Daily Tech Digest - September 05, 2023

GenAI in productivity apps: What could possibly go wrong?

The first and most obvious risk is the accuracy issue. Generative AI is designed to generate content — text, images, video, audio, computer code, and so on — based on patterns in the data it’s been trained on. Its ability to provide answers to legal, medical, and technical questions is a bonus. And in fact, often the AIs are accurate. The latest releases of some popular genAI chatbots have passed bar exams and medical licensing tests. But this can give some users a false sense of security, as when a couple of lawyers got in trouble by relying on ChatGPT to find relevant case law — only to discover that it had invented the cases it cited. That’s because generative AIs are not search engines, nor are they calculators. They don’t always give the right answer, and they don’t give the same answer every time. For generating code, for example, large language models can have extremely high error rates, said Andy Thurai, an analyst at Constellation Research. “LLMs can have rates as high as 50% of code that is useless, wrong, vulnerable, insecure, and can be exploited by hackers,” he said. 

CFOs and IT Spending: Best Practices for Cost-Cutting

Auvik Networks’ Feller stressed it is important for CFOs not to come in and start slashing everything. “There was a reason why IT applications and services were purchased in the first place and, in today’s corporate environment, many of these systems are integrated with each other and into employees’ work processes,” he says. “CIOs should have a good idea of what’s critical and sensitive.” He says the way he tends to approach this is by working with the CIO to identify the applications that are main “sources of truth” for key corporate data. These tend to be the financial and accounting systems or enterprise resource planning (ERP), customer relationship management (CRM), human resources information system (HRIS), and often a business intelligence (BI) system. “For each of those key systems, we evaluate whether they are still the right choice for where the company has evolved and will they scale as the company grows,” he says. “Replacing one or more of those systems can be a big, complicated project but is often essential to a company’s success.”

Hackers Adding More Capabilities to Open Source Malware

Researchers observed that the malware samples are currently being used by multiple threat actors and various variants of this threat are already in the wild with threat actors improving its efficiency and effectiveness over time. The malware is capable of stealing sensitive information from infected systems including host information, screenshots, cached browser credentials and files stored on the system that match a predefined list of file extensions. It also attempts to determine the presence of credential databases for browser applications includin Chrome, Yandex, Edge and Opera. Once executed, the malware creates a working directory, and a file grabber executes and attempts to locate any files stored within the victim's Desktop folder that match a list of file extensions including .txt, .pdf, .doc, .docx, .xml, .img, .jpg and .png. The malware then creates a compressed archive called log.zip containing all of the logs and the data is transmitted to the attacker via Simple Mail Transfer Protocol "using credentials defined in the portion of code responsible for crafting and sending the message."

Connected cars and cybercrime: A primer

Connected car cybercrime is still in its infancy, but criminal organizations in some nations are beginning to recognize the opportunity to exploit vehicle connectivity. Surveying today’s underground message forums quickly reveals that the pieces could quickly fall into place for more sophisticated automotive cyberattacks in the years ahead. Discussions on underground crime forums around data that could be leaked and needed/available software tools to enable attacks are already intensifying. A post from a publicly searchable auto-modders forum about a vehicle’s multi-displacement system (MDS) for adjusting engine performance, is symbolic of the current activity and possibilities. Another, in which a user on a criminal underground forum offers a data dump from car manufacturer, points to the possible threats that likely are coming to the industry. Though they still seem to be limited to accessing regular stolen data, compromises and network accesses are for sale in the underground.

Identify Generative AI’s Inherent Risks to Protect Your Business

Generative AI models have basically three attack surfaces: the architecture of the model itself, the data it was trained on, and the data fed into it by end users. For example, adversarial attacks and data poisoning depend on the model’s training data having a security flaw and thus being open to manipulation and infiltration. This allows threat actors to inject incorrect or misleading information into the training data, which the model uses to generate responses, leading to inaccurate information presented as accurate by a trusted model and, subsequently, flawed decision-making. Model extraction attacks depend on the skill of the hacker to compromise the model itself. The threat actor queries the model to gain information about its structure and, therefore, determine the actions it executes and what its targets are. One goal of this sort of attack could be reverse-engineering the model’s training data, for instance, private customer data, or recreating the model itself for nefarious purposes. Notably, any of these attacks can take place before or after the model is installed at a user site. 

