AI Intrigue: Beware the Trojan Models! πŸ€–πŸ’₯

Mar 05 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s always phishing for compliments so be sure to rate and comment, folks πŸ˜‰πŸŽ£πŸ™ˆ

Today’s hottest cybersecurity news stories:

  • 🌐 Hugging Face platform infested with 100+ malicious AI/ML models πŸ‘Ύ

  • πŸ’³ AmEx customers beware! Credit cards exposed in 3rd-party data breach 🚨

  • πŸ‘¨β€πŸ’Ό NTT boss Masaaki Moribayashi resigns after 9.28m records were leaked πŸ“

Black Hawk and Sitting Bull, watch out for the one they call Hugging Face πŸΉπŸ›ΆπŸ¦…

 

giphy.com

 

🚨 AI Intrigue: Beware the Trojan Models! πŸ€–πŸ’₯

In a startling revelation, as many as 100 malicious AI/machine learning models have been unearthed lurking within the Hugging Face platform, a popular hub for AI enthusiasts. πŸ˜±πŸ€–πŸ”

Code Execution Catastrophe! πŸ’»πŸš¨πŸ”“

According to security experts at JFrog, loading certain pickle files on the platform triggers a nightmare scenario: code execution! This devious payload grants hackers a backdoor into victims’ machines, potentially leading to massive data breaches and corporate espionage. πŸ˜¬πŸ’ΌπŸ’”

The Rogue Model’s Gambit! πŸŽ­πŸŒπŸ’£

One particularly nefarious model initiates a reverse shell connection to an IP address linked to the Korea Research Environment Open Network (KREONET), leaving victims blissfully unaware of the intrusion. πŸ˜³πŸ”—πŸ’₯

The Risks of Open Source πŸ›‘οΈπŸ•΅οΈβ€β™‚οΈπŸ”

This alarming discovery once again highlights the dangers lurking within open-source repositories, where malicious actors can quietly plant digital landmines for unsuspecting users. πŸ˜¨πŸŒπŸ’£

From Model Mishaps to AI Worms!

As if that weren’t enough, researchers have also unveiled a new breed of AI worm dubbed Morris II, capable of spreading malware and pilfering data across systems. This digital menace leverages cleverly crafted prompts to manipulate large-language models into doing its bidding. πŸ˜±πŸ€–πŸ›

Prompt-Driven Peril! πŸš¨πŸ”πŸ“Š

The attack technique, known as ComPromptMized, injects malicious code into generative AI models, opening the door to a host of cyber threats reminiscent of classic hacking techniques like buffer overflows and SQL injections. πŸ˜¬πŸ’»πŸ”“

Cybersecurity in Peril! πŸ›‘οΈπŸ”’πŸ’”

These revelations serve as a stark reminder of the ever-evolving cyber landscape, where even the most advanced AI models can be turned against us. With cyber threats growing in sophistication, vigilance is key to staying one step ahead of the digital dangers lurking in the shadows. πŸ‘€πŸ”’πŸŒ

 

Signup for Free

 

Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Hackers: Express delivery! πŸ’€πŸ’€πŸ’€

🚨 American Express Data Breach: What You Need to Know! πŸ’³πŸ”“

American Express customers, beware! A recent data breach has exposed credit card details after a merchant processor fell victim to hackers. πŸ˜±πŸ’³πŸ”“

Third-Party Trouble! πŸ›‘οΈπŸ•΅οΈβ€β™‚οΈπŸš«

This breach wasn’t American Express’s faultβ€”it happened at a third-party merchant processor where American Express card data was handled. πŸ˜¬πŸ’ΌπŸ’”

What Went Down πŸ€”πŸ”πŸ’₯

According to a data breach notification filed with the state of Massachusetts, hackers gained unauthorised access to the merchant processor’s system, potentially exposing account information of some American Express Card Members. πŸ˜³πŸ”’πŸ’₯

What’s at Risk πŸ’³πŸ”πŸ’₯

Customer’s American Express Card account numbers, names, and card expiration data were compromised in the breach. The full extent of the impact is still unclear. πŸ˜¬πŸ”“πŸ’₯

What American Express Is Doing πŸ›‘οΈπŸ”πŸ”’

American Express has sprung into action, alerting regulatory authorities and impacted customers. Plus, they’ve assured customers that they won’t be held responsible for fraudulent charges on their cards. πŸ‘πŸ’ΌπŸ”’

Top Tips πŸ›‘οΈ

  • Keep an eye on your account statements for the next 12 to 24 months.

  • Report any suspicious activity ASAP.

  • Enable instant notifications via the American Express mobile app for added security.

  • Consider requesting a new card number if your information was compromised. πŸ“±πŸ‘€πŸ›‘οΈ

Stay vigilant, stay secure, and keep those credit cards safe! πŸ’ͺπŸ”’πŸ’³

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can’t get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)


🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Masaaki Moribayashi: I have brought great shame on NTT West family πŸ˜žπŸ‘˜πŸ’€ #MoriBYEashi πŸ™ˆ

🚨 NTT West President Resigns Amid Data Leak Scandal! πŸ”πŸ“‰

In a move of accountability, NTT West President Masaaki Moribayashi announced his resignation, effective March end, following the revelation of a data leak affecting a whopping 9.28 million customers last October. πŸ˜”πŸ’ΌπŸ’₯

Taking Responsibility! πŸ›‘οΈπŸ’ΌπŸšΆβ€β™‚οΈ

“Atoning for our social responsibility is paramount. I’m stepping down to shoulder the blame,” stated Moribayashi during a widely covered press conference in Osaka. πŸ˜žπŸ‘”πŸ‡―πŸ‡΅

A Decade of Data Theft! πŸ•΅οΈβ€β™‚οΈπŸ’³πŸ’₯

The leak stemmed from a temporary employee at NTT Business Solutions Corporation, who pilfered the data over a decade and sold it to a third party. πŸ˜±πŸ’°πŸ’»

Apologies and Investigations πŸ™πŸ”πŸ“

NTT West issued a heartfelt apology for the breach and disclosed findings from their investigation. Despite the theft predating Moribayashi’s tenure, the organisation had been alerted to a potential breach in 2022, which internal probes failed to uncover. πŸ˜”πŸ”πŸ’Ό

Legal Ramifications βš–οΈπŸ’ΌπŸš“

The former employee behind the breach has been apprehended and indicted for violating the unfair competition prevention law. πŸš¨βš–οΈπŸ’₯

Resignation Culture in Japan πŸ€πŸ“‰

In Japan, resignations following such incidents are customary, either as a form of contrition, to preserve one’s honour, or to assuage public outrage. Often, leaders offer up their salaries as penance to avoid stepping down. πŸ€πŸ‘”πŸ’Ό

As Moribayashi steps down, the saga underscores the importance of data security and accountability in the modern digital landscape. πŸ›‘οΈπŸ”’πŸ’Ό

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles