



Researchers revealed this week that code hidden inside PC motherboards has made millions of machines vulnerable to malicious updates. Staff at security firm Eclypsium have found code in hundreds of models of motherboards made by Taiwanese manufacturer Gigabyte that allow an updater program to download and run different software. The system was intended to keep motherboards always up to date, but it was discovered that the mechanism was not implemented securely and could allow attackers to hijack backdoors and install malware. researchers have found.

And Moscow-based cybersecurity firm Kaspersky said its staff were among the targets of a newly discovered zero-click malware affecting iPhones. Victims were sent a malicious message containing an attachment via Apple’s iMessage. The attack began by exploiting multiple vulnerabilities to automatically give the attacker access to the device before the message itself was deleted. Kaspersky said it believed the attack affected more people than just its own staff. On the same day Kaspersky revealed his iOS attack, the Russian Federal Security Service, also known as the FSB, launched the attack, claiming thousands of Russians were targeted by new iOS malware. It blamed the US National Security Agency (NSA). Russian intelligence also claimed that Apple was helping the NSA. The FSB has not released any technical details to support its claims, and Apple said it never inserted a backdoor into its devices.

If that’s not enough encouragement to keep your device up to date, we’ve rounded up all the security patches issued in May. Apple, Google, and Microsoft all released critical patches last month, so make sure you’re up to date.

There are more. Each week we wrap up a security story that we haven’t covered in depth ourselves. Click on the headline to read the full text. And stay safe outside.

U.S. Federal Trade Commission Chairman Rina Kern warned this week that the agency is seeing criminals use artificial intelligence tools to accelerate fraud and fraudulent activity. The comments, made in New York and first reported by Bloomberg, cited examples of voice cloning technology in which AI tricks people into thinking they’re hearing family members.

Recent advances in machine learning have made it possible to mimic human voices using just a few short clips of training data, but experts say the quality of voice clips generated by AI is can vary greatly. However, in recent months there have been reports of an increase in the number of fraudulent activities believed to involve clips of his generated audio. Khan said officials and lawmakers need to take early warning and that while new laws governing AI are being considered, existing laws still apply to many cases.

North Korean leaders said this week they made a rare acknowledgment of failure when the reclusive state’s attempt to put a spy satellite into orbit did not go as planned. They also said the country would try the launch again in the future. On May 31, the Chollima No. 1 rocket carrying a satellite successfully launched, but the second stage failed to operate and the rocket fell into the sea. The launch triggered an emergency evacuation alert in South Korea, which was later withdrawn by authorities.

The satellite would be North Korea’s first official reconnaissance satellite, which experts say would give it the ability to monitor the Korean peninsula. The country has launched satellites before, but experts believe it hasn’t sent images back to North Korea. The failed launch comes amid heightened tensions on the peninsula as North Korea continues to develop high-tech weapons and rockets. Following the launch, South Korea announced new sanctions against the Kimsuk hacking group, which has ties to North Korea and is said to have stolen classified information related to its space program.

In recent years, Amazon has come under loose scrutiny of people’s data. This week, the U.S. Federal Trade Commission, with the help of the Justice Department, issued two settlements to the tech giant over a series of missteps involving child data and its Ring smart home camera.

In one instance, a former Ring employee spied on a female customer in 2017 from whom Amazon acquired Ring in 2018, authorities said, watching videos of the female customer in her bedroom and bathroom. The FTC alleges Ring gave staff access to a dangerously wide range of videos and had a lax attitude towards privacy and security. In a separate statement, the FTC said Amazon stored recordings of children using the voice assistant Alexa and did not delete the data when parents requested it.

The FTC has ordered Amazon to pay approximately $30 million in two settlements and introduce several new privacy measures. Perhaps more consequentially, the FTC said Amazon should remove or destroy ring recordings prior to March 2018, as well as models and algorithms developed from improperly collected data. Orders must be approved by a judge before they can be carried out. Amazon disagrees with the FTC and denies breaking the law, but added that the settlement makes those issues a thing of the past.

As companies around the world race to embed generative AI systems into their products, the cybersecurity industry is stepping up. His OpenAI, developer of text and image generation systems ChatGPT and Dall-E, launched a new program this week to explore how cybersecurity professionals can best use AI. The project provides grants to those who develop new systems.

OpenAI has many potential uses, from using machine learning to detect social engineering efforts and generate threat intelligence, to inspecting source code for vulnerabilities and developing honeypots to trap hackers. proposing a project. AI is developing faster than many experts expected these days, and AI has been in use in the cybersecurity industry for several years, but many claims don’t always live up to the hype.

The U.S. Air Force is rapidly testing artificial intelligence in flying machines, and in January tested an AI-powered tactical aircraft. But this week, new claims began to circulate. During a practice test, an AI-controlled drone launched an attack that prevented the drone from achieving its objective, killing the human operator who oversaw it.

According to a synopsis of events in the British royal family, Colonel Tucker Hamilton began to realize that although the system had identified a threat, the human operator sometimes instructed it not to kill the threat, but it did. He said he got points for that. Aviation Association of London. Hamilton went on to say that while the system had been trained not to kill the operator, it began targeting the communication tower that the operator was using to communicate with the drone, stopping it from sending messages.

However, the U.S. Air Force claims the simulation was never conducted. Spokeswoman Anne Stefanek said the comments were taken out of context and were anecdotal. Hamilton also revealed that he was wrong and was talking about his thought experiment.

Nonetheless, the scenarios described highlight that automated systems can unintentionally bend the rules imposed on them in order to achieve set goals. In other cases, which the researchers call spec games, a simulated version of Tetris paused the game to avoid losing, or a character in an AI game committed suicide at level 1 to avoid dying on the next level. They have been seen hanging out.

