ASIS NJ

AI Glossary Part 1

admin — Fri, 27 Mar 2026 18:41:07 +0000

It seems like AI is on everyone’s minds today. As you read articles about AI developments, you may encounter a range of complex terms used to discuss it.

This post will begin an “AI Glossary” series. In it, we’ll define key AI terms and explain the cybersecurity considerations related to them.

Agent: A standard AI chatbot just talks to you, but an agent can actually do things. A chatbot is like a consultant who gives you advice, whereas an agent is like an employee who takes that advice and files the paperwork or sends the email.

Algorithm: This is a set of rules a computer follows to solve a problem. Think of it like a recipe for a cake. If the computer follows the steps exactly, it gets the desired result every time.

API (Application Programming Interface): This is the bridge that lets two different software programs talk to each other. Think of it like a waiter in a restaurant. The kitchen (the software) and the customer (you) do not talk directly; the waiter (API) takes the order and brings the food back.

Cybersecurity considerations:
Some of the biggest risks associated with the use of AI occur when AI is in Agent mode. This is because the AI is enabled to undertake administrative actions such as making purchases and downloading files. This leads to risks such as the AI mistakenly downloading malicious files or making other decisions that compromise data.

AI should be used in Agent mode only with caution. If you do decide to use it, ensure that you have implemented the following:
-Limited permissions: Don’t allow it to access private data, bank account info, etc.
-Approval required to complete sensitive actions like purchases

If you need assistance with implementing these AI permissions, contact ASIS.

The post AI Glossary Part 1 first appeared on ASIS NJ.

“Unsolvable” AI Browser Prompt Attacks

admin — Fri, 16 Jan 2026 22:06:37 +0000

A new scam called prompt injection targets AI browsers while remaining invisible to humans.

For example, a malicious website might have text written in a white font on a white background. While the user doesn’t see the text, an AI browser reviews all the text on the page, and responds accordingly. The text may prompt the AI to take action that compromises the user’s data.

Open AI has recently admitted that prompt injection scams do not have a quick fix, but exploit vulnerabilities central to AI’s processes.

The risk increases when AI browsers are used in “agent mode,” which allows the browser to take actions such as clicking links and reading emails. According to cyber expert Kurt Knusson, “The more an AI can do on your behalf, the more damage it can cause when something goes wrong.”

This vulnerability applies to all AI browsers, not just those from Open AI. When allowed free rein to operate on their own, AI browsers have made purchases from fake sites and followed harmful hidden instructions.

The most direct way to remedy this is to not use AI browsers. But if you do, be sure to require confirmation for any actions. Don’t allow the AI to operate on its own and mistakenly allow malware onto your computer.

In addition, beware of AI summaries. When the AI scans documents or emails, it may also absorb embedded malicious information.

The post “Unsolvable” AI Browser Prompt Attacks first appeared on ASIS NJ.

Don’t Let Scams Wreck your Holiday

admin — Wed, 17 Dec 2025 19:16:15 +0000

The holiday season should be a time for family, friends, and festivities. But be aware that cybercriminals know that people are busy and distracted during this time of year and seek to take advantage of that. Here are just a few examples of holiday-related scams to avoid.

1. Gift Card Scams
This type of scam has become more prevalent in general, but it is especially an issue around the holidays. Since gift cards are difficult to trace, they have become a way for criminals to cover their tracks.

How to avoid this:
-No seller should be asking for payment in gift cards. If this occurs, end the transaction.
-If you purchase a gift card online, make sure the site is legitimate.

2. Package Delivery Scams
During the holidays, many people are expecting package deliveries, so a message about a package delivery might not seem out of place. But if you receive a text similar to the following, think again.

“Your package is stuck at the sorting center, pls update your address: www.upst.top.us”

A few clues indicate that this message is not legitimate. First, the link is not to ups.com – it’s to “uspst.top.” This is another cybercriminal strategy that is becoming increasingly common: “typosquatting,” which involves hackers claiming domains with names almost the same as the company they are posing as. This trick relies on users not noticing the typo and thinking the link goes to the actual site.

In addition, the text uses abbreviations “pls” which official company communications would not contain.

How to avoid this:
If you receive an email or text about a package and are not sure whether it is fake, do NOT click on the link. Instead, go back to the original confirmation email you received when you placed the order. You can use the order number to access the real package tracking information.

