#AIProtection

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

by

December 6, 2024 at 07:18AM Cybersecurity researchers uncovered multiple vulnerabilities in open-source machine learning tools like MLflow, H2O, and PyTorch, which can enable code execution. Detected by JFrog, these flaws potentially allow attackers to access sensitive information and perform lateral movements within organizations, highlighting the need for caution with untrusted ML models. ### Meeting Takeaways … Read more

Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks

by

November 29, 2024 at 05:33AM Microsoft addressed four security vulnerabilities in its AI and cloud offerings, including a critical privilege escalation flaw (CVE-2024-49035) exploited in the wild. Other flaws include XSS and authentication issues in various products. While most have been mitigated, users are advised to update Dynamics 365 Sales apps for security. ### Meeting … Read more

Microsoft Patches Exploited Vulnerability in Partner Network Website

by

November 28, 2024 at 06:07AM Microsoft has patched vulnerabilities in several services, including Azure and Copilot Studio, with one flaw described as ‘exploited.’ The vulnerabilities, mostly related to privilege escalation, have been assigned CVE identifiers for transparency. Users don’t need to take action, as patching occurs automatically over several days. ### Meeting Takeaways on Microsoft … Read more

AI About-Face: ‘Mantis’ Turns LLM Attackers Into Prey

by

November 19, 2024 at 06:35AM A new defensive system, Mantis, has been developed to counter cyberattacks by large-language models (LLMs). It uses deceptive techniques to mislead attackers, embedding prompt-injection commands within responses. Mantis has shown a success rate exceeding 95% in redirecting and thwarting LLM-based exploits using active and passive defense strategies. ### Meeting Takeaways … Read more

GitHub projects targeted with malicious commits to frame researcher

by

November 16, 2024 at 10:34AM GitHub projects, including Exo Labs, have faced malicious commits and pull requests aimed at injecting backdoors. This has raised concerns about the attackers’ motives and the security of such repositories. **Meeting Takeaways:** 1. **Security Threat Identification**: There is an ongoing concern regarding malicious commits and pull requests targeting GitHub projects. … Read more

From Misuse to Abuse: AI Risks and Attacks

by

October 16, 2024 at 07:45AM Cybercriminals are increasingly using AI to enhance their capabilities, although much of the hype surrounding AI in cybercrime lacks substance. Currently, AI is mainly applied to simple tasks like phishing and code generation. However, security risks exist, particularly with custom AI tools, raising concerns over sensitive data exposure. ### Meeting … Read more

C/side Raises $6 Million to Secure the Browser Supply Chain

by

September 17, 2024 at 11:57AM C/side, a startup focusing on protecting against malicious browser-side third-party scripts, raised $6M in seed funding. It has raised a total of $7.7M. The new investment round included Uncork Capital, Mantis VC, PrimeSet, Roar Ventures, and Scribble Ventures. They aim to help businesses monitor, optimize, and secure third-party scripts using … Read more

From Cybercrime to Terrorism, FBI Director Says America Faces Many Elevated Threats ‘All at Once’

by

August 23, 2024 at 02:33PM FBI Director Christopher Wray discussed the significant increase in security threats facing the country, including terrorism, espionage, election interference, and violence against law enforcement. He emphasized the importance of partnerships to address these challenges. Wray also highlighted the FBI’s efforts to strengthen collaborations with various sectors, such as business and … Read more

Guardz Launches Free ‘Community Shield’ Plan to Empower MSPs

by

August 14, 2024 at 03:09PM Guardz, the AI-powered cybersecurity company, has announced the launch of its new free Community Shield plan for MSPs. The plan provides a unified platform for detection and response across identities, emails, devices, and data, with no financial commitment. It aims to support MSPs’ growth and cybersecurity, offering advanced automation, AI, … Read more

How to Weaponize Microsoft Copilot for Cyberattackers

by

August 8, 2024 at 02:56PM Enterprises are rapidly adopting Microsoft’s Copilot AI-based chatbots to enhance employee productivity, but security researcher Michael Bargury demonstrated at Black Hat USA how attackers could exploit Copilot for data theft and social engineering. He also released an offensive toolset for Copilot and emphasized the need for better detection of “promptware” … Read more