InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Most management systems, compliance, and certification projects require documented policies, procedures, and work instructions. GDPR compliance is no exception. Documentation of policies and processes are vital to achieve compliance.
ITG GDPR Documentation Toolkit gives you a complete set of easily customizable GDPR-compliant documentation templates to help you demonstrate your compliance with the GDPR’s requirements quickly, easily, and affordably.
“Having recently kicked off a GDPR project with a large international organisation I was tasked with creating their Privacy Compliance Framework. The GDPR toolkit provided by IT Governance proved to be invaluable providing the project with a well organised framework of template documents covering all elements of the PIMS framework. It covers areas such as Subject Access Request Procedure, Retention of Records Procedure and Data Protection Impact Assessment Procedure helping you to put in practice policies and procedures to enable the effective management of personal information on individuals. For anyone seeking some support with their GDPR plans the toolkit is well work consideration.”
Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft including a critical HTTP Protocol Stack Remote Code Execution vulnerability tracked as CVE-2021-31166. The flaw could be exploited by an unauthenticated attacker by sending a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
This stack is used by the Windows built-in IIS server, which means that it could be easily exploited if the server is enabled. The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2.
The security researcher Axel Souchet has published over the weekend a proof-of-concept exploit code for the wormable flaw that impacted Windows IIS.
The PoC exploit code allows to crash an unpatched Windows system running an IIS server, it does not implement worming capabilities. Anyway, attackers could start triggering the vulnerability in the wild, the PoC code could be improved to be actively exploited.
Now, the security researcher Jim DeVries reported that the issue also impacts Windows 10 and Server devices running the Windows Remote Management (WinRM) service. a component of the Windows Hardware Management feature set which also makes use of the vulnerable HTTP.sys.
Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate.
The WinRM service is enabled by default on Windows servers running versions 2004 or 20H2 for this reason it only poses a serious risk to corporate environments, DeVries explained to BleepingComputer.
I finally found time to answer my own question. WinRM *IS* vulnerable. This really expands the number of vulnerable systems, although no one would intentionally put that service on the internet.
This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US democracy – the ability of citizens to express their voice to their political representatives. And it was carried out by generating millions of fake comments and fake emails purporting to come from real citizens.
This attack was detected because it was relatively crude. But artificial intelligence technologies are making it possible to generate genuine-seeming comments at scale, drowning out the voices of real citizens in a tidal wave of fake ones.
As political scientists like Paul Pierson have pointed out, what happens between elections is important to democracy. Politicians shape policies and they make laws. And citizens can approve or condemn what politicians are doing, through contacting their representatives or commenting on proposed rules.
Democracy and Fake News: Information Manipulation and Post-Truth Politics – the analysis of post-truth politics.
The volume sheds light on some topical questions connected to fake news, thereby contributing to a fuller understanding of its impact on democracy. In the Introduction, the editors offer some orientating definitions of post-truth politics, building a theoretical framework where various different aspects of fake news can be understood. The book is then divided into three parts: Part I helps to contextualize the phenomena investigated, offering definitions and discussing key concepts as well as aspects linked to the manipulation of information systems, especially considering its reverberation on democracy. Part II considers the phenomena of disinformation, fake news, and post-truth politics in the context of Russia, which emerges as a laboratory where the phases of creation and diffusion of fake news can be broken down and analyzed; consequently, Part II also reflects on the ways to counteract disinformation and fake news. Part III moves from case studies in Western and Central Europe to reflect on the methodological difficulty of investigating disinformation, as well as tackling the very delicate question of detection, combat, and prevention of fake news.
Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021.
“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers,” Air India said in a breach notification sent over the weekend.Â
“This incident affected around 4,500,000 data subjects in the world.”
The airline added that the breach impacted the data of passengers registered between August 2011 and February 2021.
Nevertheless, after investigating the security incident, it was found that no credit card information or password data was accessed during the breach.
However, Air India urges its passengers to change their credentials to block potential breach attempts and ensure their data security.
“The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” Air India added [PDF].
“However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor.”
The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate the continued support and trust of our passengers. — Air India
Data breach impacts Star Alliance members
Almost a dozen more air carriers besides Air India informed passengers that some of their data was accessed during a breach of SITA’s Passenger Service System (PSS), which handles transactions from ticket reservations to boarding.
SITA also confirmed the incident saying that it reached out to affected PSS customers and all related organizations in early March.
