#9 - The collapse of LAPSUS$ and the risks of AI data poisoning Crying Out Cloud
-
- Technology
๐ Here's a sneak peek at todayโs episode:ย
๐ Stay ahead of the game! LAPSUS$ Hackers may be making waves. Two members of this notorious group faced consequences in the UK, but shockingly, they continued their hacking activities even while under house arrest.ย ย
๐ค Data Poisoning in AI Training is a growing concern. Hackers can manipulate the data used to train AI models, introducing risks and vulnerabilities. Validating data integrity and randomizing data ingestion times are useful mitigations against this threat.
๐ป The WinRAR Vulnerability (CVE-2023-38831)! This flaw was exploited against crypto-traders to infect their devices with malware, but should be considered a low concern for cloud customers unless using virtual desktops. ย
Important links:
https://gizmodo.com/hackers-lapsus-uber-nvidia-rockstar-games-microsoft-1850766324ย
https://www.bbc.com/news/technology-66549159ย
https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-executive-summaryย
https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdfย
https://duo.com/decipher/lapsususd-analysis-finds-need-for-better-iam-mfa-deploymentsย
https://www.youtube.com/watch?v=h9jf1ikcGykย
https://arxiv.org/pdf/2302.10149.pdfย
https://www.blackhat.com/us-23/briefings/schedule/#poisoning-web-scale-training-datasets-is-practical-32112ย
https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/ย
๐ Here's a sneak peek at todayโs episode:ย
๐ Stay ahead of the game! LAPSUS$ Hackers may be making waves. Two members of this notorious group faced consequences in the UK, but shockingly, they continued their hacking activities even while under house arrest.ย ย
๐ค Data Poisoning in AI Training is a growing concern. Hackers can manipulate the data used to train AI models, introducing risks and vulnerabilities. Validating data integrity and randomizing data ingestion times are useful mitigations against this threat.
๐ป The WinRAR Vulnerability (CVE-2023-38831)! This flaw was exploited against crypto-traders to infect their devices with malware, but should be considered a low concern for cloud customers unless using virtual desktops. ย
Important links:
https://gizmodo.com/hackers-lapsus-uber-nvidia-rockstar-games-microsoft-1850766324ย
https://www.bbc.com/news/technology-66549159ย
https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-executive-summaryย
https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdfย
https://duo.com/decipher/lapsususd-analysis-finds-need-for-better-iam-mfa-deploymentsย
https://www.youtube.com/watch?v=h9jf1ikcGykย
https://arxiv.org/pdf/2302.10149.pdfย
https://www.blackhat.com/us-23/briefings/schedule/#poisoning-web-scale-training-datasets-is-practical-32112ย
https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/ย
26 min