Security News This Week: Jeffrey Epstein Had a'Personal Hacker,' Informant Claims Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more. As the standoff between the United States government and Minnesota continues this week over immigration enforcement operations that have essentially occupied the Twin Cities and other parts of the state, a federal judge delayed a decision this week and ordered a new briefing on whether the Department of Homeland Security is using armed raids to pressure Minnesota into abandoning its sanctuary policies for immigrants. Meanwhile, minutes after a federal immigration officer shot and killed 37-year-old Alex Pretti in Minneapolis last Saturday, Trump administration officials and right-wing influencers had already mounted a smear campaign, calling Pretti a "terrorist" and a "lunatic ." As part of its surveillance dragnet, Immigration and Customs Enforcement has been using an AI-powered Palantir system since last spring to summarize tips sent to its tip line, according to a newly released Homeland Security document. DHS immigration agents have also been using the now notorious face recognition app Mobile Fortify to scan the faces of countless people in the US--including many citizens .

Winners will get a complimentary livestream ticket, that includes livestream access to the event on MIT campus from September 30 - October 1, 2024 plus on-demand access for three months after the event. You'll hear from technology and business leaders, such as Rivian Founder & CEO, RJ Scaringe, Google Cloud CTO, Will Grannis, Slack CEO, Denise Dresser, and MIT VP of Research, Ian Waitz, about the business impacts of generative AI and climate tech on profitability and sustainability. Here's what to expect at EmTech MIT: The entry form is open until September 24, 2024 at 10:00am EDT. Enter below for your chance to win. To be eligible to win, you must have an online account and active subscription to MIT Technology Review at time of winner selection.

The jailbreak attack can bypass the safety measures of a Large Language Model (LLM), generating harmful content. This misuse of LLM has led to negative societal consequences. Currently, there are two main approaches to address jailbreak attacks: safety training and safeguards. Safety training focuses on further training LLM to enhance its safety. On the other hand, safeguards involve implementing external models or filters to prevent harmful outputs. However, safety training has constraints in its ability to adapt to new attack types and often leads to a drop in model performance. Safeguards have proven to be of limited help. To tackle these issues, we propose a novel approach called Self-Guard, which combines the strengths of both safety methods. Self-Guard includes two stages. In the first stage, we enhance the model's ability to assess harmful content, and in the second stage, we instruct the model to consistently perform harmful content detection on its own responses. The experiment has demonstrated that Self-Guard is robust against jailbreak attacks. In the bad case analysis, we find that LLM occasionally provides harmless responses to harmful queries. Additionally, we evaluated the general capabilities of the LLM before and after safety training, providing evidence that Self-Guard does not result in the LLM's performance degradation. In sensitivity tests, Self-Guard not only avoids inducing over-sensitivity in LLM but also can even mitigate this issue.

CyberGuy explains the best ways to share your favorite content with family and friends. Imagine typing your password on your computer and having AI listen to every keystroke and accurately guess what you are typing. This is not a sci-fi scenario, but a real possibility, according to a new study by researchers at Cornell University. They reported that AI can listen to the keystrokes you make on your computer and steal your passwords with up to 95% accuracy. Let's dive into this disturbing new information and see how you can protect yourself from this unfortunate situation.

The wide spread of false information online including misinformation and disinformation has become a major problem for our highly digitised and globalised society. A lot of research has been done to better understand different aspects of false information online such as behaviours of different actors and patterns of spreading, and also on better detection and prevention of such information using technical and socio-technical means. One major approach to detect and debunk false information online is to use human fact-checkers, who can be helped by automated tools. Despite a lot of research done, we noticed a significant gap on the lack of conceptual models describing the complicated ecosystems of false information and fact checking. In this paper, we report the first graphical models of such ecosystems, focusing on false information online in multiple contexts, including traditional media outlets and user-generated content. The proposed models cover a wide range of entity types and relationships, and can be a new useful tool for researchers and practitioners to study false information online and the effects of fact checking.

The Internal Revenue Service is dropping a controversial facial recognition system that requires people to upload video selfies when creating new IRS online accounts. This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast. "The IRS announced it will transition away from using a third-party service for facial recognition to help authenticate people creating new online accounts," the agency said on Monday. "The transition will occur over the coming weeks in order to prevent larger disruptions to taxpayers during filing season. During the transition, the IRS will quickly develop and bring online an additional authentication process that does not involve facial recognition."

The US national tax authority announced Monday that it will stop using facial recognition software to verify taxpayers' identities when they create online accounts, following a chorus of privacy concerns. Internal Revenue Service officials had put forth the authentication system as a security measure following years of growing fears over online scams and identity theft, but the program ended up also prompting worries. The initiative involved identity verification company ID.me, which won a nearly $90 million contract to make taxpayers' accounts more secure. The IRS said "it will transition away from using a third-party service for facial recognition to help authenticate people creating new online accounts." "The IRS will quickly develop and bring online an additional authentication process that does not involve facial recognition," it said, as the agency faces staffing shortages and significant backlogs.

Nintendo is taking legal action against hackers who sell software enabling people to play pirated video games. According to court documents obtained by Polygon, two lawsuits were filed last week in the US against alleged hackers in Ohio and Washington. The defendants, Nintendo's lawsuit claims, are associated with a group of anonymous hackers called'Team Xecuter' who provide the pirating products. According to court documents, the products allow people to circumvent'technological protection measures' designed to prevent Nintendo's games from being copied or accessed. Once Nintendo's safeguards are bypassed, players can download a modified operating system and play games that have been pirated.

Castle, a San Francisco-based startup that wants to help businesses keep their customers' online accounts safe from fraud, has raised $9.2 million in a series A round of funding from Index Ventures, with participation from Y Combinator, First Round Capital, F-Prime Capital Partners, and a host of individual angel investors. Founded in 2015, Castle works with web and app developers looking to offer greater security inside their consumer-facing apps. Castle's technology helps prevent all manner of account takeover (ATO) efforts, whether through manual attempts or automated methods, including credential stuffing. In 2017, identify fraud cost 17 million U.S. consumers $17 billion, according to a report by Javelin Strategy & Research, with "account takeover" making up more than $5 billion of the losses. A separate report last year by Shape Security noted that credential stuffing, specifically, costs U.S. businesses around $5 billion a year.

That's how long the password generator website Random-ize tells me it would take hackers to brute force their way through my most important password. This timescale is reassuring - but those of us who work in technology are likely to have been on top of password complexity for many years. Incredibly, many jaw-droppingly woeful passwords are still popular, for example: 'qwerty', '123456' and indeed'password'. According to SplashData's most recent annual top 100 chart of the World's Worst Passwords, the majority of the top ten can be cracked in less than one second. Like them or loathe them, passwords are an essential factor for so many of the tasks that shape our daily lives: from checking our bank balances to signing in to a Netflix account or unlocking our mobile phones. According to a 2017 study by Digital Guardian, 70% of people have more than ten password-protected accounts online, and 30% have "too many to count."