Critical Security Update (2024 March 28)
Critical Security Update
AI Vulnerability, Google Chrome, ASUS Routers
Risk 1: Medium
Issue: Seven vulnerabilities were located in Google Chrome, including two of which were publicly announced and allowed remote control of your system. These vulnerabilities impact Chrome on ALL operating systems.
Resolution: Google released a Chrome update yesterday and all users should apply the update immediately.
Risk 2: Medium
Issue: ShadowRay, a vulnerability in the Ray AI Framework, releases sensitive data from thousands of companies. The data was leaked despise any service-level agreements on what plans the organizations were using.
Ray is used by Open AI (ChatGPT), Uber, Netflix, LinkedIn, Amazon, and more. This is a HUGE breach and is getting very little airtime.
Resolution: There are two actions people should take:
Limit the amount of information that is shared with these systems, even if the system is in a environment.
Be sure to customize the settings on any AI framework you use to limit the amount or access these systems will have.
Despite what some online industry influencers may want to lead you to believe, there are still risks with many of these systems. No system is 100% secure.
Financial Guardians will be doing an entire series on AI this Summer, looking at both the power of leveraging AI as well as the safeguards to put in place to safeguard data.
Risk 3: High
Issue: A dated malware, TheMoon, which impacts ASUS routers that don’t have the latest security patches and firmware applied. The exploit allows brute-force attacks on the router to allow admin credential reset.
Resolution: Anybody with an ASUS router should apply all outstanding security updates as soon as possible.
Secondly, if your ASUS router is older than 5 years, it would be a good time to evaluate and consider selecting a new one.
Announced Data Breaches
National Health Service of Scotland
Germany-Based Microsoft Exchange Servers