InfoSecBulletin Cybersecurity for mankind
Alla Valente, a senior analyst, issued a warning about the excessive use of “TuringBots”, which are GenAI assistants that aid in code creation. She emphasized the importance for developers to thoroughly scan the generated code for vulnerabilities.
DESCO faces cyber attack: Customers Data Breach
Alert! Google Fixes GCP Composer Flaw
CTF in Bangladesh: Unveiling Challenges, Opportunities and remedies
Bitdefender blog post
Medusa target Fortinet flaw (CVE-2023-48788) for Ransomware Attacks
Ivanti alerts ongoing exploitation of recently patched CAV
CISA unveils 25 new advisories for Industrial Control Systems
Intel Issues Alert on 20+ Vulnerabilities, Urges Firmware Updates
Urgent: GitLab Patches flaws allowing unapproved pipeline Job Execution
Fortinet admits data breach after hacker claims to steal 440GB
Gov.t issues high alert on android devices
ALSO READ:
In a blog post, she mentioned that if there are no proper protections for TuringBot-generated code, Forrester predicts that by 2024, at least three data breaches will be attributed to insecure AI-generated code. These breaches could occur because of security flaws in the code or vulnerabilities in suggested AI dependencies.
Regulatory issues may arise for apps that use GenAI products like ChatGPT to provide information to users.
Valente predicted at least one would be fined for its handling of personally identifiable information (PII).
The person mentioned that OpenAI has the means to protect itself from regulators, but third-party apps on ChatGPT may not have the same resources.
Some apps introduce risks through their third-party tech providers, but lack the resources and expertise to handle them properly. In 2024, companies should identify apps that may increase their risk exposure and focus on managing third-party risks.
The European Data Protection Board has created a task force to coordinate enforcement action against ChatGPT. This action was taken after the Italian Data Protection Authority decided to suspend the use of the product in Italy.
In the US, the FTC is investigating OpenAI.
GenAI may also play a part in Valente’s third prediction: that 90% of data breaches in 2024 will feature a human element. According to Verizon, the figure is already at 74%.
GenAI poses a significant risk to security. It enhances social engineering and enables attackers to efficiently carry out convincing phishing attacks.
“This increase [in people-centric risk] will expose one of the touted silver bullets for mitigating human breaches: security awareness and training,” argued Valente.
In 2024, CISOs will focus more on adaptive human protection. This is because NIST will update its guidance on awareness and training, and there will be more human quantification vendors available.
