Gmail 2FA bypassed, Microsoft AI safety practices, Insurance Breach, Iran Cyber Playbook, Georgia Election Website.

[Available Now!] Book Report: Q3 2024 - GenAI Safety and Security

Highlights:

• Gmail 2FA bypassed: 2.5 Billions attacked.

• Microsoft: Emphasizes AI safety practices.

• Insurance Breach: 800,000 customer records exposed.

• Iran Cyber Playbook: Targeting US elections with AI.

• Georgia Election Website: Targeted by suspected attack.

Deep Dive

1. Gmail: 2FA bypass attack. Forbes

• Hackers are stealing session cookies to bypass 2FA.

• Attacks target Gmail's 2.5 billion active users.

• Google's security measures are being circumvented.

• Application-bound encryption is being bypassed by attackers.

• Create a second Gmail account and forward emails as backup.

Mitigation: Open a second Gmail account for backup and use unique credentials. Enroll in Google's Advanced Protection Program.

Pass-by 2FA Gmail and Youtube, America Privacy Right Acts, Apple Spyware, RedTeam on LLMs.

2. Microsoft: AI safety. Microsoft Cloud Blog

• Overreliance on AI is a primary risk.

• Deepfakes and social manipulation are growing threats.

• AI safety is about how we use it, not just how it's built.

• Treat AI as a helpful assistant, not an infallible expert.

• Verify AI outputs and maintain human oversight.

Advice: Treat AI as a tool, not a decision-maker, and always verify its output.

Review: Microsoft Cybersecurity Hearing

Microsoft Report, Internet Archive 3rd attack, Quantum, Wells Fargo, New York Finance AI guidance.

3. Insurance breach: 800,000 impacted. Forbes

• LandmarkAdmin breach detected in May 13 2024.

• Blocked remote access and disconnected affected system.

• CONTINUED to breach. Rediscovered in 17 June 2024.

• Names, SSNs, financial, medical data, ID documents, etc. were stolen.

• Average breach cost reached $4.88 million in 2024 reported by IBM.

Mitigation: Review third-party vendor security protocols and data encryption.

United Healthcare, US President Election, US National Security, Mexico Data Breach, Apple

4. US election: Iran Cyber Playbook. The Hacker News

• Stole content form IP cameras.

• Used AI for voice modulation and image generation.

• Leveraged fake hosting resellers for infrastructure.

• In 2024 Summer Olympics, attacked commercial display providers.

• Attempted to contact families of Israeli hostages.

• Harvested more info through sites, targeted to weapon operators.

Mitigation: Increase vigilance against disinformation campaigns.

5. US Election: Georgia targeted. CPO Magazine

• Suspected nation-state attack on Georgia's election website.

• 420,000 attempts to crash the website using DDoS.

• Attack intended to disrupt voter ballot requests.

• FBI and CISA are aware of the incident.

• Foreign interference in US elections remains a concern.

Notice: DDoS protection and incident response plans for critical infrastures.

Review: how Cloudflare stopped "3.8 Terabits per second" DDOS attack.