News Items

As Artificial Intelligence (AI) increases the sophistication and scope of phishing, vishing, and smishing attacks, understanding and managing human cyber risks have become increasingly important, according to a report by the SANS Institute. The report highlights the escalating stakes associated with human cyber risks. The study discovered that mature security programs with strong teams and leadership support have at least three full-time employees on their security awareness teams. As in previous years, most organizations continue to view security awareness as a part-time commitment. Seventy percent of security awareness practitioners reported devoting less than half of their time to it this year. This insight highlights the ongoing difficulty of elevating the importance of continuous cybersecurity awareness in organizations' day-to-day operations. This article continues to discuss key findings from the SANS 2023 Security Awareness Report.

Help Net Security reports "Managing Human Cyber Risks Matters Now More Than Ever"

Security experts continue to encourage using strong and complex passwords to protect online accounts and data from cybercriminals. "Complex" passwords typically require lowercase and uppercase letters, numbers, and special symbols. However, according to research by the security company Hive Systems, complexity alone can still leave a password vulnerable to cracking if it does not contain enough characters. Hive discovered that an eight-character complex password could be cracked in only five minutes using the most advanced graphics processing technology and Artificial Intelligence (AI). In addition, a complex seven-character password could be cracked in four seconds, whereas a password with six or fewer characters could be cracked instantly. Shorter passwords with only one or two character types, such as only numbers or lowercase letters, or only numbers and letters, could be cracked in an instant. According to Hive's research, even simple passwords with more characters are less vulnerable to cracking in a short time. An 18-character password only containing numbers would require six days to crack, but one with the same number of characters using lowercase letters would take 481,000 years to crack. This article continues to discuss advancements in graphics processing technology and AI slashing the time required to crack a password using brute-force techniques.

TechRepublic reports "How an 8-Character Password Could Be Cracked in Just a Few Minutes"

Baltimore-based Johns Hopkins University and Health System are notifying patients that some of their protected health information may have been compromised due to hackers targeting a software vulnerability in MOVEit Transfer. According to a breach notification letter sent out by Johns Hopkins on June 14, the investigation into the incident is ongoing, and they are working with law enforcement and its cybersecurity teams to determine what kinds of information were compromised. The organization stated that its initial evaluation shows the attack may have impacted the information of Johns Hopkins employees, students, and/or patients. Johns Hopkins noted that all affected individuals will receive updates as they become available and will be contacted if they were affected by the breach.

Becker's Hospital Review reports: "Hackers Exploit Vulnerability to Target Johns Hopkins"

Titan, Redline, and other infostealers target Internet users searching for pirated copies of games and software. However, according to a new report from Flare.io, they are increasingly making their way into corporate environments, possibly due to the blurring between personal and work devices. The report reveals that about 400,000 employee logins are available for sale on the dark web and illegal Telegram channels. Once installed, infostealers normally compromise user web browsers and capture various login information. Anything saved in a web browser or entered into a field is vulnerable to interception, which includes passwords and files uploaded or downloaded. Many infostealers can secretly take screenshots. The malware embeds itself into target systems for long-term file exfiltration, using different techniques to avoid detection. The primary focus of infostealers has been "carding," or the theft of credit card numbers and cryptocurrency wallet logins. However, Flare's analysis of nearly 20 million stealer logs revealed that the presence of employee logins and other corporate network credentials is rising. This article continues to discuss infostealers becoming more common on company networks.

CPO Magazine reports "Once The Domain of Pirated Games, 'Infostealers' Have Racked Up Hundreds of Thousands of Employee Logins"

In recent years, the US has seen a rise in cyberattacks aimed at the nation's schools. During the 2022-2023 academic year, at least eight US K-12 school districts were affected by cyberattacks, four of which required schools to cancel classes or close entirely. In addition to disrupting school operations, these attacks have affected students, their families, teachers, and administrators. Sensitive personal information, including grades, medical records, documented home issues, behavioral information, and financial information, have been stolen and leaked by cybercriminals. Therefore, Secretary of Education Miguel Cardona and Secretary of Homeland Security Alejandro Mayorkas joined First Lady Jill Biden in convening school administrators, educators, and private sector companies to discuss best practices and new resources available to improve school cybersecurity, protect American families and schools, and prevent cyberattacks from disrupting US classrooms. According to a report published by the US Government Accountability Office (GAO) in 2022, the loss of learning following a cyberattack can be from three days to three weeks, and the recovery period can range from two to nine months. Furthermore, the financial losses faced by school districts as a result of a cyber incident ranged from $50,000 to $1 million. This article continues to discuss the new efforts to strengthen America's K-12 schools' cybersecurity.

