As expected, this summer has seen a rise in various cybersecurity threats based on deepfake audio and video impersonations.

Despite warnings from the Federal Bureau of Investigation in June, it’s now quite common to experience these types of threats. The fakes are used to lend credibility to larger exploits, such as for a phishing email lure or a request from a superior. These can run the gamut of executive impersonation, performing various forms of financial fraud and obtaining stolen account credentials. My story for SiliconANGLE provides some perspective.

An aging core internet protocol is finally getting the ax by Microsoft Corp.

But it wasn’t just last month’s announcement that the software vendor was ending support for versions 1.0 and 1.1 of Transport Layer Security, or TLS, but that it was actually dropping the support from the impending release of the latest beta version of Windows 11. This means it is time to locate and update your aging TLS 1.0 and 1.1 systems, Windows 11 will disable by default in its next preview release.

You can read my story in SiliconANGLE here. 

By now most information technology managers are painfully aware of the consequences of software supply chain attacks. Thanks to exploits affecting the supply chains of SolarWinds,  Log4Shell and 3CX, the power and widespread damage inflicted by these attacks on thousands of businesses are certainly well-known. In addition to new software startups to try to help stop these attacks, there is also a new NIST draft strategy doc on how to cope with software supply chain exploits.

You can read my post for SiliconANGLE here.

The former hacker known as Mudge is once again on the move. Mudge, the alias for Peiter Zatko (pictured, center), was the former head of security back when X Corp. was known as Twitter. He is now a consultant for the U.S. Cybersecurity and Infrastructure Security Agency, the Washington Post reported yesterday. My story for SiliconANGLE here.

This has been the summer of adversarial chatbots.

Researchers from SlashNext Inc. and Netenrich discovered two such efforts, named WormGPT and FraudGPT. These cyberattack weapons are certainly just the beginning in a long line of products that will be developed for nefarious purposes such as creating very targeted phishing emails and new hacking tools. This summer demonstrated that generative artificial intelligence is quickly moving into both offensive and defensive positions, with many security providers calling out how they are using AI methods to augment their defensive tools. The AI security arms race has begun.

You can read my post in SiliconANGLE here.

A new report sponsored by the European Commission has found that social media has played a key role in the spread of Russian-backed disinformation campaigns since their war with Ukraine began.

“Over the course of 2022, the audience and reach of Kremlin-aligned social media accounts increased substantially all over Europe,” the researchers stated in the report, “Digital Services Act: Application of the Risk Management Framework to Russian disinformation campaigns.”

Here you can see various recruitment lures to join Russia’s cyber army who call themselves “Cyber Front Z” and are looking for help on Telegram to post content across networks, up- and down-vote posts, and hound opponents with derogatory comments. The photo shown in the screenshot above is one such target, a pro-Ukraine politician.

The work was done by the nonprofit group Reset and published last week. The group examined these campaigns across 10 languages and over a year. It can serve as useful guidance for U.S. regulators and for how businesses should moderate their own social media content. You can read my analysis for SiliconANGLE here.

• Microsoft revokes the certificates that were once VeriSign’s, now owned by DigiCert. Lots of confusion ensues.
• Lazarus Group strikes again, this time leveraging open source frameworks and more lethal tools. This criminal group — an arm of the North Korean government — has been active for years spreading all sorts of trouble via ransomware and other attacks.
• Pam Baker’s new book, ChatGPT for Dummies, is useful in a variety of situations, even if you think you already know a lot about the service and AI.
• The life and hard times of phishing-as-a-service malware groups, how they ply their criminal trade and how they work.