Achive.php thecybershark - The Cyber Shark - Page 10 of 14
Contributor

Author: thecybershark

High-Risk Vulnerabilities Found in Adobe Software: CERT-In Issues Urgent Cyber Safety Advisor

Untitled design (7)

In the latest cyber safety advisory issued 16 October 2024, the Indian Computer Emergency Response Team highlighted multiple vulnerabilities found in several Adobe software products. (Computer Emergency Response Team) CERT-In has categorized these discovered vulnerabilities as high threat level as it poses significant risks to users. The government’s security warns that if these vulgarities are exploited by hackers, then it could allow them to exploit targeted system weaknesses and gain unauthorized access to sensitive data. According to CERT-In the vulnerabilities identified in Adobe products stem from various technical flaws, including out-of-bounds reads, integer overflow errors, and improper authentication and authorization mechanisms. Such issues pose a myriad of risks, including allowing cyber attackers to execute malicious code, bypass critical security features, read arbitrary files, and instigate memory leaks in the targeted system. This could further lead to data breaches, financial losses, and reputational damage. “Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security features, read arbitrary files and cause memory leaks on the target system,” says CERT-In. The identified vulnerabilities by CERT-In span a broad range of Adobe products, primarily affecting users of Adobe FrameMaker, InDesign, InCopy, Lightroom, Animate, and Adobe Commerce. Specific versions at risk include: Adobe FrameMaker: 2020 Release Update 6 and earlier; 2022 Release Update 4 and earlier (Windows) Adobe InDesign: ID19.4 and earlier; ID18.5.3 and earlier (Windows and macOS) Adobe InCopy: 19.4 and earlier; 18.5.3 and earlier (Windows and macOS) Lightroom: 7.4.1 and earlier; Lightroom Classic 13.5 and earlier Adobe Animate: 2023 23.0.7 and earlier; 2024 24.0.4 and earlier (Windows and macOS) Adobe Commerce: Various versions including 2.4.7-p2 and earlier across different B2B and Open Source editions. To safeguard against these vulnerabilities, CERT-In is urging users to take immediate action and Update their Software’s. This is the most effective defense to apply the latest patches and updates released by Adobe. Users should consult the Adobe Security Bulletin for specific updates relevant to their software versions. Additionally, it is advisable to: — Regularly check and adjust security settings within Adobe products. Enable features that enhance protection against unauthorized access and file uploads. — Deploy antivirus software to detect any unusual activity within Adobe applications. Early detection can minimizing potential damage to your systems in future. — Regularly backup important files and data to secure locations. This ensures that even in the event of a cyber attack, critical information can be restored without significant disruption.

Jio launches ’Phone Call AI’ with feature to record, transcribe and translate calls at RIL AGM 2024

Untitled design (7)

Jio’s Phone Call AI, the telecom giant’s highly anticipated feature for transcribing and summarising phone calls, potentially sparks serious concerns around privacy and data protection. Showcasing its latest AI innovations at the 2024 India Mobile Congress, Reliance Jio offered attendees an exclusive preview of Phone Call AI, currently in alpha testing. First introduced at Reliance’s 47th annual general meeting in August, this feature allows Jio subscribers to use AI to automatically transcribe phone calls. It can also summaries conversations and translate them into other languages. “This [Phone Call AI] allows anyone to easily capture and access important voice conversations, making them searchable, shareable, and understandable across languages — all with just a few clicks,” Jio said. To ensure transparency, the company initially claimed the service would periodically notify all parties that the call is being recorded. However, the IMC demonstration of Phone Call AI lacked such disclosures. Informing all participants that their conversation is being recorded and transcribed by AI is essential to safeguarding their privacy. How to use Phone Call AI While still in the testing phase, here’s what we learned about Phone Call AI at IMC 2024. Reliance Jio subscribers will likely need to opt in via the MyJio app, meaning it won’t be enabled by default for all users. Upon opting in, subscribers will provide consent for their calls to be recorded and stored on Jio’s servers. To get started, users would add the Phone Call AI number (1-800-732-673) as a participant to the ongoing call. The recording process begins after pressing #1 and ends by pressing #3. Approximately two minutes later, Jio sends the AI-generated transcript and summary of the call via SMS or WhatsApp. The AI-generated transcript and summary are not automatically shared with other call participants. Jio’s Phone Call AI is powered by an in-house AI model that reportedly achieves 90% accuracy, according to technicians at Jio’s IMC booth. Potential concerns with Phone Call AI Jio says that recorded calls will be stored on Jio Cloud in an encrypted format, with each subscriber receiving 100 GB of free storage. However, it remains unclear whether recordings, transcriptions, and translations will be stored outside the subscriber’s Jio Cloud. There is also no clarity on whether these recordings will be used to train Jio’s AI model. Speaking at IMC 2024 15 October, Reliance Jio Chairman Akash Ambani emphasized the importance of data localization and called on the Indian government to update its data centre policy. AI tools like Jio Brain, Glam AR, Bharat Diffusion, AI Headshots, and Fify — a fashion Chabot from Reliance-owned Find — were also showcased at this year’s India Mobile Congress.

