Generative AI used for child porn, Google to pay Washington state millions for misleading location practices, and more
Welcome to Cyber Security Today. It’s Wednesday, May 24th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Generative AI systems, such as ChatGPT, are extensively being used now for fraud and harmful content. That includes training AI systems to create images of child sex abuse and deepfake audio files that tout extremism. This is according to researchers at ActiveFence. Among the worrisome evidence: A poll of 3,000 people on a closed child predator forum on the dark web found 78 per cent have or plan to use generative AI for child sex abuse images or stories. The report is another call for governments to impose regulatory safeguards on the use of generative AI.
I’ve reported many times on hackers trying brute force attacks on internet-connected devices as a way to initially get into corporate IT networks. The latest evidence on this comes from a French company called Tehtris, which has some honeypots set up on the web to learn the tactics of attackers. The most common words those who recently tried to hack devices on a honeypot were variations of the word ‘password’ and ‘welcome’ — like ‘password123’ and so on. Two of the most common usernames tried are ‘admin’ and ‘root.’ It’s imperative that IT administrators make sure not only that employees use safe passwords but also the default passwords that come with new hardware and software are changed as soon as they are installed.
Google has agreed to pay Washington state almost US$40 million to settle allegations of using misleading location practices. Google will also have to follow court-ordered reforms to increase transparency about its location tracking settings. The state alleged Google deceptively led consumers to believe they have control over how Google collects and use their location data. However, the state said, consumers really couldn’t effectively prevent Google from collecting and profiting from their location data.
Many government entities in Utah still haven’t adopted cybersecurity best practices. That’s according to a report from the state’s legislative auditor-general, which surveyed cities, counties, towns, school districts and colleges. What many haven’t done are the basics, like adopting a cybersecurity framework to follow. How unimportant is cybersecurity among government agencies in Utah? Only 37 per cent of organizations replied to the government survey.
The KeePass password manager has a vulnerability. A researcher created a proof-of-concept hack showing the master password — except for the first character — can be recovered from the application’s memory. A hacker would need access to a victim’s computer. This hack can’t be done remotely over the internet. Still, watch for and install a new KeePass update to fix this hole.
A 28-year old British IT security analyst has been convicted of blackmailing his company after it was hit with a cyber attack in 2018. The attacker demanded a ransom. After that the employee accessed and altered the attacker’s email message in hopes that if a payment was made it would go to him. Unfortunately, he left a digital trail that led back to his home computer. Deleting data before the police arrived didn’t help him. He will be sentenced in July.
Finally, are you looking for cyber insurance? Do you fear rising premiums? There’s good news. Researchers at GlobalData think the pressure on insurers to keep increasing premiums may ease in the second half of this year. And as economic conditions become less burdensome on businesses demand for cyber insurance will increase. Greater levels of cybersecurity, lower tendencies to give in to ransom demands, war exclusions in policies and a more competitive insurance landscape will help keep a lid on prices, GlobalData feels. One unanswered question: Will premiums drop?
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
The post Cyber Security Today, May 24, 2023 – Generative AI used for child porn, Google to pay Washington state millions for misleading location practices, and more first appeared on IT World Canada.