Security News

AI hallucinates software packages and devs download them – even if potentially poisoned with malware
2024-03-28 07:01

According to Bar Lanyado, security researcher at Lasso Security, one of the businesses fooled by AI into incorporating the package is Alibaba, which at the time of writing still includes a pip command to download the Python package huggingface-cli in its GraphTranslator installation instructions. Lanyado did so to explore whether these kinds of hallucinated software packages - package names invented by generative AI models, presumably during project development - persist over time and to test whether invented package names could be co-opted and used to distribute malicious code by writing actual packages that use the names of code dreamed up by AIs.

Enterprises increasingly block AI transactions over security concerns
2024-03-28 05:30

AI has already become a part of business as usual, as enterprises leverage and integrate new features and tools into their day-to-day workflows, multiplying the volume of transactions and data generated. Despite the mounting security risk and increasing number of data protection incidents, enterprises are adopting AI tools in large numbers.

AI weaponization becomes a hot topic on underground forums
2024-03-28 04:30

Threat actors automate attacks with AI. The use of AI to accelerate these attacks is gaining significant attention among major cybercriminal forums with growing interest in weaponizing this technology. AI systems can now replicate a voice using a sample, and video-call deepfakes are aiding threat actors.

#AI
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw
2024-03-27 20:40

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

#AI
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
2024-03-27 11:02

Attackers are leveraging a vulnerability in Anyscale's Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells."We observed hundreds of compromised clusters in the past three weeks alone. Each cluster uses a public IP address, and most clusters contain hundreds to thousands of servers. There are hundreds of servers that are still vulnerable and exposed."

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining
2024-03-27 10:39

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale...

Reinforcement learning is the path forward for AI integration into cybersecurity
2024-03-26 06:00

Reinforcement learning underpins the benefit of AI to the cybersecurity ecosystem and is closest to how humans learn through experience and trial and error. AI reinforcement learning may have applicability in prediction to prevent attacks as well, learning from past experiences and low signals and using patterns to predict what might happen next time.

Scammers exploit tax season anxiety with AI tools
2024-03-26 04:30

25% of Americans has lost money to online tax scams, according to McAfee. "As tax season ramps up, so too does cybercriminal activity. What's new this year is the scale and sophistication of scams we're now seeing thanks to artificial intelligence. From AI-generated robocalls with regional accents to very realistic and convincing fake emails, websites, and scam texts, cybercriminals are utilizing all the AI tools available to them, and so too should consumers to stay safe," said Steve Grobman, CTO at McAfee.

Google's new AI search results promotes sites pushing malware, scams
2024-03-25 11:32

Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. Earlier this month, Google began rolling out a new feature called Google Search Generative Experience in its search results, which provides AI-generated quick summaries for search queries, including recommendations for other sites to visit related to the query.

Licensing AI Engineers
2024-03-25 11:04

Stephen March 25, 2024 8:02 AM. Physician and attorney self governance are both organized at the state level. There are advantages to operation at this scale - chiefly that smaller communities will tend to know their members better.

#AI