• Cyber Sizzler
  • Posts
  • This Is The #1 Risk AI Poses To Businesses Today

This Is The #1 Risk AI Poses To Businesses Today

Cobalt Strikes Back 💥

Author

Dave
March 08, 2023

Welcome to the Cyber Sizzler — the only cybersecurity newsletter that helps industry professionals get 2% better every day.

🌶️

🌶️

ON DECK FOR TODAY

  • Senate Looks to Restrict TikTok

  • This Is The #1 Risk AI Poses To Businesses Today

  • Dumpster Fire: Northeast Surgical Group

  • JALA-MEME-ÑOS: 🌶️ 🤣

Heating Up

Spicy links of original reporting

news / 

Senate Looks to RESTRICT TikTok

A bipartisan group of senators has put forward a proposal that aims to give the Commerce Department the power to review and ban the operations of tech companies that pose a national security threat.

Senator John Warner, who leads the Senate Intelligence Committee, is done playing "whack-a-mole" with different companies as issues arise, rather than coming up with a more systematic way to evaluate and mitigate threats.

If the Commerce Department were given the power to ban companies like TikTok and Huawei, it could lead to significant changes in the way tech companies operate in the U.S. (link)

Additional News Links 🌶️

  • Arctic Wolf CEO doing his ABC’s (Always Be Closing) (link)

  • Fortinet says that WFH is causing problems (link)

tech /

This Is The #1 Risk AI Poses To Businesses Today

Software is buggy, there’s no way around it.

The reason corporations are banning Generative AI (ChatGPT and the like) is not because of some wild “AI is taking over the world!” BS, it’s because of stupid bugs like the screenshot below which shows someone logged into ChatGPT and seeing other users’ workspaces.

OpenAI turned off the workspace feature after this was taken

Imagine someone in the Finance department is putting together the latest earnings report. They’re pulling data from various sources, formatting it and then putting it in a template, which takes a really really long time. But now, they have ChatGPT and all they need to do is give it the right prompts along with their data and out spits the report.

For the entire world to see.

Sam Altman (OpenAI’s founder) already said that data submitted is not used for training purposes.

But what happens when there’s a defect and the data submitted spills out to where it doesn’t belong to people that should not have access to it? Who should be held responsible for the security leak?

  • The overworked finance person?

  • OpenAI for building a buggy tool?

We’ll need to answer these questions and figure out a way to secure corporate assets because these leaks are happening now.

Additional Tech Links 🌶️

  • Check Point dives deep into Chinese hacking group Sharp Panda (link)

  • Cobalt Strike 4.8 released with system call support, payload guardrail options, and a new token store. (link)

  • Cofense discovered that Emotet is back after taking a break (link)

  • SYS01 targets Facebook business accounts by using Google ads (link)

Hearing “a design centric” password manager has raised some money doesn’t exactly give us a good feeling. That said, password vaults need a makeover. Uno raised $3M from Andreesen (a16z) and has targeted non-technical users, which we applaud because it’s a largely underserved market. Let’s hope they don’t pull a Last Pass.

Too soon?

Dumpster Fire: Northeast Surgical Group

  • Affected: 15,298

  • Dwell time: Hard to tell, but Jan 8 - Feb 13 is what it seems

  • Notification time: March 6 but not until AFTER data was sold

  • Identity monitoring: Yes, finally a company providing credit monitoring

DataBreaches has good coverage on this BianLian attack, but one thing about it bugs the sh*t out of me about this breach.

Why the hell didn’t they tell the affected people that their data was already dumped? It can’t be because they didn’t want to get sued, because “we didn’t know at the time” is not a defense for not coming clean afterwards.

Sure, this is a small company in Michigan (represent! Oh…uh, yeah scratch that.), but that doesn’t mean their law firm doesn’t know what the protocols are here. Well, they probably do and they’re just doing the bare minimum in this case.

So, into the dumpster they go.

Additional Breach Links 🌶️

  • BianLian have been busy, Virginia City hit with Ransomware (link)

  • Acer (people still buy their stuff?) breached and data is for sale (link)

Jala-meme-ños

🌶️ 🤣

TALL GLASS OF MILK

Time to cool down with a tall glass of milk. Thanks for reading! We'll be back tomorrow. In the meantime, feel free to reach out if you have any questions or feedback. Keep crushing it!

What'd you think of today's edition?

Login or Subscribe to participate in polls.

AFTERBURN

#bribery

If you made it this far could you help us out? 

If you found this fun and interesting, could you share this with your team? We’re grassrootsing this thing and would love extra help spreading the word.

🌶️ 🙌