Companies are attaching the term "AI" to everything these days, but in cybersecurity, machine learning is more than hype.

Artificial intelligence and machine learning tools are gaining traction in enterprises, and the rate of adoption is particularly notable in cybersecurity operations, where these technologies are being used to improve enterprise security posture, according to Dark Reading’s latest research on enterprise cybersecurity.

Dark Reading's Artificial Intelligence and Machine Learning in Cybersecurity survey found that enterprises are using AI and ML in a range of cybersecurity technologies, such as firewalls, endpoint detection and response platforms, security information and event management systems, and network traffic analyzers. Antivirus/anti-malware was the only security technology enhanced with AI and ML that was used by more than half of the respondents (51%). This is not surprising, as back in 2017, practitioners were already beginning to implement AI/ML in corporate antivirus measures.

Cybersecurity professionals have to match the bad actors who are sourcing AI/ML technologies for their purposes. The arms race between CISOs and their adversaries may be driving adoption of tools with AI and ML capabilities in areas such as phishing detection (49%), threat detection and response (45%), and endpoint security (40%). One third of the AI/ML integration in real-world security teams comes in the form of malware analysis (38%), intrusion detection and prevention (35%), threat intelligence (35%), identity and access management (34%), network security/network traffic analysis (33%), vulnerability management (32%), and security information and event management (31%).

About a quarter of respondents mentioned using AI/ML in user behavior analytics/predictive analytics (27%), fraud detection (27%), automated security operations (26%), and automated incident response (25%). While that is still a sizeable chunk of companies, the slightly lower adoption rate suggests that this grouping represents developing features.

For more on the impact of AI/ML on cybersecurity, download the Dark Reading report "The State of Artificial Intelligence and Machine Learning in Cybersecurity."

**About the Author**

Antivirus, Anti-Malware Lead Demand for AI/ML Tools

As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.

Source: Family Stock via Shutterstock

Deepfakes and other generative artificial intelligence (GenAI) attacks are becoming less rare, and signs are pointing to a coming onslaught of such attacks: Already, AI-generated text is becoming more common in emails, and security firms are finding ways to detect emails likely not created by humans. Human-written emails have declined to about 88% of all emails, while text attributed to large language models (LLMs) now accounts for about 12% of all email, up from around 7% in late 2022, according to one analysis.

To help organizations develop stronger defenses against AI-based attacks, the Top 10 for LLM Applications & Generative AI group within the Open Worldwide Application Security Project (OWASP) released a trio of guidance documents for security organizations on Oct. 31. To its previously released AI cybersecurity and governance checklist, the group added a guide for preparing for deepfake events, a framework to create AI security centers of excellence, and a curated database on AI security solutions.

While the previous Top 10 guide is useful for companies building models and creating their own AI services and product, the new guidance is aimed at the users of AI technology, says Scott Clinton, co-project lead at OWASP.

Those companies "want to be able to do AI safely with as much guidance as possible — they're going to do it anyway, because it's a competitive differentiator for the business," he says. "If their competitors are doing it, \[then\] they need to find a way to do it, do it better ... so security can't be a blocker, it can't be a barrier to that."

Related:Dark Reading Confidential: Pen-Test Arrests, 5 Years Later

**One Security Vendor's Job Candidate Deepfake Attack**

In an example of the kinds of real-world attacks that are now happening, one job candidate at security vendor Exabeam had passed all the initial vetting and moved onto the final interview round. That's when Jodi Maas, GRC team lead at the company, recognized that something was wrong.

While the human resources group had flagged the initial interview for a new senior security analyst as "somewhat scripted," the actual interview started with normal greetings. Yet, it quickly became apparent that some form of digital trickery was in use. Background artifacts appeared, the female interviewee's mouth did not match the audio, and she hardly moved or expressed emotion, says Maas, who runs application security and governance, risk, and compliance within Exabeam's security operations center (SOC).

"It was very odd — just no smile, there was no personality at all, and we knew right away that it was not a fit, but we continued the interview, because \[the experience\] was very interesting," she says.

Related:Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel

After the interview, Maas approached Exabeam's chief information security officer (CISO), Kevin Kirkwood, and they concluded it had been a deepfake based on similar video examples. The experience shook them enough that they decided the company needed better procedures in place to catch GenAI-based attacks, embarking on meetings with security staff and an internal presentation to employees.

