UN Adopts Resolution for 'Secure, Trustworthy' AI
The United Nations adopted a resolution concerning responsible use of artificial intelligence, with unclear implications for global AI security.
The US-drafted proposal — co-sponsored by 120 countries and accepted without a vote — focuses on promoting "safe, secure and trustworthy artificial intelligence," a phrase it repeats 24 times in the eight-page document.
The move signals an awareness of the pressing issues AI poses today.
Its role in disinformation campaigns and its ability to exacerbate human rights abuses and inequality between and within nations, among many others.
However, it falls short of requiring anything of anyone, and only makes general mention of cybersecurity threats in particular.
@Cyber_Security_Channel
Europe’s World-First AI Rules Get Final Approval From Lawmakers. Here’s What Happens Next
“The AI Act has nudged the future of AI in a human-centric direction, in a direction where humans are in control of the technology and where it — the technology — helps us leverage new discoveries, economic growth, societal progress and unlock human potential,” Dragos Tudorache, a Romanian lawmaker who was a co-leader of the Parliament negotiations on the draft law, said before the vote.
Cyber_Security_Channel
Vans Warns Customers of Fraud Risk After Data Breach
Customers were instructed to watch out for emails with embedded hyperlinks, as those could lead to malicious websites.
Moreover, individuals should be wary of email attachments and any suspicious emails, even if they appear to come from people they know.
Cyber_Security_Channel
Fast-Growing RA Ransomware Group Goes Global
RA World's continues to use double-extortion tactics.
This gives victims an extra incentive to meet ransom demands by using details of previous victims in their ransom note, according to Trend Micro, which pulled back the veil with specifics of RA World's multistage attack in its post.
@Cyber_Security_Channel
Navigating Cyberthreats and Strengthening Defenses in the Era of AI
As we look to secure the future, we must ensure that we balance preparing securely for AI and leveraging its benefits, because AI has the power to elevate human potential and solve some of our most serious challenges.
@Cyber_Security_Channel
Apple Gets Loud About AI PCs With New M3-Based MacBook Air
What helped give Apple the confidence to apply this superlative is what it says is the M3’s “faster and more efficient” 16-core Neural Engine, which sits alongside the CPU and GPU on the processor’s die to accelerate machine learning workloads on the device.
The tech giant also pointed to how the unified memory architecture of its M-series chips helps the new MacBook Air and other Macs “run optimized AI models, including large language models and diffusion models for image generation locally with great performance.”
@Cyber_Security_Channel
Microsoft Left a Windows Kernel Zero-Day Unpatched for Six Months, Despite Knowing it Was Being Actively Exploited
Avast stated it developed and submitted a custom PoC exploit to Microsoft revealing the significant access the flaw could offer potential threat actors if exploited in the right way in August 2023.
-----
📌 Getting ready for the SC-900 Microsoft Certification Exam?
→ Check this guide for tips, tricks, and best practices.
-----
@Cyber_Security_Channel
Infrastructure Cyberattacks, AI-Powered Threats Pummel Africa
"As more advanced technologies become available, cybercriminals will use these to help them become more effective in their cybercriminal tactics and strategies," he says.
"We have seen how the cyber threat landscape continues to evolve, becoming somewhat different every year."
@Cyber_Security_Channel
AISecOps: Expanding DevSecOps to Secure AI and ML
Over the past five-plus years, DevSecOps has become a staple of how we develop and secure software through collaboration between software and security teams and by embedding improved security practices into every phase of the development process.
The security challenges presented by AI and ML technologies are complex but not new to us. It’s no silver bullet, but we must utilize the lessons from DevSecOps’ successes and failures.
By applying DevSecOps lessons learned to AISecOps, we can approach these challenges with approaches that elevate the visibility of AI and AI data security and emphasize continuous security, collaboration, secure data practices and security by design.
@Cyber_Security_Channel
A New Self-Spreading, Zero-Click Gen AI Worm Has Arrived!
