26 min

#9 - The collapse of LAPSUS$ and the risks of AI data poisoning Crying Out Cloud

    • Technology

👀 Here's a sneak peek at today’s episode: 

🔒 Stay ahead of the game! LAPSUS$ Hackers may be making waves. Two members of this notorious group faced consequences in the UK, but shockingly, they continued their hacking activities even while under house arrest.  

🤖 Data Poisoning in AI Training is a growing concern. Hackers can manipulate the data used to train AI models, introducing risks and vulnerabilities. Validating data integrity and randomizing data ingestion times are useful mitigations against this threat.

💻 The WinRAR Vulnerability (CVE-2023-38831)! This flaw was exploited against crypto-traders to infect their devices with malware, but should be considered a low concern for cloud customers unless using virtual desktops.  



Important links:

https://gizmodo.com/hackers-lapsus-uber-nvidia-rockstar-games-microsoft-1850766324 

https://www.bbc.com/news/technology-66549159 

https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-executive-summary 

https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf 

https://duo.com/decipher/lapsususd-analysis-finds-need-for-better-iam-mfa-deployments 

https://www.youtube.com/watch?v=h9jf1ikcGyk 

https://arxiv.org/pdf/2302.10149.pdf 

https://www.blackhat.com/us-23/briefings/schedule/#poisoning-web-scale-training-datasets-is-practical-32112 

https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/ 

👀 Here's a sneak peek at today’s episode: 

🔒 Stay ahead of the game! LAPSUS$ Hackers may be making waves. Two members of this notorious group faced consequences in the UK, but shockingly, they continued their hacking activities even while under house arrest.  

🤖 Data Poisoning in AI Training is a growing concern. Hackers can manipulate the data used to train AI models, introducing risks and vulnerabilities. Validating data integrity and randomizing data ingestion times are useful mitigations against this threat.

💻 The WinRAR Vulnerability (CVE-2023-38831)! This flaw was exploited against crypto-traders to infect their devices with malware, but should be considered a low concern for cloud customers unless using virtual desktops.  



Important links:

https://gizmodo.com/hackers-lapsus-uber-nvidia-rockstar-games-microsoft-1850766324 

https://www.bbc.com/news/technology-66549159 

https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-executive-summary 

https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf 

https://duo.com/decipher/lapsususd-analysis-finds-need-for-better-iam-mfa-deployments 

https://www.youtube.com/watch?v=h9jf1ikcGyk 

https://arxiv.org/pdf/2302.10149.pdf 

https://www.blackhat.com/us-23/briefings/schedule/#poisoning-web-scale-training-datasets-is-practical-32112 

https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/ 

26 min

Top Podcasts In Technology

פשוט AI
Benny Farber
Acquired
Ben Gilbert and David Rosenthal
עושים טכנולוגיה
רשת עושים היסטוריה
Lex Fridman Podcast
Lex Fridman
עושים תוכנה Osim Tochna
רשת עושים היסטוריה
וויקלי סינק
וויקלי סינק