"The fact that it got past our HR group was interesting. ... They passed them through because they had answered all the questions correctly," Kirkwood says.

After the deepfake interview, Exabeam's Kirkwood and Maas started revamping their processes, following up with their HR group, for example to let them know to expect more such attacks in the future. For now, the company advises its employees to treat video calls with suspicion. (Half-jokingly, Kirkwood requested this correspondent to turn on my video midway through the interview as proof of humanness. I did.)

"You're going to see this more often now, and you know these are the things you can check for, and these are the things that you will see in a deepfake," Kirkwood says.

Related:Okta Fixes Auth Bypass Bug After 3-Month Lull

**Technical Anti-Deepfake Solutions Are Needed**

Deepfake incidents are capturing the imagination — and fear — of IT professionals, with about half (48%) very concerned over deepfakes at present, and 74% believing deepfakes will pose a significant future threat, according to a survey conducted by email security firm Ironscales.

The trajectory of deepfakes is quite easy to predict — even if they are not good enough to fool most people today, they will be in the future, says Eyal Benishti, founder and CEO of Ironscales. That means that human training will likely only go so far. AI videos are getting eerily realistic, and a fully digital twin of another person controlled in real time by an attacker — a true "sock puppet" — is likely not far behind.

"Companies want to try and figure out how they get ready for deepfakes," he says. "The are realizing that this type of communication cannot be fully trusted moving forward, which ... will take people some time to realize and adjust."

In the future, since the telltale artifacts will be gone, better defenses are necessary, Exabeam's Kirkwood says.

"Worst case scenario: The technology gets so good that you're playing a tennis match — you know, the detection gets better, the deepfake gets better, the detection gets better, and so on," he says. "I'm waiting for the technology pieces to catch up, so I can actually plug it into my SIEM and flag the elements associated with deepfake."

OWASP's Clinton agrees. Rather focus on training humans to detect suspect video chats, companies should create infrastructures for authenticating that a chat is with a human who is also an employee, building processes around financial transactions, and creating an incident-response plan, he says.

"Training people on how to identify deepfakes — that's not really practical, because it's all subjective," Clinton says. "I think there have to be more unsubjective approaches, and so we went through and came up with some tangible steps that you can use, which are combinations of technologies and process to really focus on a few areas."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes

A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.

Source: Krot Studio via Alamy Stock Photo

Google has discovered its first real-world vulnerability using an artificial intelligence (AI) agent that company researchers are designing expressly for this purpose. The discovery of a memory-safety flaw in a production version of a popular open source database by the company's Big Sleep large language model (LLM) project is the first of its kind, and it has "tremendous defensive potential" for organizations, the Big Sleep team wrote in a recent Project Zero blog.

Big Sleep — the work of a collaboration between the company's Project Zero and Deep Mind groups — discovered an exploitable stack buffer underflow in SQLite, a widely used open source database engine.

Specifically, Big Sleep discovered a pattern in the code of a publicly released version of SQLite that creates a potential edge case that needs to be handled by all code that uses the field, the researchers noted. A function in the code failed to correctly handle the edge case, "resulting in a write into a stack buffer with a negative index when handling a query with a constraint on the 'rowid' column," thus creating an exploitable flaw, according to the post.

Google reported the bug to SQLite developers in early October. They fixed it on the same day and before it appeared in an official release of the database, so users were not affected.

Related:News Desk 2024: Hacking Microsoft Copilot Is Scary Easy

**Inspired by AI Bug-Hunting Peers**

"We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software," the Big Sleep team wrote in the post. While this may be true, it's not the first time an LLM-based reasoning system autonomously found a flaw in the SQLite database engine, Google acknowledged.

An LLM model called Atlantis from a group of AI experts called Team Atlanta discovered six zero-day flaws in SQLite3 and even autonomously identified and patched one of them during the AI Cyber Challenge organized by ARPA-H, DARPA, and the White House, the team revealed in a blog post in August.

In fact, the Big Sleep team used one of the Team Atlanta discoveries — of "a null-pointer dereference" flaw in SQLite —  to inspire them to use AI "to see if we could find a more serious vulnerability," according to the post.