HSToday reports "Administration Launches New Efforts to Strengthen America's K-12 Schools' Cybersecurity"

Serco Inc, the Americas division of multinational outsourcing company Serco Group, has recently disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server. Serco said that the information was exfiltrated from the file transfer platform of CBIZ, its benefits administration provider. Serco noted that on June 30, 2023, they were informed that their third-party benefits administration provider, CBIZ, experienced a ransomware attack and data breach. Serco stated that according to CBIZ, the incident began in May 2023, and CBIZ took steps to mitigate the incident on June 5, 2023. To be clear, the breach of CBIZ's systems did not affect the safety and security of Serco's systems. The personal information compromised in the attack includes any combination of the following: name, U.S. Social Security Number, date of birth, home mailing address, Serco and/or personal e-mail address, and selected health benefits for the year. Serco is currently collaborating with CBIZ to investigate the breach and assess the full extent of the incident, focusing on ensuring that the third-party vendor has implemented security measures to prevent future incidents. Serco's client roster includes a long list of U.S. federal agencies, including the Departments of Homeland Security, Justice, and State, as well as U.S. Intelligence Agencies and multiple U.S. Armed Forces branches (e.g., Navy, Army, Marine Corps, Air Force). Serco is also a contractor for U.S. state and local governments and the Canadian government, and it also provides services to high-profile commercial customers such as Pfizer, Capital One, and Wells Fargo. The company employs over 50,000 people across 35 countries and has an annual revenue of over $5.7 billion in 2022.

BleepingComputer reports: "US Govt Contractor Serco Discloses Data Breach After MoveIT Attacks"

The FBI urges potential Non-Fungible Token (NFT) buyers to look out for malicious websites that use "drainer smart contracts" to secretly steal from cryptocurrency wallets. The websites pose as outlets for legitimate NFT projects with new offerings. They are promoted by compromised social media accounts belonging to known NFT developers or accounts designed to appear as if they belong to such developers. Posts attempt to provoke a sense of urgency by using phrases such as "limited supply" or referring to the promotion as a "surprise." FBI officials noted in an advisory that the spoofed websites invite victims to connect their cryptocurrency wallets and purchase the NFT. The victims connect their cryptocurrency wallets unknowingly to a drainer smart contract, transferring their cryptocurrency and NFTs to wallets operated by criminals. From there, the criminals typically launder the stolen assets through a series of cryptocurrency exchanges or other services that mix them with others' assets to cover the path and destination of the stolen NFTs. Smart contracts are a form of computer code that executes a transaction or agreement, typically involving the transfer of digital assets. Criminals often use smart contracts with flaws or loopholes that allow them to transfer millions of dollars in assets from one or more parties entering the agreement. This article continues to discuss the FBI's warning about drainer smart contracts.

Ars Technica reports "What Are 'Drainer Smart Contracts' and Why Is the FBI Warning of Them?"

According to technical evidence reviewed by Reuters and an analysis conducted by security researchers, an elite group of North Korean (DPRK) hackers infiltrated the computer networks of a Russian missile developer for at least five months in 2022. Reuters discovered that cyber espionage teams with ties to the North Korean government, known as ScarCruft and Lazarus among security researchers, secretly installed stealthy digital backdoors into the systems of NPO Mashinostroyeniya, a rocket design bureau based in Reutov, which is a small town on the outskirts of Moscow. Reuters could not confirm whether any data was taken or what information may have been viewed during the breach. In the months following the digital break-in, Pyongyang announced several developments in its banned ballistic missile program, but it is unclear if this was linked to the breach. According to experts, the incident demonstrates that the isolated country will even target its allies, such as Russia, to acquire critical technologies. This article continues to discuss the breach of a major Russian missile developer by the Lazarus hacking group.