Dubbed Morris II in a nod to the devastating computer worm that took down a sizable chunk of the internet in 1988, the new self-replicating malware uses a prompt injection attack vector to trick generative AI-powered email assistant apps that incorporate chatbots such as ChatGPT and Gemini.
This allows hackers to infiltrate victim emails to steal personal information, launch spam campaigns and poison AI models, according to researchers from Cornell University, Technion-Israel Institute of Technology and Intuit.
@Cyber_Security_Channel
Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats
The first vulnerability involves getting around security guardrails to leak the system prompts (or a system message), which are designed to set conversation-wide instructions to the LLM.
This helps it to generate more useful responses, by asking the model to output its "foundational instructions" in a markdown block.
📷: FabricHQ
@Cyber_Security_Channel
Sentra Announces AI Assistant for Cloud Data Security
Security teams can use Sentra Jagger to get insights and recommendations on specific security actions through an interactive, user-friendly interface.
In addition, customizable dashboards can be easily created based on user roles and preferences to optimize visibility into an organization's data.
With Sentra Jagger, users can also make direct queries about Sentra's findings, eliminating the need to navigate through ancillary information or complicated portals.
@Cyber_Security_Channel
Research Explores India's Aadhaar Privacy Safeguards
Biometric authentication is a pattern-matching process that depends on the biological characteristics of humans to verify their identity.
Some well-known biometric traits include fingerprints, faces, iris, retina and palm prints of individuals. In comparison to traditional token-based systems, biometric-based identification has several advantages.
The Government of India (GoI) established the UIDAI (Unique Identification Authority of India) to provide unique identification to all Indian citizens.
The main task of UIDAI is to generate identities for all citizens based on their biometric and demographic data.
@Cyber_Security_Channel
Amex Customer Data Exposed in Third-Party Breach
Credit card information such as American Express card account numbers, names, and expiration dates are at risk, and users should expect follow-up contact from the company if they have more than one American Express card involved in the breach.
@Cyber_Security_Channel
Patch Now: Apple Zero-Day Exploits Bypass Kernel Security
While Apple, true to form, declined to offer additional details, Krishna Vishnubhotla, vice president of product strategy at mobile security provider Zimperium, explains that flaws like these present exacerbated risk to individuals and organizations.
@Cyber_Security_Channel
PixPirate: The Brazilian Financial Malware You Can’t See
To address this new challenge, PixPirate introduced a new technique to hide its icon that we have never seen financial malware use before.
Thanks to this new technique, during PixPirate reconnaissance and attack phases, the victim remains oblivious to the malicious operations that this malware performs in the background.
@Cyber_Security_Channel
Everything You Need to Know About the EU's Cyber Solidarity Act
This financial aid is intended to support member state’s providing each other with technical assistance when one is affected by a particularly severe, large-scale cyber incident.
@Cyber_Security_Channel
Google Taiwan Boosts AI Talent, Operation Expansion, and Cybersecurity Initiatives
Google’s first step towards bolstering its AI footprint in Taiwan involves enhancing literacy and empowering educators and developers alike.
The company, through its Gemini Academy initiative, aims to equip educators with the necessary tools and knowledge to integrate AI into educational curricula effectively.
-----
📌 Looking for a job in Cyber Security?
→ Join @CyberSecurityJobs for daily vacancies!
-----
Cyber_Security_Channel
📌 What Goes Behind Every Secure Business?
→ A robust, streamlined, and dependable framework system
Notion ISMS is your all-in-one solution for efficient Information Security Management.
This comprehensive package provides access to ISMS templates…
Seamlessly integrating into your organizational structure.
What do you get?
With this system, you can:
What are Pig Butchering Scams and How Do They Work?
“Jessica’s” victim broke down the scam, how it worked, and how he got roped in.
It began with an introductory text in October that spun into a WhatsApp transcript spanning 271,000 words.
Throughout, he shared his family and financial struggles.
@Cyber_Security_Channel
Top US Cybersecurity Agency Hacked and Forced to Take Some Systems Offline
Part of the Department of Homeland Security, CISA investigates cyber intrusions at federal agencies and advises private critical infrastructure firms on how to bolster their security.
