Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

In this podcast, I have invited Daniel Jue, one of the youngest Entrepreneurs of the field of AGI. Daniel is an Independent Artificial General Intelligence researcher at Cognami in the US. He has worked supporting the US Department of Defense, including Data Fusion and analytic development for DARPA, the Defense Advanced Research Projects Agency, whose mission is to prevent technological surprise by potential adversaries. In addition he worked with scientists and engineers at IronNet CyberSecurity, a startup with DARPA and NSA heritage who have recently gone public. In March of 2,021 Daniel took on full time AGI research, drawing upon the fields of Computer Science, Neuroscience, Philosophy and Psychology. Some of his major influences have been Jacques Pitrat’s CAIA (An Artificial AI Scientist) project, Jean Piaget’s childhood development theories and Spiking Neural Networks. He sees a generalizable substrate at the basis for AGI, where engineers design the “physics” in which intelligent behavior could emerge.

SUBSCRIBE to our YouTube Channel and “ring the bell” for all the latest videos from ‘The SCI-AI Podcast’ at https://bit.ly/3y6ISwL
- Listen to us on Buzzsprout: https://feeds.buzzsprout.com/1816580.rss.
- LIKE us on Facebook: https://www.facebook.com/podcazter.
- FOLLOW us on Twitter: https://twitter.com/MeharVik.
- FOLLOW us on Instagram: https://www.instagram.com/brightvik/
- SUBSCRIBE to our channel on Apple Podcast: https://apple.co/3gllCVL
- SUBSCRIBE to our channel on Spotify Podcast: https://spoti.fi/2WfCTZx.

Connect with Daniel Jue:
LinkedIn: https://www.linkedin.com/in/danieljue/

Connect with Vivek:
Linkedin: https://www.linkedin.com/in/vdahiya/
Twitter: https://twitter.com/MeharVik.
Instagram: https://www.instagram.com/brightvik/
Quora: https://www.quora.com/profile/Vivek-Dahiya-1

Timecodes:

0:24 Introduction of Daniel Jue.
2:07 Alignment Problem.
6:33 Will AGI be our Last Invention?
14:37 Distributional Shift in Narrow AI
19:46 How can one build an AGI?
25:08 Humans vs AI. Who is more dangerous for our existence?
28:58 Will AGI eliminate us?
36:50 Thousand Brains theory.
42:05 Cognitive Architectures.
44:43 Stephen Hawking’s AI theory.
48:21 Problems that AGI will solve in the future.
51:21 Biological Humans will be indistinguishable from AGI
55:37 Free Will, Determinism and the role of Philosophy in building the AGI
58:39 Adding consciousness to AI
1:01:39 Meaning of Life.

Read more | >

No matter the price tag, the industry also has to convince consumers it’s worth their time to upgrade to new technologies.

“It’s difficult to get homeowners to change from the technology that they’re used to, especially in staid devices like water heaters, because they think of it as a utility: open the faucet, water comes out,” Callahan told Freethink. “There’s an education process to get them to understand that there’s a better, cheaper, faster, cooler way to [heat water].”

Tankless systems like the Model 3 aren’t the only new instant hot water-heating technologies aiming to reshape the industry. Solar-powered water heaters can reduce your utility bill by 50 to 80%, according to the U.S. Energy Department. Heat pump water heaters — which extract heat from the air, store it in tanks, and use it to heat water — are estimated to be at least twice as efficient as conventional systems, partly because they can store midday heat and use it later that night.

Read more | >

Forward-looking: A team of researchers have devised a new method for protecting SSDs from ransomware attacks. It can detect ransomware, stop it in its tracks, and even recover stolen data in a matter of seconds. The cost should only be a minor increase in the SSD’s latency.

The Register spoke with the researchers, who come from Inha University, the Daegu Gyeongbuk Institute of Science & Technology (DGIST), the University of Central Florida (UCF), and the Cyber Security Department at Ewha Womans University (EWU). The system, called SSD-Insider, is supposedly almost 100 percent accurate and has been tested on real-world ransomware.

