News/Cybersecurity
AI reshapes healthcare at GITEX GLOBAL 2024
AI's transformative impact on healthcare: The healthcare industry is experiencing a significant shift as artificial intelligence (AI) technologies continue to reshape patient care, operational efficiency, and cybersecurity. GITEX GLOBAL 2024, set to take place in Dubai from October 14-18, will heavily focus on AI's growing influence in healthcare, with industry leaders emphasizing its transformative potential. The 44th edition of the event will spotlight three key areas of AI development in healthcare: security, AI platforms, and workforce optimization. AI-driven advancements in patient care: Artificial intelligence is enhancing diagnostics, personalizing treatment plans, and improving overall patient care through advanced data analysis and...
read Oct 4, 2024AI symposium reveals key insights for criminal justice reform
AI symposium highlights DOJ's cybercrime strategy: The Criminal Division of the Department of Justice hosted a symposium on Artificial Intelligence, unveiling a new Strategic Approach to Countering Cybercrime and discussing the implications of AI in law enforcement. Key announcements and initiatives: Principal Deputy Assistant Attorney General Nicole M. Argentieri delivered a keynote speech outlining the promises and perils of AI in the justice system. The Criminal Division introduced a new Strategic Approach to Countering Cybercrime, focusing on disrupting criminal activity, developing relevant laws and policies, and promoting cybersecurity. The DOJ expressed support for the UN Convention on Cybercrime to enhance...
read Oct 3, 2024How Snyk wants to unlock enterprise security with AI-powered innovation
AI-driven cybersecurity innovation: Snyk, a leading enterprise security company, is leveraging artificial intelligence to address emerging vulnerabilities in AI-generated code and revolutionize cybersecurity practices. Snyk's AI-native security tool, Snyk Code, has reached a significant milestone of $100 million in annual recurring revenue, representing one-third of the company's overall revenue. The growth of Snyk Code is largely attributed to the increasing adoption of generative AI tools like Copilot and Gemini in software development. Snyk is nearing cash flow positivity, indicating strong financial performance and market demand for AI-powered security solutions. DeepCode AI: The core of Snyk's innovation: Snyk's DeepCode AI technology,...
read Oct 3, 2024The most famous AI failures that shook the tech world
AI's growing pains: Recent high-profile missteps highlight challenges and risks; As artificial intelligence becomes increasingly integrated into various sectors, a series of notable failures underscores the technology's current limitations and potential pitfalls. McDonald's abandoned its AI-powered drive-thru ordering system in June 2024 following customer complaints about order misunderstandings, illustrating the challenges of implementing AI in customer-facing roles. Elon Musk's Grok AI chatbot made headlines in April 2024 for falsely accusing NBA star Klay Thompson of vandalism, demonstrating the potential for AI to spread misinformation. New York City's MyCity chatbot provided incorrect and illegal advice to business owners in March 2024,...
read Oct 1, 2024North Korean hackers are using AI to infiltrate workplaces
AI-powered impersonation threatens workforce security: Recent developments in artificial intelligence have enabled sophisticated impersonation techniques, posing significant risks to companies' hiring processes and overall security. North Korean threat actors lead the charge: State-sponsored hackers from North Korea are at the forefront of this emerging threat, using a combination of deepfake technology and stolen American identities to infiltrate organizations. The FBI warned in May 2022 about North Korean IT workers posing as non-North Korean nationals to gain employment and fund weapons development. By October 2023, the FBI issued additional guidance on identifying deepfake job candidates, citing red flags such as reluctance...
read Oct 1, 2024How AI continues to reshape cybersecurity with a powerful new arsenal
AI's transformative impact on cybersecurity tools: Artificial intelligence is revolutionizing the landscape of cybersecurity by enhancing the capabilities and effectiveness of various security tools and processes. The rapid evolution of technology has created an urgent need for more robust cybersecurity measures to protect against increasingly sophisticated vulnerabilities and attacks. AI is reshaping four key areas of cybersecurity: source code analysis tools (SAST), automated application scanning tools (DAST), red teaming tools, and reverse engineering tools. Enhancing source code analysis with AI: Static Application Security Testing (SAST) tools are experiencing significant improvements through the integration of artificial intelligence technologies. Current SAST tools...
