Security daily (15-09-2021)

UN calls for human rights safeguards on artificial intelligence

The United Nations’ top human rights official Wednesday called for a global moratorium on the sale and use of artificial intelligence systems that pose human rights concerns until safeguards are put in place. “We cannot afford to continue playing catch-up regarding AI – allowing its use with limited or no boundaries or oversight, and dealing with the almost inevitable human rights consequences after the fact,” U.N. High Commissioner for Human Rights Michelle Bachelet said alongside the release of a report on the emerging technology. “The power of AI to serve people is undeniable, but so is AI’s ability to feed human rights violations at an enormous scale with virtually no visibility.” The U.N. did not list specific AI tools that governments should ban. Instead, the report points to a number of ways the technology is used in decision-making that can have life-altering consequences, including the rise in the use of […] The post UN calls for human rights safeguards on artificial intelligence appeared first on CyberScoop. (CyberScoop)

Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill

Shortly after Congress took action on a $1 trillion infrastructure bill, hackers posing as U.S. Transportation Department officials offered fake project bid opportunities to seduce companies into handing over Microsoft credentials, researchers say. The ploy included layers of attempts to disguise the malicious appeals as authentic government solicitations, and even eventually led the would-be victims back to the actual Department of Transportation website, according to a Wednesday blog post from INKY, an email security company. “The basic pitch was, with a trillion dollars of government money flowing through the system, you, dear target, are being invited to bid for some of this bounty,” wrote Roger Kay, vice president of security strategy for the firm. Never mind that the infrastructure legislation hasn’t fully worked its way through Congress yet, nor that few of the phishing campaign’s targets would even be eligible for the infrastructure projects that bill would fund. It’s the […] The post Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill appeared first on CyberScoop. (CyberScoop)

S3 Ep50: Two 0-days plus another 0-day plus a fast food bug [Podcast]

Bugs! So many bugs! Latest episode - listen now... (Naked Security)

House Committee Tees Up New FTC Data Security Bureau

(News ≈ Packet Storm)

Unsecured Fitness App Database Leaks 61M Records

(News ≈ Packet Storm)

DOJ Fines NSA Hackers Who Assisted UAE In Attacks On Dissidents

(News ≈ Packet Storm)

Anonyous Claims To Have Stolen Huge Trove Of Data From Epik

(News ≈ Packet Storm)

A Cheat-Sheet on Internet Cookies – (Who, What, When, Why & How)

What are internet cookies, how should you feel about them? Are they helpful, harmless, dangerous?   Cookies are key to our modern online experience with targeted website ads and predictive search text that seems to read our minds. Cookies help us gain a customized online experience, but what do we lose? Are we being manipulated by our own data?   There has been great debate over the ethics of cookies and where to draw the line. Continue reading A Cheat-Sheet on Internet Cookies – (Who, What, When, Why & How) at Sucuri Blog. (Sucuri Blog)

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure (The Hacker News)

3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company

The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. The trio in question — Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40 — are accused of "knowingly and willfully combine, conspire, confederate, and (The Hacker News)

Download the Essential Guide to Response Automation

In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, "You keep using that word. I do not think it means what you think it means." It's freely used as a response to someone's misuse or misunderstanding of a word or phrase.

"Response Automation" is another one of those phrases that have different meanings to different people. It's bantered around by the (The Hacker News)

No Patch for High-Severity Bug in Legacy IBM System X Servers

Two of IBM's aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw. (Threatpost)

Attackers Impersonate DoT in Two-Day Phishing Scam

Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site. (Threatpost)


/security-daily/ 16-09-2021 23:44:22