Tech Risk Reading Picks

1. Are phishing tests outdated?: Google suggested that current phishing simulations are like outdated fire tests - stressful, ineffective, and hurting trust. They propose "phishing fire drills" instead. These drills would be announced training exercises where employees practice spotting and reporting suspicious emails. This, along with focusing on building more secure systems, would be a more positive and effective approach to cybersecurity. [more]

2. OpenAI disbanded its team looking at long term risk: AI research company OpenAI disbanded its "superalignment" team, which focused on ensuring future superintelligent AI doesn't become dangerous. This follows the departures of key researchers including co-founder Ilya Sutskever. Separately, OpenAI says its research on AI safety will continue under a different team. [more]

3. AI experts targeted: Chinese hackers are on the hunt for information about cutting-edge artificial intelligence (AI) in the US. They're using a custom-made malware called SugarGh0st, a sneaky variant of Gh0st RAT, to target a small group of AI experts working in companies, government agencies, and universities. The hackers are sending AI-themed phishing emails with suspicious attachments to trick these experts into downloading the malware. SugarGh0st is a powerful tool that allows full remote control of infected machines, letting hackers steal data, spy through webcams, and even download more malware. This targeted attack coincides with growing US restrictions on AI technology access for China. Some experts believe these hacks might be an attempt to gain an edge in AI development by stealing valuable information from US experts. [more]

4. Countries move forward to address advanced AI risk: The AI Seoul Summit wrapped up with countries agreeing to work together on proposals for evaluating potential risks from advanced AI in the coming months. [more]

5. Basel Committee advised on digitalisation risk: The Basel Committee on Banking Supervision (BCBS) released a report exploring how digital technologies like artificial intelligence and cloud computing are changing the banking landscape. While these innovations offer exciting possibilities, the BCBS acknowledges they also introduce new risks. To navigate this evolving environment, the report emphasizes the importance of responsible innovation for banks, with robust risk management practices being essential. The BCBS recognizes the need for regulators to adapt as well, highlighting the importance of monitoring these developments and potentially issuing new guidelines to address emerging risks. The committee assures they will continue to oversee the progress of digital finance and adjust their regulations accordingly, ensuring a stable and secure banking sector. [more][more-Basel]

6. Cloud providers faced critical vulnerability: A critical vulnerability (CVE-2024-4323, nicknamed "Linguistic Lumberjack") has been discovered in Fluent Bit, a logging software widely used by cloud giants (Microsoft Azure, Google Cloud Platform, Amazon Web Services) and tech companies (Cisco, VMware, Intel, Adobe, Dell). This flaw could allow attackers to crash systems (denial-of-service) or steal data with relative ease. In some scenarios, attackers with more time and effort might even be able to gain complete control of systems (remote code execution). The vulnerability resides in Fluent Bit's built-in HTTP server and affects versions 2.0.7 through 3.0.3. An update (Fluent Bit 3.0.4) that patches the vulnerability has been released. [more][more-2]

7. Web3 Cryptospace Spotlight

   1. Gala hack: Gala Games was hacked and 5 billion new GALA tokens were tokens - worth around $200 million at the time. This caused the price of GALA to drop by about 15%. Gala Games' quick suspension of the attacker's address contained damage to $21 million by preventing further token swaps. According to a pseudonymous developer who reportedly first discovered the exploit, the attacker who had obtained administrator privileges on the web3 gaming platform’s smart contract minted billions of Gala tokens and sold them. [more][more-2]

   2. Quantum risk on blockchain: Quantum computing presents significant challenges to blockchain security by potentially undermining current cryptographic methods, necessitating the development of quantum-resistant cryptographic systems. Professor Massimiliano Sala emphasizes the urgency of transitioning to these new systems to maintain blockchain integrity, highlighting the role of algebra and coding theory in creating robust security solutions. Global efforts, such as the U.S. NIST standardization process, are crucial for establishing reliable quantum-resistant standards. Additionally, updating academic curricula to include these new cryptographic methods and proactive engagement with ongoing research and standardization efforts are essential for preparing blockchain technologies for a quantum future. [more]