OpenAI Takes Action Against Iranian Disinformation Campaign, legislators in the US are concerned about a popular router made in China, Google’s new Chrome updates will mask key data on screen sharing and is it time to ban the use of work laptops for personal use?
Welcome to Cyber Security Today. I’m your host, Jim Love
OpenAI has recently uncovered and neutralized a cluster of ChatGPT accounts linked to an Iranian disinformation operation.
The company identified these accounts as part of a group known as Storm-2035, which has a history of creating fake news websites to influence elections. The operators were using ChatGPT to generate both long-form articles and social media comments on topics including the U.S. presidential elections, the Israel-Hamas conflict, and Israel’s presence at the Olympic Games.
This operation is particularly noteworthy as it’s the first instance OpenAI has detected and removed that specifically targets U.S. elections. The discovery comes on the heels of Microsoft’s recent report on Iranian disinformation activities, which also highlighted spear-phishing attacks on U.S. presidential campaigns.
As part of their investigation, OpenAI identified a dozen accounts on X (formerly Twitter) and one on Instagram that were spreading this AI-generated content. Meta has since deactivated the Instagram account, linking it to a 2021 Iranian campaign that targeted users in Scotland.
While the potential for AI to amplify disinformation is concerning, it’s worth noting that most of the social media accounts sharing this content received little engagement. Ben Nimmo, principal investigator on OpenAI’s intelligence and investigations team, advises vigilance but caution against overreaction, stating, “There’s a big difference between an influence operation posting online and actually becoming influential by reaching an audience.”
It does emphasize the increasing role that Iran is playing in global cyberwarfare and it’s a good wake up call for us to watch what is happening at the intersection of cybersecurity and AI.
Sources include: OpenAI
Google is set to introduce a significant privacy enhancement to Chrome for Android, addressing a longstanding vulnerability in screen sharing and recording.
Currently, when users share or record their screen on Android devices, sensitive information such as passwords and credit card details can be inadvertently exposed. This occurs even in regular browsing tabs, though incognito mode already prevents screen capture entirely.
To tackle this issue, Google is testing a new experimental feature called “Redact sensitive content during screen sharing, screen recording and similar actions”. When enabled, this feature will automatically redact the entire content area of a webpage if it contains sensitive form fields like credit card information or passwords.
It’s important to note that this feature will only be available on Android V or later versions. While the exact release date for the general public is yet to be announced, tech enthusiasts can expect to see this feature in Chrome Canary, the experimental version of the browser, in the coming weeks.
This development underscores Google’s ongoing efforts to enhance user privacy and security in an era where screen sharing has become increasingly common for both personal and professional purposes.
In addition to this primary feature, Chrome for Android is also testing a new option to close all incognito tabs at once, further streamlining privacy management for users.
As we continue to navigate the digital landscape, such innovations in browser security serve as crucial safeguards for our sensitive information. Stay tuned for the official rollout of this feature in future Chrome updates.
Sources include: Bleeping Computer
According to a recent post in Krebs on Security, more than a million domain names, including those registered by Fortune 100 companies, are at risk of being hijacked by cybercriminals due to authentication weaknesses at several large web hosting providers and domain registrars. This vulnerability, often referred to as the “Sitting Duck” problem, was highlighted in new research from security experts at Infoblox and Eclypsium.
The issue arises when a domain’s DNS, or Domain Name System, records are misconfigured or incomplete, allowing attackers to take control of the domain without accessing the legitimate owner’s account. As most of our listeners will know, DNS is often described as the internet’s phone book, translates human-friendly website names into the numeric addresses computers use to locate websites.
But it is possible, and frequently happens, domains can be misconfigured so that these “lame” domains can be exploited to redirect users to malicious websites or used in phishing attacks.
The problem isn’t new—similar weaknesses were reported by Krebs as far back as 2019, but the new research shows that many hosting and DNS providers still haven’t addressed the issue.
