Tech Risk Reading Picks

1. Nonsensical ChatGPT speak: ChatGPT started producing nonsensical responses, leading users to worry it had malfunctioned. Reports of gibberish, including mixed languages, surfaced on social media. OpenAI acknowledged the problem with version 4 of the AI and is investigating. No specific cause has been disclosed, but OpenAI assured users they're keeping an eye on it. [more]

2. Defenders’ advantage with AI: Google recognizes that hackers also have access to AI technology, but they believe that the current AI approach favors defenders over attackers. They argue that AI-powered vulnerability and exploit discovery will ultimately benefit defenders more than attackers, contrary to concerns about increased zero-day exploitation. [more]

3. Chatbot misinformation: Air Canada had to give a partial refund to a passenger after its chatbot provided incorrect information about the airline's bereavement travel policy. Despite the airline's argument that the chatbot is a separate legal entity, the court ruled in favor of the passenger, stating that the passenger had no reason to doubt the accuracy of the information provided by the chatbot. [more] [more-2]

4. MAS on quantum risk: The Monetary Authority of Singapore (MAS) issued an advice on the cybersecurity risks related to quantum computing. It highlighted to financial institutions about potential threats and suggests measures to mitigate these risks. [more]

5. Apple defend against Q day: Apple is enhancing the security of iMessage by implementing a new encryption system, PQ3, to protect against potential threats from quantum computing attacks. This upgrade aims to prevent hackers from stealing message data now and decrypting it later with advanced computers. [more]

6. Communication channel hijacking: Over the weekend, there was an attempted takeover of communication on an El Al flight from Thailand to Israel, with the aim of likely diverting it. This was the second such incident in a week for El Al. The cabin crew detected the deception when instructions deviated from their route and switched to alternative communication methods. Concerns arose over potential harm to the plane or passengers. El Al stated that similar disruptions are not exclusive to their flights, citing airspace disputes between Somalia and Somaliland. The pilots' professionalism and use of alternative communication methods kept the flight on its intended path. [more]

7. Crowdstrike Threat Report: In 2023, cybersecurity faced a significant surge in threats, as attackers became more skilled and exploited vulnerabilities in business defenses. CrowdStrike's 2024 Global Threat Report reveals a 75% increase in cloud intrusions and a 76% rise in victims of data theft listed on leak sites. Most concerning is that 75% of attacks were malware-free, making detection and prevention more challenging. The report highlights a growing disparity between attackers' advanced tactics and the effectiveness of traditional security measures. Attackers reduced their average intrusion time by 17 minutes, with the fastest breakout recorded at just over two minutes. This acceleration gives organizations less time to respond and mitigate damage, emphasizing the urgent need for improved cybersecurity strategies. [more]

8. Web3 Cryptospace Spotlight

   1. DEX lost $26M: FixedFloat, a decentralized crypto exchange, was hit by a major hack, losing $26 million in bitcoin and ether. Initially downplayed as minor tech issues, the breach was later confirmed. Hackers drained 409 BTC ($21M) and 1,700 ETH ($5M). Attack method was unclear. [more]

   2. Doubling tokens: Miner, a token created with the ERC-X standard, plummeted by more than 99% recently. The crash was caused by a smart contract bug that allowed users to double their tokens by transferring them to themselves. [more]