Secure GenAI
Secure GenAI Podcast
Gmail, Chrome, Redshift, 9th Telecom hack, HIPPA, AI basic acts.
0:00
Current time: 0:00 / Total time: -5:35
-5:35

Gmail, Chrome, Redshift, 9th Telecom hack, HIPPA, AI basic acts.

GenAI Safety & Security | Dec 15 - Dec 22, 2024
Dec 30, 2024
Share
Transcript

Notice: Our Q4 book report will be available on 1/1/2025!

Highlights

Deep Dive

1. Gmail users targeted by AI phishing, prompts Forbes

  • 2.5 billion Gmail users at risk.

  • AI used for realistic phishing attacks.

  • Attackers use Google phone numbers/forms.

  • Recovery prompts used to gain account control.

  • $500k crypto stolen from a user by Gmail exploit.

Action: Use Google's Advanced Protection Program.

2. Chrome extensions hijacked across companies Reuters, Palo Alto Networks

  • Cyberhaven extension breached.

  • Campaign targeted many extension developers.

  • Extenstion were related to VPN and AI.

  • 88% malware is undetected.

  • LLMs rewrite malware effectively.

Action: Review all third party extensions.

3. Amazon Redshift: 3 severe vulnerabilities Forbes

  • SQL injection in Redshift drivers.

  • CVE-2024-12744, 12745 and 12746 impacts the platform.

  • Allows privilege escalation.

  • Update to latest driver versions (v3) needed.

  • Data integrity and security at risk.

Action: Upgrade Redshift drivers immediately.

4. 9th US telecom breached by Chinese hackers BleepingComputer

  • Salt Typhoon group implicated since 2019.

  • Targeting multiple countries.

  • Log removal and inadequate logging.

  • Attackers accessed over 100k routers.

  • Basics not implemented in telecoms

Wise Advice: Enforce basic security measures immediately.

Secure GenAI is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

5. New HIPAA requirements for US healthcare. Engadget

  • Multifactor and data encryption needed.

  • Routine scans for breaches also needed.

  • Anti-malware is now mandatory.

  • $9 billion cost for 1st year to comply.

  • 1002% increase in individuals impacted since 2018.

Mitigation: Implement new HIPAA requirements now.

6. South Korea passed AI Basic Act Businesskorea

  • Act ensures AI reliability with watermark.

  • Govt. aims for subordinate by 6/2025.

  • Prioritizing domestic over global regulation.

  • Focus is on AI issues domestically.

  • Investment also needed for growth.

Notice: Stay up to date on global AI regulatory trends.

Thanks for reading Secure GenAI ! This post is public so feel free to share it.

Share

California Takes the Lead on AI Regulation

Emma
·
October 3, 2024
California Takes the Lead on AI Regulation

These laws tackle a wide range of AI-related issues, from addressing the potential risks of advanced AI models to protecting children online and preventing the misuse of AI-generated content in elections.

Read full story

Discussion about this episode

Secure GenAI
Secure GenAI Podcast
AI safety, alignment, governance, cyber security. News, documentation and updates. Principles and practices.
Listen on
Substack App
Spotify
RSS Feed
Recent Episodes
False security, Telecom compromise, bank & crypto breach, OpenAI safety.
  Emma
Paypal scam, Microsoft outage, Google removes SMS, 12k API key breach, 2025 top breach
  Emma
$1.5B Crypto stolen, Apple drops Encryption, FBI ransome warning, top breach 2024, US AI safety uncertainty
  Emma
Less Regulation, DOGE, 2.7B IoT breach, OpenAI 20M, Nvidia security, Salt Typhoon
  Emma
iOS malware, Paris AI summit, strongest Password, Deepmind Safety, DeepSeek risks.
  Emma
1st AI report, DeepSeek, Gmail hack, new code practices, US treasury vendor details.
  Emma
Trump 1st week, OpenAI, $500B Stargate, Cloudflare 5.6Tpbs DDOS, WEF x AI
  Emma
US treasury details, Biden last week, Nvidia agentic guardrails, NIST update, Microsoft red team.
  Emma