- Project Overwatch
- Posts
- #026 - Cyber AI Chronicle - From Data Quality to Cargo Cults: AI Reliability Insights
#026 - Cyber AI Chronicle - From Data Quality to Cargo Cults: AI Reliability Insights
PRESENTED BY
Cyber AI Chronicle
By Simon Ganiere · 14th July 2024
Welcome back!
Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.
Table of Contents
What I learned this week
TL;DR
Microsoft is still chasing Midnight Blizzard. A fresh set of notifications have been sent to impacted customers who emails have been accessed by the threat actor. Microsoft is providing a secure portal for customers to actually view those emails so they can assess the impact.
A great read from Qualys on that OpenSSH vulnerability named regreSShion. This one is a regression from a 2006 vulnerability! On the other side of the software supply chain, the story of polyfill[.]io compromise is for sure something to read as well. The complexity of managing software dependencies cannot be underestimated!
AT&T is in for a massive data breach! Basically nearly all of their mobile customers are impacted - that’s a 109 million customers. Based on the SEC filing, it seems to be linked to the “[…] threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform […]”. BleepingComputer confirmed the root cause was the Snowflake instance used by AT&T. Rogue access to Snowflake instances has now generated a significant amount of data breach!
For those of you who are interested - and you should if I’m being honest - in non-human identity (e.g. service accounts or technical accounts) my good friend Lalit Choda created a group on LinkedIn and a support website as well. Highly recommend you go check it out!
The EU AI Act enters into law and as such the countdown for compliance as has started. I cover the EU AI Act previously, you can read it here. Definitely now is the time to do that compliance review and ensure you are aligned with those requirements (assuming you are in-scope of the EU AI Act of course).
On the back of the latest newsletter, I’m continuing to explore my workflow to summarise cyber incidents / threats. This week I’m exploring the reliability aspect of AI implementation by identifying a couple of quick wins and also highlighting the extreme importance of avoid cargo cult mentality in AI development » MORE