3 Interesting Articles
A New Attack Impacts Major AI Chatbots—and No One Knows How to Stop It
Wired: In a recent study conducted by Carnegie Mellon University, researchers have discovered a vulnerability across several AI chatbots, including ChatGPT, Google’s Bard, and Claude from Anthropic. By utilizing particular prompts, these advanced AI chatbots can be manipulated into generating disallowed and potentially harmful responses. Companies such as OpenAI and Google are actively working on countermeasures, but the issue highlights a deeper challenge of fully securing AI models from adversarial attacks. The study underscores the importance of continuous research into AI security, as well as the need for vigilance in deploying AI systems.
Electoral Commission hack exposed data of 40 million UK voters
TechCrunch: Approximately 40 million U.K. voters’ personal data was exposed due to a cyberattack on the Electoral Commission, which went undetected for over a year. The Commission first observed suspicious network activity in October 2022 but discovered that the breach began in August 2021. The exposed data includes names, email addresses, home addresses, and other personal details. While the Commission has made efforts to bolster its security measures following the attack, including enhancing network login requirements and updating firewall policies, they emphasize that the cyberattack had no effect on the security of U.K. elections. The perpetrators of the attack remain unidentified.
Salesforce Zero-Day Exploited to Phish Facebook Credentials
Dark Reading: Cyberattackers recently exploited a zero-day vulnerability in Salesforce’s email services for a phishing campaign targeting Facebook users. Leveraging a Salesforce email-validation flaw, attackers sent phishing emails from genuine @salesforce.com addresses, making them appear trustworthy. These emails, which seemed to come from “Meta Platforms,” contained valid links to Facebook, increasing their legitimacy. Users were then misled to a fake page under the guise of a terms of service violation, which harvested their personal details. Salesforce has since fixed the flaw, and there’s no indication of customer data impact.
2 Stats You Should Know
In 2022, SaaS data was the target in more than half (51%) of ransomware attacks. (source)
Firms extensively using AI and automation shortened their data breach lifecycle by 108 days compared to those without these technologies. (source)
1 More Thing
Jordan MacAvoy below is a placeholder, unsure if you wanted to add a recap or something else about #blackhat2023
Our large and diverse network of experts is here to help...
Charles M.
Principal
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen K.
GRC Expert
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary C.
Founder and CRO
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.