**Software Review Goes Beyond Fuzzing**

Google and other software development teams already use a process called fuzz-testing, colloquially known as "fuzzing," to help find flaws in applications before release. Fuzzing is an approach that targets the software with deliberately malformed data — or inputs — to see if it will crash so they can investigate and fix the cause.

Related:Privacy Anxiety Pushes Microsoft Recall AI Release Again

In fact, Google earlier this year released an AI-boosted fuzzing framework as an open source resource to help developers and researchers improve how they find software vulnerabilities. The framework automates manual aspects of fuzz-testing and uses LLMs to write project-specific code to boost code coverage.

While fuzzing "has helped significantly" to reduce the number of flaws in production software, developers need a more powerful approach "to find the bugs that are difficult (or impossible) to find" in this way, such as variants for previously found and patched vulnerabilities, the Big Sleep team wrote.

"As this trend continues, it's clear that fuzzing is not succeeding at catching such variants, and that for attackers, manual variant analysis is a cost-effective approach," the team wrote in the post.

Moreover, variant analysis is a better fit for current LLMs because its provides them with a starting point —  such as the details of a previously fixed flaw — for a search, and thus removes a lot of ambiguity from AI-based vulnerability testing, according to Google. In fact, at this point in the evolution of LLMs, lack of this type of starting point for a search can cause confusion, they noted.

Related:OWASP Releases AI Security Guidance

"We're hopeful that AI can narrow this gap," the Big Sleep team wrote. "We think that this is a promising path towards finally turning the tables and achieving an asymmetric advantage for defenders."

**Glimpse Into the Future**

Google Big Sleep is still in its research phase, and using AI-based automation to identify software flaws overall is a new discipline. However, there already are tools available that developers can use to get a jump on finding vulnerabilities in software code before public release.

Late last month, researchers at Protect AI released Vulnhuntr, a free, open source static code analyzer tool that can find zero-day vulnerabilities in Python codebases using Anthropic's Claude artificial intelligence (AI) model.

Indeed, Google's discovery shows promising progress for the future of using AI to help developers troubleshoot software before letting flaws seep into production versions.

"Finding vulnerabilities in software before it's even released means that there's no scope for attackers to compete: the vulnerabilities are fixed before attackers even have a chance to use them," Google's Big Sleep team wrote.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Google: Big Sleep AI Agent Puts SQLite Software Bug to Bed

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

When you let go of that trapeze, you really want your teammates to be ready to catch you. Send us a cybersecurity-related caption to describe the above scene and our favorite will win its wordsmith a $25 Amazon gift card.

Here are four convenient ways to submit your ideas before the Nov. 27, 2024 deadline:

• Email \[email protected\] with the subject line "Edge November Toon."

• Via social media: X, Facebook, and LinkedIn. (If you win, we'll respond to you on the same platform, requesting your email address.)

**Last Month's Winner**

Shout out — and a $25 Amazon gift card — to Joseph Ayella, a recurring winner, for sending us the winning caption for last month's "And For My Next Trick..." cartoon.

"I call this trick the woman-in-the-middle attack."

Some noteworthy contenders included: "All we could get was half a FTE for security assessments," "And with this SIEM solution, we could cut a half of our SOC analysts," and "I'm glad he's not the hacker." A big thank you to all who participated.

**About the Author**

John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron's, and The Wall Street Journal.

Name That Edge Toon: Aerialist's Choice

The true measure of our cybersecurity prowess lies in our capacity to endure.

Source: Lasse Kristensen via Alamy Stock Photo

COMMENTARY

In July, the industry witnessed one of the largest technology outages in recent history, with estimates of $5.4 billion in damages. When CrowdStrike distributed a Rapid Response Content Channel Update with an exception-handling logic flaw, it opened the door for constructive conversations about automatic updates — when to use them, when not to use them, whether they make us more or less secure. It's time to reflect and ask: What is the cost of our relentless pursuit of innovation, software currency, and speed to market? How can we reprioritize to reestablish the balance in the C-I-A triad?

IT and security teams are under enormous pressure to stay ahead of threats. However, teams must not sacrifice the right checks and balances for speed. The CrowdStrike incident serves as a reminder to the industry that even the most secure and trusted systems can fail, and it's time to revisit how teams test and deploy critical updates.  

