Tag: Risks | Page 5

China warns of artificial intelligence risks, calls for beefed-up national security measures

May 31, 2023/in Computer Security

China’s ruling Communist Party has warned of the risks posed by advances in artificial intelligence while calling for heightened national security measures.

The statement issued after a meeting Tuesday chaired by party leader and President Xi Jinping underscores the tension between the government’s determination to seize global leadership in cutting-edge technology and concerns about the possible social and political harms of such technologies.

It also followed a warning by scientists and tech industry leaders in the U.S., including high-level executives at Microsoft and Google, about the perils that artificial intelligence poses to humankind.

The meeting in Beijing discussed the need for “dedicated efforts to safeguard political security and improve the security governance of internet data and artificial intelligence,” the official Xinhua News Agency said.

“It was stressed at the meeting that the complexity and severity of national security problems faced by our country have increased dramatically. The national security front must build up strategic self-confidence, have enough confidence to secure victory, and be keenly aware of its own strengths and advantages,” Xinhua said.

“We must be prepared for worst-case and extreme scenarios, and be ready to withstand the major test of high winds, choppy waters and even dangerous storms,” it said.

Xi, who is China’s head of state, commander of the military and chair of the party’s National Security Commission, called at the meeting for “staying keenly aware of the complicated and challenging circumstances facing national security.”

China needs a “new pattern of development with a new security architecture,” Xinhua reported Xi as saying.

China already dedicates vast resources to suppressing any perceived political threats to the party’s dominance, with spending on the police and security personnel exceeding that devoted to the military.

While it relentlessly censors in-person protests and online criticism, citizens have continued to express dissatisfaction with policies, most recently the draconian lockdown measures enacted to combat the spread of COVID-19.

China has been cracking down on its tech sector in an…

Source…

Temu accused of data risks amid TikTok, Pinduoduo fears

May 16, 2023/in Computer Security

The U.S. has accused Temu of potential data risks after Google suspended its Chinese sister app, but analysts are not too worried.
“Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” said Kevin Reed, chief information security officer at cybersecurity firm Acronis.
Temu is taking the U.S. market by storm with discount items from fashion to pet supplies to home goods.
“I am less worried about the shopping apps than social media platforms like TikTok and Lemon8,” said Lindsay Gorman, senior fellow for emerging tech, German Marshall Fund.

In just 17 days after launch, Temu surpassed Instagram, WhatsApp, Snapchat and Shein on the Apple App Store in the U.S., according to Apptopia data shared with CNBC.

Stefani Reynolds | Afp | Getty Images

The U.S. has accused discount shopping site Temu of possible data risks after its Chinese sister app was pulled from Google’s app store over “malware” — but analysts say they’re not that worried.

Compared to Pinduoduo, which was suspended by Google in March after versions offered outside Google’s Play store were found to contain malware, Temu is “not as aggressive,” one analyst said.

The malware in Pinduoduo was found to leverage specific vulnerabilities for Android phones, allowing the app to bypass user security permissions, access private messages, modify settings, view data from other apps and prevent uninstallation.

Google called it an “identified malicious app” and urged users to uninstall the Pinduoduo app, but the Chinese online retailer denied those claims.

According to analysis by Kevin Reed, chief information security officer at cybersecurity firm Acronis, Pinduoduo requests for as many as 83 permissions — including access to biometrics, Bluetooth and information about Wi-Fi networks.

“Some of these permissions Pinduoduo is asking seems to be unexpected for an e-commerce app,” said Reed, who shared his analysis of both apps with CNBC.

“But Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” said Reed.

Pinduoduo is a China-based e-commerce app that sells everything from groceries to clothing. It is the flagship product of Nasdaq-listed Chinese company PDD Holdings which also owns…

Source…

Chatgpt’s Arrival Raises Personal Data Theft, Hacking Risks Many Times Over

May 6, 2023/in Internet Security

(MENAFN– IANS) By Shrey Srivastava
New Delhi, May 6 (IANS) As millions embrace AI-powered chatbots like ChatGPT, cybersecurity risks associated with generative AI models have become a pressing concern for individuals and businesses alike.
While these generative AL models are designed to facilitate communication and provide helpful responses, experts have raised concerns that these pose great risks of hacking and data breaches that could compromise personal information.
A report by Palo Alto Networks Unit 42 showed recently that ChatGPT-related scams are surging and despite OpenAI (the creator of ChatGPT) giving users a free version of ChatGPT, scammers lead victims to fraudulent websites, claiming they need to pay for these services.
“They might collect and steal the input you provide. In other words, providing anything sensitive or confidential could put you in danger. The chatbot’s responses could also be manipulated to give you incorrect answers or misleading information,” said researchers from Palo Alto Networks Unit 42.
The report observed an increase of 910 per cent in monthly registrations for domains related to ChatGPT between November 2022-April 2023.
AI has long been a part of the cybersecurity industry. However, generative AI and ChatGPT are having a profound impact on the future.
Neelesh Kripalani, CEO of IT services and consulting company Clover Infotech, said: “ChatGPT can impact the cybersecurity landscape through the development of more sophisticated social engineering or phishing attacks. Such attacks are used to trick individuals into divulging sensitive information or taking actions that can compromise their security”.
With the ability to generate convincing and natural-sounding language, “AI language models like ChatGPT could potentially be used to create more convincing and effective social engineering and phishing attacks,” he warned.
OpenAI admitted in March that some users’ payment information may have been exposed when it took ChatGPT offline owing to a bug.
The Microsoft-backed company took ChatGPT offline due to a bug in an open-source library which allowed some users to see titles from another active user’s chat history.

Source…

Security Roundup: Leak of Top-Secret US Intel Risks a New Wave of Mass Surveillance

April 15, 2023/in Computer Security

US defense secretary Lloyd Austin on Thursday said he was considering “additional measures necessary to safeguard our nation’s secrets,” and he ordered a review of “our intelligence access, accountability, and control procedures within the department to inform our efforts to prevent this kind of incident from happening again.”

Hackers who claim to have breached data storage company Western Digital earlier this month say they are holding 10 terabytes of stolen data hostage and are ready to publish it unless the company pays a “minimum 8 figure” ransom, TechCrunch reports.

An individual who says they carried out the hack spoke to TechCrunch on Thursday, claiming to have reams of customer information. While the hacker showed TechCrunch screenshots of internal emails and contact information of Western Digital’s employees, it’s still unclear exactly what data has been stolen.

“Cut the crap, get the money, and let’s both go our separate ways,” the hackers wrote in an email to several company executives. “Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario.”

A secretive Israeli spyware company’s hacking tools have been used to target politicians and journalists in at least 10 countries, according to research by Microsoft and the University of Toronto’s Citizen Lab made public Tuesday.

The company, QuaDream, is a small, low-profile Israeli firm that develops smartphone hacking tools intended for government clients. The firm was established in 2016 by former employees of NSO Group, the maker of the Pegasus spyware.

The QuaDream spyware targeted older versions of Apple’s iOS phone software, and it worked by sending malicious calendar invites that would not be seen by the targets, researchers say.

According to the report, Citizen Lab has located QuaDream servers in Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates, and Uzbekistan.

WhatsApp has introduced a new security feature that makes it harder for scammers to steal users’ accounts. The feature will require individuals who download WhatsApp to a new device to use their old device to confirm their account….

Source…

Tag Archive for: Risks