GenAI in productivity apps: What could possibly go wrong?
The first and most obvious risk is the accuracy issue. Generative AI is designed
to generate content — text, images, video, audio, computer code, and so on —
based on patterns in the data it’s been trained on. Its ability to provide
answers to legal, medical, and technical questions is a bonus. And in fact,
often the AIs are accurate. The latest releases of some popular genAI chatbots
have passed bar exams and medical licensing tests. But this can give some users
a false sense of security, as when a couple of lawyers got in trouble by relying
on ChatGPT to find relevant case law — only to discover that it had invented the
cases it cited. That’s because generative AIs are not search engines, nor are
they calculators. They don’t always give the right answer, and they don’t give
the same answer every time. For generating code, for example, large language
models can have extremely high error rates, said Andy Thurai, an analyst at
Constellation Research. “LLMs can have rates as high as 50% of code that is
useless, wrong, vulnerable, insecure, and can be exploited by hackers,” he
said.
CFOs and IT Spending: Best Practices for Cost-Cutting
Auvik Networks’ Feller stressed it is important for CFOs not to come in and
start slashing everything. “There was a reason why IT applications and services
were purchased in the first place and, in today’s corporate environment, many of
these systems are integrated with each other and into employees’ work
processes,” he says. “CIOs should have a good idea of what’s critical and
sensitive.” He says the way he tends to approach this is by working with the CIO
to identify the applications that are main “sources of truth” for key corporate
data. These tend to be the financial and accounting systems or enterprise
resource planning (ERP), customer relationship management (CRM), human resources
information system (HRIS), and often a business intelligence (BI) system. “For
each of those key systems, we evaluate whether they are still the right choice
for where the company has evolved and will they scale as the company grows,” he
says. “Replacing one or more of those systems can be a big, complicated project
but is often essential to a company’s success.”
Hackers Adding More Capabilities to Open Source Malware
Researchers observed that the malware samples are currently being used by
multiple threat actors and various variants of this threat are already in the
wild with threat actors improving its efficiency and effectiveness over time.
The malware is capable of stealing sensitive information from infected systems
including host information, screenshots, cached browser credentials and files
stored on the system that match a predefined list of file extensions. It also
attempts to determine the presence of credential databases for browser
applications includin Chrome, Yandex, Edge and Opera. Once executed, the malware
creates a working directory, and a file grabber executes and attempts to locate
any files stored within the victim's Desktop folder that match a list of file
extensions including .txt, .pdf, .doc, .docx, .xml, .img, .jpg and .png. The
malware then creates a compressed archive called log.zip containing all of the
logs and the data is transmitted to the attacker via Simple Mail Transfer
Protocol "using credentials defined in the portion of code responsible for
crafting and sending the message."
Connected cars and cybercrime: A primer
Connected car cybercrime is still in its infancy, but criminal organizations in
some nations are beginning to recognize the opportunity to exploit vehicle
connectivity. Surveying today’s underground message forums quickly reveals that
the pieces could quickly fall into place for more sophisticated automotive
cyberattacks in the years ahead. Discussions on underground crime forums around
data that could be leaked and needed/available software tools to enable attacks
are already intensifying. A post from a publicly searchable auto-modders forum
about a vehicle’s multi-displacement system (MDS) for adjusting engine
performance, is symbolic of the current activity and possibilities. Another, in
which a user on a criminal underground forum offers a data dump from car
manufacturer, points to the possible threats that likely are coming to the
industry. Though they still seem to be limited to accessing regular stolen data,
compromises and network accesses are for sale in the underground.
Identify Generative AI’s Inherent Risks to Protect Your Business
Generative AI models have basically three attack surfaces: the architecture of
the model itself, the data it was trained on, and the data fed into it by end
users. For example, adversarial attacks and data poisoning depend on the model’s
training data having a security flaw and thus being open to manipulation and
infiltration. This allows threat actors to inject incorrect or misleading
information into the training data, which the model uses to generate responses,
leading to inaccurate information presented as accurate by a trusted model and,
subsequently, flawed decision-making. Model extraction attacks depend on the
skill of the hacker to compromise the model itself. The threat actor queries the
model to gain information about its structure and, therefore, determine the
actions it executes and what its targets are. One goal of this sort of attack
could be reverse-engineering the model’s training data, for instance, private
customer data, or recreating the model itself for nefarious purposes. Notably,
any of these attacks can take place before or after the model is installed at a
user site.
