Most government agencies use facial recognition
According to a new report from the US Government Accountability Office, 19 of the 24 US government agencies surveyed use some form of facial recognition. The Department of Defense and Department of Homeland Security maintain in-house facial recognition systems, while smaller agencies often use it to control access at secure locations. DHS, the Justice Department, Health and Human Service, and the Interior Department either launched pilots or had programs using Clearview AI, which uses photos of faces scraped from the internet. A June report from the GAO found that out of 14 agencies, only Immigration and Customs Enforcement was in the process of creating a list of approved facial recognition vendors and a log sheet for the technology’s use.
Botnet scans for vulnerabilities in Realtek chipsets
Security researchers from Radware discovered a remote code execution flaw impacting Realtek chipsets used in 65 vendors’ IoT devices in binaries for the Dark.IoT’s botnet. The vulnerability provides multiple routes to cause buffer overflows in Realtek’s web management interface, leading to denial-of-service. The vulnerability had been discovered on August 16th and integrated into the botnet malware in less than a week, with Dark.IoT showing a tendency to quickly adapt proof of concept attacks from white hats into real world exploits. Realtek has issued a patch for its SDK, but vendors using its white-label tech will each have to push out the patch.
Does cyber insurance make ransomware worse?
According to a new study from the cybersecurity firm Talion, 70% of cybersecurity professionals believe cyber insurance payouts to victims exacerbates the issue of ransomware. The study also found that 45% of respondents thought organizations don’t report ransomware attacks to law enforcement because they believe it will slow down recovery, while 37% said it was because a company paid a ransom and wanted to avoid legal trouble as a result. 10% of respondents said they didn’t even know how to report a ransomware incident to law enforcement.
Cuba passes internet censorship law
Under the law, local telcos will be required to operate equipment capable of intercepting and supervising network traffic, enforced by the newly created Institute of Information and Social Communication. This law also requires compliance from so-called neighborhood networks, which operate in cities without a formal telco presence. The law also bans the importation and sale of networking devices without authorization from the Ministry of Communications. The law also includes cybersecurity provisions, requiring mandatory reporting of cybersecurity incidents to the Office of Security for Computer Networks, and classifying government criticism online as “cyberterrorism.”
Thanks to our episode sponsor, Privacy.com
New Hampshire town loses millions to email scammers
The town of Peterborough reported it lost $2.3 million as the result of business email compromise scammers, which redirected bank transfers using forged documents sent to the Peterborough Finance Department. This compromise was achieved using phishing and social engineering techniques. The town first became aware of the issue on July 26th when the ConVal School District reported it didn’t receive its $1.2 million monthly transfer. The US Secret Service Cyber Fraud Task Force is currently investigating the attack, which originated from overseas. It’s unclear if insurance will cover the lost funds, and it’s doubtful the transactions can be reversed.
South Korea looks to crack down on app store commissions
South Korea is passing a law that could force Apple and Google to stop collecting commissions from developers. According to Reuters, a South Korean parliamentary committee has already voted in favor of the amendment this week with the parliament set to cast their final vote. Apple said, “this step will put users who purchase digital goods from other sources at risk of fraud” and added that this move provides fewer opportunities for more than 482,000 registered Apple developers in the country.
Big chips make for big neural networks
Cerebras Systems is a startup known for making the world’s largest computer chip, essentially the size of an entire silicon wafer. The company now says that it developed a technology to allow a cluster of these chips to run a neural network with 120 trillion connections. For reference the largest AI models today generally have a trillion connections. Cerebras estimates this hardware can run calculations in one-fiftieth the time of existing hardware. No models have yet been trained on this hardware, but the company is targeting a nascent market for massive natural-language-processing AI algorithms. Current Cerebras customers includes the Argonne National Labs, Lawrence Livermore National Lab, big pharma companies and “military intelligence” organizations.
(Wired)
Fake streaming malware thrives during the Olympics
According to a new report from Zscaler ThreatLabz, malicious actors used the offer of free streaming of the Olympics to spread malware. Some of these approaches were sites simply offering unlimited Olympics streaming, prompting users to go through a payment portal. Other sites offered free coverage, but then installed browser extensions with adware like the YourStreamSearch extension. The OlympicDestroyer credential stealing malware also saw a resurgence, after being first spotted during the 2018 winter games. 40% of these attacks were targeted at the US.
(ZScalar)