This is London calling—or is it?

Deepfakes and voice phishing have become front of mind concerns for security experts like Rex Booth, CISO for identity management software developer SailPoint.

During a meetup on the CES floor this month, Booth told IT Brew that threat actors are using AI to strengthen social engineering attacks and their overall capabilities.

“That was one of their growth problems; they were constrained by their own scale,” Booth said. “Now the gloves are off, and they’re going to be able to grow much more rapidly than they were able to in the past.”

Artificially intelligent. Booth told IT Brew that cybercrime is a booming industry with similar incentives to legal entities. The bottom line rules all.

“They’re well-run businesses,” Booth said. “So, they’re looking for ways in which they can garner economies of scale, and really just be as efficient as possible.”

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Tech leaders are feeling the pinch. They’re dealing with uncertainty around generative AI, cybersecurity threats, automation—the kind of challenges that weigh on ya.

That’s where Splunk can help. Their newsletter shares insights that keep you informed on how security, IT, and engineering decision-makers are thinking about the industry’s top topics.

Wondering how chief information security officers (CISOs) are (and aren’t) using generative AI? Or what lessons technical leaders can learn from Formula 1 pit crews? Splunk has you covered.

As the experts in unified security and observability, Splunk connects with tech leaders all the time, and their content is specifically curated for C-suite technical execs (think: CISOs, CTOs, and CIOs).

Stay informed with Splunk.

You may have just changed your password, but an exploit using an undocumented Google OAuth endpoint to allow continual account access—even if the user changes their password—might make you feel like changing it again.

That’s according to research from security firm CloudSEK, which says threat actors first teased the exploit on Telegram in October 2023. The exploit allows malicious parties to abuse the undocumented Open Authorization 2.0 (OAuth) endpoint, MultiLogin, to restore expired authentication tokens and thus gain continual access to an account.

Since the initial announcement, cybercriminals have paired the exploit with information-stealing malware that uses advanced blackboxing techniques intended to obscure its origin, CloudSEK Threat Researcher Pavan Karthick M wrote in a blog post.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

The password manager LastPass has begun the new year with a new security resolution: a 12-character minimum for master passwords.

While the requirement increases account security, experts who spoke with IT Brew also emphasized the importance of introducing stronger measures like multi-factor authentication (MFA).

“There needs to be something more than the password just to get into your password manager,” Dan Conrad, Active Directory security and management team lead at One Identity, told IT Brew. “If you’ve got a password manager, and it just requires a 25-character string to get in, with no multi-factor, I wouldn’t endorse it at all.”

In addition to a mandatory 12-character-minimum password (that features at least one uppercase, lowercase, or special character), LastPass also used its Jan. 2 post to announce that it is “prompting customers to re-enroll their multi-factor authentication.”

Keep reading here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 49%. That’s the number of gaming-industry developers who said that generative AI tools are currently being used in their workplace. (Ars Technica)

Quote: “It will change the world much less than we all think and it will change jobs much less than we all think.”—Sam Altman, speaking about AI at the World Economic Forum in Davos, Switzerland (CNBC)

Read: A pair of one-page guides for detecting suspicious activity in Microsoft 365 and Entra. (Microsoft)

Racing lessons: Would you tell your team to act more like a pit crew? You might after reading Splunk’s piece about what technical leaders can learn from these high-octane teams. Check it out.*

^{*A message from our sponsor.}