At the time, a SITA spokesperson told BleepingComputer that the breach impacts data of passengers from multiple airlines, including:
Lufthansa – combined with its subsidiaries, it is the second-largest airline in Europe in terms of passengers carried; Star Alliance member and Miles & More partner
Air New Zealand – flag carrier airline of New Zealand
Singapore Airlines – flag carrier airline of Singapore
Finnair – flag carrier and largest airline of Finland
Some of these air carriers (including Air India) are part of the Star Alliance, a global airline network with 26 members, including Lufthansa, the largest in Europe.
Star Alliance told BleepingComputer that its members also share customer details relevant to awarding traveling benefits.
The information is limited to membership names, frequent flyer program membership numbers, and program tier status.
As many as 4.5 million Air India customers were affected in the data breach
The airlines assured its passengers that there was no evidence of any “misuse” of the datahttps://t.co/ixRCDFTbtt
Harden the human firewall against the most current threats
Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker’s repertoire―why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited.
Networks and systems can be hacked, but they can also be protected; when the “system” in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer’s bag of tricks.
Examine the most common social engineering tricks used to gain access
Discover which popular techniques generally don’t work in the real world
Examine how our understanding of the science behind emotions and decisions can be used by social engineers
Learn how social engineering factors into some of the biggest recent headlines
Learn how to use these skills as a professional social engineer and secure your company
Adopt effective counter-measures to keep hackers at bay
By working from the social engineer’s playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.
The WEF singled out five global cybersecurity challenges:
1. Increasing sophistication of cyberattacks and cyber adversaries 2. Widening cybersecurity skills gap 3. Lack of intelligence and operational information sharing 4. Keeping up with regulatory changes and uncertainty 5. Underinvestment and lack of business buy-in
Below, expert insights into these five challenges, as well as paths forward for the medical device industry.
A Pass the Hash (PTH) attack is a technique whereby an attacker captures a password hash as opposed to the password itself (characters) thereby gaining access (authentication) to the networked systems. This technique is used to steal credentials and enable lateral movement within a network. In a Windows environment, the challenge-response model used by NTLM security is abused to enable a malicious user to authenticate as a valid domain user without knowing their password. Now that Kerberos has replaced NTLM as the preferred authentication method for Windows domains, NTLM is still enabled in many Windows domains for compatibility reasons. And so, pass the hash attacks remain an effective tool in the hands of attackers. It is worth noting that there are other attacks associated with Keberos such as Pass the ticket and Kerberos-brute force attack etc. I will be discussing this in my next guide. Below are some articles relating to this topic: NT LAN Manager: How to prevent NTLM credentials from being sent to remote servers, Active Directory Authentication methods:How do Kerberos and NTLM work, and How to configure a service account for Kerberos delegation.
Last month, my wife was contacted by a phisher, mascaraing as someone from social security. This threat actor made an attempt to obtain her social security number using the threat of fraud investigation to verify her social security number. Because of my background in security, I was able to act quickly to prevent her from compliance and educated her on the phish attack. For many people, this ends in far less positive outcomes because there is not enough education and prevention out there. The majority of organizations will never request or disclose personal identifiable information (PII) and will only communicate via secure encrypted email or over traditional mail services. They will request an in person visit. For more information on securing your private information, visit: How to protect your personal information Caller ID is less reliable due to caller ID spoofing. This in part can be avoided by maintaining an address book in conjunction with a good call blocking service.
The majority of telecom providers offer programmable call blocking services, most of these operate with a programmable blacklist/whitelist. There are also third-party options on the device App Store. This function acts in many ways similar to malware detection and prevention. These features are also available as an add-on for a landline that blocks on a hardware level at the home or business demarcation point. This is slowly phasing out as more and more people are migrating to VoIP solutions or cellular based services. For more information on Caller ID spoofing, visit: howtogeek Dont trust caller id More information on call blocking at FCC Call blocking More information on call blocking for landlines at FCC Do not call list Opinion The best approach to handling telemarketers is a zero-trust approach, sellers you wish to do business with should be in your address book for ease of verification. Automated calling can potentially be used to gather recorded voice prompts as a potential persistent attack to gather voice commands to use on voice prompt services. These calls may also be used to verify the contact number is active and accepting calls. If you can avoid not answering a call or push it to voicemail, do it. Make sure you monitor your voicemail in the event a trusted contact is contacting you from a different contact source. Stay safe out there! ~Neumiller
Vishing attacks spoof Amazon to try to steal your credit card information
Prior to COVID-19, many companies had engineering applicants take coding skills assessments in person. On-premises testing allowed employers to control the environment and observe the applicant’s process. Now, employers are providing these assessments (and getting observations) remotely, and applicants (almost exclusively at the junior level) are gaming the platforms.
