Thoughts Off the Mic Wednesday 10/23/24
What caught my attention this week?New Tactics to Jailbreak AI: The Risk of Camouflage and Distraction
A recent Unit 42 investigation reveals how malicious actors can bypass large language model (LLM) safeguards through a clever technique called "Deceptive Delight." By embedding harmful prompts within benign topics, attackers trick AI systems into generating unsafe content. This highlights a significant vulnerability in AI models that needs to be addressed to prevent misuse. Read more about how this tactic works and the steps needed to strengthen LLM security here.
Tricking CAPTCHAs: Lumma Stealer Malware on the Rise
Cybercriminals are using Lumma Stealer malware to bypass CAPTCHA protections, allowing them to steal sensitive data, such as login credentials and financial information. This development weakens one of the basic online security measures, making it easier for attackers to compromise accounts. Strengthening security defenses is crucial as these threats evolve. Read more in the full article here. For additional insights on cyber threats, explore Unit 42 research here.
Bumblebee Malware Returns with a Vengeance
Bumblebee malware has made a comeback, more potent and harder to detect than before. Used by threat actors for ransomware attacks and data theft, this revamped version highlights the adaptability of cybercriminals. Organizations must stay vigilant as botnet-driven threats evolve. Cyber defenses should be strengthened to counteract these persistent threats.
For more details, check out the full article here.
We had a busy week recording new episodes of Threat Vector.
I was thrilled to have had Dr. Daniel Ford join to record an episode of Threat Vector! His insights on cyber hygiene and cyber literacy have been rattling around my head since all week. His insights on who takes the risk vs. who experiences the risk (hint: security teams take the risk, you and I experience the risk) changed my perception of my relationships with security teams.
I also had a chance to go deep into IoT Security with Dr. May Wang. I can’t wait to release it - I think May named this one during the episode “The ABCs of IoT Security. This episode struck a great balance between security insights and forward-looking strategy. Plus, it’s always great to share the mic with a fellow nerd (her words! though I am right there with her).
Early in the week, I was able to get Meerah Rajavel and Niall Browne to talk to me about the relationship they have as Palo Alto Networks CIO and CISO. Meerah and Nial discussed the importance of integrating security into software development and emphasizing designing frictionless security early in processes. They also shared how they foster a culture of security at Palo Alto Networks. I know this episode will resonate with executives who are looking to drive speed and innovation.
Allie Mellen from Forrester and I also recorded an episode. It's supposedly about XDR and The Forrester Wave™: Extended Detection And Response Platforms, Q2 2024, but we went off script. Allie answered some deeper, tough questions and was absolutely wonderful to chat with. This will be a totally different episode of Threat Vector, and I am all for it.
Finally, I had Richu Channakeshava on to talk about Quantum Security. She did a fantastic job as a guest and an advocate for our listeners. At the end of the conversation, she called me out. Her observations were spot on, I was stiff and ran the interview as a Q&A. Quantum is such a big topic that I didn't want to let my ignorance get in the way, but as she pointed out, we need the conversation to flow, and when I don't know something, it’s better to ask (I keep learning that lesson). So, we will rerecord it in the style of What Roman Mars Can Learn About ConLaw, one of my favorite pods and podcasters. As soon as we redo this one, we will release it.