is potentially a stronger password. When you select from the entire available keyboard of numbers, letters, and symbols, a password that is 12 characters long is far, far more difficult to crack than one with only five or even seven characters. And while no password is entirely uncrackable, taking that number up to 16 characters pushes your password into a highly secure category provided it doesn’t rely on common words or phrases. 
Complex: To increase the security of your password, it should have a combination of uppercase letters, lowercase letters, symbols, and numbers. Hacking algorithms look for word and number patterns. By mixing the types of characters, you will break the pattern and keep your accounts safe. 
Unique:  Every one of your accounts should have its own password. This is particularly true for sensitive accounts such as your financial institutions, social media accounts, and any work-related accounts. 
Updated: While you may have an undeniably strong password in place, it’s no longer secure if it gets stolen, such as in a data breach. In this case, updating your passwords every several months provides extra protection. This way, if a hacker steals one of your passwords in a breach, it may be out of date by the time they try to use it because you updated it. 
Backed by Multi-Factor Authentication (MFA): MFA offers another layer of protection by adding another factor into the login process, such as something you own like your phone. MFA has become a staple in many login processes for banks, payment apps, and even video game accounts when they send you a text or make a call to your phone with a security code that’s needed to complete the login process. So while a hacker may have your password, they’d still be locked out of your account because they don’t that security code because it’s on your phone.  

Creating strong passwords on your own 

Long, complex, unique, and updated, all described as above—how do you manage all that without creating a string of gobbledygook that you’ll never remember? You can do so with a passphrase. A phrase will give you those 12 or more characters mentioned above, and with a couple extra steps, can turn into something quite unique and complex. Here’s a three-step example: 

Pick a phrase that is memorable for you: It should not be a phrase you commonly use on social media accounts. If you are an avid runner, you might choose a phrase like, “Running 26.2 Rocks!” 
Replace letters with numbers and symbols: Remove the spaces. Then, you can put symbols and numbers in the place of some ofthe letters. Runn1ng26.2R0ck$! 
Include a mix of letter cases: Finally, you want both lower and uppercase letters that are not in a clear pattern. Algorithms know how to look for common capitalization patterns like camelCase or PascalCase. Runn1NG26.2R0cK$! 

Now you have a password that you can remember with a little practice, one that still challenges the tools that hackers use for cracking passwords. 

Creating strong passwords with a password manager 

When you consider the number of accounts you need to protect, creating strong, unique passwords for each of your accounts can get time consuming. Further, updating them regularly can get more time consuming still. That’s where a password manager comes in  A password manager does the work of creating strong, unique passwords for your accounts. These will take the form of a string of random numbers, letters, and characters. They will not be memorable, but the manager does the memorizing for you. You only need to remember a single password to access the tools of your manager.  A strong password manager also stores your passwords securely. Ours protects your passwords by scrambling them with AES-256, one of the strongest encryption algorithms available. Only you can decrypt and access your information with the factors you choose. Additionally, our password manager uses MFA—you’ll be verified by at least two factors before being signed in. 

Protecting your passwords 

Whether it’s the passwords you’ve created or the master password for your password manager, consider making an offline list of them. This will protect access to your accounts if you ever forget them. Be sure to store this list in a safe, offline place—recognizing that you want to protect it from physical theft. A locking file cabinet is one option and a small fireproof safe yet more secure.  A password manager is just part of your password security solution. For example, you’ll also want to use comprehensive online protection software to prevent you from following links in phishing attacks designed to steal your account login information. The same goes for malicious links that can pop up in search. Online protection software can steer you clear of those too.  In some cases, bad actors out there will simply shop on the dark web for username and password combos that were stolen from data breaches. An identity monitoring service such as our own can alert you if your information ends up there. It can monitor the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. Ours provides early alerts and guidance for the next steps to take  if your data is found on the dark web, an average of 10 months ahead of similar services.​ 

The best password manager makes your time online more secure—and simpler too. 