@Cyber_Security_Channel
⚡️France Travail Data Breach Impacted 43 Million People
The company notified the French data protection authority CNIL (Commission nationale de l’informatique et des libertés) and filed a complaint with the judicial authorities.
Cyber_Security_Channel
Stolen ChatGPT Credentials Found for Sale on Dark Web
The development highlights the threats of AI as associated with sensitive organizational data.
Employees often enter classified information or proprietary code in chatbots for work purposes, potentially offering bad actors access to sensitive intelligence.
In addition, ChatGPT-like tools were developed during this period, including WormGPT, WolfGPT, DarkBARD, and FraudGPT, which were used through social engineering and phishing strategies to enable infostealer malware activities.
@Cyber_Security_Channel
Cloudflare Introduces AI Security Solutions
Cloudflare introduced an AI assistant in the Security Analytics section of its dashboard, to help identify anomalies and cyberattacks faster by eliminating the complexity of using multiple tools and filters.
Another AI-powered solution that Cloudflare uses to improve security products is Defensive AI, a framework that leverages data generated by its network to improve protections against threats, including against AI-powered attacks.
Cloudflare products such as Web Application Firewall (WAF), Email Security service, and Zero Trust rely on AI to identify cyberattacks, analyze phishing patterns, and identify anomalies in user behavior to create user risk scoring.
-----
📌 Want us to publish an article about your company/product?
→ Contact: @cybersecadmin (any time)
-----
@Cyber_Security_Channel
Email Security Firms See Over 10X Surge in Email Phishing Attacks Amid ChatGPT’s Emergence
Cybercriminals commonly employ deceptive emails, texts, or social media messages that seem authentic in their phishing attempts.
These methods dupe victims into accessing websites where they unwittingly authorize transactions from their accounts, leading to financial losses.
In response to the growing threat of cybercriminals utilizing generative AI, Edith advocates for proactive use of AI technologies by cybersecurity experts.
Despite efforts by developers like OpenAI, Anthropic, and Midjourney to safeguard against misuse, skilled individuals persist in finding ways to bypass protective measures.
@Cyber_Security_Channel
What to Expect From Salesforce’s Highly Anticipated Einstein Copilot
Einstein Copilot is embedded into Salesforce’s customer relationship management (CRM) applications and can answer queries, summarize content, create new content, interpret conversations, and automate user tasks.
Einstein Copilot is the perfect complement to the Salesforce suite.
This web of tools drives incredible value, and now this unifying feature will no doubt accelerate this value further.
To understand how this value might impact customers, let’s close with a quote from a customer already using the tech.
@Cyber_Security_Channel
German Authorities Take Down ‘Crimemarket’ Cybercrime Website
Three individuals were arrested in North Rhine-Westphalia, including a 23-years old individual believed to be the mastermind behind Crimemarket. Three other suspects were arrested in other regions, the police announced.
@Cyber_Security_Channel
Google's Gemini AI Vulnerable to Content Manipulation
HiddenLayer's tests — largely run on Gemini Pro — are part of ongoing vulnerability research the company has been conducting on different AI models.
As the company's associate threat researcher Kenneth Yeung explains, the vulnerabilities are not unique to Google's Gemini and are present in most LLMs, with varying degrees of impact.
"As with any new technology, there are inherent risks related to the deployment and implementation of LLMs.
These risks can be mitigated with proper awareness and security measures," Yeung says.
@Cyber_Security_Channel
Drugs and Cybercrime Market Busted By German Cops
Police said they’d seized the Crimemarket domain address and are currently studying seized data, documents and evidence, which will be making some users of the marketplace somewhat nervous.
@Cyber_Security_Channel
Google Employee Charged With Stealing AI Trade Secrets
The suspect has been charged with soliciting trade secrets regarding Google’s artificial intelligence technology, specifically information surrounding supercomputing data centers, to AI companies affiliated with the People’s Republic of China.
@Cyber_Security_Channel