Tag

service

Browsing

A new service powered by artificial intelligence that can turn portraits into talking heads was announced by D-ID on Monday.

Called Creative Reality Studio, the self-service application can convert a facial image into video, complete with speech.

The service is aimed at professional content creators – learning and development units, human resources departments, marketers, advertisers and sales teams – but anyone can try out the technique on the D-ID website.

Creative Reality Studio
Video by John P. Mello Jr.


The platform reduces the cost and hassle of creating corporate video content and provides an unlimited variety of presenters – versus limited avatars – that include users’ own photos or any images that the company has the right to use, according to the company. Gained notoriety when its technology was used in an app called Deep Nostalgia. The software was introduced as a way to animate old pictures.

The company said the technology enables customers and users to choose a presenter’s identity, including their ethnicity, gender, age and even their language, accent and tone. “It provides greater representation and diversity, creating a stronger sense of inclusion and belonging, which drives further engagement and interaction with the businesses that use it,” it said in a news release.

Matthew Kershaw, D-ID Marketing Vice President, told TechNewsWorld, “The use cases include empowering professional content creators to seamlessly integrate video into the digital space and presentations with specialized PowerPoint plug-ins, the use of customized corporate video narrators.” Generating more engaging content.

impressive services

The quality of these services is impressive, and continues to get better, maintained Daniel Castro, vice president of the Information Technology and Innovation Foundation, a research and public policy organization in Washington DC.

“The service isn’t at a level where it’s completely replacing a presenter, but there’s no reason not to expect it to be there relatively soon,” he told TechNewsWorld.

D-ID explained that the use of video by businesses has increased dramatically and more of them are integrating it into their training, communication and marketing strategies.

Accelerating this trend, it continued, are the rapidly evolving worlds of avatars and the metaverse, both of which demand a more creative, immersive and interactive content approach from digital creators. Production budgeting, however, can be prohibitively expensive and requires significant allocation of time and talent.

“The service is an evolution of the avatars and emoji people use today, but can be used in lengthy discussions or presentations,” said Ross Rubin, principal analyst at Reticle Research, a consumer technology consulting firm in New York City.

“The idea is to save time, especially if you were going to read a script,” he told TechNewsWorld. “It can be more engaging to an audience than simply watching audio or slides.”

democratizing AI

D-ID CEO and co-founder Gil Perry noted in a news release that the company’s technology, which is limited to the enterprise, has been used to create 100 million videos.

“Now that we are offering our self-service Creative Reality platform, the potential is enormous,” he continued. “It enables both large enterprises, small companies and freelancers to create personalized videos for multiple purposes on a large scale.”

Kershaw said D-ID’s technology will further democratize creativity. “I say ‘forward’ because technology has really been democratizing the arts for decades,” he said.

“From the installation of synthesizers, samplers and sequencers in music to Photoshop and Illustrator in photography and illustration, and premiere and desktop editing in film production and motion graphics, the ability to create high-quality productions outside of specialist high-end studios It’s been happening since the 1980s,” he said. “This is the latest episode of that long-running series.”

“This is certainly a step forward towards democratizing AI,” agreed Aviva Litton, a security and privacy analyst at Gartner. “It has great use cases in education, healthcare and retail,” she told TechNewsWorld. “It’s a better way to communicate with people. We’re becoming a more visual society. Nobody has time to read anything.”

deepfake concerns

With growing concern over the use of “deepfakes” to spread misinformation and take social engineering to new heights, there is always the potential for misuse of new synthetic media solutions such as D-ID.

“As with any technology, it can be used for the ill by our bad actors, but our platform is aimed at legitimate businesses that would have no interest in that kind of use,” Kershaw said.

“Plus,” he continued, “we’re not deepfakes. We don’t put someone else’s face on someone else’s body, and we’re not trying to tell anyone something they didn’t say.”

“Within D-ID’s platform, we have put in place a number of security measures to ensure that our technology is not used in this manner,” he said. “We do not repeat the voices of celebrities or those without permission from any person.”

The company also filters abusive and racist comments, and prohibits the platform from being used to make political videos.

“D-ID is putting railings on their platforms, but we all know that railings are never perfect,” Litton said.

“It is a good tool to spread misinformation because these social media sites are not ready for deepfakes,” she said. “Even if social media sites are good at detecting deepfakes, they will never be enough. It’s like spam. Spam always gets through. It will happen too, but the consequences There will be worse.”

need for origin

Detecting deepfakes is a losing proposition in the long run, Litton said. Even today, detection algorithms typically cannot detect more than 70% of deep fakes.

He added that determined adversaries will keep pace with deepfake detection using generative adversarial networks so that the detection rate is eventually reduced to 50%.

She predicts that in 2023, 20% of successful account takeover attacks will use deepfakes to turn over sensitive data to socially engineered users or transfer funds to criminal accounts.

“Many safeguards need to be implemented industry-wide, which is why we are also working with industry bodies and regulators to implement legal safeguards that will make the industry more secure and reliable in general ,” said Kershaw. “We think that having an industry-wide system for watermarking content invisibly through the use of steganography, in particular, would get rid of almost all potential issues.”

“You will be able to see a section of media and click a button to see where it came from and what’s in it,” he said. “Transparency is the solution.”

“There are many ways to deal with counterfeiting, but the most important is to know the origin and authenticity of the media,” Castro said.

A new phishing-as-a-service offering on the dark web poses a threat to online accounts protected by multi-factor authentication, according to a blog posted Monday by an endpoint security company.