read Oct 1, 2024Third-party breaches and AI dominate state CISOs’ threat concerns
State CISOs face evolving challenges in 2024: The latest Deloitte-NASCIO Cybersecurity Study reveals that state Chief Information Security Officers (CISOs) are grappling with expanding responsibilities and emerging threats while contending with persistent workforce and funding issues. The average tenure of state CISOs has decreased from 2.5 years in 2022 to 1.9 years in 2024, with hiring for these positions often taking six months or more. Many CISOs now oversee privacy responsibilities, with 86% of states having CISOs handle privacy matters, up from 60% in 2022. The top cybersecurity threats identified by CISOs include security breaches involving third parties, AI-enabled attacks,...
read Sep 30, 2024AI data risks lurk in your smartphone — here’s what you can do about them
AI in mobile devices raises enterprise security concerns: The integration of artificial intelligence (AI) into mobile devices presents new challenges for enterprise security leaders, particularly regarding data protection and management. • Local AI engines have been released for Android phones by major vendors like Google and Samsung, as well as smaller players such as OnePlus and Xiaomi. • Apple has announced its Apple Intelligence offering, set to be previewed in the fall. • Mobile assistants like Alexa, Bixby, Google, and Siri, along with numerous apps, already utilize AI and large language models. Current management limitations: Enterprise security leaders face obstacles...
read Sep 27, 2024The cybersecurity stocks most benefiting from AI
AI's impact on cybersecurity: The integration of artificial intelligence in cybersecurity is creating both new opportunities for protection and increased threats from sophisticated attacks. The cybersecurity industry is experiencing a natural affinity with AI, as both cyber threats and defenses are computer-generated. Generative AI platforms are now emerging to enable threat detection and prevention before attacks occur. According to McKinsey, 51% of organizations believe generative AI is driving new cybersecurity risks, but only 33% are actively working to mitigate these risks. The World Economic Forum predicts AI could push cyber incidents and data breaches to a new record high in...
read Sep 25, 2024HP Finds Malware Attack Likely Built With Generative AI
AI-assisted malware attack targets French users: HP's Wolf Security researchers have uncovered a malicious email campaign likely developed with the help of generative AI, raising concerns about the evolving landscape of cybersecurity threats. In June, HP's anti-phishing system, Sure Click, flagged an unusual email attachment targeting French language users. The attachment contained an HTML file that, when accessed with the correct password, revealed a ZIP archive containing AsyncRAT malware. AsyncRAT is an open-source remote access tool that can be misused to control victims' computers remotely. Unusual code characteristics raise suspicions: The malicious code found in the email attachment exhibited atypical...
read Sep 24, 2024ServiceNow Outage Sparks Reliability Concerns After SSL Certificate Expires
ServiceNow faces widespread disruption: A critical SSL certificate expiration affected over 600 organizations, disrupting key services and causing frustration among customers of the enterprise cloud vendor. The root cause: The expired MID Server Root G2 SSL certificate led to connectivity failures across multiple ServiceNow services, impacting critical operations for many businesses. The issue affected Orchestration, Discovery, and AI-powered functions like Virtual Agent. Instance upgrades, update set retrievals, and instance-to-instance communications were also compromised. ServiceNow confirmed that 616 customers were affected by the outage. Customer impact and reaction: The disruption sparked significant frustration among ServiceNow's user base, with many voicing their...
read Sep 24, 2024AI Defeats CAPTCHA With 100% Accuracy, Raising Security Concerns
AI breakthrough challenges CAPTCHA's effectiveness: Artificial intelligence has achieved a significant milestone by consistently solving CAPTCHA puzzles, raising concerns about the future of online security and user verification methods. Researchers from ETH Zurich have developed an AI system capable of defeating CAPTCHA puzzles with 100% accuracy, using a modified version of the YOLO (You Only Look Once) AI model for image processing. The AI was trained on Google's reCAPTCHAv2, utilizing a dataset of 14,000 labeled street photos to recognize objects as effectively as humans, even accounting for occasional errors. CAPTCHA's limited focus on 13 object categories inadvertently made it more...
