Russians Love YouTube. That’s a Problem for the Kremlin
YouTube remains the only major US-based social media platform available in Russia. It’s become “indispensable” to everyday people, making a ban tricky. Journalists and dissidents are taking advantage. Read More
AI-generated voices in robocalls are illegal, rules FCC
[[{“value”:”
The Federal Communications Commission (FCC) has announced that calls made with voices generated with the help of Artificial Intelligence (AI) will be considered “artificial” under the Telephone Consumer Protection Act (TCPA). Effective immediately, that makes robocalls that implement voice cloning technology and target consumers illegal.
Robocalls are automated phone calls, often associated with scams, which can be a nuisance to individuals and businesses alike. Some of these calls use AI generated voices of trusted celebrities to gain the trust of the target, in a technique known as voice cloning.
The unanimous ruling by the FCC provides state attorneys general across the country with new tools to go after the people behind these nefarious robocalls. Many of these calls would be considered illegal anyway because they are scams or fraudulent, but now the fact that they use AI generated voices alone is enough for them to be considered illegal.
The FCC says it received a letter signed by attorneys general from 26 states asking the agency to act on restricting the use of AI in marketing phone calls.
FCC Chairwoman Jessica Rosenworcel stated:
“Bad actors are using AI-generated voices in unsolicited robocalls to extort vulnerable family members, imitate celebrities, and misinform voters. We’re putting the fraudsters behind these robocalls on notice.”
From now on, those who wish to send robocalls must obtain prior express consent from the called party before making a call that utilizes artificial or prerecorded voice simulated or generated through AI technology.
Violations of the TCPA are subject to stiff civil penalties. Abusers can anticipate fines of up to $1,500 per incident without a cap on damages.
On January 30, 2024, the FCC said its previous actions against international robocalls appear to have reduced apparently illegal robocall traffic across multiple networks. If this new announcement leads to an even bigger reduction, you won’t hear us complaining.
What to do if you answer a robocall
When you receive a call from someone outside your contact list only to hear a recorded message playing back at you, that’s a robocall.
Hang up as soon as you realize that it is an automated robocall.
Do not engage with the call at all.
Don’t follow any instructions.
Avoid giving away any personal information.
Report the robocall.
If you’ve lost money to a phone scam or have information about the company or scammer who called you, tell the FTC at ReportFraud.ftc.gov.
If you didn’t lose money and just want to report a call, use the streamlined reporting form at DoNotCall.gov
It is important to not engage in any conversation or respond to any prompts to minimize the risk of fraud. Even the smallest snippets of your recorded voice could allow for voice-cloning and used in scams against you or your loved ones.
We don’t just report on phone security—we provide it
Hackers Hijacked Notepad++ Plugin To Inject Malicious Code
[[{“value”:”
Hackers have manipulated a popular Notepad++ plugin, injecting malicious code that compromises users’ systems upon execution.
The AhnLab Security Intelligence Center (ASEC) researchers have revealed that the “mimeTools.dll” plugin, which is widely used, was modified to carry out the attack.
Notepad++, a text and source code editor favored by programmers and writers for its versatility and plugin support, became an unwitting vehicle for cybercriminals.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
Malicious vs Legitimate Package
The altered “mimeTools.dll” plugin, a default component of Notepad++, was discovered to be masquerading as a legitimate package, deceiving users into downloading and installing the compromised version.
official vs malicious Notepad
The mimeTools plugin, known for its encoding functionalities such as Base64, is automatically loaded when Notepad++ is launched. Attackers exploited this behavior using a technique known as DLL Hijacking.
When Notepad++.exe is launched, the “mimeTools.dll” file is automatically loaded, triggering the activation of the embedded malicious code, without any further user action.
Infection Flow
The attackers ingeniously added encrypted malicious Shell Code and the code to decrypt and execute it within the “mimeTools.dll” file.
ASEC’s investigation highlighted a file named “certificate.pem” within the altered package as the container of the malicious shell code.
Despite the manipulation, the plugin’s original functionalities remained intact, with only the DllEntryPoint code being altered. This stealthy approach ensures that the malicious activities commence the moment the DLL is loaded, unbeknownst to the user.
The execution flow of the malicious code begins with the launching of Notepad++ and the subsequent loading of the “mimeTools.dll.”
The DLL then decrypts and executes the Shell Code contained in the “certificate.pem” file, initiating the attack.
As cybercriminals continue to evolve their tactics, the cybersecurity community remains committed to uncovering and mitigating such threats, safeguarding users’ digital experiences.