The two most common strategies are plagiarism and identity misrepresentation. In the former, applicants copy and paste code found on sites like Github or they are lifting code from prior assessments administered by the same employer that have been published and/or sold online. (Companies that have only a few variations of a coding challenge will find, with a quick Google search, that prior test-takers have either posted it online or are offering the answers privately. They’ll even sprinkle in some minor differentiations so that it’s harder to catch.) Identity misrepresentation means asking or paying someone else to log in to the test platform and solve the test (or part of it) for the applicant.
Globally, the rate for plagiarism in 2020 was 5.6%, and suspicious connectivity patterns – indicative of session handover to someone else other than the applicant – appear in 6.48% of sessions. We are seeing a slight growth in the percent of sessions with suspicious behaviors, and this growth is visible in both global and financial markets in particular.
Some industries will have higher rates of cheating than others; for example, organizations in the government, education, and non-profit sectors can see up to double the global average for red-flag behavior. The general shortage of HR professionals with deep technical knowledge make practically all employers vulnerable to inefficiencies and the perils of under-qualified tech candidates making it too far into the recruitment funnel. Higher rates of cheating mean that IT professionals need smarter tools to avoid mis-hires.
Addressing this problem needs to be a priority for employers looking to hire remotely on a larger scale or as a permanent practice, because the short- and long-term consequences are always more costly than whatever investments they put into preventative safeguards.
Hiring a person who cheated in the recruitment process is a recipe for disaster, both for the employer and the employee. Job seekers will typically cheat because they lack the qualifications to pass the recruitment process or, sometimes, just lack the confidence that they can succeed. In either case, if the recruitment leads to employment, the nascent working relationship is botched from day one. The lack of qualifications surfaces sooner or later, frequently damaging schedules, reliability, and security of software products and services, not to mention driving business costs up and reputation down.
More alarmingly, common sense and academic research suggest (Peterson et al., 2011; Schneider & Goffin, 2012), says that the lack of integrity has a potential to reoccur on the job, quite possibly leading to security breaches immensely more dangerous than software bugs. Last but not least, it is plainly emotionally difficult for many individuals to grow a healthy relationship towards the employer and the workplace when the relationship started with dishonesty.
AXA’s branches in Thailand, Malaysia, Philippines and Hong Kong have been hit by a ransomware attack, with hackers claiming they have accessed more than 3-terabytes of sensitive data.
Included in that trove of data, according to the hackers, are customer medical reports – which is also said to expose their sexual health problems – as well as identification documents, bank account statements, payment records, contracts and details of individual claims.
In addition to the ransomware attack, AXA has also been hit by a series of distributed denial of service (DDos) attacks on its global websites that made the insurance giant’s website completely inaccessible for a number of hours.
A ransomware group by the name of Avaddon has taken responsibility for the ransomware attacks launched against AXA, just days after the company announced it would stop underwriting policies that included payouts in the event of a ransomware attack.Â
The group told AXA that the insurance giant has around 10 days to get in contact and meet their demands, otherwise risking the publication of massive amounts of sensitive information on their customers.
AXA has responded to the claims, telling Bleeping Computer that there is “no evidence” to suggest that data beyond one of its Thai operations was accessed.Â
“Asia Assistance was recently the victim of a targeted ransomware attack which impacted its IT operations in Thailand, Malaysia, Hong Kong and the Philippines.”
The insurer continued to explain that “a dedicated taskforce with external forensic experts is investigating the incident. Regulators and business partners have been informed.”
“As a result, certain data processed by Inter Partners Assistance (IPA) in Thailand has been accessed. At present, there is no evidence that any further data was accessed beyond IPA in Thailand.
“AXA takes data privacy very seriously and if IPA’s investigations confirm that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted,” the company spokesperson said.
AXA is yet to address any specific demands of the hacking group Avaddon.Â
In the modern cloud-based application era, securing hardware is often neglected, so the volume of unmanaged devices noted above is not surprising. Endpoint management is hard, it’s boring, it’s time-consuming — but it’s nevertheless extremely important to a robust security strategy.
Why? Bad actors know that machines aren’t getting configured and maintained at the rate at which they should. This makes them ripe for exploitation. One of the easiest ways to attack corporate networks is through a machine that is not configured correctly or that hasn’t downloaded a patch to shore up a certain vulnerability.