**The C-I-A Triad: Rebalancing Priorities**

The C-I-A triad is a foundational pillar of cybersecurity, representing the Confidentiality (security), Integrity (accuracy), and Availability of technology platforms. For too long, the cybersecurity community — vendors and customers alike — have fixated on the C in this triad. However, the C-I-A triad is supposed to represent the full scope of a cybersecurity program. With the main focus on privacy and data security, the industry over emphasized security — and in doing so, added speed to the equation. Teams are now responding faster and deploying updates quicker to stay ahead of emerging threats and day-to-day attacks, but that's leading to mistakes and improper testing.  

Meanwhile, the I and A were relegated to secondary status — even outsourced to other technology teams. Integrity — the accuracy, completeness, and consistency of the ecosystem and underlying data — was compromised in the name of speed. Availability also suffered as the focus shifted to rapid recovery rather than ensuring uptime and reliability, all for the sake of rapid innovation and response to perceived threats.  

If the CrowdStrike event has taught us anything, it is that now is the time for both vendors and customers to recommit themselves to recognizing the integral importance of and essential need to rebalance all three pillars of the C-I-A triad. In doing so, teams can build more resilient systems.  

**The Shift From Software to Critical Infrastructure**

Leaders need to undertake three key shifts to achieve the essential checks and balance systems inherent to the C-I-A triad.  

1\. Transparency: Vendors must be more transparent with their product updates and give customers more control over how updates are applied. Customers should be able to manually update, deploy updates in stages, and remain on a prior stable version as a matter of policy.  

In the case of the CrowdStrike event, the complex update caused the outage. First, the team deployed a configuration file in February. Later, in July, it deployed a Rapid Response Content Update. As part of that update, a configuration content validator, using the prior configuration file, attempted to apply the update, but due to the "logic bug" in the exception handling routines, the staggered update resulted in the infamous "blue screen of death" for many Windows servers and workstations. These channel updates are often a series of staged updates, all occurring at once. How many of CrowdStrike's customers understood this nuance of the update strategy? It's unclear, but they had limited control over the update and were unable to stage it so it could be certified and tested before affecting the entirety of the enterprise.  

2\. Reevaluate vendor testing: Platforms such as CrowdStrike have transformed to become a core component of critical infrastructure. Security vendors frequently push automatic updates to improve security, but this can also mean speeding through the "trust but verify; walk before you run; test test test" cycles. While speed matters, this incident should force teams to take a closer look at how they deploy updates, ensure integrity and availability, and maintain business resiliency.  

IT and security teams must reevaluate overreliance on vendor testing and automatic updates. Even small teams can have the flexibility to choose when to update without incurring substantial overhead. The update is automatic — but the time and place to update can be chosen. Leaders should consider implementing staggered updates, using staging and testing environments to certify and assess the viability and stability of the update. More credence and consideration should be given to the value of updating now versus waiting to give more ability to ensure that the integrity and availability won't be compromised by the update.  

3\. Improve testing environments: Companies must ensure that cybersecurity teams have adequate testing environments available for certifying and testing security updates and implementations. The same diligence given to IT and development teams must be applied to cybersecurity.  

Security is no longer software; it's a foundational component of critical infrastructure. As seen with the CrowdStrike event, banks, transportation, manufacturing, and financial markets can all be devastated by a failure of the security ecosystem. As the industry continues to see convergence of solutions to a few vendors, it's important to make these platforms more resilient.   

The true measure of our cybersecurity prowess lies in our capacity to endure. Teams should embrace those proven patterns of change management that have served us well in the past, but also evolve and expand in scope to accommodate new technology and new potential threats. Vendors must empower customers with greater control and flexibility in how and why they deploy our solutions and updates. Technology and security practitioners, in turn, must use this moment as a clarion call to rethink priorities and recommit to balancing and counterbalancing the security, integrity, and availability drivers that empower our security tools.   

This creates a durable security future, regains and rebuilds essential fiduciary trust, and ensures that teams can rise to every threat while never again falling into complacency, valuing speed and ease at the expense of everything else. 

**About the Author**

CISO, Silverfort

John Paul Cunningham is the CISO of Silverfort. He has a passion for managing security and risk within firms, and has built and led information security, risk management, comprehensive technology organizations, and developed customer-facing organizations built on customer and organizational success. His sphere of influence extends from the board room to the break room, where he brings business and technology together to deliver solutions that propel the organization forward to achieve its goals.