SSD-Insider works by recognizing certain patters in SSD activity that are known to indicate ransomware. “To recognize ransomware activity by viewing only the distribution of IO request headers, we have paid attention to a ransomware’s very unique behavior, overwriting,” reads the team’s research paper proposing SSD-Insider. It specifically points out the behavior of ransomware like WannaCry, Mole, and CryptoShield.

Read more | >

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.

While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid.

This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.

Read more | >

AS-REP Roasting is the technique that allows retrieving password hashes for users that have this flag set in Active Directory. Additionally, various cybersecurity and hacking tools allow cracking the TGTs harvested from Active Directory. These include Rubeus and Hashcat.

Using a tool like Rubeus, attackers can find the accounts that do not require preauthentication and then extract the ticket-granting ticket (TGT) data for cracking the password offline.

Data can be transformed into a format that can be cracked by an offline tool such as Hashcat, which can use brute force password cracking against the hashes. This process incorporates the use of a dictionary file for brute-force password guessing.

Read more | >

As the use of facial recognition technology (FRT) continues to expand, Congress, academics, and advocacy organizations have all highlighted the importance of developing a comprehensive understanding of how it is used by federal agencies.

The Government Accountability Office (GAO) has surveyed 24 federal agencies about their use of FRT. The performance audit ran from April2020through August 2021. 16 of the 24 agencies reported using it for digital access or cybersecurity, such as allowing employees to unlock agency smartphones with it, six agencies reported using it to generate leads in criminal investigations, five reported using FRT for physical security, such as controlling access to a building or facility, and 10 agencies said they planned to expand its use through fiscal year 2023.

In addition, both the Department of Homeland Security (DHS) and the Department of State reported using FRT to identify or verify travelers within or seeking admission to the United States, identifying or verifying the identity of non-U.S. citizens already in the United States, and to research agency information about non-U.S. citizens seeking admission to the United States. For example, DHS’s U.S. Customs and Border Protection used its Traveler Verification Service at ports of entry to assist with verifying travelers’ identities. The Traveler Verification Service uses FRT to compare a photo taken of the traveler at a port of entry with existing photos in DHS holdings, which include photographs from U.S. passports, U.S. visas, and other travel documents, as well as photographs from previous DHS encounters.

Read more | >

Recorded Future, an incident-response firm, noted that threat actors have turned to the dark web to offer customized services and tutorials that incorporate visual and audio deepfake technologies designed to bypass and defeat security measures. Just as ransomware evolved into ransomware-as-a-service (RaaS) models, we’re seeing deepfakes do the same. This intel from Recorded Future demonstrates how attackers are taking it one step further than the deepfake-fueled influence operations that the FBI warned about earlier this year. The new goal is to use synthetic audio and video to actually evade security controls. Furthermore, threat actors are using the dark web, as well as many clearnet sources such as forums and messengers, to share tools and best practices for deepfake techniques and technologies for the purpose of compromising organizations.

Deepfake phishing

I’ve spoken with CISOs whose security teams have observed deepfakes being used in phishing attempts or to compromise business email and communication platforms like Slack and Microsoft Teams. Cybercriminals are taking advantage of the move to a distributed workforce to manipulate employees with a well-timed voicemail that mimics the same speaking cadence as their boss, or a Slack message delivering the same information. Phishing campaigns via email or business communication platforms are the perfect delivery mechanism for deepfakes, because organizations and users implicitly trust them and they operate throughout a given environment.

Read more | >

Karim Hijazi is CEO of Prevailion, a cyber intelligence company that monitors and detects active threats by infiltrating hacker networks. Hijazi is also a former director of intelligence for Mandiant and a former contractor for the US intelligence community.

Ransomware has taken the spotlight lately following a string of brazen attacks on major U.S. companies.

And as bad as this kind of malware is, businesses and investors can expect to face a growing number of sophisticated cyber threats that could be even more disruptive and difficult to prevent.

Read more | >