Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 3

Get the latest international news and world events from around the world.

Log in for authorized contributors

Deepfake videos degrade political reputations even when viewers realize they are fake

Artificial intelligence can be used to generate deceptive videos that damage a politician’s reputation, even when viewers suspect the footage is fake. A new study published in Communication Research found that these manipulated clips decrease support for targeted candidates. Standard fact-checking efforts reportedly fail to undo the total reputational harm.

Disinformation created using artificial intelligence is often regarded as a major threat to global elections. Technology now allows malicious actors to seamlessly replace a person’s face or clone their voice. These creations are commonly called deepfakes. Political operatives can use these tools to make opposing candidates appear to say outrageous or offensive things.

Michael Hameleers, a communication researcher at the University of Amsterdam, led a team to investigate how these videos influence the public. Hameleers and his colleagues Toni G. L. A. van der Meer, Marina Tulin, and Tom Dobber wanted to track voter reactions over time. They aimed to discover if these manipulated videos actually influence minds during an election cycle.

New stealthy Quasar Linux malware targets software developers

A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers’ systems with a mix of rootkit, backdoor, and credential-stealing capabilities.

The malware kit is deployed in development and DevOps environments in npm, PyPI, GitHub, AWS, Docker, and Kubernetes. This could enable supply-chain attacks where the threat actor publishes malicious packages on code distribution platforms.

Researchers at cybersecurity company Trend Micro analyzed the QLNX implant and found that “it dynamically compiles rootkit shared objects and PAM backdoor modules on the target host using gcc [GNU Compiler Collection].”

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices.

The malware was discovered in an intrusion that was active since at least January and researchers believe the threat actor’s purpose was to steal credentials and temporary passcodes.

Microsoft Phone Link comes installed on Windows 10 and 11, and allows using the computer to make and take calls, respond to texts, or view notifications received on the mobile device (Android and iOS).

Google now offers up to $1.5 million for some Android exploits

Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most difficult exploits while scaling back payouts for flaws that artificial intelligence (AI) has made easier to find.

The top reward of $1.5 million is reserved for zero-click Pixel Titan M2 security chip full-chain exploits with persistence, the most technically demanding attack scenario in the program, while the same exploits, but without persistence, are also eligible for up to $750,000.

On the Google Chrome side, full-chain browser process exploits on up-to-date operating systems and hardware now come with rewards of up to $250,000, plus an additional $250,128 bonus for successfully exploiting MiraclePtr-protected memory allocations.

Vimeo data breach exposes personal information of 119,000 people

The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned.

Vimeo is a video hosting and streaming platform publicly traded on the Nasdaq stock market, with over 300 million registered users and over 1,100 employees, and reported revenues of $417 million for FY2024.

The company disclosed on April 27 that customer and user data had been accessed without authorization following a recent breach at Anodot, a data anomaly detection company.

/* */