The Myth of ‘Open Source’ AI

source: wired.com  |  image: pexels.com

 

A new analysis shows that “open source” AI tools like Llama 2 are still controlled by big tech companies in a number of ways.

CHATGPT MADE IT possible for anyone to play with powerful artificial intelligence, but the inner workings of the world-famous chatbot remain a closely guarded secret.

In recent months, however, efforts to make AI more “open” seem to have gained momentum. In May, someone leaked a model from Meta, called Llama, which gave outsiders access to its underlying code as well as the “weights” that determine how it behaves. Then, this July, Meta chose to make an even more powerful model, called Llama 2, available for anyone to download, modify, and reuse. Meta’s models have since become an extremely popular foundation for many companies, researchers, and hobbyists building tools and applications with ChatGPT-like capabilities.

Continue reading “The Myth of ‘Open Source’ AI”

Data of 2.6 Million Duolingo Users Leaked on Hacking Forum

 

source: infosecurity-magazine.com  |  image: pixabay.com

 

Data from 2.6 million users of Duolingo, a language learning platform with over 74 million monthly users, has been leaked on a hacking forum.

The compromised data, which includes real names, login names, email addresses and internal service-related details, was initially offered for sale on the now defunct Breached hacking forum in January 2023 for $1500. 

Despite Duolingo’s confirmation to The Record that the data was sourced from publicly available profiles, the leaked email addresses are particularly alarming as they are not public information and can facilitate targeted phishing attempts.

“We’re aware of this report. These records were obtained by data scraping public profile information. We have no indication that our systems were compromised. We take data privacy and security seriously and are continuing to investigate this matter to determine if any further action is needed to protect our learners,” a spokesperson from the company confirmed to Infosecurity in an email. 

Continue reading “Data of 2.6 Million Duolingo Users Leaked on Hacking Forum”

Ransomware Attacks are on the Rise

source:  threatpost.com  |  image: pixabay.com

 

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

After a recent dip, ransomware attacks are back on the rise. According to data released by NCC Group, the resurgence is being led by old ransomware-as-a-service (RaaS) groups.

With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks. That’s ten more than the month prior, and more than twice as many as the second and third most prolific groups combined. “Lockbit 3.0 maintain their foothold as the most threatening ransomware group,” the authors wrote, “and one with which all organizations should aim to be aware of.”

Continue reading “Ransomware Attacks are on the Rise”

US issues threat warning after hackers break into a satellite

source: defenseone.com  |  image: pexels.com

Three teams at the DEF CON 23 convention met a government challenge to hack satellite in orbit.

It seems like nothing is off limits for threat actors to target these days. Hospitals, schools, charity organizations and even municipalities have all been successfully targeted by malicious cyberattacks in recent years. And now, it seems like attackers are even looking into space for new systems to try and compromise.

Last week, the Office of the Director of National Intelligence, in coordination with the FBI, the National Counterintelligence and Security Center, and the Air Force Office of Special Investigations, issued a warning about increased attempts to attack both satellites in orbit and the intellectual property of companies developing space technologies.

The warning comes just about a month after three teams at the DEF CON 23 convention in Las Vegas managed to hack a government satellite in orbit. Those attacks were conducted with the full permission of the government as part of the U.S. Space Force’s Hack-A-Sat competition. Three of the teams that successfully breached the security of the orbiting satellite were awarded up to $50,000 in prize money for demonstrating how such an attack could be conducted. This was the first time that hacker groups were able to prove that it was now possible to circumvent the cybersecurity protections of satellites in orbit.

Continue reading “US issues threat warning after hackers break into a satellite”

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

source: securityweek.com  |  image: pexels.com

 

Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Government agencies in Australia, Canada, New Zealand, the UK, and the US have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Last year, the Five Eyes agencies say, threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities, including flaws for which proof-of-concept (PoC) exploit code exists publicly.

Continue reading “Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities”

Officials found suspected Chinese malware hidden in various US military systems. Its intended use is disruption rather than surveillance, a ‘disturbing’ change in intent, experts say.

 

source: businessinsider.com  |  image: pexels.com

 

  • Suspected Chinese malware has been identified in several US military systems. 
  • Unlike other surveillance malware from China, this malware seems intended to disrupt operations.
  • The malware could also have the ability to disrupt normal civilian life and businesses.

US officials found suspected Chinese malware across several military systems — and unlike previous attacks, experts say the intent is more likely to disrupt rather than to surveil, The New York Times reports.

The attacks first came into the public eye in May after Microsoft identified malicious code in telecommunications software in Guam, where the US houses the Andersen Air Force Base.

Continue reading “Officials found suspected Chinese malware hidden…”

Array Labs is scanning Earth from space to equip autonomous vehicles with 3D maps

source: tecncrunch.com  |  image: pexels.com

 

It’s an oft-told story: The boom of space startups today can be traced to dramatically lowered cost in launch and satellite manufacturing over the past 10 years. But Array Labs, a two-year-old startup based in Silicon Valley, is also taking advantage of other technological developments in its quest to build a 3D map of Earth.

Those include computation gains, like in advanced graphics processors (GPUs), and radar software development, Array CEO Andrew Peterson explained. Peterson, an aerospace engineer who had previously worked for General Atomics Aeronautical Systems and Moog’s space and defense division, said the revolution in scientific computing has opened up new possibilities.

“If could take all of this superpower that we were seeing in radar and scientific computing, and you could couple that with really low-cost satellites . . . there’s probably a really, really interesting way to do a new type of Earth observation,” he said. “This was the best idea that I’ve ever had.”

New report details China’s presence in U.S. systems

 

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

U.S. officials are reportedly concerned about the possibility that China-backed hackers have snuck malware onto networks underpinning military and critical infrastructure operations.

Driving the news: That’s according to a New York Times report that ran Saturday, which raises the question of whether China is already laying the groundwork for a potential Taiwan invasion.

Why it matters: U.S. officials and cybersecurity experts have long anticipated that cyber warfare would play a major role in a potential Chinese invasion of Taiwan.

  • In that scenario, experts anticipate that China would use a destructive cyberattack to disrupt communications between the U.S. and Asian countries.

The big picture: In recent years, China state-backed hackers have become stealthier and more difficult to detect on networks — targeting internet-facing security tools to evade traditional detection and stealing obscure encryption keys to hack government email accounts.

  • The Times’ report is the latest warning that China-backed hackers are getting savvier.

Details: The new concerns build on a Microsoft report released in May that identified a new piece of China-linked malware on telecommunications systems in Guam and elsewhere in the U.S.

  • Now, the Times reports the malware is more widespread and older than initially suggested. The White House has reportedly kicked off a series of Situation Room meetings and started briefing state officials and utility companies.

Yes, but: It’s unclear what the motive for the campaign might be. Countries spy on each other all the time, but a destructive cyberattack is much rarer and would have larger geopolitical consequences.

What they’re saying: “Without weighing in on the specific details of the NYT story, the topic is significant, but threats of this nature, which seek to compromise our critical infrastructure, are not new,” Marc Raimondi, a former national security official, told Axios.

  • “It’s something to be concerned about for sure, but it’s amongst many things that we should be concerned about regarding the [People’s Republic of China] and our other advanced adversaries in the cyber and critical infrastructure realm,” he added.