Cybernews reports "Lazarus Hack Russian Missile Maker as Moscow Pleas for Shells"

Researchers at Horizon3.ai have published information about CVE-2023-39143, two vulnerabilities in PaperCut application servers that unauthenticated attackers could exploit to execute code remotely. It is not a "one-shot" Remote Code Execution (RCE) bug, unlike the PaperCut vulnerability, tracked as CVE-2023-27350, recently exploited by Clop and LockBit ransomware affiliates. Researchers noted that CVE-2023-39143 is more difficult to exploit because multiple vulnerabilities must be chained together to compromise a server. PaperCut NG and MF are popular print management server software solutions. PaperCut NG and MF versions released before v22.1.3 contain the path traversal vulnerabilities (CVE-2023-39143) that could be exploited to read, delete, and upload arbitrary files to a vulnerable application server. This article continues to discuss the bug fixed by PaperCut.

Help Net Security reports "PaperCut Fixes Bug That Can Lead To RCE"

A group of researchers has developed a "deep learning-based acoustic side-channel attack" that is 95 percent accurate in classifying laptop keystrokes recorded by a nearby phone. According to the researchers Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad, when trained on keystrokes recorded with the video conferencing software Zoom, an accuracy of 93 percent was reached, a new record for the medium. Side-channel attacks are a class of security exploits aimed at gaining information from a system by monitoring and measuring its physical effects while processing sensitive data. Typical observable effects include runtime behavior, power consumption, electromagnetic radiation, acoustics, and cache accesses. To execute the attack, the researchers first conducted experiments with 36 of the Apple MacBook Pro's keys (0-9, a-z), pressing each key 25 times in a row, varying in pressure and finger. The next step involved isolating the individual keystrokes and converting them into a mel-spectrogram, on which a deep learning model called CoAtNet was run to classify the keystroke images. This article continues to discuss the deep learning-based acoustic side-channel attack.

THN reports "New 'Deep Learning Attack' Deciphers Laptop Keystrokes with 95% Accuracy"

Rapid7 researchers warn that the secondary market sale of decommissioned medical infusion pumps may result in the exposure of Wi-Fi configuration settings. Most medical infusion pumps purchased from secondary market services such as eBay contained wireless authentication data from the initial medical organization that deployed the devices. The researchers analyzed three different infusion pump models: the Alaris PC 8015, the Baxter Sigma Spectrum model 35700BAX2, and the Hospira Abbott PLUM A+ with MedNet. They analyzed 13 infusion pumps that are still in use in many medical facilities worldwide despite no longer being manufactured. Sensitive data was gathered by analyzing the content of compact flash cards, capturing serial communication while using the product's maintenance software serial communication, and physically removing and extracting data from the flash memory chip on the main circuit boards. Researchers retrieved hostnames with domain information, AES keys for encryption, SSIDs, Wi-Fi Pre Shared Keys (PSK) passphrases in clear text, Microsoft Active Directory authentication credentials, and Wi-Fi configuration settings. This article continues to discuss the security risks posed by decommissioned medical infusion pumps sold via the secondary market.

Security Affairs reports "Decommissioned Medical Infusion Pumps Sold on Secondary Market Could Reveal Wi-Fi Configuration Settings"

A survey of over 2,300 self-identified technologists from 90 countries reveals a lack of cybersecurity knowledge. In April and May, on behalf of RSA Security, a series of fact-based questions were posed, such as the most common cause of data breaches and how to implement a zero-trust strategy. The results were recently released as part of the RSA ID IQ report, as most of the questions dealt with identity-related issues. Fewer than 10 percent of respondents answered the majority of questions correctly, while nearly 50 percent answered at least half of the questions incorrectly. Two-thirds of the self-proclaimed experts in identity management did not choose the best practices for phishing prevention. This article continues to discuss key findings from the survey on cybersecurity knowledge.

