Dark mode: ON

Infosec Decoded Season 3 #91: Edge Devices

With @kaitlynguru@infosec.exchange and @sambowne@infosec.exchange

Tue, Nov 17, 2023

Kaitlyn Handelman

Ransomware gang files SEC complaint over victim’s undisclosed breach

Running Signal Will Soon Cost $50 Million a Year

Project Kuiper ready for satellite production after successful prototype tests

Sam Bowne

The Implosion of Nikki Haley’s Social Media Crusade
“Every person on social media should be verified, by their name. That’s, first of all, it’s a national security threat,” Haley said. Banning anonymous accounts would get “rid of the Russian bots, the Iranian bots and the Chinese bots,” she continued. “They need to verify every single person on their outlet, and I want it by name.”

From toy to tool: DALL-E 3 is a wake-up call for visual artists—and the rest of us
You type in a description of what you want to see, and DALL-E 3 creates it. It's much more accurate than earlier versions, because it uses GPT-4 to improve your description before sending it to a "latent diffusion: image generator.

Google is embedding inaudible watermarks right into its AI generated music
Google now watermarks AI-generated music and images. The watermarks are preserved even if an audio track is compressed, sped up or down, or has extra noise added.

As Musk endorses antisemitic conspiracy theory, X has been placing ads for Apple, Bravo, IBM, Oracle, and Xfinity next to pro-Nazi content
IBM “suspended all advertising on X while we investigate this entirely unacceptable situation.”

Elephant Hunting | Inside an Indian Hack-For-Hire Group
Very detailed examination of the Appin Security Group, a renowned entity in the realm of hack-for-hire services.

FTC Takes Action Against Global Tel*Link Corp. for Failing to Adequately Secure Data, Notify Consumers After Their Personal Data Was Breached
Global Tel*Link and two of its subsidiaries failed to implement adequate security safeguards to protect personal information they collect from users of its services. When they were hacked, they waited approximately nine months to notify affected customers and only contacted 45,000 users—even though the breach may have affected hundreds of thousands of additional customers. The proposed order with the FTC requires them to improve security practices and notifications to users.

Google’s new Titan security keys are ready for a world without passwords
Other two-factor technologies like code generators, push notifications, and sending codes via email or text can add some protection against attackers stealing your password. But security keys go beyond that by using cryptography that verifies things on both ends: ensuring it’s a legit key and that you’re not giving up your login information to a fake website.

Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice
85% of known zero-day vulnerabilities exploited by Chinese state-sponsored groups since 2021 have targeted public-facing appliances, including firewalls, enterprise VPNs, hypervisors, load balancers, and email security tools. Many of these devices and appliances have limited visibility, logging capabilities, and support for traditional security solutions. "Organizations should consider these factors when initially procuring network appliances in order to enhance the ability to detect and respond to threats," according to the report.