EmergingTech Spotlight

1. The Vatican involved AI guide: The Vatican has released a handbook on the ethics of artificial intelligence. The handbook was the result of a partnership between between Vatican and Santa Clara University’s Markkula Center for Applied Ethics. The handbook, titled "Ethics in the Age of Disruptive Technologies: An Operational Roadmap," aims to provide guidance on how to develop and use AI in a way that is ethical and responsible. [more][more-guide]

   1. The handbook identifies key ethical principles that should guide the development and use of AI including

      1. Respect for Human Dignity and Rights Promote Human Well-Being

      2. Invest in Humanity

      3. Promote Justice, Access, Diversity, Equity, and Inclusion

      4. Recognize that Earth is for All Life

      5. Maintain Accountability

      6. Promote Transparency and Explainability

      Text within this block will maintain its original spacing when published

2. The Operational Resilience Framework: Traditional disaster recovery and business continuity efforts have focused on data recovery with little regard for providing services in an impaired state. In 2021, Global Resilience Federation’s Business Resilience Council (BRC) launched a multi-sector working group to develop the Operational Resilience Framework (ORF) to help solve that challenge. The framework provides rules and implementation aids that support a company’s recovery of immutable data, while also allowing it to minimize service disruptions in the face of destructive attacks and events. [more]

   Text within this block will maintain its original spacing when published

3. ChatGPT as phishing detector: NTT Security explored the use of ChatGPT to detect phishing sites. Based on their experiment, ChatGPT was able to detect phishing sites with an accuracy of 87.2%. This is a significant improvement over traditional methods of phishing detection, which typically have an accuracy of around 60%. However, the experiment noted the limitations of using ChatGPT to detect phishing sites. One limitation is that ChatGPT can be fooled by phishing sites that are well-designed and that use sophisticated social engineering techniques. Another limitation is that ChatGPT can be slow to respond, which can make it difficult to use in real-time applications. Overall, ChatGPT is a promising new tool for detecting phishing sites. [more]

   Text within this block will maintain its original spacing when published

4. Quantum Readiness: In collaboration with Deloitte, World Economic Forum (WEF) published an article on the importance of quantum readiness and provides a toolkit for organizations to assess their current state of readiness and develop a plan for improvement. Quantum readiness refers to the ability of an organization to withstand the threats posed by quantum computing. [more][more-quantum_readiness_toolkit]

   1. The toolkit introduced five guiding principles for organisation to become quantum cyber-ready

      1. Ensure the organizational governance structure institutionalizes quantum risk,

      2. Raise quantum risk awareness throughout the organization,

      3. Treat and prioritize quantum risk alongside existing cyber risks,

      4. Make strategic decisions for future technology adoption, and

      5. Encourage collaboration across ecosystems

Web3 Cryptospace Spotlight

1. Ice Phishing - The most prevalent kind of attack in May was the so-called “ice phishing” technique, which accounted for 55.8% of all the attacks registered by Forta (Blockchain security company). Unlike the more obvious or well-known phishing attacks (ice phishing is a play on the more common “phishing” attacks seen across the Web), this type does not aim directly for users’ private information. Instead, an ice phisher tricks a victim into signing a malicious blockchain transaction that opens access to the victim’s wallet so the attacker can steal all the digital assets. In such cases, victims are often lured onto a phishing website designed to mimic real crypto services. [more]

   Text within this block will maintain its original spacing when published

2. According to a June 27 report from Web3 portfolio app De.Fi., DeFi hacks and scams cost over $204 million in the second quarter of 2023, a 7-fold increase from the same quarter in 2022. The top five hacks were Atomic Wallet, Fintoch, MEV-Boost, Bitrue, and GDAC. Atomic Wallet was the most heavily hit, with losses of over $100 million. Although some funds were recovered, the vast majority of funds lost in DeFi hacks are never recovered. The report concluded by calling on DeFi developers and users to take steps to improve security and reduce the risk of hacks. [more]

   Text within this block will maintain its original spacing when published

3. According to Beosin, Web3 security company, that published a report Web3 attacks and scams, it was noted that the total value of cryptocurrencies lost in scams, hacks and rug pulls amounted to $656 million during the first half of 2023. This includes the loss of $471.43 million in 108 protocol attacks, $108 million in various phishing scams and $75.87 million over 110 rug pulls. For hacks, the amount represented a significant decrease over H1 2022 and H2 2022, where $1.91 billion and $1.69 billion were lost, respectively [more] [more-Beosin]

   Text within this block will maintain its original spacing when published

4. SlowMist, Web3 security company, highlighted the supply chain security challenges in the Web3 industry. As the Web3 industry continues to evolve and grow, there is an increased reliance on diverse third-party components and external services. This complexity presents malicious actors with more opportunities to manipulate and infiltrate software supply chains, thereby posing significant threats to enterprise and user data and assets. [more]

   Text within this block will maintain its original spacing when published

   Five key aspects of supply chain security:
   
   i. Source code security: This includes ensuring that the source code is properly reviewed and tested for vulnerabilities.
   
   ii. Build security: This includes ensuring that the build process is secure and that the compiled binaries are not tampered with.
   
   iii. Transmission security: This includes ensuring that the source code and binaries are transmitted securely over the network.
   
   iv. Artifact security: This includes ensuring that the artifacts (e.g., Docker images, Kubernetes manifests) are secure and that they are not tampered with.
   
   v. Deployment security: This includes ensuring that the artifacts are deployed securely to production environments.

   Text within this block will maintain its original spacing when published

5. N0H4Ts shared about hands-on Blockchain security in Smart contracts. Importantly, but often missed, Web3 security also include Web2 (traditional IT) security concerns. [more]