InfoSecBulletin Cybersecurity for mankind
Alla Valente, a senior analyst, issued a warning about the excessive use of “TuringBots”, which are GenAI assistants that aid in code creation. She emphasized the importance for developers to thoroughly scan the generated code for vulnerabilities.
CISA Flags Craft CMS Code Injection Flaw Amid Active Attacks
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
ALSO READ:
In a blog post, she mentioned that if there are no proper protections for TuringBot-generated code, Forrester predicts that by 2024, at least three data breaches will be attributed to insecure AI-generated code. These breaches could occur because of security flaws in the code or vulnerabilities in suggested AI dependencies.
Regulatory issues may arise for apps that use GenAI products like ChatGPT to provide information to users.
Valente predicted at least one would be fined for its handling of personally identifiable information (PII).
The person mentioned that OpenAI has the means to protect itself from regulators, but third-party apps on ChatGPT may not have the same resources.
Some apps introduce risks through their third-party tech providers, but lack the resources and expertise to handle them properly. In 2024, companies should identify apps that may increase their risk exposure and focus on managing third-party risks.
The European Data Protection Board has created a task force to coordinate enforcement action against ChatGPT. This action was taken after the Italian Data Protection Authority decided to suspend the use of the product in Italy.
In the US, the FTC is investigating OpenAI.
GenAI may also play a part in Valente’s third prediction: that 90% of data breaches in 2024 will feature a human element. According to Verizon, the figure is already at 74%.
GenAI poses a significant risk to security. It enhances social engineering and enables attackers to efficiently carry out convincing phishing attacks.
“This increase [in people-centric risk] will expose one of the touted silver bullets for mitigating human breaches: security awareness and training,” argued Valente.
In 2024, CISOs will focus more on adaptive human protection. This is because NIST will update its guidance on awareness and training, and there will be more human quantification vendors available.