How attackers exploit QR codes and how to mitigate the risk

A common attack involves placing a malicious QR code in public, sometimes covering up a legitimate QR code, and when unsuspecting users scan the code they are sent to a malicious web page that could host an exploit kit, Sherman says. This can lead to further device compromise or possibly a spoofed login page to steal user credentials."This form of phishing is the most common form of QR exploitation," Sherman says. QR code exploitation that leads to credential theft, device compromise or data theft, and malicious surveillance are the top concerns to both enterprises and consumers, he says. If QR codes lead to payment sites, then users might divulge their passwords and other personal information that could fall into the wrong hands. "Many websites do drive-by download, so mere presence on the site can start malicious software download," says Rahul Telang, professor of information systems at Carnegie Mellon University’s Heinz College. 

The ‘IT Business Office’: Doing IT’s admin work right

Each IT manager has a budget to manage to. Sadly, in most companies budgeting looks more like a game of pin-the-tail-on-the-donkey than a well defined and consistent algorithm. In principle, a lot of IT staffing can be derived from a parameter-driven model. This can be hard to reconcile with Accounting’s requirements for budget development. With an IT Business Office to manage the relationship with Accounting, IT can explain its methods once, instead of manager-by-manager-by-manager. ... Business-wide, new-employee onboarding should be coordinated by HR, but more often each piece of the onboarding puzzle is left to the department responsible for that piece. An IT Business Office can’t and shouldn’t try to fix this often-broken process throughout the enterprise. But onboarding new IT employees is, if anything, even more complicated than onboarding anyone else’s employees. An IT Business Office can, if nothing else, smooth things out for newly hired IT professionals so they can start to work the day they show up for work.

MSSQL Databases Under Fire From FreeWorld Ransomware

According to an investigation by Securonix, the typical attack sequence observed for this campaign begins with brute forcing access into the exposed MSSQL databases. After initial infiltration, the attackers expand their foothold within the target system and use MSSQL as a beachhead to launch several different payloads, including remote-access Trojans (RATs) and a new Mimic ransomware variant called "FreeWorld," named for the inclusion of the word "FreeWorld" in the binary file names, a ransom instruction file named FreeWorld-Contact.txt, and the ransomware extension, which is ".FreeWorldEncryption." The attackers also establish a remote SMB share to mount a directory housing their tools, which include a Cobalt Strike command-and-control agent (srv.exe) and AnyDesk; and, they deploy a network port scanner and Mimikatz, for credential dumping and to move laterally within the network. And finally, the threat actors also carried out configuration changes, from user creation and modification to registry changes, to impair defenses.

Managing Data as a Product: What, Why, How

Applying product management principles to data includes attempting to address the needs of as many different potential consumers as possible. This requires developing an understanding of the consumer base. The consumers are typically in-house staff accessing the organization’s data. (The data is not being “sold,” but is being treated as a product available for distribution, by identifying the consumers’/in-house staff’s needs.) From a big-picture perspective, the business’s goal is to maximize the use of its in-house data. Managing data as a product requires applying the appropriate product management principles. ... The data as a product philosophy is an important feature of the data mesh model. Data mesh is a decentralized form of data architecture. It is controlled by different departments or offices – marketing, sales, customer service – rather than a single location. Historically, a data engineering team would perform the research and analytics, a process that severely limited research when compared to the self-service approach promoted by the data as a product philosophy, and the data mesh model.

Enterprise Architecture Must Look Beyond Venturing the Gap Between Business and IT

The architects should not be the ones managing and maintaining the repository by themselves. They should facilitate the rest of the organization to make sure that they can ask for a repository. Architecture needs to become part of every strategic and tactical role in your organization. I think EA is basically following the path that so many other industries and disciplines have followed already. It’s the path of democratization. Today, we all have our supercomputer in our pocket, meaning that we have more functionality than ever before. And we don’t even have to go to machine rule, we don’t even have to go to our desk anymore, we can just take it out of our pocket, and help us to make the right decisions of where we want to go, how we’re going to send an email, which decision we’re kind of making. This self-service way of doing that has really enabled organizations to be much more efficient, much more transparent, much more effective. And I think this is what we want to achieve with EA, as well.

Quote for the day:

“Just because you’re a beginner doesn’t mean you can’t have strength.” -- Claudio Toyama

No comments:

Post a Comment