Can Automatic Updates for Critical Infrastructure Be Trusted?

The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.

Source: Tithi Luadthong via Alamy Stock Photo

Earlier this week, researchers uncovered a major cybercriminal operation, dubbed EmeraldWhale, after the attackers dumped more than 15,000 credentials into a stolen, open AWS S3 bucket in a massive Git repository theft campaign. The incident is a reminder to tighten up cloud configurations and review source code for mistakes like the inclusion of hardcoded credentials.

Over the course of the onslaught, EmeraldWhale targeted Git configurations in order to steal credentials, cloned more than 10,000 private repositories, and extracted cloud credentials from source code. 

The campaign used a variety of private tools to abuse misconfigured Web and cloud services, according to the Sysdig Threat Research Team, which discovered the global operation. Phishing is the primary tool the campaign used to steal the credentials, which can be worth hundreds of dollars per account on the Dark Web. The operation also makes money by selling its target lists on underground marketplaces for others to engage in the same activity.

**EmeraldWhale's First Breach**

The researchers were initially monitoring Sysdig TRT cloud honeypot when it observed a ListBuckets call using a compromised account — an S3 bucket dubbed s3simplisitter.

The bucket belonged to an unknown account and was publicly exposed. After launching an investigation, the researchers found evidence of a multifaceted attack, including Web scraping of Git files in open repositories. A massive scanning campaign occurred between August and September, according to the researchers, affecting servers with exposed Git repository configuration files, which can contain hardcoded credentials.

"As security professionals, we cannot afford to be complacent, particularly when it comes to keeping sensitive secrets, API tokens, and authentication credentials out of our source code," Naomi Buckwalter, director of product security at Contrast Security, wrote in an emailed statement to Dark Reading. "Not only should infosec professionals be on the front lines educating their development teams on how to securely store, manage, and access secrets, they should also regularly scan their source code for hard coded credentials and monitor credential usage for anomalous activity."

**Always Have Your Guard Up**

In general, Git directories contain "all information required for version control, including the complete commit history, configuration files, branches, and references."

"If the .git directory is exposed, attackers can retrieve valuable data about the repository's history, structure, and sensitive project information," added the researchers. "This includes commit messages, usernames, email addresses, and passwords or API keys if the repository requires them or if they were committed."

The incident is clear reminder that it's critical for businesses and organizations to have visibility on all services and get a clear view on potential attack surfaces in order to consistently manage them and mitigate threats.

"Many breaches occur because internal services are inadvertently exposed to the public Internet, making them easy targets for malicious actors," Victor Acin, head of threat intel at Outpost24, wrote in an emailed statement to Dark Reading.

Acin recommended that enterprises implement a "proper external attack surface management (EASM) platform" to keep track of potential misconfigurations and shadow IT.

And even when private repositories are supposedly secure, it's worth adding additional protections and ensuring that information is locked down.

EmeraldWhale's Massive Git Breach Highlights Config Gaps

PRESS RELEASE

LAS VEGAS, Oct. 30, 2024 /PRNewswire/ -- MONEY 20/20 --  AU10TIX, a global technology leader in identity verification and management, today released its Q3 2024 Global Identity Fraud Report at Money 20/20 USA in Las Vegas. Drawing insights from millions of transactions processed around the globe from July to September 2024, the report uncovers significant trends in large-scale organized identity fraud. This quarter, automated bot attacks targeting social media platforms surged in the lead-up to next week's US presidential election, with the sector accounting for 28% of all attacks in Q3, up from just 3% in Q1. The report also reveals a faster-than-anticipated leap in the sophistication of AI-powered impersonation bots and deepfake technology, including synthetic selfies that have shown the ability to bypass some leading verification systems.

Rapid developments in AI technology have enabled the industrialization of identity fraud, with bad actors launching automated mega-attacks of thousands of false identities targeting payments, crypto and social media companies all over the world. In Q3, AU10TIX observed an especially high number of bot attacks combined with deepfake content in attempts to open fake social media accounts at scale. Some of the attacks appeared to incorporate advanced randomized GenAI elements, marking a new level of automated detection evasion. This rapid growth began in March 2024 and peaked in September, with outlets like Associated Press reporting on bots spreading disinformation and manipulating public perception in the weeks leading up to the US election.

