Darkreading.com reported that “One trend we’ve seen in recent years is a rise of “as-a-service” offerings. Early hackers were tinkerers and mischief-makers, tricking phone systems or causing chaos mostly as an exercise in fun. This has fundamentally changed. Threat actors are professional and often sell their products for others to use.”  The July 5, 2023 article entitled “A Golden Age of AI … or Security Threats?” (https://www.darkreading.com/vulnerabilities-threats/a-golden-age-of-ai-or-security-threats-) Included these comments:

AI will fit very nicely into this way of working. Able to create code to tackle specific problems, AI can amend code to target vulnerabilities or take existing code and change it, so it’s not so easily detected by security measures looking for specific patterns.

But the possibilities for AI’s misuse doesn’t stop there. Many phishing emails are detected by effective filtering tools and end up in junk folders. Those that do make it to the inbox are often very obviously scams, written so badly they’re borderline incomprehensible. But AI could break this pattern, creating thousands of plausible emails that can evade detection and be well-written enough to fool both filters and end users.

Spear-phishing, the more targeted form of this attack, could also be revolutionized by this tech. Sure, it’s easy to ignore an email from your boss asking you to wire cash or urgently buy gift cards — cybersecurity training helps employees avoid this sort of scam. But what about a deep-fake phone call or video chat? AI has the potential to take broadcast appearances and podcasts and turn them into a convincing simulacrum, something far harder to ignore.

Interesting time, so watch out!

The New York Times reported that “Legal scholars, patent authorities and even Congress have been pondering that question. The people who answer “yes,” a small but growing number, are fighting a decidedly uphill battle in challenging the deep-seated belief that only a human can invent. Invention evokes images of giants like Thomas Edison and eureka moments — “the flash of creative genius,” as the Supreme Court justice William O. Douglas once put it.” The July 15, 2023 article entitled “Can A.I. Invent?” (https://www.nytimes.com/2023/07/15/technology/ai-inventor-patents.html?referringSource=articleShare) included these comments:

The U.S. Patent and Trademark Office has hosted two public meetings this year billed as A.I. Inventorship Listening Sessions.

Last month, the Senate held a hearing on A.I. and patents. The witnesses included representatives of big technology and pharmaceutical companies. Next to them at the witness table was Dr. Ryan Abbott, a professor at the University of Surrey School of Law in England, who founded the Artificial Inventor Project, a group of intellectual property lawyers and an A.I. scientist.

The project has filed pro bono test cases in the United States and more than a dozen other countries seeking legal protection for A.I.-generated inventions.

“This is about getting the incentives right for a new technological era,” said Dr. Abbott, who is also a physician and teaches at the David Geffen School of Medicine at the University of California, Los Angeles.

Rapidly advancing A.I., Dr. Abbott contends, is very different from a traditional tool used in inventions — say, a pencil or a microscope. Generative A.I. is also a new breed of computer program. It is not confined to doing things it is specifically programmed to do, he said, but produces unscripted results, as if creatively “stepping into the shoes of a person.”

A central goal of Dr. Abbott’s project is to provoke and promote discussion about artificial intelligence and invention. Without patent protection, he said, A.I. innovations will be hidden in the murky realm of trade secrets rather than disclosed in a public filing, slowing progress in the field.

The Artificial Inventor Project, said Mark Lemley, a professor at the Stanford Law School, “has made us confront this hard problem and exposed the cracks in the system.”

What do you think?

First published at https://www.vogelitlaw.com/blog/can-ai-get-patents

Computerworld reported that “Stock content provider and creative suite Shutterstock is the latest company in its field to offer customers a legal indemnity against suits related to AI-generated images created and licensed on its platform. In its announcement, issued Thursday, Shutterstock said that the aim is to provide a level of assurance to users of its services who want to leverage the ability to use AI-generated imagery but are concerned about legal risks that could arise under US intellectual property laws.”  The July 6, 2023 article entitled “Shutterstock offers customers legal indemnity for AI-created image use” (https://www.computerworld.com/article/3701932/shutterstock-offers-customers-legal-indemnity-for-ai-created-image-use.html ) included these comments:

The indemnity mostly relates to one recently launched product from Shutterstock, namely its AI Design Assistant (an image generator that allows users to select a particular style and type of content for generated images), which is powered by the DALL-E generative AI image creator from Microsoft-backed OpenAI, the maker of ChatGPT. Shutterstock said that its contributor fund funnels monetary compensation to the artists who created images that the AI Design Assistant was trained on.

