Note: my apologies for the absence in two weeks. I caught some incidents after returning to Vietnam from ICLR, 2025 Singapore. Started from this week, I will try to upload more posts to help you get updated.
Highlights
😱 AMD led to CPU ransomware.
🚨 Azure overwhelming 10/10 CVE.
🤖 Imagine for AI Safety.
🛡️ RSAC: AI agentic for security.
🤯 China and AI are everywhere.Dive Deep
😱AMD: CPU ransomware Rapid7 by theRegister
AMD Zen chip vulnerability
Microcode injection risk
UEFI bootkit threats
Undetectable by known tech
Persistent encryption risk
Mitigation: Daily back up data at rest.
Notice: I had similar issues while side-attending ICLR. The OS keeps asking me to check the hardware after failing at decryption, which I did, then recognized the system failed at that level.
tl;dr hardware has been compromised.
🚨 Azure security: Overwhelming 10/10 CVE Forbes
DevOps token hijacking issue.
Storage spoofing vulnerability.
Automation privilege elevation flaw.
Power Apps information disclosure risk.
Microsoft mitigated internally.
No user action required.
Mitigation: Regularly check for cloud service transparency.
Notice: I've approached Google Security team for a year to fix this with my pain. The problem: I guess they are overwhelmed because it’s also too many, so probably why they acquried Wiz, a cloud security startup.
🤖 AI development lacks safeguards Yoshua Bengio on Time
AI surpassing human capabilities.
Risks of unrestrained AI behavior.
AI self-preservation and deception.
Potential misuse by bad actors.
Need for societal guardrails.
Scientist AI as a solution.
Accelerated scientific discovery potential.
Suggestion: human imagination & ability to predict the future is the key to do AI safety in a safe way.
Notice: my upcoming post.
🛡️Agentic AI as operational colleague GitGuardian on RSAC
AI as a security colleague.
Not fear, but clarity.
Demo: real world "RogueGPT".
Zero Trust acknowledgement.
CISO role evolution.
Agentic AI shattered trust.
Claude: >50% write itself.
Oversight: a practice, not policy.
Question: non human ID (agents)
Notice: my upcoming post.
🤯 AI, China: everything, everywhere Jessica Lyons on RSAC
Agentic AI security concerns.
China: top cyber threat.
North Korean IT worker infiltration.
Generative AI aids phishing.
Federal cybersecurity budget cuts.
CISA brain drain concerns.
Google detects North Korean applicants.
Suggestion: check out RSA conference and OWASP.
Notice: Y2 GenAI Safety and Security is on GumRoad and Amazon with paperback.
Share this post