read Sep 23, 2024Unintended Consequences of AI Democratization: Anyone Can Be a Hacker
The rising threat of AI-powered cybercrime: Generative AI is lowering the barrier to entry for cybercriminals, enabling individuals with limited technical skills to engage in sophisticated hacking activities. The democratization of AI technology has made powerful hacking tools accessible to novices, potentially leading to increased cyber threats targeting various systems, from personal devices to critical infrastructure. AI-driven hacking tools available on the darknet can generate phishing content, malware, and other malicious software, posing significant risks to individuals and organizations alike. The proliferation of Internet-connected devices, including everyday items and essential systems like the electric grid, expands the potential attack surface...
read Sep 20, 2024AI Voice Calling Scams are on the Rise – Do You Have a Secret Phrase?
AI voice cloning scams gaining traction: A recent survey by a UK bank reveals a concerning trend in the rise of AI-generated voice cloning scams, with 28% of respondents reporting they have been targeted. Voice cloning scams involve criminals using AI technology to create convincing imitations of friends or family members' voices, claiming to be in urgent need of financial assistance. The advancement of AI technology has made it possible to generate realistic voice imitations using as little as three seconds of source material, often easily obtainable from social media videos. These scams represent an evolution of older text-based fraud...
read Sep 17, 2024‘Go’ is Making a Comeback Due to Cybersecurity and AI Development
Go programming language experiences resurgence: The open-source language Go, initially released in 2009, is making a comeback due to its growing importance in cybersecurity and artificial intelligence development. Cybersecurity endorsement boosts Go's profile: International security experts have recommended a transition to memory-safe programming languages, including Go, to address critical vulnerabilities. In December 2023, cybersecurity authorities from five countries, including the U.S. National Security Agency, issued a report advocating for the use of memory-safe languages like Go, C#, Java, Python, Rust, and Swift. The recommendation aims to mitigate memory safety vulnerabilities that affect software development across various industries. Neal Ziring, technical...
read Sep 17, 2024AI is Driving a Cybersecurity Market Rebound
The cybersecurity market is rebounding, with artificial intelligence emerging as a key driver of business transformation and innovation in the sector. This recovery is marked by strong earnings from major players and increased interest in AI technologies, particularly generative AI. Market recovery and varied growth: The cybersecurity market is showing signs of recovery after recent economic challenges, with major companies reporting strong earnings. Companies like SentinelOne, CrowdStrike, Zscaler, and Palo Alto Networks have posted positive financial results, indicating a sector-wide upswing. However, growth is not uniform across the industry, with some companies experiencing rapid market share gains in areas like...
read Sep 13, 2024AI and Cybersecurity Are on a Collision Course — Here’s Why
AI and cybersecurity convergence in government: Public-sector CIOs are raising concerns about the potential for criminals to exploit artificial intelligence advancements, highlighting the need for increased security measures in governmental AI deployments. At the State of GovTech 2024 conference in Kansas City, Mo., speakers emphasized the growing intersection of AI and cybersecurity as two of the most critical issues in government technology. The conference, which attracted over 160 attendees from public sector, vendor, and investment backgrounds, focused on the rapid pace of AI adoption and the associated cybersecurity risks. Tom Lynch, CIO of Cook County, Ill., stressed the importance of...
read Sep 6, 2024How to Ride the Flywheel of Cybersecurity AI
Generative AI's rapid adoption brings both transformative potential and security challenges that AI itself can help address, creating a virtuous cycle of progress and protection. The big picture: As organizations embrace generative AI, particularly large language models (LLMs), they are leveraging AI capabilities to enhance security measures and mitigate associated risks. The pattern mirrors the early adoption of the open internet, where companies that quickly embraced the technology also became proficient in modern network security. This approach creates a flywheel effect, where AI advancements drive security improvements, which in turn enable further AI adoption. Key security threats and AI-powered solutions:...