Dave Mitchell, principal threat researcher at Infoblox, emphasized, “It’s easy to exploit, very hard to detect, and it’s entirely preventable.”
The report estimates that at least 30,000 of these vulnerable domains have been hijacked for malicious use since 2019.
For those who have domains under their administration, it’s well worth a thorough read of the original Krebs story and some of the other research on this issue. Links are in the show notes at technewsday.com
Sources: Krebs and the original Infoblox report
Two U.S. lawmakers are raising alarms over potential cybersecurity risks posed by Wi-Fi routers from the Chinese company TP-Link Technologies. In a letter to Commerce Secretary Gina Raimondo, Representatives John Moolenaar and Raja Krishnamoorthi highlighted what they describe as an “unusual degree of vulnerabilities” in TP-Link routers, urging the Department of Commerce to investigate these risks and consider whether TP-Link products should be restricted in the U.S.
The lawmakers expressed particular concern over China’s stringent data protection laws, which could compel companies like TP-Link to share data with the Chinese government. This concern is heightened by recent cyber activity from the Chinese Advanced Persistent Threat (APT) group known as Volt Typhoon, which has been linked to hacking campaigns targeting U.S. critical infrastructure by exploiting home routers.
In December 2023, the Justice Department dismantled a botnet linked to Volt Typhoon that included hundreds of compromised routers from brands like NetGear and Cisco. TP-Link routers have also been exploited in the past, with hackers using them to launch attacks or adding them to botnets that disrupt websites with fake traffic.
A recent incident in May 2023 saw cyberattacks on European foreign affairs entities attributed to a Chinese state-sponsored group known as Camaro Dragon. The group reportedly used a firmware implant in TP-Link routers to gain control of infected devices and access sensitive networks.
In response, TP-Link claimed it does not sell routers in the U.S. and stated that it has undergone a global restructuring, with separate entities based in California, Singapore, and China. We found that a little strange as you can easily find TP-Link routers by a simple search and they are often highly rated at least for home use.
Regardless, concerns remain, for all devices made in China, especially given China’s regulations that require security vulnerabilities to be reported to the government before being made public, potentially allowing state-sponsored hackers to exploit these weaknesses.
A shout out to James Reddick at the The Record for breaking this story.
Sources include: The Record
A recent study by cybersecurity firm ESET has revealed a concerning trend: 90% of workers admit to using their company-provided laptops for personal activities. While this may seem harmless, it poses significant cybersecurity risks, particularly in an era where hybrid and remote work have become the norm.
The study highlighted that many employees engage in risky behaviors on their work devices, such as viewing adult content, gambling, accessing the dark web, and illegally streaming sports. These activities not only expose the individual to potential cyber threats but also put sensitive company data at risk.
One alarming finding is that two-thirds of respondents admitted to accessing the dark web on their work laptops, with 17% doing so daily. Younger workers, especially those aged 16 to 24, were more likely to connect to unsecured public Wi-Fi and use personal USB devices, further increasing the risk of a security breach.
ESET’s Global Cybersecurity Advisor, Jake Moore, emphasized the need for companies to implement stronger cybersecurity measures, particularly given the blurred lines between work and personal life in hybrid setups. Moore noted that while employees are often considered the weakest link in cybersecurity, the responsibility lies with companies to ensure that their endpoint security is robust and that employees are educated about the risks.
Despite the clear dangers, one in five workers admitted that their work devices lacked any cybersecurity software, and a further 7% were unsure if their devices were adequately protected. This highlights a significant gap in both awareness and protection that companies need to address.
As hybrid work continues to blur the boundaries between personal and professional use of devices, companies must impose stricter rules to protect their data and their employees.
Sources include: Tech Radar
That’s our show. You can find the show notes with links at technewsday.com or .ca – take your pick. Cybersecurity returns to its three shows a week.
I’m your host, Jim Love. Thanks for listening.