New Security Vulnerability, Cybersecurity Not Ready for AI, and More.

by | Jun 27, 2024 | This Week in Tech

This Week In Tech, we talk about a new security vulnerability called 'SnailLoad', if cybersecurity agencies are ready for generative AI, and how Meta has become the most impersonated amongst phishing scammers.

New security vulnerability ‘SnailLoad’ allows hackers to spy on people

A newly discovered security flaw, called ‘SnailLoad,’ potentially enables hackers to spy on individuals through any internet-connected device, bypassing typical security measures like firewalls and VPNs. Instead of relying on traditional malicious code, ‘SnailLoad’ operates by monitoring fluctuations in a user’s internet speed. To initiate the attack, users unknowingly download a seemingly safe small file from the attacker’s server, often embedded within a malicious website. This file does not have immediate malicious content detectable by security software, but is transferred very slowly, allowing hackers to gain specific characteristics of the user’s internet connection. This approach allows attackers to pinpoint a distinctive ‘signature’ linked to the connection, enabling full unauthorized access. According to the researchers, they successfully monitored test users watching videos with a 98% success rate. They noted higher success rates when users had slower internet connections and were streaming large videos.

Read More: Independent

Cybersecurity not ready for generative AI

Artificial intelligence (AI) in cybersecurity isn’t a novelty, many automated security tools incorporate AI and machine learning to some extent. However, the rise of generative AI has sparked widespread concern and discussion. According to a Darktrace study, AI-generated threats have already affected 75% of organizations, yet 60% acknowledge being unprepared to defend against such attacks. For the first time, AI considerations extend beyond the corporate network and threat actors to include customer interactions. As organizations increasingly deploy AI in consumer-facing tools like chatbots, security teams must reconsider their strategies for detecting threats and responding to incidents that involve interactions between AI systems and third-party users. A significant challenge lies in managing generative AI. Cybersecurity teams, as well as organizations at large, lack clear insights into the data used to train AI, who accesses these training datasets, and how AI aligns with compliance requirements.

Read More: Cybersecurity Dive

Meta is the most impersonated by phishing scammers

Meta is the most frequently impersonated brand by phishing scammers, with over ten thousand verified phishing scams reported in the past four years. These scams typically involve fraudulent messages appearing to come from a trusted source, urging users to click on links or provide personal information urgently. Such actions can lead to unintended installation of ransomware or unauthorized access to accounts by the scammers. Phishing messages targeting Meta can vary widely, from believable notifications about friend requests to extravagant claims such as winning a Facebook lottery. IT and technology brands, including Meta, account for more than a quarter of brand impersonation phishing scams, followed closely by banking and financial services. This trend may stem from the high levels of customer engagement and trust these industries enjoy, along with the value of the credentials they possess.

Read More: Forbes

Here are some more blogs from this category.

New Smart Ring by Samsung, Common Home Buying Scams, and More.

This Week In Tech, we talk the new smart ring by Samsung, phishing attacks on Apple users via text messages, and 8 scams to avoid when selling your home.

Second Cyberattack on CDK Global, Spotting AI Hallucinations, and More.
This Week In Tech, we talk about a second cyberattack on CDK Global, how to spot AI hallucinations, and a groundbreaking test to detect Parkinson’s disease seven...
New Concrete Turning Homes into Giant Batteries, What is Masked Email, and More.
This Week In Tech, we talk about a new concrete capable of transforming homes into energy storage units, what ‘masked email’ is referring to, and X hiding...
Medical AI Solution That Patients Can Talk To, Instagram To Force Ad Breaks, and More.
This Week In Tech, we talk about a medical AI solution that patients can talk to, Instagram testing out a new feature called Ad breaks, and ten useful tips to prevent...
AI a Gamechanger for Neurodiversity, Deepfake Risk to Biometrics, and More.
This Week In Tech, we talk about AI becoming a transformational tool for neurodiversity, deepfake risks to biometrics, and the seven new features added to...
Critical Apple Photo Update, Microsoft’s AI “Windows Recall”, and More.
This Week In Tech, we talk about a critical Apple update to fix photo bug, Microsoft’s AI that monitors all computer activity, and disabling cellphone...
Using AI to Edit DNA, Top Tech Tips You Should Use, and More.

This Week In Tech, we talk about using AI to edit your DNA, top tech tips you should use, and a new memory feature of ChatGPT.

Change Healthcare’s Ransomware Nightmare Gets Worse, Microsoft Tops List in Brand Phishing Attacks, and More. 
This Week In Tech, we talk about Change Healthcare’s ransomware attack, Microsoft being the top brand involved in phishing attacks and Mark Zuckerberg reimagining...
Ransomware Groups Targeting Backups, Upgrading to iOS 17.4.1, and More.

This Week In Tech, we talk about ransomware groups targeting backups, crucial update to iOS 17.4.1, and the Humane AI pin.

Update on Hospital Cyberattack, Reporting Spam via Text, and More.

This Week In Tech, we talk about the Update on Cyberattack of Regional Hospitals, Reporting Spam via Text, and Zero-Font Phishing Campaign.