read Sep 5, 2024Hugging Face Partners with Truffle Security to Protect Code Repositories
Hugging Face bolsters security with TruffleHog integration: Hugging Face has partnered with Truffle Security to incorporate TruffleHog's secret scanning capabilities into its platform, enhancing security measures for users and developers. Key partnership details: The collaboration between Hugging Face and Truffle Security aims to prevent accidental leaks of sensitive information in code repositories. TruffleHog is an open-source tool that detects and verifies secret leaks in code, scanning for credentials, tokens, and encryption keys. The partnership focuses on two main initiatives: enhancing Hugging Face's automated scanning pipeline and creating a native Hugging Face scanner in TruffleHog. Automated scanning pipeline improvements: Hugging Face...
read Sep 4, 2024Cybersecurity Experts Share Key Strategies for Managing AI-Related Threats
The evolving threat landscape: As artificial intelligence becomes more prevalent, cybersecurity professionals are adapting their approaches to protect against a diverse array of actors and intentions across the global internet. The threat landscape can be likened to a "Game of Thrones" style battle, involving various regional actors and players with different motivations, rather than a simple confrontation between "white hats" and "black hats." Cybersecurity efforts now focus on protecting AI systems and creating robust AI policies to address the unique challenges posed by this technology. Key cybersecurity strategies: Experts recommend several approaches to enhance security in AI-related systems and manage...
read Aug 27, 2024North Korean Hackers Exploit AI to Infiltrate US Tech Jobs
North Korean operatives exploit AI for remote IT jobs: AI tools are enabling North Korean workers to apply for numerous remote IT positions in the U.S., raising concerns about the funding of weapons programs. Key details of the operation: Thousands of suspected North Korean operatives are flooding U.S. companies with job applications for remote IT positions. These workers are utilizing AI tools to manage multiple job profiles and apply for hundreds of positions simultaneously. The operation is generating hundreds of millions of dollars, which is believed to be funneled back to the North Korean regime. U.S. government officials suspect the...
read Aug 23, 2024YouTube Launches AI Tool to Help Creators Recover Hacked Accounts
YouTube's AI-powered account recovery tool: YouTube has unveiled a new artificial intelligence-based tool designed to assist creators in regaining control of their hacked accounts, streamlining the recovery process. The tool is accessible through the YouTube Help Center, offering a guided recovery process without the need for direct contact with Google support. By asking specific questions about the channel, including recent unauthorized changes, the AI system aims to verify and confirm if an account has been compromised. Upon confirmation of a hack, the tool enables users to regain control of their accounts more rapidly than previous methods. Limited availability and future...
read Aug 23, 2024Microsoft Copilot Adoption Stalls as Enterprises Confront AI Security Risks
Enterprise concerns halt Copilot adoption: Large corporations are grappling with security and governance issues as they attempt to implement Microsoft Copilot, leading many to pause or restrict their use. Jack Berkowitz, chief data officer of Securiti, reports that numerous businesses have suspended or limited Copilot usage due to these apprehensions. The primary concern revolves around Copilots potentially accessing and summarizing sensitive information that should be off-limits to certain employees, such as salary data or other confidential details. A survey of over 20 chief data officers from major companies revealed that approximately half had grounded Copilot implementations because of these issues....
read Aug 21, 2024Researchers Find Security Flaw in Slack AI, Putting Critical Data at Risk
Slack AI vulnerability exposes data exfiltration risk: A critical security flaw in Slack's AI feature allows attackers to potentially steal sensitive information from private channels they don't have access to by manipulating the language model. How the attack works: The vulnerability exploits Slack AI's content generation process, enabling malicious actors to inject harmful instructions into public channels that are then executed when users query the AI. Attackers can post deceptive prompts in public Slack channels, which are incorporated into Slack AI's context when responding to user queries. When users interact with Slack AI, it may follow the attacker's hidden instructions,...
read