![[Available Now!] Book Report: Q3 2024 - GenAI Safety and Security](https://substackcdn.com/image/fetch/w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F789f986a-4e77-4889-8d33-8d82c944c46d_950x707.png)
Highlights:
Palo Alto Networks: 2000 firewalls compromised.
"Nearest neighbor" WiFi attack revealed.
Microsoft enhances Windows security.
New AI safety taskforce formed.
International AI safety summit held.
Deep Dive
1. 2,000 Palo Alto Networks Firewalls Compromised Help Net Security
Zero-day vulnerabilities for remote code execution.
Compromised devices primarily in US and India.
Attackers deployed webshells, exfiltrated data, & deployed cryptominers.
Palo Alto Networks Panorama and WildFire appliances also affected.
Arctic Wolf observed intrusions across various industries.
Mitigation: Apply security patches and follow remediation guidance.
2. "Nearest Neighbor" WiFi Attack Tom's Hardware
Russian hackers accessed a US firm's WiFi outside a physical range.
First heard for two different networks to compromised the third one.
Attackers leveraged both wired and wireless connections.
Mitigation: Limiting Wireless access point, hiding SSIDs, and mandate MFAs.
3. Microsoft Security Enhancements Cybersecurity Dive
Windows Resiliency Initiative allows for off-line Windows Update changes.
Safer deployment practices with endpoint security partners are being implemented.
Moving away from C++ to Rust for safer programming.
New capabilities to create security products outside kernel mode.
Available to the Windows Insider Program community starting in early 2025.
Initiative follows July Crowdstrike global outage affecting 8.5M devices.
Notice: Stay informed and proactively adopt MS updates.
4. New AI Safety Taskforce (TRAINS) NIST
TRAINS focuses on national security implications of AI.
Experts from Commerce, Defense, Energy, Homeland Security.
Will coordinate AI model research and testing.
Aims to maintain US leadership in safe AI development.
Operationalizes whole-of-government approach to AI safety.
Mitigation: Monitor progress and recommendations for best practices.
5. International AI Safety Summit TIME
Summit brought together experts from 9 nations and the EU.
Focus on synthetic content, testing models, and assessments.
US and UK AISIs shared findings on model vulnerabilities.
$11 million in funding announced for synthetic content risk mitigation.
Emphasizes the need for integrating safety with AI innovation.
Notice: The next summit will happen in Paris, France.
Share this post