3. Fake Online Stores
Hackers can create online stores designed to mimic the branding and design of the actual store, yet whose sole purpose is to steal your information. The site may also send you emails with malicious links.

How to avoid this:
-Check that the site domain name is an exact match and that there are no typos. If there are, the site may be employing the “typosquatting” scam technique.

-Notice whether there are spelling and grammar errors on a site, or informal “texting speech” that official company communications would not contain.

-If the website asks for highly sensitive personal information not necessary for a purchase, such as your social security number, that is a red flag that the site is malicious.

The post Don’t Let Scams Wreck your Holiday first appeared on ASIS NJ.

“Mimic” AI Apps

admin — Wed, 03 Dec 2025 19:10:49 +0000

With the AI revolution, AI is increasingly being incorporated into people’s daily lives. Along with this, AI apps such as Chat GPT are becoming commonplace. However, users should be aware that there are fake apps that imitate open AI, while acting solely to steal data.

These “mimic” apps often include the exact same branding information as real Open AI apps. One example is “DALL-E 3 AI Image Generator.” It claims to be an AI image generator and shows a preview of an image being generated. Yet once downloaded, the app does not generate images; it just remains on a loading screen. According to Appknox, a platform for mobile application security, the app only performs advertising and data analytics functions. It uses image generation as a cover for its real operations.

Other “mimic” apps can be even more sinister. An app known as “WhatsApp Plus,” posing as an upgraded version of WhatsApp, actually contains advanced malware capable of stealing credentials and conducting surveillance. Its malware continues running even after the app is closed.

“Mimic” apps can harm both individuals and businesses. Here are some ways to defend your device against “mimic” apps:

Download only from official app stores
It is best to only download from your official app store, whether Apple Apps or Google Play. While it is still possible for malicious apps to appear in official app stores, these contain security checks in official stores that other vendors do not require. Moreover, if official stores receive reports of a malicious app, they are prompt in taking that app down.
Verify the developer before you download an app
The developer for ChatGPT apps is OpenAI, so be sure to check that the name of the developer on an app you download is what it should be. Hackers will often use similar-sounding names, so even if there’s a slight difference, be sure to check again.
Update your device regularly
Malicious apps can exploit vulnerabilities in other apps and in your device, to be sure to keep both your device and apps updated.
Use antivirus software
Use a high-quality antivirus software such as Sentinel One, which uses AI in a proactive manner to anticipate and prevent attacks. If you do not already have Sentinel One, please contact ASIS.

The post “Mimic” AI Apps first appeared on ASIS NJ.

Beware ClickFix Attacks

admin — Thu, 06 Nov 2025 17:38:37 +0000

If you are browsing a website when an alert pops up telling you to take immediate action, think twice before you click!

A new type of cyberattack, called “ClickFix,” has recently been identified. The name comes from the fact that these attacks aim to trick users into taking action – such as clicking – under the pretext of “fixing” a system issue. They appear as pop-ups or false alerts claiming the user needs to complete a CAPTCHA challenge, enter credentials, or copy and paste code in order to resolve the problem. However, the action actually downloads malware onto your computer.

ClickFix attacks often start off as malicious advertisements. While they are unable to harm the device directly in that form, once the user interacts with the ad, the malware is transferred onto the device. Because the user’s own actions compromise the device, these attacks can often bypass typical security systems.

What to do if you encounter a ClickFix attack:

Do not follow any prompts or instructions the pop-ups mention. If you are concerned that there might be a legitimate system issue, do not click on the pop-up, but contact ASIS directly.

If you find yourself directed to Windows Run or PowerShell and told to paste in code, never do so. While those two programs are legitimate, running the pasted code will activate the virus on your computer.

ClickFix attacks can also target phones. If you see a pop-up appear, perhaps claiming that you need to update an app or verify your identity, don’t click on it or follow any code-related instructions.

What to do if you think your device has been infected by a ClickFix attack:
1. Disconnect from the internet
2. Contact ASIS immediately

The post Beware ClickFix Attacks first appeared on ASIS NJ.

AI Browsers Unable to Detect Scams

admin — Wed, 29 Oct 2025 17:28:44 +0000

The “AI Revolution” has promised faster and more powerful technological tools. AI has already been incorporated into many internet browsers, such as Microsoft Copilot in Edge.