A password manager takes the pain out of passwords. It creates strong, unique passwords for every account you have. That includes banking, social media, credit cards, online shopping, financial services, or what have you. The entire lot of it.   And remember, remembering is the thing with passwords. Hackers hope you’ll get lazy with your passwords by creating simple ones, reusing others, or some combination of the two because that makes it easier to remember them. That’s the beauty of a password manager. It does the remembering for you, so you simply go on your way as you go online. Safely. 

The post The Strongest Passwords and the Best Way to Create (and Remember) Them appeared first on McAfee Blog.

Read More

libheif-1.15.2-1.fc37

Read Time:13 Second

FEDORA-2023-440c8694e5

Packages in this update:

libheif-1.15.2-1.fc37

Update description:

Fixes an incompatibility with AOM v3.6.0 and includes a couple of smaller fixes.
Also fixes a stack overflow with some crafted images (CVE-2023-29659).

Read More

libheif-1.15.2-1.fc38

Read Time:12 Second

FEDORA-2023-fd63c401df

Packages in this update:

libheif-1.15.2-1.fc38

Update description:

Fixes an incompatibility with AOM v3.6.0 and includes a couple of smaller fixes.
Also fixes a stack overflow with some crafted images.

Read More

libheif-1.15.2-1.fc36

Read Time:12 Second

FEDORA-2023-e679ea4fa2

Packages in this update:

libheif-1.15.2-1.fc36

Update description:

Fixes an incompatibility with AOM v3.6.0 and includes a couple of smaller fixes.
Also fixes a stack overflow with some crafted images.

Read More

libheif-1.15.2-1.el9

Read Time:12 Second

FEDORA-EPEL-2023-b40368566f

Packages in this update:

libheif-1.15.2-1.el9

Update description:

Fixes an incompatibility with AOM v3.6.0 and includes a couple of smaller fixes.
Also fixes a stack overflow with some crafted images.

Read More

ISTARI, University of Cambridge education program to elevate cyber leaders into business leaders

Read Time:28 Second

Cybersecurity advisory firm ISTARI is partnering with the Cambridge Judge Business School (CJBS) at the University of Cambridge to deliver global education aimed at elevating technical cybersecurity leaders into “transformative business leaders.” The Navigator program features four days of in-person learning led by an academic faculty alongside industry-leading experts, the two parties said.

The curriculum is based on ISTARI’s proprietary framework for building cyber-resilient organizations and covers cybersecurity and business leadership development topics, combining leading theory and best practices.

To read this article in full, please click here

Read More

Large Language Models and Elections

Read Time:8 Minute, 29 Second

Earlier this week, the Republican National Committee released a video that it claims was “built entirely with AI imagery.” The content of the ad isn’t especially novel—a dystopian vision of America under a second term with President Joe Biden—but the deliberate emphasis on the technology used to create it stands out: It’s a “Daisy” moment for the 2020s.

We should expect more of this kind of thing. The applications of AI to political advertising have not escaped campaigners, who are already “pressure testing” possible uses for the technology. In the 2024 presidential election campaign, you can bank on the appearance of AI-generated personalized fundraising emails, text messages from chatbots urging you to vote, and maybe even some deepfaked campaign avatars. Future candidates could use chatbots trained on data representing their views and personalities to approximate the act of directly connecting with people. Think of it like a whistle-stop tour with an appearance in every living room. Previous technological revolutions—railroad, radio, television, and the World Wide Web—transformed how candidates connect to their constituents, and we should expect the same from generative AI. This isn’t science fiction: The era of AI chatbots standing in as avatars for real, individual people has already begun, as the journalist Casey Newton made clear in a 2016 feature about a woman who used thousands of text messages to create a chatbot replica of her best friend after he died.

