All posts tagged: cybersecurity

Trump administration to ask US AI firms to voluntarily submit models for cybersecurity tests

Trump administration to ask US AI firms to voluntarily submit models for cybersecurity tests

Published by Sam Flores

June 2 : The Trump administration will ask leading AI developers to voluntarily submit their most capable models for government cybersecurity tests before releasing them to the public, according to an executive order released on Tuesday, as security fears mount in Washington over powerful new AI systems such as Anthropic’s Mythos. U.S. President Donald Trump signed an executive order that directs the departments of Treasury, Defense, Commerce and Homeland Security, plus other government officials and agencies, to secure agreements with AI developers to test their models. U.S. agencies would get up to 30 days to test the models before they are released to organizations outside the government, according to the order. It also directs the agencies to emphasize bolstering cyber defense across government. The order signals Trump is shifting his strategy on AI and taking a more active role in monitoring the technology’s capabilities. Since returning to office, he has said the federal government should take a hands-off approach to the tech sector, and has tried to discourage states from adopting AI regulations that he opposes. …

Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow

Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow

Published by skeptic

The United States military has known for years that enemies could use location data to track troops’ phones—and it’s also long been aware of easy fixes for the problem. The Pentagon adopted almost none of these protections, though, in spite of admitting in a letter exposed this week that US adversaries are actually using the data to target soldiers in war. Meanwhile, US law enforcement warned this week about “anti-tech extremism” as AI backlash grows around the country. After a nearly 90-day internet shutdown, connectivity started to trickle back into Iran this week amid internal political power struggles and ongoing negotiations with the US to end its war with Tehran. Researchers cautioned that it is unclear how extensive the restoration will be and whether connectivity will only return temporarily. As cybercriminals and offensive hackers ramp up their use of AI to exploit vulnerabilities and develop hacking tools, the technology is also radically changing the dynamics of how security researchers hunt for vulnerabilities. And scammers are using real hotel reservation data and other travel details to …

Claude Mythos 1 Preview Leaked: Cybersecurity and Math Benchmarks

Claude Mythos 1 Preview Leaked: Cybersecurity and Math Benchmarks

Published by skeptic

The recent leak of Claude Mythos 1 has provided a rare look at Anthropic’s advanced AI model, sparking discussions about its potential applications and implications. In a detailed hands-on review, World of AI examines the leaked outputs, including standout examples like solving Erdos Problem 90, a challenging geometry problem and generating a Python-based visualization titled Saturn spaceship pie art. These examples highlight the model’s strengths in mathematical reasoning, creative problem-solving, and programming expertise, underscoring its potential to tackle complex, high-stakes challenges. Anthropic’s cautious approach to a possible public release reflects its focus on safety, making sure that such capabilities are deployed responsibly. Dive into this breakdown to explore how Claude Mythos 1 performed on the Exploit Bench, where it achieved a leading score of 69%, and what this means for its role in cybersecurity. You’ll also gain insight into its versatility across fields like research and development, enterprise systems, and cloud security, as well as its implications for developers navigating AI integration. This review offers a comprehensive look at the model’s potential impact while addressing …

The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are

The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are

Published by skeptic

For nearly a decade, the Pentagon was warned—by its own contractors, analysts, and intelligence agencies—that anyone with a credit card could buy a map of where American troops sleep, work, and store nuclear weapons. Now the bill has come due in a war zone. A newly disclosed letter shows the warnings went unheeded: US Central Command now confirms it has received “multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater”—the first official acknowledgment that the data-broker economy is being used to hunt American forces in the Middle East. The targeting was first reported by Reuters, which obtained the Centcom letter. But the confirmation lands atop a record that is longer and more damning than the single document suggests. For the better part of a decade, US lawmakers have heard the same alarms about the dangers of commercially available location data that the Pentagon did—from the same intelligence assessments, from witnesses, from their own colleagues. Yet comprehensive privacy legislation has repeatedly stalled in Washington, and the one …

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Published by skeptic

“We would not say that every single phishing message we observed was definitively caused by a direct compromise of the hotel’s own internal systems,” the researcher says. Phishing messages could have been sent using information from other data breaches or systems not linked to the travel industry. “The common factor is that criminals are weaponizing real reservation context and pushing travelers into a fake verification or payment flow,” Corrons says. Corrons says Norton has been unable to fully unpick who may be behind the attacks but says investigations are ongoing. Those sending some of the phishing messages appear to be using phishing kits designed to speed up and automate the process of sending and collecting information, he says, and in several cases the same phishing kit or technical infrastructure has been used. The company is not publishing the full list of potentially compromised hotels and holiday accommodations, Corrons says; however, he says the company has been in touch with Europol about its findings. A Europol spokesperson declined to comment, saying it does not discuss its …

CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks

CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks

Published by skeptic

CrowdStrike, working with Google and Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks, took down a botnet that cybercriminals used to push malware and steal passwords from open-source software developers. The takedown operation had the goal of disrupting the activities of the cybercriminals behind the so-called Glassworm botnet, who have been targeting the broader open source software supply chain for two years, according to CrowdStrike.  In recent months, several hacking groups have targeted developers and open source projects to push malicious software to companies and organizations who in turn use that software. These attacks can be effective because they exploit the trust that companies put into code that’s hosted on platforms like GitHub, and the workers behind that code. “Adversaries are no longer just targeting products, they’re targeting the developers who build them,” CrowdStrike wrote in its report about the takedown operation. “Developers represent uniquely high-value targets: compromising a single developer’s workstation can cascade into a supply-chain compromise that impacts thousands of downstream organizations and users.” The Glassworm hackers used several …

UK spy chief warns of rising Russia, China threat to the West

UK spy chief warns of rising Russia, China threat to the West

Published by Sam Flores

Anne Keast-Butler, director of GCHQ, pictured during CYBERUK 2024 on May 14, 2024, in Birmingham, England. Matthew Horwood for CYBERUK | Getty Images News | Getty Images Britain and its allies have a “narrowing window” to keep ahead of security risks posed by China, Russia and other adversaries, the U.K.’s top intelligence agent will warn on Wednesday. In a rare public speech, Anne Keast-Butler, the director of GCHQ — the U.K.’s intelligence, cyber and security agency — will say Britain is at a “moment of consequence,” with the country facing increasingly brazen behavior from hostile nations. “China is now a science and tech superpower with sophisticated capabilities across their intelligence, cyber and military agencies,” Keast-Butler is set to say, according to excerpts from the speech released ahead of time by her office. “The ground beneath our feet is shifting,” as AI continues to develop swiftly, she will say, with new technologies creating a “narrowing window for the U.K. and allies to stay ahead.” Earlier this month, two men became the first in history to be found …

UK Visa Portal spilled thousands of applicants’ passports and selfies online — and hasn’t fixed the leak

UK Visa Portal spilled thousands of applicants’ passports and selfies online — and hasn’t fixed the leak

Published by skeptic

A website called UK Visa Portal is publicly exposing the passports and selfie photos of applicants who signed up and paid the site to obtain a U.K immigration visa, TechCrunch has learned. An anonymous person notified TechCrunch about the security lapse, saying that the website is exposing at least 100,000 documents from people who uploaded their passports and selfies to the website as part of the application process. The website is not affiliated with the U.K. government, and some have complained that they mistakenly paid a fee to this company instead of using the official GOV.UK website. TechCrunch confirmed that UK Visa Portal is the source of the data leak and verified the authenticity of the exposed data by contacting affected individuals to ask if their information was accurate. UK Visa Portal does not have a way to report security issues through its website, nor does its website provide names or contact information for the company’s management. TechCrunch sent an email to the address listed on UK Visa Portal’s website to alert the company that …

Inside the rise of digital embassies – POLITICO

Inside the rise of digital embassies – POLITICO

Published by Sam Flores

Sharing the AI load As Europe wakes up to its dependence on private tech from the U.S. and China, some countries are weighing whether building a digital embassy is better than relying on a private cloud service. Luxembourg’s Deputy Prime Minister Xavier Bettel, who says the principality has become a trusted digital partner, at a technolgoy summit in Lisbon in November 2024. | Horacio Villalobos/Corbis/Getty Images “When we speak about digital sovereignty, we don’t need to send them to the States or to Asia, we can do it in Europe,” said Bettel. “It’s not against someone, it’s just in favor of sovereign Europe.” The idea is also sparking the curiosity of countries that want to supercharge artificial intelligence development and data processing but don’t have the resources to do it in their own country. Earlier this month, the World Economic Forum launched a global framework for bilateral agreements to establish such digital embassies. The framework touches on things like access rights, data disclosures, jurisdiction, privacy laws, dispute resolution and the interoperability of infrastructure. As AI …

The AI Era Is Creating a Bug Hunting Arms Race

The AI Era Is Creating a Bug Hunting Arms Race

Published by skeptic

“Nation state issues are very serious and very real, but criminal actors still make up the vast majority of incidents that organizations deal with and many of those incidents are quite serious,” Hultquist adds. “Zero-day use by criminal actors has been fairly limited, and the ones that do use them tend to be really successful, so I think we shouldn’t underestimate the impact of more criminals with a zero day in their hands.” For researchers making money through bug hunting, though, times are changing. The command-line tool Curl ended its bug bounty program (run through third-party service HackerOne) in January after being inundated with low-quality submissions generated by AI. “We have concluded the hard way that a bug bounty gives people too strong incentives to find and make up ‘problems’ in bad faith that cause overload and abuse,” the group wrote at the time, adding that “we still appreciate and value valid vulnerability reports.” Last week, Linux creator and lead developer Linus Torvalds wrote that the famed Linux security mailing list has become “almost entirely …