SiliconANGLE reports "Many Tech Experts Fail a Test of Their Cybersecurity Knowledge"

Due to increased public reporting by security researchers and technology companies such as Microsoft and Google, a Russia-based hacking group connected to previous attacks on governments is shifting tactics. According to a report from Recorded Future, since March 2023, the group tracked as BlueCharlie, has established new infrastructure to launch attacks against various targets. BlueCharlie aims to collect information, steal credentials, and conduct hack-and-leak operations against Ukraine and North Atlantic Treaty Organization (NATO) nations. Several companies track the group as Calisto, COLDRIVER, or Star Blizzard/SEABORGIUM. It has previously targeted different government, higher education, defense, and political sector organizations, as well as non-governmental organizations (NGOs), activists, journalists, think tanks, and national laboratories. Recorded Future's Insikt Group could not determine who was targeted in this campaign but said they have observed it register 94 new domains as part of its new infrastructure building. According to the researchers, several tactics, techniques, and procedures (TTPs) observed in BlueCharlie's current operation deviate from previous activity, suggesting that the group is evolving its operations in response to public disclosures of its activities. This article continues to discuss recent findings and observations regarding BlueCharlie.

The Record reports "Russia-Based Hackers Building New Attack Infrastructure to Stay Ahead of Public Reporting"

According to a new report, cyberattacks against government agencies and the public sector have increased alarmingly over the past few months, as threat actors deployed various novel malware campaigns targeting financial institutions, healthcare services, and critical infrastructure industries. Blackberry's quarterly Global Threat Intelligence report reveals a 40 percent rise in attacks against government agencies and the public sector between March and May, as well as a 13 percent increase in novel malware samples. Blackberry's vice president of threat research and intelligence, Ismael Valenzuela, noted that these organizations struggle to defend against the threat posed by nation-states and cybercriminals due to limited resources and immature cyber defense programs. The report described the increase in attacks against the public sector as a "sudden surge" partly attributed to "extremely active" state-sponsored threat actors linked to Russia and North Korea. These actors primarily target government agencies, military organizations, businesses, and financial institutions in the US, Europe, and South Korea. In addition, they frequently modify their methods to make their attacks more difficult to detect and defend against. The growth in cyberattacks against US institutions coincides with recent high-profile breaches affecting multiple federal agencies. This article continues to discuss the rise in cyberattacks targeting government agencies and the public sector.

NextGov reports "Report Reveals 'Sudden Surge' in Cyberattacks Targeting Government Agencies"

President Biden issued the National Cybersecurity Strategy in March, outlining a clear and imperative path for the US. As the nation's Cyber Defense Agency, the Cybersecurity and Infrastructure Security Agency (CISA) plays a pivotal role in advancing toward a future in which robust collaboration is the norm and the responsibility for more effective and equitable cybersecurity is rebalanced. CISA has released its Cybersecurity Strategic Plan for FY2024-2026 to assure accelerated progress toward this vision. The plan is centered on three goals: addressing immediate threats, hardening the environment, and driving security at scale. CISA will collaborate with partners to gain visibility into the breadth of intrusions targeting the US, enable the disruption of threat actor campaigns, ensure adversaries are quickly evicted when intrusions occur, and expedite the mitigation of exploitable conditions that adversaries repeatedly exploit. This article continues to discuss the CISA Cybersecurity Strategic Plan.

CISA reports "CISA Cybersecurity Strategic Plan: Shifting the Arc of National Risk to Create a Safer Future"

Central Processing Units (CPUs) are designed to run multiple applications simultaneously, which is advantageous for productivity, but poses a security risk. By analyzing the processor's energy consumption, researchers at TU Graz and the Helmholtz Center for Information Security have discovered a novel technique named "Collide+Power" that enables attackers to read data from the memory of CPUs. The adversary stores a data package on a CPU segment in this attack. In the second phase, malicious code causes the attacker's data to be overwritten with the targeted data. This overwriting consumes power, and the greater the difference between the two data packages, the more power is consumed. The process is repeated thousands of times, each time with minimally different attacker data packages to be overwritten. The targeted data package can be derived from the variations in power consumption that occur throughout this process. This article continues to discuss the novel security gap in all common CPUs that is difficult to mitigate.

