Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We have been fantasising about artificial intelligence for a long time. This obsession materialises in some cultural masterpieces, with movies or books such as 2001: A Space Odyssey, Metropolis, Blade Runner, The Matrix, I, Robot, Westworld, and more. Most raise deep philosophical questions about human nature, but also explore the potential behaviours and ethics of artificial intelligence, usually through a rather pessimistic lens.

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing imitations of people’s voices based on very small audio samples. “At work, you get a voicemail from your boss,” the BBB says. “They instruct you to wire thousands of dollars to a vendor for a rush project. The request is out of the blue. But it’s the boss’s orders, so you make the transfer.

Smart homes, connected cars, and smart watches: these are examples of consumer-focused devices in the Internet of Things (IoT). But the Internet of Things extends beyond consumer use as new technologies are implemented in industrial settings and critical infrastructure. With the continuing development of the Internet of Things come new attack surfaces and cybersecurity risk directly related to the IoT.

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.

Bugcrowd offers crowdsourced security testing through a community of white hat hackers. CyCognito offers automated discovery of an organization’s externally exposed attack surface. Combined, the two solutions allow for a comprehensive inventory of exposed assets to be included in the scope of bug bounties or pentests.

Identity and access management (IAM) provides a consistent, centralized solution to manage user identities and automate access control throughout the organization. This helps security leaders introduce role-based access control and meet governance, risk, and compliance goals. Your organization may already have centralized management policies in place. For example, requiring employees to use a VPN when accessing company assets remotely shows an IAM solution in action.

As open source software development continues to evolve, so does its susceptibility to cybersecurity threats. One such instance is the recent discovery of malware repositories on GitHub. In this cybersecurity attack, threat actors managed to upload malicious code onto GitHub, a platform that hosts millions of code repositories and is used by developers worldwide.

Nearly one third of all data breaches are caused by insiders. While you might immediately think of malicious insiders, like disgruntled or departing employees, insider risk can take numerous forms, including: From these examples alone, it’s easy to see just how prevalent insider risk really is. Whether it’s intentional or unintentional, insider risks often have the same consequences as external risks, including data leaks, data loss, noncompliance, and more.