Aggregator

The post Joint Certification Program (DD 2345) appeared first on PreVeil.

The post Joint Certification Program (DD 2345) appeared first on Security Boulevard.

As AI usage becomes more prevalent in organizations globally, security teams must get full visibility into these applications. Building a comprehensive inventory of AI applications in your environment is a first step. Read on to learn what we found about AI application-usage in the real world when we analyzed anonymized telemetry data from scans using Tenable’s products.

Here’s a common scenario in enterprises today: Under the CISO’s guidance, the security team has set up rigorous processes to review and approve all artificial intelligence (AI) applications before they are deployed. An AI governance board and data review council have been established to ensure compliance with internal InfoSec policies. By all accounts, AI is being leveraged in a completely controlled manner on the hosts that are regularly monitored and patched.

Or is it?

A recent analysis of Tenable’s anonymized telemetry data shows that many security teams are finding usage of AI applications in their environment that might not have been provisioned via formal processes.

In other words, despite establishing formal policies and detailed procedures for deploying AI securely, many enterprises are discovering that their employees have taken a free hand with AI, creating a shadow IT problem.

What our telemetry data shows

Unquestionably, AI represents a great opportunity for organizations to improve and transform their operations, so it’s not surprising that the world is abuzz with the promise of AI. This technology is more pervasive than we could have ever imagined two years ago, and AI is everywhere – think of ChatGPT, Grammarly, H2O, Ollama and many others.

Over a recent 30-day period, Tenable scans found 1.7 million instances of AI applications on more than 287,000 hosts. Over 33% of customers that scanned using detections for AI applications found them in their environment. This is according to anonymized telemetry data from customers that agreed to share it with Tenable.

Because the data is anonymized and aggregated, it is not feasible to know the exact percentage of applications that were unapproved. However, even in cases where only a minority of the applications found were unapproved, their detection would have been critically important. That’s because AI applications that are unmanaged and unsecured represent a major risk. 

Obtaining a complete inventory of all your AI applications – approved and unapproved – gives you the visibility you need to protect your attack surface. Such an inventory also allows you to make sure that approved AI applications are being used properly and only by their authorized users.

Benchmarking Let's take a look at the top geographies

In terms of the raw number of times these AI plugins triggered detections, the Americas lead the way, followed by Europe, the Middle East and Africa (EMEA) and then Asia-Pacific (APAC.) However, EMEA ranked first with 22% of AI-related scans resulting in a detection while in APAC it was about 5% and the Americas at 18%. Our recommendation is to scan your environment regularly with the Tenable AI scan template because the percentages above denote a likely probability of detection of an AI application in your environment. 

AI usage by industry

Retail leads the way by a big margin followed by the Technology and Telecommunications sectors.

This chart shows a vertical-industry breakdown of triggers of Tenable’s AI plugins.

AI usage by size of organization

As expected, the number of detections vary depending on the size of the organization. Small organizations can easily see up to 100 detections a day while the very large ones are seeing 30,000-plus detections a day for AI applications. 

AI browser plugins

There are hundreds of browser plugins leveraging AI. The most popular ones are: 

AppRaw counts in Tenable scansGrammarly: AI writing and grammar-checker App6,781,023LanguageTool: AI grammar-checker and paraphraser1,726,138Magical: AI writer and autofill text expander534,502Scribe: AI documentation, SOPs and screenshots284,470QuillBot: AI writing and grammar-checker Tool244,424Wordtune: Generative AI productivity platform198,134ChatGPT for Google116,122AI zero days

There are over 400 vulnerabilities disclosed in AI applications so far and Tenable's researchers have discovered a handful as well that are in various stages of disclosure. Among those that have been published are NextChat Server-Side Request Forgery / Cross-Site Scripting and SSRF Security Feature Bypass in Azure AI and ML Studios. 

This number is still very small as AI security is in the nascent stage: 400 vulnerabilities is a small drop in the ocean when compared to the tens of thousands disclosed each year overall. However, we are only getting started with AI security in the ecosystem as a whole.

What can you do to elevate your security posture further?

