![[Available Now!] Book Report: Q3 2024 - GenAI Safety and Security](https://substackcdn.com/image/fetch/w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F789f986a-4e77-4889-8d33-8d82c944c46d_950x707.png)
Follow us on Spotify to learn more and always stay updated!
Highlights:
OpenAI: Disrupted 20+ AI-driven influence ops.
Telecom & Water & Money: Major providers face cyberattacks.
Nobel Prize: Hinton feared spoof & voiced AI safety.
NPD & Internet Archive: Breach and bankruptcy.
Gmail & Windows: targeted by bad AIs.
Deep Dive:
1. OpenAI Security Report: OpenAI disrupted 20+ influence operations worldwide.
Targeted elections in US, Rwanda, India, and EU.
Ranged from simple content to complex analysis.
Separate phishing campaign targeted OpenAI employees.
China-linked group attempted phishing attack on OpenAI.
Malware designed for screenshots and data exfiltration.
Mitigation: Review and enhance phishing awareness training.
Source: CNBC, Yahoo Finance
2. Telecommunications, Water, and MoneyGram Under Attack:
Telecom: Verizon, AT&T, and Lumen compromised.
Wiretaps and bandwith for months or longer undetected.
American Water Works company: Disrupted billing systems.
14 mil customers and 18 military installations afftected.
MoneyGram: on-going outage and disruption.
Mitigation: Stay calm. Remember to document, report with evidences.
Source: Security Week, Ars Technica, CyberScoop, NBC News
3. Geoffrey Hinton's Nobel Prize Physics:
Initially thought Nobel Prize call was a spoof.
Expressed regret and guilty because of AI risks.
Cited the worst outcome if any intelligent system is out of control.
Emphasized we have no idea about what would happen.
Notice: With Y. Bengio, he is calling for AI guardrails and regulation.
Source: X, Nobel Prize, Yahoo Finance
4. NPD Bankruptcy. Internet Archive breach.
NPD: Original breach occurred in December 2023.
Faces multiple lawsuits and regulatory challenges.
Internet Archvie Breach occurred around 9/28/2024.
Authentication database stolen.
Included email addresses and hashed passwords.
Advice: Change passwords and monitor identity theft.
Source: The Register, BleepingComputer
5. Gmail Phishing & Microsoft 9.8: Sophisticated AI-driven phishing and exploitation attacks emerging.
Gmail: Attackers using realistic AI voice calls and emails.
Exploiting trust in file-sharing platforms like Dropbox.
Windows: Critical at 9.8 (CVE-2024-43468).
In Configuration Manager allows remote code execution.
Immediate patching, but complex update process.
Mitigation: Update immediately. Have alternative service accounts.
Share this post