Graz University of Technology reports "CPU Security Loophole: Analysis of Energy Consumption Allows Data Theft"

California has enacted a new online privacy icon designed to give users greater authority over their personal information. Researchers from the University of Michigan's School of Information (UMSI) led the research to create the icon, simplifying consumers' privacy choices. According to Florian Schaub, associate professor of information at the University of Michigan, consolidation was found to be the most important aspect of the design when testing different styles of icons to get consumers' reactions. One link is the most effective and easy-to-understand alternative to multiple links for different aspects of a privacy policy. Implementing clear opt-out options and concrete privacy choices will benefit consumers by easing their control over their personal data. Schaub, Yixin Zou, a former doctoral candidate at UMSI, as well as researchers from Carnegie Mellon University and Fordham University collaborated with the California attorney general's office to research the misconceptions some users had about different privacy icons. They conducted multiple rounds of research and testing to eliminate misconceptions and ensure that the icon effectively conveys the essence of privacy options. This article continues to discuss the new California privacy choice icon.

The University of Michigan reports "U-M Researchers Play Role in Creating New California Privacy Choice Icon"

Hacktivist groups that operate for political or ideological reasons use various strategies to finance their operations. Although hacktivism appears to be about inflicting service disruption through Distributed Denial-of-Service (DDoS) attacks or reputational damage through data leaks, the modus operandi of these threat groups spans a larger array of operations, including common cybercrime strategies, according to the cyber intelligence company KELA. These tactics include stealing and selling data, selling malware and botnet licenses, demanding ransom from victims, and even offering hack-for-hire services that target non-political entities. For example, the pro-Russia hacktivist group KillNet promoted a botnet-for-hire in November 2021, but their monetization methods grew significantly in 2023. KillNet introduced a hack-for-hire service in March 2023, a new DDoS-for-hire service in July 2023, and a 'Dark School' training program in May 2023, selling nine hacking courses to hackers. This article continues to discuss the different ways in which hacktivists fund their operations.

Bleeping Computer reports "Hacktivists Fund Their Operations Using Common Cybercrime Tactics"

The Cybersecurity and Infrastructure Security Agency (CISA) is calling for improved security for Unified Extensible Firmware Interface (UEFI) update mechanisms in the wake of the debacle that has been mitigating the BlackLotus bootkit. CISA urges the computer industry to adopt a secure-by-design approach to improve the overall security of UEFI, which is the firmware responsible for a system's boot-up routine. It comprises several components: security and platform initializers, drivers, bootloaders, and a power management interface. According to Jonathan Spring, senior technical advisor at CISA, secure-by-design is about having the companies that create the software take responsibility for the security, which includes the update pathways. Threat actors can gain a high level of persistence on a device if UEFI is loaded with malicious code. That code will launch before the operating system or any security software, making it invisible to most incident response strategies and operating system-level defenses, as well as resistant to system reboots. This article continues to discuss the importance of improving UEFI security.

Dark Reading reports "Exclusive: CISA Sounds the Alarm on UEFI Security"

Scientists have developed a method that improves the detection of a common Internet attack by 90 percent compared to current methods. The new technique developed by computer scientists at the Pacific Northwest National Laboratory (PNNL) of the US Department of Energy (DOE) monitors the Internet's ever-changing traffic patterns. PNNL scientist Omer Subasi presented the findings on August 2 at the IEEE International Conference on Cyber Security and Resilience, where the manuscript was deemed the best research paper presented at the conference. The scientists modified the standard playbook for detecting Denial-of-Service (DoS) attacks, in which attackers attempt to bring down a website by bombarding it with requests. In order to increase detection accuracy, the PNNL team sidestepped thresholds and instead focused on the evolution of entropy, a measure of system disorder. This article continues to discuss the new method PNNL researchers developed to recognize a common Internet attack.

Pacific Northwest National Laboratory reports "Researchers Strengthen Defenses Against Common Cyberattack"

Microsoft Threat Intelligence has recently announced that it detected a series of highly targeted social engineering attacks employing credential theft phishing lures delivered as Microsoft Teams chats. Microsoft stated that these attacks have been traced back to the threat actor known as Midnight Blizzard, previously identified as Nobelium. The method used by the Russia-based threat actor involves exploiting previously compromised Microsoft 365 tenants owned by small businesses to create seemingly legitimate technical support entities. Using these domains from compromised tenants, Midnight Blizzard sends messages through Microsoft Teams to steal credentials by persuading users to approve multi-factor authentication (MFA) prompts. Microsoft's investigation revealed that roughly 40 global organizations have been affected by this campaign. Microsoft noted that the targeted sectors indicate specific espionage objectives by Midnight Blizzard, including government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media entities. CEO of My1Login, Mike Newman, stated that this is a highly sophisticated phishing scam that would be almost impossible to detect to the untrained eye. To protect against such attacks, Microsoft advised organizations to implement phishing-resistant authentication methods, use conditional access authentication strength for critical applications, and educate users about social engineering and credential phishing threats.

