AI Censorship Crisis Escalates as Chatbots Silence Controversial Voices
Google’s AI chatbot Gemini and Adobe Firefly’s image tool have recently sparked controversy. These tools generated images depicting people of color in historically white contexts, leading to claims of AI bias. Jacob Mchangama, executive director at The Future of Free Speech at Vanderbilt University, argues this exposes deeper issues with AI and free speech.
Mchangama’s research reveals that major AI platforms like Gemini and OpenAI’s ChatGPT enforce vague and broad content policies. These do not align with United Nations free speech standards, leading to unnecessary censorship. “AI chatbots often censor output on controversial topics,” Mchangama states, highlighting a pressing concern for public discourse. The study shows that such policies resulted in content refusal for 40% of controversial prompts tested, indicating a clear bias in content generation. This kind of censorship can stifle free discourse, a cornerstone of democratic societies.
European regulations like the Digital Services Act are beginning to address these issues, pushing for less restrictive content policies. Mchangama advocates for moderation strategies that balance free expression with responsible content management. This approach could prevent users from turning to more extreme platforms and promote a healthier online dialogue environment.
Read: https://theconversation.com/ai-chatbots-refuse-to-produce-controversial-output-why-thats-a-free-speech-problem-226596
Hackers Manipulate GitHub Features to Launch Malware from Microsoft URLs
Hackers are exploiting a GitHub flaw or feature to distribute malware using URLs that look like they are from Microsoft’s repositories. A recent McAfee report uncovered malware disguised as software updates for Microsoft’s “vcpkg” and “STL” library repositories. These malicious files were attached to comments on GitHub issues or commits, creating URLs that falsely appeared to be from Microsoft.
“When leaving a comment, a GitHub user can attach a file,” which then appears to be officially from the project, explained the team at BleepingComputer. These files remain accessible even if the comment is never posted or later deleted. Sergei Frankoff of UNPACME highlighted the threat on a Twitch livestream, noting that this technique allows hackers to create very convincing lures. For example, they could upload a malicious file to a repository of a well-known company like NVIDIA or Google, making the malware look like a legitimate update or new software.
Despite the severity of this issue, GitHub currently has no settings that allow repository owners to manage or remove these files. GitHub has not yet responded to inquiries regarding this misuse. This exploitation poses a significant risk as it leverages the trust in reputable repositories to spread malware.
Read: https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
State-Sponsored Hackers Exploit Cisco’s Security Appliances in Global Cyber Espionage Campaign
Cisco’s Adaptive Security Appliances, which integrate a firewall and VPN with other security features, have been targeted by state-sponsored hackers in a campaign called ArcaneDoor. The hackers exploited two zero-day vulnerabilities to compromise government networks globally. The campaign, which began as early as November 2023, was likely state-sponsored due to its focus on espionage and the sophistication of the tools used. The majority of the intrusions took place between December and early January 2024.
The hackers exploited two vulnerabilities, Line Dancer and Line Runner, to run malicious code and maintain access to the target devices. Cisco has released software updates to patch both vulnerabilities and advises customers to implement them immediately.
The ArcaneDoor campaign is part of a broader trend of hackers targeting network perimeter applications, or “edge” devices, to gain a foothold in an organization’s network. This trend has been observed by other security firms like Mandiant, which noted that Russian state-sponsored hackers, known as Sandworm, have also targeted edge devices.
China, however, is unmatched in its discovery and use of network appliance zero days. John Hultquist, Mandiant’s head of threat intelligence, expects more zero-days in security appliances this year as China’s cyberspies continue to exploit these vulnerabilities. This trend of targeting security appliances that sit on the edge for access to the rest of the network is now established and is likely to continue.
Read: https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/
UnitedHealth Grapples with Ransomware Fallout
UnitedHealth Group, the parent company of health tech subsidiary Change Healthcare, confirmed a ransomware attack that resulted in the theft of a significant amount of Americans’ private healthcare data. The attack, which began on February 21, was carried out by a ransomware gang called RansomHub. The gang exploited vulnerabilities to steal data and demanded a ransom, which UnitedHealth paid.
