CyberWire Daily

The beginning of an international consensus on AI governance may be emerging from Bletchley Park.

Nov 2, 2023

Tim Starks, a journalist covering the SEC's case against Solar Winds, discusses the Bletchley Declaration on AI governance. Other topics include blockchain engineering by Lazarus Group, cyber incident affecting Boeing, NodeStealer attacks on Facebook accounts, and the exploitation of Citrix Bleed vulnerability. MuddyWater spearphishing Israeli targets, India investigating attacks on iPhones. Threat Vector segment covers attack surface management, and Venomous Bear introduces new tools.

31:12

Creator website

Episode guests

Tim Starks

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Bletchley Declaration represents a starting point for AI governance, emphasizing research, risk-based policies, transparency, evaluation metrics, safety testing tools, and public sector capability.

Lazarus Group targets blockchain engineers with a new strain of macOS malware called candy corn, using execution flow hijacking and Discord as the delivery method, highlighting the group's evolving techniques.

Deep dives

The Importance of AI Governance and the BLEKLE Declaration

The podcast discusses British Prime Minister Rishi Sunak hosting an AI safety summit, where a consensus was reached on AI governance. This consensus is expressed in the draft agreement called the BLEKLE declaration, which outlines the need for research to understand AI risk and the development of risk-based policies to address those risks. The declaration also emphasizes transparency, evaluation metrics, safety testing tools, and public sector capability and research.

Introduction

4min

AI Risks and Cyber Attacks

8min

Assigning Mascots to Cybersecurity Threat Actors

3min

Cloud Cyber Resilience and Tech Surface Management Report

3min

The Security Risks of Vulnerable Protocols

11min

Discussion on potential consequences for solar winds and podcast sponsor promotion

4min

Bletchley Declaration represents a consensus starting point for AI governance. Lazarus Group prospects blockchain engineers with KANDYKORN. Boeing investigates ‘cyber incident’ affecting parts business. NodeStealer’s use in attacks against Facebook accounts. Citrix Bleed vulnerability exploited in the wild. MuddyWater spearphishes Israeli targets in the interest of Hamas. India to investigate alleged attacks on iPhones. Tim Starks from the Washington Post on the SEC’s case against Solar Winds. In today’s Threat Vector segment David Moulton from Unit 42 is joined by Matt Kraning of the Cortex Expanse Team for a look at Attack Surface Management. And Venomous Bear rolls out some new tools.

On the Threat Vector segment, David Moulton, Director of Thought Leadership for Unit 42, is joined by Matt Kraning, CTO of the Cortex Expanse Team. They dive into the latest Attack Surface Management Report.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/210