This week in the Security Weekly News: AI Threat Intelligence, AI Hacking, Data Breaches, Zhong, DOGE, and more!
Security Weekly listeners save $100 on their RSAC Conference 2025 Full Conference Pass! RSA Conference will take place April 28 to May 1 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac25 and use the code 5U5SECWEEKLY! We hope to see you there!
Joshua Marpet
- Deposed? Don’t worry, AI would never misconstrue your words!
AI is all about assisting people, and tools built to make us more efficient. What could go wrong? Well, if you let an AI summarize deposition transcripts, and make suggestions on them, is there a chance the AI could miss nuance, subtext, and meaning? NEVER!!!
- The next big thing in tech! Cloud, Compliance, and Scale!
Interesting story, a group of Indian technologists and executives got together and decided that cloud, compliance, and scale are the next big things. Handling vast amounts of data, in a compliant, secure, cloud-based environment. They talk about the interconnections of those environments as well. API Security is a big thing, as it should be, with Zero Trust. I'd add AI, but other than that, a solid thought out piece.
- AI to enhance threat intelligence? Sure!
AI is fantastic at collation and correlation of data. In this case, collating the CVE's found in a vuln scan, with descriptions of them, and correlating them with a CAASM (Cybersecurity Asset, Attack Surface Management) tool, otherwise known as an Asset Inventory. Not having to switch tabs? SOC Analysts, rejoice!! All you have to lose is your carpal tunnel!!!
- AI HACKING!!! Run for the hills! The AI are attacking! Sort of!
AI is fantastic at collation and correlation. MAybe even writing phishing emails, but attacks? Not so much. It may get better, and it will certainly scale faster than training legions of Skiddies, but for now at least, it's not a full scale hacking platform. Will it assist cybercriminals with existing TTP's? Sure! Will it come up with new ones? Not yet.
- AI Data Breach going up! WAy up!
I mean, are you surprised? Between AI companies snagging any data they can to feed the AI baby birds, and cloud companies gleefully turning into AI companies because they already have data, who could blame them for diversifying their income streams?
- Remote mobile data collection and analysis, with AI!!!
No agent, remote collection, and AI analysis? No possibility of this going wrong.
- Zhong Stealer, I barely knew her!
Exploiting revoked certificates, support platforms like anydesk, Alibaba cloud, and lots of chinese characters, Zhong Stealer is a fintech focused theft malware. This article is a really nice breakdown of tactics, techniques, and everything about this particular piece of malware. Nicely Done!!!
- Scalability, Security, and Compliance
Apparently, it's steam engine time.
- DOGE leaks?
Not a political story, but would a security news show be complete without a breach? DOGE's new website may, may, may have leaked info about the National Reconnaissance Office (NRO), which may or may not exist. We cannot confirm or deny that the office exists, that classified information was leaked, or that the people who build DOGE's websites may need some remedial security education.