Another major Q3 development involved the debut of synthetic selfies. Selfies have historically been one of the least-used methods of fraud, due to the difficulty of outsmarting facial matching tech. However, fraudsters are now exploiting extremely sophisticated technology to create 100% deepfaked "selfies" that match the synthetic IDs they use to trick automated KYC processes.

"Fraudsters are evolving faster than ever, leveraging AI to scale and execute their attacks, especially in the social media and payments sectors," said Dan Yerushalmi, CEO of AU10TIX. "While companies are using AI to bolster security, criminals are weaponizing the same technology to create synthetic selfies and fake documents, making detection almost impossible. The only way to detect this type of fraud is by analyzing behavior at the traffic level, as AU10TIX does with our Serial Fraud Monitor. We are committed to continually advancing our detection methods to protect customers against this rapid evolution of fraud tactics, using a combination of advanced AI, biometric verification, and deepfake detection."

In addition to the increase in synthetic selfies, AU10TIX reported a 20% rise in the use of "image template" attacks by bad actors. This trend suggests that AI is being used to rapidly create variations of synthetic identities—including photos, document numbers, and other personal information—using the same ID template. The regional hotspots driving this change are APAC and North America; the surges have not been observed in other regions.

On a more positive note, fraud rates in the payments sector dropped from 52% in Q2 to 39% in Q3, which AU10TIX attributes to increased self-regulation and law enforcement interventions. Although the payments industry continued to be the most targeted segment, discouraged fraudsters shifted their attention to less regulated sectors like the crypto market, which accounted for 31% of Q3 attacks.

AU10TIX's Q3 2024 Global Identity Fraud Report offers three actionable insights to help organizations protect against identity fraud:

*   Adopt Behavior-Based Detection: Traditional document verification alone isn't enough. To catch today's sophisticated fraudsters, organizations must analyze user behavior and traffic patterns.
    
*   Use AI to Combat AI: As fraudsters deploy AI to scale attacks, it is critical to leverage AI-driven solutions to keep pace with these threats.
    
*   Be Ready for Synthetic Selfies: The rise in synthetic selfies means that relying on traditional KYC methods may no longer be effective. Organizations must enhance their detection systems to spot these new forms of fraud.
    

About AU10TIX   
AU10TIX plays a pivotal role in establishing trust between individuals/companies and digital systems. Founded in 2002, it is the global leader in identity verification and management, protecting the world's largest brands against advanced fraud. The company's future-proof product portfolio helps businesses provide frictionless customer onboarding and verification in 4-8 seconds while staying ahead of emerging threats and evolving regulatory requirements. AU10TIX offers the world's only 100% automated global identity management system, as well as the industry's only solution that can detect organized mass attacks by analyzing traffic patterns and cross-checking data in a consortium of more than 60 major companies. With its deep roots in airport security, AU10TIX has authenticated billions of identities and prevented over $18 billion in identity fraud. AU10TIX is a subsidiary of ICTS International N.V. (OTCQB: ICTSF). Connect with AU10TIX on LinkedIn and on X at @AU10TIXLimited. For more information, visit AU10TIX.com.

AU10TIX Q3 2024 Global Identity Fraud Report Detects Skyrocketing Social Media Attacks

PRESS RELEASE

GZIRA, Malta, Oct. 30, 2024 /PRNewswire/ -- SOFTSWISS, a leading software supplier in the iGaming industry, joins Cybersecurity Awareness Month. The company is enhancing its cybersecurity efforts by leveraging the expertise of white-hat hackers and independent security researchers, inviting them to participate in its private Bug Bounty Program.

The program requires experts to identify vulnerabilities and ensure the highest level of security for SOFTSWISS clients. To ensure that only significant cases that meet specific requirements are reported, SOFTSWISS launched a private program with invitation-only access. 

Invitation-only programs encourage white hat hackers to pay close attention to their terms and requirements, resulting in higher-quality reports. While public programs can offer broader perspectives but tend to generate more irrelevant reports, the private launch ensures that the focus remains on critical security issues. 

The Bug Bounty Program offers various financial incentives, depending on the severity and complexity of the discovered vulnerabilities. This program serves as an additional layer of defence, providing external, unbiased assessments from highly skilled security experts. 

