Up Times
Pattern-matching AI helps criminals quickly correlate data stolen in different breaches. Monitoring the dark web is a preemptive move to shield your organization from attacks like ransomware and user-account takeovers. It can give you a window of opportunity to change compromised credentials before an attack.
The dark web in the age of AI – Dark web marketplaces offer stolen credentials from data breaches for sale or even free download. Sometimes these credentials have been compiled and deduplicated from many breaches to make one large database of username and password pairs. Criminals purchase or download these lists and use bots to test these credential pairs across thousands of websites – matches may grant them access to live accounts.
Even though these practices predate large-scale AI use, pattern-finding AI is especially effective in amping up the volume and accuracy of these kinds of damaging activities.
Email accounts are the main targets for account takeover attacks. Controlling someone’s email can enable password resets on other accounts. Because attackers are using real credentials, these incursions are not easy to detect once they’ve begun. In fact, to find a worthwhile theft opportunity, it’s common for criminals to squat and read emails looking for ways they might get access to funds or to escalate their attack to other accounts.1
This means one of the best defenses, explored more fully in this Up Times, is to prevent these account-takeover attacks before they happen. Dark web monitoring searches for your organization’s email addresses in underground criminal internet activity. If one of your employees’ email addresses shows up in a database, you and/or your assigned admin are alerted so that steps can be taken to change what’s affected by the leaked credentials – for the purposes of trying to block criminal abuse.
It’s not easy to think about dealing with a thing before it happens. But awareness of criminal activity concerning your accounts, before the actual attack, is one of the most effective front-line defenses. Consult your Bryley rep about the best way to implement this for your organization.
1 https://www.huntress.com/blog/account-takeover-what-it-is-and-how-to-protect-against-it
A security risk.
BYOAI?
Employees are bringing their own AI agents. What are the risks? And how to cut those risks
McKinsey’s 2025 report “Superagency in the Workplace” shows that employers are aware of only one-third of their employees’ AI agent use. And MIT last year showed 90% of workers used AI for their work and only 40% had organization-sanctioned tools. The studies show that employees are not waiting: they’re using personal or unsanctioned AI accounts for their work.
And this creates risk … [4 min. read; audio available] Continue Reading >
Dark Web Monitoring is a detection tool – meaning it can give you the ability to contain possible damage before a cyberattack happens.
What a password on the dark web means
At times when Bryley has proposed its Dark Web Monitoring service to clients one thing that shows up for clients a lot is old passwords that haven’t been used in years.
On the surface that may feel like a relief, but that’s not the whole story.
That old password in the report comes associated with a company email address. If that address is active, criminals have the start of a dossier … [5 min. read; audio available] Continue Reading >
Nothing fancy, just normal security care.
Paved with Lax Permissions
Using AI safely has to do with the fundamentals of security
A significant number of so-called AI “risks” are, in fact, old security problems wearing new language … we already know how to solve these problems. The established security principles, frameworks, and methodologies, such as the Principle of Least Privilege (PoLP) and defense-in-depth architecture [layered security], remain perfectly valid. –Christaan Beek
Researcher Christaan Beek reveals that AI in and of itself is not the new, great security risk. The greatest risk comes with granting AI tools access to multiple tasks – exploits are more likely if an AI agent is given access to file storage, client data and your email system.
AI deployments should be limited to the data and software needed to do a task. Bryley can help you integrate AI tools in a way that follows security protocols … [10 min. read] hackernoon.com
The ChatGPT agent will be restricted at first to the state’s TSS [Technology Services and Security] Privacy Office.
Mass first state to roll out ChatGPT enterprise-wide
Limited now to phased implementation
Use of the tool is governed by terms and conditions set by the TSS Privacy Office, and regularly updated policies that govern the use and development of AI. While other states have launched limited pilot programs for ChatGPT, Massachusetts will be the first enterprise-wide deployment of the tool, per Gov. Healey’s statement.
The state’s deployment can inform what any organization might do: deploy with limitations (like policies – who can use it and why and in a set-up that does not permit your data to train the agent) … [5 min. read] mass.gov
Though the ad tried to show a dog, people saw themselves being surveilled.
Privacy matters
Sen. Markey’s letter calls out the implications of Ring’s Super Bowl ad
In case you missed it live, you can see it here. But since Amazon aired its Ring Doorbell Super Bowl ad, there has been “overwhelming opposition”: if the embedded AI technology can ID a dog, they can ID you.
For business managers this loud objection to being tracked and ID’d, may be reason to think about the data policies around the cameras and related systems you have in place.
It may be necessary to record in order to catch a criminal, but are customers and employees aware and Ok with being filmed? Would they be Ok with how that data is handled? And how long do you hold that data? Every dataset held brings more risk of exposure of that data … [5 min. read] documentcloud.org
Can we stop ourselves going the way the story portrays?
We touch, we talk, not through the machines!
EM Forster’s The Machine Stops feels too spot-on for its 1909 publication date
EM Forster’s short story of a world connected by audiovisual, glowing handheld plates is a warning to think about how we might otherwise relate to machines.
For instance in the portrayed society the machine is singular, monolithic. It’s also decaying – from forgotten knowledge, from laziness. Are we now too dependent on a single cloud service? On a single software platform? On a single form of backup? The story’s disaster wasn’t from foreign enemies, but because of our own dependence.
And Forster’s society has become so comfortable that the people are irritated by any inconvenience. This might be compared to how we’ve been conditioned to bristle at two-factor authentication and similar measures we’ve installed to help keep us safe.
The text is here. And here’s an abridged BBC Radio 4 production from 2001 [43 min. listen] youtube.com
It’s a vulnerable computer – so why be obvious about where you bank, your credit cards and investment accounts?
Hiding apps
Phones are vulnerable. Why make it easier for a thief?
Phones get left behind. Phones get stolen. Both Android and iPhones have the ability to hide apps. It’s a built-in layer of defense worth considering for your investment accounts, bank account apps, multifactor authentication apps.
Android instructions: wikihow.com. iPhone instructions: cnet.com
Note: The section directly above is Bryley’s curated list of external stories. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.
Get Up Times, useful tech news by New Englanders in Your In-Box
- Subscribe to Up Times, the monthly New England-centric technology newsletter.
- Up Times covers:
-
- Trends in New England tech
- Security tips you can implement now
- Updates on regional and national laws and compliancies
- IT-related developments
- Networking and cybersecurity challenges New England business managers are facing
- In continuous publication since 2000, Up Times arrives monthly in your email box.
Sign up for Up Times to have tech news and tips delivered monthly via email
