Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Generative artificial intelligence (GenAI) has firmly embedded itself in the workplace. As of 2024, more than two-thirds of organizations in every global region have adopted GenAI. And, as always, cyber criminals are eager to capitalize on a new and potentially powerful piece of technology. Over the past few years, a GenAI tool called FraudGPT has made phishing, hacking, and identity theft as simple as entering an AI prompt. FraudGPT and similar tools are essentially democratizing cyber crime.

AI-assisted phishing attacks pose a significant and increasing threat to organizations, according to Matt Weidman, partner and vice president of Commercial Property & Casualty at USIA. In an article for CBIA, Weidman explains that attackers can use AI tools to craft targeted, convincing phishing messages that are almost indistinguishable from the real thing.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Plaintext? Really?

The APT group known as Librarian Ghouls has managed to infiltrate the networks of technical universities and industrial companies in Russia, Belarus, and Kazakhstan without arousing suspicion. How did the gang get inside? By using legitimate logins and moving laterally through internal networks, relying on legitimate access credentials without generating alerts.

As AI transforms software development, AppSec teams face new complexities. For instance, the lack of visibility into where AI is being used and the reality that AI-generated code is often highly vulnerable make it nearly impossible to prioritize remediation and effectively scale security programs. To succeed, AppSec teams have to evolve from task managers to strategic governance enforcers.

Company overview: Labelbox is the leading data factory for delivering high-quality, frontier data to top AI labs and enterprise AI teams.

In cybersecurity, several related but divergent meanings have been ascribed to the phrase “red flags.” The phrase has roots in fraud and insurance, popularized by the FTC as part of the 2003 Red Flags Rule under the Fair and Accurate Credit Transactions Act requiring credit issuers to build programs that detect identity theft via warning signs of fraud.

Delivering safe and reliable power around the clock is a huge challenge. A task made even more difficult by the sharp rise in cyberattacks on the energy and utilities sector. Recent research from Trustwave SpiderLabs found that cyber threats against the sector have surged by 80% year-over-year, costing organizations nearly half a million dollars more per breach than the cross-industry average of $4.8 million.

Across financial services operations, machine identities play critical roles, but in many organizations, these cryptographic keys, API tokens, certificates, and service accounts remain chronically under-governed. What’s more, machine identities outnumber human identities by staggering margins, creating a massive, often unseen, unsecured attack surface—one that’s only further compounded by the rise of artificial intelligence (AI).