The key is interaction. A candidate could use tools enabled by large language models, or LLMs—the technology behind apps such as ChatGPT and the art-making DALL-E—to do micro-polling or message testing, and to solicit perspectives and testimonies from their political audience individually and at scale. The candidates could potentially reach any voter who possesses a smartphone or computer, not just the ones with the disposable income and free time to attend a campaign rally. At its best, AI could be a tool to increase the accessibility of political engagement and ease polarization. At its worst, it could propagate misinformation and increase the risk of voter manipulation. Whatever the case, we know political operatives are using these tools. To reckon with their potential now isn’t buying into the hype—it’s preparing for whatever may come next.

On the positive end, and most profoundly, LLMs could help people think through, refine, or discover their own political ideologies. Research has shown that many voters come to their policy positions reflexively, out of a sense of partisan affiliation. The very act of reflecting on these views through discourse can change, and even depolarize, those views. It can be hard to have reflective policy conversations with an informed, even-keeled human discussion partner when we all live within a highly charged political environment; this is a role almost custom-designed for LLM. In US politics, it is a truism that the most valuable resource in a campaign is time. People are busy and distracted. Campaigns have a limited window to convince and activate voters. Money allows a candidate to purchase time: TV commercials, labor from staffers, and fundraising events to raise even more money. LLMs could provide campaigns with what is essentially a printing press for time.

If you were a political operative, which would you rather do: play a short video on a voter’s TV while they are folding laundry in the next room, or exchange essay-length thoughts with a voter on your candidate’s key issues? A staffer knocking on doors might need to canvass 50 homes over two hours to find one voter willing to have a conversation. OpenAI charges pennies to process about 800 words with its latest GPT-4 model, and that cost could fall dramatically as competitive AIs become available. People seem to enjoy interacting with chatbots; Open’s product reportedly has the fastest-growing user base in the history of consumer apps.

Optimistically, one possible result might be that we’ll get less annoyed with the deluge of political ads if their messaging is more usefully tailored to our interests by AI tools. Though the evidence for microtargeting’s effectiveness is mixed at best, some studies show that targeting the right issues to the right people can persuade voters. Expecting more sophisticated, AI-assisted approaches to be more consistently effective is reasonable. And anything that can prevent us from seeing the same 30-second campaign spot 20 times a day seems like a win.

AI can also help humans effectuate their political interests. In the 2016 US presidential election, primitive chatbots had a role in donor engagement and voter-registration drives: simple messaging tasks such as helping users pre-fill a voter-registration form or reminding them where their polling place is. If it works, the current generation of much more capable chatbots could supercharge small-dollar solicitations and get-out-the-vote campaigns.

And the interactive capability of chatbots could help voters better understand their choices. An AI chatbot could answer questions from the perspective of a candidate about the details of their policy positions most salient to an individual user, or respond to questions about how a candidate’s stance on a national issue translates to a user’s locale. Political organizations could similarly use them to explain complex policy issues, such as those relating to the climate or health care or…anything, really.

Of course, this could also go badly. In the time-honored tradition of demagogues worldwide, the LLM could inconsistently represent the candidate’s views to appeal to the individual proclivities of each voter.

In fact, the fundamentally obsequious nature of the current generation of large language models results in them acting like demagogues. Current LLMs are known to hallucinate—or go entirely off-script—and produce answers that have no basis in reality. These models do not experience emotion in any way, but some research suggests they have a sophisticated ability to assess the emotion and tone of their human users. Although they weren’t trained for this purpose, ChatGPT and its successor, GPT-4, may already be pretty good at assessing some of their users’ traits—say, the likelihood that the author of a text prompt is depressed. Combined with their persuasive capabilities, that means that they could learn to skillfully manipulate the emotions of their human users.

This is not entirely theoretical. A growing body of evidence demonstrates that interacting with AI has a persuasive effect on human users. A study published in February prompted participants to co-write a statement about the benefits of social-media platforms for society with an AI chatbot configured to have varying views on the subject. When researchers surveyed participants after the co-writing experience, those who interacted with a chatbot that expressed that social media is good or bad were far more likely to express the same view than a control group that didn’t interact with an “opinionated language model.”

