The US Senate has unanimously passed the DEFIANCE Act, allowing victims of nonconsensual intimate images created by AI, known as deepfakes, to sue their creators for damages. The bill enables victims to pursue civil remedies against those who produced or distributed sexually explicit deepfakes with malicious intent. Victims identifiable in these deepfakes can receive up to $150,000 in damages and up to $250,000 if linked to sexual assault, stalking, or harassment.
The legislative move follows high-profile incidents, such as AI-generated explicit images of Taylor Swift appearing on social media and similar cases affecting high school girls across the country. Senate Majority Leader Chuck Schumer emphasised the widespread impact of malicious deepfakes, highlighting the urgent need for protective measures.
Schumer described the DEFIANCE Act as part of broader efforts to implement AI safeguards to prevent significant harm. He called on the House to pass the bill, which has a companion bill awaiting consideration. Schumer assured victims that the government is committed to addressing the issue and protecting individuals from the abuses of AI technology.
Meta Platforms announced on Wednesday that it had removed approximately 63,000 Instagram accounts in Nigeria involved in financial sexual extortion scams, primarily targeting adult men in the United States. These Nigerian fraudsters, often called ‘Yahoo boys,’ are infamous for various scams, including posing as individuals in financial distress or as Nigerian princes.
In addition to the Instagram accounts, Meta also took down 7,200 Facebook accounts, pages, and groups that provided tips on how to scam people. Among the removed accounts, around 2,500 were part of a coordinated network linked to about 20 individuals. These scammers used fake accounts to conceal their identities and engage in sextortion, threatening victims with the release of compromising photos unless they paid a ransom.
Meta’s investigation revealed that most of the scammers’ attempts were unsuccessful. While adult men were the primary targets, there were also attempts against minors, which Meta reported to the National Centre for Missing and Exploited Children in the US. The company employed new technical measures to identify and combat sextortion activities.
Online scams have increased in Nigeria, where economic hardships have led many to engage in fraudulent activities from various settings, including university dormitories and affluent neighbourhoods. Meta noted that some of the removed accounts were not only participating in scams but also sharing guides, scripts, and photos to assist others in creating fake accounts for similar fraudulent purposes.
Leaders of Fortune 500 companies developing AI applications face a potential nightmare: hackers tricking AI into revealing sensitive data. Zurich-based startup Lakera has raised $20 million to address this issue. The funding round, led by Atomico with participation from Citi Ventures and Dropbox Ventures, brings Lakera’s total funding to $30 million. Lakera’s platform, used by companies like Dropbox and Citi, allows businesses to set guardrails for generative AI, protecting against prompt injection attacks.
Lakera CEO David Haber highlighted the importance of safety and security as companies integrate generative AI into critical functions. Existing security teams encounter new challenges in securing these applications. Lakera’s platform, built on internal AI models, ensures that generative AI applications do not take unintended actions. Customers can specify the context and policies for AI responses, preventing the disclosure of sensitive information.
A unique advantage for Lakera is Gandalf, an online AI security game used by millions, including Microsoft. The game generates a real-time database of AI threats, keeping Lakera’s software updated with thousands of new attacks daily. That helps in maintaining robust security measures for their clients.
Lakera competes in the generative AI security landscape with startups like HackerOne and BugCrowd. Matt Carbonara of Citi Ventures praised Lakera’s focus on prompt injection attacks and its team’s capability to build the necessary countermeasures for new attack surfaces.
CrowdStrike has issued a preliminary review of the recent issue affecting its Falcon sensor and Windows operating system. On July 19, 2024, a problematic update to CrowdStrike’s Rapid Response Content led to a system crash on Windows machines running sensor version 7.11 and above. The update was designed to gather telemetry on new threats but inadvertently caused an out-of-bounds memory read, resulting in a Windows blue screen error.
The faulty update was quickly reverted within an hour of deployment, and systems online after the fix were not affected. The issue was traced back to a bug in the Content Validator, which allowed problematic content to pass validation. CrowdStrike is now taking steps to improve its testing and validation processes to prevent similar issues in the future. That includes enhancing error handling, adding more validation checks, and implementing a staggered deployment strategy for updates.
Update: Our preliminary Post Incident Review (PIR) is available at the link below. Details include the incident overview, remediation actions, and preliminary learnings. More to come in our full Root Cause Analysis (RCA).
Automated recovery techniques, coupled with strategic…
CrowdStrike will release a detailed Root Cause Analysis later, and the impacted channel file has been deprecated to prevent further disruptions. The company is also improving its monitoring and providing customers with better control over update deployments.
Malaysia is urging social media platforms to strengthen their efforts in combating cybercrimes, including scams, cyberbullying, and child pornography. The government has seen a significant rise in harmful online content and has called on companies like Meta and TikTok to enhance their monitoring and enforcement practices.
In the first quarter of 2024 alone, Malaysia reported 51,638 cases of harmful content referred to social media platforms, surpassing the 42,904 cases from the entire previous year. Communications Minister Fahmi Fadzil noted that some platforms are more cooperative than others, with Meta showing the highest compliance rates—85% for Facebook, 88% for Instagram, and 79% for WhatsApp. TikTok followed with a 76% compliance rate, while Telegram and X had lower rates.
The government has directed social media firms to address these issues more effectively, but it is up to the platforms to remove content that violates their community guidelines. Malaysia’s communications regulator continues highlighting problematic content to these firms, aiming to curb harmful online activity.
Malaysia’s digital minister has urged Microsoft and CrowdStrike to consider compensating companies affected by last week’s global tech outage. The disruption, caused by a faulty update to CrowdStrike’s security software, impacted computers running Microsoft’s Windows operating system, affecting internet services worldwide and various industries.
