We've been developing machine learning-based cybersecurity systems for many years and began developing automation for analysis in our labs in 2005. These early automation projects have since evolved into full-blown machine-learning frameworks. Since then, we've been waiting for our enemies to make the same move, and after 18 years, the wait is over – malware with artificial intelligence has arrived. Defenders have been able to automate their work for some time, enabling excellent detection, analysis and reaction times – hands-free at machine speed. This contrasts with attackers who have had to build and deploy their attacks manually, meaning that when they get blocked, they have to change things manually – at much slower human speed. The technology to run malware campaigns and automatically bypass new defenses is most definitely doable nowadays, but thus far, we haven't seen anything of the kind.

A vulnerability in the redis-py open-source library was at the root of last week's ChatGPT data leak, OpenAI has confirmed. Not only were some ChatGPT users able to see what other users have been using the AI chatbot for, but limited personal and billing information ended up getting revealed, as well. ChatGPT suffered an outage on March 20 and then problems with making conversation history accessible to users. "During a nine-hour window on March 20, 2023, another ChatGPT user may have inadvertently seen your billing information when clicking on their own'Manage Subscription' page," OpenAI notified 1.2% of the ChatGPT Plus subscribers via email. "The billing information another user might have seen consisted of your first and last name, billing address, credit card type, credit card expiration date, and the last four digits of your credit card. The information did not include your full credit card number, and we have no evidence that any customer information was viewed by more than one other ChatGPT user."

As the modern world evolves, more threats arise. Knowledge of cybersecurity and artificial intelligence (AI) has become crucial to a successful business. Businesses everywhere need true expertise to protect their data to avoid their competitors getting ahead. In this Help Net Security video, Taylor Hersom, CEO at Eden Data, discusses why we need AI and how it helps minimize human error, as well as cybersecurity threats such as ransomware.

Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritization and adoption of DEX in organizations and how it shapes the daily working experiences for employees. The report revealed that 49% of employees are frustrated by the tech and tools their organization provides and 64% believe that the way they interact with technology directly impacts morale. Conflicting views remain between C-Suite, IT, and employees when it comes to the future of work and technology's role in enabling the culture of hybrid work. Just 13% of knowledge workers prefer to work exclusively from the office, yet 56% of CXOs still feel that employees need to be in the office to be productive, although 74% of the C-Suite report they are more productive since the start of the pandemic – showing a disconnect between what they have experienced and what they believe employees need to do to be productive. Globally the C-Suite's number one priority was employee productivity, with workplace culture and employee satisfaction falling further down the list.

… developing and deploying technical expertise and innovative solutions in artificial intelligence (AI), machine learning (ML), cyber security, …

Netskope published a research which found that phishing downloads saw a sharp increase of 450% over the past 12 months, fueled by attackers using search engine optimization (SEO) techniques to improve the ranking of malicious PDF files on popular search engines, including Google and Bing. The top web referrer categories contained some categories traditionally associated with malware, particularly shareware/freeware, but were dominated by more unconventional categories. The ascension of the use of search engines to deliver malware over the past 12 months provides insight into how adept some attackers have become at SEO. Malware downloads referred by search engines were predominantly malicious PDF files, including many malicious fake CAPTCHAs that redirected users to phishing, spam, scam, and malware websites. The report also found that most malware over the past 12 months was downloaded from within the same region as its victim, a growing trend that points to the increasing sophistication of cybercriminals, which more frequently stage malware to avoid geofencing filters and other traditional prevention measures. The findings reveal that attackers tend to target victims located in a specific region with malware hosted within the same region.

Organizations now create and move more data than at any time ever before in human history. Network traffic continues to increase, and global internet bandwidth grew by 29% in 2021, reaching 786 Tbps. In addition to record traffic volumes, 95% of traffic is now encrypted according to Google. As threat actors continue to evolve their tactics and techniques (for example, hiding attacks in encrypted traffic), securing organizations is becoming more challenging. To help address these problems, many network security and operations teams are relying more heavily on machine learning (ML) technologies to identify faults, anomalies, and threats in network traffic.

This is despite most business leaders predicting an upheaval in working practices due to the rapid onset of artificial intelligence (AI). With 35% of employees surveyed reporting they had changed jobs in the last 12 months because their employer wasn't offering enough upskilling and training opportunities, there is a stark need to better upskill workforces to support the workplace transition that is already underway. The report combines insights from expert interviews with surveys from over 1,200 global C-level executives and 6,000 employees. The findings, which were largely consistent across all geographies surveyed, reveal how the rapid growth in data usage is extending enterprise aspirations for its potential and, in turn, transforming working practices. The study found that business leaders and employees alike predict that data literacy – defined as the ability to read, work with, analyze and communicate with data – will be the most in-demand skill by 2030.

Deep Instinct Threat Research team extensively monitored attack volumes and types and then extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and most importantly, lays out the steps organizations can take now in order to protect themselves in the future. One of the most pronounced takeaways from this research on 2021 threat trends is that bad actors are becoming more successful at evading AI/ML technologies, prompting organizations to redouble efforts in the innovation race. Specific attack vectors have grown substantially, including a 170% rise in the use of Office droppers along with a 125% uptick in all threat types combined. The volume of all malware types is substantially higher versus pre-pandemic. In addition, threat actors have made a discernable shift away from older programming languages, such as C and C, in favor of newer languages, such as Python and Go.

Humans have far greater difficulty identifying images of biometric spoofing attacks compared to computers performing the same task, according to research released by ID R&D. The research report finds that computers are more adept than people at accurately and quickly determining whether a photo is of an actual, live person versus a presentation attack. Fraudsters attempt to imitate real customers during processes such as creating a new bank account or logging into an existing account. Liveness detection instantly validates whether a photo, taken in real time, is of a live person. The study tested humans and machines by presenting them with the most common spoofing techniques: printed photos, videos, digital images, and 2D or 3D masks.