A few days ago Fortune magazine did an article about Ferrari disclosing an attempted cybersecurity breach via social engineering.
tl;dr social engineering using ai / deepfake voice
Sometime earlier this month (July, 2024) a Ferrari executive began receiving unusual text messages from an individual impersonating Ferrari Chief Executive Officer Benedetto Vigna.
Interesting, the impersonator called the (unidentified, target's name was not disclosed publicly) executive. The caller is suspected to have used AI and/or deepfake technology to mimick Benedetto Vigna. The unidentified executive stated the tone, the language, and the accent were perfect. However, some of the language seemed unusual. The executive then asked the impersonator: "Sorry, Benedetto, but I need to identify you. What was the title of the book you had just recommended to me a few days earlier?"
The individual, unable to answer the question, terminated the phone call.
This is one of the first major, and publicly disclosed, social engineering attempts via AI / deepfake technology that we're aware of. The Threat landscape is slowly shifting (as is tradition).
ESETresearch discovered a zero-day exploit of #Telegram for Android allowing attackers to share malicious payloads that appear as video files via chat. We named the vulnerability being exploited #EvilVideo. https://t.co/3tWy5ae7rX @lukasstefanko 1/4
Nice, #Tencent basically installed a #keylogger on 450 million user devices..
Seems like text typed and application it is typed into is send to them. And they even used bad encryption to protect it, which is imo only a secondary flaw to this absolutely insane privacy breach...
Oh my. Kevin Mitnick has died. "Kevin David Mitnick, 59, died peacefully on Sunday, July 16, 2023, after valiantly battling pancreatic cancer for more than a year." https://t.co/62sqY7vxrQ
New Microsoft Feature: "forensic evidence capturing"
included in Microsoft Insider Risk Management:
"This includes mouse movement, keystrokes, and all activities defined by insider risk indicators."
👀
Documentation: https://t.co/Koz8u1dL5h
A hacking-for-hire group is distributing malicious Android apps through a fake SecureVPN website enabling downloads from Google Play,
Researchers discovered eight versions of the spyware using Trojanized versions of legit apps, SoftVPN and OpenVPN.
https://t.co/UJFTrRqy46