Endpoint management: Scaling for a new world
VPNs have been under significant strain throughout the pandemic, and bandwidth is at a premium. This is part of the reason we’re seeing such rapid migration to the cloud. While there are numerous benefits to this move, it still doesn’t protect actual endpoints. To do this, regardless of environment, you need to find an endpoint management solution that can scale rapidly and not affect network performance.
This requires a novel approach to drive continuous compliance and configuration management across the enterprise. Of note, the latest peer-to-peer solutions can check the configuration of local or remote endpoints, diagnose problems, and/or remediate any issues found. Because of the nature of peer-to-peer, these solutions can conduct routine and advanced endpoint management at massive scale, addressing hundreds of thousands of endpoints without bandwidth throttling or hindering network performance.
Workers don’t even realize their systems are being updated. Being able to protect endpoints at scale without degrading the user experience or getting in the way of business processes is a game-changer in the remote world. It means that you can institute or return to a regular endpoint management schedule.
This isn’t the first time we’ve heard of a SNAFU like this, where virtual wires got crossed inside a video surveillance company’s own back end, causing customers not only to lose track of their own video cameras but also to gain access to someone else’s.
In one case, three years ago, a user of a cloud video service offered by a UK company called Swann received a video notification that showed surveillance footage from the kitchen…
…just not the kitchen in the user’s own house.
Amusingly, if that is the right word, the victim in this incident just happened to be a BBC staffer, relaxing at the weekend, who was gifted an ideal story to write up in the upcoming week.
In that incident, the camera vendor blamed human error, with two cameras accidentally set up with a “unique identifier” that wasn’t unique at all, leaving the system unable to decide which camera belonged to which account.
Alhough the vendor dismissed it as a “one off”, the BBC tracked down an even more amusing (though no less worrying) occurrence of the same problem in which a user received a surveillance video of a property that looked like a pub.
With a few days of search engine wrangling, that user managed to identify the pub online, only to find out that it was, by fluke, just 5 miles away.
So he went there and took a picture of himself in the beer garden, via the pub landlord’s webcam, but using his own online account:
Great to meet the manager @newtownlinford and share our concerns that @swannsecurity remote access CCTV system is giving us images from his cameras in place of our own. Bizarre to be able to take a selfie using someone else's CCTV camera pic.twitter.com/fTgmAVoPle
“Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define,” AWS explains.
Customers have complete control over their virtual networking environment, and can select their own IP address range, create subnets, and configure route tables and network gateways.
Unfortunately, the feature that allows customers to control their IP addresses also allows attackers to control the IP address written to AWS CloudTrail logs when accessing a compromised account via a newly created VPC endpoint.
“This can potentially enable an attacker to fool various security protections that rely on the Cloudtrail logs, such as SIEMs and cloud security tools. In addition, analysts looking for evidence of an attack might miss it,” Hunters researchers noted.
Attackers can obfuscate their IP address by making it look like an “organizational” public IP address, an employee “home” external IP address, a (potentially whitelisted) third party service provider public IP address, or a special private, reserved, testing or documentation-only IPv4 subnet block.
They could thus make it seem that a malicious action has been performed by an employee, or make it fly under the radar of threat intelligence and reputation services.
What attackers can’t do with this technique is to change the IAM permissions the attacker has when using victims’ compromised AWS API credentials, nor bypass IP-based IAM policies.
There is a solution
This technique may allow attackers to bypass security measures that rely solely on AWS CloudTrail, an AWS web service that allows customers to log, continuously monitor, and retain account activity related to actions across their AWS infrastructure (including AWS API activity).
Defenders should not rely on the contents of the “sourceIPAddress” field in the logs to detect attackers inside AWS, making API requests/calls, the researchers noted. Instead, they should review the “vpcEndpointID” field.
“If you use VPC endpoints in your environment, the only significant difference between the logs created by legitimate actions and the attacker’s actions is the specific VPC endpoint IDs logged. We recommend addressing this use-case with more anomalous-based detection logic, detecting usage of a new VPC endpoint ID never seen before in the organization,” the researchers advised.
They also recommended AWS CloudTrail users to cross-reference their cloud events with other sensors on endpoints, on-premises, email, identity, etc, to trace inconsistent logging and missed threats.
When this problem is discussed, people regularly quote the statistic that 85% of US critical infrastructure is in private hands. It’s a handy number, and matches our intuition. Still, I have never been able to find a factual basis, or anyone who knows where the number comes from. Paul Rosenzweig investigates, and reaches the same conclusion.
Discuss objectives and legal requirements associated with PPPs, the potential advantages and limitations of PPPs, and provide guidance as to how to structure a successful PPP for infrastructure investment.