For the time being, most Americans say they are resistant to trusting AI in sensitive matters such as health care. The same is probably true of politics. If a neighbor volunteering with a campaign persuades you to vote a particular way on a local ballot initiative, you might feel good about that interaction. If a chatbot does the same thing, would you feel the same way? To help voters chart their own course in a world of persuasive AI, we should demand transparency from our candidates. Campaigns should have to clearly disclose when a text agent interacting with a potential voter—through traditional robotexting or the use of the latest AI chatbots—is human or automated.

Though companies such as Meta (Facebook’s parent company) and Alphabet (Google’s) publish libraries of traditional, static political advertising, they do so poorly. These systems would need to be improved and expanded to accommodate user-level differentiation in ad copy to offer serviceable protection against misuse.

A public, anonymized log of chatbot conversations could help hold candidates’ AI representatives accountable for shifting statements and digital pandering. Candidates who use chatbots to engage voters may not want to make all transcripts of those conversations public, but their users could easily choose to share them. So far, there is no shortage of people eager to share their chat transcripts, and in fact, an online database exists of nearly 200,000 of them. In the recent past, Mozilla has galvanized users to opt into sharing their web data to study online misinformation.

We also need stronger nationwide protections on data privacy, as well as the ability to opt out of targeted advertising, to protect us from the potential excesses of this kind of marketing. No one should be forcibly subjected to political advertising, LLM-generated or not, on the basis of their Internet searches regarding private matters such as medical issues. In February, the European Parliament voted to limit political-ad targeting to only basic information, such as language and general location, within two months of an election. This stands in stark contrast to the US, which has for years failed to enact federal data-privacy regulations. Though the 2018 revelation of the Cambridge Analytica scandal led to billions of dollars in fines and settlements against Facebook, it has so far resulted in no substantial legislative action.

Transparency requirements like these are a first step toward oversight of future AI-assisted campaigns. Although we should aspire to more robust legal controls on campaign uses of AI, it seems implausible that these will be adopted in advance of the fast-approaching 2024 general presidential election.

Credit the RNC, at least, with disclosing that their recent ad was AI-generated—a transparent attempt at publicity still counts as transparency. But what will we do if the next viral AI-generated ad tries to pass as something more conventional?

As we are all being exposed to these rapidly evolving technologies for the first time and trying to understand their potential uses and effects, let’s push for the kind of basic transparency protection that will allow us to know what we’re dealing with.

This essay was written with Nathan Sanders, and previously appeared on the Atlantic.

Read More

CVE-2017-20184

Read Time:11 Second

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.

Read More

The impact of blockchain technology on the future of finance

Read Time:5 Minute, 43 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The future of finance is being reshaped by blockchain technology. This revolutionary technology has the potential to revolutionize how people and businesses interact with money, from offering greater transparency and better security to faster speeds and lower costs.

In this article, we look at eight key impacts that blockchain technology has had on the future of financial services. From smart contracts to decentralized finance, these developments are set to change the face of finance in the years ahead. Read on for an overview of how blockchain technology will shape our economic landscape soon.

The potential to revolutionize payments

One of the most significant impacts of blockchain technology on the future of finance is its potential to revolutionize payments. Blockchain-based payment systems enable secure and transparent transactions without the use of third-party intermediaries, reducing transaction fees and time delays.

What this means, from a macro perspective, is that blockchain-based payments have the potential to drastically reduce costs of cross-border transactions, making them more accessible and efficient. Additionally, these systems can improve the accuracy and reliability of payment processing by helping to eliminate fraud and human error in financial operations.

Improved asset security and management

Blockchain also has the potential to improve asset security and management. One example of this is smart contracts, which enable automated payments based on predetermined conditions. Smart contracts can help to reduce fraud by automatically executing conditions that both parties have agreed upon, reducing the risk of human error or malicious intent.

Moreover, blockchain-based solutions offer improved transparency when it comes to monitoring the ownership and transfer of assets. This helps ensure accuracy in financial transactions while providing an additional layer of security against theft or tampering with documents.

