CyberSeeker@discuss.tchncs.detoTechnology@lemmy.world•The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakesEnglish
1·
8 months agoDigital signature as a means of non repudiation is exactly the way this should be done. Any official docs or releases should be signed and easily verifiable by any public official.
Shouldn’t be this hard to find out the attack vector.
Buried deep, deep in their writeup:
RocketMQ servers
I’m sure if you’re running other insecure, public facing web servers with bad configs, the actor could exploit that too, but they didn’t provide any evidence of this happening in the wild (no threat group TTPs for initial access), so pure FUD to try to sell their security product.
Unfortunately, Ars mostly just restated verbatim what was provided by the security vendor Aqua Nautilus.