Trump Campaign Enhances Security with Specialized Encrypted Devices Amid Iranian Hacking Threats

Untitled design (5)

Republican presidential candidate Donald Trump’s campaign is now using specialized, encrypted mobile phones and secure laptops in an effort to protect staff following a series of successful Iranian hacks and two attempts to assassinate the former president. The campaign recently purchased a package of these devices from Santa Barbara, California-based Green Hills Software, the developer of a proprietary, security-focused operating system already used by multiple U.S. agencies, the company’s CEO told Reuters. The company sells a customized Android phone that comes pre-installed with its own unique operating system, stripping it of most functions aside from phone calling and text messaging, while implementing additional security controls. While Green Hills Software put out a press release on Oct. 1 about the deal with the campaign, the development has received virtually no press attention. Company President and CEO Dan O’Dowd said he approached the campaign through shared contacts and offered his company’s technology. “Securing the integrity of the democratic process is paramount,” O’Dowd said in the release. A Trump campaign spokesperson declined to comment. The top echelon of the campaign recently made significant security improvements to their hardware, said a person familiar with campaign matters who spoke on condition of anonymity, although they were unaware which vendor had been chosen. When asked about IT security at the Harris campaign, spokesperson Morgan Finkelstein said, “Broadly, we have robust cybersecurity measures in place, and personnel are trained to be vigilant against potentially malicious content.” The current plan to retool Trump campaign devices follows months of a targeted Iranian cyber espionage campaign, which stole internal communications and documents. The decision to upgrade security measures was also driven by physical threats to Trump, fearing that hackers or spies could surveil staff and use that information to personally target individuals, another person familiar with the matter said. In an interview, O’Dowd explained that a core group of campaign staffers are already using the devices, which are more resistant to remote cyberattacks. “No vulnerabilities have ever been published about our operating system,” he added. The phones function in an isolated channel, where only devices on the same plan can communicate with one another. The devices also use end-to-end encryption and two-factor authentication by default – two measures widely recommended by cybersecurity experts. The Iranian hacking group responsible for compromising the campaign earlier this summer, dubbed APT42 in the security research community, is known for deploying sophisticated mobile phone malware that can record conversations and activate camera recording remotely. Notably, APT42 is also known to spy on targets that are then physically threatened by Iranian intelligence-related agents, Reuters previously reported, based on a series of attacks on Iranian dissidents. O’Dowd declined to discuss how many devices were purchased by the campaign or the overall cost, explaining that pricing often depends on a variety of factors and can differ between clients. The campaign also bought customized, stripped-down laptops which are inaccessible from the internet to outside attackers, he said. The laptops mirror the same approach as the mobile phones, with limited functionality, but also offer a way to access a shared set of files and logs so team members can remotely collaborate in a shared but isolated computer environment. O’Dowd said the technology has been previously used by legal teams working on sensitive court cases, where they wanted to keep certain files for clients separate and secure. Green Hills Software is a federal contractor, selling its operating system to multiple military branches, where it is integrated with a variety of platforms, including weapons systems, according to publicly accessible, opens new tab government procurement records. O’Dowd said the company’s laptop product is also used by FBI field offices.

Rashmika Mandanna Becomes National Ambassador for Cyber Safety Following Deepfake Incident

Untitled design (5)

Actor Rashmika Mandanna has taken on a new role as the national ambassador for promoting cyber safety. The development comes after she fell victim to a deepfake AI-generated video that surfaced online last year, igniting conversations about digital safety. Building on her personal experience, Rashmika aims to raise awareness about the dangers of cybercrime and promote online security. Rashmika takes a new role On Tuesday, it was announced that the Indian Cybercrime Coordination Centre (I4C) of the Ministry of Home Affairs has appointed Rashmika as the National Ambassador for Promoting Cyber Safety. As the ambassador, Rashmika will spearhead nationwide cyber awareness campaigns to educate the public on the dangers of cybercrime, including online fraud, deepfake videos, cyberbullying, and AI-generated malicious content. The initiatives will focus on raising awareness about online threats such as financial fraud, deepfake videos, cyberbullying, and malicious AI-generated content. Talking about her new role, she said, “Cybercrime is a dangerous and pervasive threat that affects individuals, businesses, and communities worldwide. As someone who has experienced this, I am dedicated to raising awareness about these issues and promoting the message of cyber safety to drive positive change. It is crucial that we come together to combat these threats and protect our digital spaces.” The actor also shared a video of herself announcing the news on Instagram. In the video, she said, “Sometime back, my deepfake video was shared on social media, which was and is a cybercrime. After this incident, I decided to take a stand against cybercrime and spread awareness. I am happy to get support from the Indian government… We have to stay alert and stay safe to protected but also work to prevent them”. The statement added that the “Ministry of Home Affairs is confident that Rashmika’s influence and commitment to the cause will significantly contribute to the national campaign against cybercrime, helping to create a safer and more secure digital environment”. About the deepfake video incident Rashmika Mandanna’s deepfake video appeared online on November 6, 2023. In the clip, a woman with Rashmika’s face deepfaked entered a lift wearing a black swimsuit. Several social media users came forward to confirm that it was a deepfake. Rashmika’s face was superimposed on a video of British influencer Zara Patel. Later, the Delhi Police claimed to have arrested the main culprit behind the deepfake that went viral.