Lifeboat Foundation

PORTSMOUTH, Va. (WAVY) – Artificial intelligence is already revolutionizing society – from healthcare and education to cybersecurity and even our courts. Despite all of its benefits, it has also given criminals an edge when it comes to deceiving us.

Financial sextortion is a crime in which a bad actor attempts to leverage personal material (think: naked pictures or videos) to force a victim into giving into their demands — usually money or other compromising material.

You may have stumbled across the Flipper Zero hacking device that’s been doing the rounds. The company, which started in Russia in 2020, left the country at the start of the war and moved on since then. It claims it no longer has ties to Russia and that it is on track to sell $80 million worth of its products this year after selling almost $5 million worth as Kickstarter preorders — and it claims it sold $25 million worth of the devices last year.

So what are they selling? Flipper Zero is a “portable gamified multi-tool” aimed at everyone with an interest in cybersecurity, whether as a penetration tester, curious nerd or student — or with more nefarious purposes. The tool includes a bunch of ways to manipulate the world around you, including wireless devices (think garage openers), RFID card systems, remote keyless systems, key fobs, entry to barriers, etc. Basically, you can program it to emulate a bunch of different lock systems.

Continue reading “Flipper hacking device on track to make $80M worth of sales” »

Shouldn’t Facebook have alerted us and not CBS News?

The fake notice went on to say that a photo uploaded to the account’s page violated Facebook’s copyright infringement policy and that the decision could be appealed within 24 hours.

Continue reading “Facebook users targeted in copyright infringement scam” »

AI is quickly becoming an essential part of daily work. It’s already being used to help improve operational processes, strengthen customer service, measure employee experience, and bolster cybersecurity efforts, among other applications. And with AI deepening its presence in daily life, as more people turn to AI bot services, such as ChatGPT, to answer questions and get help with tasks, its presence in the workplace will only accelerate.

Much of the discussion around AI in the workplace has been about the jobs it could replace. It’s also sparked conversations around ethics, compliance, and governance issues, with many companies taking a cautious approach to adopting AI technologies and IT leaders debating the best path forward.

While the full promise of AI is still uncertain, it’s early impact on the workplace can’t be ignored. It’s clear that AI will make its mark on every industry in the coming years, and it’s already creating a shift in demand for skills employers are looking for. AI has also sparked renewed interest in long-held IT skills, while creating entirely new roles and skills companies will need to adopt to successfully embrace AI.

It turns out that reports of its death were greatly exaggerated. NASA says it’s figured out a way to extend the mission of its interstellar Voyager 2 probe by another three years.

And that’s no easy feat, considering the probe has been screaming through the cosmos since 1977 and is currently more than 12 billion miles from Earth.

The probe recently switched to its backup power reserves, which were originally set aside as part of an onboard safety mechanism, according to an update by NASA’s Jet Propulsion Laboratory.

The theft of the ChatGPT login credentials was orchestrated using the Raccoon Infostealer malware, said cybersecurity firm Group-IB.

Attackers are increasingly targeting vulnerable developer laptops to infiltrate production systems without directly attacking them, warned cloud security expert Lee Atchison.

Instead of waiting for an application to become fully functional, hackers target the development process used to bring an application to a state of operation, Atchison said, speaking at a recent Uptycs-sponsored Cybersecurity Standup, “Castles in the Sky – Secure Your App Dev Pipeline From Laptop to Cloud.”

“We focus so much attention on keeping data and cloud data centers secure. But we haven’t realized that all of this technology feeds into the data centers and that one of the primary drivers of that is developers, the source code they develop, and the machines that they develop the source code on,” Atchison said. “Those DevOps machines feed into the production systems but have nowhere near the level of protection behind them that the production data centers do.”

Chat gpt 4 has near limitless potential for AI good and it helping so many coders already. It is much like the beginning of the star trek computer and Jarvis from Ironman. It is actually making quick work of all the coding tasks. The real potential is full automation where even work and society could evolve millions of years in seconds. For space exploration we could see it implemented for information of all kinds that is accurate. Eventually it really could be a star trek computer for space exploration. This will only get smarter and Eventually gaps of knowledge even from college level tasks can be easily done and beyond. Along with neuralink even humans could have accurate knowledge with chat gpt 4 including all known knowledge like the entire internet inside neuralink eventually. This could even help with guarding against the superintelligence if that were to happen. Also can even guard nations eventually from polymorphic malware. This tool is a definite force of AI good so stay tuned to chat gpt 4 and beyond.

Hold onto your hats! Microsoft has done it again with the announcement of GitHub Copilot X powered by GPT-4. This shiny new iteration offers many features that will make your pair programming experience feel like a walk in the park.

Microsoft Azure Bastion and Azure Container Registry have each been found to have one potentially “dangerous” security flaw that, if taken advantage of, may have resulted in a cross-site scripting (XSS) attack being carried out on the affected service. XSS attacks take occur when threat actors insert arbitrary code into a website that would otherwise be trusted. This code is then run each time visitors who are not aware of the attack visit the website.

Both of the vulnerabilities that Orca found take use of a vulnerability in the postMessage iframe, which makes it possible for Window objects to communicate with one another across domains. The vulnerabilities allowed for illegal access to the victim’s session inside the compromised Azure service iframe. This may result in serious repercussions, such as unauthorized data access, unauthorized alterations, and interruption of the Azure services iframes, among other things. This meant that the vulnerability could be exploited to embed endpoints into remote servers by utilizing the iframe element. This would eventually result in the execution of malicious JavaScript code, which would compromise sensitive data.

However, in order to take advantage of these vulnerabilities, a threat actor would first need to undertake reconnaissance on various Azure services in order to identify vulnerable endpoints contained inside the Azure interface. These endpoints may be missing X-Frame-Options headers or have Content Security Policies (CSPs) that are inadequate.