"We care about the security of our clients and their players, which is why it is important for us not only to pay close attention to protecting the products we develop but also to constantly recheck our applications with the help of skilled external experts and enthusiasts. In collaboration with the expert community, we can ensure a reliable level of data protection and uninterrupted operations for all our clients," said Evgeny Zaretskov, Group Chief Information Security Officer at SOFTSWISS. "SOFTSWISS is proud to set a new standard for cybersecurity by leveraging crowdsourced expertise. In this ever-evolving landscape, even a minor bug can lead to significant losses for operators. The Bug Bounty Program is an extra measure to protect our existing and future clients."

The program has started with two products in the SOFTSWISS portfolio. It is conducted in a dedicated test environment, which operates independently of the iGaming project systems, ensuring no disruption to player experience or platform performance.

Moving forward, the SOFTSWISS cybersecurity team plans to broaden the frames, adding more products and refining requirements to maintain the highest standards of security across all platforms.

SOFTSWISS is an international tech company with over 15 years of experience developing innovative solutions for iGaming. The company revolutionised the industry by introducing the world's first Bitcoin-optimised solution for iGaming. 

You May Also Like

SOFTSWISS Expands Bug Bounty Program

The Recall AI tool will be available to Copilot+ PC subscribers in December, and can be used to record images of every interaction on the device for review later. Critics say this introduces major privacy and security concerns along with useful functionality.

Source: GK Images via Alamy Stock Photo

Microsoft has made the decision to once again delay the release of its new artificial Intelligence tool, Recall, while the company works through trying to make sure all of the handy data it delivers can't be abused by adversaries.

The Recall tool will be part of the suite of services delivered through Microsoft's AI Assistant software, Copilot+. Recall's job, once it's rolled out, will be to gather "snapshots" of each action on the PC to be accessible later through an easy search. The software will be able to "recall" the exact moment the user saw a website, used an app, or interacted with a document.

Compelling use cases aside, information security professionals have balked at Recall's ability to keep its snapshots secure from would-be threat actors. For its part, Microsoft has taken these cybersecurity concerns seriously. In June, Microsoft announced it had added new privacy and security features to Recall just days ahead of its intended rollout date. That release was ultimately pushed back to October in order to take extra steps to shore up the tool's security. Now, the release date has been pushed back again.

"We are committed to delivering a secure and trusted experience with Recall," according to a statement about the delay from Brandon LeBlanc, senior product manager for Windows. "To ensure we deliver on these important updates, we’re taking additional time to refine the experience before previewing it with Windows Insiders. Originally planned for October, Recall will now be available for preview with Windows Insiders on Copilot+ PCs by December."

Related:News Desk 2024: Hacking Microsoft Copilot Is Scary Easy

**Microsoft Pledges to Secure Recall**

In late September, David Weston, Microsoft's vice president of enterprise and OS security, detailed the company's commitment to the security of Recall data, stressing the tool is opt-in only, encrypted, and includes malware protection; and, its data is protected in a virtualization-based security (VBS) enclave inaccessible by even admin and kernel users without biometric authentication.

"Using VBS Enclaves with Windows Hello enhanced sign-in security allows data to be briefly decrypted while you use the Recall feature to search. Authorization will time out and require the user to authorize access for future sessions," Weston wrote. "This restricts attempts by latent malware trying to 'ride along' with a user authentication to steal data."

Weston further assured those concerned about Recall's security that: in-private browsing information is never saved by Recall; users have an option to filter out specific sites or apps from Recall recording; content filtering keeps data like credit card and Social Security numbers from being stored; users can delete stored information by date, content, app, or website; and an icon clearly shows when snapshots are being saved, so users can easily pause the function.

Related:Cybersecurity Job Market Stagnates, Dissatisfaction Abounds

"Recall’s secure design and implementation provides a robust set of controls against known threats," Weston added. "Microsoft is committed to making the power of AI available to everyone, while retaining security and privacy against even the most sophisticated attacks."

**Is Microsoft Eyeing Claude's 'Computer Use' Feature?**

It appears Microsoft is taking the warnings from the cybersecurity community about Recall's potential business risks seriously, Bugcrowd founder Casey Ellis tells Dark Reading. Redmond might also have its eye on a recent release of a similar tool in Anthropic's Claude AI before rolling out Recall, he adds.

