1.CISA says US government agency was hacked thanks to ‘end of life’ software
The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory revealing two cyberattacks on an unnamed federal government agency. The hackers exploited a known vulnerability in Adobe ColdFusion, an outdated and unsupported software, used on public-facing servers. These attacks occurred in June and July. CISA mentioned that the hackers seemed to conduct reconnaissance rather than deploying malware or extracting data, though confirmation of data exfiltration remains uncertain. The agency couldn't confirm the identity of the hackers responsible for the attacks or determine if they were the same in both instances. Interestingly, Microsoft Defender for Endpoint detected the exploitation attempts and halted the hackers' actions by quarantining them. CISA's spokesperson, Antonio Soliz, declined to provide further details regarding the hackers' identities.
2.Millions of patient scans and health records spilling online thanks to decades-old protocol bug
A Germany-based cybersecurity consultancy, Aplite, revealed security vulnerabilities in the DICOM standard used for medical imaging. These weaknesses have led to the exposure of millions of patients' personal health information and medical records due to misconfigured servers. Aplite's research discovered over 3,800 servers in 110 countries inadvertently exposing data from approximately 16 million patients, including names, genders, addresses, phone numbers, and, in some cases, Social Security numbers.
Their findings, based on scanning the internet for over six months, revealed more than 43 million exposed health records, detailing examination results, timestamps, and referring physicians' information. The majority of exposed servers (over 8 million records) were found in the United States, with significant numbers also in India and South Africa. Interestingly, many U.S.-based servers stored data from medical practices outside the country.
Aplite's senior IT security consultant, Sina Yazdanmehr, highlighted that over 70% of the exposed DICOM servers are hosted by major cloud service providers like Amazon AWS and Microsoft Azure. Only a fraction of these servers (~1%) implemented effective security measures. This exposure indicates a broader trend of healthcare organizations transitioning to the cloud for modernization, creating security gaps particularly impacting smaller practices with limited resources and internet connectivity.
3.WhatsApp adds support for disappearing voice messages
Meta, the parent company of messaging apps like Messenger and WhatsApp, introduced a new feature for WhatsApp: disappearing voice messages. Similar to the "View Once" feature for photos and videos, this update allows users to send voice messages that can be listened to only once before automatically disappearing. These messages, marked with a "one-time" icon, offer added security for sensitive or temporary information, such as sharing credit card details or planning surprises.
The recipient will be alerted that the message is a one-time listen, prompting them to ensure they can hear it properly or take notes if necessary. WhatsApp ensures these messages are protected with default end-to-end encryption, maintaining privacy. This development aligns with Meta's focus on privacy enhancements across its platforms, such as the recent introduction of end-to-end encryption in Messenger and adding encryption to WhatsApp chat backups in 2021.
Despite Meta's commitment to privacy and security improvements, it quietly reversed the cross-messaging feature between Instagram and Facebook, in contrast to the European Union's Digital Markets Act (DMA) promoting app interoperability. The disappearing voice message feature is set to roll out globally over the coming days, gradually becoming available to users worldwide.
4.Google’s best Gemini demo was faked
Google introduced its new Gemini AI model with a high-profile demo showcasing its multimodal capabilities in understanding language and visuals. However, the most impressive part of the demo, seen in a video titled "Hands-on with Gemini: Interacting with multimodal AI," has been revealed to be essentially faked.
The video, which gained significant traction, displayed Gemini's abilities to interpret evolving sketches, recognize objects, track a ball, interpret shadow puppet gestures, and reorganize sketches of planets, among other tasks. Although the demo appeared responsive and impressive, it has been confirmed that the interactions were staged and not a live demonstration.
The discrepancy was brought to light when it was disclosed that the video was created by capturing footage and then prompting Gemini using still image frames and text prompts. While Gemini might possess the capabilities shown in the video, the manner in which they were portrayed in real-time interaction was misrepresented.
For instance, instances like guessing a game of Rock, Paper, Scissors from silent gestures or ordering planets based on distances were not performed as depicted in the video. The actual interactions required specific prompts and hints, deviating significantly from the seemingly intuitive and real-time responses shown in the video.
The video's misrepresentation has led to skepticism about Gemini's actual capabilities and the integrity of Google's presentation, showcasing a contrast between the staged interactions and the model's true operational capacity. Despite its potential, the video's demonstrations did not accurately represent Gemini's genuine capabilities in spontaneous and natural interactions.
5.X begins rolling out Grok, its ‘rebellious’ chatbot, to subscribers
Elon Musk's AI startup, xAI, has launched Grok, a conversational AI competitor to ChatGPT, on X, the platform formerly known as Twitter. Grok's rollout began for Premium Plus subscribers in the U.S., a $16 per month plan offering ad-free access to the platform, with priority access given to long-time subscribers. The launch is expected to conclude within a week.
Grok operates conversationally, leveraging a knowledge base similar to those powering ChatGPT and Google's Bard. It resides in X's side menu across web, iOS, and Android platforms, and can be added to the mobile app's bottom menu for quicker accessibility.
The AI, Grok-1, is driven by a generative model trained on web data up to Q3 2023 and feedback from human assistants. What sets Grok apart is its ability to integrate real-time data from X's posts, theoretically providing up-to-date information in its responses. This real-time access to X's data is highlighted as Grok's standout feature, potentially giving it a competitive edge in providing timely and relevant information.