Shutterstock’s indemnity program is similar to the one announced last month by Adobe, which unveiled its own program alongside the release of Firefly, a generative-AI-powered image creation tool. Firefly, Adobe said, works through training on both images owned by the company, and those in the public domain or other material not subject to copyright rules. Like Shutterstock, Adobe said that its indemnification for AI-generated images is meant to be as similar as possible to the one that covers the company’s other assets.

Great news, but let’s see what happens at the courthouse! First published at https://www.vogelitlaw.com/blog/great-news-you-may-have-ip-indemnification-to-protect-for-ai-copyright-amp-trademark-infringement

BankInfoSecurity.com reported that “The latest development comes on the heels of a European Commission proposal Wednesday for a single currency, called the Digital Euro, that will be accepted across the EU. The new currency, issued by the European Central Bank, would “work like digital wallet,” the commission said, but members did not clarify if the currency would be integrated with the EU’s proposed digital wallet app.”  The June 30, 2023 article entitled “EU Is Set to Finalize Digital Wallet, Proposes Digital Euro” (https://tinyurl.com/2k6sfa9w) included these comments about the European Digital Identity framework (https://data.consilium.europa.eu/doc/document/ST-14959-2022-INIT/en/pdf)”

The latest development comes on the heels of a European Commission proposal Wednesday for a single currency, called the Digital Euro, that will be accepted across the EU. The new currency, issued by the European Central Bank, would “work like digital wallet,” the commission said, but members did not clarify if the currency would be integrated with the EU’s proposed digital wallet app.

Both the initiatives have faced criticism from lawmakers, and privacy experts fear the proposals would put citizens’ digital security at risk.

Lawmakers removed unique identifiers from the digital wallet, citing snooping risks, but using the wallet for identity confirmation could displace the anonymity online users now have on the internet, said Patrick Breyer, a German politician and member of the Pirate Party.

What do you think?

First published at https://www.vogelitlaw.com/blog/are-you-ready-for-digital-wallets-in-the-eu

Darkreading.com reported these comments from Check Point researchers “The research also highlights the “alarming” role USB drives play in spreading malware quickly and often unbeknown to users — even across air-gapped systems. “These malicious programs possess the ability to self-propagate through USB drives, making them potent carriers of infection, even beyond their intended targets,…” The July 22, 2023 article entitled “USB Drives Spread Spyware as China’s Mustang Panda APT Goes Global” (https://tinyurl.com/3wpzsypn) included these comments:

Researchers at Check Point Research discovered the backdoor, which they’ve dubbed WispRider. The campaign is the work of the Chinese-state-sponsored APT that Check Point tracks as “Camaro Dragon,” but which is probably better known as Mustang Panda (aka Luminous Moth and Bronze President).

Check Point first discovered the malware when an employee who had participated in a conference held in Asia came home with an infected USB drive, researchers revealed in a blog post published June 22. Apparently, the employee — dubbed “Patient Zero” by the researchers — had shared his presentation with fellow attendees using his USB drive, and one of his colleagues there passed on the infection from his computer, they said.

Pretty scary news, what do you think?

First published at https://www.vogelitlaw.com/blog/new-usb-drive-malware-spreading-across-the-world

HealthcareInfoSecurity.com reported that “A consumer genetic testing company must ensure the destruction of customer saliva samples and undergo third-party evaluation of its information security program for the next two decades under a proposed consent order with the U.S. Federal Trade Commission.”  The June 16, 2023 article entitled “FTC Orders 1Health.io to Improve DNA Data Privacy, Security” (https://tinyurl.com/yc36rvd9) included these comments:

California firm 1Health.io, previously known as Vitagene, also committed to paying $75,000 in an enforcement action that marks the FTC’s first case focused on the privacy and security of genetic information.

The San Francisco company offers personalized diet and exercise plans fueled by genetic results. In a statement shared with Information Security Media Group, a company spokesperson complained about the agency investigation.

“The FTC with its many staff members has spent over five years investigating,” the spokesperson said. “After five years of investigation they are charging a startup company with less than 20 employees $75,000.”

What do you think about this?

