A quick Saturday digest of cybersecurity news articles from other sources.
Scientists Who Developed the Building Blocks of Artificial Intelligence Win Nobel Prize in Physics
John Hopfield and Geoffrey Hinton shared the award for their work on artificial neural networks and machine learning
A pair of scientists—John Hopfield and Geoffrey Hinton—won the 2024 Nobel Prize in Physics on Tuesday for their work on artificial neural networks and machine learning.
The two men are credited with developing the foundational underpinnings of modern artificial intelligence.
“Thanks to their work, humanity now has a new item in its toolbox, which we can choose to use for good purposes,” the Nobel committee posted on social media. “Machine learning based on artificial neural networks is currently revolutionizing science, engineering and daily life.”
Artificial neural networks are computer systems that have been trained to process information and make connections in a way similar to how the human brain works. In addition to giving rise to A.I. that powers chatbots and data processing, the technology has been used to help advance research in particle physics, material science and astrophysics, according to the committee. More…
October Patch Tuesday harvest hauls in 117 CVEs
Microsoft on Tuesday released 117 patches touching 15 product families. Three of the addressed issues, affecting Configuration Manager, Visual Studio, and Windows, are considered by Microsoft to be of Critical severity. At release time, two of the issues addressed are known to be under exploit in the wild, with eight additional CVEs more likely to be exploited in the next 30 days by the company’s estimation. Three of this month’s issues are amenable to detection by Sophos protections, and we include information on those in a table below.
In addition to these patches, the release includes advisory information on four Edge-related CVEs and one related to curl (affecting CBL Mariner and Windows), along with the usual servicing stack updates. We are as always including at the end of this post additional appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family. More…
Avoid Scams After Disaster Strikes
10/08/2024 11:00 AM EDT
As hurricanes and other natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events. Before responding, ensure hurricane-related guidance is from trusted sources, such as local officials and disaster response organizations, including Federal Emergency Management Agency (FEMA) and DHS’s Ready.gov.
CISA encourages users to review the following resources to avoid falling victim to malicious cyber activity:
- Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity,
- Consumer Financial Protection Bureau’s Frauds and Scams,
- FEMA’s Disaster Fraud guidance, and
- CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks.
[Wake-Up Call] Senator Falls Victim to Deepfake Scam. Are Your Users Next?
From KnowBe4
When technology blurs the lines between reality and fiction, a recent incident involving U.S. Senator Ben Cardin serves as a stark reminder of the growing threat posed by deepfake scams.
This sophisticated attack not only highlights the vulnerabilities faced by high-profile individuals but also underscores the need for security awareness training among all users.
Earlier this month, Senator Cardin found himself at the center of an elaborate deepfake operation. The scammers, impersonating Ukrainian Foreign Minister Dymtro Kuleba, managed to set up a Zoom call with the Senator. The impersonation was so convincing that it initially fooled Cardin and his staff, demonstrating the alarming accuracy of modern deepfake technology.
However, the scam unraveled when the impersonator began asking politically charged questions that seemed out of character for Minister Kuleba. This deviation from expected behavior alerted Senator Cardin and his team, prompting them to end the call and alert authorities.
The Broader Implications
This incident is not isolated. Deepfake scams are becoming increasingly common and sophisticated. Recent studies indicate that a significant portion of consumers have encountered deepfake content, with some even falling victim to related scams.
From fake celebrity endorsements for fraudulent cryptocurrency platforms to political disinformation campaigns, the applications of this technology for malicious purposes are diverse and concerning.
Protecting Yourself in the Age of Deepfakes
As we navigate this threat tactic, it’s crucial to adopt a mindset of healthy skepticism and vigilance. Here are some key takeaways:
- Verify unexpected communications, especially those involving sensitive information or financial transactions
- Be wary of urgent requests or pressure tactics, which are often hallmarks of scams
- Stay informed about the latest deepfake technologies and scam techniques
- Implement robust verification processes in professional settings
- Trust your instincts – if something feels off, it probably is
The Way Forward
While technology to detect deepfakes is still evolving, our best defense lies in education and awareness. By staying informed and maintaining a critical eye, we can collectively mitigate the risks posed by these sophisticated scams.
As we move forward, let Senator Cardin’s experience serve as a reminder that in the face of advancing technology, our human intuition, awareness and critical thinking skills remain our most valuable assets.
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com