Mark Stockley | Source | Cybersecurity Evangelist at Malwarebytes

With the new feature, Apple is increasingly relying on biometrics, through Touch ID and Face ID, as a way of proving the person with your phone is actually you. “Apple now has a decade of experience with biometrics on hundreds of millions of devices, and its confidence in them seems to be growing,” says Mark Stockley, a cybersecurity expert at security firm Malwarebytes. Traditionally, he says, a password or passcode has been the option that’s turned to when biometrics fail to work. With this new feature, the roles are being reversed, indicating a greater trust in the technologies. “This could be a step towards a passcode-less future,” Stockley says.

"Ransomware attacks will go dark as they evolve from ‘encryption by malware’ toward ‘malware-less data theft.' Stealing rather than encrypting data allows criminals to hide in plain sight by ‘living off the land’ – using legitimate administration tools they find on the networks they’re attacking that won’t trigger a malware detection by security software. Attacking without malware shifts the burden of detection from malware-spotting software to anomaly-spotting humans.”

"What worries me about [prompt injection] is that we’re still struggling with SQL injection and cross-site scripting, which are thoroughly well-known. There’s no mystery about how you protect against those things. We just don’t do it. There’s a lot of mystery about how you protect against prompt injection because the really, really curious thing about AI is that we don’t know how it works. That means that defending against prompt injection is going to be a whole other order of magnitude more difficult than the thing we already don’t do very well at all."