Yet despite its advanced capabilities, AI can be fooled by scams – even ones that would be very obvious to humans.

During a study run by Guardio Labs, an AI browser was instructed to purchase an Apple Watch. It found a fake Walmart site and filled in all the user’s personal information in seconds. The scammer took the money and data and the user never received the watch. This combination of speed with a lack of human oversight creates ideal circumstances for cybercriminals.

In another instance, when AI was asked to process a fake email, it did so unaware of the scam. According to cyber journalist Kurt Knutsson, “The browser clicked the malicious link with no verification and even helped the user fill out login credentials on the phishing page. By removing human intuition from the loop, the AI created a perfect trust chain that scammers could exploit.”

Here’s how to not fall prey to AI browser scams:

1) Don’t leave final approval to AI
By double-checking actions like downloads and purchases, you ensure that an AI browser doesn’t automatically approve a suspicious transaction.

2) Set up an Antivirus Defense
Install a strong Antivirus software, such as Sentinel One, a next-generation antivirus software that proactively anticipates threats and immediately responds to new threats.

3) Review your accounts often
Review your bank account and credit card statements regularly so that if fraudulent transactions appear, you can address them immediately.

To set up any of these measures, contact ASIS at 732-549-6030.

The post AI Browsers Unable to Detect Scams first appeared on ASIS NJ.

New DefensX Finally Stops “Call 800#” Scam

admin — Thu, 25 Sep 2025 20:25:24 +0000

Many users have had the experience of navigating to a website, hearing a loud beeping sound, and seeing this message pop up: “Malware has been recognized on your device: Call Microsoft Support at 1-800…”

This is not a real Microsoft Support message. But while the message itself isn’t a virus, the beeping sound and flashing warning are alarming enough that many people call the 800 number, unintentionally contacting the criminals. Under the guise of fixing the issue, the hackers are then able to gain access to the computer.

A new product, DefensX, finally stops this scam. It blocks pop-ups like these, also known as Mal-Advertisements. DefenseX deploys in under 2 minutes, requires no user training, and improves cyber resiliency by over 30% in just 6 months.

DefensX Key Features:

✅ Web Protection
✅ Evaluates password strength & Detects breached passwords
✅ AI-Powered Data Loss & Identity Protection
✅ Human Risk Reports & Behavior Insights
✅ Credential Protection
✅ Zero Workflow Disruption
✅ No Extensions or Training Required

Proven Business Impact

✅ 30% improvement in cyber resiliency in just 6 months
✅ 40% better password hygiene across user base
✅ 20% drop in IT overhead
✅ Fully deployable in under 2 minutes

DefensX turns your browser into a fully protected, intelligent digital workspace. Without changing user behavior, it defends against phishing, credential theft, data loss, and more. To get this comprehensive browser protection for your devices, contact ASIS at 732-549-6030 to set up DefensX.

The post New DefensX Finally Stops “Call 800#” Scam first appeared on ASIS NJ.

Zero-Click Attacks on the Rise

admin — Mon, 23 Jun 2025 19:27:54 +0000

Until now, most cyberattacks started when a user clicked on a bad link or downloaded a corrupted file. The click or download permitted the malware to enter the device. But now, a new type of cyberattack is on the rise: one that doesn’t require any clicks at all.

“Zero-click attacks” are defined as cyberattacks requiring no user action. Instead, they exploit vulnerabilities in apps and operating systems like Windows, Mac, Chrome, iOS, and Android. These systems release “patches” when they realize a loophole in their code exists. But if cybercriminals find the loophole first, or if they find an unfixed loophole on devices that have not installed the patch, they can get into a device without users knowing.

These attacks often target messaging apps, which receive significant amounts of data from many different sources, including unknown sources. Hackers send a message in which bad code is embedded in something that seems harmless to the operating system, such as a text or PDF. When the message is received, the code activates and infects the device, allowing the hacker to see all messages on that app. All without the user even opening the message.

These attacks are highly sophisticated. Even if the message is deleted, the device is still infected. They hardly leave any traces, making them extremely difficult to detect.

Despite their complexity, there are steps you can take to prevent a zero-click attack:

Regularly update your computers and apps
If you install “patches” for operating systems in a timely manner, you’re protecting your device from system flaws that can otherwise be an easy entry for hackers.
Get rid of any apps you aren’t using
Discarding unused apps means fewer chances for criminals to find a vulnerability.
Use multi-factor authentication
Block pop-ups
Periodically restart your phone
On iPhones, this has been shown to stop zero-click attack software Pegasus from working, or at least temporarily disrupt it.

