EmergingTech Spotlight

1. United States - White House announced new steps to determine impact on workers, and study AI risks to advance responsible Artificial Intelligence (AI) research, development, and deployment. The announcement included, a) an updated roadmap to focus federal investments in AI research and development (R&D), b) a new request for public input on critical AI issues, and c) a new report on the risks and opportunities related to AI in education. [more]

2. Security professional, Daniel Miessler, noted in his post the various attack surfaces related to AI, such as AI Assistants, Agents, Tools, Models and Storage.[more]

3. Security chiefs say the benefits of artificial intelligence are clear, but that the promises and risks of early generative AI are overblown. [more]

4. OpenAI has confirmed the outage of ChatGPT service and brought it up after an hour of disruption. [more]

5. A falsified photograph of an explosion near the Pentagon spread widely on social media Monday morning, briefly sending US stocks lower in possibly the first instance of an AI-generated image moving the market. [more]

6. Fortinet’s 2023 State of Operational Technology and Cybersecurity Report shows a drop in the number of breaches and CISOs being increasingly responsible for OT cybersecurity. [more]

7. Security researcher, Mandiant, has uncovered malware, known as CosmicEnergy, designed to disrupt electric power transmission. The malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm. [more][more-mandiant]

Web3 Cryptospace Spotlight

1. 20 May - Tornado Cash suffered a governance attack. The attacker used a malicious proposal to take over the governance of Tornado Cash. While the attacker could not drain the ~$275M in the privacy pools themselves, the attacker gained control of the TORN governance token and the power to modify the router to reroute deposits or withdrawals. The attacker withdrew 10,000 votes as TORN and sold it all. Subsequently, the attacker published another proposal to revert the changes. [more][more-securityanalysis]

2. 24 May - Web3 investor and developer Jump Crypto has identified a vulnerability in Celer’s State Guardian Network (SGN) that would allow malicious validators to compromise the network and applications dependent on it. According to Jump Crypto’s postmortem report, validators were allowed to vote more than once on the same update due to a bug in the SGN’s code. By allowing validators to vote multiple times, malicious actors could multiply their voting power to approve harmful updates. [more][more-postmortem]

   1. Celer is a Cosmos-based blockchain that supports cross-chain communication.

3. Crypto security company, Unciphered, indicated that it found a way to physically hack into the Trezor T hardware wallet. The company performed a laboratory demonstration of the hacking of Trezor T wallet and successfully retrieve our seed phrase and pin. [more]

   1. Unciphered noted that its team made use of an “unpatchable hardware vulnerability with the STM32 chip that allows us to dump the embedded flash and one-time programmable (OTP) data.”

4. A recent TRM Labs report show crypto hacks are down 70% in Q1 2023, coming off of a record year of crypto funds stolen in 2022. TRM Labs head of legal and government affairs Ari Redbord pointed out that exploits on bridges and protocols are still happening at an "unprecedented" speed and scale. [more][more-TRMLabsReport]

5. Scam Sniffer, platform specializing in the identification of scams, has discovered that some phishing incidents are related to a scam software provider called Inferno Drainer. It specializes in multi-chain scams and mainly charges 20% of the stolen assets. It has stolen about $5.9 million in assets. [more][more-scamsniffer]