New Security Vulnerability, Cybersecurity Not Ready for AI, and More.

by | Jun 27, 2024 | This Week in Tech

This Week In Tech, we talk about a new security vulnerability called 'SnailLoad', if cybersecurity agencies are ready for generative AI, and how Meta has become the most impersonated amongst phishing scammers.

New security vulnerability ‘SnailLoad’ allows hackers to spy on people

A newly discovered security flaw, called ‘SnailLoad,’ potentially enables hackers to spy on individuals through any internet-connected device, bypassing typical security measures like firewalls and VPNs. Instead of relying on traditional malicious code, ‘SnailLoad’ operates by monitoring fluctuations in a user’s internet speed. To initiate the attack, users unknowingly download a seemingly safe small file from the attacker’s server, often embedded within a malicious website. This file does not have immediate malicious content detectable by security software, but is transferred very slowly, allowing hackers to gain specific characteristics of the user’s internet connection. This approach allows attackers to pinpoint a distinctive ‘signature’ linked to the connection, enabling full unauthorized access. According to the researchers, they successfully monitored test users watching videos with a 98% success rate. They noted higher success rates when users had slower internet connections and were streaming large videos.

Read More: Independent

Cybersecurity not ready for generative AI

Artificial intelligence (AI) in cybersecurity isn’t a novelty, many automated security tools incorporate AI and machine learning to some extent. However, the rise of generative AI has sparked widespread concern and discussion. According to a Darktrace study, AI-generated threats have already affected 75% of organizations, yet 60% acknowledge being unprepared to defend against such attacks. For the first time, AI considerations extend beyond the corporate network and threat actors to include customer interactions. As organizations increasingly deploy AI in consumer-facing tools like chatbots, security teams must reconsider their strategies for detecting threats and responding to incidents that involve interactions between AI systems and third-party users. A significant challenge lies in managing generative AI. Cybersecurity teams, as well as organizations at large, lack clear insights into the data used to train AI, who accesses these training datasets, and how AI aligns with compliance requirements.

Read More: Cybersecurity Dive

Meta is the most impersonated by phishing scammers

Meta is the most frequently impersonated brand by phishing scammers, with over ten thousand verified phishing scams reported in the past four years. These scams typically involve fraudulent messages appearing to come from a trusted source, urging users to click on links or provide personal information urgently. Such actions can lead to unintended installation of ransomware or unauthorized access to accounts by the scammers. Phishing messages targeting Meta can vary widely, from believable notifications about friend requests to extravagant claims such as winning a Facebook lottery. IT and technology brands, including Meta, account for more than a quarter of brand impersonation phishing scams, followed closely by banking and financial services. This trend may stem from the high levels of customer engagement and trust these industries enjoy, along with the value of the credentials they possess.

Read More: Forbes

Here are some more blogs from this category.

Apple’s AI growing misinformation issue, LG StanbyMe 2, and More.
This Week In Tech, we talk about Apple’s AI news alerts highlight growing misinformation issue, LG’s StanbyMe 2, and the review of Lenovo’s ThinkBook...
Meta to Scrap Fact Checkers, Ransomware Turns 35, and More.
This Week In Tech, we talk about Meta scrapping fact checkers and using community-generated ‘notes’ instead, ransomware turning 35 and billion-dollar...
12 Scams of Christmas, UPS ‘Shmishing’ Scam Alert, and More.
This Week In Tech, we talk about the Better Business Bureau’s 12 scams of Christmas, UPS smishing scam alert, and Windows malware attack targeting YouTube...
AI Sparks a ‘Revolution’ for the Visually Impaired, Apple’s Slimmest iPhone Ever, and More.

This Week In Tech, we talk about AI app solutions for the visually impaired, Apple’s slimmest iPhone ever, and the new name for Zoom.

Week 4 of Cyber Security Awareness Month, Eight Underestimated Phishing Techniques, and More.

This Week In Tech, we talk about week 4 of Cyber Awareness Month, eight underestimated Phishing techniques, and AR glasses developed by Meta and Snap.

Week 3 of Cyber Security Awareness Month, The Dangers of the ‘Unsubscribe’ Button , and More.
This Week In Tech, we talk about week 3 of Cyber Awareness Month, the dangers of the ‘Unsubscribe’ button in Emails, and lasers that can extend broadband...
Week 2 of Cyber Security Awareness Month, New AI Tools for Health Professionals, and More.

This Week In Tech, we talk about week 2 of Cyber Awareness Month, new AI tools for healthcare professionals, and Microsoft service outages.

October is Cyber Security Awareness Month, Tips for Digital Gift Giving, and More.

This Week In Tech, we talk about cyber security awareness month, week one of Cyber Month, and tips on how to give and receive digital gifts safely.

Combating Phishing Scams with Video Verification, Possible Chip Shortage Due to AI, and More.
This Week In Tech, we talk about combating phishing scams using video verification, AI technology to assist with speech impairments, and how the rising demand for AI...
Reevaluating Cyber Strategies, Exploiting Security Tools to Target Organizations, and More.
This Week In Tech, we talk about reevaluating strategies following the global IT outage, hackers misusing security tools to target organizations, and prioritizing...