Infosecurity reports: "Microsoft Teams Targeted in Midnight Blizzard Phishing Attacks"

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international cybersecurity partners have published an advisory on the Common Vulnerabilities and Exposures (CVEs), to include associated Common Weakness Enumeration (CWE), that were routinely and frequently exploited by malicious actors in 2022. The joint Cybersecurity Advisory, titled "2022 Top Routinely Exploited Vulnerabilities," provides technical background information on the 12 most exploited vulnerabilities and an overview of an additional 30 vulnerabilities frequently used to compromise organizations, as well as specific information that organizations can use to identify and mitigate their exposure. This advisory describes the CWEs associated with these vulnerabilities for the first time, reflecting the underlying root causes that lead to the exploitable vulnerability. To reduce the prevalence of common classes of vulnerabilities, this advisory suggests technology vendors implement specific secure-by-design principles and ensure that all published CVEs contain the correct CWE identifying the vulnerability's root cause. This article continues to discuss the new joint advisory urging organizations to implement secure-by-design practices and prioritize patching known exploited vulnerabilities.

CISA reports "U.S. and International Cybersecurity Partners Warn Organizations of Routinely Exploited Vulnerabilities"

According to security researchers at Guardio, threat actors have exploited a Salesforce zero-day vulnerability and abused Meta features in a sophisticated phishing campaign. Attackers sent out legitimate-looking emails designed to lure targeted users to a phishing page where they were instructed to hand over their Facebook account information, including their name, account name, email address, phone number, and password. The researchers noted that the emails mentioned the targeted user's real name, appeared to come from "Meta Platforms," and were sent from an @salesforce[.]com address. A button included in the email led users to a legitimate Facebook domain, "apps.facebook[.]com", where they were informed about violating Facebook's terms of service. When users clicked on a button to resolve the issue, they were taken to a phishing page that instructed them to provide their information. The researchers stated that the fact that the email came from an @salesforce[.]com address and the link it included pointed to facebook[.]com helped the phishing emails bypass traditional security mechanisms. The analysis revealed that the attackers had targeted the Email Gateway component in the Salesforce CRM, specifically an "Email-To-Case" feature designed to convert customer inbound emails into actionable tickets in Salesforce. By abusing this feature, the attacker managed to receive verification emails that gave them control over a genuine Salesforce email address that they could use to send out the phishing emails. As for Facebook, the phishing page was hosted on a legacy web games platform offered by Facebook until 2021. The researchers noted that while the platform has been discontinued, games developed prior to this date can still receive support, and it appears that the attackers gained access to an account associated with such a game. They used that account to host their phishing page. The researchers notified Salesforce on June 28, and a fix was rolled out to all impacted services and instances within a month, preventing the use of an address from the Salesforce domain to send emails. Salesforce said it had no evidence of impact to customer data.

SecurityWeek reports: "Salesforce Email Service Zero-Day Exploited in Phishing Campaign"

Researchers from the University College London (UCL) have discovered that humans cannot detect deepfake speech 27% of the time. During the study, the researchers presented 529 individuals with genuine and deepfake audio samples and asked them to identify the deepfakes. Participants could only identify the fake audio 73% of the time, although detection accuracy improved by 3.84% on average after they received training to recognize aspects of deepfake speech. The researchers noted that they used a text-to-speech (TTS) algorithm trained on two publicly available datasets to produce the deepfake speech samples. These were run in English and Mandarin to understand if language can affect detection performance and decision-making rationale. The researchers stated that their findings confirm that humans are unable to reliably detect deepfake speech, whether or not they have received training to help them spot artificial content. The researchers noted that the samples that they used in this study were created with algorithms that are relatively old, which raises the question of whether humans would be less able to detect deepfake speech created using the most sophisticated technology available now and in the future. The researchers are now planning to develop better automated speech detectors as part of efforts to create detection capabilities for deepfake audio and imagery.

Infosecurity reports: "Humans Unable to Reliably Detect Deepfake Speech"