The attack caused widespread outages across the U.S. healthcare system, affecting hospitals, pharmacies, and medical practices. This led to significant disruptions, including the inability to verify patient benefits, organize inpatient care, or process prior authorizations for surgeries.
Despite the disruptions and financial losses exceeding $870 million due to the attack, UnitedHealth reported revenues of $99.8 billion in the first quarter of the year, surpassing Wall Street expectations. UnitedHealth CEO Andrew Witty, who received nearly $21 million in total compensation in 2022, is scheduled to testify before House lawmakers on May 1. The company is currently reviewing the stolen data, a process that is expected to take several months.
Read: https://techcrunch.com/2024/04/22/unitedhealth-change-healthcare-hackers-substantial-proportion-americans/
Facebook Research Team Targets Encrypted WhatsApp Chats for Ad Data
Facebook has assembled a research team to explore analyzing encrypted WhatsApp messages without decrypting them. This investigation aims to allow Facebook to review user chats for targeted ads without breaking encryption. Although using end-to-end encryption, WhatsApp ensures only permitted users can read messages, not even WhatsApp itself.
The method being explored is called “homomorphic encryption.” It could potentially allow Facebook to access data from chats while still maintaining user privacy. The Information reports this strategy is primarily for advertising purposes, though Facebook denies planning to use this technology for WhatsApp at the moment. “It is too early for us to consider homomorphic encryption for WhatsApp at this time,” a Facebook spokesperson stated.
This development surfaces amidst ongoing privacy debates and Facebook’s public disputes, such as the recent conflict with Apple over iPhone privacy settings. Given past backlashes, such as the reaction to WhatsApp’s privacy policy update, the prospect of Facebook analyzing encrypted messages could lead many users to switch to other secure platforms like Telegram and Signal.
Read:
https://www.androidauthority.com/whatsapp-encryption-ads-2728774/
easyDNS AI Domain Name Generator Now Live
When you hit the main page of the website you’ll notice a new option in the domain search window: “AI Name Generator” [ Link https://easydns.com/signup-ai-name-generator/] which uses natural language processing to help you come up with a domain name for your Big Idea.
Gone are the days of wracking your brain and pecking in keywords and hoping to find something that’s still available – just let loose and get creative,
“web monitoring service for Drupal sites”
” lunch catering platform for Caribbean restaurants”
Let the LLM do the rest:
Check it out: https://easydns.com/signup-ai-name-generator/
Bitcoin’s Fourth Halving Has Occurred
Exactly one week ago we saw Bitcoin pass it’s fourth halving – taking it into it’s Fifth Epoch since inception.
Amazingly, we forgot to mention it here, although Len and Joey did cover it in the podcast edition
So what exactly is “The Halving” (or “Halvening” to some) ?
One guy I talked to thought it meant the price of Bitcoin was going to fall by 50%.
No.
I was asked to write up a simple primer on what a Bitcoin halving is for Grey Swan Investment Fraternity and I posted a copy of it to Bombthrower:
Read: The Bitcoin Halving Crash Course – What It Is & Why It Matters
Elsewhere Online:
Attackers Use Social Engineering to Insert Backdoor Code into XZ Utils
Read: https://www.darkreading.com/application-security/attacker-social-engineered-backdoor-code-into-xz-utils
TikTok Faces Ban as US Congress Ratifies Bill
Read: https://www.infosecurity-magazine.com/news/us-congress-passes-bill-ban-tiktok/
Hackers Spread False Narrative of Ukrainian Plot Against Slovak President
Read: https://therecord.media/hackers-breach-news-website-false-article-slovakia-assassination
Major Chrome Vulnerability Rectified in Latest Google Patch
Read: https://www.securityweek.com/google-patches-critical-chrome-vulnerability/
Russian APT28 Leverages GooseEgg Tool in Windows Vulnerability Exploit
Read: https://www.hackread.com/russia-apt28-windows-vulnerability-gooseegg-tool/
Previously on #AxisOfEasy
Quote by Elvis, whom I spotted in the produce section of Loblaws last week.