#8 AI Risk, iOS bug, $25M Cryto Heist, & FREE training

Recent News

Slack Be Slacking

Slack has been caught scraping their customer’s data for AI model training without opt-in and are facing backlash as a result. The data included user messages as well as shared files.

This is one of the risks we need to be aware of as cybersecurity professionals as the businesses we are defending seek to leverage AI tools. This can include ensuring staff are aware of the risks with using AI, enforcing guidelines on safe use of AI that is aligned to the organisation’s data classification structure, and exploring solutions with added security and privacy such as ChatGPT Enterprise.

Apple Photos Faux Pas

The latest iOS update, iOS 17.5, has generated quite the stir by causing old deleted photos to reappear when updating. This includes devices that have been sold to new owners causing the new owner to suddenly have photos of the previous owner in their gallery!

It’s not entirely clear what has caused this issue. However, you may have seen my recent TikTok video on this topic where I shared my views including how data deletion is actually a difficult thing to do (especially at scale)!

AI Critical Vulnerability

A critical vulnerability in Python AI package (CVE-2024-34359) has been discovered that allows arbitrary code execution. Arbitrary code execution (ACE) is a security vulnerability that allows an attacker to run any code they choose on the vulnerable system.

More than 6,000 AI models are affected and should be patched with the latest release of llama_cpp_python 0.2.72. This just demonstrates that AI technology is not immune to usual cybersecurity risks that we’ve had to deal with for years.

Career Development

Click here for links to resources from my TikTok

FREE Cybersecurity Analyst Training

If you’re looking to start a career in cybersecurity the best place to start is with an analyst role.

IBM is offering free online training to help develop your knowledge of cybersecurity analyst tools including data protection; endpoint protection; SIEM; and systems and network fundamentals.

Cybersecurity Learning Roadmap

Re-sharing this cybersecurity learning roadmap for all the new subscribers to help give you an idea of the various possible areas within cybersecurity. It’s not perfect but it gives a good high level overview for anyone new to this space.

Other News

• GPT-4o release - OpenAI releases its latest update, GPT-4o, packed with amazing features such as real-time conversations in a very realistic way and vision capabilities to view your screen or the world around you and respond to questions asked about it.

• Brothers Exploit Blockchain - Two brothers have been accused of exploiting the Ethereum blockchain to steal $25M in just 12 seconds!

• North Korea - Three people have been arrested for helping North Koreans secure remote IT jobs in the US. The suspects have been accused of helping North Korea evade US sanctions and victimise American businesses.

• Contaminated water - The U.K. Health Security Agency on Friday reported 46 cases of cryptosporidiosis, an illness that causes intense diarrhoea, linked to a water crisis in Brixham, England, forcing Residents to have to boil their tap water. As someone who lives in the UK this is extremely concerning!

TikTok Links

The following are links to resources and job opportunities I’ve discussed in my TikTok videos or during LIVEs (must be a subscribed to newsletter to view):