It might seem logical to try to negotiate the ransom demand down to an amount that isn’t going to break the bank but would still be enough to satiate cybercriminals’ thirst for cash. Unfortunately, this isn’t a good idea, because negotiations can backfire and even cause ransomware gangs to increase their ransom demands.
This recently happened to Acer when they attempted to negotiate a $50 million ransomware demand down to $10 million. As retaliation, the REvil gang threatened to double the ransom if they didn’t receive the $50 million.
Another example is the Egregor ransomware gang, which often threatens to publish their victims’ data online if they negotiate or fail to deliver on ransom payments. If you’re not looking to add your company’s name to the list of failed negotiations, keep reading to find out some do’s and don’ts of planning for ransomware incidents.
DO: Create a plan before crisis strikes
A ransomware attack affecting your business in today’s digital economy is a matter of “when,” not “if.” Cybersecurity is an arms race, and as technological innovation grows, cybercriminals are also constantly innovating to develop new and more damaging attack methods. That’s why it’s essential to prepare for an attack as if it were as sure as the fact that the sky is blue – hopefully enabling you to avoid any negotiations altogether.
The core functionality of ransomware is two-fold: to encrypt data and deliver the ransom message. This encryption can be relatively basic or maddeningly complex, and it might affect only a single device or a whole network.
Ransomware is the fastest-growing malware in the world. In 2015, it cost companies around the world $325 million, which rose to $5 billion by 2017 and is set to hit $20 billion in 2021. The threat of ransomware is not going to disappear, and while the number of ransomware attacks remains steady, the damage they cause is significantly increasing.
You can only get rid of WAF if you fully implement security into your development process and audit the process via code reviews and annual tests. But DevSecOps can’t be realistically implemented for all web apps in the enterprise environment, so WAF will stick around because it still has a job to do.
The WAF is not dead, what’s left?
DevOps and the continuous integration and continuous deployment (CI/CD) pipeline provide an excellent opportunity to implement security, especially if your agile methodology includes security sprints. It allows for security to be built into the apps from the start, rather than taking the traditional route of applying it later, which is not only inefficient but – in the frenetic pace of CI/CD – can be overlooked, ignored, or forgotten.
Although security for all web apps should be built-in from the start, our experience shows that it is usually only applied to the “crown jewels,” like the company’s primary customer portal or client payment systems. In an enterprise environment, it’s not unusual for a company to be running old apps in which code is no longer maintained or apps integrated through acquisition.
Additionally, departments such as R&D and marketing frequently implement custom or third-party applications. This app proliferation can result in more than 50% of public-facing web applications in an organization being managed by DevOps or other disparate IT groups. These apps will need additional mitigation controls, which is where WAF comes in.
![Don't Hire a Software Developer Until You Read this Book: The software survival guide for tech startups & entrepreneurs (from idea, to build, to product launch and everything in between.) by [K.N. Kukoyi]](https://m.media-amazon.com/images/I/51a9ala-KuL.jpg)
May 24 2021
AIs and Fake Comments
This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US democracy – the ability of citizens to express their voice to their political representatives. And it was carried out by generating millions of fake comments and fake emails purporting to come from real citizens.
This attack was detected because it was relatively crude. But artificial intelligence technologies are making it possible to generate genuine-seeming comments at scale, drowning out the voices of real citizens in a tidal wave of fake ones.
As political scientists like Paul Pierson have pointed out, what happens between elections is important to democracy. Politicians shape policies and they make laws. And citizens can approve or condemn what politicians are doing, through contacting their representatives or commenting on proposed rules.
Democracy and Fake News: Information Manipulation and Post-Truth Politics – the analysis of post-truth politics.
The volume sheds light on some topical questions connected to fake news, thereby contributing to a fuller understanding of its impact on democracy. In the Introduction, the editors offer some orientating definitions of post-truth politics, building a theoretical framework where various different aspects of fake news can be understood. The book is then divided into three parts: Part I helps to contextualize the phenomena investigated, offering definitions and discussing key concepts as well as aspects linked to the manipulation of information systems, especially considering its reverberation on democracy. Part II considers the phenomena of disinformation, fake news, and post-truth politics in the context of Russia, which emerges as a laboratory where the phases of creation and diffusion of fake news can be broken down and analyzed; consequently, Part II also reflects on the ways to counteract disinformation and fake news. Part III moves from case studies in Western and Central Europe to reflect on the methodological difficulty of investigating disinformation, as well as tackling the very delicate question of detection, combat, and prevention of fake news.
Tags: AIs and Fake Comments, Information Manipulation
Comments (0)