How attackers exploit QR codes and how to mitigate the risk
A common attack involves placing a malicious QR code in public, sometimes
covering up a legitimate QR code, and when unsuspecting users scan the code they
are sent to a malicious web page that could host an exploit kit, Sherman says.
This can lead to further device compromise or possibly a spoofed login page to
steal user credentials."This form of phishing is the most common form of QR
exploitation," Sherman says. QR code exploitation that leads to credential
theft, device compromise or data theft, and malicious surveillance are the top
concerns to both enterprises and consumers, he says. If QR codes lead to payment
sites, then users might divulge their passwords and other personal information
that could fall into the wrong hands. "Many websites do drive-by download, so
mere presence on the site can start malicious software download," says Rahul
Telang, professor of information systems at Carnegie Mellon University’s Heinz
College.
The ‘IT Business Office’: Doing IT’s admin work right
Each IT manager has a budget to manage to. Sadly, in most companies budgeting
looks more like a game of pin-the-tail-on-the-donkey than a well defined and
consistent algorithm. In principle, a lot of IT staffing can be derived from a
parameter-driven model. This can be hard to reconcile with Accounting’s
requirements for budget development. With an IT Business Office to manage the
relationship with Accounting, IT can explain its methods once, instead of
manager-by-manager-by-manager. ... Business-wide, new-employee onboarding should
be coordinated by HR, but more often each piece of the onboarding puzzle is left
to the department responsible for that piece. An IT Business Office can’t and
shouldn’t try to fix this often-broken process throughout the enterprise. But
onboarding new IT employees is, if anything, even more complicated than
onboarding anyone else’s employees. An IT Business Office can, if nothing else,
smooth things out for newly hired IT professionals so they can start to work the
day they show up for work.
MSSQL Databases Under Fire From FreeWorld Ransomware
According to an investigation by Securonix, the typical attack sequence observed
for this campaign begins with brute forcing access into the exposed MSSQL
databases. After initial infiltration, the attackers expand their foothold
within the target system and use MSSQL as a beachhead to launch several
different payloads, including remote-access Trojans (RATs) and a new Mimic
ransomware variant called "FreeWorld," named for the inclusion of the word
"FreeWorld" in the binary file names, a ransom instruction file named
FreeWorld-Contact.txt, and the ransomware extension, which is
".FreeWorldEncryption." The attackers also establish a remote SMB share to mount
a directory housing their tools, which include a Cobalt Strike
command-and-control agent (srv.exe) and AnyDesk; and, they deploy a network port
scanner and Mimikatz, for credential dumping and to move laterally within the
network. And finally, the threat actors also carried out configuration changes,
from user creation and modification to registry changes, to impair defenses.
Managing Data as a Product: What, Why, How
Applying product management principles to data includes attempting to address
the needs of as many different potential consumers as possible. This requires
developing an understanding of the consumer base. The consumers are typically
in-house staff accessing the organization’s data. (The data is not being “sold,”
but is being treated as a product available for distribution, by identifying the
consumers’/in-house staff’s needs.) From a big-picture perspective, the
business’s goal is to maximize the use of its in-house data. Managing data as a
product requires applying the appropriate product management principles. ... The
data as a product philosophy is an important feature of the data mesh model.
Data mesh is a decentralized form of data architecture. It is controlled by
different departments or offices – marketing, sales, customer service – rather
than a single location. Historically, a data engineering team would perform the
research and analytics, a process that severely limited research when compared
to the self-service approach promoted by the data as a product philosophy, and
the data mesh model.
Enterprise Architecture Must Look Beyond Venturing the Gap Between Business and IT
The architects should not be the ones managing and maintaining the repository by
themselves. They should facilitate the rest of the organization to make sure
that they can ask for a repository. Architecture needs to become part of every
strategic and tactical role in your organization. I think EA is basically
following the path that so many other industries and disciplines have followed
already. It’s the path of democratization. Today, we all have our supercomputer
in our pocket, meaning that we have more functionality than ever before. And we
don’t even have to go to machine rule, we don’t even have to go to our desk
anymore, we can just take it out of our pocket, and help us to make the right
decisions of where we want to go, how we’re going to send an email, which
decision we’re kind of making. This self-service way of doing that has really
enabled organizations to be much more efficient, much more transparent, much
more effective. And I think this is what we want to achieve with EA, as well.
Quote for the day:
“Just because you’re a beginner doesn’t
mean you can’t have strength.” -- Claudio Toyama
No comments:
Post a Comment