"After the initial reaction to Recall — and some of the security and privacy concerns raised by how it was implemented — Microsoft appears to be hastening slowly here," Ellis says. "I wouldn’t be surprised if they’re taking the opportunity to learn from how the market responds to and uses Anthropic’s 'computer use' feature, which is very similar to Recall from a privacy, security, and functionality standpoint."

Related:Noma Launches With Plans to Secure Data, AI Life Cycle

Released just days ago, the computer use feature allows the latest version of Claude to interact with a computer in the same way as a human. Claude's new feature, like Recall, ingests screenshots from Internet-connected computers. And in its Oct. 22 announcement of the release, Anthropic admitted the tool does indeed come with inherent cybersecurity risks.

"In this spirit, our Trust & Safety teams have conducted extensive analysis of our new computer-use models to identify potential vulnerabilities," the release announcement said. "One concern they've identified is prompt injection — a type of cyberattack where malicious instructions are fed to an AI model, causing it to either override its prior directions or perform unintended actions that deviate from the user's original intent."

Anthropic added that it hopes to work out this and other issues in its public beta phase, which will certainly be of keen interest to Microsoft as it works through its Recall release.

Claude, according to Anthropic, will not use this user-submitted data to train its own AI model. But when it comes to Microsoft, security consultant John Bambenek isn't so sure Recall will adhere to the same standard.

"AI systems require tons of data, which means Microsoft wants all the data on how users are interacting with their computers," Bambenek says. "I am not sure the feature is terribly useful for end users, however, it certainly is for training future models. It has enormous privacy implications, so hopefully the delay is useful in terms of minimizing the risks and potential harms to end users."

While Microsoft security teams and Anthropic's Claude feature testing move forward, Patrick Harr, CEO of SlashNext Email Security, warns these tools remain vulnerable to cyberattack.

"We continually see phishing and socially engineered attacks from professional groups, mimicking support staff that target company users either through email, other messaging apps, or even bot calls to provide remote access to their desktops," Harr says. "Once accessed into Recall, the threat actors have perfect timeline and information about that user that can be exploited. Proceed with caution until this update is done."

Privacy Anxiety Pushes Microsoft Recall AI Release Again

OWASP has released guidance materials addressing how to respond to deepfakes, AI security best practices, and how to secure open source and commercial generative AI applications.

Source: Jozef Sedmak via Alamy Stock Photo

The Open Worldwide Application Security Project (OWASP) has announced new security guidance materials to help organizations identify and manage the risks associated with the adoption, deployment, and management of large language models (LLMs) and generative artificial intelligence (GenAI) applications. 

The guidance is part of the OWASP Top 10 for LLM Application Security Project, a global, community-led open source project. Since its inception in 2023, the group has released research, guidance, and resource materials to help organizations develop a comprehensive strategy encompassing governance, collaboration, and practical tools.

*   The "Guide for Preparing and Responding to Deepfake Events" illustrates the problems posed by "hyper-realistic digital forgeries." An outgrowth of the AI Cyber Threat Intelligence initiative, this resource combines practical and pragmatic defense strategies to help organizations stay secure as deepfake technology improves. 
    
*   The "Center of Excellence Guide" helps businesses establish best practices and frameworks for creating AI security practices. The guidance helps organizations establish systems for risk management and interdepartmental coordination among security, legal, data science, and operations teams, as well as how to develop and enforce security policy and educate staff on AI security.
    
*   The "AI Security Solution Landscape Guide" is a broad reference on how to secure both open source and commercial LLM and GenAI applications. It categorizes existing and emerging security products and gives guidance on how to think about risks identified in the Top 10 list.
    

The project brings together more than 500 cybersecurity and AI experts from companies and organizations around the world to identify LLM vulnerabilities and mitigations. In early 2024, the project expanded its focus to include strategic stakeholders, like CISOs and compliance officers, in addition to developers, data scientists, and other security practitioners.

"We're two years into the generative AI boom, and attackers are using AI to get smarter and faster," said Steve Wilson, project lead for the OWASP Top 10 for LLM Project, in a statement. "Security leaders and software developers need to do the same. Our new resources arm organizations with the tools they need to stay ahead of these increasingly sophisticated threats."

**About the Author**

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Source

DARKReading