Fortunately, right now, these attacks are expensive to implement, with one recorded at 2.5 million according to CSO online. But as hackers and AI continue to advance, it is important to be aware that cyberattacks can be carried out in this manner, and to take steps to guard against it.

The post Zero-Click Attacks on the Rise first appeared on ASIS NJ.

Microsoft Moves from Passwordless Option towards Mandate

admin — Thu, 29 May 2025 18:47:46 +0000

Microsoft recently announced that starting this month, all new Microsoft accounts will be passwordless by default.

Instead, accounts will use a passkey, which involves a fingerprint, face ID, or PIN.

Although they are not yet forcing customers to stop using passwords, Microsoft’s goal is to “eventually remove password support altogether,” as stated in their May 1^st post.

There are advantages and risks in switching to passkeys.

Advantages of Passkey Use

Some are excited to move away from passwords, which pose a challenge to remember or store, and, if stored in a browser, can be easily stolen by cybercriminals. Microsoft cited concerns over passwords’ vulnerability to cyberattacks in their announcement of the passkey switch. Last year, there were “a staggering 7,000 password attacks per second,” which was “more than double the rate from 2023.” Thus, their shift to passkeys is not intended to decrease security, but to use a different method that may not be as vulnerable to attack.

Another advantage of passkeys is swifter and more successful logins. Microsoft points out that users experienced a much higher success rate of logging into their accounts on the first try with a passkey as opposed to a password, and in a shorter period of time.

Risks of Passkey Use

Others, however, have privacy concerns in the use of passkeys. The foremost concern is the use and storage of sensitive biometric information. As tech companies have often sold users’ data without informing them, entrusting these companies with even more personal data may not go well given their past conduct.

Next, although passkeys are less vulnerable to being stolen by cybercriminals, if biometric passkeys are compromised, cybercriminals gain a permanent means of entry into individuals’ information. Unlike a password, which can be changed, a user cannot change his or her fingerprints or face. This exposes the user to far longer-term threats than would occur with a breached password that could be reset.

Also, passkeys are tied to specific devices. If users change phones without the information being backed up, they could be locked out of their accounts.
—
Microsoft’s announcement represents a major shift in the online world. In fact, the company is trying to work towards a future in which all websites can be logged into using biometrics. While the specifics of how this will be accomplished are still unclear, their announcement does draw attention to the ever-shifting cybersecurity threats, and tech companies’ search for the best means to combat them.

The post Microsoft Moves from Passwordless Option towards Mandate first appeared on ASIS NJ.

Attack Targets All 1.8 Billion Gmail Accounts

admin — Wed, 14 May 2025 18:10:47 +0000

Recently, Google confirmed an advanced attack targeting all 1.8 billion of its Gmail users.

The attack involved an email from accounts.google.com claiming that Google had been issued a subpoena for the user’s account content, and the user must give up account access to comply.

The scam was first identified by cryptocurrency developer Nick Johnson, who received an email that appeared to come directly from Google. Johnson described the scam as “extremely sophisticated.” The false link led him to a “very convincing ‘support portal’ page,” complete with “exact duplicates” of real Google documents. From there, he was asked to enter his account information; if he had, he would have provided the cybercriminals with control over his account.

Johnson posted the following screenshot of the fraudulent email:

Image Source: MSN article

In his post on X, Johnson voiced his displeasure with Google’s handling of the scam: “given their refusal to fix it, we’re likely to see a lot more” of such attacks.

However, Google contends that they are addressing it. A Google spokesperson told DailyMail.com: “We’re aware of this class of targeted attack” and “have rolled out protections to shut down this avenue for abuse.” Specifically, they have shut down the means that allowed this email to be classified as a legitimate Google alert.

For now, Google recommends security measures such as two-factor authentication and reminds users that “Google will not ask for any of your account credentials — including your password, one-time passwords, confirm push notifications, etc. — and Google will not call you.”

But Google did note that even if you do happen to fall prey to such a convincing scam and are locked out of your account, you will still have seven days to act and regain control of it.

The post Attack Targets All 1.8 Billion Gmail Accounts first appeared on ASIS NJ.