AI Technology Under Siege

Ever had the annoyance of responding to email after email? Well, EmailGPT is the tool people would use to battle against the day-to-day email battle as its services feature an AI-powered writing assistant to help write your responses. This Google Chrome extension was the best for busy people up until the exploitation of its services became relevant!

The EmailGPT vulnerability is known as prompt injection and allows the attacker to inject malicious prompts through its API service which allows the attacker to gain significant control over the service’s AI logic. Not only would this allow the attacker to tell the AI what to write out in response to important emails, but they could change how the AI works itself by forcing it to use its standard prompt responses in the wrong scenarios.

Researchers are urging that users of the service immediately remove it as the vulnerability holds sensitive sectors of information too for attackers to extract. Compromised accounts in EmailGPT could also be host to spam mail from attackers and possibly be of use for phishing as well from the misinformation that is used.

Instantly calculate the time you can save by automating compliance

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.

Instantly calculate how much time you can save with Vanta.

[Calculate now]

 Phishing Trending, Malware Pending..

Most of us know there are many different types of malware streaming across the internet from mass ransomware attacks to keylogger and trojan attacks. So many different vectors of the malware offensive are continuing to be more dangerous as we head through 2024, so let’s look at what is leading the assault this year!

When it comes down to what is trending for malware this year, we must think mainly of the modern individual’s capability to recognize security threats! More than ever right now we are seeing plenty of phishing attacks which is sparking several of malware-related problems. Phishing involves the use of social engineering and deception to make someone give up their private info or install an app to start the attack on their PC. Basically, an attacker could send an email looking like it’s an important update from a known company and hide a malicious link that looks normal.

These different types of malware shown above are reported to be found through phishing emails most commonly, which shows the true lack of the average individual’s online security skills. To counter these trends we must have more online security awareness training for the average person available, as the ways technology is evolving it has become almost necessary today! This attack method has also become the leading source of information for ransomware groups to use and exploit so phishing isn’t going to go away anytime soon!

UK Military Facing Cyber Assault

A data breach has recently been reported to happen to the armed forces of the UK, revealing names, financial records, and even addresses of current or past military members. This attack has sparked a huge conspiracy around China as some lawmakers say they are the only ones that have the resources to even carry out these huge attacks. Spies were brought up as well as this couldn’t have been an easy attack to pull off without insider information.

Up to 270,000 individuals could have been affected by this mass cyber attack. UK’s Secretary of Defense had said “We do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement,” in a statement to the UK Parliament. The point that was breached was a payroll system that SSCL had been contracted to run for the UK military. China has angrily denied involvement in the attack as the UK government and media lay fault with them. The UK Ministry of Defense is working out exactly how this happened and where to prevent it, however, they did mention the networks and services behind the attack have been taken down and anyone who has been affected will be supported!