Google’s full-court press on GenAI’s misuse in creating cyber threats

Don't miss my latest CSO piece, which explains why US CISOs should prepare now for the upcoming bans on connected car technology.

On Tuesdays and Thursdays, our premium subscribers have full access to our original content, expansive summaries, intelligently clustered related articles, our best and worst things of the day, and our customary closing thoughts.

So, please consider upgrading your subscription today to access this content along with Metacurity's complete archives.

Summary of the most critical infosec developments you should know today (complete postings available below to premium subscribers)

• Cloud security firm Wiz reports that the meteorically hot AI model DeepSeek left one of its critical databases exposed on the internet, leaking system logs, user prompt submissions, and even users’ API authentication tokens, totaling more than one million records to anyone who came across the database.
• The FBI seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks.
• A lawsuit by two federal employees alleges that the Trump administration has set up an email distribution system for the entire federal workforce that raises security concerns for workers’ private data.
• Researchers at Akamai's Security Intelligence and Response Team (SIRT) have observed a new variant of the Mirai-based botnet malware Aquabot called Aquabotv3 actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones.
• DogWifTools, a token bundling tool commonly used for malicious memecoin launches, was exploited and drained more than $10 million from its users.
• Researchers at Bitdefender warned of an ongoing cyber espionage campaign orchestrated by the UAC-0063 group, believed to be linked with Russia, with confirmed attacks in Romania.
• Simon Wijckmans, the founder and CEO of web security company c/side, said his firm discovered that hackers are altering thousands of websites using outdated versions of WordPress and plug-ins to trick visitors into downloading and installing malware.
• According to researchers at Security Scorecard, in an operation it calls Phantom Circuit, North Korea's Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month.
• Authorities are investigating a cyber “incident” at the University of Notre Dame in Australia.
• Google says it's now hardening defenses against a sophisticated account takeover scam documented by Zach Latta, founder of Hack Club.
• The UK National Cyber Security Centre (NCSC) argued for simplifying the classification of security flaws and eliminating many currently used vulnerability scoring systems. The NCSC proposed eliminating the current CVSS scoring system and implementing two significant classes of flaws: forgivable and unforgivable.
• According to press reports, authorities in Turkey arrested five people on cyber espionage charges through a software system uncovered thanks to information from the National Intelligence Organization (MIT).
• Cybersecurity giant Tenable is acquiring Israeli cybersecurity company Vulcan Cyber for $150 million.
• Dark web intelligence specialist Searchlight Cyber has strengthened its security offerings by acquiring Brisbane-based attack surface management (ASM) company Assetnote.

Google’s full-court press on GenAI’s misuse in creating cyber threats

In what have become typical jam-packed news days, it might have been easy to miss yesterday that security and tech giant Google launched a full-court press to deliver its comprehensive views on the cyber dangers lurking in generative AI and how adversaries can seize upon them to damage US national security.

The company issued four posts covering the topic and reached out to even less prominent cybersecurity journalists to inform them of this robust PR effort. While most of these posts delve into how bad guys can make and deploy cutting-edge cyber threat tools using genAI, in one of them, Kent Walker, president of global affairs at Google and Alphabet, concludes that despite these fears, “the defenders are still ahead – for now,” because threat actors have yet to use AI to develop novel capabilities.

However, Walker cautioned that it won’t stay that way unless the US secures “the digital high ground.”

Walker highlights three national security imperatives to capture that high ground and maintain the current defender advantage, particularly as many malicious actors can leverage powerful new AI models. Among Walker’s imperatives are private-sector leadership in AI chips and infrastructure, public-sector leadership in technology procurement and deployment, and heightened public-private collaboration on cyber defense.