Called EvilProxy, the service allows threat actors to launch phishing campaigns, with the ability to largely bypass MFAs without the need to hack upstream services, the Resecurity researchers noted in the blog. .

The service uses methods supported by APT and cyber espionage groups to compromise accounts protected by MFA. According to the researchers, such attacks have been discovered against Google and Microsoft customers whose accounts have MFA enabled via SMS text messages or application tokens.

Phishing links produced by EvilProxy lead to cloned web pages that have been compromised by accounts associated with multiple services, including Apple iCloud, Facebook, GoDaddy, GitHub, Dropbox, Instagram, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex. has been prepared to do.

Threat actors using EvilProxy to gain access to their repositories are targeting software developers and IT engineers with the ultimate goal of hacking “downstream” targets, the researchers wrote.

He explained that these tactics allow cybercriminals to capitalize on end users who believe they are downloading software packages from secure resources and do not expect them to be compromised.

faster, faster, better

“This incident poses a threat to software supply chains because it targets developers by giving the service’s cybercriminal customers the ability to launch campaigns against GitHub, PyPI and NPM,” said Avid Gershon, leader of the security research team at Checkmarks. Said, an application security company, in Tel Aviv, Israel.

“Just two weeks ago,” he told TechNewsWorld, “we saw the first phishing attack against PyPI contributors, and now we see the service take it a few steps further by making these attacks accessible to less tech operators and adding capability. To bypass the MFA.”

Checkmarx’s head of supply chain security Tzachi Zorenstein said the nature of supply chain attacks increases the reach and impact of cyber attacks.

“Abusing the open-source ecosystem represents an easy way for attackers to increase the effectiveness of their attacks,” he told TechNewsWorld. “We believe this is the beginning of a trend that will increase in the coming months.”

A phishing-as-a-service platform can also increase attacker effectiveness. “Since PhaS can operate at scale, it enables adversaries to be more efficient at stealing and defrauding identities,” said Resecurity CEO Jean Yu.

“Old-fashioned phishing campaigns require money and resources, which can be overwhelming for one person,” he told TechNewsWorld. “Fas is just faster, faster, better.”

“It’s something that’s very unique,” he said. “It’s very rare to produce a phishing service on this scale.”

well packed

Many illegal services, hacking and malicious intent are solution products, explained Alon Nachmani, field CISO at AppviewX, a certificate lifecycle management and network automation company in New York City.

“By using a PhaS solution malicious actors have less overhead and less to spring an attack,” he told TechNewsWorld.

“Quite honestly,” he continued, “I’m surprised it took so long to become a thing. There are so many marketplaces where you can buy ransomware software and link it to your wallet. Once deployed , you can collect the ransom. The only difference here is that it is completely hosted for the attacker.”

While phishing is often considered a low effort activity in the hacking world, it still requires some work, said Monia Deng, director of product marketing at Bolster, a provider of automated digital risk protection in Los Altos, Calif. You’ll need it to do things like stand up to a phishing site, create emails, automate managers, and nowadays, steal 2FA credentials on top of primary credentials, she explained.

“With Faas,” she continued, “everything is neatly packaged on a subscription basis for criminals who do not require any hacking or even social engineering experience. It Opens the ground for many more threat actors who want to exploit organizations for their own gain.”

bad actors, great software

Security researchers explained that payment for EvilProxy is conducted manually through an operator on Telegram. Once the subscription funds are received, they will be credited to the account in the customer portal hosted on TOR. The kit is available for $400 per month.

EvilProxy’s portal has many tutorials and interactive videos on using the service and configuration tips. “To be clear,” the researchers wrote, “the bad actors did a great job in terms of service usability, and configuration of new campaigns, traffic flow, and data collection.”

“This attack just shows the maturity of the bad actor community,” said George Gerchow, CSO and senior vice president of IT at Sumo Logic, an analytics company focused on security, operations and business information in Redwood City, Calif.

“They are packing these kits nicely with detailed documentation and videos to make it easier,” he told TechNewsWorld.

The service uses a “reverse proxy” principle, the researchers noted. It works like this: Bad actors lead victims to a phishing page, use a reverse proxy to get all the legitimate content the user expects to see, and sniff their traffic through the proxy.

“This attack highlights how low the barrier of entry is for unsophisticated actors,” said Heather Iannucci, a CTI analyst at Tanium, creator of an endpoint management and security platform in Kirkland, Wash.

“With EvilProxy, a proxy server sits between the legitimate platform’s server and the phishing page, which steals the victim’s session cookie,” she told TechNewsWorld. “This can then be used by the threat actor to login to a legitimate site as a user without an MFA.”

“Defending against EvilProxy is a challenge because it combines cheating a victim and MFA bypass,” Yu said. “The real compromise is invisible to the victim. Everything sounds good, but it’s not.”

still in effect

Nachmany warned that users should be concerned about the effectiveness of MFAs that use text messaging or application tokens. “Fas is designed to use them, and this is a trend that will grow in our market,” he said.

“The use of certificates as an additional factor is what I expect to see an increase in use soon,” he said.

While users should be careful when using an MFA, it is still an effective mitigation against phishing, said Patrick Harr, CEO of SlashNext, a network security company in Pleasanton, Calif.

“It increases the difficulty of leveraging compromised credentials to disband an organization, but it is not foolproof,” he said. “If a link leads the user to a counterfeit replica of a legitimate site—which is nearly impossible to identify as not legitimate—the user may be the victim of an adversary-in-the-middle attack, such as this one by EvilProxy.” is used to .”