First published at https://www.vogelitlaw.com/blog/ftc-orders-protection-of-dna-data-privacy-what-about-ocrs-oversight

GovInfoSecurity.com reported these comments from “Dutch member of the European Parliament Kim van Sparrentak also characterized Altman as attempting to blackmail European regulators” that “If OpenAI can’t comply with basic data governance, transparency, safety and security requirements, then their systems aren’t fit for the European market,…”  The May 26, 2023 article entitled ” OpenAI CEO Altman ‘Blackmails’ EU Over AI Regulation” (https://tinyurl.com/2pxe4ks4) included these comments:

ChatGPT will continue to operate inside the European Union for now despite warnings from OpenAI CEO Sam Altman that he’s prepared to pull out from the bloc if he doesn’t like artificial intelligence regulations being prepared in Brussels.

Altman, who’s been on a tour of European capitals, told reporters in London on Thursday that he’s dubious of the Artificial Intelligence Act regulation on track for enactment in the coming year.

What do you think?

First published at https://www.vogelitlaw.com/blog/where-is-the-eu-going-with-ai-regulation

BankInfoSecurity.com reported that “Law enforcement and regulatory action over the past year in the United States most likely dissuaded hackers from stealing cryptocurrency, making the amount stolen in the first quarter of the year the lowest compared to each of the four quarters in 2022.”  The May 23, 2023 article entitled ” Sharp Decline in Crypto Hacks in Q1 2023 Unlikely to Last” included these comments “In comparison, hackers stole $4 billion in 2022”:

Hackers siphoned off $400 million worth of cryptocurrency in 40 hacks in the first three months of 2023, TRM Labs said. The amount of stolen funds in Q1 2023 is 70% lower and the average hack size down to $10.5 million from $30 million year-over-year.

This slowdown, TRM Labs said, is “most likely a temporary reprieve rather than a long-term trend.”

A “few” large-scale attacks can cause a dramatic change in the total amount stolen. Just 10 hacks in 2022 accounted for 75% of the total amount stolen in the year, TRM Labs said. Individual quarter numbers also offer “poor predictions” for a yearlong trend, the firm said. The Q1 2023 numbers mirror those of Q3 2022. Hacks in Q4 2022 turned 2022 into a record year for crypto hacking.

What do you think?

First published at https://www.vogelitlaw.com/blog/crypto-hacks-in-2023-have-declined-in-2023-but-likely-to-increase

GovInfoSecurity.com reported that “Executive liability, where decision-makers face personal liability for making professional decisions, is a topic trending yet again as former Uber CSO Joe Sullivan was recently sentenced to probation and a fine for his role in covering up a data breach that affected tens of millions of Uber account holders.”  The May 7, 2023 article entitled “What Executive Liability Means for a CISO” (https://tinyurl.com/397zrc2x) included a description of the RSA 2023 Panel discussion with:

*Solomon Adote, chief security officer for the state of Delaware;

*Aravind Swaminathan, global co-chair for cybersecurity and data privacy at Orrick, Herrington & Sutcliffe;

*Rocco Grillo, managing director of global cyber risk services and incident response investigations at Alvarez & Marsal; and

*Ankur Ahuja, global vice president and CISO at Fareportal Inc.

The RSA 2023 Panel discussed:

*Juggling compliance with blocking and tackling cyberthreats;

*Interpretation of regulations that apply to distinct situations;

*How executives can protect themselves and their organizations from liability.

What do you think?

First published at https://www.vogelitlaw.com/blog/should-cisos-be-liable-for-making-business-decisions

Darkreading.com reported that “A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren’t being approved.”  The April 21, 2023 article entitled “Shadow IT, SaaS Pose Security Liability for Enterprises” (https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises) included these comments about “Why Is Shadow IT Such a Liability?”:

All issues surrounding shadow IT can be traced back to an organization’s lack of visibility. An unmanaged software stack gives IT teams zero insight into how sensitive company information is being used and distributed. Since these tools are not vetted properly and are left unmonitored, the data they store is not adequately protected by most organizations.

This creates the perfect framework for hackers to easily seize important data, such as confidential financial records or personal details. Critical corporate data is at risk because most, if not all, SaaS tools require corporate credentials and access to an organization’s internal network. A recent survey by Adaptive Shield and CSA actually shows that in the past year alone, 63% of CISOs have reported security incidents from this type of SaaS misuse.

What Shadow IT is operating in your enterprise?

First published at https://www.vogelitlaw.com/blog/shadow-it-amp-saas-remain-major-security-threats