Streamlined financial processes

The implementation of blockchain technology can also streamline existing financial processes. For instance, complex reconciliation tasks such as matching payments to invoices can be automated, reducing the time and resources needed to complete the task.

In addition, blockchain-based solutions can be used to facilitate the exchange of data between different financial systems, providing an improved overview of a company’s finances. This could help to reduce manual errors and improve decision-making processes by providing a more comprehensive view of financial performance.

Greater access to banking services

Another major benefit of blockchain technology is its potential to increase access to banking services, especially in developing countries where traditional banking infrastructure remains limited or nonexistent. By eliminating many of the current barriers associated with opening bank accounts, blockchain-based banking solutions have the potential to open new economic opportunities for those who have previously been excluded from participating in the global financial system.

Furthermore, blockchain-based solutions can also be used to provide access to non-traditional banking services such as microfinance and lending. This could prove particularly beneficial for small businesses and entrepreneurs who may not have had access to these types of services in the past.

Overall, blockchain technology has the potential to revolutionize the future of finance by providing increased security, efficiency, and accessibility when it comes to financial transactions. As more companies embrace this technology, we can expect to see further innovation and disruption in the industry moving forward.

Improved transparency

The adoption of blockchain technology promises improved transparency when it comes to financial transactions. Other than just payment processing, blockchain-based systems can be used to monitor and track assets, ownership, transfers, and more. This helps ensure accuracy in financial transactions while providing an additional layer of security against theft or tampering with documents.

Furthermore, the transparency provided by blockchain technology can help promote trust between parties involved in a financial transaction. The immutability of records on the distributed ledger allows users to verify that information has not been tampered with, leading to greater confidence when engaging in digital transactions.

Increased protection against cyberattacks

One of the biggest advantages of blockchain technology is its ability to improve cybersecurity. Its decentralized structure and cryptographic protocols provide an added level of protection against malicious actors attempting to gain access to sensitive data. Additionally, its distributed ledger ensures that all users have access to a shared version of the database, eliminating any risk of data breaches due to single points of failure.

The enhanced security provided by blockchain technology could prove invaluable in protecting financial information from cybercriminals and reducing the chances of costly data breaches.

Lower costs for businesses

The implementation of blockchain technology can also help reduce operational costs for businesses. By removing the need for intermediaries such as banks or payment processors when conducting transactions, companies can save on transaction fees and other associated costs. This is particularly beneficial for small businesses who may not have had access to traditional banking services in the past.

In addition, blockchain-based solutions can also be used to streamline processes such as accounting and auditing, reducing the time and money spent on manual processes. This could lead to further cost savings for businesses in the long run.

Smart contracts

Smart contracts are one of the most promising applications of blockchain technology. These digital agreements enable two or more parties to enter into a contractual agreement without needing a middleman or third party. The contract is then stored on the distributed ledger, ensuring that it cannot be modified or tampered with once it has been agreed upon.

Smart contracts can also be programmed with specific conditions that must be met before they can be executed, making them ideal for use in complex financial transactions where trust between all parties involved is required. This could lead to increased efficiency, cost savings, and less risk of fraud or malicious activities.

Overall, the potential applications of blockchain technology in finance are vast and varied. The technology has the potential to revolutionize the financial industry by providing increased security, transparency, efficiency, and accessibility when it comes to digital transactions. This can prove particularly beneficial for small businesses who may not have had access to traditional banking services in the past. As more companies embrace this technology moving forward, we can expect to see further innovation and disruption in the field of finance.

Conclusion

Overall, blockchain technology has the potential to revolutionize the financial sector by providing increased security, transparency, efficiency and accessibility when it comes to digital transactions. This can lead to reduced costs for businesses, improved cybersecurity measures and smart contracts that enable secure agreements between parties.

As this technology continues to evolve, we can expect to see further innovation and disruption in the field of finance. The benefits of blockchain in finance are clear and significant, so companies should take advantage of its many advantages as soon as possible.

Read More