In Malaysia, five government agencies and nine aviation, banking, and healthcare companies were affected. Minister Gobind Singh Deo has requested a full report from Microsoft and CrowdStrike on the incident and asked them to implement measures to prevent future outages. He also emphasised the need for the companies to consider compensation claims from affected parties, with the government ready to assist where possible.
The total amount of losses has yet to be determined. Tony Fernandes, CEO of Malaysia’s Capital A, which operates AirAsia, highlighted the significant impact on airlines and other businesses, calling for appropriate compensation from the tech firms responsible.
A global system failure on 19 July 2024, caused by a CrowdStrike Windows update, left gate screens blue and blank at airports worldwide. The update resulted in failures with Windows servers, virtual machines, and end point systems, affecting 8.5 million devices. Experts believe the update may have skipped quality checks, leading to widespread ‘blue screens of death’ and inoperable systems.
Organisations have struggled to restore operations, with Gartner releasing guidelines for immediate and long-term measures. Security teams are advised to be vigilant for opportunistic attacks, such as phishing and ransomware, as hackers exploit the chaos. The incident underscores the importance of resilience in the face of interconnected system vulnerabilities.
Chris Morales of Netenrich warned of potential phishing attacks, credential stuffing, and brute-force breaches during the outage. Gartner also highlighted the need to manage employee burnout as help desk staff face increased workloads. Ensuring temporary measures are properly decommissioned will be crucial to avoid further issues.
Long-term recommendations include focusing on resilience through redundant systems, continuous data backup, and comprehensive supply chain oversight. Jenna Wells of Supply Wisdom emphasised the importance of proactive business continuity plans to mitigate future incidents, stating that it’s not a matter of if but when an event will occur.
A congressional committee requested the CEO of the security company CrowdStrike, responsible for Friday’s widespread computer outage, to testify, intensifying legislative examination of the event. The House Homeland Security Committee’s Republican leaders have requested that CrowdStrike CEO George Kurtz testify on Capitol Hill by Wednesday to explain the causes of the outages and the mitigation measures being implemented.
Kurtz previously confirmed that a defective content update for Windows users caused the outages, impacting businesses and government organisations globally. Microsoft estimates that 8.5 million Windows devices were affected. Microsoft spokeswoman Kate Frischmann stated that the outages’ impact was due to CrowdStrike’s reach, not Microsoft’s. Security companies often have significant access within Windows to block attacks effectively, but this can also lead to negative escalation of issues when errors occur. Microsoft also highlighted how it must grant these companies such access due to a 2009 agreement with European antitrust authorities whereby Microsoft has to offer security companies the same powers it does to its own security products.
Why does it matter?
The global IT outage underscores the significant reliance on a limited number of software services, raising national security concerns and the lawmakers underscore the importance of learning from this event to safeguard critical infrastructure. CrowdStrike’s role in identifying malicious activities potentially also highlights the risk of international adversaries exploiting such vulnerabilities. As noted by FTC Chair Lina Khan, the incident has brought attention to the dependence on Microsoft products and the inherent fragility of concentrated systems.
LinkedIn is introducing AI-powered career advice and interactive games in an effort to encourage daily visits and drive growth. The Financial Times reported that this initiative is part of a broader overhaul aimed at increasing user engagement on the Microsoft-owned platform, which currently lags behind entertainment-focused social media sites like Facebook and TikTok.
With slowing revenue growth, analysts have suggested that LinkedIn must diversify its income streams beyond subscriptions and make the platform more engaging. Editor in Chief Daniel Roth emphasised the goal of building a daily habit for users to share knowledge, get information, and interact with content on the site. The efforts reflect LinkedIn’s push to enhance the user experience, such as unveiling AI-driven job hunting features and detecting fake accounts, as well as disabling targeted ads.
In June, LinkedIn recorded 1.5 million content interactions per minute, though it did not disclose site traffic or active user figures. Data from Similarweb showed that visits reached 1.8 billion in June, but the growth rate has slowed significantly since early 2024. For continued growth, media analyst Kelsey Chickering noted that LinkedIn needs to become ‘stickier’ and offer more than just job listings and applications.
Moreover, LinkedIn is becoming a significant platform for consumer engagement, with companies like Amazon and Nike attracting millions of followers. The platform’s fastest-growing demographic is Generation Z, many of whom shop via social media. The trend highlights LinkedIn’s potential as a robust avenue for retailers to reach a sophisticated and influential audience.
Delta Air Lines cancelled over 600 flights on Monday as it faced operational challenges following a global cyber outage last week. The disruptions, caused by a faulty software update from CrowdStrike, impacted Delta’s crew tracking system and led to the cancellation of more than 5,000 flights since Friday. As of early Monday, approximately 16% of Delta’s flights were cancelled, stranding thousands of travellers and forcing some to seek alternative transportation or delay their trips.
While other US airlines have largely recovered from the outage, Delta remains heavily affected. American Airlines and United Airlines reported minimal flight cancellations compared to Delta’s extensive disruptions. Delta CEO Ed Bastian explained that the outage had disrupted critical crew tracking tools, causing difficulties in managing the high volume of flight changes.
Delta’s shares showed little movement in premarket trading, and the airline is working to adjust its schedules to ensure safety and restore normal operations. Transportation Secretary Pete Buttigieg has engaged with Delta’s leadership to emphasise the airline’s responsibility to its customers. Meanwhile, CrowdStrike reported that many of the 8.5 million affected Microsoft devices are now back online.
