As we near the end of 2022, the Common vulnerabilities and exposure metrics for this year continue to show an upward trend and this comes as no surprise to anyone.
Just to level everyone up, Common Vulnerabilities and Exposures, often abbreviated as CVE, is a list of publicly disclosed computer vulnerabilities. When someone refers to a CVE, they mean a vulnerability that has been assigned a CVE ID number.
Published CVE records:
A new one at the end of September 2022 zero day which allows attackers to discreetly gain full access to an email system is actively exploited on Microsoft Exchange Server, a very popular email platform used by millions of companies around the world. Fortunately, researchers privately reported the vulnerability to Microsoft in early September, so a fix is in the works. The US Department of Homeland Security has compiled as usual excellent information and mitigations for users and administrators.
In July 2022, the National Institute of Standards and Technology (NIST) released the following facts about the need for cybersecurity forces today:
- Globally, the shortage of cybersecurity professionals is estimated at 2.72 million
- 35% of hiring managers believe it takes 3-5 years for a cybersecurity professional to become proficient
- A total of 1.1 million cybersecurity workers are employed in the US and there are 714,548 total job openings
- 78% of decision makers state that finding certified employees is difficult, which is why 91% of companies are willing to pay to train and certify their employees
- Key tasks identified for entry-level candidates include: monitoring alerts and events, documenting processes and procedures, responding to incidents, using scripting languages, and reporting (developing and creating reports)
For the full fact sheet, click here.
The data suggests that there is an upward trend in exposure to vulnerabilities associated with understaffing. As a result, there is an increased workload for current cybersecurity technology and cybersecurity professionals who are responsible for detecting emerging threats and defending their organizations.
Savvy cybersecurity executives should respond to current industry conditions by turning to artificial intelligence platforms to augment the existing cybersecurity workforce. But will the AI-based technology be implemented, Yes, really, lead to greater skills in existing staff? let’s find out Check out this series of “Interactions?” between VP Technology Solutions, Randy Blasik and OpenAI with the free use, playground Tool.
Artificial intelligence – The theory and development of computer systems capable of performing tasks that normally require human intelligence, such as visual perception, speech recognition, decision making, and translation between languages.
Using AI to reduce the time it takes a cyber security professional to become proficient. Use AI to interpret scripts and security telemetry:
 |
import hashlib print(“****************PASSWORD CRACKER *****************”) pass_found = 0 input_hash = input(“Enter the hashed password:”) pass_doc = input(“\nEnter the password filename including path (root / home/):”) try: pass_file = open(pass_doc, ‘r’) except: print(“Error:” ) print(pass_doc , “is not found.\nPlease enter the correct path to the file.” quit() for word in pass_file: enc_word = word.encode(‘utf-8’) hash_word = hashlib.md5(enc_word. strip()) Digest = hash_word.hexdigest() if digest == input_hash: print(“Password found.\nThe password is:“, word) pass_found = 1 break if not found pass_found: print(“Password is not found in the “, pass_doc, “file ”) print(‘\n’) print(“***************** Thank you ************* **** ***”) #explanation of what the code does ”’ |
|
Explain what this script does? |
 |
1. The user enters the password to be cracked. 2. The user enters the name of the text file containing the passwords to be used to crack the user’s password. 3. Then the code looks for the password in the text file. 4. If found, it will print the password. 5. If it isn’t found, a message will appear stating that it was not found in the text file. ”’
|
|
Answer from OpenAi:
|
|
 |
|
Explain what this warning means: |
|
Code is a series of key-value pairs that describe an event. The event is a suspicious TCP SYN flow initiated from host with IP xxx.60.129.xxx to host with IP xxx.131.96.xxx. The event is classified as a DDoS attack, and the source and destination networks are listed as Uncategorized and Public, respectively. Additional information about the event is also provided, including the duration, number of packets, and number of bytes involved in the attack. |
|
Answer from OpenAi:
|
AI as a guide for cybersecurity analysts.
|
“Can you initiate an incident response to a disgruntled customer whose business has shut down after a ransomware attack?” |
|
Help me with a process |
|
Yes, a disgruntled customer whose business has been disrupted after a ransomware attack can have an incident response initiated. Response may include working with the customer to understand the problem, identify the cause of the problem, and take steps to resolve the problem. |
|
Answer from OpenAi:
|
|
“How do I identify the source of the problem? |
|
Help me with a process |
|
The root cause of the problem can be identified by conducting an investigation and reviewing evidence to determine what caused the problem. This may include reviewing system logs, examining network traffic, and interviewing customers and employees. |
|
Answer from OpenAi:
|
Leveraging AI to simplify threat intelligence:
|
Summarizing this for a high school student: Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019. The first, identified as CVE-2022-41040, is a server Side Request Forgery (SSRF) vulnerability and the second, identified as CVE-2022-41082, allows Remote Code Execution (RCE) if PowerShell is exposed to the attacker . |
|
Help me with this report |
|
Two different hackers found ways to break into Microsoft Exchange Server 2013, 2016 and 2019. One possibility allows the hacker to run arbitrary code on the server. The other way lets the hacker pretend to be someone else to access information they shouldn’t see. Microsoft is trying to fix these problems. |
|
Answer from OpenAi:
|
Have fun with AI:
|
If 78% of decision makers state that finding certified cybersecurity analysts is difficult, which is why 91% of companies are willing to pay to train and certify their staff, then I should still consider using artificial intelligence to augment my existing staff to use? |
|
I need help deciding |
|
Yes, you should still consider augmenting your existing staff with artificial intelligence, even though it’s difficult to find certified cybersecurity analysts. Artificial intelligence can help automate some of the tasks that certified analysts would typically perform, freeing up time to focus on more complex tasks. In addition, artificial intelligence can help improve the accuracy of some tasks, such as B. Identifying potential threats. |
|
Answer from OpenAi:
|
Conclusion:
Do you think implementing AI-based technology will lead to greater capabilities in your organization? Maybe think about it. The really bad cybercriminals out there are using AI to ingeniously penetrate your organization’s defenses and steal, encrypt, modify or make your data inaccessible. Shouldn’t one be at least equal to them?
By leveraging technology with an effective and comprehensive AI engine, any organization empowers your existing team and new hires to get to the bottom of attacks faster, more effectively, and more accurately to prevent costly data or monetary loss.
