Tag Archive for: Risks

SolarWinds Misled Public on Risks Before Hack, SEC Claims (1)

/in


The Securities and Exchange Commission-bsp-bb-link> alleged on Monday that SolarWinds Corp.-bsp-bb-link> defrauded investors by downplaying security risks ahead of a hack of its software that rippled through computer systems across the US government and corporate America.

The SEC also accused the top information security official at SolarWinds, Tim Brown, of breaking securities rules in a lawsuit filed in federal court in Manhattan. The action is the first time the regulator has sued a computer security executive for a cybersecurity-related issue.

The SolarWinds hack was among the worst cyber breaches in history, affecting hundreds of public companies and numerous government agencies. …

Source…

Why Apple risks facing India’s scrutiny after ‘hacking’ allegations against Modi government

/in


(Getty)

(Getty)

India’s lawmakers could pull up Apple representatives after several politicians from the country’s opposition said they received alerts on their iPhones warning them of “state-sponsored” hacking.

Ministers of the Narendra Modi-led government on Tuesday said they will investigate the allegations and “get to the bottom of these notifications” after screenshots of the alert sent by the American tech giant went viral on social media.

While opposition politicians have accused the ruling Bharatiya Janata Party (BJP) administration of spying on rivals and critics ahead of national elections in 2024, it could be Apple that soon faces the scrutiny of the Indian government.

A parliamentary committee on information technology is considering summoning representatives of Apple India over the alerts sent to public figures, an unnamed official of the committee was quoted as saying by news agency ANI on Wednesday.

The committee’s secretariat expressed “deep concern” over the alerts and is treating the matter with the “utmost seriousness”, the official said.

A minister from the Modi government also said Apple should explain what the notification means, especially their claims about the security of their devices.

“After today’s ‘threat notifications’ being received by many people, including MPs, and those in geopolitics, we expect Apple to clarify the following… if its devices are secure, why these ‘threat notifications’ are sent to people in over 150 countries,” said Rajeev Chandrasekhar, the minister of state for electronics and information technology, on X/Twitter.

The BJP’s lawmakers have also rubbished allegations of hacking made by opposition politicians.

“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID,” said a screenshot of the alert shared by opposition members.

“If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.

“While it’s possible this is a false alarm, please take this warning seriously,” it said.

The alerts were sent by…

Source…

British officials say AI chatbots could carry cyber risks

/in


Illustration shows AI (Artificial Intelligence) letters and computer motherboard

AI (Artificial Intelligence) letters are placed on computer motherboard in this illustration taken, June 23, 2023. REUTERS/Dado Ruvic/Illustration/File Photo Acquire Licensing Rights

Aug 30 (Reuters) – British officials are warning organisations about integrating artificial intelligence-driven chatbots into their businesses, saying that research has increasingly shown that they can be tricked into performing harmful tasks.

In a pair of blog posts due to be published Wednesday, Britain’s National Cyber Security Centre (NCSC) said that experts had not yet got to grips with the potential security problems tied to algorithms that can generate human-sounding interactions – dubbed large language models, or LLMs.

The AI-powered tools are seeing early use as chatbots that some envision displacing not just internet searches but also customer service work and sales calls.

The NCSC said that could carry risks, particularly if such models were plugged into other elements organisation’s business processes. Academics and researchers have repeatedly found ways to subvert chatbots by feeding them rogue commands or fool them into circumventing their own built-in guardrails.

For example, an AI-powered chatbot deployed by a bank might be tricked into making an unauthorized transaction if a hacker structured their query just right.

“Organisations building services that use LLMs need to be careful, in the same way they would be if they were using a product or code library that was in beta,” the NCSC said in one its blog posts, referring to experimental software releases.

“They might not let that product be involved in making transactions on the customer’s behalf, and hopefully wouldn’t fully trust it. Similar caution should apply to LLMs.”

Authorities across the world are grappling with the rise of LLMs, such as OpenAI’s ChatGPT, which businesses are incorporating into a wide range of services, including sales and customer care. The security implications of AI are also still coming into focus, with authorities in the U.S. and Canada saying they have seen hackers embrace the technology.

Reporting by Raphael Satter; Editing by Alex Richardson

Our Standards: The Thomson Reuters Trust Principles.

Acquire…

Source…

Tokyo risks being carried away by intel craving

/in



Japanese Prime Minister Fumio Kishida speaks during his news conference in Tokyo, Japan, on February 24, 2023. [Photo/Agencies]

The reforms implemented by Tokyo over the past 10 years have seen a break with the so-called postwar Yoshida Doctrine that emphasized concentrating resources on economic development and letting the US take care of the country’s security.

By bolstering its capacity for decision-making and removing some of the legal constraints on the use of force, Tokyo has positioned itself for a more integrated military alliance with the US while giving itself room to act in what it perceives to be its interests.

Japan released three documents last year that defined its change of security policy. With a sharp increase in military spending, the most significant take-away from the three documents is the US-Japan alliance is entering a new phase. With its own combat-credible forces, Japan will be proactively involved in international security affairs.

Since war-fighting requires a much higher level of information acquisition and analysis, as well as information sharing between militaries, to better enable this new approach, Japan is looking to strengthen its intelligence gathering and analysis capabilities by building an intelligence network in the Asia-Pacific. It has been proposed that Japan should be included in the Five Eyes intelligence-sharing group that comprises Australia, Canada, New Zealand, the United Kingdom, and the US, and the plan to set up a NATO liaison office in Tokyo was aimed at facilitating this.

But with that plan stalled, due to the opposition of some NATO members, the Fumio Kishida government has been prompted to take a new tact.

According to Japanese media reports, it intends to build an intelligence network to deal with cyberattacks with countries and regions in the “Indo-Pacific” region. It will begin by building cyber defense capabilities for vulnerable Pacific Island countries, and eventually establish a system that can share information about the symptoms and methods of attacks. This has in part been prompted by the hybrid warfare in Ukraine, where cyberspace…

Source…