The CyberWire Daily Podcast 9.29.23
Ep 1917 | 9.29.23

Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.

Show Notes

Malicious ads in a chatbot. Google provides clarification on a recent vulnerability. Cl0p switches from Tor to torrents. Influence operations as an adjunct to weapons of mass destruction. Our guest Jeffrey Wells, former Maryland cyber czar and partner at Sigma7 shares his thoughts on what the looming US government shutdown will mean for the nation’s cybersecurity. Tim Eades from Cyber Mentor Fund discussing the 3 who’s a cybersecurity entrepreneur needs to consider. And NSA has a new AI Security Center.

Selected reading.

Malicious ad served inside Bing's AI chatbot (Malwarebytes)

Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) (Huntress) 

Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity (SC Media) 

A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day (Ars Technica) 

Google "confirms" that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) (Help Net Security) 

Google quietly corrects previously submitted disclosure for critical webp 0-day (Ars Technica)

CL0P Seeds ^_- Gotta Catch Em All! (Unit 42) 

A ransomware gang innovates, putting pressure on victims but also exposing itself (Washington Post) 

2023 Department of Defense Strategy for Countering Weapons of Mass Destruction (US Department of Defense)

NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry (Breaking Defense)

NSA starts AI security center with eye on China and Russia (Fortune) 

NSA is creating a hub for AI security, Nakasone says (Record)