• Be in the know. Build an inventory of AI applications found in the organization and correlate with the ones that have been approved by the AI governance board of the organization. 
• Regularly scan with plugins released for Tenable Vulnerability Management, Tenable Security Center, Tenable Nessus, Tenable Nessus Network Monitor, Tenable WebApp Scanning and Tenable OT Security.
• Leverage dashboard templates in Tenable Vulnerability Management and Tenable Security Center to review findings from the plugins.
• Mitigate frequently.
• You should never trust user inputs, and AI isn’t an exception. Follow first principles of security, security best practices and validate, validate, validate. Check out our blog about this topic.

Below you'll find links to our plugins for Tenable Vulnerability Management, Tenable Web App Scanning and Tenable Nessus Network Monitor.

VM plugins 

WAS plugins 

NNM plugins 

via the inimitable Daniel Stori at Turnoff.US!

Permalink

The post Daniel Stori’s ‘The chroot Case’ appeared first on Security Boulevard.

Новый вредоносный дроппер обходит защиту Android 13 с пугающей лёгкостью.

The RaaS group that distributes Hive ransomware delivers new malware impersonating as validly signed network-administration software to gain initial access and persistence on targeted networks

INTERPOL said it devised a "global stop-payment mechanism" that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam.  The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024. It refers to a type of cybercrime where a malicious actor poses as a trusted figure and uses email to

by Mike Saunders, Principal Security Consultant     This blog is the eighth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of […]

In July, Guardio Labs reported they had detected “EchoSpoofing,” a critical in-the-wild exploit of Proofpoint’s email protection service. This sophisticated phishing campaign highlights the vulnerabilities of robust security systems and underscores the importance of comprehensive security measures of SSPM in alerting on misconfigurations in email systems that can be exploited in such attacks. Overview of […]

The post Breach Debrief Series: EchoSpoofing Phishing Campaign Exploiting Proofpoint’s Email Protection appeared first on Adaptive Shield.

The post Breach Debrief Series: EchoSpoofing Phishing Campaign Exploiting Proofpoint’s Email Protection appeared first on Security Boulevard.

今年二月，ZLUDA 项目开发者 Andrzej Janik 在 GitHub 上开源了 AMD 资助的 CUDA 实现，允许 CUDA 应用无需修改就能运行在 AMD 的显卡上。AMD 停止了对改项目的资助，但允许开发者公开源代码。但开源六个月之后，AMD 律师撤销了开源的决定，项目也随之从 GitHub 下架。Andrzej Janik 证实，该项目没有收到英伟达的任何法律威胁，而是应 AMD 法务部门的要求。他表示自己还完成了一个运行在 AMD GPU 上的 NVIDIA GameWorks 实现，但相关代码永远不会开源了。

The Grand Palais Réunion des musées nationaux (Rmn) in France is warning that it suffered a cyberattack on Saturday night, August 3, 2024. [...]

Let's look at Tracfone's $16 million settlement with the FCC to understand why API security testing matters.

The post Why API Security Testing Matters – Learning from Tracfone appeared first on Dana Epp's Blog.

Cybersecurity startup RAD Security, a finalist in this year's Black Hat USA Startup Spotlight competition, looks for "drift events," or events that vary from the baseline.

Our new Keycloak integration is the latest in a range of 50+ integrations that ensure DataDome stops bad bots & fraud on any infrastructure.

The post DataDome Now Protects Keycloak IAM appeared first on Security Boulevard.

美国天基导弹防御系统发展现状 by 路人甲

CrowdStrike的库加载和快速升级机制的分析笔记 by 路人甲

查询NGO信息网站汇总 by 路人甲

更多最新文章，请访问SecWiki

Researchers from LevelBlue Labs have uncovered a new tactic threat actors employ to hijack legitimate anti-virus software for malicious purposes. This sophisticated attack leverages a tool named SbaProxy, which masquerades as a legitimate anti-virus component to establish proxy connections through a command and control (C&C) server. SbaProxy is a new tool in the threat actor’s evolving toolkit, […]

The post Hackers Hijack Anti-Virus Software Using SbaProxy Hacking Tool appeared first on Cyber Security News.