Google comeback, OpenAI safety, Heath Equity & Envolve Bank data breach, Microsoft DDOS & AWS outage, $75 million ransom payment.
GenAI Safety & Security Newsletter (July 29 - Aug 3, 2024)
![[FREE e-book] GenAI safety and security](https://substackcdn.com/image/fetch/w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8cbc4b00-c7d2-4b5d-8795-3d2715fd20c8_731x731.png)
This Week’s highlight:
Google Comeback: New Gemini and Gemma models are dethroning OpenAI.
OpenAI Safety: Decision to submit its next AI model for government review as an independent safety evaluations which still has lots of limitation.
HealthEquity and Evolve Bank have more than ten millions records in recent data breaches. Plus new threats are coming.
Microsoft Azure and AWS dealt with new DDoS attacks and internal vulnerabilities which caused another global outage in hours.
$75 million ransom payment, to Dark Angels. The highest number ever.
1. Google's AI Dominance with Gemini:
Google’s Gemini 1.5 Pro model is now the top performer beating OpenAI's GPT-4o and Anthropic's Claude-3.5 Sonnet. VentureBeat
The smaller but powerful Gemma 2 2B model also exhibits superior performance compared to its larger rivals, including OpenAI's GPT-3.5. VentureBeat
Google is releasing powerful tools like Gemma Scope to provide insights into how its models work, promoting transparency and understanding.
Why it Matters: Google's advancements demonstrate the company's commitment to AI innovation and create a powerful alternative for businesses seeking enterprise AI solutions. This resurgence signifies a potential shift in the AI market dynamics.
2. OpenAI Safety Evaluations:
OpenAI will allow the U.S. AI Safety Institute to conduct safety checks on its upcoming generative AI model before its release. VentureBeat
Pledged to dedicate 20% of its computing resources to safety research, a significant investment in responsible AI development. VentureBeat
A recent study by the Ada Lovelace Institute highlights concerns about the limitations of current AI safety evaluations, emphasizing the need for more robust, context-specific, and transparent testing methods. TechCrunch
Why it Matters: The increasing focus on independent safety evaluations signals a growing awareness of the potential risks posed by advanced AI. More rigorous and transparent evaluations are crucial for ensuring responsible development and building trust in AI systems.
3. HealthEquity and Evolve Bank: A Widespread and Interconnected Threat:
HealthEquity suffered a data breach impacting the personal and health information of 4.3 million individuals. The breach occurred due to a compromised vendor account. TechCrunch
A complex case involving Evolve Bank, Synapse (a fintech connector), and multiple fintech companies led to a data breach exposing information of up to 7.6 million individuals. Financial Times
A vulnerability in WhatsApp for Windows allows for the execution of Python and PHP scripts, potentially enabling attackers to steal sensitive data like SMS messages and banking information. BleepingComputer
A new Android banking Trojan called BlankBot is targeting users with Android 13 or newer, stealing SMS messages, banking credentials, and even device lock patterns or PINs. Forbes
Why it Matters: These incidents highlight the growing sophistication and interconnected nature of data breaches. Businesses must adopt a comprehensive security approach that accounts for vulnerabilities in their own systems, their partners' systems, and the software they use.
4. Microsoft Azure and AWS:DDoS Attacks and Internal Vulnerabilities
Microsoft Azure experienced an outage caused by a DDoS attack compounded by an error in Microsoft's automated defense system. Forbes
AWS also suffered an outage, disrupting services for various Amazon-owned companies. CRN
CISA and the FBI issued a statement assuring the public that DDoS attacks are unlikely to impact the integrity of the 2024 U.S. elections, but acknowledge that they could disrupt election-related services. BleepingComputer
Why it Matters: These incidents highlight the vulnerability of cloud services to DDoS attacks and internal errors. Organizations must carefully evaluate their cloud dependency and implement robust security measures and backup plans to minimize the impact of potential disruptions.
5. $75 million ransom payment: the escalating damage and more:
An unnamed company paid a record-breaking $75 million to the Dark Angels ransomware group SecurityWeek
$500 million Delta Airlines suffer due to Microsoft global outage NewYorkPost
$5.4 billion in damages caused by Crowdstrike for Fortune 500 companies Fortune
Why it Matters: The record-breaking ransom payment demonstrates the growing financial stakes of ransomware attacks and the potential for even larger demands in the future. Businesses must prioritize robust cybersecurity measures to mitigate this escalating threat.
Last week,
